diff options
author | Simon Josefsson <simon@josefsson.org> | 2010-10-14 15:02:12 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2010-10-14 15:02:12 +0200 |
commit | 03636f4440ae918d6f710935a00806469f65f1c6 (patch) | |
tree | 1969ad6201816d1eb1421d93ef6900ec3b647788 | |
parent | 59425cbec511cdc314f2a22ee95b299f8fa06fc8 (diff) | |
download | gnutls-03636f4440ae918d6f710935a00806469f65f1c6.tar.gz |
Indent (using GNU indent 2.2.11).
250 files changed, 11997 insertions, 10497 deletions
diff --git a/doc/errcodes.c b/doc/errcodes.c index 9c22b665b1..789b8199dc 100644 --- a/doc/errcodes.c +++ b/doc/errcodes.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include <stdio.h> diff --git a/doc/examples/ex-alert.c b/doc/examples/ex-alert.c index 5d23f7e34c..11aff1c137 100644 --- a/doc/examples/ex-alert.c +++ b/doc/examples/ex-alert.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c index 0a6f5e9659..2ce9909704 100644 --- a/doc/examples/ex-cert-select-pkcs11.c +++ b/doc/examples/ex-cert-select-pkcs11.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -55,8 +55,8 @@ load_keys (void) /* some tokens require login to read data */ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - ret = gnutls_x509_crt_import_pkcs11_url (crt, CERT_URL, - GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + ret = gnutls_x509_crt_import_pkcs11_url (crt, CERT_URL, + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { @@ -77,29 +77,33 @@ load_keys (void) } -static int pin_callback(void* user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char* pin, size_t pin_max) +static int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { -const char* password; -int len; - - printf("PIN required for token '%s' with URL '%s'\n", token_label, token_url); - if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) - printf("*** This is the final try before locking!\n"); - if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) - printf("*** Only few tries left before locking!\n"); - - password = getpass("Enter pin: "); - if (password==NULL || password[0] == 0) { - fprintf(stderr, "No password given\n"); - exit(1); - } - - len = MIN(pin_max,strlen(password)); - memcpy(pin, password, len); - pin[len] = 0; - - return 0; + const char *password; + int len; + + printf ("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + printf ("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + printf ("*** Only few tries left before locking!\n"); + + password = getpass ("Enter pin: "); + if (password == NULL || password[0] == 0) + { + fprintf (stderr, "No password given\n"); + exit (1); + } + + len = MIN (pin_max, strlen (password)); + memcpy (pin, password, len); + pin[len] = 0; + + return 0; } int diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c index 316ca779a9..16b97e2898 100644 --- a/doc/examples/ex-cert-select.c +++ b/doc/examples/ex-cert-select.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c index 33e3d321b4..2947b2c081 100644 --- a/doc/examples/ex-client-psk.c +++ b/doc/examples/ex-client-psk.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c index f64004450f..f38b8d9924 100644 --- a/doc/examples/ex-client-resume.c +++ b/doc/examples/ex-client-resume.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <string.h> diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c index 454216b52e..7094a79921 100644 --- a/doc/examples/ex-client-srp.c +++ b/doc/examples/ex-client-srp.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-client-tlsia.c b/doc/examples/ex-client-tlsia.c index b381cec295..909ade1348 100644 --- a/doc/examples/ex-client-tlsia.c +++ b/doc/examples/ex-client-tlsia.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-client1.c b/doc/examples/ex-client1.c index 16305a682b..87e721f448 100644 --- a/doc/examples/ex-client1.c +++ b/doc/examples/ex-client1.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-client2.c b/doc/examples/ex-client2.c index dfb9e12713..2946c75955 100644 --- a/doc/examples/ex-client2.c +++ b/doc/examples/ex-client2.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-crq.c b/doc/examples/ex-crq.c index f36aece99a..59fedb36b2 100644 --- a/doc/examples/ex-crq.c +++ b/doc/examples/ex-crq.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -35,7 +35,7 @@ main (void) /* Generate an RSA key of moderate security. */ - bits = gnutls_sec_param_to_pk_bits( GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL); + bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL); gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0); /* Add stuff to the distinguished name diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c index 7bb210b64e..10d35c7c65 100644 --- a/doc/examples/ex-pkcs12.c +++ b/doc/examples/ex-pkcs12.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-rfc2818.c b/doc/examples/ex-rfc2818.c index 693e5f5e3c..dac194502f 100644 --- a/doc/examples/ex-rfc2818.c +++ b/doc/examples/ex-rfc2818.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -25,7 +25,8 @@ extern void tcp_close (int sd); /* This function will try to verify the peer's certificate, and * also check if the hostname matches, and the activation, expiration dates. */ -static int verify_certificate_callback (gnutls_session_t session) +static int +verify_certificate_callback (gnutls_session_t session) { unsigned int status; const gnutls_datum_t *cert_list; @@ -35,7 +36,7 @@ static int verify_certificate_callback (gnutls_session_t session) const char *hostname; /* read hostname */ - hostname = gnutls_session_get_ptr(session); + hostname = gnutls_session_get_ptr (session); /* This verification function uses the trusted CAs in the credentials * structure. So you must have installed one or more CA certificates. @@ -124,13 +125,14 @@ main (void) */ gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_verify_function (xcred, verify_certificate_callback); - gnutls_certificate_set_verify_flags(xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + gnutls_certificate_set_verify_flags (xcred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); /* Initialize TLS session */ gnutls_init (&session, GNUTLS_CLIENT); - gnutls_session_set_ptr(session, (void*)"my_host_name"); + gnutls_session_set_ptr (session, (void *) "my_host_name"); /* Use default priorities */ ret = gnutls_priority_set_direct (session, "PERFORMANCE", &err); diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index d343b2b84c..68b1dff675 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index 0494d2b53f..9b016c9f74 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index 2cb3b98aa2..1374cd65be 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c index f9befbe409..fcd94c4155 100644 --- a/doc/examples/ex-serv-srp.c +++ b/doc/examples/ex-serv-srp.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c index f8b91b07d7..a6d84a842e 100644 --- a/doc/examples/ex-serv1.c +++ b/doc/examples/ex-serv1.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c index f247629503..946ec5b44f 100644 --- a/doc/examples/ex-session-info.c +++ b/doc/examples/ex-session-info.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c index 871a6bc415..a08cd418a1 100644 --- a/doc/examples/ex-verify.c +++ b/doc/examples/ex-verify.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/ex-x509-info.c b/doc/examples/ex-x509-info.c index bc2095d2e0..3251e0bd9d 100644 --- a/doc/examples/ex-x509-info.c +++ b/doc/examples/ex-x509-info.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/doc/examples/examples.h b/doc/examples/examples.h index 1b1f79b8e3..e88784fa0c 100644 --- a/doc/examples/examples.h +++ b/doc/examples/examples.h @@ -1,5 +1,5 @@ #ifndef EXAMPLES_H -# define EXAMPLES_H +#define EXAMPLES_H void check_alert (gnutls_session_t session, int ret); diff --git a/doc/examples/tcp.c b/doc/examples/tcp.c index b13c65c173..bf47f449f3 100644 --- a/doc/examples/tcp.c +++ b/doc/examples/tcp.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/guile/src/core.c b/guile/src/core.c index 4df2440dfd..803e56f4e4 100644 --- a/guile/src/core.c +++ b/guile/src/core.c @@ -18,7 +18,7 @@ /* Written by Ludovic Courtès <ludo@gnu.org>. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/guile/src/errors.c b/guile/src/errors.c index 2ac7145630..b2bbd8f826 100644 --- a/guile/src/errors.c +++ b/guile/src/errors.c @@ -18,7 +18,7 @@ /* Written by Ludovic Courtès <ludo@chbouib.org>. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <libguile.h> diff --git a/guile/src/extra.c b/guile/src/extra.c index 7244fa9fe4..86a6ee7751 100644 --- a/guile/src/extra.c +++ b/guile/src/extra.c @@ -21,7 +21,7 @@ /* Written by Ludovic Courtès <ludo@chbouib.org>. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/guile/src/utils.c b/guile/src/utils.c index ae5984e3b5..f3d259caf1 100644 --- a/guile/src/utils.c +++ b/guile/src/utils.c @@ -18,7 +18,7 @@ /* Written by Ludovic Courtès <ludo@chbouib.org>. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include "utils.h" diff --git a/guile/src/utils.h b/guile/src/utils.h index 7213f385ea..1f6470f0a1 100644 --- a/guile/src/utils.h +++ b/guile/src/utils.h @@ -26,11 +26,11 @@ /* Compiler twiddling. */ #ifdef __GNUC__ -# define EXPECT __builtin_expect -# define NO_RETURN __attribute__ ((__noreturn__)) +#define EXPECT __builtin_expect +#define NO_RETURN __attribute__ ((__noreturn__)) #else -# define EXPECT(_expr, _value) (_expr) -# define NO_RETURN +#define EXPECT(_expr, _value) (_expr) +#define NO_RETURN #endif #define EXPECT_TRUE(_expr) EXPECT ((_expr), 1) diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 14344b08e6..2c0a5f2d16 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -49,19 +49,21 @@ #include "debug.h" #ifdef ENABLE_OPENPGP -# include "openpgp/gnutls_openpgp.h" +#include "openpgp/gnutls_openpgp.h" static gnutls_privkey_t alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t - key, int deinit); + key, int deinit); static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert); #endif static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, unsigned); -static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit); +static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key, + int deinit); -static gnutls_privkey_t alloc_and_load_pkcs11_key ( gnutls_pkcs11_privkey_t key, int deinit); +static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t + key, int deinit); /* Copies data from a internal certificate struct (gnutls_cert) to @@ -411,29 +413,34 @@ get_issuers (gnutls_session_t session, return 0; } -static void st_to_st2(gnutls_retr2_st *st2, gnutls_retr_st* st) +static void +st_to_st2 (gnutls_retr2_st * st2, gnutls_retr_st * st) { - st2->cert_type = st->type; - if (st->type == GNUTLS_CRT_OPENPGP) { - st2->key_type = GNUTLS_PRIVKEY_OPENPGP; - } else { - st2->key_type = GNUTLS_PRIVKEY_X509; - } - st2->ncerts = st->ncerts; - st2->deinit_all = st->deinit_all; - - switch(st2->cert_type) { - case GNUTLS_CRT_OPENPGP: - st2->cert.pgp = st->cert.pgp; - st2->key.pgp = st->key.pgp; - break; - case GNUTLS_CRT_X509: - st2->cert.x509 = st->cert.x509; - st2->key.x509 = st->key.x509; - break; - default: - return; - } + st2->cert_type = st->type; + if (st->type == GNUTLS_CRT_OPENPGP) + { + st2->key_type = GNUTLS_PRIVKEY_OPENPGP; + } + else + { + st2->key_type = GNUTLS_PRIVKEY_X509; + } + st2->ncerts = st->ncerts; + st2->deinit_all = st->deinit_all; + + switch (st2->cert_type) + { + case GNUTLS_CRT_OPENPGP: + st2->cert.pgp = st->cert.pgp; + st2->key.pgp = st->key.pgp; + break; + case GNUTLS_CRT_X509: + st2->cert.x509 = st->cert.x509; + st2->key.x509 = st->key.x509; + break; + default: + return; + } } @@ -464,39 +471,42 @@ call_get_cert_callback (gnutls_session_t session, memset (&st2, 0, sizeof (st2)); if (cred->get_cert_callback) - { - ret = cred->get_cert_callback( session, issuers_dn, issuers_dn_length, - pk_algos, pk_algos_length, &st2); + { + ret = cred->get_cert_callback (session, issuers_dn, issuers_dn_length, + pk_algos, pk_algos_length, &st2); - } + } else - { /* compatibility mode */ - gnutls_retr_st st; - memset (&st, 0, sizeof (st)); - if (session->security_parameters.entity == GNUTLS_SERVER) - { - if (cred->server_get_cert_callback == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - ret = cred->server_get_cert_callback (session, &st); - if (ret >= 0) st_to_st2(&st2, &st); - } - else - { /* CLIENT */ - - if (cred->client_get_cert_callback == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - ret = cred->client_get_cert_callback (session, + { /* compatibility mode */ + gnutls_retr_st st; + memset (&st, 0, sizeof (st)); + if (session->security_parameters.entity == GNUTLS_SERVER) + { + if (cred->server_get_cert_callback == NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + ret = cred->server_get_cert_callback (session, &st); + if (ret >= 0) + st_to_st2 (&st2, &st); + } + else + { /* CLIENT */ + + if (cred->client_get_cert_callback == NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + ret = cred->client_get_cert_callback (session, issuers_dn, issuers_dn_length, - pk_algos, pk_algos_length, &st); - if (ret >= 0) st_to_st2(&st2, &st); - } + pk_algos, pk_algos_length, + &st); + if (ret >= 0) + st_to_st2 (&st2, &st); } + } if (ret < 0) { @@ -522,67 +532,70 @@ call_get_cert_callback (gnutls_session_t session, else { /* PGP */ if (st2.ncerts > 1) - { - gnutls_assert (); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } + { + gnutls_assert (); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } #ifdef ENABLE_OPENPGP - { - local_certs = alloc_and_load_pgp_certs (st2.cert.pgp); + { + local_certs = alloc_and_load_pgp_certs (st2.cert.pgp); } #else - ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; - goto cleanup; + ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; + goto cleanup; #endif } - if (local_certs == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } + if (local_certs == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } - switch(st2.key_type) { - case GNUTLS_PRIVKEY_OPENPGP: + switch (st2.key_type) + { + case GNUTLS_PRIVKEY_OPENPGP: #ifdef ENABLE_OPENPGP - if (st2.key.pgp != NULL) - { - local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all); - if (local_key == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - } - break; + if (st2.key.pgp != NULL) + { + local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all); + if (local_key == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + } + break; #endif - case GNUTLS_PRIVKEY_PKCS11: - if (st2.key.pkcs11 != NULL) - { - local_key = alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all); - if (local_key == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - } - break; - case GNUTLS_PRIVKEY_X509: - if (st2.key.x509 != NULL) - { - local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all); - if (local_key == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - } - break; + case GNUTLS_PRIVKEY_PKCS11: + if (st2.key.pkcs11 != NULL) + { + local_key = + alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all); + if (local_key == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + } + break; + case GNUTLS_PRIVKEY_X509: + if (st2.key.x509 != NULL) + { + local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all); + if (local_key == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } } + break; + } _gnutls_selected_certs_set (session, local_certs, (local_certs != NULL) ? st2.ncerts : 0, @@ -595,27 +608,27 @@ cleanup: if (st2.cert_type == GNUTLS_CRT_X509) { if (st2.deinit_all) - { - for (i = 0; i < st2.ncerts; i++) - { - gnutls_x509_crt_deinit (st2.cert.x509[i]); - } - } + { + for (i = 0; i < st2.ncerts; i++) + { + gnutls_x509_crt_deinit (st2.cert.x509[i]); + } + } } else { #ifdef ENABLE_OPENPGP - if (st2.deinit_all) - { - gnutls_openpgp_crt_deinit (st2.cert.pgp); - } + if (st2.deinit_all) + { + gnutls_openpgp_crt_deinit (st2.cert.pgp); + } #endif } - + if (ret < 0) { if (local_key != NULL) - gnutls_privkey_deinit(local_key); + gnutls_privkey_deinit (local_key); } return ret; @@ -649,7 +662,8 @@ _select_client_cert (gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if (cred->client_get_cert_callback != NULL || cred->get_cert_callback != NULL) + if (cred->client_get_cert_callback != NULL + || cred->get_cert_callback != NULL) { /* use a callback to get certificate @@ -1846,18 +1860,21 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit) if (key == NULL) return NULL; - ret = gnutls_privkey_init(&local_key); - if (ret < 0) + ret = gnutls_privkey_init (&local_key); + if (ret < 0) { gnutls_assert (); return NULL; } - ret = gnutls_privkey_import_x509 (local_key, key, deinit?GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE:0); + ret = + gnutls_privkey_import_x509 (local_key, key, + deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE : + 0); if (ret < 0) { gnutls_assert (); - gnutls_privkey_deinit(local_key); + gnutls_privkey_deinit (local_key); return NULL; } @@ -1913,7 +1930,7 @@ alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert) * space for it. */ static gnutls_privkey_t -alloc_and_load_pgp_key ( gnutls_openpgp_privkey_t key, int deinit) +alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit) { gnutls_privkey_t local_key; int ret = 0; @@ -1921,18 +1938,21 @@ alloc_and_load_pgp_key ( gnutls_openpgp_privkey_t key, int deinit) if (key == NULL) return NULL; - ret = gnutls_privkey_init(&local_key); + ret = gnutls_privkey_init (&local_key); if (ret < 0) { gnutls_assert (); return NULL; } - ret = gnutls_privkey_import_openpgp (local_key, key, deinit?GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE:0); + ret = + gnutls_privkey_import_openpgp (local_key, key, + deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE + : 0); if (ret < 0) { gnutls_assert (); - gnutls_privkey_deinit(local_key); + gnutls_privkey_deinit (local_key); return NULL; } @@ -1944,7 +1964,7 @@ alloc_and_load_pgp_key ( gnutls_openpgp_privkey_t key, int deinit) * space for it. */ static gnutls_privkey_t -alloc_and_load_pkcs11_key ( gnutls_pkcs11_privkey_t key, int deinit) +alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t key, int deinit) { gnutls_privkey_t local_key; int ret = 0; @@ -1952,18 +1972,21 @@ alloc_and_load_pkcs11_key ( gnutls_pkcs11_privkey_t key, int deinit) if (key == NULL) return NULL; - ret = gnutls_privkey_init(&local_key); + ret = gnutls_privkey_init (&local_key); if (ret < 0) { gnutls_assert (); return NULL; } - ret = gnutls_privkey_import_pkcs11 (local_key, key, deinit?GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE:0); + ret = + gnutls_privkey_import_pkcs11 (local_key, key, + deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE + : 0); if (ret < 0) { gnutls_assert (); - gnutls_privkey_deinit(local_key); + gnutls_privkey_deinit (local_key); return NULL; } diff --git a/lib/auth_cert.h b/lib/auth_cert.h index 1c1336d025..9a4e79921e 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -24,14 +24,14 @@ */ #ifndef AUTH_CERT_H -# define AUTH_CERT_H -# include "gnutls_cert.h" -# include "gnutls_auth.h" -# include "auth_dh_common.h" -# include "x509/x509_int.h" -# include "openpgp/openpgp_int.h" -# include <gnutls/abstract.h> -# include <gnutls/compat.h> +#define AUTH_CERT_H +#include "gnutls_cert.h" +#include "gnutls_auth.h" +#include "auth_dh_common.h" +#include "x509/x509_int.h" +#include "openpgp/openpgp_int.h" +#include <gnutls/abstract.h> +#include <gnutls/compat.h> /* This structure may be complex, but it's the only way to * support a server that has multiple certificates @@ -93,8 +93,8 @@ typedef struct gnutls_certificate_credentials_st */ gnutls_datum_t x509_rdn_sequence; - gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */ - gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */ + gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */ + gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */ gnutls_certificate_verify_function *verify_callback; gnutls_certificate_retrieve_function *get_cert_callback; @@ -167,7 +167,9 @@ int _gnutls_get_auth_info_gcert (gnutls_cert * gcert, cert_auth_info_t info, int flags /* OR of ConvFlags */ ); -int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr); -int certificate_credentials_append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey); +int certificate_credential_append_crt_list (gnutls_certificate_credentials_t + res, gnutls_cert * crt, int nr); +int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res, + gnutls_privkey_t pkey); #endif diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c index bee2595212..456ce3ad9f 100644 --- a/lib/auth_dh_common.c +++ b/lib/auth_dh_common.c @@ -95,7 +95,7 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session, { ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); } - else /* In DHE_PSK the key is set differently */ + else /* In DHE_PSK the key is set differently */ { gnutls_datum_t tmp_dh_key; ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key); @@ -176,7 +176,7 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque ** data) { ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); } - else /* In DHE_PSK the key is set differently */ + else /* In DHE_PSK the key is set differently */ { gnutls_datum_t tmp_dh_key; ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key); diff --git a/lib/auth_dh_common.h b/lib/auth_dh_common.h index 9fc13bafba..00ed02915d 100644 --- a/lib/auth_dh_common.h +++ b/lib/auth_dh_common.h @@ -24,7 +24,7 @@ */ #ifndef AUTH_DH_COMMON -# define AUTH_DH_COMMON +#define AUTH_DH_COMMON typedef struct { diff --git a/lib/auth_psk.h b/lib/auth_psk.h index 013ed0dfd0..c79da6b79f 100644 --- a/lib/auth_psk.h +++ b/lib/auth_psk.h @@ -23,7 +23,7 @@ */ #ifndef AUTH_PSK_H -# define AUTH_PSK_H +#define AUTH_PSK_H #include <gnutls_auth.h> #include <auth_dh_common.h> @@ -70,7 +70,7 @@ typedef struct psk_auth_info_st psk_auth_info_st; int _gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t * psk2); #else -# define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR +#define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR #endif /* ENABLE_PSK */ #endif diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 261803952f..1605c9b77c 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -58,7 +58,7 @@ const mod_auth_st rsa_auth_struct = { _gnutls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, NULL, /* proc server kx */ - proc_rsa_client_kx, /* proc client kx */ + proc_rsa_client_kx, /* proc client kx */ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ _gnutls_proc_cert_cert_req /* proc server cert request */ }; @@ -146,7 +146,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, static int proc_rsa_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { gnutls_datum_t plaintext; gnutls_datum_t ciphertext; @@ -177,7 +177,9 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data, ciphertext.size = dsize; } - ret = gnutls_privkey_decrypt_data (session->internals.selected_key, 0, &ciphertext, &plaintext); + ret = + gnutls_privkey_decrypt_data (session->internals.selected_key, 0, + &ciphertext, &plaintext); if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) { diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index fc738b7146..47cef3690a 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -48,7 +48,7 @@ int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **); static int gen_rsa_export_server_kx (gnutls_session_t, opaque **); static int proc_rsa_export_server_kx (gnutls_session_t, opaque *, size_t); static int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size); + size_t _data_size); const mod_auth_st rsa_export_auth_struct = { "RSA EXPORT", @@ -99,18 +99,18 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, (&session->security_parameters.current_cipher_suite) != GNUTLS_KX_RSA_EXPORT || bits < 512) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } rsa_params = - _gnutls_certificate_get_rsa_params (cred->rsa_params, - cred->params_func, session); + _gnutls_certificate_get_rsa_params (cred->rsa_params, + cred->params_func, session); /* EXPORT case: */ if (rsa_params == NULL) { - gnutls_assert (); - return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; + gnutls_assert (); + return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; } /* In the export case, we do use temporary RSA params @@ -123,8 +123,9 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, return 0; } -int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) +int +proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, + size_t _data_size) { gnutls_datum_t plaintext; gnutls_datum_t ciphertext; @@ -268,7 +269,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) /* abort sending this message if we have a certificate * of 512 bits or less. */ - gnutls_privkey_get_pk_algorithm(apr_pkey, &bits); + gnutls_privkey_get_pk_algorithm (apr_pkey, &bits); if (apr_pkey && bits <= 512) { gnutls_assert (); diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 54bfd10124..ff78c430fb 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -144,12 +144,12 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) char buf[64]; uint8_t *data_b; extension_priv_data_t epriv; - srp_ext_st * priv; + srp_ext_st *priv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SRP, &epriv); - if (ret < 0) /* peer didn't send a username */ + ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv); + if (ret < 0) /* peer didn't send a username */ { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_UNKNOWN_SRP_USERNAME; } priv = epriv.ptr; @@ -257,7 +257,8 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) _gnutls_write_uint16 (n_b, data_b); _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b, - _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf), NULL)); + _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf), + NULL)); _gnutls_srp_entry_free (pwd_entry); @@ -275,12 +276,12 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data) char buf[64]; gnutls_srp_client_credentials_t cred; extension_priv_data_t epriv; - srp_ext_st * priv; + srp_ext_st *priv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SRP, &epriv); - if (ret < 0) /* peer didn't send a username */ + ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv); + if (ret < 0) /* peer didn't send a username */ { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_UNKNOWN_SRP_USERNAME; } priv = epriv.ptr; @@ -386,7 +387,8 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data) } _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a, - _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf), NULL)); + _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf), + NULL)); _gnutls_mpi_release (&A); @@ -737,12 +739,12 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data, ssize_t data_size = _data_size; gnutls_srp_client_credentials_t cred; extension_priv_data_t epriv; - srp_ext_st * priv; + srp_ext_st *priv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SRP, &epriv); + ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_UNKNOWN_SRP_USERNAME; } priv = epriv.ptr; diff --git a/lib/auth_srp.h b/lib/auth_srp.h index 3b20fe7489..245b6a5b99 100644 --- a/lib/auth_srp.h +++ b/lib/auth_srp.h @@ -24,7 +24,7 @@ */ #ifndef AUTH_SRP_H -# define AUTH_SRP_H +#define AUTH_SRP_H #include <gnutls_auth.h> diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 1b6b5d55cc..517568eb66 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -118,10 +118,10 @@ gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext, **/ int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen, - void* ciphertext, size_t ciphertextlen) + void *ciphertext, size_t ciphertextlen) { - return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen, - ciphertext, ciphertextlen); + return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen, + ciphertext, ciphertextlen); } /** @@ -141,10 +141,10 @@ gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen, **/ int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext, - size_t ciphertextlen, void* text, size_t textlen) + size_t ciphertextlen, void *text, size_t textlen) { return _gnutls_cipher_decrypt2 ((cipher_hd_st *) handle, ciphertext, - ciphertextlen, text, textlen); + ciphertextlen, text, textlen); } /** @@ -160,7 +160,7 @@ void gnutls_cipher_deinit (gnutls_cipher_hd_t handle) { _gnutls_cipher_deinit ((cipher_hd_st *) handle); - gnutls_free(handle); + gnutls_free (handle); } @@ -245,7 +245,7 @@ void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest) { _gnutls_hmac_deinit ((digest_hd_st *) handle, digest); - gnutls_free(handle); + gnutls_free (handle); } /** @@ -366,7 +366,7 @@ void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest) { _gnutls_hash_deinit ((digest_hd_st *) handle, digest); - gnutls_free(handle); + gnutls_free (handle); } /** diff --git a/lib/crypto.h b/lib/crypto.h index 0716b231fd..8202adf23d 100644 --- a/lib/crypto.h +++ b/lib/crypto.h @@ -23,7 +23,7 @@ */ #ifndef CRYPTO_H -# define CRYPTO_H +#define CRYPTO_H const gnutls_crypto_cipher_st * _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo); diff --git a/lib/cryptodev.c b/lib/cryptodev.c index 29f2ee9cca..10a88fcf8e 100644 --- a/lib/cryptodev.c +++ b/lib/cryptodev.c @@ -35,11 +35,11 @@ #include <crypto/cryptodev.h> #ifndef CRYPTO_CIPHER_MAX_KEY_LEN -# define CRYPTO_CIPHER_MAX_KEY_LEN 64 +#define CRYPTO_CIPHER_MAX_KEY_LEN 64 #endif #ifndef EALG_MAX_BLOCK_LEN -# define EALG_MAX_BLOCK_LEN 16 +#define EALG_MAX_BLOCK_LEN 16 #endif static int cryptodev_fd = -1; @@ -157,7 +157,7 @@ cryptodev_deinit (void *_ctx) { struct cryptodev_ctx *ctx = _ctx; - ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess); + ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess); gnutls_free (ctx); } @@ -179,13 +179,15 @@ register_crypto (int cfd) memset (&sess, 0, sizeof (sess)); - for (i=0;i<sizeof(gnutls_cipher_map)/sizeof(gnutls_cipher_map[0]);i++) + for (i = 0; i < sizeof (gnutls_cipher_map) / sizeof (gnutls_cipher_map[0]); + i++) { - if (gnutls_cipher_map[i] == 0) continue; + if (gnutls_cipher_map[i] == 0) + continue; /* test if a cipher is support it and if yes register it */ sess.cipher = gnutls_cipher_map[i]; - sess.keylen = gnutls_cipher_get_key_size(i); + sess.keylen = gnutls_cipher_get_key_size (i); sess.key = fake_key; if (ioctl (cfd, CIOCGSESSION, &sess)) @@ -193,11 +195,11 @@ register_crypto (int cfd) continue; } - ioctl(cfd, CIOCFSESSION, &sess); - - _gnutls_debug_log("/dev/crypto: registering: %s\n", gnutls_cipher_get_name(i)); - ret = - gnutls_crypto_single_cipher_register (i, 90, &cipher_struct); + ioctl (cfd, CIOCFSESSION, &sess); + + _gnutls_debug_log ("/dev/crypto: registering: %s\n", + gnutls_cipher_get_name (i)); + ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct); if (ret < 0) { gnutls_assert (); @@ -209,7 +211,8 @@ register_crypto (int cfd) return 0; } -int _gnutls_cryptodev_init (void) +int +_gnutls_cryptodev_init (void) { int ret; @@ -227,43 +230,44 @@ int _gnutls_cryptodev_init (void) /* Clone file descriptor */ if (ioctl (cryptodev_fd, CRIOGET, &cfd)) { - gnutls_assert (); - return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; + gnutls_assert (); + return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; } /* Set close-on-exec (not really neede here) */ if (fcntl (cfd, F_SETFD, 1) == -1) { - gnutls_assert (); - return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; + gnutls_assert (); + return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; } - close(cryptodev_fd); + close (cryptodev_fd); cryptodev_fd = cfd; } #endif ret = register_crypto (cryptodev_fd); if (ret < 0) - gnutls_assert(); + gnutls_assert (); if (ret >= 0) { ret = register_mac (cryptodev_fd); if (ret < 0) - gnutls_assert(); + gnutls_assert (); } if (ret < 0) { - gnutls_assert(); - close(cryptodev_fd); + gnutls_assert (); + close (cryptodev_fd); } return ret; } -void _gnutls_cryptodev_deinit(void) +void +_gnutls_cryptodev_deinit (void) { close (cryptodev_fd); } @@ -275,14 +279,15 @@ void _gnutls_cryptodev_deinit(void) #if defined(COP_FLAG_UPDATE) static const int gnutls_mac_map[] = { - [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC, - [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC, - [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC, - [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC, - [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC, + [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC, + [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC, + [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC, + [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC, + [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC, }; -static int cryptodev_mac_init(gnutls_mac_algorithm_t algorithm, void **_ctx) +static int +cryptodev_mac_init (gnutls_mac_algorithm_t algorithm, void **_ctx) { struct cryptodev_ctx *ctx; int mac = gnutls_mac_map[algorithm]; @@ -322,7 +327,8 @@ cryptodev_mac_setkey (void *_ctx, const void *key, size_t keysize) return 0; } -static int cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize) +static int +cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize) { struct cryptodev_ctx *ctx = _ctx; ctx->cryp.len = textsize; @@ -338,7 +344,8 @@ static int cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize) return 0; } -static int cryptodev_mac_output (void *_ctx, void *digest, size_t digestsize) +static int +cryptodev_mac_output (void *_ctx, void *digest, size_t digestsize) { struct cryptodev_ctx *ctx = _ctx; ctx->cryp.len = 0; @@ -365,44 +372,47 @@ static const gnutls_crypto_mac_st mac_struct = { .deinit = cryptodev_mac_deinit }; -static int register_mac (int cfd) +static int +register_mac (int cfd) { struct session_op sess; char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; int i = 0, ret; memset (&sess, 0, sizeof (sess)); - for (i=0;i<sizeof(gnutls_mac_map)/sizeof(gnutls_mac_map[0]);i++) + for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++) { - if (gnutls_mac_map[i] == 0) continue; + if (gnutls_mac_map[i] == 0) + continue; sess.mac = gnutls_mac_map[i]; sess.keylen = 8; sess.key = fake_key; - + if (ioctl (cfd, CIOCGSESSION, &sess)) { continue; } - ioctl(cfd, CIOCFSESSION, &sess); + ioctl (cfd, CIOCFSESSION, &sess); - _gnutls_debug_log("/dev/crypto: registering: %s\n", gnutls_mac_get_name(i)); - ret = - gnutls_crypto_single_mac_register (i, 90, &mac_struct); + _gnutls_debug_log ("/dev/crypto: registering: %s\n", + gnutls_mac_get_name (i)); + ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct); if (ret < 0) { gnutls_assert (); return ret; } - + } return 0; } #else -static int register_mac (int cfd) +static int +register_mac (int cfd) { return 0; } diff --git a/lib/debug.c b/lib/debug.c index 726a3d6923..a791ba3c69 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -30,15 +30,18 @@ #include "debug.h" #include <gnutls_mpi.h> -void _gnutls_dump_mpi(const char* prefix, bigint_t a) +void +_gnutls_dump_mpi (const char *prefix, bigint_t a) { - char buf[400]; - char buf_hex[2*sizeof(buf)]; - size_t n = sizeof buf; + char buf[400]; + char buf_hex[2 * sizeof (buf)]; + size_t n = sizeof buf; - if (_gnutls_mpi_print(a, buf, &n)) - strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */ - _gnutls_debug_log( "MPI: length: %d\n\t%s%s\n", (int)n, prefix, _gnutls_bin2hex(buf, n, buf_hex, sizeof(buf_hex), NULL)); + if (_gnutls_mpi_print (a, buf, &n)) + strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */ + _gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix, + _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex), + NULL)); } diff --git a/lib/debug.h b/lib/debug.h index b0279215e4..4ee84620f5 100644 --- a/lib/debug.h +++ b/lib/debug.h @@ -25,4 +25,4 @@ const char *_gnutls_packet2str (content_type_t packet); const char *_gnutls_handshake2str (gnutls_handshake_description_t handshake); -void _gnutls_dump_mpi(const char* prefix, bigint_t a); +void _gnutls_dump_mpi (const char *prefix, bigint_t a); diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index ea98511704..3fe0c12841 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -40,20 +40,21 @@ inline static int _gnutls_num2cert_type (int num); inline static int _gnutls_cert_type2num (int record_size); static int _gnutls_cert_type_recv_params (gnutls_session_t session, - const opaque * data, size_t data_size); -static int _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data, - size_t); + const opaque * data, + size_t data_size); +static int _gnutls_cert_type_send_params (gnutls_session_t session, + opaque * data, size_t); extension_entry_st ext_mod_cert_type = { - .name = "CERT TYPE", - .type = GNUTLS_EXTENSION_CERT_TYPE, - .parse_type = GNUTLS_EXT_TLS, - - .recv_func = _gnutls_cert_type_recv_params, - .send_func = _gnutls_cert_type_send_params, - .pack_func = NULL, - .unpack_func = NULL, - .deinit_func = NULL + .name = "CERT TYPE", + .type = GNUTLS_EXTENSION_CERT_TYPE, + .parse_type = GNUTLS_EXT_TLS, + + .recv_func = _gnutls_cert_type_recv_params, + .send_func = _gnutls_cert_type_send_params, + .pack_func = NULL, + .unpack_func = NULL, + .deinit_func = NULL }; /* diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c index 98326686b2..ca3fc4e220 100644 --- a/lib/ext_max_record.c +++ b/lib/ext_max_record.c @@ -32,12 +32,15 @@ #include <ext_max_record.h> static int _gnutls_max_record_recv_params (gnutls_session_t session, - const opaque * data, size_t data_size); -static int _gnutls_max_record_send_params (gnutls_session_t session, opaque * data, - size_t); + const opaque * data, + size_t data_size); +static int _gnutls_max_record_send_params (gnutls_session_t session, + opaque * data, size_t); -static int _gnutls_max_record_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv); -static int _gnutls_max_record_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps); +static int _gnutls_max_record_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv); +static int _gnutls_max_record_pack (extension_priv_data_t _priv, + gnutls_buffer_st * ps); /* Maps record size to numbers according to the * extensions draft. @@ -47,15 +50,15 @@ static int _gnutls_mre_record2num (uint16_t record_size); extension_entry_st ext_mod_max_record_size = { - .name = "MAX RECORD SIZE", - .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE, - .parse_type = GNUTLS_EXT_TLS, - - .recv_func = _gnutls_max_record_recv_params, - .send_func = _gnutls_max_record_send_params, - .pack_func = _gnutls_max_record_pack, - .unpack_func = _gnutls_max_record_unpack, - .deinit_func = NULL + .name = "MAX RECORD SIZE", + .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE, + .parse_type = GNUTLS_EXT_TLS, + + .recv_func = _gnutls_max_record_recv_params, + .send_func = _gnutls_max_record_send_params, + .pack_func = _gnutls_max_record_pack, + .unpack_func = _gnutls_max_record_unpack, + .deinit_func = NULL }; /* @@ -96,16 +99,17 @@ _gnutls_max_record_recv_params (gnutls_session_t session, } } else - { /* CLIENT SIDE - we must check if the sent record size is the right one - */ + { /* CLIENT SIDE - we must check if the sent record size is the right one + */ if (data_size > 0) { - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_MAX_RECORD_SIZE, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_MAX_RECORD_SIZE, + &epriv); if (ret < 0) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } if (data_size != 1) @@ -123,8 +127,7 @@ _gnutls_max_record_recv_params (gnutls_session_t session, } else { - session->security_parameters.max_record_recv_size = - epriv.num; + session->security_parameters.max_record_recv_size = epriv.num; } } @@ -143,16 +146,17 @@ _gnutls_max_record_send_params (gnutls_session_t session, opaque * data, { uint16_t len; int ret; - + /* this function sends the client extension data (dnsname) */ if (session->security_parameters.entity == GNUTLS_CLIENT) { extension_priv_data_t epriv; - - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_MAX_RECORD_SIZE, &epriv); - if (ret < 0) /* it is ok not to have it */ - { + + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_MAX_RECORD_SIZE, + &epriv); + if (ret < 0) /* it is ok not to have it */ + { return 0; } @@ -165,8 +169,7 @@ _gnutls_max_record_send_params (gnutls_session_t session, opaque * data, return GNUTLS_E_SHORT_MEMORY_BUFFER; } - data[0] = - (uint8_t) _gnutls_mre_record2num (epriv.num); + data[0] = (uint8_t) _gnutls_mre_record2num (epriv.num); return len; } @@ -198,26 +201,29 @@ _gnutls_max_record_send_params (gnutls_session_t session, opaque * data, } -static int _gnutls_max_record_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps) +static int +_gnutls_max_record_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) { -int ret; + int ret; - BUFFER_APPEND_NUM(ps, epriv.num); + BUFFER_APPEND_NUM (ps, epriv.num); return 0; - + } -static int _gnutls_max_record_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv) +static int +_gnutls_max_record_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv) { -extension_priv_data_t epriv; -int ret; + extension_priv_data_t epriv; + int ret; + + BUFFER_POP_NUM (ps, epriv.num); - BUFFER_POP_NUM(ps, epriv.num); - *_priv = epriv; - - ret = 0; + + ret = 0; error: return ret; } @@ -325,7 +331,8 @@ gnutls_record_set_max_size (gnutls_session_t session, size_t size) session->security_parameters.max_record_send_size = size; epriv.num = size; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_MAX_RECORD_SIZE, epriv); + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_MAX_RECORD_SIZE, + epriv); return 0; } diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c index 24d425eb75..5c9cdb012d 100644 --- a/lib/ext_safe_renegotiation.c +++ b/lib/ext_safe_renegotiation.c @@ -28,40 +28,42 @@ static int _gnutls_sr_recv_params (gnutls_session_t state, - const opaque * data, - size_t data_size); + const opaque * data, size_t data_size); static int _gnutls_sr_send_params (gnutls_session_t state, - opaque * data, size_t); -static void _gnutls_sr_deinit_data(extension_priv_data_t priv); + opaque * data, size_t); +static void _gnutls_sr_deinit_data (extension_priv_data_t priv); extension_entry_st ext_mod_sr = { - .name = "SAFE RENEGOTIATION", - .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - .parse_type = GNUTLS_EXT_MANDATORY, - - .recv_func = _gnutls_sr_recv_params, - .send_func = _gnutls_sr_send_params, - .pack_func = NULL, - .unpack_func = NULL, - .deinit_func = _gnutls_sr_deinit_data, + .name = "SAFE RENEGOTIATION", + .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + .parse_type = GNUTLS_EXT_MANDATORY, + + .recv_func = _gnutls_sr_recv_params, + .send_func = _gnutls_sr_send_params, + .pack_func = NULL, + .unpack_func = NULL, + .deinit_func = _gnutls_sr_deinit_data, }; -int _gnutls_ext_sr_finished( gnutls_session_t session, void* vdata, size_t vdata_size, int dir) +int +_gnutls_ext_sr_finished (gnutls_session_t session, void *vdata, + size_t vdata_size, int dir) { -int ret; -sr_ext_st* priv; -extension_priv_data_t epriv; + int ret; + sr_ext_st *priv; + extension_priv_data_t epriv; if (session->internals.priorities.sr == SR_DISABLED) { return 0; } - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } priv = epriv.ptr; @@ -69,31 +71,32 @@ extension_priv_data_t epriv; /* Save data for safe renegotiation. */ if (vdata_size > MAX_VERIFY_DATA_SIZE) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } if ((session->security_parameters.entity == GNUTLS_CLIENT && dir == 0) || - (session->security_parameters.entity == GNUTLS_SERVER && dir == 1)) + (session->security_parameters.entity == GNUTLS_SERVER && dir == 1)) { - priv->client_verify_data_len = vdata_size; - memcpy (priv->client_verify_data, vdata, vdata_size); + priv->client_verify_data_len = vdata_size; + memcpy (priv->client_verify_data, vdata, vdata_size); } else { - priv->server_verify_data_len = vdata_size; - memcpy (priv->server_verify_data, vdata, vdata_size); + priv->server_verify_data_len = vdata_size; + memcpy (priv->server_verify_data, vdata, vdata_size); } return 0; } -int _gnutls_ext_sr_verify(gnutls_session_t session) +int +_gnutls_ext_sr_verify (gnutls_session_t session) { -int ret; -sr_ext_st* priv = NULL; -extension_priv_data_t epriv; + int ret; + sr_ext_st *priv = NULL; + extension_priv_data_t epriv; if (session->internals.priorities.sr == SR_DISABLED) { @@ -101,8 +104,9 @@ extension_priv_data_t epriv; return 0; } - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret >= 0) priv = epriv.ptr; @@ -113,175 +117,180 @@ extension_priv_data_t epriv; if ((priv->ri_extension_data_len < priv->client_verify_data_len) || (memcmp (priv->ri_extension_data, priv->client_verify_data, priv->client_verify_data_len))) - { - gnutls_assert (); - _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n", - session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } + { + gnutls_assert (); + _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n", + session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } if (session->security_parameters.entity == GNUTLS_CLIENT) - { - if ((priv->ri_extension_data_len != - priv->client_verify_data_len + priv->server_verify_data_len) || - memcmp (priv->ri_extension_data + priv->client_verify_data_len, - priv->server_verify_data, - priv->server_verify_data_len) != 0) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Safe renegotiation failed [2]\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } + { + if ((priv->ri_extension_data_len != + priv->client_verify_data_len + priv->server_verify_data_len) || + memcmp (priv->ri_extension_data + priv->client_verify_data_len, + priv->server_verify_data, + priv->server_verify_data_len) != 0) + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Safe renegotiation failed [2]\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } else /* Make sure there are 0 extra bytes */ - { - if (priv->ri_extension_data_len != priv->client_verify_data_len) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Safe renegotiation failed [3]\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } + { + if (priv->ri_extension_data_len != priv->client_verify_data_len) + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Safe renegotiation failed [3]\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n", session); } - else /* safe renegotiation not received... */ + else /* safe renegotiation not received... */ { if (priv && priv->connection_using_safe_renegotiation) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Peer previously asked for safe renegotiation\n", - session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Peer previously asked for safe renegotiation\n", + session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } /* Clients can't tell if it's an initial negotiation */ if (session->internals.initial_negotiation_completed) - { - if (session->internals.priorities.sr < SR_PARTIAL) - { - _gnutls_handshake_log - ("HSK[%p]: Allowing unsafe (re)negotiation\n", session); - } - else - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Denying unsafe (re)negotiation\n", session); - return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED; - } - } + { + if (session->internals.priorities.sr < SR_PARTIAL) + { + _gnutls_handshake_log + ("HSK[%p]: Allowing unsafe (re)negotiation\n", session); + } + else + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Denying unsafe (re)negotiation\n", session); + return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED; + } + } else - { - if (session->internals.priorities.sr < SR_SAFE) - { - _gnutls_handshake_log - ("HSK[%p]: Allowing unsafe initial negotiation\n", session); - } - else - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Denying unsafe initial negotiation\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } + { + if (session->internals.priorities.sr < SR_SAFE) + { + _gnutls_handshake_log + ("HSK[%p]: Allowing unsafe initial negotiation\n", session); + } + else + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Denying unsafe initial negotiation\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } } - - return 0; + + return 0; } /* if a server received the special ciphersuite. */ -int _gnutls_ext_sr_recv_cs(gnutls_session_t session) +int +_gnutls_ext_sr_recv_cs (gnutls_session_t session) { int ret, set = 0; - sr_ext_st* priv; + sr_ext_st *priv; extension_priv_data_t epriv; - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; } else if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } if (set != 0) { - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else priv = epriv.ptr; - + priv->safe_renegotiation_received = 1; priv->connection_using_safe_renegotiation = 1; if (set != 0) - _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); - return 0; + return 0; } -int _gnutls_ext_sr_send_cs(gnutls_session_t session) +int +_gnutls_ext_sr_send_cs (gnutls_session_t session) { int ret, set = 0; - sr_ext_st* priv; + sr_ext_st *priv; extension_priv_data_t epriv; - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; } else if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } if (set != 0) { - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else priv = epriv.ptr; - + if (set != 0) - _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); - return 0; + return 0; } static int _gnutls_sr_recv_params (gnutls_session_t session, - const opaque * data, - size_t _data_size) + const opaque * data, size_t _data_size) { int len = data[0]; ssize_t data_size = _data_size; - sr_ext_st* priv; + sr_ext_st *priv; extension_priv_data_t epriv; int set = 0, ret; @@ -293,26 +302,27 @@ _gnutls_sr_recv_params (gnutls_session_t session, return 0; } - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER) { set = 1; } else if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } if (set != 0) { - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -346,13 +356,14 @@ _gnutls_sr_recv_params (gnutls_session_t session, priv->connection_using_safe_renegotiation = 1; if (set != 0) - _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); return 0; } static int _gnutls_sr_send_params (gnutls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { /* The format of this extension is a one-byte length of verify data followed * by the verify data itself. Note that the length byte does not include @@ -360,7 +371,7 @@ _gnutls_sr_send_params (gnutls_session_t session, * the minimum extension is one byte: 0x00. */ ssize_t data_size = _data_size; - sr_ext_st* priv; + sr_ext_st *priv; int ret, set = 0; extension_priv_data_t epriv; @@ -370,8 +381,9 @@ _gnutls_sr_send_params (gnutls_session_t session, return 0; } - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; @@ -379,15 +391,17 @@ _gnutls_sr_send_params (gnutls_session_t session, if (set != 0) { - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; - - _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + epriv); } else priv = epriv.ptr; @@ -404,18 +418,19 @@ _gnutls_sr_send_params (gnutls_session_t session, DECR_LEN (data_size, priv->client_verify_data_len); if (priv->client_verify_data_len > 0) - memcpy (&data[1], priv->client_verify_data, priv->client_verify_data_len); + memcpy (&data[1], priv->client_verify_data, + priv->client_verify_data_len); if (session->security_parameters.entity == GNUTLS_SERVER) - { - data[0] += priv->server_verify_data_len; + { + data[0] += priv->server_verify_data_len; - DECR_LEN (data_size, priv->server_verify_data_len); + DECR_LEN (data_size, priv->server_verify_data_len); - if (priv->server_verify_data_len > 0) - memcpy (&data[1 + priv->client_verify_data_len], - priv->server_verify_data, priv->server_verify_data_len); - } + if (priv->server_verify_data_len > 0) + memcpy (&data[1 + priv->client_verify_data_len], + priv->server_verify_data, priv->server_verify_data_len); + } } else return 0; @@ -423,9 +438,10 @@ _gnutls_sr_send_params (gnutls_session_t session, return 1 + data[0]; /* don't forget the length byte */ } -static void _gnutls_sr_deinit_data(extension_priv_data_t priv) +static void +_gnutls_sr_deinit_data (extension_priv_data_t priv) { - gnutls_free(priv.ptr); + gnutls_free (priv.ptr); } /** @@ -443,15 +459,16 @@ static void _gnutls_sr_deinit_data(extension_priv_data_t priv) int gnutls_safe_renegotiation_status (gnutls_session_t session) { -int ret; -sr_ext_st* priv; -extension_priv_data_t epriv; + int ret; + sr_ext_st *priv; + extension_priv_data_t epriv; - ret = _gnutls_ext_get_session_data( session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv); + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return 0; } priv = epriv.ptr; diff --git a/lib/ext_safe_renegotiation.h b/lib/ext_safe_renegotiation.h index bc1635d884..3328bdeb6b 100644 --- a/lib/ext_safe_renegotiation.h +++ b/lib/ext_safe_renegotiation.h @@ -23,16 +23,17 @@ */ #ifndef EXT_SAFE_RENEGOTIATION_H -# define EXT_SAFE_RENEGOTIATION_H +#define EXT_SAFE_RENEGOTIATION_H #include <gnutls_extensions.h> -typedef struct { +typedef struct +{ uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE]; size_t client_verify_data_len; uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE]; size_t server_verify_data_len; - uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */ + uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */ size_t ri_extension_data_len; int safe_renegotiation_received:1; @@ -42,10 +43,10 @@ typedef struct { extern extension_entry_st ext_mod_sr; -int _gnutls_ext_sr_finished( gnutls_session_t session, void* vdata, - size_t vdata_size, int dir); -int _gnutls_ext_sr_recv_cs(gnutls_session_t session); -int _gnutls_ext_sr_verify(gnutls_session_t session); -int _gnutls_ext_sr_send_cs(gnutls_session_t); +int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata, + size_t vdata_size, int dir); +int _gnutls_ext_sr_recv_cs (gnutls_session_t session); +int _gnutls_ext_sr_verify (gnutls_session_t session); +int _gnutls_ext_sr_send_cs (gnutls_session_t); #endif /* EXT_SAFE_RENEGOTIATION_H */ diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index acda371c8d..afb6bb33b8 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -30,25 +30,28 @@ #include <ext_server_name.h> static int _gnutls_server_name_recv_params (gnutls_session_t session, - const opaque * data, size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_server_name_send_params (gnutls_session_t session, - opaque * data, size_t); + opaque * data, size_t); -static int _gnutls_server_name_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv); -static int _gnutls_server_name_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps); -static void _gnutls_server_name_deinit_data(extension_priv_data_t priv); +static int _gnutls_server_name_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv); +static int _gnutls_server_name_pack (extension_priv_data_t _priv, + gnutls_buffer_st * ps); +static void _gnutls_server_name_deinit_data (extension_priv_data_t priv); extension_entry_st ext_mod_server_name = { - .name = "SERVER NAME", - .type = GNUTLS_EXTENSION_SERVER_NAME, - .parse_type = GNUTLS_EXT_APPLICATION, - - .recv_func = _gnutls_server_name_recv_params, - .send_func = _gnutls_server_name_send_params, - .pack_func = _gnutls_server_name_pack, - .unpack_func = _gnutls_server_name_unpack, - .deinit_func = _gnutls_server_name_deinit_data, + .name = "SERVER NAME", + .type = GNUTLS_EXTENSION_SERVER_NAME, + .parse_type = GNUTLS_EXT_APPLICATION, + + .recv_func = _gnutls_server_name_recv_params, + .send_func = _gnutls_server_name_send_params, + .pack_func = _gnutls_server_name_pack, + .unpack_func = _gnutls_server_name_unpack, + .deinit_func = _gnutls_server_name_deinit_data, }; /* @@ -60,7 +63,8 @@ extension_entry_st ext_mod_server_name = { * in the session then it sends the extension to the peer. * */ -static int _gnutls_server_name_recv_params (gnutls_session_t session, +static int +_gnutls_server_name_recv_params (gnutls_session_t session, const opaque * data, size_t _data_size) { int i; @@ -68,9 +72,9 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session, uint16_t len, type; ssize_t data_size = _data_size; int server_names = 0; - server_name_ext_st* priv; + server_name_ext_st *priv; extension_priv_data_t epriv; - + if (session->security_parameters.entity == GNUTLS_SERVER) { DECR_LENGTH_RET (data_size, 2, 0); @@ -123,11 +127,11 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session, if (server_names == 0) return 0; /* no names found */ - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } priv->server_names_size = server_names; @@ -143,7 +147,7 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session, switch (type) { - case 0: /* NAME_DNS */ + case 0: /* NAME_DNS */ if (len <= MAX_SERVER_NAME_SIZE) { memcpy (priv->server_names[i].name, p, len); @@ -158,7 +162,8 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session, } epriv.ptr = priv; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SERVER_NAME, epriv); + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, + epriv); } @@ -176,10 +181,12 @@ _gnutls_server_name_send_params (gnutls_session_t session, unsigned i; ssize_t data_size = _data_size; int total_size = 0, ret; - server_name_ext_st* priv; + server_name_ext_st *priv; extension_priv_data_t epriv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SERVER_NAME, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, + &epriv); if (ret < 0) return 0; @@ -196,8 +203,7 @@ _gnutls_server_name_send_params (gnutls_session_t session, /* uint16_t */ total_size = 2; - for (i = 0; - i < priv->server_names_size; i++) + for (i = 0; i < priv->server_names_size; i++) { /* count the total size */ @@ -215,8 +221,7 @@ _gnutls_server_name_send_params (gnutls_session_t session, DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); _gnutls_write_uint16 (total_size - 2, p); p += 2; - for (i = 0; - i < priv->server_names_size; i++) + for (i = 0; i < priv->server_names_size; i++) { switch (priv->server_names[i].type) @@ -286,7 +291,7 @@ gnutls_server_name_get (gnutls_session_t session, void *data, unsigned int *type, unsigned int indx) { char *_data = data; - server_name_ext_st* priv; + server_name_ext_st *priv; int ret; extension_priv_data_t epriv; @@ -295,14 +300,16 @@ gnutls_server_name_get (gnutls_session_t session, void *data, gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SERVER_NAME, &epriv); + + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - + priv = epriv.ptr; if (indx + 1 > priv->server_names_size) @@ -312,12 +319,11 @@ gnutls_server_name_get (gnutls_session_t session, void *data, *type = priv->server_names[indx].type; - if (*data_length > /* greater since we need one extra byte for the null */ + if (*data_length > /* greater since we need one extra byte for the null */ priv->server_names[indx].name_length) { *data_length = priv->server_names[indx].name_length; - memcpy (data, priv->server_names[indx].name, - *data_length); + memcpy (data, priv->server_names[indx].name, *data_length); if (*type == GNUTLS_NAME_DNS) /* null terminate */ _data[(*data_length)] = 0; @@ -358,7 +364,7 @@ gnutls_server_name_set (gnutls_session_t session, const void *name, size_t name_length) { int server_names, ret; - server_name_ext_st* priv; + server_name_ext_st *priv; extension_priv_data_t epriv; int set = 0; @@ -371,7 +377,9 @@ gnutls_server_name_set (gnutls_session_t session, if (name_length > MAX_SERVER_NAME_SIZE) return GNUTLS_E_SHORT_MEMORY_BUFFER; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SERVER_NAME, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, + &epriv); if (ret < 0) { set = 1; @@ -379,17 +387,17 @@ gnutls_server_name_set (gnutls_session_t session, if (set != 0) { - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } epriv.ptr = priv; } else priv = epriv.ptr; - + server_names = priv->server_names_size + 1; if (server_names > MAX_SERVER_NAME_EXTENSIONS) @@ -400,65 +408,72 @@ gnutls_server_name_set (gnutls_session_t session, priv->server_names[server_names - 1].name_length = name_length; priv->server_names_size++; - + if (set != 0) - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SERVER_NAME, epriv); + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, + epriv); return 0; } -static void _gnutls_server_name_deinit_data(extension_priv_data_t priv) +static void +_gnutls_server_name_deinit_data (extension_priv_data_t priv) { - gnutls_free(priv.ptr); + gnutls_free (priv.ptr); } -static int _gnutls_server_name_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps) +static int +_gnutls_server_name_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) { -server_name_ext_st* priv = epriv.ptr; -int i, ret; + server_name_ext_st *priv = epriv.ptr; + int i, ret; - BUFFER_APPEND_NUM(ps, priv->server_names_size); - for (i = 0; i < priv->server_names_size;i++) + BUFFER_APPEND_NUM (ps, priv->server_names_size); + for (i = 0; i < priv->server_names_size; i++) { - BUFFER_APPEND_NUM(ps, priv->server_names[i].type); - BUFFER_APPEND_PFX(ps, priv->server_names[i].name, - priv->server_names[i].name_length); + BUFFER_APPEND_NUM (ps, priv->server_names[i].type); + BUFFER_APPEND_PFX (ps, priv->server_names[i].name, + priv->server_names[i].name_length); } return 0; } -static int _gnutls_server_name_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv) +static int +_gnutls_server_name_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv) { -server_name_ext_st* priv; -int i, ret; -extension_priv_data_t epriv; + server_name_ext_st *priv; + int i, ret; + extension_priv_data_t epriv; - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - BUFFER_POP_NUM(ps, priv->server_names_size); - for (i = 0; i < priv->server_names_size;i++) + BUFFER_POP_NUM (ps, priv->server_names_size); + for (i = 0; i < priv->server_names_size; i++) { - BUFFER_POP_NUM(ps, priv->server_names[i].type); - BUFFER_POP_NUM(ps, priv->server_names[i].name_length); - if (priv->server_names[i].name_length > sizeof(priv->server_names[i].name)) - { - gnutls_assert(); + BUFFER_POP_NUM (ps, priv->server_names[i].type); + BUFFER_POP_NUM (ps, priv->server_names[i].name_length); + if (priv->server_names[i].name_length > + sizeof (priv->server_names[i].name)) + { + gnutls_assert (); return GNUTLS_E_PARSING_ERROR; } - BUFFER_POP(ps, priv->server_names[i].name, priv->server_names[i].name_length); + BUFFER_POP (ps, priv->server_names[i].name, + priv->server_names[i].name_length); } epriv.ptr = priv; *_priv = epriv; - + return 0; error: - gnutls_free(priv); + gnutls_free (priv); return ret; } diff --git a/lib/ext_server_name.h b/lib/ext_server_name.h index af36ce849f..38d9ca1c8f 100644 --- a/lib/ext_server_name.h +++ b/lib/ext_server_name.h @@ -36,7 +36,8 @@ typedef struct #define MAX_SERVER_NAME_EXTENSIONS 3 -typedef struct { +typedef struct +{ server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; /* limit server_name extensions */ unsigned server_names_size; diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c index 2e1abfb26c..29f63af198 100644 --- a/lib/ext_session_ticket.c +++ b/lib/ext_session_ticket.c @@ -46,24 +46,25 @@ #define MAC_SIZE 32 static int session_ticket_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, size_t data_size); static int session_ticket_send_params (gnutls_session_t session, - opaque * data, size_t data_size); -static int session_ticket_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv); -static int session_ticket_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps); -static void session_ticket_deinit_data(extension_priv_data_t priv); + opaque * data, size_t data_size); +static int session_ticket_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv); +static int session_ticket_pack (extension_priv_data_t _priv, + gnutls_buffer_st * ps); +static void session_ticket_deinit_data (extension_priv_data_t priv); extension_entry_st ext_mod_session_ticket = { - .name = "SESSION TICKET", - .type = GNUTLS_EXTENSION_SESSION_TICKET, - .parse_type = GNUTLS_EXT_TLS, - - .recv_func = session_ticket_recv_params, - .send_func = session_ticket_send_params, - .pack_func = session_ticket_pack, - .unpack_func = session_ticket_unpack, - .deinit_func = session_ticket_deinit_data, + .name = "SESSION TICKET", + .type = GNUTLS_EXTENSION_SESSION_TICKET, + .parse_type = GNUTLS_EXT_TLS, + + .recv_func = session_ticket_recv_params, + .send_func = session_ticket_send_params, + .pack_func = session_ticket_pack, + .unpack_func = session_ticket_unpack, + .deinit_func = session_ticket_deinit_data, }; struct gnutls_session_ticket_key_st @@ -73,15 +74,16 @@ struct gnutls_session_ticket_key_st opaque mac_secret[SESSION_TICKET_MAC_SECRET_SIZE]; }; -typedef struct { - int session_ticket_enable; - int session_ticket_renew; - opaque session_ticket_IV[SESSION_TICKET_IV_SIZE]; +typedef struct +{ + int session_ticket_enable; + int session_ticket_renew; + opaque session_ticket_IV[SESSION_TICKET_IV_SIZE]; - opaque* session_ticket; - int session_ticket_len; + opaque *session_ticket; + int session_ticket_len; - struct gnutls_session_ticket_key_st key; + struct gnutls_session_ticket_key_st key; } session_ticket_ext_st; struct ticket @@ -120,7 +122,8 @@ digest_ticket (const gnutls_datum_t * key, struct ticket *ticket, } static int -decrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ticket *ticket) +decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, + struct ticket *ticket) { cipher_hd_st cipher_hd; gnutls_datum_t key, IV, mac_secret, state; @@ -189,7 +192,8 @@ decrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ti } static int -encrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ticket *ticket) +encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, + struct ticket *ticket) { cipher_hd_st cipher_hd; gnutls_datum_t key, IV, mac_secret, state, encrypted_state; @@ -263,14 +267,16 @@ encrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ti static int session_ticket_recv_params (gnutls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { ssize_t data_size = _data_size; - session_ticket_ext_st* priv=NULL; + session_ticket_ext_st *priv = NULL; extension_priv_data_t epriv; int ret; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET, + &epriv); if (ret < 0) { return 0; @@ -338,7 +344,7 @@ session_ticket_recv_params (gnutls_session_t session, return 0; } } - else /* Client */ + else /* Client */ { if (data_size == 0) { @@ -355,14 +361,16 @@ session_ticket_recv_params (gnutls_session_t session, */ static int session_ticket_send_params (gnutls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { ssize_t data_size = _data_size; - session_ticket_ext_st* priv=NULL; + session_ticket_ext_st *priv = NULL; extension_priv_data_t epriv; int ret; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET, + &epriv); if (ret >= 0) priv = epriv.ptr; @@ -378,13 +386,16 @@ session_ticket_send_params (gnutls_session_t session, } else { - ret = _gnutls_ext_get_resumed_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv); + ret = + _gnutls_ext_get_resumed_session_data (session, + GNUTLS_EXTENSION_SESSION_TICKET, + &epriv); if (ret >= 0) priv = epriv.ptr; /* no previous data. Just advertize it */ if (ret < 0) - return GNUTLS_E_INT_RET_0; + return GNUTLS_E_INT_RET_0; /* previous data had session tickets disabled. Don't advertize. Ignore. */ if (!priv->session_ticket_enable) @@ -392,7 +403,8 @@ session_ticket_send_params (gnutls_session_t session, if (priv->session_ticket_len > 0) { - DECR_LENGTH_RET (data_size, priv->session_ticket_len, GNUTLS_E_SHORT_MEMORY_BUFFER); + DECR_LENGTH_RET (data_size, priv->session_ticket_len, + GNUTLS_E_SHORT_MEMORY_BUFFER); memcpy (data, priv->session_ticket, priv->session_ticket_len); return priv->session_ticket_len; @@ -402,51 +414,54 @@ session_ticket_send_params (gnutls_session_t session, } -static void session_ticket_deinit_data(extension_priv_data_t epriv) +static void +session_ticket_deinit_data (extension_priv_data_t epriv) { -session_ticket_ext_st* priv = epriv.ptr; + session_ticket_ext_st *priv = epriv.ptr; - gnutls_free(priv->session_ticket); - gnutls_free(priv); + gnutls_free (priv->session_ticket); + gnutls_free (priv); } -static int session_ticket_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps) +static int +session_ticket_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) { -session_ticket_ext_st* priv = epriv.ptr; -int ret; + session_ticket_ext_st *priv = epriv.ptr; + int ret; - BUFFER_APPEND_PFX(ps, priv->session_ticket, priv->session_ticket_len); - BUFFER_APPEND_NUM(ps, priv->session_ticket_enable); + BUFFER_APPEND_PFX (ps, priv->session_ticket, priv->session_ticket_len); + BUFFER_APPEND_NUM (ps, priv->session_ticket_enable); return 0; } -static int session_ticket_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv) +static int +session_ticket_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv) { -session_ticket_ext_st* priv=NULL; -int ret; -extension_priv_data_t epriv; -gnutls_datum ticket; + session_ticket_ext_st *priv = NULL; + int ret; + extension_priv_data_t epriv; + gnutls_datum ticket; - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - - BUFFER_POP_DATUM(ps, &ticket); + + BUFFER_POP_DATUM (ps, &ticket); priv->session_ticket = ticket.data; priv->session_ticket_len = ticket.size; - BUFFER_POP_NUM(ps, priv->session_ticket_enable); + BUFFER_POP_NUM (ps, priv->session_ticket_enable); epriv.ptr = priv; *_priv = epriv; - + return 0; error: - gnutls_free(priv); + gnutls_free (priv); return ret; } @@ -504,7 +519,7 @@ gnutls_session_ticket_key_generate (gnutls_datum_t * key) int gnutls_session_ticket_enable_client (gnutls_session_t session) { - session_ticket_ext_st* priv=NULL; + session_ticket_ext_st *priv = NULL; extension_priv_data_t epriv; if (!session) @@ -513,18 +528,18 @@ gnutls_session_ticket_enable_client (gnutls_session_t session) return GNUTLS_E_INVALID_REQUEST; } - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } priv->session_ticket_enable = 1; epriv.ptr = priv; - _gnutls_ext_set_session_data(session, - GNUTLS_EXTENSION_SESSION_TICKET, epriv); - + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_SESSION_TICKET, epriv); + return 0; } @@ -547,7 +562,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session, const gnutls_datum_t * key) { int ret; - session_ticket_ext_st* priv=NULL; + session_ticket_ext_st *priv = NULL; extension_priv_data_t epriv; if (!session || !key @@ -557,27 +572,26 @@ gnutls_session_ticket_enable_server (gnutls_session_t session, return GNUTLS_E_INVALID_REQUEST; } - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } epriv.ptr = priv; - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, - priv->session_ticket_IV, IV_SIZE); + ret = _gnutls_rnd (GNUTLS_RND_RANDOM, priv->session_ticket_IV, IV_SIZE); if (ret < 0) { gnutls_assert (); return ret; } - memcpy(&priv->key, key->data, key->size); + memcpy (&priv->key, key->data, key->size); priv->session_ticket_enable = 1; - _gnutls_ext_set_session_data(session, - GNUTLS_EXTENSION_SESSION_TICKET, epriv); + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_SESSION_TICKET, epriv); return 0; } @@ -591,17 +605,20 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) int ret; struct ticket ticket; uint16_t ticket_len; - session_ticket_ext_st* priv=NULL; + session_ticket_ext_st *priv = NULL; extension_priv_data_t epriv; uint16_t epoch_saved = session->security_parameters.epoch_write; if (again == 0) { - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv); + ret = + _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SESSION_TICKET, + &epriv); if (ret < 0) - return 0; + return 0; priv = epriv.ptr; - + if (!priv->session_ticket_renew) return 0; @@ -609,14 +626,17 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) _gnutls_write_connection_state_init() does this job, but it also triggers encryption, while NewSessionTicket should not be encrypted in the record layer. */ - ret = _gnutls_epoch_set_keys (session, session->security_parameters.epoch_next); + ret = + _gnutls_epoch_set_keys (session, + session->security_parameters.epoch_next); if (ret < 0) { gnutls_assert (); return ret; } - session->security_parameters.epoch_write = session->security_parameters.epoch_next; + session->security_parameters.epoch_write = + session->security_parameters.epoch_next; ret = encrypt_ticket (session, priv, &ticket); session->security_parameters.epoch_write = epoch_saved; @@ -629,7 +649,8 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len + MAC_SIZE; - bufel = _gnutls_handshake_alloc (4 + 2 + ticket_len, 4+2+ticket_len); + bufel = + _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len); if (!bufel) { gnutls_assert (); @@ -637,10 +658,10 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) return GNUTLS_E_MEMORY_ERROR; } - data = _mbuffer_get_udata_ptr(bufel); + data = _mbuffer_get_udata_ptr (bufel); p = data; - _gnutls_write_uint32 ( session->internals.expire_time, p); + _gnutls_write_uint32 (session->internals.expire_time, p); p += 4; _gnutls_write_uint16 (ticket_len, p); @@ -678,14 +699,16 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session) uint32_t lifetime_hint; uint16_t ticket_len; int ret; - session_ticket_ext_st* priv=NULL; + session_ticket_ext_st *priv = NULL; extension_priv_data_t epriv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET, + &epriv); if (ret < 0) { - gnutls_assert(); - return 0; + gnutls_assert (); + return 0; } priv = epriv.ptr; @@ -724,7 +747,8 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session) /* Discard the current session ID. (RFC5077 3.4) */ ret = _gnutls_generate_session_id (session->security_parameters.session_id, - &session->security_parameters.session_id_size); + &session-> + security_parameters.session_id_size); if (ret < 0) { gnutls_assert (); diff --git a/lib/ext_session_ticket.h b/lib/ext_session_ticket.h index e8a531b909..608b7d5ce7 100644 --- a/lib/ext_session_ticket.h +++ b/lib/ext_session_ticket.h @@ -23,9 +23,9 @@ */ #ifndef EXT_SESSION_TICKET_H -# define EXT_SESSION_TICKET_H +#define EXT_SESSION_TICKET_H -# ifdef ENABLE_SESSION_TICKET +#ifdef ENABLE_SESSION_TICKET #include <gnutls_extensions.h> @@ -34,5 +34,5 @@ extern extension_entry_st ext_mod_session_ticket; int _gnutls_send_new_session_ticket (gnutls_session_t session, int again); int _gnutls_recv_new_session_ticket (gnutls_session_t session); -# endif +#endif #endif diff --git a/lib/ext_signature.c b/lib/ext_signature.c index abc2da9088..03b47d12dc 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -36,27 +36,30 @@ #include <gnutls_algorithms.h> static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_signature_algorithm_send_params (gnutls_session_t session, - opaque * data, size_t); -static void signature_algorithms_deinit_data(extension_priv_data_t priv); -static int signature_algorithms_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps); -static int signature_algorithms_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv); + opaque * data, size_t); +static void signature_algorithms_deinit_data (extension_priv_data_t priv); +static int signature_algorithms_pack (extension_priv_data_t epriv, + gnutls_buffer_st * ps); +static int signature_algorithms_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv); extension_entry_st ext_mod_sig = { - .name = "SIGNATURE ALGORITHMS", - .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - .parse_type = GNUTLS_EXT_TLS, - - .recv_func = _gnutls_signature_algorithm_recv_params, - .send_func = _gnutls_signature_algorithm_send_params, - .pack_func = signature_algorithms_pack, - .unpack_func = signature_algorithms_unpack, - .deinit_func = signature_algorithms_deinit_data, + .name = "SIGNATURE ALGORITHMS", + .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + .parse_type = GNUTLS_EXT_TLS, + + .recv_func = _gnutls_signature_algorithm_recv_params, + .send_func = _gnutls_signature_algorithm_send_params, + .pack_func = signature_algorithms_pack, + .unpack_func = signature_algorithms_unpack, + .deinit_func = signature_algorithms_deinit_data, }; -typedef struct { +typedef struct +{ /* TLS 1.2 signature algorithms */ gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS]; uint16_t sign_algorithms_size; @@ -106,14 +109,14 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, const opaque * data, size_t data_size) { int sig, i; - sig_ext_st * priv; + sig_ext_st *priv; extension_priv_data_t epriv; - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } for (i = 0; i < data_size; i += 2) @@ -126,15 +129,15 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, sig = _gnutls_tls_aid_to_sign (&aid); if (sig != GNUTLS_SIGN_UNKNOWN) { - priv->sign_algorithms[priv->sign_algorithms_size++] - = sig; + priv->sign_algorithms[priv->sign_algorithms_size++] = sig; if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS) break; } } - epriv.ptr = priv; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv); + epriv.ptr = priv; + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv); return 0; } @@ -232,11 +235,13 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, unsigned i; int ret; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - sig_ext_st * priv; + sig_ext_st *priv; extension_priv_data_t epriv; - ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + ret = + _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); priv = epriv.ptr; if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver) @@ -247,14 +252,11 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, return _gnutls_x509_pk_to_sign (pk, *hash); } - for (i = 0; - i < priv->sign_algorithms_size; i++) + for (i = 0; i < priv->sign_algorithms_size; i++) { - if (_gnutls_sign_get_pk_algorithm - (priv->sign_algorithms[i]) == pk) + if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == pk) { - *hash = - _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]); + *hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]); return priv->sign_algorithms[i]; } } @@ -274,7 +276,7 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session, unsigned i; int ret, hash; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - sig_ext_st * priv; + sig_ext_st *priv; extension_priv_data_t epriv; if (!_gnutls_version_has_selectable_sighash (ver)) @@ -282,17 +284,19 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session, return 0; } - ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + ret = + _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); /* extension not received allow SHA1 and SHA256 */ - hash = _gnutls_sign_get_hash_algorithm(sig); + hash = _gnutls_sign_get_hash_algorithm (sig); if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256) - return 0; + return 0; else - return ret; + return ret; } priv = epriv.ptr; @@ -302,8 +306,7 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session, return 0; } - for (i = 0; - i < priv->sign_algorithms_size; i++) + for (i = 0; i < priv->sign_algorithms_size; i++) { if (priv->sign_algorithms[i] == sig) { @@ -325,14 +328,16 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session, unsigned i; int ret; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - sig_ext_st * priv; + sig_ext_st *priv; extension_priv_data_t epriv; - ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + ret = + _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return 0; } priv = epriv.ptr; @@ -355,50 +360,54 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session, return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } -static void signature_algorithms_deinit_data(extension_priv_data_t priv) +static void +signature_algorithms_deinit_data (extension_priv_data_t priv) { - gnutls_free(priv.ptr); + gnutls_free (priv.ptr); } -static int signature_algorithms_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps) +static int +signature_algorithms_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) { -sig_ext_st* priv = epriv.ptr; -int ret, i; + sig_ext_st *priv = epriv.ptr; + int ret, i; - BUFFER_APPEND_NUM(ps, priv->sign_algorithms_size); - for (i = 0; i < priv->sign_algorithms_size;i++) + BUFFER_APPEND_NUM (ps, priv->sign_algorithms_size); + for (i = 0; i < priv->sign_algorithms_size; i++) { - BUFFER_APPEND_NUM(ps, priv->sign_algorithms[i]); + BUFFER_APPEND_NUM (ps, priv->sign_algorithms[i]); } return 0; } -static int signature_algorithms_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv) +static int +signature_algorithms_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv) { -sig_ext_st* priv; -int i, ret; -extension_priv_data_t epriv; + sig_ext_st *priv; + int i, ret; + extension_priv_data_t epriv; - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - BUFFER_POP_NUM(ps, priv->sign_algorithms_size); - for (i = 0; i < priv->sign_algorithms_size;i++) + BUFFER_POP_NUM (ps, priv->sign_algorithms_size); + for (i = 0; i < priv->sign_algorithms_size; i++) { - BUFFER_POP_NUM(ps, priv->sign_algorithms[i]); + BUFFER_POP_NUM (ps, priv->sign_algorithms[i]); } epriv.ptr = priv; *_priv = epriv; - + return 0; error: - gnutls_free(priv); + gnutls_free (priv); return ret; } @@ -431,15 +440,17 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session, gnutls_sign_algorithm_t * algo) { gnutls_protocol_t ver = gnutls_protocol_get_version (session); - sig_ext_st * priv; + sig_ext_st *priv; extension_priv_data_t epriv; int ret; - ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + ret = + _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } priv = epriv.ptr; diff --git a/lib/ext_signature.h b/lib/ext_signature.h index 2e41b60268..c7c3ab438c 100644 --- a/lib/ext_signature.h +++ b/lib/ext_signature.h @@ -26,7 +26,7 @@ /* signature algorithms extension */ #ifndef EXT_SIGNATURE_H -# define EXT_SIGNATURE_H +#define EXT_SIGNATURE_H #include <gnutls_extensions.h> diff --git a/lib/ext_srp.c b/lib/ext_srp.c index 868714c979..886ebd03ec 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -35,23 +35,26 @@ #include <gnutls_num.h> #include <gnutls_extensions.h> -static int _gnutls_srp_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv); -static int _gnutls_srp_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps); -static void _gnutls_srp_deinit_data(extension_priv_data_t epriv); -static int _gnutls_srp_recv_params (gnutls_session_t state, const opaque * data, - size_t data_size); -static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data, size_t); +static int _gnutls_srp_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv); +static int _gnutls_srp_pack (extension_priv_data_t epriv, + gnutls_buffer_st * ps); +static void _gnutls_srp_deinit_data (extension_priv_data_t epriv); +static int _gnutls_srp_recv_params (gnutls_session_t state, + const opaque * data, size_t data_size); +static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data, + size_t); extension_entry_st ext_mod_srp = { - .name = "SRP", - .type = GNUTLS_EXTENSION_SRP, - .parse_type = GNUTLS_EXT_TLS, - - .recv_func = _gnutls_srp_recv_params, - .send_func = _gnutls_srp_send_params, - .pack_func = _gnutls_srp_pack, - .unpack_func = _gnutls_srp_unpack, - .deinit_func = _gnutls_srp_deinit_data + .name = "SRP", + .type = GNUTLS_EXTENSION_SRP, + .parse_type = GNUTLS_EXT_TLS, + + .recv_func = _gnutls_srp_recv_params, + .send_func = _gnutls_srp_send_params, + .pack_func = _gnutls_srp_pack, + .unpack_func = _gnutls_srp_unpack, + .deinit_func = _gnutls_srp_deinit_data }; @@ -62,8 +65,8 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data, uint8_t len; ssize_t data_size = _data_size; extension_priv_data_t epriv; - srp_ext_st * priv; - + srp_ext_st *priv; + if (session->security_parameters.entity == GNUTLS_SERVER) { if (data_size > 0) @@ -76,15 +79,15 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data, gnutls_assert (); return GNUTLS_E_ILLEGAL_SRP_USERNAME; } - - priv = gnutls_calloc(1, sizeof(*priv)); + + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - priv->username = gnutls_malloc(len+1); + priv->username = gnutls_malloc (len + 1); if (priv->username) { memcpy (priv->username, &data[1], len); @@ -93,7 +96,7 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data, } epriv.ptr = priv; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SRP, epriv); + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv); } } return 0; @@ -108,7 +111,7 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data, { unsigned len; extension_priv_data_t epriv; - srp_ext_st * priv; + srp_ext_st *priv; if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 && _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 && @@ -165,10 +168,10 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data, return GNUTLS_E_SHORT_MEMORY_BUFFER; } - priv = gnutls_malloc(sizeof(*priv)); + priv = gnutls_malloc (sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } @@ -176,7 +179,7 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data, priv->password = password; epriv.ptr = priv; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SRP, epriv); + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv); data[0] = (uint8_t) len; memcpy (&data[1], username, len); @@ -186,61 +189,66 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data, return 0; } -static void _gnutls_srp_deinit_data(extension_priv_data_t epriv) +static void +_gnutls_srp_deinit_data (extension_priv_data_t epriv) { - srp_ext_st * priv = epriv.ptr; + srp_ext_st *priv = epriv.ptr; - gnutls_free(priv->username); - gnutls_free(priv->password); - gnutls_free(priv); + gnutls_free (priv->username); + gnutls_free (priv->password); + gnutls_free (priv); } -static int _gnutls_srp_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps) +static int +_gnutls_srp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) { -srp_ext_st* priv = epriv.ptr; -int ret; -int password_len = 0, username_len = 0; + srp_ext_st *priv = epriv.ptr; + int ret; + int password_len = 0, username_len = 0; if (priv->username) - username_len = strlen(priv->username); + username_len = strlen (priv->username); if (priv->password) - password_len = strlen(priv->password); + password_len = strlen (priv->password); - BUFFER_APPEND_PFX(ps, priv->username, username_len); - BUFFER_APPEND_PFX(ps, priv->password, password_len); + BUFFER_APPEND_PFX (ps, priv->username, username_len); + BUFFER_APPEND_PFX (ps, priv->password, password_len); return 0; } -static int _gnutls_srp_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv) +static int +_gnutls_srp_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv) { -srp_ext_st* priv; -int ret; -extension_priv_data_t epriv; -gnutls_datum username = { NULL, 0 }, password = {NULL, 0}; + srp_ext_st *priv; + int ret; + extension_priv_data_t epriv; + gnutls_datum username = { NULL, 0 }, password = + { + NULL, 0}; - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - BUFFER_POP_DATUM(ps, &username); - BUFFER_POP_DATUM(ps, &password); - + BUFFER_POP_DATUM (ps, &username); + BUFFER_POP_DATUM (ps, &password); + priv->username = username.data; priv->password = password.data; - + epriv.ptr = priv; *_priv = epriv; - + return 0; error: - _gnutls_free_datum(&username); - _gnutls_free_datum(&password); + _gnutls_free_datum (&username); + _gnutls_free_datum (&password); return ret; } diff --git a/lib/ext_srp.h b/lib/ext_srp.h index a1146b024a..9ebcf23715 100644 --- a/lib/ext_srp.h +++ b/lib/ext_srp.h @@ -28,18 +28,19 @@ #include <gnutls_extensions.h> -# ifdef ENABLE_SRP +#ifdef ENABLE_SRP -# define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \ +#define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \ kx == GNUTLS_KX_SRP_DSS)?1:0) extern extension_entry_st ext_mod_srp; -typedef struct { - char* username; - char* password; +typedef struct +{ + char *username; + char *password; } srp_ext_st; -# endif +#endif #endif diff --git a/lib/gcrypt/init.c b/lib/gcrypt/init.c index 4566bc217d..6d530a98a4 100644 --- a/lib/gcrypt/init.c +++ b/lib/gcrypt/init.c @@ -43,22 +43,23 @@ static struct gcry_thread_cbs gct = { .recvmsg = NULL, }; -int gnutls_crypto_init(void) +int +gnutls_crypto_init (void) { /* Initialize libgcrypt if it hasn't already been initialized. */ if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0) { const char *p; - if (gnutls_mutex_init != NULL) - { + if (gnutls_mutex_init != NULL) + { gct.mutex_init = gnutls_mutex_init; gct.mutex_destroy = gnutls_mutex_deinit; gct.mutex_lock = gnutls_mutex_lock; gct.mutex_unlock = gnutls_mutex_unlock; - gcry_control (GCRYCTL_SET_THREAD_CBS, &gct); - } + gcry_control (GCRYCTL_SET_THREAD_CBS, &gct); + } p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION); @@ -75,9 +76,9 @@ int gnutls_crypto_init(void) gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); - + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); } - return 0; + return 0; } diff --git a/lib/gcrypt/mpi.c b/lib/gcrypt/mpi.c index 30e0d23fc3..fbba1e8f05 100644 --- a/lib/gcrypt/mpi.c +++ b/lib/gcrypt/mpi.c @@ -76,18 +76,21 @@ wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes, return GNUTLS_E_INVALID_REQUEST; ret = gcry_mpi_print (format, buffer, *nbytes, nbytes, a); - if (!ret) { - if (buffer==NULL || init_bytes < *nbytes) { - - /* in STD format we may want to include - * an extra byte for zero. Sometimes the gcry_ - * function doesn't add it. - */ - if (format == GNUTLS_MPI_FORMAT_STD) (*nbytes)++; - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (!ret) + { + if (buffer == NULL || init_bytes < *nbytes) + { + + /* in STD format we may want to include + * an extra byte for zero. Sometimes the gcry_ + * function doesn't add it. + */ + if (format == GNUTLS_MPI_FORMAT_STD) + (*nbytes)++; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + return 0; } - return 0; - } return GNUTLS_E_MPI_PRINT_FAILED; } diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c index c0b0005161..95507b17b5 100644 --- a/lib/gcrypt/pk.c +++ b/lib/gcrypt/pk.c @@ -631,7 +631,7 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits) if (*resarr_len < RSA_PRIVATE_PARAMS) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } @@ -732,30 +732,30 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits) /* generate e1 and e2 */ *resarr_len = 6; - - tmp = _gnutls_mpi_alloc_like(resarr[0]); + + tmp = _gnutls_mpi_alloc_like (resarr[0]); if (tmp == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } - ret = _gnutls_calc_rsa_exp(resarr, 2 + *resarr_len); + ret = _gnutls_calc_rsa_exp (resarr, 2 + *resarr_len); if (ret < 0) { - gnutls_assert(); - ret= GNUTLS_E_MEMORY_ERROR; + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } - (*resarr_len)+=2; + (*resarr_len) += 2; return 0; cleanup: - for (i=0;i<*resarr_len;i++) - _gnutls_mpi_release(&resarr[i]); + for (i = 0; i < *resarr_len; i++) + _gnutls_mpi_release (&resarr[i]); return ret; } @@ -807,7 +807,7 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo, if (algo != GNUTLS_PK_RSA) return 0; - if (params->params[5]==NULL) + if (params->params[5] == NULL) params->params[5] = _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0])); @@ -820,21 +820,22 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo, ret = 1; if (direction == GNUTLS_IMPORT) { - /* calculate exp1 [6] and exp2 [7] */ - _gnutls_mpi_release(¶ms->params[6]); - _gnutls_mpi_release(¶ms->params[7]); - result = _gnutls_calc_rsa_exp(params->params, RSA_PRIVATE_PARAMS); - if (result < 0) - { - gnutls_assert(); - return result; - } + /* calculate exp1 [6] and exp2 [7] */ + _gnutls_mpi_release (¶ms->params[6]); + _gnutls_mpi_release (¶ms->params[7]); + result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS); + if (result < 0) + { + gnutls_assert (); + return result; + } ret = - gcry_mpi_invm (params->params[5], params->params[3], params->params[4]); + gcry_mpi_invm (params->params[5], params->params[3], + params->params[4]); - params->params_nr = RSA_PRIVATE_PARAMS; - } + params->params_nr = RSA_PRIVATE_PARAMS; + } else if (direction == GNUTLS_EXPORT) ret = gcry_mpi_invm (params->params[5], params->params[4], params->params[3]); diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index c376fd5d0d..1560d55879 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -133,7 +133,9 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level, _gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0], data[1], name); - if ((ret = _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data, 2, MBUFFER_FLUSH)) >= 0) + if ((ret = + _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data, + 2, MBUFFER_FLUSH)) >= 0) return 0; else return ret; diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 2acf1aad9a..be89b34cc3 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -34,13 +34,13 @@ typedef struct { const char *name; gnutls_sec_param_t sec_param; - int bits; /* security level */ - int pk_bits; /* DH, RSA, SRP */ - int dsa_bits; /* bits for DSA. Handled differently since - * choice of key size in DSA is political. - */ - int subgroup_bits; /* subgroup bits */ - int ecc_bits; /* bits for ECC keys */ + int bits; /* security level */ + int pk_bits; /* DH, RSA, SRP */ + int dsa_bits; /* bits for DSA. Handled differently since + * choice of key size in DSA is political. + */ + int subgroup_bits; /* subgroup bits */ + int ecc_bits; /* bits for ECC keys */ } gnutls_sec_params_entry; static const gnutls_sec_params_entry sec_params[] = { @@ -2166,9 +2166,9 @@ static const gnutls_pk_entry pk_algorithms[] = { /* having duplicate entries is ok, as long as the one * we want to return OID from is first */ {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA}, - {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */ - {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */ - {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ + {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */ + {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */ + {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ {"DSA", PK_DSA_OID, GNUTLS_PK_DSA}, {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, @@ -2328,19 +2328,26 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm) * Returns: The number of bits, or zero. * **/ -unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, - gnutls_sec_param_t param) +unsigned int +gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, + gnutls_sec_param_t param) { -unsigned int ret = 0; + unsigned int ret = 0; /* handle DSA differently */ - if (algo == GNUTLS_PK_DSA) + if (algo == GNUTLS_PK_DSA) { - GNUTLS_SEC_PARAM_LOOP ( if (p->sec_param == param) { ret = p->dsa_bits; break; }); - return ret; + GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) + { + ret = p->dsa_bits; break;} + ); + return ret; } - GNUTLS_SEC_PARAM_LOOP ( if (p->sec_param == param) { ret = p->pk_bits; break; }); + GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) + { + ret = p->pk_bits; break;} + ); return ret; } @@ -2348,11 +2355,15 @@ unsigned int ret = 0; /* Returns the corresponding size for subgroup bits (q), * given the group bits (p). */ -unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits) +unsigned int +_gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits) { -unsigned int ret = 0; + unsigned int ret = 0; - GNUTLS_SEC_PARAM_LOOP ( if (p->pk_bits >= pk_bits) { ret = p->subgroup_bits; break; }); + GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits) + { + ret = p->subgroup_bits; break;} + ); return ret; } @@ -2370,9 +2381,12 @@ unsigned int ret = 0; const char * gnutls_sec_param_get_name (gnutls_sec_param_t param) { -const char* ret = "Unknown"; + const char *ret = "Unknown"; - GNUTLS_SEC_PARAM_LOOP ( if (p->sec_param == param) { ret = p->name; break; }); + GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) + { + ret = p->name; break;} + ); return ret; } @@ -2389,16 +2403,15 @@ const char* ret = "Unknown"; * Returns: The security parameter. * **/ -gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, - unsigned int bits) +gnutls_sec_param_t +gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits) { gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK; - GNUTLS_SEC_PARAM_LOOP ( - if (p->pk_bits > bits) - { break; } - ret = p->sec_param; - ); + GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits) + { + break;} + ret = p->sec_param;); return ret; } diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 0e84a1265a..191a808eb3 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -24,7 +24,7 @@ */ #ifndef ALGORITHMS_H -# define ALGORITHMS_H +#define ALGORITHMS_H #include "gnutls_auth.h" diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index b54be90e3b..4738c5c9f0 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_AUTH_H -# define GNUTLS_AUTH_H +#define GNUTLS_AUTH_H typedef struct mod_auth_st_int { diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 1964c72455..c190a3de70 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -59,7 +59,7 @@ #include <errno.h> #ifndef EAGAIN -# define EAGAIN EWOULDBLOCK +#define EAGAIN EWOULDBLOCK #endif /* this is the maximum number of messages allowed to queue. @@ -249,17 +249,20 @@ _gnutls_record_buffer_get (content_type_t type, return length; } -inline static void reset_errno(gnutls_session_t session) -{ +inline static void +reset_errno (gnutls_session_t session) +{ session->internals.errnum = 0; } -inline static int get_errno(gnutls_session_t session) +inline static int +get_errno (gnutls_session_t session) { if (session->internals.errnum != 0) return session->internals.errnum; - else - return session->internals.errno_func(session->internals.transport_recv_ptr); + else + return session->internals.errno_func (session-> + internals.transport_recv_ptr); } @@ -269,7 +272,7 @@ inline static int get_errno(gnutls_session_t session) * Flags are only used if the default recv() function is being used. */ static ssize_t -_gnutls_read (gnutls_session_t session, mbuffer_st **bufel, +_gnutls_read (gnutls_session_t session, mbuffer_st ** bufel, size_t size, gnutls_pull_func pull_func) { size_t left; @@ -296,13 +299,13 @@ _gnutls_read (gnutls_session_t session, mbuffer_st **bufel, left = size; while (left > 0) { - reset_errno(session); + reset_errno (session); i = pull_func (fd, &ptr[size - left], left); if (i < 0) { - int err = get_errno(session); + int err = get_errno (session); _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n", (int) i, fd, errno, session->internals.errnum); @@ -356,50 +359,52 @@ finish: static ssize_t -_gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec, int giovec_cnt) +_gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec, + int giovec_cnt) { int ret, j = 0; gnutls_transport_ptr_t fd = session->internals.transport_send_ptr; - void* iptr; + void *iptr; size_t sizeOfPtr; size_t total = 0; - for (j=0;j<giovec_cnt;j++) + for (j = 0; j < giovec_cnt; j++) { sizeOfPtr = giovec[j].iov_len; iptr = giovec[j].iov_base; - + ret = session->internals.push_func (fd, iptr, sizeOfPtr); if (ret == -1) - break; + break; total += ret; } if (total > 0) return total; - + return ret; } static ssize_t -_gnutls_writev (gnutls_session_t session, const giovec_t * giovec, int giovec_cnt) +_gnutls_writev (gnutls_session_t session, const giovec_t * giovec, + int giovec_cnt) { int i; gnutls_transport_ptr_t fd = session->internals.transport_send_ptr; - reset_errno(session); + reset_errno (session); if (session->internals.push_func != NULL) - i = _gnutls_writev_emu(session, giovec, giovec_cnt); + i = _gnutls_writev_emu (session, giovec, giovec_cnt); else i = session->internals.vec_push_func (fd, giovec, giovec_cnt); if (i == -1) { - int err = get_errno(session); -_gnutls_debug_log("errno: %d\n", err); + int err = get_errno (session); + _gnutls_debug_log ("errno: %d\n", err); if (err == EAGAIN) return GNUTLS_E_AGAIN; else if (err == EINTR) @@ -431,7 +436,9 @@ _gnutls_io_clear_peeked_data (gnutls_session_t session) sum = 0; do { /* we need this to finish now */ - ret = _gnutls_read (session, &peekdata, RCVLOWAT - sum, session->internals.pull_func); + ret = + _gnutls_read (session, &peekdata, RCVLOWAT - sum, + session->internals.pull_func); if (ret > 0) sum += ret; _mbuffer_xfree (&peekdata); @@ -465,7 +472,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, { ssize_t ret = 0, ret2 = 0; size_t min; - mbuffer_st *bufel=NULL; + mbuffer_st *bufel = NULL; size_t recvlowat, recvdata, readsize; if (total > MAX_RECV_SIZE || total == 0) @@ -537,14 +544,16 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, */ if (readsize > 0) { - ret = _gnutls_read (session, &bufel, readsize, session->internals.pull_func); + ret = + _gnutls_read (session, &bufel, readsize, + session->internals.pull_func); /* return immediately if we got an interrupt or eagain * error. */ if (ret < 0 && gnutls_error_is_fatal (ret) == 0) { - _mbuffer_xfree(&bufel); + _mbuffer_xfree (&bufel); return ret; } } @@ -561,7 +570,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel); } else - _mbuffer_xfree(&bufel); + _mbuffer_xfree (&bufel); /* This is hack in order for select to work. Just leave recvlowat data, @@ -575,7 +584,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0) { - _mbuffer_xfree(&bufel); + _mbuffer_xfree (&bufel); return ret2; } @@ -585,13 +594,13 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, (int) ret2); _gnutls_read_log ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", - (int) session->internals.record_recv_buffer.byte_length, (int) ret2, - (int) total); + (int) session->internals.record_recv_buffer.byte_length, + (int) ret2, (int) total); session->internals.have_peeked_data = 1; _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel); } else - _mbuffer_xfree(&bufel); + _mbuffer_xfree (&bufel); } if (ret < 0 || ret2 < 0) @@ -644,16 +653,16 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, */ ssize_t _gnutls_io_write_buffered (gnutls_session_t session, - mbuffer_st *bufel, unsigned int mflag) + mbuffer_st * bufel, unsigned int mflag) { - mbuffer_head_st * const send_buffer = &session->internals.record_send_buffer; + mbuffer_head_st *const send_buffer = &session->internals.record_send_buffer; _mbuffer_enqueue (send_buffer, bufel); _gnutls_write_log ("WRITE: enqueued %d bytes for %p. Total %d bytes.\n", - (int)bufel->msg.size, session->internals.transport_recv_ptr, - (int)send_buffer->byte_length); + (int) bufel->msg.size, session->internals.transport_recv_ptr, + (int) send_buffer->byte_length); if (mflag == MBUFFER_FLUSH) return _gnutls_io_write_flush (session); @@ -661,7 +670,7 @@ _gnutls_io_write_buffered (gnutls_session_t session, return bufel->msg.size; } -typedef ssize_t (*send_func)(gnutls_session_t, const giovec_t *, int); +typedef ssize_t (*send_func) (gnutls_session_t, const giovec_t *, int); /* This function writes the data that are left in the * TLS write buffer (ie. because the previous write was @@ -671,59 +680,58 @@ ssize_t _gnutls_io_write_flush (gnutls_session_t session) { gnutls_datum_t msg; - mbuffer_head_st * send_buffer = &session->internals.record_send_buffer; + mbuffer_head_st *send_buffer = &session->internals.record_send_buffer; int ret; ssize_t sent = 0, tosend = 0; giovec_t iovec[MAX_QUEUE]; int i = 0; - mbuffer_st* cur; + mbuffer_st *cur; _gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n", - (int)send_buffer->byte_length); - - for (cur=_mbuffer_get_first(send_buffer, &msg); - cur != NULL; - cur = _mbuffer_get_next (cur, &msg)) - { - iovec[i].iov_base = msg.data; - iovec[i++].iov_len = msg.size; - tosend += msg.size; - - /* we buffer up to MAX_QUEUE messages */ - if (i>=sizeof(iovec)/sizeof(iovec[0])) - { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - } - + (int) send_buffer->byte_length); + + for (cur = _mbuffer_get_first (send_buffer, &msg); + cur != NULL; cur = _mbuffer_get_next (cur, &msg)) + { + iovec[i].iov_base = msg.data; + iovec[i++].iov_len = msg.size; + tosend += msg.size; + + /* we buffer up to MAX_QUEUE messages */ + if (i >= sizeof (iovec) / sizeof (iovec[0])) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + } + ret = _gnutls_writev (session, iovec, i); if (ret >= 0) { - _mbuffer_remove_bytes (send_buffer, ret); - _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n", - ret, (int)send_buffer->byte_length); + _mbuffer_remove_bytes (send_buffer, ret); + _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n", + ret, (int) send_buffer->byte_length); - sent += ret; + sent += ret; } else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) { - _gnutls_write_log ("WRITE interrupted: %d bytes left.\n", - (int)send_buffer->byte_length); - return ret; + _gnutls_write_log ("WRITE interrupted: %d bytes left.\n", + (int) send_buffer->byte_length); + return ret; } else { - _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n", - ret, (int)send_buffer->byte_length); + _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n", + ret, (int) send_buffer->byte_length); - gnutls_assert (); - return ret; + gnutls_assert (); + return ret; } if (sent < tosend) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_AGAIN; } @@ -738,37 +746,37 @@ _gnutls_io_write_flush (gnutls_session_t session) ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session) { - mbuffer_head_st * const send_buffer = &session->internals.handshake_send_buffer; + mbuffer_head_st *const send_buffer = + &session->internals.handshake_send_buffer; gnutls_datum_t msg; int ret; ssize_t total = 0; - mbuffer_st * cur; + mbuffer_st *cur; _gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n", - (int)send_buffer->byte_length); + (int) send_buffer->byte_length); for (cur = _mbuffer_get_first (send_buffer, &msg); - cur != NULL; - cur = _mbuffer_get_first (send_buffer, &msg)) + cur != NULL; cur = _mbuffer_get_first (send_buffer, &msg)) { ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE, session->internals.handshake_send_buffer_htype, EPOCH_WRITE_CURRENT, - msg.data, msg.size, 0/* do not flush */); + msg.data, msg.size, 0 /* do not flush */ ); if (ret >= 0) { _mbuffer_remove_bytes (send_buffer, ret); _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n", - ret, (int)send_buffer->byte_length); + ret, (int) send_buffer->byte_length); total += ret; } else { _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n", - ret, (int)send_buffer->byte_length); + ret, (int) send_buffer->byte_length); gnutls_assert (); return ret; @@ -786,18 +794,18 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session) */ void _gnutls_handshake_io_cache_int (gnutls_session_t session, - gnutls_handshake_description_t htype, - mbuffer_st *bufel) + gnutls_handshake_description_t htype, + mbuffer_st * bufel) { - mbuffer_head_st * const send_buffer = &session->internals.handshake_send_buffer; + mbuffer_head_st *const send_buffer = + &session->internals.handshake_send_buffer; _mbuffer_enqueue (send_buffer, bufel); session->internals.handshake_send_buffer_htype = htype; _gnutls_write_log ("HWRITE: enqueued %d. Total %d bytes.\n", - (int)bufel->msg.size, - (int)send_buffer->byte_length); + (int) bufel->msg.size, (int) send_buffer->byte_length); return; } @@ -864,7 +872,7 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, gnutls_assert (); _gnutls_buffer_append_data (&session->internals. - handshake_recv_buffer, iptr, dsize); + handshake_recv_buffer, iptr, dsize); session->internals.handshake_recv_buffer_htype = htype; session->internals.handshake_recv_buffer_type = type; @@ -909,7 +917,7 @@ _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data, _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int) length); if (_gnutls_buffer_append_data (&session->internals.handshake_hash_buffer, - data, length) < 0) + data, length) < 0) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -1025,7 +1033,7 @@ gnutls_transport_set_push_function (gnutls_session_t session, **/ void gnutls_transport_set_push_function2 (gnutls_session_t session, - gnutls_vec_push_func vec_func) + gnutls_vec_push_func vec_func) { session->internals.push_func = NULL; session->internals.vec_push_func = vec_func; @@ -1045,7 +1053,7 @@ gnutls_transport_set_push_function2 (gnutls_session_t session, **/ void gnutls_transport_set_errno_function (gnutls_session_t session, - gnutls_errno_func errno_func) + gnutls_errno_func errno_func) { session->internals.errno_func = errno_func; } diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index bdd40f4a1a..0275b716e6 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -23,7 +23,7 @@ * */ #ifndef GNUTLS_BUFFERS_H -# define GNUTLS_BUFFERS_H +#define GNUTLS_BUFFERS_H #define MBUFFER_FLUSH 1 @@ -35,12 +35,11 @@ int _gnutls_record_buffer_get_size (content_type_t type, int _gnutls_record_buffer_get (content_type_t type, gnutls_session_t session, opaque * data, size_t length); -ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, - content_type_t); +ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, content_type_t); int _gnutls_io_clear_peeked_data (gnutls_session_t session); ssize_t _gnutls_io_write_buffered (gnutls_session_t session, - mbuffer_st *bufel, unsigned int mflag); + mbuffer_st * bufel, unsigned int mflag); int _gnutls_handshake_buffer_get_size (gnutls_session_t session); int _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data, @@ -58,8 +57,8 @@ ssize_t _gnutls_handshake_io_recv_int (gnutls_session_t, content_type_t, gnutls_handshake_description_t, void *, size_t); void _gnutls_handshake_io_cache_int (gnutls_session_t, - gnutls_handshake_description_t, - mbuffer_st *bufel); + gnutls_handshake_description_t, + mbuffer_st * bufel); ssize_t _gnutls_io_write_flush (gnutls_session_t session); ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 0e278c7966..5415fda94d 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -42,7 +42,7 @@ #include <gnutls_x509.h> #include "x509/x509_int.h" #ifdef ENABLE_OPENPGP -# include "openpgp/gnutls_openpgp.h" +#include "openpgp/gnutls_openpgp.h" #endif /** diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index 4217d298e6..0afb78c528 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_CERT_H -# define GNUTLS_CERT_H +#define GNUTLS_CERT_H #include <gnutls_pk.h> #include "x509/x509_int.h" diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index bf73ab767a..b94055f754 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -77,7 +77,7 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers, size_t headers_size, const opaque * data, size_t data_size, opaque * ciphertext, size_t ciphertext_size, content_type_t type, int random_pad, - record_parameters_st *params) + record_parameters_st * params) { gnutls_datum_t plain; gnutls_datum_t comp; @@ -133,7 +133,7 @@ int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, size_t ciphertext_size, uint8_t * data, size_t max_data_size, content_type_t type, - record_parameters_st *params) + record_parameters_st * params) { gnutls_datum_t gtxt; gnutls_datum_t gcipher; @@ -342,7 +342,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, opaque * cipher_data, int cipher_size, gnutls_datum_t compressed, content_type_t _type, int random_pad, - record_parameters_st *params) + record_parameters_st * params) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -351,10 +351,8 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, uint8_t type = _type; opaque preamble[PREAMBLE_SIZE]; int preamble_size; - int hash_size = - _gnutls_hash_get_algo_len (params->mac_algorithm); - int blocksize = - gnutls_cipher_get_block_size (params->cipher_algorithm); + int hash_size = _gnutls_hash_get_algo_len (params->mac_algorithm); + int blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm); cipher_type_t block_algo = _gnutls_cipher_is_block (params->cipher_algorithm); opaque *data_ptr; @@ -440,8 +438,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, /* Actual encryption (inplace). */ ret = - _gnutls_cipher_encrypt (¶ms->write.cipher_state, - cipher_data, length); + _gnutls_cipher_encrypt (¶ms->write.cipher_state, cipher_data, length); if (ret < 0) { gnutls_assert (); @@ -460,7 +457,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, opaque * compress_data, int compress_size, gnutls_datum_t ciphertext, uint8_t type, - record_parameters_st *params) + record_parameters_st * params) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -471,11 +468,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, opaque preamble[PREAMBLE_SIZE]; int preamble_size; int ver = gnutls_protocol_get_version (session); - int hash_size = - _gnutls_hash_get_algo_len (params->mac_algorithm); + int hash_size = _gnutls_hash_get_algo_len (params->mac_algorithm); - blocksize = - gnutls_cipher_get_block_size (params->cipher_algorithm); + blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm); /* actual decryption (inplace) diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h index 75a5aa48e3..defa697321 100644 --- a/lib/gnutls_cipher.h +++ b/lib/gnutls_cipher.h @@ -27,18 +27,18 @@ int _gnutls_encrypt (gnutls_session_t session, const opaque * headers, size_t headers_size, const opaque * data, size_t data_size, opaque * ciphertext, size_t ciphertext_size, content_type_t type, - int random_pad, record_parameters_st *params); + int random_pad, record_parameters_st * params); int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, size_t ciphertext_size, uint8_t * data, size_t data_size, - content_type_t type, record_parameters_st *params); + content_type_t type, record_parameters_st * params); int _gnutls_compressed2ciphertext (gnutls_session_t session, opaque * cipher_data, int cipher_size, gnutls_datum_t compressed, content_type_t _type, int random_pad, - record_parameters_st *params); + record_parameters_st * params); int _gnutls_ciphertext2compressed (gnutls_session_t session, opaque * compress_data, int compress_size, gnutls_datum_t ciphertext, uint8_t type, - record_parameters_st *params); + record_parameters_st * params); diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 023e459007..6db6728a7d 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -93,52 +93,58 @@ cc_cleanup: return ret; } -int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int textlen) +int +_gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int textlen) { if (handle != NULL && handle->handle != NULL) { - return handle->encrypt(handle->handle, text, textlen, text, textlen); + return handle->encrypt (handle->handle, text, textlen, text, textlen); } return 0; } -int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext, +int +_gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext, int ciphertextlen) { if (handle != NULL && handle->handle != NULL) { - return handle->decrypt(handle->handle, ciphertext, ciphertextlen, - ciphertext, ciphertextlen); + return handle->decrypt (handle->handle, ciphertext, ciphertextlen, + ciphertext, ciphertextlen); } return 0; } -int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text, int textlen, - void* ciphertext, int ciphertextlen) +int +_gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text, + int textlen, void *ciphertext, int ciphertextlen) { if (handle != NULL && handle->handle != NULL) { - return handle->encrypt(handle->handle, text, textlen, ciphertext, ciphertextlen); + return handle->encrypt (handle->handle, text, textlen, ciphertext, + ciphertextlen); } return 0; } -int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext, - int ciphertextlen, void* text, int textlen) +int +_gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext, + int ciphertextlen, void *text, int textlen) { if (handle != NULL && handle->handle != NULL) { - return handle->decrypt(handle->handle, ciphertext, ciphertextlen, - text, textlen); + return handle->decrypt (handle->handle, ciphertext, ciphertextlen, + text, textlen); } return 0; } -void _gnutls_cipher_deinit (cipher_hd_st * handle) +void +_gnutls_cipher_deinit (cipher_hd_st * handle) { if (handle != NULL && handle->handle != NULL) { - handle->deinit(handle->handle); + handle->deinit (handle->handle); handle->handle = NULL; } } diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index 3131746a12..1936dd3110 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -24,20 +24,22 @@ */ #ifndef GNUTLS_CIPHER_INT -# define GNUTLS_CIPHER_INT +#define GNUTLS_CIPHER_INT #include <gnutls/crypto.h> extern int crypto_cipher_prio; extern gnutls_crypto_cipher_st _gnutls_cipher_ops; -typedef int (*cipher_encrypt_func)(void* hd, const void* plaintext, size_t, void* ciphertext, size_t); -typedef int (*cipher_decrypt_func)(void* hd, const void* ciphertext, size_t, void* plaintext, size_t); -typedef void (*cipher_deinit_func)(void* hd); +typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext, size_t, + void *ciphertext, size_t); +typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext, size_t, + void *plaintext, size_t); +typedef void (*cipher_deinit_func) (void *hd); typedef struct { - void* handle; + void *handle; cipher_encrypt_func encrypt; cipher_decrypt_func decrypt; cipher_deinit_func deinit; @@ -51,9 +53,11 @@ int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext, int ciphertextlen); int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text, - int textlen, void* ciphertext, int ciphertextlen); -int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext, - int ciphertextlen, void* text, int textlen); + int textlen, void *ciphertext, + int ciphertextlen); +int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle, + const void *ciphertext, int ciphertextlen, + void *text, int textlen); void _gnutls_cipher_deinit (cipher_hd_st * handle); #endif /* GNUTLS_CIPHER_INT */ diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c index 4efa0f16c0..922819d3fd 100644 --- a/lib/gnutls_compress.c +++ b/lib/gnutls_compress.c @@ -40,7 +40,7 @@ int _gnutls_m_plaintext2compressed (gnutls_session_t session, gnutls_datum_t * compressed, const gnutls_datum_t * plaintext, - const record_parameters_st *params) + const record_parameters_st * params) { int size; opaque *data; @@ -64,7 +64,7 @@ int _gnutls_m_compressed2plaintext (gnutls_session_t session, gnutls_datum_t * plain, const gnutls_datum_t * compressed, - const record_parameters_st *params) + const record_parameters_st * params) { int size; opaque *data; @@ -300,17 +300,17 @@ _gnutls_supported_compression_methods (gnutls_session_t session, #ifdef USE_LZO -# ifdef USE_MINILZO +#ifdef USE_MINILZO /* Get the prototypes only. Since LZO is a GPLed library, the * gnutls_global_init_extra() has to be called, before LZO compression * can be used. */ -# include "../libextra/minilzo/minilzo.h" -# elif HAVE_LZO_LZO1X_H -# include <lzo/lzo1x.h> -# elif HAVE_LZO1X_H -# include <lzo1x.h> -# endif +#include "../libextra/minilzo/minilzo.h" +#elif HAVE_LZO_LZO1X_H +#include <lzo/lzo1x.h> +#elif HAVE_LZO1X_H +#include <lzo1x.h> +#endif typedef int (*LZO_FUNC) (); diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h index 93b2786a11..87c9ca81bd 100644 --- a/lib/gnutls_compress.h +++ b/lib/gnutls_compress.h @@ -23,16 +23,16 @@ * */ #ifndef GNUTLS_COMPRESS_H -# define GNUTLS_COMPRESS_H +#define GNUTLS_COMPRESS_H int _gnutls_m_plaintext2compressed (gnutls_session_t session, gnutls_datum_t * compressed, const gnutls_datum_t * plaintext, - const record_parameters_st *params); + const record_parameters_st * params); int _gnutls_m_compressed2plaintext (gnutls_session_t session, gnutls_datum_t * plain, const gnutls_datum_t * compressed, - const record_parameters_st *params); + const record_parameters_st * params); /* Algorithm handling. */ int _gnutls_supported_compression_methods (gnutls_session_t session, @@ -42,7 +42,7 @@ int _gnutls_compression_get_num (gnutls_compression_method_t algorithm); gnutls_compression_method_t _gnutls_compression_get_id (int num); #ifdef HAVE_LIBZ -# include <zlib.h> +#include <zlib.h> #endif #define GNUTLS_COMP_FAILED NULL diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 9fa0665d64..6120d109bc 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -58,8 +58,8 @@ static const int servwrite_length = sizeof (servwrite) - 1; * (session->cipher_specs) */ static int -_gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int hash_size, int IV_size, - int key_size, int export_flag) +_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, + int hash_size, int IV_size, int key_size, int export_flag) { /* FIXME: This function is too long */ @@ -73,8 +73,12 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha 2 * MAX_CIPHER_BLOCK_SIZE]; record_state_st *client_write, *server_write; - client_write = session->security_parameters.entity == GNUTLS_CLIENT ? ¶ms->write : ¶ms->read; - server_write = session->security_parameters.entity == GNUTLS_SERVER ? ¶ms->write : ¶ms->read; + client_write = + session->security_parameters.entity == + GNUTLS_CLIENT ? ¶ms->write : ¶ms->read; + server_write = + session->security_parameters.entity == + GNUTLS_SERVER ? ¶ms->write : ¶ms->read; block_size = 2 * hash_size + 2 * key_size; if (export_flag == 0) @@ -117,15 +121,13 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha { if (_gnutls_sset_datum - (&client_write->mac_secret, - &key_block[pos], hash_size) < 0) + (&client_write->mac_secret, &key_block[pos], hash_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += hash_size; if (_gnutls_sset_datum - (&server_write->mac_secret, - &key_block[pos], hash_size) < 0) + (&server_write->mac_secret, &key_block[pos], hash_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += hash_size; @@ -209,8 +211,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha } if (_gnutls_sset_datum - (&client_write->key, - client_write_key, client_write_key_size) < 0) + (&client_write->key, client_write_key, client_write_key_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", @@ -220,8 +221,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha sizeof (buf), NULL)); if (_gnutls_sset_datum - (&server_write->key, - server_write_key, server_write_key_size) < 0) + (&server_write->key, server_write_key, server_write_key_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", @@ -238,15 +238,13 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha if (IV_size > 0 && export_flag == 0) { if (_gnutls_sset_datum - (&client_write->IV, &key_block[pos], - IV_size) < 0) + (&client_write->IV, &key_block[pos], IV_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += IV_size; if (_gnutls_sset_datum - (&server_write->IV, &key_block[pos], - IV_size) < 0) + (&server_write->IV, &key_block[pos], IV_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += IV_size; @@ -281,13 +279,11 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha if (ret < 0) return gnutls_assert_val (ret); - if (_gnutls_sset_datum - (&client_write->IV, iv_block, IV_size) < 0) + if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); if (_gnutls_sset_datum - (&server_write->IV, - &iv_block[IV_size], IV_size) < 0) + (&server_write->IV, &iv_block[IV_size], IV_size) < 0) return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); } @@ -295,16 +291,15 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha } static int -_gnutls_init_record_state (record_parameters_st *params, int read, - record_state_st *state) +_gnutls_init_record_state (record_parameters_st * params, int read, + record_state_st * state) { int ret; ret = _gnutls_cipher_init (&state->cipher_state, params->cipher_algorithm, &state->key, &state->IV); - if (ret < 0 - && params->cipher_algorithm != GNUTLS_CIPHER_NULL) + if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL) return gnutls_assert_val (ret); state->compression_state = @@ -318,8 +313,7 @@ _gnutls_init_record_state (record_parameters_st *params, int read, int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, - int epoch_rel, - cipher_suite_st *suite) + int epoch_rel, cipher_suite_st * suite) { gnutls_cipher_algorithm_t cipher_algo; gnutls_mac_algorithm_t mac_algo; @@ -335,7 +329,7 @@ _gnutls_epoch_set_cipher_suite (gnutls_session_t session, || params->mac_algorithm != GNUTLS_MAC_UNKNOWN) return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR); - cipher_algo =_gnutls_cipher_suite_get_cipher_algo (suite); + cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite); mac_algo = _gnutls_cipher_suite_get_mac_algo (suite); if (_gnutls_cipher_is_ok (cipher_algo) != 0 @@ -374,7 +368,7 @@ _gnutls_epoch_set_compression (gnutls_session_t session, void _gnutls_epoch_set_null_algos (gnutls_session_t session, - record_parameters_st *params) + record_parameters_st * params) { /* This is only called on startup. We are extra paranoid about this because it may cause unencrypted application data to go out on @@ -385,10 +379,10 @@ _gnutls_epoch_set_null_algos (gnutls_session_t session, return; } - params->cipher_algorithm = GNUTLS_CIPHER_NULL; + params->cipher_algorithm = GNUTLS_CIPHER_NULL; params->mac_algorithm = GNUTLS_MAC_NULL; - params->compression_algorithm = GNUTLS_COMP_NULL; - params->initialized = 1; + params->compression_algorithm = GNUTLS_COMP_NULL; + params->initialized = 1; } int @@ -436,14 +430,13 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) ret = _gnutls_init_record_state (params, 1, ¶ms->read); if (ret < 0) - return gnutls_assert_val (ret); + return gnutls_assert_val (ret); ret = _gnutls_init_record_state (params, 0, ¶ms->write); if (ret < 0) return gnutls_assert_val (ret); - _gnutls_record_log - ("REC[%p]: Epoch #%u ready\n", session, params->epoch); + _gnutls_record_log ("REC[%p]: Epoch #%u ready\n", session, params->epoch); params->initialized = 1; return 0; @@ -467,7 +460,8 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) static void _gnutls_set_resumed_parameters (gnutls_session_t session) { - security_parameters_st *src = &session->internals.resumed_security_parameters; + security_parameters_st *src = + &session->internals.resumed_security_parameters; security_parameters_st *dst = &session->security_parameters; CPY_COMMON; @@ -496,7 +490,8 @@ _gnutls_connection_state_init (gnutls_session_t session) static int _gnutls_check_algos (gnutls_session_t session, - cipher_suite_st *suite, gnutls_compression_method_t comp_algo) + cipher_suite_st * suite, + gnutls_compression_method_t comp_algo) { gnutls_cipher_algorithm_t cipher_algo; gnutls_mac_algorithm_t mac_algo; @@ -539,7 +534,8 @@ _gnutls_read_connection_state_init (gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_check_algos (session, - &session->security_parameters.current_cipher_suite, + &session-> + security_parameters.current_cipher_suite, session->internals.compression_method); if (ret < 0) return ret; @@ -587,7 +583,8 @@ _gnutls_write_connection_state_init (gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_check_algos (session, - &session->security_parameters.current_cipher_suite, + &session-> + security_parameters.current_cipher_suite, session->internals.compression_method); if (ret < 0) return ret; @@ -640,8 +637,8 @@ _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo) } static inline int -epoch_resolve(gnutls_session_t session, - unsigned int epoch_rel, uint16_t *epoch_out) +epoch_resolve (gnutls_session_t session, + unsigned int epoch_rel, uint16_t * epoch_out) { switch (epoch_rel) { @@ -666,11 +663,10 @@ epoch_resolve(gnutls_session_t session, } } -static inline record_parameters_st** -epoch_get_slot(gnutls_session_t session, uint16_t epoch) +static inline record_parameters_st ** +epoch_get_slot (gnutls_session_t session, uint16_t epoch) { - uint16_t epoch_index = - epoch - session->security_parameters.epoch_min; + uint16_t epoch_index = epoch - session->security_parameters.epoch_min; if (epoch_index >= MAX_EPOCH_INDEX) { @@ -684,7 +680,7 @@ epoch_get_slot(gnutls_session_t session, uint16_t epoch) int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, - record_parameters_st **params_out) + record_parameters_st ** params_out) { uint16_t epoch; record_parameters_st **params; @@ -704,21 +700,20 @@ _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, } int -_gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch, - record_parameters_st **out) +_gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch, + record_parameters_st ** out) { record_parameters_st **slot; - _gnutls_record_log - ("REC[%p]: Allocating epoch #%u\n", session, epoch); + _gnutls_record_log ("REC[%p]: Allocating epoch #%u\n", session, epoch); - slot = epoch_get_slot(session, epoch); + slot = epoch_get_slot (session, epoch); /* If slot out of range or not empty. */ if (slot == NULL) return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); - if(*slot != NULL) + if (*slot != NULL) return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); *slot = gnutls_calloc (1, sizeof (record_parameters_st)); @@ -726,9 +721,9 @@ _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch, return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); (*slot)->epoch = epoch; - (*slot)->cipher_algorithm = GNUTLS_CIPHER_UNKNOWN; + (*slot)->cipher_algorithm = GNUTLS_CIPHER_UNKNOWN; (*slot)->mac_algorithm = GNUTLS_MAC_UNKNOWN; - (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN; + (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN; if (out != NULL) *out = *slot; @@ -737,7 +732,7 @@ _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch, } static inline int -epoch_alive (gnutls_session_t session, record_parameters_st *params) +epoch_alive (gnutls_session_t session, record_parameters_st * params) { const security_parameters_st *sp = &session->security_parameters; @@ -753,11 +748,10 @@ _gnutls_epoch_gc (gnutls_session_t session) int i, j; unsigned int min_index = 0; - _gnutls_record_log - ("REC[%p]: Start of epoch cleanup\n", session); + _gnutls_record_log ("REC[%p]: Start of epoch cleanup\n", session); /* Free all dead cipher state */ - for(i=0; i < MAX_EPOCH_INDEX; i++) + for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL && !epoch_alive (session, session->record_parameters[i])) { @@ -766,23 +760,24 @@ _gnutls_epoch_gc (gnutls_session_t session) } /* Look for contiguous NULLs at the start of the array */ - for(i=0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL; i++); + for (i = 0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL; + i++); min_index = i; /* Pick up the slack in the epoch window. */ - for(i=0, j=min_index; j < MAX_EPOCH_INDEX; i++, j++) + for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++) session->record_parameters[i] = session->record_parameters[j]; /* Set the new epoch_min */ if (session->record_parameters[0] != NULL) - session->security_parameters.epoch_min = session->record_parameters[0]->epoch; + session->security_parameters.epoch_min = + session->record_parameters[0]->epoch; - _gnutls_record_log - ("REC[%p]: End of epoch cleanup\n", session); + _gnutls_record_log ("REC[%p]: End of epoch cleanup\n", session); } static inline void -free_record_state (record_state_st *state, int read) +free_record_state (record_state_st * state, int read) { _gnutls_free_datum (&state->mac_secret); _gnutls_free_datum (&state->IV); @@ -795,10 +790,9 @@ free_record_state (record_state_st *state, int read) } void -_gnutls_epoch_free (gnutls_session_t session, record_parameters_st *params) +_gnutls_epoch_free (gnutls_session_t session, record_parameters_st * params) { - _gnutls_record_log - ("REC[%p]: Epoch #%u freed\n", session, params->epoch); + _gnutls_record_log ("REC[%p]: Epoch #%u freed\n", session, params->epoch); free_record_state (¶ms->read, 1); free_record_state (¶ms->write, 0); diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h index 513ab1cd24..4fad30bd84 100644 --- a/lib/gnutls_constate.h +++ b/lib/gnutls_constate.h @@ -27,11 +27,11 @@ #define GNUTLS_CONSTATE_H int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel, - cipher_suite_st *suite); + cipher_suite_st * suite); int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel, gnutls_compression_method_t comp_algo); void _gnutls_epoch_set_null_algos (gnutls_session_t session, - record_parameters_st *params); + record_parameters_st * params); int _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch); int _gnutls_connection_state_init (gnutls_session_t session); int _gnutls_read_connection_state_init (gnutls_session_t session); @@ -40,10 +40,11 @@ int _gnutls_write_connection_state_init (gnutls_session_t session); int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo); int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, - record_parameters_st **params_out); -int _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch, - record_parameters_st **out); + record_parameters_st ** params_out); +int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch, + record_parameters_st ** out); void _gnutls_epoch_gc (gnutls_session_t session); -void _gnutls_epoch_free (gnutls_session_t session, record_parameters_st *state); +void _gnutls_epoch_free (gnutls_session_t session, + record_parameters_st * state); #endif diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h index 0ccd0fcdc9..eb89bf71e8 100644 --- a/lib/gnutls_datum.h +++ b/lib/gnutls_datum.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_DATUM_H -# define GNUTLS_DATUM_H +#define GNUTLS_DATUM_H void _gnutls_write_datum16 (opaque * dest, gnutls_datum_t dat); void _gnutls_write_datum24 (opaque * dest, gnutls_datum_t dat); diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h index ad60681c56..c37d343add 100644 --- a/lib/gnutls_dh.h +++ b/lib/gnutls_dh.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_DH_H -# define GNUTLS_DH_H +#define GNUTLS_DH_H const bigint_t *_gnutls_dh_params_to_mpi (gnutls_dh_params_t); bigint_t gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime); diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index 88c603528d..1a19dd4713 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -27,7 +27,7 @@ #include "gnutls_errors.h" #include <libtasn1.h> #ifdef STDC_HEADERS -# include <stdarg.h> +#include <stdarg.h> #endif /* I18n of error codes. */ @@ -43,9 +43,9 @@ struct gnutls_error_entry const char *desc; const char *_name; int number; - int fatal; /* whether this error is fatal and the session for handshake - * should be terminated. - */ + int fatal; /* whether this error is fatal and the session for handshake + * should be terminated. + */ }; typedef struct gnutls_error_entry gnutls_error_entry; @@ -289,31 +289,31 @@ static const gnutls_error_entry error_algorithms[] = { ERROR_ENTRY (N_("PKCS #11 PIN should be saved."), GNUTLS_E_PKCS11_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in slot"), - GNUTLS_E_PKCS11_SLOT_ERROR, 1), + GNUTLS_E_PKCS11_SLOT_ERROR, 1), ERROR_ENTRY (N_("Thread locking error"), - GNUTLS_E_LOCKING_ERROR, 1), + GNUTLS_E_LOCKING_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in attribute"), - GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1), + GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in device"), - GNUTLS_E_PKCS11_DEVICE_ERROR, 1), + GNUTLS_E_PKCS11_DEVICE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in data"), - GNUTLS_E_PKCS11_DATA_ERROR, 1), + GNUTLS_E_PKCS11_DATA_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 unsupported feature"), - GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1), + GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in key"), - GNUTLS_E_PKCS11_KEY_ERROR, 1), + GNUTLS_E_PKCS11_KEY_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 PIN expired"), - GNUTLS_E_PKCS11_PIN_EXPIRED, 1), + GNUTLS_E_PKCS11_PIN_EXPIRED, 1), ERROR_ENTRY (N_("PKCS #11 PIN locked"), - GNUTLS_E_PKCS11_PIN_LOCKED, 1), + GNUTLS_E_PKCS11_PIN_LOCKED, 1), ERROR_ENTRY (N_("PKCS #11 error in session"), - GNUTLS_E_PKCS11_SESSION_ERROR, 1), + GNUTLS_E_PKCS11_SESSION_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in signature"), - GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1), + GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in token"), - GNUTLS_E_PKCS11_TOKEN_ERROR, 1), + GNUTLS_E_PKCS11_TOKEN_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 user error"), - GNUTLS_E_PKCS11_USER_ERROR, 1), + GNUTLS_E_PKCS11_USER_ERROR, 1), {NULL, NULL, 0, 0} }; @@ -561,7 +561,7 @@ _gnutls_log (int level, const char *fmt, ...) } #ifndef DEBUG -# ifndef C99_MACROS +#ifndef C99_MACROS /* Without C99 macros these functions have to * be called. This may affect performance. @@ -572,5 +572,5 @@ _gnutls_null_log (void *x, ...) return; } -# endif /* C99_MACROS */ +#endif /* C99_MACROS */ #endif /* DEBUG */ diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h index 7ed3da9f45..095a08401f 100644 --- a/lib/gnutls_errors.h +++ b/lib/gnutls_errors.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_ERRORS_H -# define GNUTLS_ERRORS_H +#define GNUTLS_ERRORS_H #include <gnutls_int.h> #include <gnutls_global.h> @@ -32,13 +32,13 @@ #define GNUTLS_E_INT_RET_0 -1251 #ifdef __FILE__ -# ifdef __LINE__ -# define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__); -# else -# define gnutls_assert() -# endif +#ifdef __LINE__ +#define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__); +#else +#define gnutls_assert() +#endif #else /* __FILE__ not defined */ -# define gnutls_assert() +#define gnutls_assert() #endif int _gnutls_asn2err (int asn_err); @@ -59,25 +59,25 @@ _gnutls_log (int, const char *fmt, ...) #define LEVEL_EQ(l, ...) do { if (_gnutls_log_level == l || _gnutls_log_level > 9) \ _gnutls_log( l, __VA_ARGS__); } while(0) -# define _gnutls_debug_log(...) LEVEL(2, __VA_ARGS__) -# define _gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__) -# define _gnutls_io_log(...) LEVEL_EQ(5, __VA_ARGS__) -# define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__) -# define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__) -# define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__) -# define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__) -# define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__) -# define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__) +#define _gnutls_debug_log(...) LEVEL(2, __VA_ARGS__) +#define _gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__) +#define _gnutls_io_log(...) LEVEL_EQ(5, __VA_ARGS__) +#define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__) +#define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__) +#define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__) +#define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__) +#define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__) +#define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__) #else -# define _gnutls_debug_log _gnutls_null_log -# define _gnutls_handshake_log _gnutls_null_log -# define _gnutls_io_log _gnutls_null_log -# define _gnutls_buffers_log _gnutls_null_log -# define _gnutls_hard_log _gnutls_null_log -# define _gnutls_record_log _gnutls_null_log -# define _gnutls_read_log _gnutls_null_log -# define _gnutls_write_log _gnutls_null_log -# define _gnutls_x509_log _gnutls_null_log +#define _gnutls_debug_log _gnutls_null_log +#define _gnutls_handshake_log _gnutls_null_log +#define _gnutls_io_log _gnutls_null_log +#define _gnutls_buffers_log _gnutls_null_log +#define _gnutls_hard_log _gnutls_null_log +#define _gnutls_record_log _gnutls_null_log +#define _gnutls_read_log _gnutls_null_log +#define _gnutls_write_log _gnutls_null_log +#define _gnutls_x509_log _gnutls_null_log void _gnutls_null_log (void *, ...); @@ -87,14 +87,13 @@ _gnutls_log (int, const char *fmt, ...) otherwise. Making this a macro has been tried, but it interacts badly with the do..while in the expansion. Welcome to the dark side. */ -static inline + static inline #ifdef __GNUC__ - __attribute__ ((always_inline)) + __attribute__ ((always_inline)) #endif -int -gnutls_assert_val_int (int val, const char* file, int line) + int gnutls_assert_val_int (int val, const char *file, int line) { - _gnutls_debug_log( "ASSERT: %s:%d\n", file, line); + _gnutls_debug_log ("ASSERT: %s:%d\n", file, line); return val; } diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index cfa5a03725..81152911ad 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -42,13 +42,14 @@ #include <gnutls_num.h> -static void _gnutls_ext_unset_resumed_session_data(gnutls_session_t session, uint16_t type); +static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session, + uint16_t type); static size_t extfunc_size = 0; static extension_entry_st *extfunc = NULL; -static gnutls_ext_parse_type_t +static gnutls_ext_parse_type_t _gnutls_ext_parse_type (uint16_t type) { size_t i; @@ -56,7 +57,7 @@ _gnutls_ext_parse_type (uint16_t type) for (i = 0; i < extfunc_size; i++) { if (extfunc[i].type == type) - return extfunc[i].parse_type; + return extfunc[i].parse_type; } return GNUTLS_EXT_NONE; @@ -82,7 +83,7 @@ _gnutls_ext_func_deinit (uint16_t type) for (i = 0; i < extfunc_size; i++) if (extfunc[i].type == type) - return extfunc[i].deinit_func; + return extfunc[i].deinit_func; return NULL; } @@ -94,7 +95,7 @@ _gnutls_ext_func_unpack (uint16_t type) for (i = 0; i < extfunc_size; i++) if (extfunc[i].type == type) - return extfunc[i].unpack_func; + return extfunc[i].unpack_func; return NULL; } @@ -194,8 +195,9 @@ _gnutls_parse_extensions (gnutls_session_t session, if (ext_recv == NULL) continue; - _gnutls_debug_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n", session, - _gnutls_extension_get_name (type), type, size); + _gnutls_debug_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n", + session, _gnutls_extension_get_name (type), type, + size); if ((ret = ext_recv (session, sdata, size)) < 0) { @@ -374,7 +376,7 @@ _gnutls_ext_deinit (void) } int -_gnutls_ext_register (extension_entry_st* mod) +_gnutls_ext_register (extension_entry_st * mod) { extension_entry_st *p; @@ -387,7 +389,7 @@ _gnutls_ext_register (extension_entry_st* mod) extfunc = p; - memcpy(&extfunc[extfunc_size], mod, sizeof(*mod)); + memcpy (&extfunc[extfunc_size], mod, sizeof (*mod)); extfunc_size++; @@ -415,226 +417,248 @@ gnutls_ext_register (int type, gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func) { -extension_entry_st ee; + extension_entry_st ee; + + memset (&ee, 0, sizeof (ee)); - memset(&ee, 0, sizeof(ee)); - ee.type = type; ee.name = name; ee.parse_type = parse_type; ee.recv_func = recv_func; ee.send_func = send_func; - /* FIXME: Why is this exported? Should it be removed? */ + /* FIXME: Why is this exported? Should it be removed? */ return _gnutls_ext_register (&ee); } -int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st* packed) +int +_gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed) { -int i, ret; -extension_priv_data_t data; -int cur_size; -int size_offset; -int total_exts_pos; -int exts = 0; + int i, ret; + extension_priv_data_t data; + int cur_size; + int size_offset; + int total_exts_pos; + int exts = 0; total_exts_pos = packed->length; - BUFFER_APPEND_NUM(packed, 0); + BUFFER_APPEND_NUM (packed, 0); - for (i = 0; i < extfunc_size; i++) + for (i = 0; i < extfunc_size; i++) { - ret = _gnutls_ext_get_session_data(session, extfunc[i].type, &data); - if (ret >= 0 && extfunc[i].pack_func != NULL) - { - BUFFER_APPEND_NUM(packed, extfunc[i].type); - + ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data); + if (ret >= 0 && extfunc[i].pack_func != NULL) + { + BUFFER_APPEND_NUM (packed, extfunc[i].type); + size_offset = packed->length; - BUFFER_APPEND_NUM(packed, 0); - + BUFFER_APPEND_NUM (packed, 0); + cur_size = packed->length; - - ret = extfunc[i].pack_func(data, packed); - if (ret < 0) + + ret = extfunc[i].pack_func (data, packed); + if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } - + exts++; /* write the actual size */ - _gnutls_write_uint32(packed->length-cur_size, packed->data+size_offset); - } + _gnutls_write_uint32 (packed->length - cur_size, + packed->data + size_offset); + } } - _gnutls_write_uint32(exts, packed->data+total_exts_pos); + _gnutls_write_uint32 (exts, packed->data + total_exts_pos); return 0; - + } -void _gnutls_ext_restore_resumed_session(gnutls_session_t session) +void +_gnutls_ext_restore_resumed_session (gnutls_session_t session) { -int i; + int i; /* clear everything except MANDATORY extensions */ - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { - if (session->internals.extension_int_data[i].set != 0 && - _gnutls_ext_parse_type(session->internals.extension_int_data[i].type) != GNUTLS_EXT_MANDATORY) - { - _gnutls_ext_unset_session_data(session, session->internals.extension_int_data[i].type); - } + if (session->internals.extension_int_data[i].set != 0 && + _gnutls_ext_parse_type (session->internals. + extension_int_data[i].type) != + GNUTLS_EXT_MANDATORY) + { + _gnutls_ext_unset_session_data (session, + session-> + internals.extension_int_data[i]. + type); + } } /* copy resumed to main */ - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { - if (session->internals.resumed_extension_int_data[i].set != 0 && - _gnutls_ext_parse_type(session->internals.resumed_extension_int_data[i].type) != GNUTLS_EXT_MANDATORY) - { - _gnutls_ext_set_session_data(session, session->internals.resumed_extension_int_data[i].type, - session->internals.resumed_extension_int_data[i].priv); - session->internals.resumed_extension_int_data[i].set = 0; - } + if (session->internals.resumed_extension_int_data[i].set != 0 && + _gnutls_ext_parse_type (session-> + internals.resumed_extension_int_data[i]. + type) != GNUTLS_EXT_MANDATORY) + { + _gnutls_ext_set_session_data (session, + session-> + internals.resumed_extension_int_data + [i].type, + session-> + internals.resumed_extension_int_data + [i].priv); + session->internals.resumed_extension_int_data[i].set = 0; + } } } -static void _gnutls_ext_set_resumed_session_data(gnutls_session_t session, uint16_t type, - extension_priv_data_t data) +static void +_gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type, + extension_priv_data_t data) { -int i; + int i; - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { - if (session->internals.resumed_extension_int_data[i].type == type || session->internals.resumed_extension_int_data[i].set == 0) + if (session->internals.resumed_extension_int_data[i].type == type + || session->internals.resumed_extension_int_data[i].set == 0) { - - if (session->internals.resumed_extension_int_data[i].set != 0) - _gnutls_ext_unset_resumed_session_data(session, type); - - session->internals.resumed_extension_int_data[i].type = type; - session->internals.resumed_extension_int_data[i].priv = data; - session->internals.resumed_extension_int_data[i].set = 1; - return; - } + + if (session->internals.resumed_extension_int_data[i].set != 0) + _gnutls_ext_unset_resumed_session_data (session, type); + + session->internals.resumed_extension_int_data[i].type = type; + session->internals.resumed_extension_int_data[i].priv = data; + session->internals.resumed_extension_int_data[i].set = 1; + return; + } } } -int _gnutls_ext_unpack(gnutls_session_t session, gnutls_buffer_st* packed) +int +_gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed) { -int i, ret; -extension_priv_data_t data; -gnutls_ext_unpack_func unpack; -int max_exts = 0; -uint16_t type; -int size_for_type, cur_pos; + int i, ret; + extension_priv_data_t data; + gnutls_ext_unpack_func unpack; + int max_exts = 0; + uint16_t type; + int size_for_type, cur_pos; - BUFFER_POP_NUM(packed, max_exts); - for (i = 0; i < max_exts; i++) + BUFFER_POP_NUM (packed, max_exts); + for (i = 0; i < max_exts; i++) { - BUFFER_POP_NUM(packed, type); - BUFFER_POP_NUM(packed, size_for_type); - + BUFFER_POP_NUM (packed, type); + BUFFER_POP_NUM (packed, size_for_type); + cur_pos = packed->length; - unpack = _gnutls_ext_func_unpack(type); + unpack = _gnutls_ext_func_unpack (type); if (unpack == NULL) - { - gnutls_assert(); + { + gnutls_assert (); return GNUTLS_E_PARSING_ERROR; } - ret = unpack(packed, &data); - if (ret < 0) + ret = unpack (packed, &data); + if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } /* verify that unpack read the correct bytes */ cur_pos = cur_pos - packed->length; - if (cur_pos /* read length */ != size_for_type) - { - gnutls_assert(); + if (cur_pos /* read length */ != size_for_type) + { + gnutls_assert (); return GNUTLS_E_PARSING_ERROR; } - _gnutls_ext_set_resumed_session_data(session, type, data); + _gnutls_ext_set_resumed_session_data (session, type, data); } return 0; error: - return ret; + return ret; } -void _gnutls_ext_unset_session_data(gnutls_session_t session, uint16_t type) +void +_gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type) { -gnutls_ext_deinit_data_func deinit; -extension_priv_data_t data; -int ret, i; + gnutls_ext_deinit_data_func deinit; + extension_priv_data_t data; + int ret, i; deinit = _gnutls_ext_func_deinit (type); - ret = _gnutls_ext_get_session_data(session, type, &data); + ret = _gnutls_ext_get_session_data (session, type, &data); if (ret >= 0 && deinit != NULL) { - deinit(data); + deinit (data); } - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.extension_int_data[i].type == type) { session->internals.extension_int_data[i].set = 0; return; - } + } } } -static void _gnutls_ext_unset_resumed_session_data(gnutls_session_t session, uint16_t type) +static void +_gnutls_ext_unset_resumed_session_data (gnutls_session_t session, + uint16_t type) { -gnutls_ext_deinit_data_func deinit; -extension_priv_data_t data; -int ret, i; + gnutls_ext_deinit_data_func deinit; + extension_priv_data_t data; + int ret, i; deinit = _gnutls_ext_func_deinit (type); - ret = _gnutls_ext_get_resumed_session_data(session, type, &data); + ret = _gnutls_ext_get_resumed_session_data (session, type, &data); if (ret >= 0 && deinit != NULL) { - deinit(data); + deinit (data); } - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.resumed_extension_int_data[i].type == type) { session->internals.resumed_extension_int_data[i].set = 0; return; - } + } } } /* Deinitializes all data that are associated with TLS extensions. */ -void _gnutls_ext_free_session_data(gnutls_session_t session) +void +_gnutls_ext_free_session_data (gnutls_session_t session) { -int i; + int i; - for (i = 0; i < extfunc_size; i++) + for (i = 0; i < extfunc_size; i++) { - _gnutls_ext_unset_session_data(session, extfunc[i].type); + _gnutls_ext_unset_session_data (session, extfunc[i].type); } - for (i = 0; i < extfunc_size; i++) + for (i = 0; i < extfunc_size; i++) { - _gnutls_ext_unset_resumed_session_data(session, extfunc[i].type); + _gnutls_ext_unset_resumed_session_data (session, extfunc[i].type); } } @@ -643,60 +667,66 @@ int i; * and retrieve them later on. We use functions instead of a pointer to a * private pointer, to allow API additions by individual extensions. */ -void _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type, - extension_priv_data_t data) +void +_gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type, + extension_priv_data_t data) { -int i; -gnutls_ext_deinit_data_func deinit; + int i; + gnutls_ext_deinit_data_func deinit; deinit = _gnutls_ext_func_deinit (type); - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { - if (session->internals.extension_int_data[i].type == type || session->internals.extension_int_data[i].set == 0) + if (session->internals.extension_int_data[i].type == type + || session->internals.extension_int_data[i].set == 0) { - if (session->internals.extension_int_data[i].set != 0) - { - if (deinit) deinit(session->internals.extension_int_data[i].priv); - } - session->internals.extension_int_data[i].type = type; - session->internals.extension_int_data[i].priv = data; - session->internals.extension_int_data[i].set = 1; - return; - } + if (session->internals.extension_int_data[i].set != 0) + { + if (deinit) + deinit (session->internals.extension_int_data[i].priv); + } + session->internals.extension_int_data[i].type = type; + session->internals.extension_int_data[i].priv = data; + session->internals.extension_int_data[i].set = 1; + return; + } } } -int _gnutls_ext_get_session_data(gnutls_session_t session, - uint16_t type, extension_priv_data_t* data) +int +_gnutls_ext_get_session_data (gnutls_session_t session, + uint16_t type, extension_priv_data_t * data) { -int i; + int i; - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.extension_int_data[i].set != 0 && - session->internals.extension_int_data[i].type == type) + session->internals.extension_int_data[i].type == type) { - *data = session->internals.extension_int_data[i].priv; - return 0; - } + *data = session->internals.extension_int_data[i].priv; + return 0; + } } return GNUTLS_E_INVALID_REQUEST; } -int _gnutls_ext_get_resumed_session_data(gnutls_session_t session, - uint16_t type, extension_priv_data_t* data) +int +_gnutls_ext_get_resumed_session_data (gnutls_session_t session, + uint16_t type, + extension_priv_data_t * data) { -int i; + int i; - for (i=0;i<MAX_EXT_TYPES;i++) + for (i = 0; i < MAX_EXT_TYPES; i++) { - if (session->internals.resumed_extension_int_data[i].set != 0 && - session->internals.resumed_extension_int_data[i].type == type) + if (session->internals.resumed_extension_int_data[i].set != 0 && + session->internals.resumed_extension_int_data[i].type == type) { - *data = session->internals.resumed_extension_int_data[i].priv; - return 0; - } + *data = session->internals.resumed_extension_int_data[i].priv; + return 0; + } } return GNUTLS_E_INVALID_REQUEST; } diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h index 3c450e8993..e6f3263da8 100644 --- a/lib/gnutls_extensions.h +++ b/lib/gnutls_extensions.h @@ -37,26 +37,29 @@ void _gnutls_ext_deinit (void); void _gnutls_extension_list_add (gnutls_session_t session, uint16_t type); typedef void (*gnutls_ext_deinit_data_func) (extension_priv_data_t data); -typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data, gnutls_buffer_st* packed_data); -typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st* packed_data, extension_priv_data_t* data); +typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data, + gnutls_buffer_st * packed_data); +typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data, + extension_priv_data_t * data); -void _gnutls_ext_free_session_data(gnutls_session_t session); +void _gnutls_ext_free_session_data (gnutls_session_t session); /* functions to be used by extensions internally */ -void _gnutls_ext_unset_session_data(gnutls_session_t session, uint16_t type); -void _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type, - extension_priv_data_t); -int _gnutls_ext_get_session_data(gnutls_session_t session, - uint16_t type, extension_priv_data_t*); -int _gnutls_ext_get_resumed_session_data(gnutls_session_t session, - uint16_t type, extension_priv_data_t* data); +void _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type); +void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type, + extension_priv_data_t); +int _gnutls_ext_get_session_data (gnutls_session_t session, + uint16_t type, extension_priv_data_t *); +int _gnutls_ext_get_resumed_session_data (gnutls_session_t session, + uint16_t type, + extension_priv_data_t * data); -void _gnutls_ext_restore_resumed_session(gnutls_session_t session); +void _gnutls_ext_restore_resumed_session (gnutls_session_t session); /* for session packing */ -int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st* packed); -int _gnutls_ext_unpack(gnutls_session_t session, gnutls_buffer_st* packed); +int _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed); +int _gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed); typedef struct { @@ -76,15 +79,15 @@ typedef struct * < 0 on other error. */ gnutls_ext_send_func send_func; - - gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize - * internal data - */ - gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */ - gnutls_ext_unpack_func unpack_func; /* unpacks internal data */ - + + gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize + * internal data + */ + gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */ + gnutls_ext_unpack_func unpack_func; /* unpacks internal data */ + } extension_entry_st; -int _gnutls_ext_register (extension_entry_st*); +int _gnutls_ext_register (extension_entry_st *); #endif diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 943d2debd6..ae9bdf6eb0 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -180,10 +180,10 @@ gnutls_global_init (void) bindtextdomain (PACKAGE, LOCALEDIR); - res = gnutls_crypto_init(); - if (res != 0) + res = gnutls_crypto_init (); + if (res != 0) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_CRYPTO_INIT_FAILED; } @@ -231,8 +231,8 @@ gnutls_global_init (void) goto out; } - gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); - + gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); + _gnutls_cryptodev_init (); out: @@ -260,7 +260,7 @@ gnutls_global_deinit (void) asn1_delete_structure (&_gnutls_pkix1_asn); _gnutls_crypto_deregister (); _gnutls_cryptodev_deinit (); - gnutls_pkcs11_deinit(); + gnutls_pkcs11_deinit (); } _gnutls_init--; } diff --git a/lib/gnutls_global.h b/lib/gnutls_global.h index 5e6265d39b..db2b1b1c2c 100644 --- a/lib/gnutls_global.h +++ b/lib/gnutls_global.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_GLOBAL_H -# define GNUTLS_GLOBAL_H +#define GNUTLS_GLOBAL_H #include <libtasn1.h> #include <gnutls/gnutls.h> @@ -43,6 +43,6 @@ extern ASN1_TYPE _gnutls_gnutls_asn; extern gnutls_log_func _gnutls_log_func; extern int _gnutls_log_level; -extern int gnutls_crypto_init(void); +extern int gnutls_crypto_init (void); #endif diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 3cd0dc4aff..20b06c4c30 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -125,9 +125,11 @@ resume_copy_required_values (gnutls_session_t session) suite, 2); _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session->internals.resumed_security_parameters.current_cipher_suite); + &session-> + internals.resumed_security_parameters.current_cipher_suite); _gnutls_epoch_set_compression (session, EPOCH_NEXT, - session->internals.resumed_compression_method); + session-> + internals.resumed_compression_method); /* or write_compression_algorithm * they are the same @@ -658,13 +660,14 @@ _gnutls_send_finished (gnutls_session_t session, int again) if (again == 0) { - bufel = _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE); + bufel = + _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE); if (bufel == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - data = _mbuffer_get_udata_ptr(bufel); + data = _mbuffer_get_udata_ptr (bufel); /* This is needed in order to hash all the required * messages. @@ -680,13 +683,13 @@ _gnutls_send_finished (gnutls_session_t session, int again) ret = _gnutls_ssl3_finished (session, session->security_parameters.entity, data); - _mbuffer_set_udata_size(bufel, 36); + _mbuffer_set_udata_size (bufel, 36); } else { /* TLS 1.0+ */ ret = _gnutls_finished (session, session->security_parameters.entity, data); - _mbuffer_set_udata_size(bufel, 12); + _mbuffer_set_udata_size (bufel, 12); } if (ret < 0) @@ -694,20 +697,21 @@ _gnutls_send_finished (gnutls_session_t session, int again) gnutls_assert (); return ret; } - - vdata_size = _mbuffer_get_udata_size(bufel); + + vdata_size = _mbuffer_get_udata_size (bufel); if (session->internals.finished_func) session->internals.finished_func (session, data, vdata_size); - ret = _gnutls_ext_sr_finished( session, data, vdata_size, 0); + ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0); if (ret < 0) - { - gnutls_assert(); + { + gnutls_assert (); return ret; } - ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED); + ret = + _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED); } else { @@ -784,10 +788,10 @@ _gnutls_recv_finished (gnutls_session_t session) } gnutls_free (vrfy); - ret = _gnutls_ext_sr_finished( session, data, data_size, 1); + ret = _gnutls_ext_sr_finished (session, data, data_size, 1); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -850,26 +854,26 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, */ if (session->internals.priorities.sr != SR_DISABLED) { - int offset; + int offset; - for (offset = 0; offset < datalen; offset += 2) - { - /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */ - if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR && - data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR) - { - _gnutls_handshake_log - ("HSK[%p]: Received safe renegotiation CS\n", session); - retval = _gnutls_ext_sr_recv_cs(session); - if (retval < 0) - { - gnutls_assert(); - return retval; - } - break; - } - } - } + for (offset = 0; offset < datalen; offset += 2) + { + /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */ + if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR && + data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR) + { + _gnutls_handshake_log + ("HSK[%p]: Received safe renegotiation CS\n", session); + retval = _gnutls_ext_sr_recv_cs (session); + if (retval < 0) + { + gnutls_assert (); + return retval; + } + break; + } + } + } pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); @@ -935,7 +939,8 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, memcpy (session->security_parameters.current_cipher_suite.suite, ciphers[i].suite, 2); _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session->security_parameters.current_cipher_suite); + &session-> + security_parameters.current_cipher_suite); retval = 0; @@ -1127,7 +1132,7 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, * (until it returns ok), with NULL parameters. */ int -_gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel, +_gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, gnutls_handshake_description_t type) { int ret; @@ -1146,11 +1151,12 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel, } /* first run */ - data = _mbuffer_get_uhead_ptr(bufel); - datasize = _mbuffer_get_udata_size(bufel) + _mbuffer_get_uhead_size(bufel); + data = _mbuffer_get_uhead_ptr (bufel); + datasize = + _mbuffer_get_udata_size (bufel) + _mbuffer_get_uhead_size (bufel); data[pos++] = (uint8_t) type; - _gnutls_write_uint24 ( _mbuffer_get_udata_size(bufel), &data[pos]); + _gnutls_write_uint24 (_mbuffer_get_udata_size (bufel), &data[pos]); pos += 3; _gnutls_handshake_log ("HSK[%p]: %s was sent [%ld bytes]\n", @@ -1172,28 +1178,28 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel, session->internals.last_handshake_out = type; _gnutls_handshake_io_cache_int (session, type, bufel); - - switch (type) + + switch (type) { - case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone - * or ClientKeyExchange always. - */ - case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */ - case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */ - case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */ - case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */ + case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone + * or ClientKeyExchange always. + */ + case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */ + case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */ + case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */ + case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */ /* now for client Certificate, ClientKeyExchange and * CertificateVerify are always followed by ChangeCipherSpec */ - case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: - case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: - ret = 0; - break; - default: - /* send cached messages */ - ret = _gnutls_handshake_io_write_flush(session); - break; + case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: + case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: + ret = 0; + break; + default: + /* send cached messages */ + ret = _gnutls_handshake_io_write_flush (session); + break; } return ret; @@ -1574,7 +1580,9 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) } memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); - _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, &session->security_parameters.current_cipher_suite); + _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, + &session-> + security_parameters.current_cipher_suite); _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name @@ -1655,7 +1663,8 @@ _gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method) session->internals.compression_method = _gnutls_compression_get_id (comp_method); - _gnutls_epoch_set_compression (session, EPOCH_NEXT, session->internals.compression_method); + _gnutls_epoch_set_compression (session, EPOCH_NEXT, + session->internals.compression_method); return 0; } @@ -1690,9 +1699,12 @@ _gnutls_client_check_if_resuming (gnutls_session_t session, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); _gnutls_epoch_set_cipher_suite - (session, EPOCH_NEXT, &session->internals.resumed_security_parameters.current_cipher_suite); - _gnutls_epoch_set_compression - (session, EPOCH_NEXT, session->internals.resumed_compression_method); + (session, EPOCH_NEXT, + &session->internals. + resumed_security_parameters.current_cipher_suite); + _gnutls_epoch_set_compression (session, EPOCH_NEXT, + session-> + internals.resumed_compression_method); session->internals.resumed = RESUME_TRUE; /* we are resuming */ @@ -1900,13 +1912,13 @@ _gnutls_copy_ciphersuites (gnutls_session_t session, /* Safe renegotiation signalling CS value is { 0x00, 0xff } */ ret_data[pos++] = 0x00; ret_data[pos++] = 0xff; - ret = _gnutls_ext_sr_send_cs(session); - if (ret < 0) - { - gnutls_assert(); - gnutls_free (cipher_suites); - return ret; - } + ret = _gnutls_ext_sr_send_cs (session); + if (ret < 0) + { + gnutls_assert (); + gnutls_free (cipher_suites); + return ret; + } } gnutls_free (cipher_suites); @@ -1990,13 +2002,14 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE) */ - bufel = _gnutls_handshake_alloc (datalen, datalen+MAX_EXT_DATA_LENGTH); + bufel = + _gnutls_handshake_alloc (datalen, datalen + MAX_EXT_DATA_LENGTH); if (bufel == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - data = _mbuffer_get_udata_ptr(bufel); + data = _mbuffer_get_udata_ptr (bufel); extdatalen = MAX_EXT_DATA_LENGTH; extdata = gnutls_malloc (extdatalen); @@ -2026,7 +2039,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) { gnutls_assert (); gnutls_free (bufel); - gnutls_free(extdata); + gnutls_free (extdata); return GNUTLS_E_INTERNAL_ERROR; } @@ -2110,7 +2123,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) if (extdatalen == 0) extdatalen = GNUTLS_E_INTERNAL_ERROR; gnutls_free (bufel); - gnutls_free(extdata); + gnutls_free (extdata); gnutls_assert (); return ret; } @@ -2134,7 +2147,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) if (extdatalen == 0) extdatalen = GNUTLS_E_INTERNAL_ERROR; gnutls_free (bufel); - gnutls_free(extdata); + gnutls_free (extdata); gnutls_assert (); return ret; } @@ -2162,19 +2175,20 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) gnutls_free (extdata); return ret; } - } + } else if (ret < 0) - { - gnutls_assert (); - gnutls_free (bufel); - gnutls_free(extdata); - return ret; - } + { + gnutls_assert (); + gnutls_free (bufel); + gnutls_free (extdata); + return ret; + } } - gnutls_free(extdata); + gnutls_free (extdata); - ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO); + ret = + _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO); return ret; } @@ -2196,13 +2210,13 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) if (again == 0) { - - extdata = gnutls_malloc(MAX_EXT_DATA_LENGTH); + + extdata = gnutls_malloc (MAX_EXT_DATA_LENGTH); if (extdata == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3; ret = @@ -2216,14 +2230,15 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) } extdatalen = ret; - bufel = _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen); + bufel = + _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen); if (bufel == NULL) { gnutls_assert (); ret = GNUTLS_E_MEMORY_ERROR; goto fail; } - data = _mbuffer_get_udata_ptr(bufel); + data = _mbuffer_get_udata_ptr (bufel); data[pos++] = _gnutls_version_get_major (session->security_parameters.version); @@ -2265,10 +2280,11 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) } } - ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO); + ret = + _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO); fail: - gnutls_free(extdata); + gnutls_free (extdata); return ret; } @@ -2319,11 +2335,11 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen) } } - ret = _gnutls_ext_sr_verify(session); + ret = _gnutls_ext_sr_verify (session); if (ret < 0) { - gnutls_assert(); - return ret; + gnutls_assert (); + return ret; } return 0; @@ -2518,7 +2534,8 @@ _gnutls_send_supplemental (gnutls_session_t session, int again) _gnutls_debug_log ("EXT[%p]: Sending supplemental data\n", session); if (again) - ret = _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_SUPPLEMENTAL); + ret = + _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_SUPPLEMENTAL); else { gnutls_buffer_st buf; @@ -2531,14 +2548,14 @@ _gnutls_send_supplemental (gnutls_session_t session, int again) return ret; } - bufel = _gnutls_handshake_alloc(buf.length, buf.length); + bufel = _gnutls_handshake_alloc (buf.length, buf.length); if (bufel == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - _mbuffer_set_udata(bufel, buf.data, buf.length); + _mbuffer_set_udata (bufel, buf.data, buf.length); _gnutls_buffer_clear (&buf); ret = _gnutls_send_handshake (session, bufel, @@ -2617,7 +2634,9 @@ gnutls_handshake (gnutls_session_t session) if (ret < 0) { /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */ - ret = _gnutls_epoch_alloc (session, session->security_parameters.epoch_next, NULL); + ret = + _gnutls_epoch_alloc (session, session->security_parameters.epoch_next, + NULL); if (ret < 0) { gnutls_assert (); @@ -2814,12 +2833,12 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init) STATE = STATE20; - ret = _gnutls_handshake_io_write_flush(session); - if (ret < 0) - { - gnutls_assert(); - return ret; - } + ret = _gnutls_handshake_io_write_flush (session); + if (ret < 0) + { + gnutls_assert (); + return ret; + } case STATE21: ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE21)); @@ -3054,9 +3073,9 @@ _gnutls_handshake_common (gnutls_session_t session) { case STATE0: case STATE40: - ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40)); - STATE = STATE40; - IMED_RET ("send handshake new session ticket", ret, 0); + ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40)); + STATE = STATE40; + IMED_RET ("send handshake new session ticket", ret, 0); STATE = STATE0; default: break; @@ -3084,7 +3103,7 @@ _gnutls_handshake_common (gnutls_session_t session) { case STATE0: case STATE41: - ret = _gnutls_recv_new_session_ticket (session); + ret = _gnutls_recv_new_session_ticket (session); STATE = STATE41; IMED_RET ("recv handshake new session ticket", ret, 1); STATE = STATE0; diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index 9a0ab6fe30..055e6950cd 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -26,7 +26,7 @@ typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; -int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel, +int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, gnutls_handshake_description_t type); int _gnutls_recv_hello_request (gnutls_session_t session, void *data, uint32_t data_size); diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 38883c5acb..77ea874f83 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -72,16 +72,16 @@ _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm) if (cc != NULL) { if (cc->init (algorithm, &dig->handle) < 0) - { - gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; + } dig->hash = cc->hash; dig->copy = cc->copy; dig->output = cc->output; dig->deinit = cc->deinit; - + return 0; } @@ -113,7 +113,7 @@ _gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen) { if (textlen > 0) { - handle->hash(handle->handle, text, textlen); + handle->hash (handle->handle, text, textlen); } return 0; } @@ -130,7 +130,7 @@ _gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src) dst->output = src->output; dst->deinit = src->deinit; - return src->copy(&dst->handle, src->handle); + return src->copy (&dst->handle, src->handle); } /* when the current output is needed without calling deinit @@ -241,17 +241,17 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, if (cc != NULL) { if (cc->init (algorithm, &dig->handle) < 0) - { - gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; + } if (cc->setkey (dig->handle, key, keylen) < 0) - { - gnutls_assert (); - cc->deinit (dig->handle); - return GNUTLS_E_HASH_FAILED; - } + { + gnutls_assert (); + cc->deinit (dig->handle); + return GNUTLS_E_HASH_FAILED; + } dig->hash = cc->hash; dig->output = cc->output; @@ -281,7 +281,7 @@ _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen) { if (textlen > 0) { - return handle->hash(handle->handle, text, textlen); + return handle->hash (handle->handle, text, textlen); } return 0; } diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index f548dfcf16..a98a4d0744 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_HASH_INT_H -# define GNUTLS_HASH_INT_H +#define GNUTLS_HASH_INT_H #include <gnutls_int.h> #include <gnutls/crypto.h> @@ -38,23 +38,23 @@ extern gnutls_crypto_mac_st _gnutls_mac_ops; extern int crypto_digest_prio; extern gnutls_crypto_digest_st _gnutls_digest_ops; -typedef int (*hash_func)(void* handle, const void* text, size_t size); -typedef int (*copy_func)(void **dst_ctx, void *src_ctx); -typedef int (*output_func)(void *src_ctx, void *digest, size_t digestsize); -typedef void (*deinit_func)(void* handle); +typedef int (*hash_func) (void *handle, const void *text, size_t size); +typedef int (*copy_func) (void **dst_ctx, void *src_ctx); +typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize); +typedef void (*deinit_func) (void *handle); typedef struct { gnutls_mac_algorithm_t algorithm; const void *key; int keysize; - + hash_func hash; copy_func copy; output_func output; deinit_func deinit; - - void * handle; + + void *handle; } digest_hd_st; /* basic functions */ diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 5e8d6dfc1e..87d8f5ca11 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -24,10 +24,10 @@ */ #ifndef GNUTLS_INT_H -# define GNUTLS_INT_H +#define GNUTLS_INT_H #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stddef.h> @@ -39,7 +39,7 @@ #include <stdint.h> #ifdef NO_SSIZE_T -# define HAVE_SSIZE_T +#define HAVE_SSIZE_T typedef int ssize_t; #endif @@ -168,16 +168,16 @@ typedef enum handshake_state_t #define MAX_CIPHERSUITES 256 typedef enum extensions_t - { - GNUTLS_EXTENSION_SERVER_NAME = 0, - GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, - GNUTLS_EXTENSION_CERT_TYPE = 9, - GNUTLS_EXTENSION_SRP = 12, - GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13, - GNUTLS_EXTENSION_SESSION_TICKET = 35, - GNUTLS_EXTENSION_INNER_APPLICATION = 37703, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */ - } extensions_t; +{ + GNUTLS_EXTENSION_SERVER_NAME = 0, + GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, + GNUTLS_EXTENSION_CERT_TYPE = 9, + GNUTLS_EXTENSION_SRP = 12, + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13, + GNUTLS_EXTENSION_SESSION_TICKET = 35, + GNUTLS_EXTENSION_INNER_APPLICATION = 37703, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */ +} extensions_t; typedef enum { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t; @@ -207,7 +207,7 @@ typedef struct mbuffer_st message. Mark should only be non-zero when this buffer is the head of the queue. */ size_t mark; - unsigned int user_mark; /* only used during fill in */ + unsigned int user_mark; /* only used during fill in */ size_t maximum_size; } mbuffer_st; @@ -222,8 +222,8 @@ typedef struct mbuffer_head_st typedef enum { - HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */ - HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */ + HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */ + HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */ } handshake_mac_type_t; /* Store & Retrieve functions defines: @@ -341,7 +341,7 @@ typedef struct { gnutls_connection_end_t entity; gnutls_kx_algorithm_t kx_algorithm; - handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */ + handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */ /* The epoch used to read and write */ uint16_t epoch_read; @@ -389,9 +389,9 @@ struct record_state_st gnutls_datum_t mac_secret; gnutls_datum_t IV; gnutls_datum_t key; - cipher_hd_st cipher_state; - comp_hd_t compression_state; - uint64 sequence_number; + cipher_hd_st cipher_state; + comp_hd_t compression_state; + uint64 sequence_number; }; /* These are used to resolve relative epochs. These values are just @@ -407,8 +407,8 @@ struct record_parameters_st uint16_t epoch; int initialized; - gnutls_cipher_algorithm_t cipher_algorithm; - gnutls_mac_algorithm_t mac_algorithm; + gnutls_cipher_algorithm_t cipher_algorithm; + gnutls_mac_algorithm_t mac_algorithm; gnutls_compression_method_t compression_algorithm; record_state_st read; @@ -421,7 +421,8 @@ typedef struct unsigned int algorithms; } priority_st; -typedef enum { +typedef enum +{ SR_DISABLED, SR_UNSAFE, SR_PARTIAL, @@ -477,9 +478,9 @@ typedef struct gnutls_handshake_description_t recv_type; } handshake_header_buffer_st; -typedef union +typedef union { - void* ptr; + void *ptr; uint32_t num; } extension_priv_data_t; @@ -487,7 +488,7 @@ typedef struct { gnutls_buffer_st application_data_buffer; /* holds data to be delivered to application layer */ gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake - * message */ + * message */ union { struct @@ -505,7 +506,7 @@ typedef struct gnutls_buffer_st handshake_data_buffer; /* this is a buffer that holds the current handshake message */ gnutls_buffer_st ia_data_buffer; /* holds inner application data (TLS/IA) */ - int resumable:1; /* TRUE or FALSE - if we can resume that session */ + int resumable:1; /* TRUE or FALSE - if we can resume that session */ handshake_state_t handshake_state; /* holds * a number which indicates where * the handshake procedure has been @@ -518,7 +519,7 @@ typedef struct int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write */ int may_not_write:1; - int read_eof:1; /* non-zero if we have received a closure alert. */ + int read_eof:1; /* non-zero if we have received a closure alert. */ int last_alert; /* last alert received */ @@ -534,7 +535,7 @@ typedef struct struct gnutls_priority_st priorities; /* resumed session */ - int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */ + int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */ security_parameters_st resumed_security_parameters; gnutls_compression_method_t resumed_compression_method; @@ -712,16 +713,18 @@ typedef struct int initial_negotiation_completed:1; - struct { - uint16_t type; - extension_priv_data_t priv; - int set:1; + struct + { + uint16_t type; + extension_priv_data_t priv; + int set:1; } extension_int_data[MAX_EXT_TYPES]; - struct { - uint16_t type; - extension_priv_data_t priv; - int set:1; + struct + { + uint16_t type; + extension_priv_data_t priv; + int set:1; } resumed_extension_int_data[MAX_EXT_TYPES]; /* If you add anything here, check _gnutls_handshake_internal_state_clear(). diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 0eb6f3c150..90cbce3432 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -39,19 +39,19 @@ #include <gnutls_datum.h> #include <gnutls_rsa_export.h> #include <gnutls_mbuffers.h> -#include "../libextra/ext_inner_application.h" /* isn't this too much? */ +#include "../libextra/ext_inner_application.h" /* isn't this too much? */ /* This is a temporary function to be used before the generate_* internal API is changed to use mbuffers. For now we don't avoid the extra alloc + memcpy. */ static inline int -send_handshake (gnutls_session_t session, opaque *data, size_t size, +send_handshake (gnutls_session_t session, opaque * data, size_t size, gnutls_handshake_description_t type) { mbuffer_st *bufel; - if(data == NULL && size == 0) - return _gnutls_send_handshake(session, NULL, type); + if (data == NULL && size == 0) + return _gnutls_send_handshake (session, NULL, type); if (data == NULL && size > 0) { @@ -59,16 +59,16 @@ send_handshake (gnutls_session_t session, opaque *data, size_t size, return GNUTLS_E_INVALID_REQUEST; } - bufel = _gnutls_handshake_alloc(size, size); + bufel = _gnutls_handshake_alloc (size, size); if (bufel == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - _mbuffer_set_udata(bufel, data, size); + _mbuffer_set_udata (bufel, data, size); - return _gnutls_send_handshake(session, bufel, type); + return _gnutls_send_handshake (session, bufel, type); } @@ -141,7 +141,7 @@ generate_normal_master (gnutls_session_t session, int keep_premaster) } /* TLS/IA inner secret is derived from the master secret. */ - _gnutls_ia_derive_inner_secret(session); + _gnutls_ia_derive_inner_secret (session); if (!keep_premaster) _gnutls_free_datum (&PREMASTER); @@ -152,7 +152,8 @@ generate_normal_master (gnutls_session_t session, int keep_premaster) _gnutls_hard_log ("INT: MASTER SECRET: %s\n", _gnutls_bin2hex (session-> security_parameters.master_secret, - GNUTLS_MASTER_SIZE, buf, sizeof (buf), NULL)); + GNUTLS_MASTER_SIZE, buf, sizeof (buf), + NULL)); return ret; } @@ -280,8 +281,8 @@ _gnutls_send_client_kx_message (gnutls_session_t session, int again) return data_size; } } - ret = send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); + ret = send_handshake (session, data, data_size, + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); gnutls_free (data); if (ret < 0) diff --git a/lib/gnutls_mbuffers.c b/lib/gnutls_mbuffers.c index c9af21d9e1..846c1a5e10 100644 --- a/lib/gnutls_mbuffers.c +++ b/lib/gnutls_mbuffers.c @@ -54,7 +54,7 @@ * Cost: O(1) */ void -_mbuffer_init (mbuffer_head_st *buf) +_mbuffer_init (mbuffer_head_st * buf) { buf->head = NULL; buf->tail = &buf->head; @@ -69,14 +69,14 @@ _mbuffer_init (mbuffer_head_st *buf) * n: Number of segments currently in the buffer. */ void -_mbuffer_clear (mbuffer_head_st *buf) +_mbuffer_clear (mbuffer_head_st * buf) { mbuffer_st *bufel, *next; - for(bufel = buf->head; bufel != NULL; bufel = next) + for (bufel = buf->head; bufel != NULL; bufel = next) { next = bufel->next; - gnutls_free(bufel); + gnutls_free (bufel); } _mbuffer_init (buf); @@ -87,7 +87,7 @@ _mbuffer_clear (mbuffer_head_st *buf) * Cost: O(1) */ void -_mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel) +_mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel) { bufel->next = NULL; @@ -104,7 +104,8 @@ _mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel) * * Cost: O(1) */ -mbuffer_st* _mbuffer_get_first (mbuffer_head_st *buf, gnutls_datum_t *msg) +mbuffer_st * +_mbuffer_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg) { mbuffer_st *bufel = buf->head; @@ -127,7 +128,8 @@ mbuffer_st* _mbuffer_get_first (mbuffer_head_st *buf, gnutls_datum_t *msg) * * Cost: O(1) */ -mbuffer_st* _mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t *msg) +mbuffer_st * +_mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t * msg) { mbuffer_st *bufel = cur->next; @@ -152,11 +154,11 @@ mbuffer_st* _mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t *msg) * Cost: O(1) */ static inline void -remove_front (mbuffer_head_st *buf) +remove_front (mbuffer_head_st * buf) { mbuffer_st *bufel; - if(!buf->head) + if (!buf->head) return; bufel = buf->head; @@ -164,7 +166,7 @@ remove_front (mbuffer_head_st *buf) buf->byte_length -= (bufel->msg.size - bufel->mark); buf->length -= 1; - gnutls_free(bufel); + gnutls_free (bufel); if (!buf->head) buf->tail = &buf->head; @@ -180,7 +182,7 @@ remove_front (mbuffer_head_st *buf) * n: Number of segments needed to remove the specified amount of data. */ int -_mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes) +_mbuffer_remove_bytes (mbuffer_head_st * buf, size_t bytes) { size_t left = bytes; mbuffer_st *bufel, *next; @@ -195,10 +197,10 @@ _mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes) { next = bufel->next; - if(left >= (bufel->msg.size - bufel->mark)) + if (left >= (bufel->msg.size - bufel->mark)) { left -= (bufel->msg.size - bufel->mark); - remove_front(buf); + remove_front (buf); } else { @@ -226,9 +228,9 @@ _mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes) mbuffer_st * _mbuffer_alloc (size_t payload_size, size_t maximum_size) { - mbuffer_st * st; + mbuffer_st *st; - st = gnutls_malloc (maximum_size+sizeof (mbuffer_st)); + st = gnutls_malloc (maximum_size + sizeof (mbuffer_st)); if (st == NULL) { gnutls_assert (); @@ -236,7 +238,7 @@ _mbuffer_alloc (size_t payload_size, size_t maximum_size) } //payload points after the mbuffer_st structure - st->msg.data = (opaque*)st + sizeof (mbuffer_st); + st->msg.data = (opaque *) st + sizeof (mbuffer_st); st->msg.size = payload_size; st->mark = 0; st->user_mark = 0; @@ -257,16 +259,16 @@ _mbuffer_alloc (size_t payload_size, size_t maximum_size) * n: number of bytes to copy */ int -_mbuffer_append_data (mbuffer_st *bufel, void* newdata, size_t newdata_size) +_mbuffer_append_data (mbuffer_st * bufel, void *newdata, size_t newdata_size) { - if (bufel->msg.size+newdata_size <= bufel->maximum_size) + if (bufel->msg.size + newdata_size <= bufel->maximum_size) { - memcpy(&bufel->msg.data[bufel->msg.size], newdata, newdata_size); - bufel->msg.size+=newdata_size; + memcpy (&bufel->msg.data[bufel->msg.size], newdata, newdata_size); + bufel->msg.size += newdata_size; } else { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } @@ -282,25 +284,25 @@ _mbuffer_append_data (mbuffer_st *bufel, void* newdata, size_t newdata_size) * n: number of segments initially in the buffer */ int -_mbuffer_linearize (mbuffer_head_st *buf) +_mbuffer_linearize (mbuffer_head_st * buf) { mbuffer_st *bufel, *cur; gnutls_datum_t msg; - size_t pos=0; + size_t pos = 0; if (buf->length <= 1) /* Nothing to do */ return 0; bufel = _mbuffer_alloc (buf->byte_length, buf->byte_length); - if (!bufel) { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - for (cur = _mbuffer_get_first(buf, &msg); - msg.data != NULL; - cur = _mbuffer_get_next(cur, &msg)) + if (!bufel) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + for (cur = _mbuffer_get_first (buf, &msg); + msg.data != NULL; cur = _mbuffer_get_next (cur, &msg)) { memcpy (&bufel->msg.data[pos], msg.data, cur->msg.size); pos += cur->msg.size; diff --git a/lib/gnutls_mbuffers.h b/lib/gnutls_mbuffers.h index beb1eabdec..9eaf310f6a 100644 --- a/lib/gnutls_mbuffers.h +++ b/lib/gnutls_mbuffers.h @@ -23,75 +23,85 @@ */ #ifndef GNUTLS_MBUFFERS_H -# define GNUTLS_MBUFFERS_H +#define GNUTLS_MBUFFERS_H #include <gnutls_int.h> #include <gnutls_errors.h> -void _mbuffer_init (mbuffer_head_st *buf); -void _mbuffer_clear (mbuffer_head_st *buf); -void _mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel); -int _mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes); -mbuffer_st* _mbuffer_alloc (size_t payload_size, size_t maximum_size); +void _mbuffer_init (mbuffer_head_st * buf); +void _mbuffer_clear (mbuffer_head_st * buf); +void _mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel); +int _mbuffer_remove_bytes (mbuffer_head_st * buf, size_t bytes); +mbuffer_st *_mbuffer_alloc (size_t payload_size, size_t maximum_size); -mbuffer_st* _mbuffer_get_first (mbuffer_head_st *buf, gnutls_datum_t *msg); -mbuffer_st* _mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t *msg); +mbuffer_st *_mbuffer_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg); +mbuffer_st *_mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t * msg); /* This is dangerous since it will replace bufel with a new * one. */ -int _mbuffer_append_data (mbuffer_st *bufel, void* newdata, size_t newdata_size); -int _mbuffer_linearize (mbuffer_head_st *buf); +int _mbuffer_append_data (mbuffer_st * bufel, void *newdata, + size_t newdata_size); +int _mbuffer_linearize (mbuffer_head_st * buf); /* For "user" use. One can have buffer data and header. */ -inline static void _mbuffer_set_udata(mbuffer_st *bufel, void* data, size_t data_size) +inline static void +_mbuffer_set_udata (mbuffer_st * bufel, void *data, size_t data_size) { - memcpy(bufel->msg.data + bufel->user_mark, data, data_size); + memcpy (bufel->msg.data + bufel->user_mark, data, data_size); } -inline static void* _mbuffer_get_uhead_ptr(mbuffer_st *bufel) +inline static void * +_mbuffer_get_uhead_ptr (mbuffer_st * bufel) { return bufel->msg.data; } -inline static void* _mbuffer_get_udata_ptr(mbuffer_st *bufel) +inline static void * +_mbuffer_get_udata_ptr (mbuffer_st * bufel) { return bufel->msg.data + bufel->user_mark; } -inline static void _mbuffer_set_udata_size(mbuffer_st *bufel, size_t size) +inline static void +_mbuffer_set_udata_size (mbuffer_st * bufel, size_t size) { bufel->msg.size = size + bufel->user_mark; } -inline static size_t _mbuffer_get_udata_size(mbuffer_st *bufel) +inline static size_t +_mbuffer_get_udata_size (mbuffer_st * bufel) { return bufel->msg.size - bufel->user_mark; } -inline static size_t _mbuffer_get_uhead_size(mbuffer_st *bufel) +inline static size_t +_mbuffer_get_uhead_size (mbuffer_st * bufel) { return bufel->user_mark; } -inline static void _mbuffer_set_uhead_size(mbuffer_st *bufel, size_t size) +inline static void +_mbuffer_set_uhead_size (mbuffer_st * bufel, size_t size) { bufel->user_mark = size; } -inline static mbuffer_st* _gnutls_handshake_alloc(size_t size, size_t maximum) +inline static mbuffer_st * +_gnutls_handshake_alloc (size_t size, size_t maximum) { - mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size, HANDSHAKE_HEADER_SIZE+maximum); + mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size, + HANDSHAKE_HEADER_SIZE + maximum); if (!ret) return NULL; - _mbuffer_set_uhead_size(ret, HANDSHAKE_HEADER_SIZE); + _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE); return ret; } @@ -102,10 +112,11 @@ inline static mbuffer_st* _gnutls_handshake_alloc(size_t size, size_t maximum) * pointer case). It also makes sure the pointer has a known value * after freeing. */ -inline static void _mbuffer_xfree(mbuffer_st **bufel) +inline static void +_mbuffer_xfree (mbuffer_st ** bufel) { - if(*bufel) - gnutls_free(*bufel); + if (*bufel) + gnutls_free (*bufel); *bufel = NULL; } diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h index c49c848db1..46811a34c8 100644 --- a/lib/gnutls_mem.h +++ b/lib/gnutls_mem.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_MEM_H -# define GNUTLS_MEM_H +#define GNUTLS_MEM_H typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 9b3880c4a1..a9daddd3b8 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -24,11 +24,11 @@ */ #ifndef GNUTLS_MPI_H -# define GNUTLS_MPI_H +#define GNUTLS_MPI_H -# include <gnutls_int.h> +#include <gnutls_int.h> -# include <gnutls/crypto.h> +#include <gnutls/crypto.h> extern int crypto_bigint_prio; extern gnutls_crypto_bigint_st _gnutls_mpi_ops; diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h index e35b92f268..e4658e5daf 100644 --- a/lib/gnutls_num.h +++ b/lib/gnutls_num.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_NUM_H -# define GNUTLS_NUM_H +#define GNUTLS_NUM_H #include <gnutls_int.h> @@ -43,7 +43,7 @@ void _gnutls_write_uint16 (uint16_t num, opaque * data); uint32_t _gnutls_uint64touint32 (const uint64 *); int _gnutls_uint64pp (uint64 *); -# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0 -# define UINT64DATA(x) (x.i) +#define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0 +#define UINT64DATA(x) (x.i) #endif /* GNUTLS_NUM_H */ diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 9739869ad5..73609bf284 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -610,15 +610,16 @@ gnutls_pk_params_release (gnutls_pk_params_st * p) } } -int _gnutls_calc_rsa_exp(bigint_t* params, unsigned int params_size) +int +_gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size) { -bigint_t tmp = _gnutls_mpi_alloc_like(params[0]); + bigint_t tmp = _gnutls_mpi_alloc_like (params[0]); - if (params_size < RSA_PRIVATE_PARAMS-2) - { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } + if (params_size < RSA_PRIVATE_PARAMS - 2) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } if (tmp == NULL) { @@ -627,35 +628,38 @@ bigint_t tmp = _gnutls_mpi_alloc_like(params[0]); } /* [6] = d % p-1, [7] = d % q-1 */ - _gnutls_mpi_sub_ui(tmp, params[3], 1); - params[6] = _gnutls_mpi_mod(params[2]/*d*/, tmp); + _gnutls_mpi_sub_ui (tmp, params[3], 1); + params[6] = _gnutls_mpi_mod (params[2] /*d */ , tmp); - _gnutls_mpi_sub_ui(tmp, params[4], 1); - params[7] = _gnutls_mpi_mod(params[2]/*d*/, tmp); + _gnutls_mpi_sub_ui (tmp, params[4], 1); + params[7] = _gnutls_mpi_mod (params[2] /*d */ , tmp); - _gnutls_mpi_release(&tmp); + _gnutls_mpi_release (&tmp); if (params[7] == NULL || params[6] == NULL) { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } return 0; } -int _gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk, bigint_t* params, int params_size, - gnutls_digest_algorithm_t *dig, unsigned int *mand) +int +_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, bigint_t * params, + int params_size, + gnutls_digest_algorithm_t * dig, + unsigned int *mand) { if (mand) { if (pk == GNUTLS_PK_DSA) - *mand = 1; + *mand = 1; else - *mand = 0; + *mand = 0; } return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) dig, - NULL, pk, params, params_size); + NULL, pk, params, params_size); } diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h index 5aa9622c1c..93e2de0afc 100644 --- a/lib/gnutls_pk.h +++ b/lib/gnutls_pk.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_PK_H -# define GNUTLS_PK_H +#define GNUTLS_PK_H extern int crypto_pk_prio; extern gnutls_crypto_pk_st _gnutls_pk_ops; @@ -77,9 +77,11 @@ int _gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r, bigint_t * s); -int _gnutls_calc_rsa_exp(bigint_t* params, unsigned int params_size); +int _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size); -int _gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk, bigint_t* params, int params_size, - gnutls_digest_algorithm_t *dig, unsigned int *mand); +int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, + bigint_t * params, int params_size, + gnutls_digest_algorithm_t * dig, + unsigned int *mand); #endif /* GNUTLS_PK_H */ diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 45b6a08998..3a17527395 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -576,7 +576,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - + /* for now unsafe renegotiation is default on everyone. To be removed * when we make it the default. */ @@ -713,10 +713,12 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, } else if (broken_list[i][0] == '%') { - if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) { - (*priority_cache)->no_padding = 1; - (*priority_cache)->allow_large_records = 1; - } else if (strcasecmp (&broken_list[i][1], + if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) + { + (*priority_cache)->no_padding = 1; + (*priority_cache)->allow_large_records = 1; + } + else if (strcasecmp (&broken_list[i][1], "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) { prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); @@ -732,13 +734,13 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; else if (strcasecmp (&broken_list[i][1], "UNSAFE_RENEGOTIATION") == 0) - { + { (*priority_cache)->sr = SR_UNSAFE; - } + } else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0) { (*priority_cache)->sr = SR_SAFE; - } + } else if (strcasecmp (&broken_list[i][1], "PARTIAL_RENEGOTIATION") == 0) { @@ -746,9 +748,9 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, } else if (strcasecmp (&broken_list[i][1], "DISABLE_SAFE_RENEGOTIATION") == 0) - { + { (*priority_cache)->sr = SR_DISABLED; - } + } else goto error; } diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index f5efe6dcae..99f47e8f5f 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -35,19 +35,21 @@ #include <x509_int.h> #include <openpgp/openpgp_int.h> -struct gnutls_privkey_st { - gnutls_privkey_type_t type; - gnutls_pk_algorithm_t pk_algorithm; +struct gnutls_privkey_st +{ + gnutls_privkey_type_t type; + gnutls_pk_algorithm_t pk_algorithm; - union { - gnutls_x509_privkey_t x509; - gnutls_pkcs11_privkey_t pkcs11; + union + { + gnutls_x509_privkey_t x509; + gnutls_pkcs11_privkey_t pkcs11; #ifdef ENABLE_OPENPGP - gnutls_openpgp_privkey_t openpgp; + gnutls_openpgp_privkey_t openpgp; #endif - } key; + } key; - unsigned int flags; + unsigned int flags; }; /** @@ -60,9 +62,10 @@ struct gnutls_privkey_st { * Returns: a member of the #gnutls_privkey_type_t enumeration on * success, or a negative value on error. **/ -gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key) +gnutls_privkey_type_t +gnutls_privkey_get_type (gnutls_privkey_t key) { - return key->type; + return key->type; } /** @@ -77,30 +80,25 @@ gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key) * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative value on error. **/ -int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, - unsigned int *bits) +int +gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits) { - switch (key->type) { + switch (key->type) + { #ifdef ENABLE_OPENPGP - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_get_pk_algorithm(key->key. - openpgp, - bits); + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_get_pk_algorithm (key->key.openpgp, bits); #endif - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_get_pk_algorithm(key->key. - pkcs11, - bits); - case GNUTLS_PRIVKEY_X509: - if (bits) - *bits = - _gnutls_mpi_get_nbits(key->key.x509-> - params[0]); - return gnutls_x509_privkey_get_pk_algorithm(key->key.x509); - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits); + case GNUTLS_PRIVKEY_X509: + if (bits) + *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]); + return gnutls_x509_privkey_get_pk_algorithm (key->key.x509); + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } @@ -113,15 +111,17 @@ int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_init(gnutls_privkey_t * key) +int +gnutls_privkey_init (gnutls_privkey_t * key) { - *key = gnutls_calloc(1, sizeof(struct gnutls_privkey_st)); - if (*key == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + *key = gnutls_calloc (1, sizeof (struct gnutls_privkey_st)); + if (*key == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } - return 0; + return 0; } /** @@ -130,22 +130,22 @@ int gnutls_privkey_init(gnutls_privkey_t * key) * * This function will deinitialize a private key structure. **/ -void gnutls_privkey_deinit(gnutls_privkey_t key) +void +gnutls_privkey_deinit (gnutls_privkey_t key) { - if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE) - switch (key->type) { + if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE) + switch (key->type) + { #ifdef ENABLE_OPENPGP - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_deinit(key->key. - openpgp); + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_deinit (key->key.openpgp); #endif - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_deinit(key->key. - pkcs11); - case GNUTLS_PRIVKEY_X509: - return gnutls_x509_privkey_deinit(key->key.x509); - } - gnutls_free(key); + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_deinit (key->key.pkcs11); + case GNUTLS_PRIVKEY_X509: + return gnutls_x509_privkey_deinit (key->key.x509); + } + gnutls_free (key); } /** @@ -160,17 +160,16 @@ void gnutls_privkey_deinit(gnutls_privkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, - gnutls_pkcs11_privkey_t key, - unsigned int flags) +int +gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, + gnutls_pkcs11_privkey_t key, unsigned int flags) { - pkey->key.pkcs11 = key; - pkey->type = GNUTLS_PRIVKEY_PKCS11; - pkey->pk_algorithm = - gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL); - pkey->flags = flags; + pkey->key.pkcs11 = key; + pkey->type = GNUTLS_PRIVKEY_PKCS11; + pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL); + pkey->flags = flags; - return 0; + return 0; } /** @@ -185,16 +184,16 @@ int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_import_x509(gnutls_privkey_t pkey, - gnutls_x509_privkey_t key, - unsigned int flags) +int +gnutls_privkey_import_x509 (gnutls_privkey_t pkey, + gnutls_x509_privkey_t key, unsigned int flags) { - pkey->key.x509 = key; - pkey->type = GNUTLS_PRIVKEY_X509; - pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key); - pkey->flags = flags; + pkey->key.x509 = key; + pkey->type = GNUTLS_PRIVKEY_X509; + pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key); + pkey->flags = flags; - return 0; + return 0; } #ifdef ENABLE_OPENPGP @@ -210,17 +209,17 @@ int gnutls_privkey_import_x509(gnutls_privkey_t pkey, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey, - gnutls_openpgp_privkey_t key, - unsigned int flags) +int +gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, + gnutls_openpgp_privkey_t key, + unsigned int flags) { - pkey->key.openpgp = key; - pkey->type = GNUTLS_PRIVKEY_OPENPGP; - pkey->pk_algorithm = - gnutls_openpgp_privkey_get_pk_algorithm(key, NULL); - pkey->flags = flags; + pkey->key.openpgp = key; + pkey->type = GNUTLS_PRIVKEY_OPENPGP; + pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); + pkey->flags = flags; - return 0; + return 0; } #endif @@ -241,45 +240,49 @@ int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey, * negative error value. **/ int -gnutls_privkey_sign_data(gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) +gnutls_privkey_sign_data (gnutls_privkey_t signer, + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { - int ret; - gnutls_datum_t digest; + int ret; + gnutls_datum_t digest; - switch (signer->pk_algorithm) { - case GNUTLS_PK_RSA: - ret = pk_pkcs1_rsa_hash(hash, data, &digest); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - case GNUTLS_PK_DSA: - ret = pk_dsa_hash(hash, data, &digest); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - break; - default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + switch (signer->pk_algorithm) + { + case GNUTLS_PK_RSA: + ret = pk_pkcs1_rsa_hash (hash, data, &digest); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_DSA: + ret = pk_dsa_hash (hash, data, &digest); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = gnutls_privkey_sign_hash(signer, &digest, signature); - _gnutls_free_datum(&digest); + break; + default: + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = gnutls_privkey_sign_hash (signer, &digest, signature); + _gnutls_free_datum (&digest); - return 0; + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return 0; } /** @@ -294,26 +297,27 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_sign_hash(gnutls_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) +int +gnutls_privkey_sign_hash (gnutls_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { - switch (key->type) { + switch (key->type) + { #ifdef ENABLE_OPENPGP - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_sign_hash(key->key.openpgp, - hash, signature); + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_sign_hash (key->key.openpgp, + hash, signature); #endif - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11, - hash, signature); - case GNUTLS_PRIVKEY_X509: - return gnutls_x509_privkey_sign_hash(key->key.x509, hash, - signature); - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11, + hash, signature); + case GNUTLS_PRIVKEY_X509: + return gnutls_x509_privkey_sign_hash (key->key.x509, hash, signature); + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } /** @@ -329,36 +333,35 @@ int gnutls_privkey_sign_hash(gnutls_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_decrypt_data(gnutls_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) +int +gnutls_privkey_decrypt_data (gnutls_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { - if (key->pk_algorithm != GNUTLS_PK_RSA) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (key->pk_algorithm != GNUTLS_PK_RSA) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } - switch (key->type) { + switch (key->type) + { #ifdef ENABLE_OPENPGP - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_decrypt_data(key->key. - openpgp, flags, - ciphertext, - plaintext); + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags, + ciphertext, plaintext); #endif - case GNUTLS_PRIVKEY_X509: - return _gnutls_pkcs1_rsa_decrypt(plaintext, ciphertext, - key->key.x509->params, - key->key.x509-> - params_size, 2); - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11, - flags, - ciphertext, - plaintext); - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + case GNUTLS_PRIVKEY_X509: + return _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, + key->key.x509->params, + key->key.x509->params_size, 2); + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11, + flags, + ciphertext, plaintext); + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index bd413efaf8..bce1334398 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -42,23 +42,24 @@ #define PK_PEM_HEADER "PUBLIC KEY" -struct gnutls_pubkey_st { - gnutls_pk_algorithm_t pk_algorithm; - unsigned int bits; /* an indication of the security parameter */ - - /* the size of params depends on the public - * key algorithm - * RSA: [0] is modulus - * [1] is public exponent - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is public key - */ - bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; - int params_size; /* holds the size of MPI params */ - - unsigned int key_usage; /* bits from GNUTLS_KEY_* */ +struct gnutls_pubkey_st +{ + gnutls_pk_algorithm_t pk_algorithm; + unsigned int bits; /* an indication of the security parameter */ + + /* the size of params depends on the public + * key algorithm + * RSA: [0] is modulus + * [1] is public exponent + * DSA: [0] is p + * [1] is q + * [2] is g + * [3] is public key + */ + bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; + int params_size; /* holds the size of MPI params */ + + unsigned int key_usage; /* bits from GNUTLS_KEY_* */ }; /** @@ -73,12 +74,13 @@ struct gnutls_pubkey_st { * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative value on error. **/ -int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, unsigned int *bits) +int +gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits) { - if (bits) - *bits = key->bits; + if (bits) + *bits = key->bits; - return key->pk_algorithm; + return key->pk_algorithm; } /** @@ -91,12 +93,13 @@ int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, unsigned int *bits) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage) +int +gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage) { - if (usage) - *usage = key->key_usage; + if (usage) + *usage = key->key_usage; - return 0; + return 0; } /** @@ -108,15 +111,17 @@ int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pubkey_init(gnutls_pubkey_t * key) +int +gnutls_pubkey_init (gnutls_pubkey_t * key) { - *key = gnutls_calloc(1, sizeof(struct gnutls_pubkey_st)); - if (*key == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; + *key = gnutls_calloc (1, sizeof (struct gnutls_pubkey_st)); + if (*key == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + return 0; } /** @@ -125,9 +130,10 @@ int gnutls_pubkey_init(gnutls_pubkey_t * key) * * This function will deinitialize a public key structure. **/ -void gnutls_pubkey_deinit(gnutls_pubkey_t key) +void +gnutls_pubkey_deinit (gnutls_pubkey_t key) { - gnutls_free(key); + gnutls_free (key); } /** @@ -142,45 +148,44 @@ void gnutls_pubkey_deinit(gnutls_pubkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt, - unsigned int flags) +int +gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, + unsigned int flags) { - int ret; - - key->pk_algorithm = - gnutls_x509_crt_get_pk_algorithm(crt, &key->bits); - - ret = gnutls_x509_crt_get_key_usage(crt, &key->key_usage, NULL); - if (ret < 0) - key->key_usage = 0; - - key->params_size = sizeof(key->params) / sizeof(key->params[0]); - switch (key->pk_algorithm) { - case GNUTLS_PK_RSA: - ret = - _gnutls_x509_crt_get_mpis(crt, key->params, - &key->params_size); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - case GNUTLS_PK_DSA: - ret = - _gnutls_x509_crt_get_mpis(crt, key->params, - &key->params_size); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - return 0; + int ret; + + key->pk_algorithm = gnutls_x509_crt_get_pk_algorithm (crt, &key->bits); + + ret = gnutls_x509_crt_get_key_usage (crt, &key->key_usage, NULL); + if (ret < 0) + key->key_usage = 0; + + key->params_size = sizeof (key->params) / sizeof (key->params[0]); + switch (key->pk_algorithm) + { + case GNUTLS_PK_RSA: + ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_DSA: + ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return 0; } /** @@ -199,22 +204,23 @@ int gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt, * Since: 2.11.0 **/ int -gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) +gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { - int ret; + int ret; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm, - key->params, key->params_size, - hash, mand); + ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm, + key->params, key->params_size, + hash, mand); - return ret; + return ret; } @@ -230,42 +236,44 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, - gnutls_pkcs11_obj_t obj, - unsigned int flags) +int +gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, + gnutls_pkcs11_obj_t obj, unsigned int flags) { - int ret; - - ret = gnutls_pkcs11_obj_get_type(obj); - if (ret != GNUTLS_PKCS11_OBJ_PUBKEY) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - key->key_usage = obj->key_usage; - - switch (obj->pk_algorithm) { - case GNUTLS_PK_RSA: - ret = gnutls_pubkey_import_rsa_raw(key, &obj->pubkey[0], - &obj->pubkey[1]); - break; - case GNUTLS_PK_DSA: - ret = gnutls_pubkey_import_dsa_raw(key, &obj->pubkey[0], - &obj->pubkey[1], - &obj->pubkey[2], - &obj->pubkey[3]); - break; - default: - gnutls_assert(); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return 0; + int ret; + + ret = gnutls_pkcs11_obj_get_type (obj); + if (ret != GNUTLS_PKCS11_OBJ_PUBKEY) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + key->key_usage = obj->key_usage; + + switch (obj->pk_algorithm) + { + case GNUTLS_PK_RSA: + ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0], + &obj->pubkey[1]); + break; + case GNUTLS_PK_DSA: + ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0], + &obj->pubkey[1], + &obj->pubkey[2], &obj->pubkey[3]); + break; + default: + gnutls_assert (); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; + } + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return 0; } #ifdef ENABLE_OPENPGP @@ -281,54 +289,58 @@ int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key, - gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flags) +int +gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, + gnutls_openpgp_crt_t crt, + gnutls_openpgp_keyid_t keyid, + unsigned int flags) { - int ret; - uint32_t kid32[2]; - - ret = gnutls_openpgp_crt_get_preferred_key_id(crt, keyid); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - KEYID_IMPORT(kid32, keyid); - - key->pk_algorithm = - gnutls_openpgp_crt_get_pk_algorithm(crt, &key->bits); - - ret = gnutls_openpgp_crt_get_key_usage(crt, &key->key_usage); - if (ret < 0) - key->key_usage = 0; - - switch (key->pk_algorithm) { - case GNUTLS_PK_RSA: - ret = - _gnutls_openpgp_crt_get_mpis(crt, kid32, key->params, - &key->params_size); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - case GNUTLS_PK_DSA: - ret = - _gnutls_openpgp_crt_get_mpis(crt, kid32, key->params, - &key->params_size); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - return 0; + int ret; + uint32_t kid32[2]; + + ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + KEYID_IMPORT (kid32, keyid); + + key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits); + + ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage); + if (ret < 0) + key->key_usage = 0; + + switch (key->pk_algorithm) + { + case GNUTLS_PK_RSA: + ret = + _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params, + &key->params_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_DSA: + ret = + _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params, + &key->params_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return 0; } #endif @@ -354,50 +366,52 @@ int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key, * returned, and 0 on success. **/ int -gnutls_pubkey_export(gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +gnutls_pubkey_export (gnutls_pubkey_t key, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = - _gnutls_x509_encode_and_copy_PKI_params(spk, "", - key->pk_algorithm, - key->params, - key->params_size); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk)) + != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + result = + _gnutls_x509_encode_and_copy_PKI_params (spk, "", + key->pk_algorithm, + key->params, key->params_size); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } - result = _gnutls_x509_export_int_named(spk, "", - format, PK_PEM_HEADER, - output_data, - output_data_size); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } + result = _gnutls_x509_export_int_named (spk, "", + format, PK_PEM_HEADER, + output_data, output_data_size); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } - result = 0; + result = 0; - cleanup: - asn1_delete_structure(&spk); +cleanup: + asn1_delete_structure (&spk); - return result; + return result; } @@ -422,27 +436,28 @@ gnutls_pubkey_export(gnutls_pubkey_t key, * returned, and 0 on success. **/ int -gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) +gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, + unsigned char *output_data, + size_t * output_data_size) { - int ret = 0; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = - _gnutls_get_key_id(key->pk_algorithm, key->params, - key->params_size, output_data, - output_data_size); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return 0; + int ret = 0; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = + _gnutls_get_key_id (key->pk_algorithm, key->params, + key->params_size, output_data, output_data_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return 0; } /** @@ -458,35 +473,39 @@ gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags, * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. **/ int -gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e) +gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, + gnutls_datum_t * m, gnutls_datum_t * e) { - int ret; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm != GNUTLS_PK_RSA) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_mpi_dprint(key->params[0], m); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = _gnutls_mpi_dprint(key->params[1], e); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(m); - return ret; - } - - return 0; + int ret; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key->pk_algorithm != GNUTLS_PK_RSA) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_mpi_dprint (key->params[0], m); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = _gnutls_mpi_dprint (key->params[1], e); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (m); + return ret; + } + + return 0; } /** @@ -504,59 +523,65 @@ gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key, * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. **/ int -gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) +gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { - int ret; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm != GNUTLS_PK_DSA) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - /* P */ - ret = _gnutls_mpi_dprint(key->params[0], p); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - /* Q */ - ret = _gnutls_mpi_dprint(key->params[1], q); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - return ret; - } - - - /* G */ - ret = _gnutls_mpi_dprint(key->params[2], g); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(q); - return ret; - } - - - /* Y */ - ret = _gnutls_mpi_dprint(key->params[3], y); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(g); - _gnutls_free_datum(q); - return ret; - } - - return 0; + int ret; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key->pk_algorithm != GNUTLS_PK_DSA) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + /* P */ + ret = _gnutls_mpi_dprint (key->params[0], p); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + /* Q */ + ret = _gnutls_mpi_dprint (key->params[1], q); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + return ret; + } + + + /* G */ + ret = _gnutls_mpi_dprint (key->params[2], g); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (q); + return ret; + } + + + /* Y */ + ret = _gnutls_mpi_dprint (key->params[3], y); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (g); + _gnutls_free_datum (q); + return ret; + } + + return 0; } /** @@ -572,81 +597,86 @@ gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pubkey_import(gnutls_pubkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int +gnutls_pubkey_import (gnutls_pubkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; - ASN1_TYPE spk; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; - - /* Try the first header */ - result = - _gnutls_fbase64_decode(PK_PEM_HEADER, data->data, - data->size, &out); - - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; - } - - _data.data = out; - _data.size = result; - - need_free = 1; - } - - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - result = asn1_der_decoding(&spk, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - key->params_size = sizeof(key->params) / sizeof(key->params[0]); - result = - _gnutls_get_asn_mpis(spk, "", key->params, &key->params_size); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } - - /* this has already been called by get_asn_mpis() thus it cannot - * fail. - */ - key->pk_algorithm = _gnutls_x509_get_pk_algorithm(spk, "", NULL); - - result = 0; - - cleanup: - asn1_delete_structure(&spk); - - if (need_free) - _gnutls_free_datum(&_data); - return result; + int result = 0, need_free = 0; + gnutls_datum_t _data; + ASN1_TYPE spk; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + _data.data = data->data; + _data.size = data->size; + + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; + + /* Try the first header */ + result = + _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out); + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } + + _data.data = out; + _data.size = result; + + need_free = 1; + } + + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk)) + != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + result = asn1_der_decoding (&spk, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + key->params_size = sizeof (key->params) / sizeof (key->params[0]); + result = _gnutls_get_asn_mpis (spk, "", key->params, &key->params_size); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } + + /* this has already been called by get_asn_mpis() thus it cannot + * fail. + */ + key->pk_algorithm = _gnutls_x509_get_pk_algorithm (spk, "", NULL); + + result = 0; + +cleanup: + asn1_delete_structure (&spk); + + if (need_free) + _gnutls_free_datum (&_data); + return result; } /** @@ -660,30 +690,33 @@ int gnutls_pubkey_import(gnutls_pubkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key) +int +gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) { - int result; + int result; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } - result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - key->pk_algorithm, - key->params, - key->params_size); + result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert, + "tbsCertificate.subjectPublicKeyInfo", + key->pk_algorithm, + key->params, + key->params_size); - if (result < 0) { - gnutls_assert(); - return result; - } + if (result < 0) + { + gnutls_assert (); + return result; + } - if (key->key_usage) - gnutls_x509_crt_set_key_usage(crt, key->key_usage); + if (key->key_usage) + gnutls_x509_crt_set_key_usage (crt, key->key_usage); - return 0; + return 0; } /** @@ -697,29 +730,32 @@ int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key) +int +gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key) { - int result; + int result; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } - result = _gnutls_x509_encode_and_copy_PKI_params - (crq->crq, - "certificationRequestInfo.subjectPKInfo", - key->pk_algorithm, key->params, key->params_size); + result = _gnutls_x509_encode_and_copy_PKI_params + (crq->crq, + "certificationRequestInfo.subjectPKInfo", + key->pk_algorithm, key->params, key->params_size); - if (result < 0) { - gnutls_assert(); - return result; - } + if (result < 0) + { + gnutls_assert (); + return result; + } - if (key->key_usage) - gnutls_x509_crq_set_key_usage(crq, key->key_usage); + if (key->key_usage) + gnutls_x509_crq_set_key_usage (crq, key->key_usage); - return 0; + return 0; } /** @@ -732,11 +768,12 @@ int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage) +int +gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage) { - key->key_usage = usage; + key->key_usage = usage; - return 0; + return 0; } /** @@ -752,36 +789,40 @@ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage) * negative error value. **/ -int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, - unsigned int flags) +int +gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url, + unsigned int flags) { - gnutls_pkcs11_obj_t pcrt; - int ret; - - ret = gnutls_pkcs11_obj_init(&pcrt); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = gnutls_pubkey_import_pkcs11(key, pcrt, 0); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = 0; - cleanup: - - gnutls_pkcs11_obj_deinit(pcrt); - - return ret; + gnutls_pkcs11_obj_t pcrt; + int ret; + + ret = gnutls_pkcs11_obj_init (&pcrt); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = gnutls_pubkey_import_pkcs11 (key, pcrt, 0); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = 0; +cleanup: + + gnutls_pkcs11_obj_deinit (pcrt); + + return ret; } /** @@ -797,34 +838,37 @@ int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code. **/ int -gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e) +gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e) { - size_t siz = 0; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - siz = m->size; - if (_gnutls_mpi_scan_nz(&key->params[0], m->data, siz)) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = e->size; - if (_gnutls_mpi_scan_nz(&key->params[1], e->data, siz)) { - gnutls_assert(); - _gnutls_mpi_release(&key->params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - key->params_size = RSA_PUBLIC_PARAMS; - key->pk_algorithm = GNUTLS_PK_RSA; - - return 0; + size_t siz = 0; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + siz = m->size; + if (_gnutls_mpi_scan_nz (&key->params[0], m->data, siz)) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = e->size; + if (_gnutls_mpi_scan_nz (&key->params[1], e->data, siz)) + { + gnutls_assert (); + _gnutls_mpi_release (&key->params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + key->params_size = RSA_PUBLIC_PARAMS; + key->pk_algorithm = GNUTLS_PK_RSA; + + return 0; } /** @@ -843,53 +887,58 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, * negative error value. **/ int -gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y) +gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y) { - size_t siz = 0; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - siz = p->size; - if (_gnutls_mpi_scan_nz(&key->params[0], p->data, siz)) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = q->size; - if (_gnutls_mpi_scan_nz(&key->params[1], q->data, siz)) { - gnutls_assert(); - _gnutls_mpi_release(&key->params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = g->size; - if (_gnutls_mpi_scan_nz(&key->params[2], g->data, siz)) { - gnutls_assert(); - _gnutls_mpi_release(&key->params[1]); - _gnutls_mpi_release(&key->params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = y->size; - if (_gnutls_mpi_scan_nz(&key->params[3], y->data, siz)) { - gnutls_assert(); - _gnutls_mpi_release(&key->params[2]); - _gnutls_mpi_release(&key->params[1]); - _gnutls_mpi_release(&key->params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - key->params_size = DSA_PUBLIC_PARAMS; - key->pk_algorithm = GNUTLS_PK_DSA; - - return 0; + size_t siz = 0; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + siz = p->size; + if (_gnutls_mpi_scan_nz (&key->params[0], p->data, siz)) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = q->size; + if (_gnutls_mpi_scan_nz (&key->params[1], q->data, siz)) + { + gnutls_assert (); + _gnutls_mpi_release (&key->params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = g->size; + if (_gnutls_mpi_scan_nz (&key->params[2], g->data, siz)) + { + gnutls_assert (); + _gnutls_mpi_release (&key->params[1]); + _gnutls_mpi_release (&key->params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = y->size; + if (_gnutls_mpi_scan_nz (&key->params[3], y->data, siz)) + { + gnutls_assert (); + _gnutls_mpi_release (&key->params[2]); + _gnutls_mpi_release (&key->params[1]); + _gnutls_mpi_release (&key->params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + key->params_size = DSA_PUBLIC_PARAMS; + key->pk_algorithm = GNUTLS_PK_DSA; + + return 0; } @@ -907,22 +956,23 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, * success. **/ int -gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) +gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) { - int ret; + int ret; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } - ret = - pubkey_verify_sig(NULL, hash, signature, key->pk_algorithm, - key->params, key->params_size); + ret = + pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm, + key->params, key->params_size); - return ret; + return ret; } /** @@ -938,19 +988,19 @@ gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags, * returned on error. **/ int -gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash) +gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash) { - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - return _gnutls_x509_verify_algorithm((gnutls_mac_algorithm_t *) - hash, signature, - key->pk_algorithm, - key->params, - key->params_size); + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) + hash, signature, + key->pk_algorithm, + key->params, key->params_size); } diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index afc7e32719..c960a8ed3a 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -335,8 +335,9 @@ copy_record_version (gnutls_session_t session, */ ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, unsigned int epoch_rel, - const void *_data, size_t sizeofdata, unsigned int mflags) + gnutls_handshake_description_t htype, + unsigned int epoch_rel, const void *_data, + size_t sizeofdata, unsigned int mflags) { mbuffer_st *bufel; size_t cipher_size; @@ -427,7 +428,8 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, cipher_size = _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data, - data2send_size, _mbuffer_get_udata_ptr(bufel), cipher_size, type, + data2send_size, _mbuffer_get_udata_ptr (bufel), + cipher_size, type, (session->internals.priorities.no_padding == 0) ? 1 : 0, record_params); if (cipher_size <= 0) @@ -452,7 +454,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, return GNUTLS_E_RECORD_LIMIT_REACHED; } - _mbuffer_set_udata_size(bufel, cipher_size); + _mbuffer_set_udata_size (bufel, cipher_size); ret = _gnutls_io_write_buffered (session, bufel, mflags); } @@ -485,7 +487,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, (int) _gnutls_uint64touint32 (&record_state->sequence_number), - _gnutls_packet2str (type), type, (int)cipher_size); + _gnutls_packet2str (type), type, (int) cipher_size); return retval; } @@ -501,7 +503,8 @@ _gnutls_send_change_cipher_spec (gnutls_session_t session, int again) _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session); if (again == 0) - return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH); + return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, + EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH); else { return _gnutls_io_write_flush (session); @@ -760,12 +763,14 @@ record_check_type (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_SERVER) { gnutls_assert (); - ret = _gnutls_record_buffer_put (recv_type, session, (void *) data, data_size); - if (ret < 0) - { - gnutls_assert(); - return ret; - } + ret = + _gnutls_record_buffer_put (recv_type, session, (void *) data, + data_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } return GNUTLS_E_REHANDSHAKE; } @@ -932,8 +937,7 @@ begin: header_size = RECORD_HEADER_SIZE; if ((ret = - _gnutls_io_read_buffered (session, header_size, - -1)) != header_size) + _gnutls_io_read_buffered (session, header_size, -1)) != header_size) { if (ret < 0 && gnutls_error_is_fatal (ret) == 0) return ret; @@ -950,10 +954,11 @@ begin: } ret = _mbuffer_linearize (&session->internals.record_recv_buffer); - if (ret != 0) { - gnutls_assert (); - return ret; - } + if (ret != 0) + { + gnutls_assert (); + return ret; + } _mbuffer_get_first (&session->internals.record_recv_buffer, &data_enc); @@ -990,7 +995,8 @@ begin: _gnutls_packet2str (type), type, (int) sizeofdata); _gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n", session, - (int) _gnutls_uint64touint32 (&record_state->sequence_number), + (int) + _gnutls_uint64touint32 (&record_state->sequence_number), _gnutls_packet2str (recv_type), recv_type, length); if (length > MAX_RECV_SIZE) @@ -1025,10 +1031,11 @@ begin: */ ret = _mbuffer_linearize (&session->internals.record_recv_buffer); - if (ret != 0) { - gnutls_assert (); - return ret; - } + if (ret != 0) + { + gnutls_assert (); + return ret; + } _mbuffer_get_first (&session->internals.record_recv_buffer, &data_enc); ciphertext = &data_enc.data[header_size]; @@ -1051,7 +1058,8 @@ begin: gnutls_assert (); return ret; } - _mbuffer_remove_bytes (&session->internals.record_recv_buffer, header_size + length); + _mbuffer_remove_bytes (&session->internals.record_recv_buffer, + header_size + length); decrypted_length = ret; /* Check if this is a CHANGE_CIPHER_SPEC @@ -1180,8 +1188,9 @@ ssize_t gnutls_record_send (gnutls_session_t session, const void *data, size_t sizeofdata) { - return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1, EPOCH_WRITE_CURRENT, - data, sizeofdata, MBUFFER_FLUSH); + return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1, + EPOCH_WRITE_CURRENT, data, sizeofdata, + MBUFFER_FLUSH); } /** diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 76c8520e24..6e920daa70 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -24,14 +24,15 @@ */ #ifndef GNUTLS_RECORD_H -# define GNUTLS_RECORD_H +#define GNUTLS_RECORD_H -# include <gnutls/gnutls.h> -# include <gnutls_buffers.h> +#include <gnutls/gnutls.h> +#include <gnutls_buffers.h> ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, unsigned int epoch_rel, - const void *data, size_t sizeofdata, unsigned int mflags); + gnutls_handshake_description_t htype, + unsigned int epoch_rel, const void *data, + size_t sizeofdata, unsigned int mflags); ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type, gnutls_handshake_description_t, opaque * data, size_t sizeofdata); diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 542abb3edb..aa6b8e3026 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -29,10 +29,10 @@ #include <gnutls_int.h> #ifdef ENABLE_SRP -# include <auth_srp.h> +#include <auth_srp.h> #endif #ifdef ENABLE_PSK -# include <auth_psk.h> +#include <auth_psk.h> #endif #include <auth_anon.h> #include <auth_cert.h> @@ -47,8 +47,7 @@ static int pack_certificate_auth_info (gnutls_session_t, gnutls_buffer_st * packed_session); static int unpack_certificate_auth_info (gnutls_session_t, - gnutls_buffer_st * - packed_session); + gnutls_buffer_st * packed_session); static int unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * packed_session); @@ -93,10 +92,10 @@ _gnutls_session_pack (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - _gnutls_buffer_init(&sb); + _gnutls_buffer_init (&sb); id = gnutls_auth_get_type (session); - BUFFER_APPEND(&sb, &id, 1); + BUFFER_APPEND (&sb, &id, 1); switch (id) { @@ -150,20 +149,20 @@ _gnutls_session_pack (gnutls_session_t session, if (ret < 0) { gnutls_assert (); - _gnutls_buffer_clear(&sb); + _gnutls_buffer_clear (&sb); return ret; } - - ret = _gnutls_ext_pack(session, &sb); + + ret = _gnutls_ext_pack (session, &sb); if (ret < 0) { gnutls_assert (); - _gnutls_buffer_clear(&sb); + _gnutls_buffer_clear (&sb); return ret; } - - ret = _gnutls_buffer_to_datum(&sb, packed_session); - + + ret = _gnutls_buffer_to_datum (&sb, packed_session); + return ret; } @@ -177,8 +176,8 @@ _gnutls_session_unpack (gnutls_session_t session, int ret; gnutls_buffer_st sb; opaque id; - - _gnutls_buffer_init(&sb); + + _gnutls_buffer_init (&sb); if (packed_session == NULL || packed_session->size == 0) { @@ -186,10 +185,12 @@ _gnutls_session_unpack (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - ret = _gnutls_buffer_append_data(&sb, packed_session->data, packed_session->size); - if (ret < 0) + ret = + _gnutls_buffer_append_data (&sb, packed_session->data, + packed_session->size); + if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -198,7 +199,7 @@ _gnutls_session_unpack (gnutls_session_t session, _gnutls_free_auth_info (session); } - BUFFER_POP(&sb, &id, 1); + BUFFER_POP (&sb, &id, 1); switch (id) { @@ -256,8 +257,8 @@ _gnutls_session_unpack (gnutls_session_t session, gnutls_assert (); goto error; } - - ret = _gnutls_ext_unpack(session, &sb); + + ret = _gnutls_ext_unpack (session, &sb); if (ret < 0) { gnutls_assert (); @@ -267,8 +268,8 @@ _gnutls_session_unpack (gnutls_session_t session, ret = 0; error: - _gnutls_buffer_clear(&sb); - + _gnutls_buffer_clear (&sb); + return ret; } @@ -297,8 +298,7 @@ error: * and so on... */ static int -pack_certificate_auth_info (gnutls_session_t session, - gnutls_buffer_st * ps) +pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) { unsigned int i; int cur_size, ret; @@ -306,27 +306,32 @@ pack_certificate_auth_info (gnutls_session_t session, int size_offset; size_offset = ps->length; - BUFFER_APPEND_NUM(ps, 0); + BUFFER_APPEND_NUM (ps, 0); cur_size = ps->length; if (info) { - BUFFER_APPEND_NUM( ps, info->dh.secret_bits); - BUFFER_APPEND_PFX( ps, info->dh.prime.data, info->dh.prime.size); - BUFFER_APPEND_PFX( ps, info->dh.generator.data, info->dh.generator.size); - BUFFER_APPEND_PFX( ps, info->dh.public_key.data, info->dh.public_key.size); - BUFFER_APPEND_PFX( ps, info->rsa_export.modulus.data, info->rsa_export.modulus.size); - BUFFER_APPEND_PFX( ps, info->rsa_export.exponent.data, info->rsa_export.exponent.size); + BUFFER_APPEND_NUM (ps, info->dh.secret_bits); + BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size); + BUFFER_APPEND_PFX (ps, info->dh.generator.data, + info->dh.generator.size); + BUFFER_APPEND_PFX (ps, info->dh.public_key.data, + info->dh.public_key.size); + BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data, + info->rsa_export.modulus.size); + BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data, + info->rsa_export.exponent.size); - BUFFER_APPEND_NUM( ps, info->ncerts); + BUFFER_APPEND_NUM (ps, info->ncerts); for (i = 0; i < info->ncerts; i++) - BUFFER_APPEND_PFX( ps, info->raw_certificate_list[i].data, info->raw_certificate_list[i].size); + BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data, + info->raw_certificate_list[i].size); } /* write the real size */ - _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset); + _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset); return 0; } @@ -335,15 +340,14 @@ pack_certificate_auth_info (gnutls_session_t session, /* Upack certificate info. */ static int -unpack_certificate_auth_info (gnutls_session_t session, - gnutls_buffer_st * ps) +unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) { int ret; unsigned int i = 0, j = 0; size_t pack_size; cert_auth_info_t info = NULL; - BUFFER_POP_NUM(ps, pack_size); + BUFFER_POP_NUM (ps, pack_size); if (pack_size == 0) return 0; /* nothing to be done */ @@ -366,30 +370,31 @@ unpack_certificate_auth_info (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - BUFFER_POP_NUM(ps, info->dh.secret_bits); + BUFFER_POP_NUM (ps, info->dh.secret_bits); - BUFFER_POP_DATUM(ps, &info->dh.prime); - BUFFER_POP_DATUM(ps, &info->dh.generator); - BUFFER_POP_DATUM(ps, &info->dh.public_key); - BUFFER_POP_DATUM(ps, &info->rsa_export.modulus); - BUFFER_POP_DATUM(ps, &info->rsa_export.exponent); + BUFFER_POP_DATUM (ps, &info->dh.prime); + BUFFER_POP_DATUM (ps, &info->dh.generator); + BUFFER_POP_DATUM (ps, &info->dh.public_key); + BUFFER_POP_DATUM (ps, &info->rsa_export.modulus); + BUFFER_POP_DATUM (ps, &info->rsa_export.exponent); - BUFFER_POP_NUM(ps, info->ncerts); + BUFFER_POP_NUM (ps, info->ncerts); if (info->ncerts > 0) { - info->raw_certificate_list = gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t)); + info->raw_certificate_list = + gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t)); if (info->raw_certificate_list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; + } } for (i = 0; i < info->ncerts; i++) { - BUFFER_POP_DATUM(ps, &info->raw_certificate_list[i]); + BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]); } return 0; @@ -405,7 +410,7 @@ error: _gnutls_free_datum (&info->rsa_export.exponent); for (j = 0; j < i; j++) - _gnutls_free_datum (&info->raw_certificate_list[j]); + _gnutls_free_datum (&info->raw_certificate_list[j]); gnutls_free (info->raw_certificate_list); } @@ -437,33 +442,32 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) len = 0; size_offset = ps->length; - BUFFER_APPEND_NUM(ps, 0); + BUFFER_APPEND_NUM (ps, 0); cur_size = ps->length; - BUFFER_APPEND_PFX(ps, info->username, len); + BUFFER_APPEND_PFX (ps, info->username, len); /* write the real size */ - _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset); + _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset); return 0; } static int -unpack_srp_auth_info (gnutls_session_t session, - gnutls_buffer_st * ps) +unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) { size_t username_size; int ret; srp_server_auth_info_t info; - BUFFER_POP_NUM(ps, username_size); - if (username_size > sizeof(info->username)) + BUFFER_POP_NUM (ps, username_size); + if (username_size > sizeof (info->username)) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } - + ret = _gnutls_auth_info_set (session, GNUTLS_CRD_SRP, @@ -481,10 +485,10 @@ unpack_srp_auth_info (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - BUFFER_POP(ps, info->username, username_size); + BUFFER_POP (ps, info->username, username_size); ret = 0; - + error: return ret; } @@ -507,44 +511,44 @@ error: * x bytes the public key */ static int -pack_anon_auth_info (gnutls_session_t session, - gnutls_buffer_st * ps) +pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) { int cur_size, ret; anon_auth_info_t info = _gnutls_get_auth_info (session); int size_offset; size_offset = ps->length; - BUFFER_APPEND_NUM(ps, 0); + BUFFER_APPEND_NUM (ps, 0); cur_size = ps->length; if (info) { - BUFFER_APPEND_NUM( ps, info->dh.secret_bits); - BUFFER_APPEND_PFX( ps, info->dh.prime.data, info->dh.prime.size); - BUFFER_APPEND_PFX( ps, info->dh.generator.data, info->dh.generator.size); - BUFFER_APPEND_PFX( ps, info->dh.public_key.data, info->dh.public_key.size); + BUFFER_APPEND_NUM (ps, info->dh.secret_bits); + BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size); + BUFFER_APPEND_PFX (ps, info->dh.generator.data, + info->dh.generator.size); + BUFFER_APPEND_PFX (ps, info->dh.public_key.data, + info->dh.public_key.size); } /* write the real size */ - _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset); + _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset); return 0; } static int -unpack_anon_auth_info (gnutls_session_t session, - gnutls_buffer_st * ps) +unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) { int ret; size_t pack_size; anon_auth_info_t info = NULL; - BUFFER_POP_NUM(ps, pack_size); + BUFFER_POP_NUM (ps, pack_size); if (pack_size == 0) - return 0; /* nothing to be done */ + return 0; /* nothing to be done */ /* client and server have the same auth_info here */ @@ -564,11 +568,11 @@ unpack_anon_auth_info (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - BUFFER_POP_NUM(ps, info->dh.secret_bits); + BUFFER_POP_NUM (ps, info->dh.secret_bits); - BUFFER_POP_DATUM(ps, &info->dh.prime); - BUFFER_POP_DATUM(ps, &info->dh.generator); - BUFFER_POP_DATUM(ps, &info->dh.public_key); + BUFFER_POP_DATUM (ps, &info->dh.prime); + BUFFER_POP_DATUM (ps, &info->dh.generator); + BUFFER_POP_DATUM (ps, &info->dh.public_key); return 0; @@ -624,26 +628,25 @@ pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) hint_len = 0; size_offset = ps->length; - BUFFER_APPEND_NUM(ps, 0); + BUFFER_APPEND_NUM (ps, 0); cur_size = ps->length; - BUFFER_APPEND_PFX(ps, info->username, username_len); - BUFFER_APPEND_PFX(ps, info->hint, hint_len); + BUFFER_APPEND_PFX (ps, info->username, username_len); + BUFFER_APPEND_PFX (ps, info->hint, hint_len); - BUFFER_APPEND_NUM( ps, info->dh.secret_bits); - BUFFER_APPEND_PFX( ps, info->dh.prime.data, info->dh.prime.size); - BUFFER_APPEND_PFX( ps, info->dh.generator.data, info->dh.generator.size); - BUFFER_APPEND_PFX( ps, info->dh.public_key.data, info->dh.public_key.size); + BUFFER_APPEND_NUM (ps, info->dh.secret_bits); + BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size); + BUFFER_APPEND_PFX (ps, info->dh.generator.data, info->dh.generator.size); + BUFFER_APPEND_PFX (ps, info->dh.public_key.data, info->dh.public_key.size); /* write the real size */ - _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset); + _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset); return 0; } static int -unpack_psk_auth_info (gnutls_session_t session, - gnutls_buffer_st * ps) +unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) { size_t username_size, hint_size; int ret; @@ -665,31 +668,31 @@ unpack_psk_auth_info (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - BUFFER_POP_NUM(ps, username_size); - if (username_size > sizeof(info->username)) + BUFFER_POP_NUM (ps, username_size); + if (username_size > sizeof (info->username)) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } - BUFFER_POP(ps, info->username, username_size); + BUFFER_POP (ps, info->username, username_size); - BUFFER_POP_NUM(ps, hint_size); - if (hint_size > sizeof(info->hint)) + BUFFER_POP_NUM (ps, hint_size); + if (hint_size > sizeof (info->hint)) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } - BUFFER_POP(ps, info->hint, hint_size); + BUFFER_POP (ps, info->hint, hint_size); - BUFFER_POP_NUM(ps, info->dh.secret_bits); + BUFFER_POP_NUM (ps, info->dh.secret_bits); - BUFFER_POP_DATUM(ps, &info->dh.prime); - BUFFER_POP_DATUM(ps, &info->dh.generator); - BUFFER_POP_DATUM(ps, &info->dh.public_key); + BUFFER_POP_DATUM (ps, &info->dh.prime); + BUFFER_POP_DATUM (ps, &info->dh.generator); + BUFFER_POP_DATUM (ps, &info->dh.public_key); ret = 0; - + error: _gnutls_free_datum (&info->dh.prime); _gnutls_free_datum (&info->dh.generator); @@ -734,8 +737,7 @@ error: * */ static int -pack_security_parameters (gnutls_session_t session, - gnutls_buffer_st * ps) +pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) { int ret; @@ -743,8 +745,8 @@ pack_security_parameters (gnutls_session_t session, size_t cur_size; record_parameters_st *params; - if ( session->security_parameters.epoch_read - != session->security_parameters.epoch_write) + if (session->security_parameters.epoch_read + != session->security_parameters.epoch_write) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -760,43 +762,50 @@ pack_security_parameters (gnutls_session_t session, /* move after the auth info stuff. */ size_offset = ps->length; - BUFFER_APPEND_NUM(ps, 0); + BUFFER_APPEND_NUM (ps, 0); cur_size = ps->length; - BUFFER_APPEND(ps, &session->security_parameters.entity, 1); - BUFFER_APPEND(ps, &session->security_parameters.kx_algorithm, 1); - BUFFER_APPEND(ps, &session->security_parameters.current_cipher_suite.suite[0], 1); - BUFFER_APPEND(ps, &session->security_parameters.current_cipher_suite.suite[1], 1); - BUFFER_APPEND(ps, ¶ms->compression_algorithm, 1); - BUFFER_APPEND(ps, &session->security_parameters.cert_type, 1); - BUFFER_APPEND(ps, &session->security_parameters.version, 1); + BUFFER_APPEND (ps, &session->security_parameters.entity, 1); + BUFFER_APPEND (ps, &session->security_parameters.kx_algorithm, 1); + BUFFER_APPEND (ps, + &session->security_parameters.current_cipher_suite.suite[0], + 1); + BUFFER_APPEND (ps, + &session->security_parameters.current_cipher_suite.suite[1], + 1); + BUFFER_APPEND (ps, ¶ms->compression_algorithm, 1); + BUFFER_APPEND (ps, &session->security_parameters.cert_type, 1); + BUFFER_APPEND (ps, &session->security_parameters.version, 1); - BUFFER_APPEND(ps, session->security_parameters.master_secret, GNUTLS_MASTER_SIZE); - BUFFER_APPEND(ps, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); - BUFFER_APPEND(ps, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + BUFFER_APPEND (ps, session->security_parameters.master_secret, + GNUTLS_MASTER_SIZE); + BUFFER_APPEND (ps, session->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + BUFFER_APPEND (ps, session->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); - BUFFER_APPEND_NUM(ps, session->security_parameters.session_id_size); - BUFFER_APPEND(ps, session->security_parameters.session_id, session->security_parameters.session_id_size); + BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size); + BUFFER_APPEND (ps, session->security_parameters.session_id, + session->security_parameters.session_id_size); - BUFFER_APPEND_NUM(ps, session->security_parameters.max_record_send_size); - BUFFER_APPEND_NUM(ps, session->security_parameters.max_record_recv_size); - BUFFER_APPEND_NUM(ps, session->security_parameters.timestamp); + BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size); + BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size); + BUFFER_APPEND_NUM (ps, session->security_parameters.timestamp); - _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset); + _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset); return 0; } static int -unpack_security_parameters (gnutls_session_t session, - gnutls_buffer_st * ps) +unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) { size_t pack_size; int ret; time_t timestamp = time (0); - BUFFER_POP_NUM(ps, pack_size); + BUFFER_POP_NUM (ps, pack_size); if (pack_size == 0) return GNUTLS_E_INVALID_REQUEST; @@ -804,30 +813,46 @@ unpack_security_parameters (gnutls_session_t session, memset (&session->internals.resumed_security_parameters, 0, sizeof (session->internals.resumed_security_parameters)); - BUFFER_POP(ps, &session->internals.resumed_security_parameters.entity, 1); - BUFFER_POP(ps, &session->internals.resumed_security_parameters.kx_algorithm, 1); - BUFFER_POP(ps, &session->internals.resumed_security_parameters.current_cipher_suite.suite[0], 1); - BUFFER_POP(ps, &session->internals.resumed_security_parameters. - current_cipher_suite.suite[1], 1); - BUFFER_POP(ps, &session->internals.resumed_compression_method, 1); - BUFFER_POP(ps, &session->internals.resumed_security_parameters.cert_type, 1); - BUFFER_POP(ps, &session->internals.resumed_security_parameters.version, 1); - - BUFFER_POP(ps, &session->internals.resumed_security_parameters.master_secret, - GNUTLS_MASTER_SIZE); - - BUFFER_POP(ps, &session->internals.resumed_security_parameters.client_random, - GNUTLS_RANDOM_SIZE); - BUFFER_POP(ps, &session->internals.resumed_security_parameters.server_random, - GNUTLS_RANDOM_SIZE); - BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.session_id_size); - - BUFFER_POP(ps, &session->internals.resumed_security_parameters.session_id, - session->internals.resumed_security_parameters.session_id_size); - - BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.max_record_send_size); - BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.max_record_recv_size); - BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.timestamp); + BUFFER_POP (ps, &session->internals.resumed_security_parameters.entity, 1); + BUFFER_POP (ps, + &session->internals.resumed_security_parameters.kx_algorithm, + 1); + BUFFER_POP (ps, + &session->internals. + resumed_security_parameters.current_cipher_suite.suite[0], 1); + BUFFER_POP (ps, + &session->internals.resumed_security_parameters. + current_cipher_suite.suite[1], 1); + BUFFER_POP (ps, &session->internals.resumed_compression_method, 1); + BUFFER_POP (ps, &session->internals.resumed_security_parameters.cert_type, + 1); + BUFFER_POP (ps, &session->internals.resumed_security_parameters.version, 1); + + BUFFER_POP (ps, + &session->internals.resumed_security_parameters.master_secret, + GNUTLS_MASTER_SIZE); + + BUFFER_POP (ps, + &session->internals.resumed_security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + BUFFER_POP (ps, + &session->internals.resumed_security_parameters.server_random, + GNUTLS_RANDOM_SIZE); + BUFFER_POP_NUM (ps, + session->internals. + resumed_security_parameters.session_id_size); + + BUFFER_POP (ps, &session->internals.resumed_security_parameters.session_id, + session->internals.resumed_security_parameters.session_id_size); + + BUFFER_POP_NUM (ps, + session->internals. + resumed_security_parameters.max_record_send_size); + BUFFER_POP_NUM (ps, + session->internals. + resumed_security_parameters.max_record_recv_size); + BUFFER_POP_NUM (ps, + session->internals.resumed_security_parameters.timestamp); if (timestamp - session->internals.resumed_security_parameters.timestamp > session->internals.expire_time diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index a2628244ae..13ad46aa07 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -203,8 +203,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, case GNUTLS_PK_DSA: _gnutls_hash_deinit (&td_sha, concat); - if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224) && \ - (hash_algo != GNUTLS_DIG_SHA256)) + if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224) + && (hash_algo != GNUTLS_DIG_SHA256)) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -234,8 +234,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, */ int _gnutls_soft_sign (gnutls_pk_algorithm_t algo, bigint_t * params, - int params_size, const gnutls_datum_t * data, - gnutls_datum_t * signature) + int params_size, const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; @@ -303,7 +303,7 @@ _gnutls_tls_sign (gnutls_session_t session, } } - return gnutls_privkey_sign_hash(pkey, hash_concat, signature); + return gnutls_privkey_sign_hash (pkey, hash_concat, signature); } static int diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index b99210e05d..77a97afa4d 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_SIG_H -# define GNUTLS_SIG_H +#define GNUTLS_SIG_H #include <gnutls/abstract.h> @@ -35,7 +35,7 @@ int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, int _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey_t pkey, + gnutls_privkey_t pkey, gnutls_datum_t * params, gnutls_datum_t * signature, gnutls_sign_algorithm_t * algo); @@ -52,7 +52,8 @@ int _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_sign_algorithm_t algo); int _gnutls_soft_sign (gnutls_pk_algorithm_t algo, - bigint_t * params, int params_size, - const gnutls_datum_t * data, gnutls_datum_t * signature); + bigint_t * params, int params_size, + const gnutls_datum_t * data, + gnutls_datum_t * signature); #endif diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 8a8a844b9a..82ed6d54f8 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -80,7 +80,7 @@ _gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result, } else { - gnutls_assert(); + gnutls_assert (); ret = GNUTLS_E_MPI_PRINT_FAILED; } diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 7e21cf035a..f707fca051 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -167,7 +167,8 @@ _gnutls_session_cert_type_supported (gnutls_session_t session, if (cred == NULL) return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - if (cred->server_get_cert_callback == NULL && cred->get_cert_callback == NULL) + if (cred->server_get_cert_callback == NULL + && cred->get_cert_callback == NULL) { for (i = 0; i < cred->ncerts; i++) { @@ -290,7 +291,7 @@ gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end) } /* Set all NULL algos on epoch 0 */ - _gnutls_epoch_set_null_algos(*session, epoch); + _gnutls_epoch_set_null_algos (*session, epoch); (*session)->security_parameters.epoch_next = 1; @@ -352,12 +353,12 @@ gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end) (*session)->internals.priorities.sr = SR_PARTIAL; #ifdef HAVE_WRITEV - gnutls_transport_set_push_function2(*session, system_writev); + gnutls_transport_set_push_function2 (*session, system_writev); #else - gnutls_transport_set_push_function(*session, system_write); + gnutls_transport_set_push_function (*session, system_write); #endif - gnutls_transport_set_pull_function(*session, system_read); - gnutls_transport_set_errno_function(*session, system_errno); + gnutls_transport_set_pull_function (*session, system_read); + gnutls_transport_set_errno_function (*session, system_errno); return 0; } @@ -394,7 +395,7 @@ gnutls_deinit (gnutls_session_t session) _gnutls_handshake_io_buffer_clear (session); _gnutls_ext_free_session_data (session); - for(i=0; i < MAX_EPOCH_INDEX; i++) + for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL) { _gnutls_epoch_free (session, session->record_parameters[i]); diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h index b600a2ffee..b62300d451 100644 --- a/lib/gnutls_state.h +++ b/lib/gnutls_state.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_STATE_H -# define GNUTLS_STATE_H +#define GNUTLS_STATE_H #include <gnutls_int.h> diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index 2893cabb36..c8d2138667 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -255,15 +255,15 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) if (str->allocd != str->data) { - data->data = gnutls_malloc(str->length); + data->data = gnutls_malloc (str->length); if (data->data == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - memcpy(data->data, str->data, str->length); + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + memcpy (data->data, str->data, str->length); data->size = str->length; - _gnutls_buffer_clear(str); + _gnutls_buffer_clear (str); } else { @@ -277,7 +277,8 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) /* returns data from a string in a constant buffer. */ void -_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data, size_t * req_size) +_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data, + size_t * req_size) { gnutls_datum_t tdata; @@ -310,96 +311,108 @@ _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...) return len; } -static int _gnutls_buffer_insert_data(gnutls_buffer_st * dest, int pos, const void* str, size_t str_size) +static int +_gnutls_buffer_insert_data (gnutls_buffer_st * dest, int pos, const void *str, + size_t str_size) { - size_t orig_length = dest->length; - int ret; + size_t orig_length = dest->length; + int ret; - ret = _gnutls_buffer_resize(dest, dest->length+str_size); /* resize to make space */ - if (ret < 0) - return ret; + ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */ + if (ret < 0) + return ret; - memmove(&dest->data[pos+str_size], &dest->data[pos], orig_length-pos); + memmove (&dest->data[pos + str_size], &dest->data[pos], orig_length - pos); - memcpy(&dest->data[pos], str, str_size); - dest->length += str_size; + memcpy (&dest->data[pos], str, str_size); + dest->length += str_size; - return 0; + return 0; } -static void _gnutls_buffer_delete_data(gnutls_buffer_st * dest, int pos, size_t str_size) +static void +_gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size) { - memmove(&dest->data[pos], &dest->data[pos+str_size], dest->length-pos-str_size); + memmove (&dest->data[pos], &dest->data[pos + str_size], + dest->length - pos - str_size); - dest->length -= str_size; + dest->length -= str_size; - return; + return; } -int _gnutls_buffer_escape(gnutls_buffer_st * dest, const char *const invalid_chars) +int +_gnutls_buffer_escape (gnutls_buffer_st * dest, + const char *const invalid_chars) { - static const char *x = "0123456789ABCDEF"; - int rv = -1; - char t[5]; - int pos = 0; + static const char *x = "0123456789ABCDEF"; + int rv = -1; + char t[5]; + int pos = 0; - /*_PKCS11H_ASSERT (target!=NULL); Not required*/ + /*_PKCS11H_ASSERT (target!=NULL); Not required*/ - while (pos < dest->length) { + while (pos < dest->length) + { - if (dest->data[pos] == '\\' || strchr(invalid_chars, dest->data[pos]) - || !isgraph(dest->data[pos])) { + if (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos]) + || !isgraph (dest->data[pos])) + { - t[0] = '%'; - t[1] = x[(dest->data[pos] & 0xf0) >> 4]; - t[2] = x[(dest->data[pos] & 0x0f) >> 0]; + t[0] = '%'; + t[1] = x[(dest->data[pos] & 0xf0) >> 4]; + t[2] = x[(dest->data[pos] & 0x0f) >> 0]; - _gnutls_buffer_delete_data(dest, pos, 1); + _gnutls_buffer_delete_data (dest, pos, 1); - if (_gnutls_buffer_insert_data(dest, pos, t, 3) < 0) { - rv = -1; - goto cleanup; - } + if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0) + { + rv = -1; + goto cleanup; + } - } - pos++; - } + } + pos++; + } - rv = 0; + rv = 0; - cleanup: +cleanup: - return rv; + return rv; } -int _gnutls_buffer_unescape(gnutls_buffer_st * dest) +int +_gnutls_buffer_unescape (gnutls_buffer_st * dest) { - int rv = -1; - int pos = 0; - - /*_PKCS11H_ASSERT (target!=NULL); Not required*/ - - while (pos < dest->length) { - if (dest->data[pos] == '%') { - char b[3]; - unsigned u; - char x; - b[0] = dest->data[pos+1]; - b[1] = dest->data[pos+2]; - b[2] = '\x0'; - - sscanf(b, "%08x", &u); - x = u & 0xff; - _gnutls_buffer_delete_data(dest, pos, 3); - _gnutls_buffer_insert_data(dest, pos, &x, 1); - } - pos++; - } - - rv = 0; - - return rv; + int rv = -1; + int pos = 0; + + /*_PKCS11H_ASSERT (target!=NULL); Not required*/ + + while (pos < dest->length) + { + if (dest->data[pos] == '%') + { + char b[3]; + unsigned u; + char x; + b[0] = dest->data[pos + 1]; + b[1] = dest->data[pos + 2]; + b[2] = '\x0'; + + sscanf (b, "%08x", &u); + x = u & 0xff; + _gnutls_buffer_delete_data (dest, pos, 3); + _gnutls_buffer_insert_data (dest, pos, &x, 1); + } + pos++; + } + + rv = 0; + + return rv; } @@ -416,7 +429,7 @@ _gnutls_bin2hex (const void *_old, size_t oldlen, const opaque *old = _old; int step = 2; const char empty[] = ""; - + if (separator != NULL && separator[0] != 0) step = 3; else @@ -424,7 +437,7 @@ _gnutls_bin2hex (const void *_old, size_t oldlen, i = j = 0; sprintf (&buffer[j], "%.2x", old[i]); - j+=2; + j += 2; i++; for (; i < oldlen && j + step < buffer_size; j += step) @@ -470,28 +483,30 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, for (i = j = 0; i < hex_size;) { - if (!isxdigit(hex_data[i])) /* skip non-hex such as the ':' in 00:FF */ - { - i++; - continue; - } - - if (j > *bin_size) { - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - hex2_data[0] = hex_data[i]; - hex2_data[1] = hex_data[i + 1]; - i+=2; - - val = strtoul ((char *) hex2_data, NULL, 16); - if (val == ULONG_MAX) { - gnutls_assert (); - return GNUTLS_E_PARSING_ERROR; - } - bin_data[j] = val; - j++; + if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */ + { + i++; + continue; + } + + if (j > *bin_size) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + hex2_data[0] = hex_data[i]; + hex2_data[1] = hex_data[i + 1]; + i += 2; + + val = strtoul ((char *) hex2_data, NULL, 16); + if (val == ULONG_MAX) + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; + } + bin_data[j] = val; + j++; } *bin_size = j; @@ -544,88 +559,104 @@ _gnutls_hostname_compare (const char *certname, return 0; } -int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size) +int +_gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size) { - opaque ss[4]; - _gnutls_write_uint32(data_size, ss); - return _gnutls_buffer_append_data(buf, ss, 4); + opaque ss[4]; + _gnutls_write_uint32 (data_size, ss); + return _gnutls_buffer_append_data (buf, ss, 4); } /* Reads an uint32 number from the buffer. If check is non zero it will also check whether * the number read, is less than the data in the buffer */ -int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t *data_size, int check) +int +_gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size, + int check) { - size_t size; - - if (buf->length < 4) { - gnutls_assert(); - return GNUTLS_E_PARSING_ERROR; + size_t size; + + if (buf->length < 4) + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; } - - size = _gnutls_read_uint32(buf->data); - if (check && size > buf->length-4) { - gnutls_assert(); - return GNUTLS_E_PARSING_ERROR; + + size = _gnutls_read_uint32 (buf->data); + if (check && size > buf->length - 4) + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; } - - buf->data+=4; - buf->length-=4; - - *data_size = size; - - return 0; + + buf->data += 4; + buf->length -= 4; + + *data_size = size; + + return 0; } -int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, gnutls_datum_t* data) +int +_gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, + gnutls_datum_t * data) { - size_t size; - int ret; - - ret = _gnutls_buffer_pop_prefix(buf, &size, 1); - if (ret < 0) { - gnutls_assert(); - return ret; + size_t size; + int ret; + + ret = _gnutls_buffer_pop_prefix (buf, &size, 1); + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (size > 0) { - size_t osize = size; - _gnutls_buffer_pop_datum(buf, data, size); - if (osize != data->size) { - gnutls_assert(); - return GNUTLS_E_PARSING_ERROR; + if (size > 0) + { + size_t osize = size; + _gnutls_buffer_pop_datum (buf, data, size); + if (osize != data->size) + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; } - } else { - data->size = 0; - data->data = NULL; } - - return 0; + else + { + data->size = 0; + data->data = NULL; + } + + return 0; } -int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data, - size_t data_size) +int +_gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data, + size_t data_size) { - _gnutls_buffer_append_prefix(buf, data_size); - if (data_size > 0) - return _gnutls_buffer_append_data(buf, data, data_size); - - return 0; + _gnutls_buffer_append_prefix (buf, data_size); + if (data_size > 0) + return _gnutls_buffer_append_data (buf, data, data_size); + + return 0; } -int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void * data, size_t * data_size) +int +_gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data, + size_t * data_size) { - size_t size; - int ret; - - ret = _gnutls_buffer_pop_prefix(buf, &size, 1); - if (ret < 0) { - gnutls_assert(); - return ret; + size_t size; + int ret; + + ret = _gnutls_buffer_pop_prefix (buf, &size, 1); + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (size > 0) - _gnutls_buffer_pop_data(buf, data, data_size); - - return 0; + if (size > 0) + _gnutls_buffer_pop_data (buf, data, data_size); + + return 0; } diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h index 7d7df473ba..133a7dc667 100644 --- a/lib/gnutls_str.h +++ b/lib/gnutls_str.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_STR_H -# define GNUTLS_STR_H +#define GNUTLS_STR_H #include <gnutls_int.h> #include <gnutls_datum.h> @@ -54,34 +54,39 @@ int _gnutls_buffer_append_data (gnutls_buffer_st *, const void *data, int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size); -int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, - const void *data, size_t data_size); +int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, + const void *data, size_t data_size); void _gnutls_buffer_pop_data (gnutls_buffer_st *, void *, size_t * size); void _gnutls_buffer_pop_datum (gnutls_buffer_st *, gnutls_datum_t *, size_t max_size); -int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t *data_size, int check); +int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size, + int check); -int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void * data, size_t * data_size); +int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data, + size_t * data_size); -int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, gnutls_datum_t* data); +int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, + gnutls_datum_t * data); int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data); -int _gnutls_buffer_escape(gnutls_buffer_st * dest, const char *const invalid_chars); -int _gnutls_buffer_unescape(gnutls_buffer_st * dest); +int _gnutls_buffer_escape (gnutls_buffer_st * dest, + const char *const invalid_chars); +int _gnutls_buffer_unescape (gnutls_buffer_st * dest); #ifndef __attribute__ /* This feature is available in gcc versions 2.5 and later. */ -# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -# define __attribute__(Spec) /* empty */ -# endif +#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) +#define __attribute__(Spec) /* empty */ +#endif #endif -int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...) +int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, + ...) __attribute__ ((format (printf, 2, 3))); char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer, - size_t buffer_size, const char* separator); + size_t buffer_size, const char *separator); int _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, size_t * bin_size); diff --git a/lib/gnutls_supplemental.c b/lib/gnutls_supplemental.c index b2a1dca645..b468b63824 100644 --- a/lib/gnutls_supplemental.c +++ b/lib/gnutls_supplemental.c @@ -52,7 +52,8 @@ typedef int (*supp_recv_func) (gnutls_session_t session, const opaque * data, size_t data_size); -typedef int (*supp_send_func) (gnutls_session_t session, gnutls_buffer_st * buf); +typedef int (*supp_send_func) (gnutls_session_t session, + gnutls_buffer_st * buf); typedef struct { diff --git a/lib/gnutls_supplemental.h b/lib/gnutls_supplemental.h index bf21c25a1f..e0e2fb4af8 100644 --- a/lib/gnutls_supplemental.h +++ b/lib/gnutls_supplemental.h @@ -26,4 +26,5 @@ int _gnutls_parse_supplemental (gnutls_session_t session, const uint8_t * data, int data_size); -int _gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer_st * buf); +int _gnutls_gen_supplemental (gnutls_session_t session, + gnutls_buffer_st * buf); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 039de05cda..802a81db1b 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -212,7 +212,8 @@ _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res) { unsigned int pk = res->cert_list[res->ncerts - 1][0].subject_pk_algorithm; - if (gnutls_privkey_get_pk_algorithm(res->pkey[res->ncerts - 1], NULL) != pk) + if (gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL) != + pk) { gnutls_assert (); return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; @@ -225,7 +226,7 @@ _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res) * gnutls_cert structure. Returns the number of certificates parsed. */ static int -parse_der_cert_mem (gnutls_certificate_credentials_t res, +parse_der_cert_mem (gnutls_certificate_credentials_t res, const void *input_cert, int input_cert_size) { gnutls_datum_t tmp; @@ -233,10 +234,10 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res, gnutls_cert *ccert; int ret; - ccert = gnutls_malloc(sizeof(*ccert)); + ccert = gnutls_malloc (sizeof (*ccert)); if (ccert == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } @@ -244,7 +245,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_free(ccert); + gnutls_free (ccert); return ret; } @@ -256,25 +257,25 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res, { gnutls_assert (); gnutls_x509_crt_deinit (crt); - gnutls_free(ccert); + gnutls_free (ccert); return ret; } ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0); gnutls_x509_crt_deinit (crt); - + if (ret < 0) { - gnutls_assert(); - gnutls_free(ccert); + gnutls_assert (); + gnutls_free (ccert); return ret; } - - ret = certificate_credential_append_crt_list(res, ccert, 1); + + ret = certificate_credential_append_crt_list (res, ccert, 1); if (ret < 0) { - gnutls_assert(); - gnutls_free(ccert); + gnutls_assert (); + gnutls_free (ccert); return ret; } @@ -293,7 +294,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, opaque *ptr2; gnutls_datum_t tmp; int ret, count; - gnutls_cert* certs = NULL; + gnutls_cert *certs = NULL; /* move to the certificate */ @@ -323,7 +324,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, return GNUTLS_E_BASE64_DECODING_ERROR; } - certs = gnutls_realloc_fast (certs, (count+1) * sizeof (gnutls_cert)); + certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert)); if (certs == NULL) { @@ -338,7 +339,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_free(certs); + gnutls_free (certs); return ret; } @@ -370,11 +371,11 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, } while (ptr != NULL); - ret = certificate_credential_append_crt_list(res, certs, count); + ret = certificate_credential_append_crt_list (res, certs, count); if (ret < 0) { - gnutls_assert(); - gnutls_free(certs); + gnutls_assert (); + gnutls_free (certs); return ret; } @@ -392,11 +393,9 @@ read_cert_mem (gnutls_certificate_credentials_t res, const void *cert, int ret; if (type == GNUTLS_X509_FMT_DER) - ret = parse_der_cert_mem (res, - cert, cert_size); + ret = parse_der_cert_mem (res, cert, cert_size); else - ret = parse_pem_cert_mem (res, - cert, cert_size); + ret = parse_pem_cert_mem (res, cert, cert_size); if (ret < 0) { @@ -408,9 +407,9 @@ read_cert_mem (gnutls_certificate_credentials_t res, const void *cert, } static int -_gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t *privkey, - const gnutls_datum_t * raw_key, - gnutls_x509_crt_fmt_t type) +_gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t * privkey, + const gnutls_datum_t * raw_key, + gnutls_x509_crt_fmt_t type) { gnutls_x509_privkey_t tmpkey; int ret; @@ -421,7 +420,7 @@ _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t *privkey, gnutls_assert (); return ret; } - + ret = gnutls_x509_privkey_import (tmpkey, raw_key, type); if (ret < 0) { @@ -430,15 +429,17 @@ _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t *privkey, return ret; } - ret = gnutls_privkey_init(privkey); - if (ret < 0) + ret = gnutls_privkey_init (privkey); + if (ret < 0) { - gnutls_assert(); + gnutls_assert (); gnutls_x509_privkey_deinit (tmpkey); return ret; } - ret = gnutls_privkey_import_x509 (*privkey, tmpkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + ret = + gnutls_privkey_import_x509 (*privkey, tmpkey, + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { gnutls_assert (); @@ -467,36 +468,36 @@ read_key_mem (gnutls_certificate_credentials_t res, tmp.data = (opaque *) key; tmp.size = key_size; - ret = - _gnutls_x509_raw_privkey_to_privkey (&privkey, &tmp, type); + ret = _gnutls_x509_raw_privkey_to_privkey (&privkey, &tmp, type); if (ret < 0) { gnutls_assert (); return ret; } - ret = certificate_credentials_append_pkey(res, privkey); + ret = certificate_credentials_append_pkey (res, privkey); if (ret < 0) { gnutls_assert (); - gnutls_privkey_deinit(privkey); + gnutls_privkey_deinit (privkey); return ret; } - + } else { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - + return 0; } /* Reads a private key from a token. */ -static int read_key_url (gnutls_certificate_credentials_t res, const char* url) +static int +read_key_url (gnutls_certificate_credentials_t res, const char *url) { int ret; gnutls_pkcs11_privkey_t key1 = NULL; @@ -504,167 +505,185 @@ static int read_key_url (gnutls_certificate_credentials_t res, const char* url) /* allocate space for the pkey list */ - - ret = gnutls_pkcs11_privkey_init(&key1); + + ret = gnutls_pkcs11_privkey_init (&key1); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } - - ret = gnutls_pkcs11_privkey_import_url(key1, url, 0); + + ret = gnutls_pkcs11_privkey_import_url (key1, url, 0); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - - ret = gnutls_privkey_init(&pkey); + + ret = gnutls_privkey_init (&pkey); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - ret = gnutls_privkey_import_pkcs11(pkey, key1, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + ret = + gnutls_privkey_import_pkcs11 (pkey, key1, + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - - ret = certificate_credentials_append_pkey(res, pkey); + + ret = certificate_credentials_append_pkey (res, pkey); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; - } + } return 0; cleanup: if (pkey) - gnutls_privkey_deinit(pkey); + gnutls_privkey_deinit (pkey); if (key1) - gnutls_pkcs11_privkey_deinit(key1); + gnutls_pkcs11_privkey_deinit (key1); return ret; } /* Reads a private key from a token. */ -static int read_cas_url (gnutls_certificate_credentials_t res, const char* url) +static int +read_cas_url (gnutls_certificate_credentials_t res, const char *url) { -int ret; -gnutls_x509_crt_t * xcrt_list = NULL; -gnutls_pkcs11_obj_t *pcrt_list=NULL; -unsigned int pcrt_list_size = 0; - - /* FIXME: should we use login? */ - ret = gnutls_pkcs11_obj_list_import_url( NULL, &pcrt_list_size, url, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - return ret; - } - - if (pcrt_list_size == 0) { - gnutls_assert(); - return 0; - } - - pcrt_list = gnutls_malloc(sizeof(*pcrt_list)*pcrt_list_size); - if (pcrt_list == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = gnutls_pkcs11_obj_list_import_url( pcrt_list, &pcrt_list_size, url, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + int ret; + gnutls_x509_crt_t *xcrt_list = NULL; + gnutls_pkcs11_obj_t *pcrt_list = NULL; + unsigned int pcrt_list_size = 0; - xcrt_list = gnutls_malloc(sizeof(*xcrt_list)*pcrt_list_size); - if (xcrt_list == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - ret = gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, pcrt_list, 0); - if (xcrt_list == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } + /* FIXME: should we use login? */ + ret = + gnutls_pkcs11_obj_list_import_url (NULL, &pcrt_list_size, url, + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); + if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_assert (); + return ret; + } + + if (pcrt_list_size == 0) + { + gnutls_assert (); + return 0; + } + + pcrt_list = gnutls_malloc (sizeof (*pcrt_list) * pcrt_list_size); + if (pcrt_list == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + gnutls_pkcs11_obj_list_import_url (pcrt_list, &pcrt_list_size, url, + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + xcrt_list = gnutls_malloc (sizeof (*xcrt_list) * pcrt_list_size); + if (xcrt_list == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + ret = + gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list, + 0); + if (xcrt_list == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + res->x509_ca_list = xcrt_list; + res->x509_ncas = pcrt_list_size; + + gnutls_free (pcrt_list); - res->x509_ca_list = xcrt_list; - res->x509_ncas = pcrt_list_size; - - gnutls_free(pcrt_list); - - return pcrt_list_size; + return pcrt_list_size; cleanup: - gnutls_free(xcrt_list); - gnutls_free(pcrt_list); + gnutls_free (xcrt_list); + gnutls_free (pcrt_list); - return ret; + return ret; } /* Reads a private key from a token. */ -static int read_cert_url (gnutls_certificate_credentials_t res, const char* url) +static int +read_cert_url (gnutls_certificate_credentials_t res, const char *url) { -int ret; -gnutls_x509_crt_t crt; -gnutls_cert * ccert; + int ret; + gnutls_x509_crt_t crt; + gnutls_cert *ccert; - ccert = gnutls_malloc(sizeof(*ccert)); + ccert = gnutls_malloc (sizeof (*ccert)); if (ccert == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - ret = gnutls_x509_crt_init(&crt); + ret = gnutls_x509_crt_init (&crt); if (ret < 0) { - gnutls_assert(); - gnutls_free(ccert); + gnutls_assert (); + gnutls_free (ccert); return ret; } - - ret = gnutls_x509_crt_import_pkcs11_url(crt, url, 0); + + ret = gnutls_x509_crt_import_pkcs11_url (crt, url, 0); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - ret = gnutls_x509_crt_import_pkcs11_url(crt, url, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + ret = + gnutls_x509_crt_import_pkcs11_url (crt, url, + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { - gnutls_assert(); - gnutls_free(ccert); - gnutls_x509_crt_deinit(crt); + gnutls_assert (); + gnutls_free (ccert); + gnutls_x509_crt_deinit (crt); return ret; } ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0); - gnutls_x509_crt_deinit(crt); + gnutls_x509_crt_deinit (crt); if (ret < 0) { - gnutls_assert(); - gnutls_free(ccert); + gnutls_assert (); + gnutls_free (ccert); return ret; } - - ret = certificate_credential_append_crt_list(res, ccert, 1); + + ret = certificate_credential_append_crt_list (res, ccert, 1); if (ret < 0) { - gnutls_assert(); - gnutls_free(ccert); + gnutls_assert (); + gnutls_free (ccert); return ret; } @@ -682,9 +701,10 @@ read_cert_file (gnutls_certificate_credentials_t res, size_t size; char *data; - if (strncmp(certfile, "pkcs11:", 7)==0) { - return read_cert_url(res, certfile); - } + if (strncmp (certfile, "pkcs11:", 7) == 0) + { + return read_cert_url (res, certfile); + } data = read_binary_file (certfile, &size); @@ -712,12 +732,13 @@ read_key_file (gnutls_certificate_credentials_t res, { int ret; size_t size; - char* data; - - if (strncmp(keyfile, "pkcs11:", 7)==0) { - return read_key_url(res, keyfile); - } - + char *data; + + if (strncmp (keyfile, "pkcs11:", 7) == 0) + { + return read_key_url (res, keyfile); + } + data = read_binary_file (keyfile, &size); if (data == NULL) @@ -790,7 +811,9 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res, return 0; } -int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr) +int +certificate_credential_append_crt_list (gnutls_certificate_credentials_t res, + gnutls_cert * crt, int nr) { res->cert_list = gnutls_realloc_fast (res->cert_list, (1 + @@ -818,11 +841,13 @@ int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res } -int certificate_credentials_append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey) +int +certificate_credentials_append_pkey (gnutls_certificate_credentials_t res, + gnutls_privkey_t pkey) { res->pkey = gnutls_realloc_fast (res->pkey, - (1 + res->ncerts) * - sizeof (gnutls_privkey_t)); + (1 + res->ncerts) * + sizeof (gnutls_privkey_t)); if (res->pkey == NULL) { gnutls_assert (); @@ -862,25 +887,25 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, { int ret, i; gnutls_privkey_t pkey; - gnutls_cert* pcerts = NULL; + gnutls_cert *pcerts = NULL; /* this should be first */ - ret = gnutls_privkey_init(&pkey); + ret = gnutls_privkey_init (&pkey); if (ret < 0) { gnutls_assert (); return ret; } - + ret = gnutls_privkey_import_x509 (pkey, key, 0); if (ret < 0) { gnutls_assert (); return ret; } - - ret = certificate_credentials_append_pkey(res, pkey); + + ret = certificate_credentials_append_pkey (res, pkey); if (ret < 0) { gnutls_assert (); @@ -888,10 +913,10 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, } /* load certificates */ - pcerts = gnutls_malloc(sizeof(gnutls_cert)*cert_list_size); + pcerts = gnutls_malloc (sizeof (gnutls_cert) * cert_list_size); if (pcerts == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } @@ -904,14 +929,14 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, return ret; } } - - ret = certificate_credential_append_crt_list(res, pcerts, cert_list_size); - if (ret < 0) + + ret = certificate_credential_append_crt_list (res, pcerts, cert_list_size); + if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } - + res->ncerts++; if ((ret = _gnutls_check_key_cert_match (res)) < 0) @@ -1359,11 +1384,12 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, { int ret, ret2; size_t size; - char* data; - - if (strncmp(cafile, "pkcs11:", 7)==0) { - return read_cas_url(res, cafile); - } + char *data; + + if (strncmp (cafile, "pkcs11:", 7) == 0) + { + return read_cas_url (res, cafile); + } data = read_binary_file (cafile, &size); if (data == NULL) diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 6eed91dfce..f80d136359 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -10,114 +10,124 @@ /* Public key operations */ struct gnutls_pubkey_st; -typedef struct gnutls_pubkey_st* gnutls_pubkey_t; +typedef struct gnutls_pubkey_st *gnutls_pubkey_t; int gnutls_pubkey_init (gnutls_pubkey_t * key); void gnutls_pubkey_deinit (gnutls_pubkey_t key); -int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int* bits); +int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits); -int gnutls_pubkey_import_x509(gnutls_pubkey_t pkey, gnutls_x509_crt_t crt, unsigned int flags); -int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t pkey, gnutls_pkcs11_obj_t crt, unsigned int flags); -int gnutls_pubkey_import_openpgp(gnutls_pubkey_t pkey, - gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flags); +int gnutls_pubkey_import_x509 (gnutls_pubkey_t pkey, gnutls_x509_crt_t crt, + unsigned int flags); +int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey, + gnutls_pkcs11_obj_t crt, unsigned int flags); +int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey, + gnutls_openpgp_crt_t crt, + gnutls_openpgp_keyid_t keyid, + unsigned int flags); int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, - gnutls_digest_algorithm_t * hash, unsigned int *mand); + gnutls_digest_algorithm_t * + hash, unsigned int *mand); int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t crt, - gnutls_datum_t * m, gnutls_datum_t * e); + gnutls_datum_t * m, gnutls_datum_t * e); int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y); + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y); int gnutls_pubkey_export (gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); + unsigned char *output_data, + size_t * output_data_size); -int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage); +int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage); int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage); int gnutls_pubkey_import (gnutls_pubkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); -int gnutls_pubkey_import_pkcs11_url( gnutls_pubkey_t key, const char* url, - unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */); +int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y); + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y); int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t pubkey, - const gnutls_datum_t * m, - const gnutls_datum_t * e); + const gnutls_datum_t * m, + const gnutls_datum_t * e); -int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, - gnutls_pubkey_t key); +int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key); -int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, - gnutls_pubkey_t key); +int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key); int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature); + const gnutls_datum_t * hash, + const gnutls_datum_t * signature); int gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash); + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash); /* Private key operations */ struct gnutls_privkey_st; -typedef struct gnutls_privkey_st* gnutls_privkey_t; +typedef struct gnutls_privkey_st *gnutls_privkey_t; int gnutls_privkey_init (gnutls_privkey_t * key); void gnutls_privkey_deinit (gnutls_privkey_t key); -int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int* bits); +int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, + unsigned int *bits); gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key); #define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1 -int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags); -int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t key, unsigned int flags); -int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey_t key, unsigned int flags); - -int gnutls_privkey_sign_data(gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature); +int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, + gnutls_pkcs11_privkey_t key, + unsigned int flags); +int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, + gnutls_x509_privkey_t key, + unsigned int flags); +int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, + gnutls_openpgp_privkey_t key, + unsigned int flags); + +int gnutls_privkey_sign_data (gnutls_privkey_t signer, + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int gnutls_privkey_sign_hash (gnutls_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); + const gnutls_datum_t * hash, + gnutls_datum_t * signature); -int gnutls_privkey_decrypt_data(gnutls_privkey_t signer, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); +int gnutls_privkey_decrypt_data (gnutls_privkey_t signer, + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); -int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); +int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, - gnutls_privkey_t key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_privkey_t key, + gnutls_digest_algorithm_t dig, + unsigned int flags); #endif diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index 566f8c599f..ee038c71dc 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -1,7 +1,7 @@ /* Typedefs for more compatibility with older GnuTLS. */ #ifndef _GNUTLS_COMPAT_H -# define _GNUTLS_COMPAT_H +#define _GNUTLS_COMPAT_H #ifdef __GNUC__ @@ -112,63 +112,69 @@ #define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER #define LIBGNUTLS_EXTRA_VERSION GNUTLS_VERSION - typedef struct gnutls_retr_st +typedef struct gnutls_retr_st +{ + gnutls_certificate_type_t type; + union { - gnutls_certificate_type_t type; - union - { - gnutls_x509_crt_t *x509; - gnutls_openpgp_crt_t pgp; - } cert; - unsigned int ncerts; /* one for pgp keys */ - - union - { - gnutls_x509_privkey_t x509; - gnutls_openpgp_privkey_t pgp; - } key; - - unsigned int deinit_all; /* if non zero all keys will be deinited */ - } gnutls_retr_st; + gnutls_x509_crt_t *x509; + gnutls_openpgp_crt_t pgp; + } cert; + unsigned int ncerts; /* one for pgp keys */ + + union + { + gnutls_x509_privkey_t x509; + gnutls_openpgp_privkey_t pgp; + } key; + + unsigned int deinit_all; /* if non zero all keys will be deinited */ +} gnutls_retr_st; typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t, - const - gnutls_datum_t * - req_ca_rdn, - int nreqs, - const - gnutls_pk_algorithm_t - * pk_algos, - int - pk_algos_length, - gnutls_retr_st *); + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, + const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_retr_st *); typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t, - gnutls_retr_st *); + gnutls_retr_st *); void gnutls_certificate_client_set_retrieve_function - (gnutls_certificate_credentials_t cred, - gnutls_certificate_client_retrieve_function * func) _GNUTLS_GCC_ATTR_DEPRECATED; -void gnutls_certificate_server_set_retrieve_function - (gnutls_certificate_credentials_t cred, - gnutls_certificate_server_retrieve_function * func) _GNUTLS_GCC_ATTR_DEPRECATED; + (gnutls_certificate_credentials_t cred, + gnutls_certificate_client_retrieve_function * + func) _GNUTLS_GCC_ATTR_DEPRECATED; +void + gnutls_certificate_server_set_retrieve_function + (gnutls_certificate_credentials_t cred, + gnutls_certificate_server_retrieve_function * + func) _GNUTLS_GCC_ATTR_DEPRECATED; /* External signing callback. Experimental. */ - typedef int (*gnutls_sign_func) (gnutls_session_t session, - void *userdata, - gnutls_certificate_type_t cert_type, - const gnutls_datum_t * cert, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); - - void gnutls_sign_callback_set (gnutls_session_t session, - gnutls_sign_func sign_func, void *userdata) _GNUTLS_GCC_ATTR_DEPRECATED; - gnutls_sign_func - gnutls_sign_callback_get (gnutls_session_t session, void **userdata); - - int gnutls_ext_register (int type, - const char *name, - gnutls_ext_parse_type_t parse_type, - gnutls_ext_recv_func recv_func, - gnutls_ext_send_func send_func) _GNUTLS_GCC_ATTR_DEPRECATED; +typedef int (*gnutls_sign_func) (gnutls_session_t session, + void *userdata, + gnutls_certificate_type_t cert_type, + const gnutls_datum_t * cert, + const gnutls_datum_t * hash, + gnutls_datum_t * signature); + +void +gnutls_sign_callback_set (gnutls_session_t session, + gnutls_sign_func sign_func, void *userdata) + _GNUTLS_GCC_ATTR_DEPRECATED; +gnutls_sign_func +gnutls_sign_callback_get (gnutls_session_t session, void **userdata); + + int gnutls_ext_register (int type, + const char *name, + gnutls_ext_parse_type_t parse_type, + gnutls_ext_recv_func recv_func, + gnutls_ext_send_func send_func) + _GNUTLS_GCC_ATTR_DEPRECATED; #endif /* _GNUTLS_COMPAT_H */ diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 61279597dc..072434d352 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -23,7 +23,7 @@ */ #ifndef GNUTLS_CRYPTO_H -# define GNUTLS_CRYPTO_H +#define GNUTLS_CRYPTO_H typedef struct cipher_hd_st *gnutls_cipher_hd_t; @@ -36,9 +36,10 @@ int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle, int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle, void *ciphertext, size_t ciphertextlen); int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext, - size_t ciphertextlen, void* text, size_t textlen); -int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen, - void* ciphertext, size_t ciphertextlen); + size_t ciphertextlen, void *text, size_t textlen); +int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, + size_t textlen, void *ciphertext, + size_t ciphertextlen); void gnutls_cipher_deinit (gnutls_cipher_hd_t handle); int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm); @@ -306,13 +307,13 @@ typedef struct gnutls_crypto_pk /* priority: infinity for backend algorithms, 90 for kernel algorithms, lowest wins */ -# define gnutls_crypto_single_cipher_register(algo, prio, st) \ +#define gnutls_crypto_single_cipher_register(algo, prio, st) \ gnutls_crypto_single_cipher_register2 (algo, prio, \ GNUTLS_CRYPTO_API_VERSION, st) -# define gnutls_crypto_single_mac_register(algo, prio, st) \ +#define gnutls_crypto_single_mac_register(algo, prio, st) \ gnutls_crypto_single_mac_register2 (algo, prio, \ GNUTLS_CRYPTO_API_VERSION, st) -# define gnutls_crypto_single_digest_register(algo, prio, st) \ +#define gnutls_crypto_single_digest_register(algo, prio, st) \ gnutls_crypto_single_digest_register2(algo, prio, \ GNUTLS_CRYPTO_API_VERSION, st) @@ -333,11 +334,11 @@ int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t gnutls_crypto_single_digest_st * s); -# define gnutls_crypto_cipher_register(prio, st) \ +#define gnutls_crypto_cipher_register(prio, st) \ gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -# define gnutls_crypto_mac_register(prio, st) \ +#define gnutls_crypto_mac_register(prio, st) \ gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -# define gnutls_crypto_digest_register(prio, st) \ +#define gnutls_crypto_digest_register(prio, st) \ gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) int gnutls_crypto_cipher_register2 (int priority, int version, @@ -347,11 +348,11 @@ int gnutls_crypto_mac_register2 (int priority, int version, int gnutls_crypto_digest_register2 (int priority, int version, const gnutls_crypto_digest_st * s); -# define gnutls_crypto_rnd_register(prio, st) \ +#define gnutls_crypto_rnd_register(prio, st) \ gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -# define gnutls_crypto_pk_register(prio, st) \ +#define gnutls_crypto_pk_register(prio, st) \ gnutls_crypto_pk_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -# define gnutls_crypto_bigint_register(prio, st) \ +#define gnutls_crypto_bigint_register(prio, st) \ gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) int gnutls_crypto_rnd_register2 (int priority, int version, diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 79bc595b3b..a5b7d35bc0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -35,13 +35,13 @@ #ifndef GNUTLS_H -# define GNUTLS_H +#define GNUTLS_H /* Get size_t. */ #include <stddef.h> /* Get ssize_t. */ #ifndef HAVE_SSIZE_T -# define HAVE_SSIZE_T +#define HAVE_SSIZE_T /* *INDENT-OFF* */ @DEFINE_SSIZE_T@ /* *INDENT-ON* */ @@ -245,8 +245,8 @@ extern "C" GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384, GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512, GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224 - /* If you add anything here, make sure you align with - gnutls_mac_algorithm_t. */ + /* If you add anything here, make sure you align with + gnutls_mac_algorithm_t. */ } gnutls_digest_algorithm_t; /* exported for other gnutls headers. This is the maximum number of @@ -585,21 +585,21 @@ extern "C" * Enumeration of different digital signature algorithms. */ typedef enum - { - GNUTLS_SIGN_UNKNOWN = 0, - GNUTLS_SIGN_RSA_SHA1 = 1, - GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1, - GNUTLS_SIGN_DSA_SHA1 = 2, - GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1, - GNUTLS_SIGN_RSA_MD5 = 3, - GNUTLS_SIGN_RSA_MD2 = 4, - GNUTLS_SIGN_RSA_RMD160 = 5, - GNUTLS_SIGN_RSA_SHA256 = 6, - GNUTLS_SIGN_RSA_SHA384 = 7, - GNUTLS_SIGN_RSA_SHA512 = 8, - GNUTLS_SIGN_RSA_SHA224 = 9, - GNUTLS_SIGN_DSA_SHA224 = 10, - GNUTLS_SIGN_DSA_SHA256 = 11 + { + GNUTLS_SIGN_UNKNOWN = 0, + GNUTLS_SIGN_RSA_SHA1 = 1, + GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1, + GNUTLS_SIGN_DSA_SHA1 = 2, + GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1, + GNUTLS_SIGN_RSA_MD5 = 3, + GNUTLS_SIGN_RSA_MD2 = 4, + GNUTLS_SIGN_RSA_RMD160 = 5, + GNUTLS_SIGN_RSA_SHA256 = 6, + GNUTLS_SIGN_RSA_SHA384 = 7, + GNUTLS_SIGN_RSA_SHA512 = 8, + GNUTLS_SIGN_RSA_SHA224 = 9, + GNUTLS_SIGN_DSA_SHA224 = 10, + GNUTLS_SIGN_DSA_SHA256 = 11 } gnutls_sign_algorithm_t; const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign); @@ -616,14 +616,14 @@ extern "C" * Enumeration of security parameters for passive attacks */ typedef enum - { - GNUTLS_SEC_PARAM_UNKNOWN, - GNUTLS_SEC_PARAM_WEAK, - GNUTLS_SEC_PARAM_LOW, - GNUTLS_SEC_PARAM_NORMAL, - GNUTLS_SEC_PARAM_HIGH, - GNUTLS_SEC_PARAM_ULTRA - } gnutls_sec_param_t; + { + GNUTLS_SEC_PARAM_UNKNOWN, + GNUTLS_SEC_PARAM_WEAK, + GNUTLS_SEC_PARAM_LOW, + GNUTLS_SEC_PARAM_NORMAL, + GNUTLS_SEC_PARAM_HIGH, + GNUTLS_SEC_PARAM_ULTRA + } gnutls_sec_param_t; /* If you want to change this, then also change the define in @@ -685,10 +685,10 @@ extern "C" const char *gnutls_alert_get_name (gnutls_alert_description_t alert); gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, - unsigned int bits); - const char * gnutls_sec_param_get_name (gnutls_sec_param_t param); + unsigned int bits); + const char *gnutls_sec_param_get_name (gnutls_sec_param_t param); unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, - gnutls_sec_param_t param); + gnutls_sec_param_t param); /* get information on the current session */ gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session); @@ -1124,13 +1124,13 @@ extern "C" int gnutls_global_init (void); void gnutls_global_deinit (void); - typedef int (*mutex_init_func)(void** mutex); - typedef int (*mutex_lock_func)(void** mutex); - typedef int (*mutex_unlock_func)(void** mutex); - typedef int (*mutex_deinit_func)(void** mutex); - - void gnutls_global_set_mutex(mutex_init_func init, mutex_deinit_func, - mutex_lock_func, mutex_unlock_func); + typedef int (*mutex_init_func) (void **mutex); + typedef int (*mutex_lock_func) (void **mutex); + typedef int (*mutex_unlock_func) (void **mutex); + typedef int (*mutex_deinit_func) (void **mutex); + + void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func, + mutex_lock_func, mutex_unlock_func); typedef void *(*gnutls_alloc_function) (size_t); typedef void *(*gnutls_calloc_function) (size_t, size_t); @@ -1211,16 +1211,19 @@ extern "C" /* Session stuff */ - typedef struct { - void *iov_base; /* Starting address */ - size_t iov_len; /* Number of bytes to transfer */ + typedef struct + { + void *iov_base; /* Starting address */ + size_t iov_len; /* Number of bytes to transfer */ } giovec_t; typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *, size_t); - typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *, size_t); + typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *, + size_t); - typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, const giovec_t *iov, int iovcnt); + typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, + const giovec_t * iov, int iovcnt); typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t); @@ -1239,14 +1242,14 @@ extern "C" void gnutls_transport_set_push_function2 (gnutls_session_t session, - gnutls_vec_push_func vec_func); + gnutls_vec_push_func vec_func); void gnutls_transport_set_push_function (gnutls_session_t session, gnutls_push_func push_func); void gnutls_transport_set_pull_function (gnutls_session_t session, gnutls_pull_func pull_func); void gnutls_transport_set_errno_function (gnutls_session_t session, - gnutls_errno_func errno_func); + gnutls_errno_func errno_func); void gnutls_transport_set_errno (gnutls_session_t session, int err); void gnutls_transport_set_global_errno (int err); @@ -1460,19 +1463,20 @@ extern "C" typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t; struct gnutls_pkcs11_privkey_st; - typedef struct gnutls_pkcs11_privkey_st* gnutls_pkcs11_privkey_t; + typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t; - typedef enum { - GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */ - GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */ - GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */ + typedef enum + { + GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */ + GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */ + GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */ } gnutls_privkey_type_t; typedef struct gnutls_retr2_st { gnutls_certificate_type_t cert_type; gnutls_privkey_type_t key_type; - + union { gnutls_x509_crt_t *x509; @@ -1525,16 +1529,16 @@ extern "C" */ typedef int gnutls_certificate_retrieve_function (gnutls_session_t, - const - gnutls_datum_t * - req_ca_rdn, - int nreqs, - const - gnutls_pk_algorithm_t - * pk_algos, - int - pk_algos_length, - gnutls_retr2_st *); + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, + const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_retr2_st *); void gnutls_certificate_set_retrieve_function diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h index 9f88fe87b6..462c7a5ffb 100644 --- a/lib/includes/gnutls/gnutlsxx.h +++ b/lib/includes/gnutls/gnutlsxx.h @@ -1,5 +1,5 @@ #ifndef GNUTLSXX_H -# define GNUTLSXX_H +#define GNUTLSXX_H #include <exception> #include <vector> @@ -310,8 +310,7 @@ namespace gnutls gnutls_x509_crt_fmt_t type, const char *password); - void set_retrieve_function (gnutls_certificate_retrieve_function * - func); + void set_retrieve_function (gnutls_certificate_retrieve_function * func); protected: gnutls_certificate_credentials_t cred; diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h index 81b73b7c94..cad2235f1b 100644 --- a/lib/includes/gnutls/openpgp.h +++ b/lib/includes/gnutls/openpgp.h @@ -28,14 +28,14 @@ */ #ifndef GNUTLS_OPENPGP_H -# define GNUTLS_OPENPGP_H +#define GNUTLS_OPENPGP_H -# include <gnutls/gnutls.h> +#include <gnutls/gnutls.h> -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* Openpgp certificate stuff */ @@ -161,7 +161,8 @@ extern "C" gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, unsigned int *bits); - gnutls_sec_param_t gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key); + gnutls_sec_param_t + gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key); int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, const gnutls_datum_t * data, gnutls_openpgp_crt_fmt_t format, @@ -169,18 +170,18 @@ extern "C" unsigned int flags); int gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, - unsigned int flags, const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, const gnutls_datum_t * hash, gnutls_datum_t * signature); int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key, void *fpr, size_t * fprlen); - int - gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t - key, unsigned int idx, - void *fpr, - size_t * fprlen); + int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t + key, unsigned int idx, + void *fpr, + size_t * fprlen); int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, gnutls_openpgp_keyid_t keyid); int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key); @@ -363,8 +364,8 @@ extern "C" (gnutls_certificate_credentials_t c, const char *file, gnutls_openpgp_crt_fmt_t format); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* GNUTLS_OPENPGP_H */ diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 477c9ad22c..95c74d62d0 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -15,68 +15,76 @@ * multiple times if the token is not detected and the retry counter * will be increased. */ -typedef int (*gnutls_pkcs11_token_callback_t)( - void * const global_data, - const char * const label, - const unsigned retry -); +typedef int (*gnutls_pkcs11_token_callback_t) (void *const global_data, + const char *const label, + const unsigned retry); /* flags */ #define GNUTLS_PKCS11_PIN_FINAL_TRY (1<<0) #define GNUTLS_PKCS11_PIN_COUNT_LOW (1<<1) -typedef int (*gnutls_pkcs11_pin_callback_t)(void *userdata, int attempt, - const char *token_url, const char *token_label, - unsigned int flags, char *pin, size_t pin_max); +typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt, + const char *token_url, + const char *token_label, + unsigned int flags, char *pin, + size_t pin_max); struct gnutls_pkcs11_obj_st; -typedef struct gnutls_pkcs11_obj_st* gnutls_pkcs11_obj_t; +typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t; -#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */ -#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */ +#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */ +#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */ /* pkcs11.conf format: * load = /lib/xxx-pkcs11.so * load = /lib/yyy-pkcs11.so */ -int gnutls_pkcs11_init (unsigned int flags, const char* configfile); +int gnutls_pkcs11_init (unsigned int flags, const char *configfile); void gnutls_pkcs11_deinit (void); -void gnutls_pkcs11_set_token_function(gnutls_pkcs11_token_callback_t fn, void *userdata); -void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t callback, void * data); -int gnutls_pkcs11_add_provider (const char * name, const char * params); -int gnutls_pkcs11_obj_init ( gnutls_pkcs11_obj_t *certificate); - -#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ - -typedef enum { - GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ - GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ - GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ +void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, + void *userdata); +void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t callback, + void *data); +int gnutls_pkcs11_add_provider (const char *name, const char *params); +int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * certificate); + +#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ + +typedef enum +{ + GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ + GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ + GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ } gnutls_pkcs11_url_type_t; -int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char * url, - unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */); -int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t, gnutls_pkcs11_url_type_t detailed, char** url); -void gnutls_pkcs11_obj_deinit ( gnutls_pkcs11_obj_t); - -int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj, - void *output_data, size_t * output_data_size); - - -int gnutls_pkcs11_copy_x509_crt(const char* token_url, gnutls_x509_crt_t crt, - const char* label, unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */); -int gnutls_pkcs11_copy_x509_privkey(const char* token_url, - gnutls_x509_privkey_t crt, const char* label, unsigned int key_usage /*GNUTLS_KEY_* */, - unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */); -int gnutls_pkcs11_delete_url(const char* object_url, - unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */); - -typedef enum { - GNUTLS_PKCS11_OBJ_ID_HEX=1, +int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char *url, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); +int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t, + gnutls_pkcs11_url_type_t detailed, + char **url); +void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t); + +int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj, + void *output_data, size_t * output_data_size); + + +int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt, + const char *label, unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); +int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t crt, const char *label, unsigned int key_usage /*GNUTLS_KEY_* */ + , unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); +int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + +typedef enum +{ + GNUTLS_PKCS11_OBJ_ID_HEX = 1, GNUTLS_PKCS11_OBJ_LABEL, GNUTLS_PKCS11_OBJ_TOKEN_LABEL, GNUTLS_PKCS11_OBJ_TOKEN_SERIAL, @@ -89,26 +97,31 @@ typedef enum { GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER } gnutls_pkcs11_obj_info_t; -int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt, gnutls_pkcs11_obj_info_t itype, void* output, size_t* output_size); - -typedef enum { - GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL=1, /* all certificates */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ - GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ - GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ - GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */ +int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, + gnutls_pkcs11_obj_info_t itype, void *output, + size_t * output_size); + +typedef enum +{ + GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ + GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ + GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ + GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */ } gnutls_pkcs11_obj_attr_t; /* token info */ -typedef enum { +typedef enum +{ GNUTLS_PKCS11_TOKEN_LABEL, GNUTLS_PKCS11_TOKEN_SERIAL, GNUTLS_PKCS11_TOKEN_MANUFACTURER, GNUTLS_PKCS11_TOKEN_MODEL } gnutls_pkcs11_token_info_t; -typedef enum { +typedef enum +{ GNUTLS_PKCS11_OBJ_UNKNOWN, GNUTLS_PKCS11_OBJ_X509_CRT, GNUTLS_PKCS11_OBJ_PUBKEY, @@ -117,52 +130,64 @@ typedef enum { GNUTLS_PKCS11_OBJ_DATA } gnutls_pkcs11_obj_type_t; -int gnutls_pkcs11_token_get_url (unsigned int seq, gnutls_pkcs11_url_type_t detailed, char** url); -int gnutls_pkcs11_token_get_info(const char* url, gnutls_pkcs11_token_info_t, void* output, size_t *output_size); +int gnutls_pkcs11_token_get_url (unsigned int seq, + gnutls_pkcs11_url_type_t detailed, + char **url); +int gnutls_pkcs11_token_get_info (const char *url, gnutls_pkcs11_token_info_t, + void *output, size_t * output_size); #define GNUTLS_PKCS11_TOKEN_HW 1 -int gnutls_pkcs11_token_get_flags(const char* url, unsigned int *flags); +int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags); -int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, - unsigned int *const n_list, const char* url, - gnutls_pkcs11_obj_attr_t attrs, - unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */); +int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, + unsigned int *const n_list, + const char *url, + gnutls_pkcs11_obj_attr_t attrs, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); -int gnutls_x509_crt_import_pkcs11( gnutls_x509_crt_t crt, gnutls_pkcs11_obj_t pkcs11_crt); -int gnutls_x509_crt_import_pkcs11_url( gnutls_x509_crt_t crt, const char* url, - unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */); +int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, + gnutls_pkcs11_obj_t pkcs11_crt); +int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); -gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t certificate); -const char* gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t); +gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t + certificate); +const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t); -int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, - unsigned int cert_max, - gnutls_pkcs11_obj_t * const pkcs11_certs, - unsigned int flags/* must be zero */); +int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /* must be zero */ + ); /* private key functions...*/ int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key); void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key); -int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, unsigned int* bits); -int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t crt, gnutls_pkcs11_obj_info_t itype, void* output, size_t* output_size); +int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, + unsigned int *bits); +int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t crt, + gnutls_pkcs11_obj_info_t itype, + void *output, size_t * output_size); int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t key, - const char* url, unsigned int flags); + const char *url, unsigned int flags); -int gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature); +int gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer, + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); + const gnutls_datum_t * hash, + gnutls_datum_t * signature); int -gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, - unsigned int flags, const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); -int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, gnutls_pkcs11_url_type_t detailed, char ** url); +gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); +int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, + gnutls_pkcs11_url_type_t detailed, + char **url); /** @} */ diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h index 8c132fe9ad..6b146218d2 100644 --- a/lib/includes/gnutls/pkcs12.h +++ b/lib/includes/gnutls/pkcs12.h @@ -24,14 +24,14 @@ */ #ifndef GNUTLS_PKCS12_H -# define GNUTLS_PKCS12_H +#define GNUTLS_PKCS12_H -# include <gnutls/x509.h> +#include <gnutls/x509.h> -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* PKCS12 structures handling */ @@ -116,8 +116,8 @@ extern "C" int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx, const char *name); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* GNUTLS_PKCS12_H */ diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 11f8ec9ba8..d9a7e61f6a 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -28,14 +28,14 @@ */ #ifndef GNUTLS_X509_H -# define GNUTLS_X509_H +#define GNUTLS_X509_H -# include <gnutls/gnutls.h> +#include <gnutls/gnutls.h> -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* Some OIDs usually found in Distinguished names, or * in Subject Directory Attribute extensions. @@ -141,7 +141,9 @@ extern "C" unsigned char *output_data, size_t * output_data_size); int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, - gnutls_digest_algorithm_t * hash, unsigned int *mand); + gnutls_digest_algorithm_t + * hash, + unsigned int *mand); int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, const void *id, size_t id_size); @@ -625,7 +627,8 @@ extern "C" int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); - gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key); + gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t + key); int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src); int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, @@ -644,14 +647,14 @@ extern "C" const gnutls_datum_t * q, const gnutls_datum_t * u); int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u, - const gnutls_datum_t *exp1, - const gnutls_datum_t *exp2); + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u, + const gnutls_datum_t * exp1, + const gnutls_datum_t * exp2); int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, @@ -688,10 +691,14 @@ extern "C" void *output_data, size_t * output_data_size); int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t* e1, gnutls_datum_t* e2); + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u, + gnutls_datum_t * e1, + gnutls_datum_t * e2); int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, gnutls_datum_t * m, gnutls_datum_t * e, @@ -709,10 +716,10 @@ extern "C" void *signature, size_t * signature_size); int gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t *signature); + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, unsigned int flags, const gnutls_datum_t * data, @@ -750,7 +757,9 @@ extern "C" const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); int gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, - gnutls_digest_algorithm_t * hash, unsigned int* mand); + gnutls_digest_algorithm_t + * hash, + unsigned int *mand); int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf); @@ -858,8 +867,8 @@ extern "C" void *buf, size_t * sizeof_buf, unsigned int *critical); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* GNUTLS_X509_H */ diff --git a/lib/locks.c b/lib/locks.c index e1ddfc6d79..d3bc2e1fea 100644 --- a/lib/locks.c +++ b/lib/locks.c @@ -48,10 +48,11 @@ * This function must be called before gnutls_global_init(). * **/ -void gnutls_global_set_mutex(mutex_init_func init, mutex_deinit_func deinit, - mutex_lock_func lock, mutex_unlock_func unlock) +void +gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit, + mutex_lock_func lock, mutex_unlock_func unlock) { - if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL) + if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL) return; gnutls_mutex_init = init; diff --git a/lib/locks.h b/lib/locks.h index 0a91d2ffec..e3d3825649 100644 --- a/lib/locks.h +++ b/lib/locks.h @@ -1,5 +1,5 @@ #ifndef GNUTLS_LOCKS_H -# define GNUTLS_LOCKS_H +#define GNUTLS_LOCKS_H #include <gnutls/gnutls.h> #include <gnutls_int.h> diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 66bfee29d0..c0d0b13afa 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -41,80 +41,95 @@ #define MAX_BLOCK_SIZE 32 -typedef void (*encrypt_func)(void*, nettle_crypt_func, unsigned, uint8_t*, unsigned, uint8_t *, const uint8_t *); -typedef void (*decrypt_func)(void*, nettle_crypt_func, unsigned, uint8_t*, unsigned, uint8_t *, const uint8_t *); -typedef void (*setkey_func)(void*, unsigned, const uint8_t*); +typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *, + unsigned, uint8_t *, const uint8_t *); +typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *, + unsigned, uint8_t *, const uint8_t *); +typedef void (*setkey_func) (void *, unsigned, const uint8_t *); -static void stream_encrypt (void* ctx, nettle_crypt_func func, unsigned block_size, uint8_t* iv, unsigned length, uint8_t * dst, const uint8_t * src) +static void +stream_encrypt (void *ctx, nettle_crypt_func func, unsigned block_size, + uint8_t * iv, unsigned length, uint8_t * dst, + const uint8_t * src) { - func(ctx, length, dst, src); + func (ctx, length, dst, src); } struct aes_bidi_ctx { - struct aes_ctx encrypt; - struct aes_ctx decrypt; + struct aes_ctx encrypt; + struct aes_ctx decrypt; }; -static void aes_bidi_setkey (struct aes_bidi_ctx* ctx, unsigned length, const uint8_t *key) +static void +aes_bidi_setkey (struct aes_bidi_ctx *ctx, unsigned length, + const uint8_t * key) { - aes_set_encrypt_key (&ctx->encrypt, length, key); - aes_invert_key (&ctx->decrypt, &ctx->encrypt); + aes_set_encrypt_key (&ctx->encrypt, length, key); + aes_invert_key (&ctx->decrypt, &ctx->encrypt); } -static void aes_bidi_encrypt(struct aes_bidi_ctx *ctx, - unsigned length, uint8_t *dst, const uint8_t *src) +static void +aes_bidi_encrypt (struct aes_bidi_ctx *ctx, + unsigned length, uint8_t * dst, const uint8_t * src) { - aes_encrypt(&ctx->encrypt, length, dst, src); + aes_encrypt (&ctx->encrypt, length, dst, src); } -static void aes_bidi_decrypt(struct aes_bidi_ctx *ctx, - unsigned length, uint8_t *dst, const uint8_t *src) +static void +aes_bidi_decrypt (struct aes_bidi_ctx *ctx, + unsigned length, uint8_t * dst, const uint8_t * src) { - aes_decrypt(&ctx->decrypt, length, dst, src); + aes_decrypt (&ctx->decrypt, length, dst, src); } struct camellia_bidi_ctx { - struct camellia_ctx encrypt; - struct camellia_ctx decrypt; + struct camellia_ctx encrypt; + struct camellia_ctx decrypt; }; -static void camellia_bidi_setkey (struct camellia_bidi_ctx* ctx, unsigned length, const uint8_t *key) +static void +camellia_bidi_setkey (struct camellia_bidi_ctx *ctx, unsigned length, + const uint8_t * key) { - camellia_set_encrypt_key (&ctx->encrypt, length, key); - camellia_invert_key (&ctx->decrypt, &ctx->encrypt); + camellia_set_encrypt_key (&ctx->encrypt, length, key); + camellia_invert_key (&ctx->decrypt, &ctx->encrypt); } -static void camellia_bidi_encrypt(struct camellia_bidi_ctx *ctx, - unsigned length, uint8_t *dst, const uint8_t *src) +static void +camellia_bidi_encrypt (struct camellia_bidi_ctx *ctx, + unsigned length, uint8_t * dst, const uint8_t * src) { - camellia_crypt(&ctx->encrypt, length, dst, src); + camellia_crypt (&ctx->encrypt, length, dst, src); } -static void camellia_bidi_decrypt(struct camellia_bidi_ctx *ctx, - unsigned length, uint8_t *dst, const uint8_t *src) +static void +camellia_bidi_decrypt (struct camellia_bidi_ctx *ctx, + unsigned length, uint8_t * dst, const uint8_t * src) { - camellia_crypt(&ctx->decrypt, length, dst, src); + camellia_crypt (&ctx->decrypt, length, dst, src); } -struct nettle_cipher_ctx { - union { - struct aes_bidi_ctx aes_bidi; - struct camellia_bidi_ctx camellia_bidi; - struct arcfour_ctx arcfour; - struct arctwo_ctx arctwo; - struct des3_ctx des3; - struct des_ctx des; - } ctx; - void *ctx_ptr; - uint8_t iv[MAX_BLOCK_SIZE]; - gnutls_cipher_algorithm_t algo; - size_t block_size; - nettle_crypt_func* i_encrypt; - nettle_crypt_func* i_decrypt; - encrypt_func encrypt; - decrypt_func decrypt; +struct nettle_cipher_ctx +{ + union + { + struct aes_bidi_ctx aes_bidi; + struct camellia_bidi_ctx camellia_bidi; + struct arcfour_ctx arcfour; + struct arctwo_ctx arctwo; + struct des3_ctx des3; + struct des_ctx des; + } ctx; + void *ctx_ptr; + uint8_t iv[MAX_BLOCK_SIZE]; + gnutls_cipher_algorithm_t algo; + size_t block_size; + nettle_crypt_func *i_encrypt; + nettle_crypt_func *i_decrypt; + encrypt_func encrypt; + decrypt_func decrypt; }; @@ -122,178 +137,187 @@ struct nettle_cipher_ctx { static int wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx) { - struct nettle_cipher_ctx* ctx; + struct nettle_cipher_ctx *ctx; - ctx = gnutls_calloc(1, sizeof(*ctx)); - if (ctx == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + ctx = gnutls_calloc (1, sizeof (*ctx)); + if (ctx == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - ctx->algo = algo; + ctx->algo = algo; - switch (algo) { + switch (algo) + { case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: - ctx->encrypt = cbc_encrypt; - ctx->decrypt = cbc_decrypt; - ctx->i_encrypt = (nettle_crypt_func*)camellia_bidi_encrypt; - ctx->i_decrypt = (nettle_crypt_func*)camellia_bidi_decrypt; - ctx->ctx_ptr = &ctx->ctx.camellia_bidi; - ctx->block_size = CAMELLIA_BLOCK_SIZE; - break; + ctx->encrypt = cbc_encrypt; + ctx->decrypt = cbc_decrypt; + ctx->i_encrypt = (nettle_crypt_func *) camellia_bidi_encrypt; + ctx->i_decrypt = (nettle_crypt_func *) camellia_bidi_decrypt; + ctx->ctx_ptr = &ctx->ctx.camellia_bidi; + ctx->block_size = CAMELLIA_BLOCK_SIZE; + break; case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: - ctx->encrypt = cbc_encrypt; - ctx->decrypt = cbc_decrypt; - ctx->i_encrypt = (nettle_crypt_func*)aes_bidi_encrypt; - ctx->i_decrypt = (nettle_crypt_func*)aes_bidi_decrypt; - ctx->ctx_ptr = &ctx->ctx.aes_bidi; - ctx->block_size = AES_BLOCK_SIZE; - break; + ctx->encrypt = cbc_encrypt; + ctx->decrypt = cbc_decrypt; + ctx->i_encrypt = (nettle_crypt_func *) aes_bidi_encrypt; + ctx->i_decrypt = (nettle_crypt_func *) aes_bidi_decrypt; + ctx->ctx_ptr = &ctx->ctx.aes_bidi; + ctx->block_size = AES_BLOCK_SIZE; + break; case GNUTLS_CIPHER_3DES_CBC: - ctx->encrypt = cbc_encrypt; - ctx->decrypt = cbc_decrypt; - ctx->i_encrypt = (nettle_crypt_func*)des3_encrypt; - ctx->i_decrypt = (nettle_crypt_func*)des3_decrypt; - ctx->ctx_ptr = &ctx->ctx.des3; - ctx->block_size = DES3_BLOCK_SIZE; - break; + ctx->encrypt = cbc_encrypt; + ctx->decrypt = cbc_decrypt; + ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt; + ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt; + ctx->ctx_ptr = &ctx->ctx.des3; + ctx->block_size = DES3_BLOCK_SIZE; + break; case GNUTLS_CIPHER_DES_CBC: - ctx->encrypt = cbc_encrypt; - ctx->decrypt = cbc_decrypt; - ctx->i_encrypt = (nettle_crypt_func*)des_encrypt; - ctx->i_decrypt = (nettle_crypt_func*)des_decrypt; - ctx->ctx_ptr = &ctx->ctx.des; - ctx->block_size = DES_BLOCK_SIZE; - break; + ctx->encrypt = cbc_encrypt; + ctx->decrypt = cbc_decrypt; + ctx->i_encrypt = (nettle_crypt_func *) des_encrypt; + ctx->i_decrypt = (nettle_crypt_func *) des_decrypt; + ctx->ctx_ptr = &ctx->ctx.des; + ctx->block_size = DES_BLOCK_SIZE; + break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: - ctx->encrypt = stream_encrypt; - ctx->decrypt = stream_encrypt; - ctx->i_encrypt = (nettle_crypt_func*)arcfour_crypt; - ctx->i_decrypt = (nettle_crypt_func*)arcfour_crypt; - ctx->ctx_ptr = &ctx->ctx.arcfour; - ctx->block_size = 1; - break; + ctx->encrypt = stream_encrypt; + ctx->decrypt = stream_encrypt; + ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt; + ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt; + ctx->ctx_ptr = &ctx->ctx.arcfour; + ctx->block_size = 1; + break; case GNUTLS_CIPHER_RC2_40_CBC: - ctx->encrypt = cbc_encrypt; - ctx->decrypt = cbc_decrypt; - ctx->i_encrypt = (nettle_crypt_func*)arctwo_encrypt; - ctx->i_decrypt = (nettle_crypt_func*)arctwo_decrypt; - ctx->ctx_ptr = &ctx->ctx.arctwo; - ctx->block_size = ARCTWO_BLOCK_SIZE; - break; + ctx->encrypt = cbc_encrypt; + ctx->decrypt = cbc_decrypt; + ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt; + ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt; + ctx->ctx_ptr = &ctx->ctx.arctwo; + ctx->block_size = ARCTWO_BLOCK_SIZE; + break; default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - - *_ctx = ctx; - return 0; + *_ctx = ctx; + + return 0; } static int wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) { - struct nettle_cipher_ctx* ctx = _ctx; - opaque des_key[DES3_KEY_SIZE]; - - switch (ctx->algo) { + struct nettle_cipher_ctx *ctx = _ctx; + opaque des_key[DES3_KEY_SIZE]; + + switch (ctx->algo) + { case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: - aes_bidi_setkey(ctx->ctx_ptr, keysize, key); - break; + aes_bidi_setkey (ctx->ctx_ptr, keysize, key); + break; case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: - camellia_bidi_setkey(ctx->ctx_ptr, keysize, key); - break; + camellia_bidi_setkey (ctx->ctx_ptr, keysize, key); + break; case GNUTLS_CIPHER_3DES_CBC: - if (keysize != DES3_KEY_SIZE) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - des_fix_parity(keysize, des_key, key); - - /* this fails on weak keys */ - if (des3_set_key(ctx->ctx_ptr, des_key)!=1) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - break; + if (keysize != DES3_KEY_SIZE) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + des_fix_parity (keysize, des_key, key); + + /* this fails on weak keys */ + if (des3_set_key (ctx->ctx_ptr, des_key) != 1) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + break; case GNUTLS_CIPHER_DES_CBC: - if (keysize != DES_KEY_SIZE) - { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - des_fix_parity(keysize, des_key, key); - - if (des_set_key(ctx->ctx_ptr, des_key)!=1) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - break; + if (keysize != DES_KEY_SIZE) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + des_fix_parity (keysize, des_key, key); + + if (des_set_key (ctx->ctx_ptr, des_key) != 1) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: - arcfour_set_key(ctx->ctx_ptr, keysize, key); - break; + arcfour_set_key (ctx->ctx_ptr, keysize, key); + break; case GNUTLS_CIPHER_RC2_40_CBC: - arctwo_set_key(ctx->ctx_ptr, keysize, key); - break; + arctwo_set_key (ctx->ctx_ptr, keysize, key); + break; default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - - return 0; + + return 0; } static int wrap_nettle_cipher_setiv (void *_ctx, const void *iv, size_t ivsize) { - struct nettle_cipher_ctx* ctx = _ctx; + struct nettle_cipher_ctx *ctx = _ctx; - if (ivsize > ctx->block_size) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - memcpy(ctx->iv, iv, ivsize); + if (ivsize > ctx->block_size) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + memcpy (ctx->iv, iv, ivsize); - return 0; + return 0; } static int wrap_nettle_cipher_decrypt (void *_ctx, const void *encr, size_t encrsize, - void *plain, size_t plainsize) + void *plain, size_t plainsize) { - struct nettle_cipher_ctx* ctx = _ctx; + struct nettle_cipher_ctx *ctx = _ctx; + + ctx->decrypt (ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv, + encrsize, plain, encr); - ctx->decrypt(ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv, encrsize, plain, encr); - - return 0; + return 0; } static int wrap_nettle_cipher_encrypt (void *_ctx, const void *plain, size_t plainsize, - void *encr, size_t encrsize) + void *encr, size_t encrsize) { - struct nettle_cipher_ctx* ctx = _ctx; + struct nettle_cipher_ctx *ctx = _ctx; + + ctx->encrypt (ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv, + plainsize, encr, plain); - ctx->encrypt(ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv, plainsize, encr, plain); - - return 0; + return 0; } static void wrap_nettle_cipher_close (void *h) { - gnutls_free(h); + gnutls_free (h); } gnutls_crypto_cipher_st _gnutls_cipher_ops = { diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c index 09c5ad8906..4e720e4921 100644 --- a/lib/nettle/egd.c +++ b/lib/nettle/egd.c @@ -40,80 +40,86 @@ static int egd_socket = -1; static int -do_write( int fd, void *buf, size_t nbytes ) +do_write (int fd, void *buf, size_t nbytes) { size_t nleft = nbytes; int nwritten; - - while( nleft > 0 ) + + while (nleft > 0) { - nwritten = write( fd, buf, nleft); - if( nwritten < 0 ) - { - if( errno == EINTR ) - continue; - return -1; + nwritten = write (fd, buf, nleft); + if (nwritten < 0) + { + if (errno == EINTR) + continue; + return -1; } nleft -= nwritten; - buf = (char*)buf + nwritten; + buf = (char *) buf + nwritten; } return 0; } static int -do_read( int fd, void *buf, size_t nbytes ) +do_read (int fd, void *buf, size_t nbytes) { int n, nread = 0; do { do - { - n = read(fd, (char*)buf + nread, nbytes ); - } - while( n == -1 && errno == EINTR ); - if( n == -1) - return nread? nread:-1; - if( n == 0) - return -1; + { + n = read (fd, (char *) buf + nread, nbytes); + } + while (n == -1 && errno == EINTR); + if (n == -1) + return nread ? nread : -1; + if (n == 0) + return -1; nread += n; nbytes -= n; - } - while( nread < nbytes ); + } + while (nread < nbytes); return nread; } -static const char* egd_names[] = { - "/var/run/egd-pool", - "/dev/egd-pool", - "/etc/egd-pool", - "/etc/entropy", - "/var/run/entropy", +static const char *egd_names[] = { + "/var/run/egd-pool", + "/dev/egd-pool", + "/etc/egd-pool", + "/etc/entropy", + "/var/run/entropy", "/dev/entropy", - NULL + NULL }; -static const char* find_egd_name(void) +static const char * +find_egd_name (void) { -int i = 0; -struct stat st; - - do { - if (stat(egd_names[i], &st) != 0) continue; - - if (st.st_mode & S_IFSOCK) { /* found */ - return egd_names[i]; + int i = 0; + struct stat st; + + do + { + if (stat (egd_names[i], &st) != 0) + continue; + + if (st.st_mode & S_IFSOCK) + { /* found */ + return egd_names[i]; + } + } - - } while(egd_names[++i] != NULL); - + while (egd_names[++i] != NULL); + return NULL; } /* Connect to the EGD and return the file descriptor. Return -1 on error. With NOFAIL set to true, silently fail and return the error, otherwise print an error message and die. */ -int _rndegd_connect_socket (void) +int +_rndegd_connect_socket (void) { int fd; const char *name; @@ -126,30 +132,31 @@ int _rndegd_connect_socket (void) egd_socket = -1; } - name = find_egd_name(); + name = find_egd_name (); - if (strlen(name)+1 >= sizeof addr.sun_path) + if (strlen (name) + 1 >= sizeof addr.sun_path) { _gnutls_debug_log ("EGD socketname is too long\n"); return -1; } - - memset( &addr, 0, sizeof addr ); + + memset (&addr, 0, sizeof addr); addr.sun_family = AF_LOCAL; - strcpy( addr.sun_path, name ); - addr_len = (offsetof( struct sockaddr_un, sun_path ) - + strlen( addr.sun_path )); - - fd = socket(AF_LOCAL, SOCK_STREAM, 0); + strcpy (addr.sun_path, name); + addr_len = (offsetof (struct sockaddr_un, sun_path) + + strlen (addr.sun_path)); + + fd = socket (AF_LOCAL, SOCK_STREAM, 0); if (fd == -1) { - _gnutls_debug_log("can't create unix domain socket: %s\n", strerror(errno) ); + _gnutls_debug_log ("can't create unix domain socket: %s\n", + strerror (errno)); return -1; } - else if (connect (fd, (struct sockaddr*)&addr, addr_len) == -1) + else if (connect (fd, (struct sockaddr *) &addr, addr_len) == -1) { - _gnutls_debug_log("can't connect to EGD socket `%s': %s\n", - name, strerror(errno) ); + _gnutls_debug_log ("can't connect to EGD socket `%s': %s\n", + name, strerror (errno)); close (fd); fd = -1; } @@ -167,20 +174,21 @@ int _rndegd_connect_socket (void) * Using a level of 0 should never block and better add nothing * to the pool. So this is just a dummy for EGD. */ -int _rndegd_read (int * fd, void* _output, size_t _length) +int +_rndegd_read (int *fd, void *_output, size_t _length) { int n; - uint8_t buffer[256+2]; + uint8_t buffer[256 + 2]; int nbytes; int do_restart = 0; - unsigned char* output = _output; + unsigned char *output = _output; size_t length = _length; - if( !length ) + if (!length) return 0; - restart: +restart: if (*fd == -1 || do_restart) *fd = _rndegd_connect_socket (); @@ -188,68 +196,68 @@ int _rndegd_read (int * fd, void* _output, size_t _length) nbytes = length < 255 ? length : 255; /* First time we do it with a non blocking request */ - buffer[0] = 1; /* non blocking */ + buffer[0] = 1; /* non blocking */ buffer[1] = nbytes; - if( do_write( *fd, buffer, 2 ) == -1 ) - _gnutls_debug_log("can't write to the EGD: %s\n", strerror(errno) ); + if (do_write (*fd, buffer, 2) == -1) + _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno)); - n = do_read( *fd, buffer, 1 ); - if( n == -1 ) + n = do_read (*fd, buffer, 1); + if (n == -1) { - _gnutls_debug_log("read error on EGD: %s\n", strerror(errno)); + _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno)); do_restart = 1; goto restart; } n = buffer[0]; - if( n ) + if (n) { - n = do_read( *fd, buffer, n ); - if( n == -1 ) - { - _gnutls_debug_log("read error on EGD: %s\n", strerror(errno)); - do_restart = 1; - goto restart; + n = do_read (*fd, buffer, n); + if (n == -1) + { + _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno)); + do_restart = 1; + goto restart; } if (n > length) - { - _gnutls_debug_log("read error on EGD: returned more bytes!\n"); - n = length; - } + { + _gnutls_debug_log ("read error on EGD: returned more bytes!\n"); + n = length; + } - memcpy(output, buffer, n); + memcpy (output, buffer, n); output += n; length -= n; } - while( length ) + while (length) { - nbytes = length < 255? length : 255; + nbytes = length < 255 ? length : 255; - buffer[0] = 2; /* blocking */ + buffer[0] = 2; /* blocking */ buffer[1] = nbytes; - if( do_write( *fd, buffer, 2 ) == -1 ) - _gnutls_debug_log("can't write to the EGD: %s\n", strerror(errno) ); - n = do_read( *fd, buffer, nbytes ); - if( n == -1 ) - { - _gnutls_debug_log("read error on EGD: %s\n", strerror(errno)); - do_restart = 1; - goto restart; + if (do_write (*fd, buffer, 2) == -1) + _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno)); + n = do_read (*fd, buffer, nbytes); + if (n == -1) + { + _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno)); + do_restart = 1; + goto restart; } if (n > length) - { - _gnutls_debug_log("read error on EGD: returned more bytes!\n"); - n = length; - } - - memcpy(output, buffer, n); + { + _gnutls_debug_log ("read error on EGD: returned more bytes!\n"); + n = length; + } + + memcpy (output, buffer, n); output += n; length -= n; } - return _length; /* success */ + return _length; /* success */ } diff --git a/lib/nettle/egd.h b/lib/nettle/egd.h index 74f3ed968b..88f605b835 100644 --- a/lib/nettle/egd.h +++ b/lib/nettle/egd.h @@ -1,2 +1,2 @@ -int _rndegd_read (int * fd, void* output, size_t length); +int _rndegd_read (int *fd, void *output, size_t length); int _rndegd_connect_socket (void); diff --git a/lib/nettle/init.c b/lib/nettle/init.c index 868ddc6898..446083c14d 100644 --- a/lib/nettle/init.c +++ b/lib/nettle/init.c @@ -31,7 +31,8 @@ /* Functions that refer to the initialization of the libgcrypt library. */ -int gnutls_crypto_init(void) +int +gnutls_crypto_init (void) { - return 0; + return 0; } diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index 71b9d012cb..a0b3ee098f 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -37,276 +37,292 @@ typedef void (*update_func) (void *, unsigned, const uint8_t *); typedef void (*digest_func) (void *, unsigned, uint8_t *); typedef void (*set_key_func) (void *, unsigned, const uint8_t *); -static int wrap_nettle_hash_init(gnutls_mac_algorithm_t algo, void **_ctx); - -struct nettle_hash_ctx { - union { - struct md5_ctx md5; - struct md2_ctx md2; - struct sha224_ctx sha224; - struct sha256_ctx sha256; - struct sha384_ctx sha384; - struct sha512_ctx sha512; - struct sha1_ctx sha1; - } ctx; - void *ctx_ptr; - gnutls_mac_algorithm_t algo; - size_t length; - update_func update; - digest_func digest; +static int wrap_nettle_hash_init (gnutls_mac_algorithm_t algo, void **_ctx); + +struct nettle_hash_ctx +{ + union + { + struct md5_ctx md5; + struct md2_ctx md2; + struct sha224_ctx sha224; + struct sha256_ctx sha256; + struct sha384_ctx sha384; + struct sha512_ctx sha512; + struct sha1_ctx sha1; + } ctx; + void *ctx_ptr; + gnutls_mac_algorithm_t algo; + size_t length; + update_func update; + digest_func digest; }; -struct nettle_hmac_ctx { - union { - struct hmac_md5_ctx md5; - struct hmac_sha224_ctx sha224; - struct hmac_sha256_ctx sha256; - struct hmac_sha384_ctx sha384; - struct hmac_sha512_ctx sha512; - struct hmac_sha1_ctx sha1; - } ctx; - void *ctx_ptr; - gnutls_mac_algorithm_t algo; - size_t length; - update_func update; - digest_func digest; - set_key_func setkey; +struct nettle_hmac_ctx +{ + union + { + struct hmac_md5_ctx md5; + struct hmac_sha224_ctx sha224; + struct hmac_sha256_ctx sha256; + struct hmac_sha384_ctx sha384; + struct hmac_sha512_ctx sha512; + struct hmac_sha1_ctx sha1; + } ctx; + void *ctx_ptr; + gnutls_mac_algorithm_t algo; + size_t length; + update_func update; + digest_func digest; + set_key_func setkey; }; -static int wrap_nettle_hmac_init(gnutls_mac_algorithm_t algo, void **_ctx) +static int +wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx) { - struct nettle_hmac_ctx* ctx; + struct nettle_hmac_ctx *ctx; - ctx = gnutls_malloc(sizeof(struct nettle_hmac_ctx)); - if (ctx == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + ctx = gnutls_malloc (sizeof (struct nettle_hmac_ctx)); + if (ctx == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - ctx->algo = algo; + ctx->algo = algo; - switch (algo) { + switch (algo) + { case GNUTLS_MAC_MD5: - ctx->update = (update_func)hmac_md5_update; - ctx->digest = (digest_func)hmac_md5_digest; - ctx->setkey = (set_key_func)hmac_md5_set_key; - ctx->ctx_ptr = &ctx->ctx.md5; - ctx->length = MD5_DIGEST_SIZE; - break; + ctx->update = (update_func) hmac_md5_update; + ctx->digest = (digest_func) hmac_md5_digest; + ctx->setkey = (set_key_func) hmac_md5_set_key; + ctx->ctx_ptr = &ctx->ctx.md5; + ctx->length = MD5_DIGEST_SIZE; + break; case GNUTLS_MAC_SHA1: - ctx->update = (update_func)hmac_sha1_update; - ctx->digest = (digest_func)hmac_sha1_digest; - ctx->setkey = (set_key_func)hmac_sha1_set_key; - ctx->ctx_ptr = &ctx->ctx.sha1; - ctx->length = SHA1_DIGEST_SIZE; - break; + ctx->update = (update_func) hmac_sha1_update; + ctx->digest = (digest_func) hmac_sha1_digest; + ctx->setkey = (set_key_func) hmac_sha1_set_key; + ctx->ctx_ptr = &ctx->ctx.sha1; + ctx->length = SHA1_DIGEST_SIZE; + break; case GNUTLS_MAC_SHA224: - ctx->update = (update_func)hmac_sha224_update; - ctx->digest = (digest_func)hmac_sha224_digest; - ctx->setkey = (set_key_func)hmac_sha224_set_key; - ctx->ctx_ptr = &ctx->ctx.sha224; - ctx->length = SHA224_DIGEST_SIZE; - break; + ctx->update = (update_func) hmac_sha224_update; + ctx->digest = (digest_func) hmac_sha224_digest; + ctx->setkey = (set_key_func) hmac_sha224_set_key; + ctx->ctx_ptr = &ctx->ctx.sha224; + ctx->length = SHA224_DIGEST_SIZE; + break; case GNUTLS_MAC_SHA256: - ctx->update = (update_func)hmac_sha256_update; - ctx->digest = (digest_func)hmac_sha256_digest; - ctx->setkey = (set_key_func)hmac_sha256_set_key; - ctx->ctx_ptr = &ctx->ctx.sha256; - ctx->length = SHA256_DIGEST_SIZE; - break; + ctx->update = (update_func) hmac_sha256_update; + ctx->digest = (digest_func) hmac_sha256_digest; + ctx->setkey = (set_key_func) hmac_sha256_set_key; + ctx->ctx_ptr = &ctx->ctx.sha256; + ctx->length = SHA256_DIGEST_SIZE; + break; case GNUTLS_MAC_SHA384: - ctx->update = (update_func)hmac_sha384_update; - ctx->digest = (digest_func)hmac_sha384_digest; - ctx->setkey = (set_key_func)hmac_sha384_set_key; - ctx->ctx_ptr = &ctx->ctx.sha384; - ctx->length = SHA384_DIGEST_SIZE; - break; + ctx->update = (update_func) hmac_sha384_update; + ctx->digest = (digest_func) hmac_sha384_digest; + ctx->setkey = (set_key_func) hmac_sha384_set_key; + ctx->ctx_ptr = &ctx->ctx.sha384; + ctx->length = SHA384_DIGEST_SIZE; + break; case GNUTLS_MAC_SHA512: - ctx->update = (update_func)hmac_sha512_update; - ctx->digest = (digest_func)hmac_sha512_digest; - ctx->setkey = (set_key_func)hmac_sha512_set_key; - ctx->ctx_ptr = &ctx->ctx.sha512; - ctx->length = SHA512_DIGEST_SIZE; - break; + ctx->update = (update_func) hmac_sha512_update; + ctx->digest = (digest_func) hmac_sha512_digest; + ctx->setkey = (set_key_func) hmac_sha512_set_key; + ctx->ctx_ptr = &ctx->ctx.sha512; + ctx->length = SHA512_DIGEST_SIZE; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - *_ctx = ctx; + *_ctx = ctx; - return 0; + return 0; } -static int wrap_nettle_hmac_setkey(void *_ctx, const void *key, size_t keylen) +static int +wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen) { - struct nettle_hmac_ctx *ctx = _ctx; - - ctx->setkey(ctx->ctx_ptr, keylen, key); + struct nettle_hmac_ctx *ctx = _ctx; + + ctx->setkey (ctx->ctx_ptr, keylen, key); - return GNUTLS_E_SUCCESS; + return GNUTLS_E_SUCCESS; } static int -wrap_nettle_hmac_update(void *_ctx, const void *text, size_t textsize) +wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize) { - struct nettle_hmac_ctx *ctx = _ctx; + struct nettle_hmac_ctx *ctx = _ctx; - ctx->update(ctx->ctx_ptr, textsize, text); + ctx->update (ctx->ctx_ptr, textsize, text); - return GNUTLS_E_SUCCESS; + return GNUTLS_E_SUCCESS; } static int -wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize) +wrap_nettle_hash_update (void *_ctx, const void *text, size_t textsize) { - struct nettle_hash_ctx *ctx = _ctx; + struct nettle_hash_ctx *ctx = _ctx; - ctx->update(ctx->ctx_ptr, textsize, text); + ctx->update (ctx->ctx_ptr, textsize, text); - return GNUTLS_E_SUCCESS; + return GNUTLS_E_SUCCESS; } -static int wrap_nettle_hash_copy(void **bhd, void *ahd) +static int +wrap_nettle_hash_copy (void **bhd, void *ahd) { - struct nettle_hash_ctx *ctx = ahd; - struct nettle_hash_ctx *dst_ctx; - int ret; - - ret = wrap_nettle_hash_init(ctx->algo, bhd); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - dst_ctx = *bhd; - - memcpy(&dst_ctx->ctx, &ctx->ctx, sizeof(ctx->ctx)); - - return 0; + struct nettle_hash_ctx *ctx = ahd; + struct nettle_hash_ctx *dst_ctx; + int ret; + + ret = wrap_nettle_hash_init (ctx->algo, bhd); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + dst_ctx = *bhd; + + memcpy (&dst_ctx->ctx, &ctx->ctx, sizeof (ctx->ctx)); + + return 0; } -static void wrap_nettle_md_close(void *hd) +static void +wrap_nettle_md_close (void *hd) { - gnutls_free(hd); + gnutls_free (hd); } -static int wrap_nettle_hash_init(gnutls_mac_algorithm_t algo, void **_ctx) +static int +wrap_nettle_hash_init (gnutls_mac_algorithm_t algo, void **_ctx) { - struct nettle_hash_ctx* ctx; + struct nettle_hash_ctx *ctx; - ctx = gnutls_malloc(sizeof(struct nettle_hash_ctx)); - if (ctx == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + ctx = gnutls_malloc (sizeof (struct nettle_hash_ctx)); + if (ctx == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - ctx->algo = algo; + ctx->algo = algo; - switch (algo) { + switch (algo) + { case GNUTLS_DIG_MD5: - md5_init(&ctx->ctx.md5); - ctx->update = (update_func)md5_update; - ctx->digest = (digest_func)md5_digest; - ctx->ctx_ptr = &ctx->ctx.md5; - ctx->length = MD5_DIGEST_SIZE; - break; + md5_init (&ctx->ctx.md5); + ctx->update = (update_func) md5_update; + ctx->digest = (digest_func) md5_digest; + ctx->ctx_ptr = &ctx->ctx.md5; + ctx->length = MD5_DIGEST_SIZE; + break; case GNUTLS_DIG_SHA1: - sha1_init(&ctx->ctx.sha1); - ctx->update = (update_func)sha1_update; - ctx->digest = (digest_func)sha1_digest; - ctx->ctx_ptr = &ctx->ctx.sha1; - ctx->length = SHA1_DIGEST_SIZE; - break; + sha1_init (&ctx->ctx.sha1); + ctx->update = (update_func) sha1_update; + ctx->digest = (digest_func) sha1_digest; + ctx->ctx_ptr = &ctx->ctx.sha1; + ctx->length = SHA1_DIGEST_SIZE; + break; case GNUTLS_DIG_MD2: - md2_init(&ctx->ctx.md2); - ctx->update = (update_func)md2_update; - ctx->digest = (digest_func)md2_digest; - ctx->ctx_ptr = &ctx->ctx.md2; - ctx->length = MD2_DIGEST_SIZE; - break; + md2_init (&ctx->ctx.md2); + ctx->update = (update_func) md2_update; + ctx->digest = (digest_func) md2_digest; + ctx->ctx_ptr = &ctx->ctx.md2; + ctx->length = MD2_DIGEST_SIZE; + break; case GNUTLS_DIG_SHA224: - sha224_init(&ctx->ctx.sha224); - ctx->update = (update_func)sha224_update; - ctx->digest = (digest_func)sha224_digest; - ctx->ctx_ptr = &ctx->ctx.sha224; - ctx->length = SHA224_DIGEST_SIZE; - break; + sha224_init (&ctx->ctx.sha224); + ctx->update = (update_func) sha224_update; + ctx->digest = (digest_func) sha224_digest; + ctx->ctx_ptr = &ctx->ctx.sha224; + ctx->length = SHA224_DIGEST_SIZE; + break; case GNUTLS_DIG_SHA256: - sha256_init(&ctx->ctx.sha256); - ctx->update = (update_func)sha256_update; - ctx->digest = (digest_func)sha256_digest; - ctx->ctx_ptr = &ctx->ctx.sha256; - ctx->length = SHA256_DIGEST_SIZE; - break; + sha256_init (&ctx->ctx.sha256); + ctx->update = (update_func) sha256_update; + ctx->digest = (digest_func) sha256_digest; + ctx->ctx_ptr = &ctx->ctx.sha256; + ctx->length = SHA256_DIGEST_SIZE; + break; case GNUTLS_DIG_SHA384: - sha384_init(&ctx->ctx.sha384); - ctx->update = (update_func)sha384_update; - ctx->digest = (digest_func)sha384_digest; - ctx->ctx_ptr = &ctx->ctx.sha384; - ctx->length = SHA384_DIGEST_SIZE; - break; + sha384_init (&ctx->ctx.sha384); + ctx->update = (update_func) sha384_update; + ctx->digest = (digest_func) sha384_digest; + ctx->ctx_ptr = &ctx->ctx.sha384; + ctx->length = SHA384_DIGEST_SIZE; + break; case GNUTLS_DIG_SHA512: - sha512_init(&ctx->ctx.sha512); - ctx->update = (update_func)sha512_update; - ctx->digest = (digest_func)sha512_digest; - ctx->ctx_ptr = &ctx->ctx.sha512; - ctx->length = SHA512_DIGEST_SIZE; - break; + sha512_init (&ctx->ctx.sha512); + ctx->update = (update_func) sha512_update; + ctx->digest = (digest_func) sha512_digest; + ctx->ctx_ptr = &ctx->ctx.sha512; + ctx->length = SHA512_DIGEST_SIZE; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - - *_ctx = ctx; - return 0; + *_ctx = ctx; + + return 0; } static int -wrap_nettle_hash_output(void *src_ctx, void *digest, size_t digestsize) +wrap_nettle_hash_output (void *src_ctx, void *digest, size_t digestsize) { - struct nettle_hash_ctx *ctx; - ctx = src_ctx; + struct nettle_hash_ctx *ctx; + ctx = src_ctx; - if (digestsize < ctx->length) { - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (digestsize < ctx->length) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest (ctx->ctx_ptr, digestsize, digest); - return 0; + return 0; } static int -wrap_nettle_hmac_output(void *src_ctx, void *digest, size_t digestsize) +wrap_nettle_hmac_output (void *src_ctx, void *digest, size_t digestsize) { - struct nettle_hmac_ctx *ctx; - ctx = src_ctx; + struct nettle_hmac_ctx *ctx; + ctx = src_ctx; - if (digestsize < ctx->length) { - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (digestsize < ctx->length) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - ctx->digest(ctx->ctx_ptr, digestsize, digest); + ctx->digest (ctx->ctx_ptr, digestsize, digest); - return 0; + return 0; } gnutls_crypto_mac_st _gnutls_mac_ops = { - .init = wrap_nettle_hmac_init, - .setkey = wrap_nettle_hmac_setkey, - .hash = wrap_nettle_hmac_update, - .output = wrap_nettle_hmac_output, - .deinit = wrap_nettle_md_close, + .init = wrap_nettle_hmac_init, + .setkey = wrap_nettle_hmac_setkey, + .hash = wrap_nettle_hmac_update, + .output = wrap_nettle_hmac_output, + .deinit = wrap_nettle_md_close, }; gnutls_crypto_digest_st _gnutls_digest_ops = { - .init = wrap_nettle_hash_init, - .hash = wrap_nettle_hash_update, - .copy = wrap_nettle_hash_copy, - .output = wrap_nettle_hash_output, - .deinit = wrap_nettle_md_close, + .init = wrap_nettle_hash_init, + .hash = wrap_nettle_hash_update, + .copy = wrap_nettle_hash_copy, + .output = wrap_nettle_hash_output, + .deinit = wrap_nettle_md_close, }; diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c index 3c9b7901c2..2f374028dd 100644 --- a/lib/nettle/mpi.c +++ b/lib/nettle/mpi.c @@ -38,340 +38,371 @@ #define TOMPZ(x) (*((mpz_t*)(x))) static int -wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes, - gnutls_bigint_format_t format) +wrap_nettle_mpi_print (const bigint_t a, void *buffer, size_t * nbytes, + gnutls_bigint_format_t format) { - unsigned int size; - mpz_t *p = (void*)a; - - if (format == GNUTLS_MPI_FORMAT_USG) { - size = nettle_mpz_sizeinbase_256_u(*p); - } else if (format == GNUTLS_MPI_FORMAT_STD) { - size = nettle_mpz_sizeinbase_256_s(*p); - } else if (format == GNUTLS_MPI_FORMAT_PGP) { - size = nettle_mpz_sizeinbase_256_u(*p) + 2; - } else { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (buffer==NULL || size > *nbytes) { - *nbytes=size; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - if (format == GNUTLS_MPI_FORMAT_PGP) { - opaque *buf = buffer; - unsigned int nbits = _gnutls_mpi_get_nbits(a); - buf[0] = (nbits >> 8) & 0xff; - buf[1] = (nbits) & 0xff; - nettle_mpz_get_str_256(size-2, buf+2, *p); - } else { - nettle_mpz_get_str_256(size, buffer, *p); - } - *nbytes=size; - - return 0; + unsigned int size; + mpz_t *p = (void *) a; + + if (format == GNUTLS_MPI_FORMAT_USG) + { + size = nettle_mpz_sizeinbase_256_u (*p); + } + else if (format == GNUTLS_MPI_FORMAT_STD) + { + size = nettle_mpz_sizeinbase_256_s (*p); + } + else if (format == GNUTLS_MPI_FORMAT_PGP) + { + size = nettle_mpz_sizeinbase_256_u (*p) + 2; + } + else + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (buffer == NULL || size > *nbytes) + { + *nbytes = size; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + if (format == GNUTLS_MPI_FORMAT_PGP) + { + opaque *buf = buffer; + unsigned int nbits = _gnutls_mpi_get_nbits (a); + buf[0] = (nbits >> 8) & 0xff; + buf[1] = (nbits) & 0xff; + nettle_mpz_get_str_256 (size - 2, buf + 2, *p); + } + else + { + nettle_mpz_get_str_256 (size, buffer, *p); + } + *nbytes = size; + + return 0; } -static bigint_t wrap_nettle_mpi_new(int nbits) +static bigint_t +wrap_nettle_mpi_new (int nbits) { - mpz_t *p; + mpz_t *p; - p = gnutls_malloc(sizeof(*p)); - if (p == NULL) { - gnutls_assert(); - return NULL; - } - mpz_init2(*p, nbits); + p = gnutls_malloc (sizeof (*p)); + if (p == NULL) + { + gnutls_assert (); + return NULL; + } + mpz_init2 (*p, nbits); - return p; + return p; } static bigint_t -wrap_nettle_mpi_scan(const void *buffer, size_t nbytes, - gnutls_bigint_format_t format) +wrap_nettle_mpi_scan (const void *buffer, size_t nbytes, + gnutls_bigint_format_t format) { - bigint_t r = wrap_nettle_mpi_new(nbytes*8); - - if (r==NULL) { - gnutls_assert(); - return r; + bigint_t r = wrap_nettle_mpi_new (nbytes * 8); + + if (r == NULL) + { + gnutls_assert (); + return r; + } + + if (format == GNUTLS_MPI_FORMAT_USG) + { + nettle_mpz_set_str_256_u (TOMPZ (r), nbytes, buffer); + } + else if (format == GNUTLS_MPI_FORMAT_STD) + { + nettle_mpz_set_str_256_s (TOMPZ (r), nbytes, buffer); + } + else if (format == GNUTLS_MPI_FORMAT_PGP) + { + const opaque *buf = buffer; + size_t size; + + if (nbytes < 3) + { + gnutls_assert (); + goto fail; } - if (format == GNUTLS_MPI_FORMAT_USG) { - nettle_mpz_set_str_256_u(TOMPZ(r), nbytes, buffer); - } else if (format == GNUTLS_MPI_FORMAT_STD) { - nettle_mpz_set_str_256_s(TOMPZ(r), nbytes, buffer); - } else if (format == GNUTLS_MPI_FORMAT_PGP) { - const opaque *buf = buffer; - size_t size; - - if (nbytes < 3) { - gnutls_assert(); - goto fail; - } - - size = (buf[0] << 8) | buf[1]; - size = (size+7) / 8; - - if (size > nbytes-2) { - gnutls_assert(); - goto fail; - } - nettle_mpz_set_str_256_u(TOMPZ(r), size, buf+2); - } else { - gnutls_assert(); - goto fail; + size = (buf[0] << 8) | buf[1]; + size = (size + 7) / 8; + + if (size > nbytes - 2) + { + gnutls_assert (); + goto fail; } - - return r; + nettle_mpz_set_str_256_u (TOMPZ (r), size, buf + 2); + } + else + { + gnutls_assert (); + goto fail; + } + + return r; fail: - _gnutls_mpi_release(&r); - return NULL; + _gnutls_mpi_release (&r); + return NULL; } -static int wrap_nettle_mpi_cmp(const bigint_t u, const bigint_t v) +static int +wrap_nettle_mpi_cmp (const bigint_t u, const bigint_t v) { - mpz_t *i1 = u, *i2 = v; + mpz_t *i1 = u, *i2 = v; - return mpz_cmp(*i1, *i2); + return mpz_cmp (*i1, *i2); } -static int wrap_nettle_mpi_cmp_ui(const bigint_t u, unsigned long v) +static int +wrap_nettle_mpi_cmp_ui (const bigint_t u, unsigned long v) { - mpz_t *i1 = u; + mpz_t *i1 = u; - return mpz_cmp_ui(*i1, v); + return mpz_cmp_ui (*i1, v); } -static bigint_t wrap_nettle_mpi_set(bigint_t w, const bigint_t u) +static bigint_t +wrap_nettle_mpi_set (bigint_t w, const bigint_t u) { - mpz_t *i1, *i2 = u; + mpz_t *i1, *i2 = u; + + if (w == NULL) + w = _gnutls_mpi_alloc_like (u); + i1 = w; - if (w == NULL) - w = _gnutls_mpi_alloc_like(u); - i1 = w; + mpz_set (*i1, *i2); - mpz_set(*i1, *i2); - - return i1; + return i1; } -static bigint_t wrap_nettle_mpi_set_ui(bigint_t w, unsigned long u) +static bigint_t +wrap_nettle_mpi_set_ui (bigint_t w, unsigned long u) { - mpz_t *i1; + mpz_t *i1; - if (w == NULL) - w = wrap_nettle_mpi_new(32); + if (w == NULL) + w = wrap_nettle_mpi_new (32); - i1 = w; + i1 = w; - mpz_set_ui(*i1, u); - - return i1; + mpz_set_ui (*i1, u); + + return i1; } -static unsigned int wrap_nettle_mpi_get_nbits(bigint_t a) +static unsigned int +wrap_nettle_mpi_get_nbits (bigint_t a) { - return mpz_sizeinbase(*((mpz_t *) a), 2); + return mpz_sizeinbase (*((mpz_t *) a), 2); } -static void wrap_nettle_mpi_release(bigint_t a) +static void +wrap_nettle_mpi_release (bigint_t a) { - mpz_clear(*((mpz_t *) a)); - gnutls_free(a); + mpz_clear (*((mpz_t *) a)); + gnutls_free (a); } -static bigint_t wrap_nettle_mpi_mod(const bigint_t a, const bigint_t b) +static bigint_t +wrap_nettle_mpi_mod (const bigint_t a, const bigint_t b) { - bigint_t r = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b)); + bigint_t r = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b)); - if (r == NULL) - return NULL; + if (r == NULL) + return NULL; - mpz_mod(*((mpz_t *) r), *((mpz_t *) a), *((mpz_t *) b)); + mpz_mod (*((mpz_t *) r), *((mpz_t *) a), *((mpz_t *) b)); - return r; + return r; } static bigint_t -wrap_nettle_mpi_powm(bigint_t w, const bigint_t b, const bigint_t e, - const bigint_t m) +wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e, + const bigint_t m) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_powm(*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) e), - *((mpz_t *) m)); + mpz_powm (*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) e), *((mpz_t *) m)); - return w; + return w; } static bigint_t -wrap_nettle_mpi_addm(bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) +wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b, + const bigint_t m) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_add(*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) a)); - mpz_fdiv_r(*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m)); + mpz_add (*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) a)); + mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m)); - return w; + return w; } static bigint_t -wrap_nettle_mpi_subm(bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) +wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b, + const bigint_t m) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_sub(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); - mpz_fdiv_r(*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m)); + mpz_sub (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); + mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m)); - return w; + return w; } static bigint_t -wrap_nettle_mpi_mulm(bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) +wrap_nettle_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b, + const bigint_t m) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_mul(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); - mpz_fdiv_r(*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m)); + mpz_mul (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); + mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m)); - return w; + return w; } static bigint_t -wrap_nettle_mpi_add(bigint_t w, const bigint_t a, const bigint_t b) +wrap_nettle_mpi_add (bigint_t w, const bigint_t a, const bigint_t b) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_add(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); + mpz_add (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); - return w; + return w; } static bigint_t -wrap_nettle_mpi_sub(bigint_t w, const bigint_t a, const bigint_t b) +wrap_nettle_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_sub(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); + mpz_sub (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); - return w; + return w; } static bigint_t -wrap_nettle_mpi_mul(bigint_t w, const bigint_t a, const bigint_t b) +wrap_nettle_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_mul(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); + mpz_mul (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b)); - return w; + return w; } /* q = a / b */ static bigint_t -wrap_nettle_mpi_div(bigint_t q, const bigint_t a, const bigint_t b) +wrap_nettle_mpi_div (bigint_t q, const bigint_t a, const bigint_t b) { - if (q == NULL) - q = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (q == NULL) + q = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (q == NULL) - return NULL; + if (q == NULL) + return NULL; - mpz_cdiv_q(*((mpz_t *) q), *((mpz_t *) a), *((mpz_t *) b)); + mpz_cdiv_q (*((mpz_t *) q), *((mpz_t *) a), *((mpz_t *) b)); - return q; + return q; } static bigint_t -wrap_nettle_mpi_add_ui(bigint_t w, const bigint_t a, unsigned long b) +wrap_nettle_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_add_ui(*((mpz_t *) w), *((mpz_t *) a), b); + mpz_add_ui (*((mpz_t *) w), *((mpz_t *) a), b); - return w; + return w; } static bigint_t -wrap_nettle_mpi_sub_ui(bigint_t w, const bigint_t a, unsigned long b) +wrap_nettle_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_sub_ui(*((mpz_t *) w), *((mpz_t *) a), b); + mpz_sub_ui (*((mpz_t *) w), *((mpz_t *) a), b); - return w; + return w; } static bigint_t -wrap_nettle_mpi_mul_ui(bigint_t w, const bigint_t a, unsigned long b) +wrap_nettle_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b) { - if (w == NULL) - w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a)); + if (w == NULL) + w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); - if (w == NULL) - return NULL; + if (w == NULL) + return NULL; - mpz_mul_ui(*((mpz_t *) w), *((mpz_t *) a), b); + mpz_mul_ui (*((mpz_t *) w), *((mpz_t *) a), b); - return w; + return w; } #define PRIME_CHECK_PARAM 18 -static int wrap_nettle_prime_check(bigint_t pp) +static int +wrap_nettle_prime_check (bigint_t pp) { - int ret; - ret = mpz_probab_prime_p(*((mpz_t *) pp), PRIME_CHECK_PARAM); + int ret; + ret = mpz_probab_prime_p (*((mpz_t *) pp), PRIME_CHECK_PARAM); - if (ret > 0) { - return 0; - } + if (ret > 0) + { + return 0; + } - return GNUTLS_E_INTERNAL_ERROR; /* ignored */ + return GNUTLS_E_INTERNAL_ERROR; /* ignored */ } @@ -383,211 +414,234 @@ static int wrap_nettle_prime_check(bigint_t pp) * Algorithm based on the algorithm in "A Computational Introduction to Number * Theory and Algebra" by V. Shoup, sec 11.1 Finding a generator for Z^{*}_p */ -inline static int gen_group (mpz_t *prime, mpz_t* generator, unsigned int nbits) +inline static int +gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) { - mpz_t q, w; - unsigned int p_bytes = nbits/8; - opaque *buffer= NULL; - unsigned int q_bytes, w_bytes, r_bytes, w_bits; - int ret; - - mpz_init(*prime); - mpz_init(*generator); - - /* security level enforcement. - * Values for q are selected according to ECRYPT II recommendations. - */ - q_bytes = _gnutls_pk_bits_to_subgroup_bits (nbits); - q_bytes/=8; - - if (q_bytes == 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + mpz_t q, w; + unsigned int p_bytes = nbits / 8; + opaque *buffer = NULL; + unsigned int q_bytes, w_bytes, r_bytes, w_bits; + int ret; + + mpz_init (*prime); + mpz_init (*generator); + + /* security level enforcement. + * Values for q are selected according to ECRYPT II recommendations. + */ + q_bytes = _gnutls_pk_bits_to_subgroup_bits (nbits); + q_bytes /= 8; + + if (q_bytes == 0) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (nbits % 8 != 0) + p_bytes++; + + _gnutls_debug_log + ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n", + nbits, q_bytes * 8); + buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */ + if (buffer == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + mpz_init2 (*prime, nbits); + mpz_init (*generator); + mpz_init (q); + mpz_init (w); + + /* search for a prime. We are not that unlucky so search + * forever. + */ + for (;;) + { + ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes); + if (ret < 0) + { + gnutls_assert (); + goto fail; } - - if (nbits%8 != 0) - p_bytes++; - - _gnutls_debug_log("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n", nbits, q_bytes*8); - buffer = gnutls_malloc(p_bytes); /* p_bytes > q_bytes */ - if (buffer == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + + nettle_mpz_set_str_256_u (q, q_bytes, buffer); + /* always odd */ + mpz_setbit (q, 0); + + ret = mpz_probab_prime_p (q, PRIME_CHECK_PARAM); + if (ret > 0) + { + break; } + } + + /* now generate w of size p_bytes - q_bytes */ - mpz_init2(*prime, nbits); - mpz_init(*generator); - mpz_init(q); - mpz_init(w); - - /* search for a prime. We are not that unlucky so search - * forever. - */ - for (;;) { - ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, q_bytes); - if (ret < 0) { - gnutls_assert(); - goto fail; - } - - nettle_mpz_set_str_256_u(q, q_bytes, buffer); - /* always odd */ - mpz_setbit(q, 0); - - ret = mpz_probab_prime_p(q, PRIME_CHECK_PARAM); - if (ret > 0) { - break; - } + w_bits = nbits - wrap_nettle_mpi_get_nbits (&q); + + _gnutls_debug_log + ("Found prime q of %u bits. Will look for w of %u bits...\n", + wrap_nettle_mpi_get_nbits (&q), w_bits); + + w_bytes = w_bits / 8; + if (w_bits % 8 != 0) + w_bytes++; + + for (;;) + { + ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + nettle_mpz_set_str_256_u (w, w_bytes, buffer); + /* always odd */ + mpz_setbit (w, 0); + + ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM); + if (ret == 0) + { + continue; } - - /* now generate w of size p_bytes - q_bytes */ - - w_bits = nbits - wrap_nettle_mpi_get_nbits(&q); - - _gnutls_debug_log("Found prime q of %u bits. Will look for w of %u bits...\n", wrap_nettle_mpi_get_nbits(&q), w_bits); - - w_bytes = w_bits/8; - if (w_bits % 8 != 0) - w_bytes++; - - for (;;) { - ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, w_bytes); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - nettle_mpz_set_str_256_u(w, w_bytes, buffer); - /* always odd */ - mpz_setbit(w, 0); - - ret = mpz_probab_prime_p(w, PRIME_CHECK_PARAM); - if (ret == 0) { - continue; - } - - /* check if 2wq+1 is prime */ - mpz_mul_ui(*prime, w, 2); - mpz_mul(*prime, *prime, q); - mpz_add_ui(*prime, *prime, 1); - - ret = mpz_probab_prime_p(*prime, PRIME_CHECK_PARAM); - if (ret > 0) { - break; - } + + /* check if 2wq+1 is prime */ + mpz_mul_ui (*prime, w, 2); + mpz_mul (*prime, *prime, q); + mpz_add_ui (*prime, *prime, 1); + + ret = mpz_probab_prime_p (*prime, PRIME_CHECK_PARAM); + if (ret > 0) + { + break; } - - _gnutls_debug_log("Found prime w of %u bits. Looking for generator...\n", wrap_nettle_mpi_get_nbits(&w)); - - /* finally a prime! Let calculate generator - */ - - /* c = r^((p-1)/q), r == random - * c = r^(2w) - * if c!=1 c is the generator for the subgroup of order q-1 - * - * (here we reuse q as r) - */ - r_bytes = p_bytes; - - mpz_mul_ui(w, w, 2); /* w = w*2 */ - mpz_fdiv_r(w, w, *prime); - - for (;;) { - ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, r_bytes); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - nettle_mpz_set_str_256_u(q, r_bytes, buffer); - mpz_fdiv_r(q, q, *prime); - - /* check if r^w mod n != 1 mod n */ - mpz_powm(*generator, q, w, *prime); - - if (mpz_cmp_ui(*generator,1)==0) - continue; - else break; + } + + _gnutls_debug_log ("Found prime w of %u bits. Looking for generator...\n", + wrap_nettle_mpi_get_nbits (&w)); + + /* finally a prime! Let calculate generator + */ + + /* c = r^((p-1)/q), r == random + * c = r^(2w) + * if c!=1 c is the generator for the subgroup of order q-1 + * + * (here we reuse q as r) + */ + r_bytes = p_bytes; + + mpz_mul_ui (w, w, 2); /* w = w*2 */ + mpz_fdiv_r (w, w, *prime); + + for (;;) + { + ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, r_bytes); + if (ret < 0) + { + gnutls_assert (); + return ret; } - - _gnutls_debug_log("Found generator g of %u bits\n", wrap_nettle_mpi_get_nbits(generator)); - _gnutls_debug_log("Prime n is of %u bits\n", wrap_nettle_mpi_get_nbits(prime)); - mpz_clear(q); - mpz_clear(w); - gnutls_free(buffer); - - return 0; + nettle_mpz_set_str_256_u (q, r_bytes, buffer); + mpz_fdiv_r (q, q, *prime); + + /* check if r^w mod n != 1 mod n */ + mpz_powm (*generator, q, w, *prime); + + if (mpz_cmp_ui (*generator, 1) == 0) + continue; + else + break; + } + + _gnutls_debug_log ("Found generator g of %u bits\n", + wrap_nettle_mpi_get_nbits (generator)); + _gnutls_debug_log ("Prime n is of %u bits\n", + wrap_nettle_mpi_get_nbits (prime)); + + mpz_clear (q); + mpz_clear (w); + gnutls_free (buffer); + + return 0; fail: - mpz_clear(q); - mpz_clear(w); - mpz_clear(*prime); - mpz_clear(*generator); - gnutls_free(buffer); - - return ret; + mpz_clear (q); + mpz_clear (w); + mpz_clear (*prime); + mpz_clear (*generator); + gnutls_free (buffer); + + return ret; } static int -wrap_nettle_generate_group(gnutls_group_st * group, unsigned int bits) +wrap_nettle_generate_group (gnutls_group_st * group, unsigned int bits) { -int ret; -bigint_t p = wrap_nettle_mpi_new(bits); -bigint_t g; - - if (p == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - g = wrap_nettle_mpi_new(bits); - if (g == NULL) { - gnutls_assert(); - _gnutls_mpi_release(&p); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = gen_group(p, g, bits); - if (ret < 0) { - _gnutls_mpi_release(&g); - _gnutls_mpi_release(&p); - gnutls_assert(); - return ret; - } - - group->p = p; - group->g = g; - - return 0; + int ret; + bigint_t p = wrap_nettle_mpi_new (bits); + bigint_t g; + + if (p == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + g = wrap_nettle_mpi_new (bits); + if (g == NULL) + { + gnutls_assert (); + _gnutls_mpi_release (&p); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = gen_group (p, g, bits); + if (ret < 0) + { + _gnutls_mpi_release (&g); + _gnutls_mpi_release (&p); + gnutls_assert (); + return ret; + } + + group->p = p; + group->g = g; + + return 0; } int crypto_bigint_prio = INT_MAX; gnutls_crypto_bigint_st _gnutls_mpi_ops = { - .bigint_new = wrap_nettle_mpi_new, - .bigint_cmp = wrap_nettle_mpi_cmp, - .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui, - .bigint_mod = wrap_nettle_mpi_mod, - .bigint_set = wrap_nettle_mpi_set, - .bigint_set_ui = wrap_nettle_mpi_set_ui, - .bigint_get_nbits = wrap_nettle_mpi_get_nbits, - .bigint_powm = wrap_nettle_mpi_powm, - .bigint_addm = wrap_nettle_mpi_addm, - .bigint_subm = wrap_nettle_mpi_subm, - .bigint_add = wrap_nettle_mpi_add, - .bigint_sub = wrap_nettle_mpi_sub, - .bigint_add_ui = wrap_nettle_mpi_add_ui, - .bigint_sub_ui = wrap_nettle_mpi_sub_ui, - .bigint_mul = wrap_nettle_mpi_mul, - .bigint_mulm = wrap_nettle_mpi_mulm, - .bigint_mul_ui = wrap_nettle_mpi_mul_ui, - .bigint_div = wrap_nettle_mpi_div, - .bigint_prime_check = wrap_nettle_prime_check, - .bigint_release = wrap_nettle_mpi_release, - .bigint_print = wrap_nettle_mpi_print, - .bigint_scan = wrap_nettle_mpi_scan, - .bigint_generate_group = wrap_nettle_generate_group + .bigint_new = wrap_nettle_mpi_new, + .bigint_cmp = wrap_nettle_mpi_cmp, + .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui, + .bigint_mod = wrap_nettle_mpi_mod, + .bigint_set = wrap_nettle_mpi_set, + .bigint_set_ui = wrap_nettle_mpi_set_ui, + .bigint_get_nbits = wrap_nettle_mpi_get_nbits, + .bigint_powm = wrap_nettle_mpi_powm, + .bigint_addm = wrap_nettle_mpi_addm, + .bigint_subm = wrap_nettle_mpi_subm, + .bigint_add = wrap_nettle_mpi_add, + .bigint_sub = wrap_nettle_mpi_sub, + .bigint_add_ui = wrap_nettle_mpi_add_ui, + .bigint_sub_ui = wrap_nettle_mpi_sub_ui, + .bigint_mul = wrap_nettle_mpi_mul, + .bigint_mulm = wrap_nettle_mpi_mulm, + .bigint_mul_ui = wrap_nettle_mpi_mul_ui, + .bigint_div = wrap_nettle_mpi_div, + .bigint_prime_check = wrap_nettle_prime_check, + .bigint_release = wrap_nettle_mpi_release, + .bigint_print = wrap_nettle_mpi_print, + .bigint_scan = wrap_nettle_mpi_scan, + .bigint_generate_group = wrap_nettle_generate_group }; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 56b88677d3..d4c8806d0d 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -45,579 +45,601 @@ #define TOMPZ(x) (*((mpz_t*)(x))) -static void rnd_func(void *_ctx, unsigned length, uint8_t * data) +static void +rnd_func (void *_ctx, unsigned length, uint8_t * data) { - _gnutls_rnd(GNUTLS_RND_RANDOM, data, length); + _gnutls_rnd (GNUTLS_RND_RANDOM, data, length); } -static void _dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params, - struct dsa_public_key *pub) +static void +_dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params, + struct dsa_public_key *pub) { - memcpy(&pub->p, pk_params->params[0], sizeof(mpz_t)); - memcpy(&pub->q, pk_params->params[1], sizeof(mpz_t)); - memcpy(&pub->g, pk_params->params[2], sizeof(mpz_t)); - memcpy(&pub->y, pk_params->params[3], sizeof(mpz_t)); + memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t)); + memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t)); + memcpy (&pub->g, pk_params->params[2], sizeof (mpz_t)); + memcpy (&pub->y, pk_params->params[3], sizeof (mpz_t)); } -static void _dsa_params_to_privkey(const gnutls_pk_params_st * pk_params, - struct dsa_private_key *pub) +static void +_dsa_params_to_privkey (const gnutls_pk_params_st * pk_params, + struct dsa_private_key *pub) { - memcpy(&pub->x, pk_params->params[4], sizeof(mpz_t)); + memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t)); } -static void _rsa_params_to_privkey(const gnutls_pk_params_st * pk_params, - struct rsa_private_key *priv) +static void +_rsa_params_to_privkey (const gnutls_pk_params_st * pk_params, + struct rsa_private_key *priv) { - memcpy(&priv->d, pk_params->params[2], sizeof(mpz_t)); - memcpy(&priv->p, pk_params->params[3], sizeof(mpz_t)); - memcpy(&priv->q, pk_params->params[4], sizeof(mpz_t)); - memcpy(&priv->c, pk_params->params[5], sizeof(mpz_t)); - memcpy(&priv->a, pk_params->params[6], sizeof(mpz_t)); - memcpy(&priv->b, pk_params->params[7], sizeof(mpz_t)); + memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t)); + memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t)); + memcpy (&priv->q, pk_params->params[4], sizeof (mpz_t)); + memcpy (&priv->c, pk_params->params[5], sizeof (mpz_t)); + memcpy (&priv->a, pk_params->params[6], sizeof (mpz_t)); + memcpy (&priv->b, pk_params->params[7], sizeof (mpz_t)); } static int -_wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo, - gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - const gnutls_pk_params_st * pk_params) +_wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo, + gnutls_datum_t * ciphertext, + const gnutls_datum_t * plaintext, + const gnutls_pk_params_st * pk_params) { - int ret; - - /* make a sexp from pkey */ - switch (algo) { - case GNUTLS_PK_RSA:{ - bigint_t p; - - if (_gnutls_mpi_scan_nz - (&p, plaintext->data, plaintext->size) != 0) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - mpz_powm(p, p, TOMPZ(pk_params->params[1]) /*e */ , - TOMPZ(pk_params->params[0] /*m */ )); - - ret = - _gnutls_mpi_dprint_size(p, ciphertext, - plaintext->size); - _gnutls_mpi_release(&p); - - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - ret = 0; - - cleanup: - - return ret; + int ret; + + /* make a sexp from pkey */ + switch (algo) + { + case GNUTLS_PK_RSA: + { + bigint_t p; + + if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ , + TOMPZ (pk_params->params[0] /*m */ )); + + ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size); + _gnutls_mpi_release (&p); + + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + ret = 0; + +cleanup: + + return ret; } /* returns the blinded c and the inverse of a random * number r; */ -static bigint_t rsa_blind(bigint_t c, bigint_t e, bigint_t n, - bigint_t * _ri) +static bigint_t +rsa_blind (bigint_t c, bigint_t e, bigint_t n, bigint_t * _ri) { - bigint_t nc = NULL, r = NULL, ri = NULL; - - /* nc = c*(r^e) - * ri = r^(-1) - */ - nc = _gnutls_mpi_alloc_like(n); - if (nc == NULL) { - gnutls_assert(); - return NULL; - } - - ri = _gnutls_mpi_alloc_like(n); - if (nc == NULL) { - gnutls_assert(); - goto fail; - } - - r = _gnutls_mpi_randomize(NULL, _gnutls_mpi_get_nbits(n), - GNUTLS_RND_NONCE); - if (r == NULL) { - gnutls_assert(); - goto fail; - } - - /* invert r */ - if (mpz_invert(ri, r, n) == 0) { - gnutls_assert(); - goto fail; - } - - /* r = r^e */ - - _gnutls_mpi_powm(r, r, e, n); - - _gnutls_mpi_mulm(nc, c, r, n); - - *_ri = ri; - - _gnutls_mpi_release(&r); - - return nc; - fail: - _gnutls_mpi_release(&nc); - _gnutls_mpi_release(&r); - return NULL; + bigint_t nc = NULL, r = NULL, ri = NULL; + + /* nc = c*(r^e) + * ri = r^(-1) + */ + nc = _gnutls_mpi_alloc_like (n); + if (nc == NULL) + { + gnutls_assert (); + return NULL; + } + + ri = _gnutls_mpi_alloc_like (n); + if (nc == NULL) + { + gnutls_assert (); + goto fail; + } + + r = _gnutls_mpi_randomize (NULL, _gnutls_mpi_get_nbits (n), + GNUTLS_RND_NONCE); + if (r == NULL) + { + gnutls_assert (); + goto fail; + } + + /* invert r */ + if (mpz_invert (ri, r, n) == 0) + { + gnutls_assert (); + goto fail; + } + + /* r = r^e */ + + _gnutls_mpi_powm (r, r, e, n); + + _gnutls_mpi_mulm (nc, c, r, n); + + *_ri = ri; + + _gnutls_mpi_release (&r); + + return nc; +fail: + _gnutls_mpi_release (&nc); + _gnutls_mpi_release (&r); + return NULL; } /* c = c*ri mod n */ -static inline void rsa_unblind(bigint_t c, bigint_t ri, bigint_t n) +static inline void +rsa_unblind (bigint_t c, bigint_t ri, bigint_t n) { - _gnutls_mpi_mulm(c, c, ri, n); + _gnutls_mpi_mulm (c, c, ri, n); } static int -_wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, - gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - const gnutls_pk_params_st * pk_params) +_wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo, + gnutls_datum_t * plaintext, + const gnutls_datum_t * ciphertext, + const gnutls_pk_params_st * pk_params) { - int ret; - - /* make a sexp from pkey */ - switch (algo) { - case GNUTLS_PK_RSA:{ - struct rsa_private_key priv; - bigint_t c, ri, nc; - - if (_gnutls_mpi_scan_nz - (&c, ciphertext->data, - ciphertext->size) != 0) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - nc = rsa_blind(c, pk_params->params[1] /*e */ , - pk_params->params[0] /*m */ , &ri); - _gnutls_mpi_release(&c); - if (nc == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - rsa_private_key_init(&priv); - _rsa_params_to_privkey(pk_params, &priv); - - rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc)); - - rsa_unblind(nc, ri, pk_params->params[0] /*m */ ); - - ret = - _gnutls_mpi_dprint_size(nc, plaintext, - ciphertext->size); - - _gnutls_mpi_release(&nc); - _gnutls_mpi_release(&ri); - - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - ret = 0; - - cleanup: - - return ret; + int ret; + + /* make a sexp from pkey */ + switch (algo) + { + case GNUTLS_PK_RSA: + { + struct rsa_private_key priv; + bigint_t c, ri, nc; + + if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + nc = rsa_blind (c, pk_params->params[1] /*e */ , + pk_params->params[0] /*m */ , &ri); + _gnutls_mpi_release (&c); + if (nc == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + rsa_private_key_init (&priv); + _rsa_params_to_privkey (pk_params, &priv); + + rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); + + rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); + + ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size); + + _gnutls_mpi_release (&nc); + _gnutls_mpi_release (&ri); + + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + ret = 0; + +cleanup: + + return ret; } /* in case of DSA puts into data, r,s */ static int -_wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, - gnutls_datum_t * signature, - const gnutls_datum_t * vdata, - const gnutls_pk_params_st * pk_params) +_wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, + gnutls_datum_t * signature, + const gnutls_datum_t * vdata, + const gnutls_pk_params_st * pk_params) { - int ret, hash; - - switch (algo) { - - case GNUTLS_PK_DSA:{ - struct dsa_public_key pub; - struct dsa_private_key priv; - struct dsa_signature sig; - - dsa_public_key_init(&pub); - dsa_private_key_init(&priv); - _dsa_params_to_pubkey(pk_params, &pub); - _dsa_params_to_privkey(pk_params, &priv); - - dsa_signature_init(&sig); - - hash = _gnutls_dsa_q_to_hash(pub.q); - if (vdata->size != _gnutls_hash_get_algo_len(hash)) { - gnutls_assert(); - ret = GNUTLS_E_PK_SIGN_FAILED; - goto dsa_fail; - } - - ret = - _dsa_sign(&pub, &priv, NULL, rnd_func, - vdata->size, vdata->data, &sig); - if (ret == 0) { - gnutls_assert(); - ret = GNUTLS_E_PK_SIGN_FAILED; - goto dsa_fail; - } - - ret = - _gnutls_encode_ber_rs(signature, &sig.r, - &sig.s); - - dsa_fail: - dsa_signature_clear(&sig); - - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - break; - } - case GNUTLS_PK_RSA:{ - struct rsa_private_key priv; - bigint_t hash, nc, ri; - - if (_gnutls_mpi_scan_nz - (&hash, vdata->data, vdata->size) != 0) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - rsa_private_key_init(&priv); - _rsa_params_to_privkey(pk_params, &priv); - - nc = rsa_blind(hash, pk_params->params[1] /*e */ , - pk_params->params[0] /*m */ , &ri); - - _gnutls_mpi_release(&hash); - - if (nc == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc)); - - rsa_unblind(nc, ri, pk_params->params[0] /*m */ ); - - ret = _gnutls_mpi_dprint(nc, signature); - _gnutls_mpi_release(&nc); - _gnutls_mpi_release(&ri); - - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - ret = 0; - - cleanup: - - return ret; + int ret, hash; + + switch (algo) + { + + case GNUTLS_PK_DSA: + { + struct dsa_public_key pub; + struct dsa_private_key priv; + struct dsa_signature sig; + + dsa_public_key_init (&pub); + dsa_private_key_init (&priv); + _dsa_params_to_pubkey (pk_params, &pub); + _dsa_params_to_privkey (pk_params, &priv); + + dsa_signature_init (&sig); + + hash = _gnutls_dsa_q_to_hash (pub.q); + if (vdata->size != _gnutls_hash_get_algo_len (hash)) + { + gnutls_assert (); + ret = GNUTLS_E_PK_SIGN_FAILED; + goto dsa_fail; + } + + ret = + _dsa_sign (&pub, &priv, NULL, rnd_func, + vdata->size, vdata->data, &sig); + if (ret == 0) + { + gnutls_assert (); + ret = GNUTLS_E_PK_SIGN_FAILED; + goto dsa_fail; + } + + ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s); + + dsa_fail: + dsa_signature_clear (&sig); + + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + } + case GNUTLS_PK_RSA: + { + struct rsa_private_key priv; + bigint_t hash, nc, ri; + + if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + rsa_private_key_init (&priv); + _rsa_params_to_privkey (pk_params, &priv); + + nc = rsa_blind (hash, pk_params->params[1] /*e */ , + pk_params->params[0] /*m */ , &ri); + + _gnutls_mpi_release (&hash); + + if (nc == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); + + rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); + + ret = _gnutls_mpi_dprint (nc, signature); + _gnutls_mpi_release (&nc); + _gnutls_mpi_release (&ri); + + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + ret = 0; + +cleanup: + + return ret; } static int -_int_rsa_verify(const gnutls_pk_params_st * pk_params, - bigint_t m, bigint_t s) +_int_rsa_verify (const gnutls_pk_params_st * pk_params, + bigint_t m, bigint_t s) { - int res; + int res; - mpz_t m1; + mpz_t m1; - if ((mpz_sgn(TOMPZ(s)) <= 0) - || (mpz_cmp(TOMPZ(s), TOMPZ(pk_params->params[0])) >= 0)) - return GNUTLS_E_PK_SIG_VERIFY_FAILED; + if ((mpz_sgn (TOMPZ (s)) <= 0) + || (mpz_cmp (TOMPZ (s), TOMPZ (pk_params->params[0])) >= 0)) + return GNUTLS_E_PK_SIG_VERIFY_FAILED; - mpz_init(m1); + mpz_init (m1); - mpz_powm(m1, TOMPZ(s), TOMPZ(pk_params->params[1]), - TOMPZ(pk_params->params[0])); + mpz_powm (m1, TOMPZ (s), TOMPZ (pk_params->params[1]), + TOMPZ (pk_params->params[0])); - res = !mpz_cmp(TOMPZ(m), m1); + res = !mpz_cmp (TOMPZ (m), m1); - mpz_clear(m1); + mpz_clear (m1); - if (res == 0) - res = GNUTLS_E_PK_SIG_VERIFY_FAILED; - else - res = 0; + if (res == 0) + res = GNUTLS_E_PK_SIG_VERIFY_FAILED; + else + res = 0; - return res; + return res; } static int -_wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, - const gnutls_datum_t * vdata, - const gnutls_datum_t * signature, - const gnutls_pk_params_st * pk_params) +_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, + const gnutls_datum_t * vdata, + const gnutls_datum_t * signature, + const gnutls_pk_params_st * pk_params) { - int ret, hash; - bigint_t tmp[2] = { NULL, NULL }; - - switch (algo) { - case GNUTLS_PK_DSA:{ - struct dsa_public_key pub; - struct dsa_signature sig; - - ret = - _gnutls_decode_ber_rs(signature, &tmp[0], - &tmp[1]); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - dsa_public_key_init(&pub); - _dsa_params_to_pubkey(pk_params, &pub); - memcpy(&sig.r, tmp[0], sizeof(sig.r)); - memcpy(&sig.s, tmp[1], sizeof(sig.s)); - - hash = _gnutls_dsa_q_to_hash(pub.q); - if (vdata->size != _gnutls_hash_get_algo_len(hash)) { - gnutls_assert(); - ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; - goto dsa_fail; - } - - ret = - _dsa_verify(&pub, vdata->size, vdata->data, - &sig); - if (ret == 0) - ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; - else - ret = 0; - - dsa_fail: - _gnutls_mpi_release(&tmp[0]); - _gnutls_mpi_release(&tmp[1]); - break; - } - case GNUTLS_PK_RSA:{ - bigint_t hash; - - if (_gnutls_mpi_scan_nz - (&hash, vdata->data, vdata->size) != 0) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - ret = - _gnutls_mpi_scan_nz(&tmp[0], signature->data, - signature->size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = _int_rsa_verify(pk_params, hash, tmp[0]); - _gnutls_mpi_release(&tmp[0]); - _gnutls_mpi_release(&hash); - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - cleanup: - - return ret; + int ret, hash; + bigint_t tmp[2] = { NULL, NULL }; + + switch (algo) + { + case GNUTLS_PK_DSA: + { + struct dsa_public_key pub; + struct dsa_signature sig; + + ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + dsa_public_key_init (&pub); + _dsa_params_to_pubkey (pk_params, &pub); + memcpy (&sig.r, tmp[0], sizeof (sig.r)); + memcpy (&sig.s, tmp[1], sizeof (sig.s)); + + hash = _gnutls_dsa_q_to_hash (pub.q); + if (vdata->size != _gnutls_hash_get_algo_len (hash)) + { + gnutls_assert (); + ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; + goto dsa_fail; + } + + ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig); + if (ret == 0) + ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; + else + ret = 0; + + dsa_fail: + _gnutls_mpi_release (&tmp[0]); + _gnutls_mpi_release (&tmp[1]); + break; + } + case GNUTLS_PK_RSA: + { + bigint_t hash; + + if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = _int_rsa_verify (pk_params, hash, tmp[0]); + _gnutls_mpi_release (&tmp[0]); + _gnutls_mpi_release (&hash); + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + +cleanup: + + return ret; } static int -wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, - unsigned int level /*bits */ , - gnutls_pk_params_st * params) +wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, + unsigned int level /*bits */ , + gnutls_pk_params_st * params) { - int ret, i; - int q_bits; - - switch (algo) { - - case GNUTLS_PK_DSA:{ - struct dsa_public_key pub; - struct dsa_private_key priv; - - dsa_public_key_init(&pub); - dsa_private_key_init(&priv); - - /* the best would be to use _gnutls_pk_bits_to_subgroup_bits() - * but we do NIST DSA here */ - if (level <= 1024) - q_bits = 160; - else - q_bits = 256; - - ret = - dsa_generate_keypair(&pub, &priv, NULL, - rnd_func, NULL, NULL, - level, q_bits); - if (ret != 1) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - params->params_nr = 0; - for (i = 0; i < DSA_PRIVATE_PARAMS; i++) { - params->params[i] = - _gnutls_mpi_alloc_like(&pub.p); - if (params->params[i] == NULL) { - ret = GNUTLS_E_MEMORY_ERROR; - dsa_private_key_clear(&priv); - dsa_public_key_clear(&pub); - goto fail; - } - params->params_nr++; - } - _gnutls_mpi_set(params->params[0], pub.p); - _gnutls_mpi_set(params->params[1], pub.q); - _gnutls_mpi_set(params->params[2], pub.g); - _gnutls_mpi_set(params->params[3], pub.y); - _gnutls_mpi_set(params->params[4], priv.x); - - dsa_private_key_clear(&priv); - dsa_public_key_clear(&pub); - - break; - } - case GNUTLS_PK_RSA:{ - struct rsa_public_key pub; - struct rsa_private_key priv; - - rsa_public_key_init(&pub); - rsa_private_key_init(&priv); - - _gnutls_mpi_set_ui(&pub.e, 65537); - - ret = - rsa_generate_keypair(&pub, &priv, NULL, - rnd_func, NULL, NULL, - level, 0); - if (ret != 1) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - params->params_nr = 0; - for (i = 0; i < RSA_PRIVATE_PARAMS; i++) { - params->params[i] = - _gnutls_mpi_alloc_like(&pub.n); - if (params->params[i] == NULL) { - ret = GNUTLS_E_MEMORY_ERROR; - rsa_private_key_clear(&priv); - rsa_public_key_clear(&pub); - goto fail; - } - params->params_nr++; - - } - _gnutls_mpi_set(params->params[0], pub.n); - _gnutls_mpi_set(params->params[1], pub.e); - _gnutls_mpi_set(params->params[2], priv.d); - _gnutls_mpi_set(params->params[3], priv.p); - _gnutls_mpi_set(params->params[4], priv.q); - _gnutls_mpi_set(params->params[5], priv.c); - _gnutls_mpi_set(params->params[6], priv.a); - _gnutls_mpi_set(params->params[7], priv.b); - rsa_private_key_clear(&priv); - rsa_public_key_clear(&pub); - - break; - } - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + int ret, i; + int q_bits; - return 0; + switch (algo) + { - fail: + case GNUTLS_PK_DSA: + { + struct dsa_public_key pub; + struct dsa_private_key priv; + + dsa_public_key_init (&pub); + dsa_private_key_init (&priv); + + /* the best would be to use _gnutls_pk_bits_to_subgroup_bits() + * but we do NIST DSA here */ + if (level <= 1024) + q_bits = 160; + else + q_bits = 256; + + ret = + dsa_generate_keypair (&pub, &priv, NULL, + rnd_func, NULL, NULL, level, q_bits); + if (ret != 1) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } - for (i = 0; i < params->params_nr; i++) { - _gnutls_mpi_release(¶ms->params[i]); - } params->params_nr = 0; + for (i = 0; i < DSA_PRIVATE_PARAMS; i++) + { + params->params[i] = _gnutls_mpi_alloc_like (&pub.p); + if (params->params[i] == NULL) + { + ret = GNUTLS_E_MEMORY_ERROR; + dsa_private_key_clear (&priv); + dsa_public_key_clear (&pub); + goto fail; + } + params->params_nr++; + } + _gnutls_mpi_set (params->params[0], pub.p); + _gnutls_mpi_set (params->params[1], pub.q); + _gnutls_mpi_set (params->params[2], pub.g); + _gnutls_mpi_set (params->params[3], pub.y); + _gnutls_mpi_set (params->params[4], priv.x); + + dsa_private_key_clear (&priv); + dsa_public_key_clear (&pub); + + break; + } + case GNUTLS_PK_RSA: + { + struct rsa_public_key pub; + struct rsa_private_key priv; + + rsa_public_key_init (&pub); + rsa_private_key_init (&priv); + + _gnutls_mpi_set_ui (&pub.e, 65537); + + ret = + rsa_generate_keypair (&pub, &priv, NULL, + rnd_func, NULL, NULL, level, 0); + if (ret != 1) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } - return ret; + params->params_nr = 0; + for (i = 0; i < RSA_PRIVATE_PARAMS; i++) + { + params->params[i] = _gnutls_mpi_alloc_like (&pub.n); + if (params->params[i] == NULL) + { + ret = GNUTLS_E_MEMORY_ERROR; + rsa_private_key_clear (&priv); + rsa_public_key_clear (&pub); + goto fail; + } + params->params_nr++; + + } + _gnutls_mpi_set (params->params[0], pub.n); + _gnutls_mpi_set (params->params[1], pub.e); + _gnutls_mpi_set (params->params[2], priv.d); + _gnutls_mpi_set (params->params[3], priv.p); + _gnutls_mpi_set (params->params[4], priv.q); + _gnutls_mpi_set (params->params[5], priv.c); + _gnutls_mpi_set (params->params[6], priv.a); + _gnutls_mpi_set (params->params[7], priv.b); + rsa_private_key_clear (&priv); + rsa_public_key_clear (&pub); + + break; + } + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return 0; + +fail: + + for (i = 0; i < params->params_nr; i++) + { + _gnutls_mpi_release (¶ms->params[i]); + } + params->params_nr = 0; + + return ret; } static int -wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, - gnutls_direction_t direction, - gnutls_pk_params_st * params) +wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo, + gnutls_direction_t direction, + gnutls_pk_params_st * params) { - int result; - - if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA) { - /* do not trust the generated values. Some old private keys - * generated by us have mess on the values. Those were very - * old but it seemed some of the shipped example private - * keys were as old. - */ - mpz_invert(TOMPZ(params->params[5]), - TOMPZ(params->params[4]), - TOMPZ(params->params[3])); - - /* calculate exp1 [6] and exp2 [7] */ - _gnutls_mpi_release(¶ms->params[6]); - _gnutls_mpi_release(¶ms->params[7]); - - result = - _gnutls_calc_rsa_exp(params->params, - RSA_PRIVATE_PARAMS - 2); - if (result < 0) { - gnutls_assert(); - return result; - } - params->params_nr = RSA_PRIVATE_PARAMS; + int result; + + if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA) + { + /* do not trust the generated values. Some old private keys + * generated by us have mess on the values. Those were very + * old but it seemed some of the shipped example private + * keys were as old. + */ + mpz_invert (TOMPZ (params->params[5]), + TOMPZ (params->params[4]), TOMPZ (params->params[3])); + + /* calculate exp1 [6] and exp2 [7] */ + _gnutls_mpi_release (¶ms->params[6]); + _gnutls_mpi_release (¶ms->params[7]); + + result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS - 2); + if (result < 0) + { + gnutls_assert (); + return result; } + params->params_nr = RSA_PRIVATE_PARAMS; + } - return 0; + return 0; } int crypto_pk_prio = INT_MAX; gnutls_crypto_pk_st _gnutls_pk_ops = { - .encrypt = _wrap_nettle_pk_encrypt, - .decrypt = _wrap_nettle_pk_decrypt, - .sign = _wrap_nettle_pk_sign, - .verify = _wrap_nettle_pk_verify, - .generate = wrap_nettle_pk_generate_params, - .pk_fixup_private_params = wrap_nettle_pk_fixup, + .encrypt = _wrap_nettle_pk_encrypt, + .decrypt = _wrap_nettle_pk_decrypt, + .sign = _wrap_nettle_pk_sign, + .verify = _wrap_nettle_pk_verify, + .generate = wrap_nettle_pk_generate_params, + .pk_fixup_private_params = wrap_nettle_pk_fixup, }; diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index d130edabb9..d2fe9105a0 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -35,9 +35,10 @@ #define RND_LOCK if (gnutls_mutex_lock(&rnd_mutex)!=0) abort() #define RND_UNLOCK if (gnutls_mutex_unlock(&rnd_mutex)!=0) abort() -enum { - RANDOM_SOURCE_TRIVIA=0, - RANDOM_SOURCE_DEVICE, +enum +{ + RANDOM_SOURCE_TRIVIA = 0, + RANDOM_SOURCE_DEVICE, }; static struct yarrow256_ctx yctx; @@ -45,355 +46,409 @@ static struct yarrow_source ysources[SOURCES]; static time_t device_last_read = 0; static time_t trivia_time_count = 0; -static void* rnd_mutex; +static void *rnd_mutex; #define DEVICE_READ_INTERVAL 1200 #ifdef _WIN32 -# include <windows.h> +#include <windows.h> -# define DEVICE_READ_SIZE 16 -# define DEVICE_READ_SIZE_MAX 32 +#define DEVICE_READ_SIZE 16 +#define DEVICE_READ_SIZE_MAX 32 static HCRYPTPROV device_fd = NULL; -static int do_trivia_source(int init) +static int +do_trivia_source (int init) { - struct { - FILETIME now; - unsigned count; - } event; + struct + { + FILETIME now; + unsigned count; + } event; - unsigned entropy = 0; + unsigned entropy = 0; - GetSystemTimeAsFileTime(&event.now); - event.count = 0; + GetSystemTimeAsFileTime (&event.now); + event.count = 0; - if (init) { - trivia_time_count = 0; - } else { - event.count = trivia_time_count++; - entropy = 1; + if (init) + { + trivia_time_count = 0; + } + else + { + event.count = trivia_time_count++; + entropy = 1; } - return yarrow256_update(&yctx, RANDOM_SOURCE_TRIVIA, entropy, - sizeof(event), (const uint8_t *) &event); + return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy, + sizeof (event), (const uint8_t *) &event); } -static int do_device_source(int init) +static int +do_device_source (int init) { - time_t now = time(NULL); - int read_size = DEVICE_READ_SIZE; - - if (init) { - int old; - - if(!CryptAcquireContext(&device_fd, NULL, NULL, PROV_RSA_FULL, CRYPT_SILENT|CRYPT_VERIFYCONTEXT)) { - _gnutls_debug_log("error in CryptAcquireContext!\n"); - return GNUTLS_E_INTERNAL_ERROR; - } - device_last_read = now; - read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ + time_t now = time (NULL); + int read_size = DEVICE_READ_SIZE; + + if (init) + { + int old; + + if (!CryptAcquireContext + (&device_fd, NULL, NULL, PROV_RSA_FULL, + CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) + { + _gnutls_debug_log ("error in CryptAcquireContext!\n"); + return GNUTLS_E_INTERNAL_ERROR; + } + device_last_read = now; + read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ } - if ((device_fd != NULL) - && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) { + if ((device_fd != NULL) + && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) + { - /* More than a minute since we last read the device */ - uint8_t buf[DEVICE_READ_SIZE_MAX]; + /* More than a minute since we last read the device */ + uint8_t buf[DEVICE_READ_SIZE_MAX]; - if(!CryptGenRandom(device_fd, (DWORD)read_size, buf)) { - _gnutls_debug_log("Error in CryptGenRandom: %s\n", GetLastError()); - return GNUTLS_E_INTERNAL_ERROR; - } + if (!CryptGenRandom (device_fd, (DWORD) read_size, buf)) + { + _gnutls_debug_log ("Error in CryptGenRandom: %s\n", + GetLastError ()); + return GNUTLS_E_INTERNAL_ERROR; + } - device_last_read = now; - return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE, read_size*8/2 /* we trust the system RNG */, - read_size, buf); + device_last_read = now; + return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, + read_size * 8 / + 2 /* we trust the system RNG */ , + read_size, buf); } - return 0; + return 0; } -static void wrap_nettle_rnd_deinit(void* ctx) +static void +wrap_nettle_rnd_deinit (void *ctx) { - RND_LOCK; - CryptReleaseContext(device_fd, 0); - RND_UNLOCK; + RND_LOCK; + CryptReleaseContext (device_fd, 0); + RND_UNLOCK; - gnutls_mutex_deinit(&rnd_mutex); - rnd_mutex = NULL; + gnutls_mutex_deinit (&rnd_mutex); + rnd_mutex = NULL; } #else /* POSIX */ -# include <time.h> -# include <errno.h> -# include <sys/types.h> -# include <sys/stat.h> -# include <sys/time.h> -# include <fcntl.h> -# include <locks.h> -# include "egd.h" +#include <time.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <fcntl.h> +#include <locks.h> +#include "egd.h" -# define DEVICE_READ_SIZE 16 -# define DEVICE_READ_SIZE_MAX 32 +#define DEVICE_READ_SIZE 16 +#define DEVICE_READ_SIZE_MAX 32 static int device_fd; static time_t trivia_previous_time = 0; -static int do_trivia_source(int init) +static int +do_trivia_source (int init) { - struct { - struct timeval now; + struct + { + struct timeval now; #ifdef HAVE_GETRUSAGE - struct rusage rusage; + struct rusage rusage; #endif - unsigned count; - pid_t pid; - } event; + unsigned count; + pid_t pid; + } event; - unsigned entropy = 0; + unsigned entropy = 0; - if (gettimeofday(&event.now, NULL) < 0) { - _gnutls_debug_log("gettimeofday failed: %s\n", strerror(errno)); - abort(); - } + if (gettimeofday (&event.now, NULL) < 0) + { + _gnutls_debug_log ("gettimeofday failed: %s\n", strerror (errno)); + abort (); + } #ifdef HAVE_GETRUSAGE - if (getrusage(RUSAGE_SELF, &event.rusage) < 0) { - _gnutls_debug_log("getrusage failed: %s\n", strerror(errno)); - abort(); - } + if (getrusage (RUSAGE_SELF, &event.rusage) < 0) + { + _gnutls_debug_log ("getrusage failed: %s\n", strerror (errno)); + abort (); + } #endif - event.count = 0; - if (init) { - trivia_time_count = 0; - } else { - event.count = trivia_time_count++; - - if (event.now.tv_sec != trivia_previous_time) { - /* Count one bit of entropy if we either have more than two - * invocations in one second, or more than two seconds - * between invocations. */ - if ((trivia_time_count > 2) - || ((event.now.tv_sec - trivia_previous_time) > 2)) - entropy++; - - trivia_time_count = 0; - } + event.count = 0; + if (init) + { + trivia_time_count = 0; } - trivia_previous_time = event.now.tv_sec; - event.pid = getpid(); + else + { + event.count = trivia_time_count++; + + if (event.now.tv_sec != trivia_previous_time) + { + /* Count one bit of entropy if we either have more than two + * invocations in one second, or more than two seconds + * between invocations. */ + if ((trivia_time_count > 2) + || ((event.now.tv_sec - trivia_previous_time) > 2)) + entropy++; + + trivia_time_count = 0; + } + } + trivia_previous_time = event.now.tv_sec; + event.pid = getpid (); - return yarrow256_update(&yctx, RANDOM_SOURCE_TRIVIA, entropy, - sizeof(event), (const uint8_t *) &event); + return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy, + sizeof (event), (const uint8_t *) &event); } -static int do_device_source_urandom(int init) +static int +do_device_source_urandom (int init) { - time_t now = time(NULL); - int read_size = DEVICE_READ_SIZE; - - if (init) { - int old; - - device_fd = open("/dev/urandom", O_RDONLY); - if (device_fd < 0) { - _gnutls_debug_log("Cannot open urandom!\n"); - return GNUTLS_E_FILE_ERROR; - } + time_t now = time (NULL); + int read_size = DEVICE_READ_SIZE; + + if (init) + { + int old; + + device_fd = open ("/dev/urandom", O_RDONLY); + if (device_fd < 0) + { + _gnutls_debug_log ("Cannot open urandom!\n"); + return GNUTLS_E_FILE_ERROR; + } + + old = fcntl (device_fd, F_GETFD); + fcntl (device_fd, F_SETFD, old | 1); + device_last_read = now; - old = fcntl(device_fd, F_GETFD); - fcntl(device_fd, F_SETFD, old | 1); - device_last_read = now; - - read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ + read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ } - if ((device_fd > 0) - && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) { - - /* More than a minute since we last read the device */ - uint8_t buf[DEVICE_READ_SIZE_MAX]; - uint32_t done; - - for (done = 0; done < read_size;) { - int res; - do - res = - read(device_fd, buf + done, sizeof(buf) - done); - while (res < 0 && errno == EINTR); - - if (res <= 0) { - if (res < 0) { - _gnutls_debug_log("Failed to read /dev/urandom: %s\n", - strerror(errno)); - } else { - _gnutls_debug_log - ("Failed to read /dev/urandom: end of file\n"); - } - - return GNUTLS_E_INTERNAL_ERROR; - } - - done += res; + if ((device_fd > 0) + && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) + { + + /* More than a minute since we last read the device */ + uint8_t buf[DEVICE_READ_SIZE_MAX]; + uint32_t done; + + for (done = 0; done < read_size;) + { + int res; + do + res = read (device_fd, buf + done, sizeof (buf) - done); + while (res < 0 && errno == EINTR); + + if (res <= 0) + { + if (res < 0) + { + _gnutls_debug_log ("Failed to read /dev/urandom: %s\n", + strerror (errno)); + } + else + { + _gnutls_debug_log + ("Failed to read /dev/urandom: end of file\n"); } - device_last_read = now; - return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE, read_size*8/2 /* we trust the RNG */, - read_size, buf); + return GNUTLS_E_INTERNAL_ERROR; + } + + done += res; + } + + device_last_read = now; + return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, + read_size * 8 / 2 /* we trust the RNG */ , + read_size, buf); } - return 0; + return 0; } -static int do_device_source_egd(int init) +static int +do_device_source_egd (int init) { - time_t now = time(NULL); - int read_size = DEVICE_READ_SIZE; - - if (init) { - device_fd = _rndegd_connect_socket(); - if (device_fd < 0) { - _gnutls_debug_log("Cannot open egd socket!\n"); - return GNUTLS_E_FILE_ERROR; - } + time_t now = time (NULL); + int read_size = DEVICE_READ_SIZE; + + if (init) + { + device_fd = _rndegd_connect_socket (); + if (device_fd < 0) + { + _gnutls_debug_log ("Cannot open egd socket!\n"); + return GNUTLS_E_FILE_ERROR; + } + + device_last_read = now; - device_last_read = now; - - read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ + read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ } - if ((device_fd > 0) - && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) { - - /* More than a minute since we last read the device */ - uint8_t buf[DEVICE_READ_SIZE_MAX]; - uint32_t done; - - for (done = 0; done < read_size;) { - int res; - res = _rndegd_read(&device_fd, buf + done, sizeof(buf) - done); - if (res <= 0) { - if (res < 0) { - _gnutls_debug_log("Failed to read egd.\n"); - } else { - _gnutls_debug_log("Failed to read egd: end of file\n"); - } - - return GNUTLS_E_INTERNAL_ERROR; - } - done += res; + if ((device_fd > 0) + && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) + { + + /* More than a minute since we last read the device */ + uint8_t buf[DEVICE_READ_SIZE_MAX]; + uint32_t done; + + for (done = 0; done < read_size;) + { + int res; + res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done); + if (res <= 0) + { + if (res < 0) + { + _gnutls_debug_log ("Failed to read egd.\n"); } + else + { + _gnutls_debug_log ("Failed to read egd: end of file\n"); + } + + return GNUTLS_E_INTERNAL_ERROR; + } + done += res; + } - device_last_read = now; - return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE, read_size*8/2, - read_size, buf); + device_last_read = now; + return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, read_size * 8 / 2, + read_size, buf); } - return 0; + return 0; } -static int do_device_source(int init) +static int +do_device_source (int init) { -int ret; -static int (*do_source)(int init) = NULL; + int ret; + static int (*do_source) (int init) = NULL; /* using static var here is ok since we are * always called with mutexes down */ - if (init == 1) { - do_source = do_device_source_urandom; - ret = do_source(init); - if (ret < 0) { - do_source = do_device_source_egd; - ret = do_source(init); - } - - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return ret; - } else { - return do_source(init); + if (init == 1) + { + do_source = do_device_source_urandom; + ret = do_source (init); + if (ret < 0) + { + do_source = do_device_source_egd; + ret = do_source (init); + } + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return ret; + } + else + { + return do_source (init); } } -static void wrap_nettle_rnd_deinit(void* ctx) +static void +wrap_nettle_rnd_deinit (void *ctx) { - RND_LOCK; - close(device_fd); - RND_UNLOCK; + RND_LOCK; + close (device_fd); + RND_UNLOCK; - gnutls_mutex_deinit(&rnd_mutex); - rnd_mutex = NULL; + gnutls_mutex_deinit (&rnd_mutex); + rnd_mutex = NULL; } #endif -static int wrap_nettle_rnd_init(void **ctx) +static int +wrap_nettle_rnd_init (void **ctx) { -int ret; + int ret; - ret = gnutls_mutex_init(&rnd_mutex); - if (ret < 0) - { - gnutls_assert(); - return ret; - } + ret = gnutls_mutex_init (&rnd_mutex); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - yarrow256_init(&yctx, SOURCES, ysources); + yarrow256_init (&yctx, SOURCES, ysources); - ret = do_device_source(1); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = do_device_source (1); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - ret = do_trivia_source(1); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = do_trivia_source (1); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - yarrow256_slow_reseed(&yctx); + yarrow256_slow_reseed (&yctx); - return 0; + return 0; } static int -wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize) +wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize) { -int ret; - - RND_LOCK; - - ret = do_trivia_source( 0); - if (ret < 0) { - gnutls_assert(); - return ret; - } + int ret; - ret = do_device_source( 0); - if (ret < 0) { - gnutls_assert(); - return ret; - } + RND_LOCK; + + ret = do_trivia_source (0); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = do_device_source (0); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - yarrow256_random(&yctx, datasize, data); - RND_UNLOCK; - return 0; + yarrow256_random (&yctx, datasize, data); + RND_UNLOCK; + return 0; } int crypto_rnd_prio = INT_MAX; gnutls_crypto_rnd_st _gnutls_rnd_ops = { - .init = wrap_nettle_rnd_init, - .deinit = wrap_nettle_rnd_deinit, - .rnd = wrap_nettle_rnd, + .init = wrap_nettle_rnd_init, + .deinit = wrap_nettle_rnd_deinit, + .rnd = wrap_nettle_rnd, }; diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c index 07d24b914b..da14a74874 100644 --- a/lib/opencdk/armor.c +++ b/lib/opencdk/armor.c @@ -28,7 +28,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <string.h> @@ -39,9 +39,9 @@ #include "filters.h" #ifdef __MINGW32__ -# define LF "\r\n" +#define LF "\r\n" #else -# define LF "\n" +#define LF "\n" #endif #define CRCINIT 0xB704CE @@ -283,7 +283,8 @@ compress_get_algo (cdk_stream_t inp, int *r_zipalgo) pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf); if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo) { - _gnutls_buffers_log ("armor compressed (algo=%d)\n", *(plain + 1)); + _gnutls_buffers_log ("armor compressed (algo=%d)\n", + *(plain + 1)); *r_zipalgo = *(plain + 1); } break; @@ -596,8 +597,8 @@ armor_decode (void *data, FILE * in, FILE * out) afx->crc_okay = (afx->crc == crc2) ? 1 : 0; if (!afx->crc_okay && !rc) { - _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n", (unsigned int) crc2, - (unsigned int) afx->crc); + _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n", + (unsigned int) crc2, (unsigned int) afx->crc); rc = CDK_Armor_CRC_Error; } diff --git a/lib/opencdk/hash.c b/lib/opencdk/hash.c index 039e6d4c9e..9ac9d9c682 100644 --- a/lib/opencdk/hash.c +++ b/lib/opencdk/hash.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <sys/stat.h> diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c index 7464dfbd3f..b93c5c9a8e 100644 --- a/lib/opencdk/kbnode.c +++ b/lib/opencdk/kbnode.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <stdlib.h> diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index 7b798520e3..ab7e65d0ba 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <sys/stat.h> #include <stdio.h> diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c index d654cd4e9c..769f117e74 100644 --- a/lib/opencdk/literal.c +++ b/lib/opencdk/literal.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <time.h> diff --git a/lib/opencdk/main.c b/lib/opencdk/main.c index 1803643cbb..3052bf1387 100644 --- a/lib/opencdk/main.c +++ b/lib/opencdk/main.c @@ -23,12 +23,12 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <errno.h> #ifdef HAVE_UNISTD_H -# include <unistd.h> +#include <unistd.h> #endif #ifdef _WIN32 #include <windows.h> diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c index 26c159037d..a6f69187b3 100644 --- a/lib/opencdk/misc.c +++ b/lib/opencdk/misc.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <string.h> diff --git a/lib/opencdk/new-packet.c b/lib/opencdk/new-packet.c index 70048edc71..55b0cfd1a3 100644 --- a/lib/opencdk/new-packet.c +++ b/lib/opencdk/new-packet.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <string.h> #include <stdio.h> diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c index 99779e4855..dc2e2ea788 100644 --- a/lib/opencdk/pubkey.c +++ b/lib/opencdk/pubkey.c @@ -193,7 +193,7 @@ cdk_pk_get_nskey (int algo) int ret; if (is_RSA (algo)) - ret = RSA_PRIVATE_PARAMS-2; /* we don't have exp1 and exp2 */ + ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */ else if (is_DSA (algo)) ret = DSA_PRIVATE_PARAMS; else if (is_ELG (algo)) @@ -438,7 +438,7 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr) err = _gnutls_hash_init (&hd, md_algo); if (err < 0) { - gnutls_assert(); + gnutls_assert (); return map_gnutls_error (err); } _cdk_hash_pubkey (pk, &hd, 1); diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index 21067c1c24..6e7fcefd56 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -137,7 +137,7 @@ read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure) if (!rc && nread != ((nbits + 7) / 8)) { _gnutls_write_log ("read_mpi: too short %d < %d\n", (int) nread, - (int) ((nbits + 7) / 8)); + (int) ((nbits + 7) / 8)); return CDK_MPI_Error; } @@ -301,7 +301,8 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk) if (!npkey) { gnutls_assert (); - _gnutls_write_log ("invalid public key algorithm %d\n", pk->pubkey_algo); + _gnutls_write_log ("invalid public key algorithm %d\n", + pk->pubkey_algo); return CDK_Inv_Algo; } for (i = 0; i < npkey; i++) diff --git a/lib/opencdk/seskey.c b/lib/opencdk/seskey.c index e3e4d40a3d..8830905098 100644 --- a/lib/opencdk/seskey.c +++ b/lib/opencdk/seskey.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index 003ae5ac29..cf007d4e34 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <time.h> @@ -53,10 +53,10 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr) err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes); if (err < 0) - { - gnutls_assert(); + { + gnutls_assert (); return map_gnutls_error (err); - } + } if (!usefpr || pk->version == 4) _gnutls_hash (md, buf, nbytes); diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index 23931a8432..01fd8855f1 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -32,7 +32,7 @@ #include <stdlib.h> #include <errno.h> #ifdef HAVE_UNISTD_H -# include <unistd.h> +#include <unistd.h> #endif #include "opencdk.h" @@ -460,7 +460,7 @@ cdk_stream_close (cdk_stream_t s) } _gnutls_read_log ("close stream ref=%d `%s'\n", - s->fp_ref, s->fname ? s->fname : "[temp]"); + s->fp_ref, s->fname ? s->fname : "[temp]"); /* In the user callback mode, we call the release cb if possible and just free the stream. */ @@ -757,7 +757,7 @@ stream_fp_replace (cdk_stream_t s, FILE ** tmp) assert (s); _gnutls_read_log ("replace stream fd=%d with fd=%d\n", - fileno (s->fp), fileno (*tmp)); + fileno (s->fp), fileno (*tmp)); rc = fclose (s->fp); if (rc) { @@ -793,7 +793,7 @@ stream_filter_write (cdk_stream_t s) continue; /* if there is no next filter, create the final output file */ _gnutls_read_log ("filter [write]: last filter=%d fname=%s\n", - f->next ? 1 : 0, s->fname); + f->next ? 1 : 0, s->fname); if (!f->next && s->fname) f->tmp = fopen (s->fname, "w+b"); else @@ -852,7 +852,7 @@ stream_filter_read (cdk_stream_t s) if (f->flags.error) { _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n", - s->fname ? s->fname : "[temp]"); + s->fname ? s->fname : "[temp]"); continue; } @@ -864,7 +864,7 @@ stream_filter_read (cdk_stream_t s) } rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp); _gnutls_read_log ("filter %s [read]: type=%d rc=%d\n", - s->fname ? s->fname : "[temp]", f->type, rc); + s->fname ? s->fname : "[temp]", f->type, rc); if (rc) { f->flags.error = 1; @@ -1060,7 +1060,7 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) memcpy (s->cache.buf, old, s->cache.size); cdk_free (old); _gnutls_read_log ("stream: enlarge cache to %d octets\n", - (int) s->cache.alloced); + (int) s->cache.alloced); } memcpy (s->cache.buf + s->cache.size, buf, count); s->cache.size += count; @@ -1350,7 +1350,7 @@ cdk_stream_enable_cache (cdk_stream_t s, int val) s->cache.buf = cdk_calloc (1, STREAM_BUFSIZE); s->cache.alloced = STREAM_BUFSIZE; _gnutls_read_log ("stream: allocate cache of %d octets\n", - STREAM_BUFSIZE); + STREAM_BUFSIZE); } return 0; } @@ -1580,7 +1580,7 @@ _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes) assert (s); _gnutls_read_log ("stream: activate block mode with blocksize %d\n", - (int) nbytes); + (int) nbytes); s->blkmode = nbytes; return 0; } diff --git a/lib/opencdk/types.h b/lib/opencdk/types.h index 88dc0e2378..d98ce0643b 100644 --- a/lib/opencdk/types.h +++ b/lib/opencdk/types.h @@ -26,26 +26,26 @@ #define CDK_TYPES_H #ifndef HAVE_BYTE_TYPEDEF -# undef byte +#undef byte typedef unsigned char byte; -# define HAVE_BYTE_TYPEDEF +#define HAVE_BYTE_TYPEDEF #endif #ifndef HAVE_U16_TYPEDEF -# undef u16 +#undef u16 typedef unsigned short u16; -# define HAVE_U16_TYPEDEF +#define HAVE_U16_TYPEDEF #endif #ifndef HAVE_U32_TYPEDEF -# undef u32 +#undef u32 typedef unsigned int u32; -# define HAVE_U32_TYPEDEF +#define HAVE_U32_TYPEDEF #endif #ifndef DIM -# define DIM(v) (sizeof (v)/sizeof ((v)[0])) -# define DIMof(type, member) DIM(((type *)0)->member) +#define DIM(v) (sizeof (v)/sizeof ((v)[0])) +#define DIMof(type, member) DIM(((type *)0)->member) #endif #endif /* CDK_TYPES_H */ diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c index 7826114ef2..ee5fb2be66 100644 --- a/lib/opencdk/verify.c +++ b/lib/opencdk/verify.c @@ -23,7 +23,7 @@ * */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> #include <string.h> @@ -245,7 +245,7 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) err = _gnutls_hash_init (&md, digest_algo); if (err < 0) { - gnutls_assert(); + gnutls_assert (); rc = map_gnutls_error (err); goto leave; } diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c index 7c1dc01f3f..2223c98068 100644 --- a/lib/openpgp/gnutls_openpgp.c +++ b/lib/openpgp/gnutls_openpgp.c @@ -141,17 +141,19 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, gnutls_cert *ccert; /* this should be first */ - ret = gnutls_privkey_init(&privkey); - if (ret < 0) + ret = gnutls_privkey_init (&privkey); + if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } - ret = gnutls_privkey_import_openpgp (privkey, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + ret = + gnutls_privkey_import_openpgp (privkey, pkey, + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { - gnutls_privkey_deinit(privkey); + gnutls_privkey_deinit (privkey); gnutls_assert (); return ret; } @@ -161,7 +163,7 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, if (ccert == NULL) { gnutls_assert (); - gnutls_privkey_deinit(privkey); + gnutls_privkey_deinit (privkey); return GNUTLS_E_MEMORY_ERROR; } @@ -169,19 +171,20 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_free(ccert); - gnutls_privkey_deinit(privkey); + gnutls_free (ccert); + gnutls_privkey_deinit (privkey); return ret; } - ret = certificate_credentials_append_pkey(res, privkey); - if (ret >=0) ret = certificate_credential_append_crt_list(res, ccert, 1); + ret = certificate_credentials_append_pkey (res, privkey); + if (ret >= 0) + ret = certificate_credential_append_crt_list (res, ccert, 1); if (ret < 0) { - gnutls_assert(); - gnutls_free(ccert); - gnutls_privkey_deinit(privkey); + gnutls_assert (); + gnutls_free (ccert); + gnutls_privkey_deinit (privkey); return ret; } @@ -402,27 +405,27 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, if (subkey_id != NULL) { if (strcasecmp (subkey_id, "auto") == 0) - ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); + ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); else - ret = get_keyid (keyid, subkey_id); + ret = get_keyid (keyid, subkey_id); if (ret < 0) - gnutls_assert(); + gnutls_assert (); if (ret >= 0) - { - ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); - if (ret >= 0) - ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); - } + { + ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); + if (ret >= 0) + ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); + } if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_privkey_deinit (pkey); - gnutls_openpgp_crt_deinit (crt); - return ret; - } + { + gnutls_assert (); + gnutls_openpgp_privkey_deinit (pkey); + gnutls_openpgp_crt_deinit (crt); + return ret; + } } ret = gnutls_certificate_set_openpgp_key (res, crt, pkey); @@ -740,7 +743,8 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) _gnutls_debug_log ("Importing Openpgp cert and using openpgp sub key: %s\n", - _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf), NULL)); + _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf), + NULL)); KEYID_IMPORT (kid32, keyid); @@ -874,10 +878,11 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, KEYID_IMPORT (kid, keyid); - idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid); - pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL); - result = _gnutls_openpgp_privkey_get_mpis (key, kid, - params, ¶ms_size); + idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); + pk_algorithm = + gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL); + result = + _gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size); } else { @@ -893,7 +898,8 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, } - result = _gnutls_soft_sign (pk_algorithm, params, params_size, hash, signature); + result = + _gnutls_soft_sign (pk_algorithm, params, params_size, hash, signature); for (i = 0; i < params_size; i++) _gnutls_mpi_release (¶ms[i]); @@ -923,8 +929,9 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, **/ int gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, - unsigned int flags, const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { int result, i; bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; @@ -937,7 +944,7 @@ gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - + result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid); if (result == 0) { @@ -963,11 +970,12 @@ gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, if (pk_algorithm != GNUTLS_PK_RSA) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, params, params_size, 2); + result = + _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, params, params_size, 2); for (i = 0; i < params_size; i++) _gnutls_mpi_release (¶ms[i]); diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h index 8071aa0098..235bcfd482 100644 --- a/lib/openpgp/openpgp_int.h +++ b/lib/openpgp/openpgp_int.h @@ -1,8 +1,8 @@ #ifndef OPENPGP_LOCAL_H -# define OPENPGP_LOCAL_H +#define OPENPGP_LOCAL_H #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #ifdef ENABLE_OPENPGP diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c index 0413668c8a..eaa1902d68 100644 --- a/lib/openpgp/output.c +++ b/lib/openpgp/output.c @@ -37,7 +37,8 @@ #define adds _gnutls_buffer_append_str static void -hexdump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc) +hexdump (gnutls_buffer_st * str, const char *data, size_t len, + const char *spc) { size_t j; @@ -237,7 +238,9 @@ print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) name = _("unknown"); addf (str, _("\tPublic Key Algorithm: %s\n"), name); - addf (str, _("\tKey Security Level: %s\n"), gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param(err, bits))); + addf (str, _("\tKey Security Level: %s\n"), + gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param + (err, bits))); switch (err) { diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index 2dede0e083..e2a5230be3 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -773,7 +773,7 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], int i = 0; uint32_t local_keyid[2]; - _gnutls_hard_log("Looking keyid: %x.%x\n", keyid[0], keyid[1]); + _gnutls_hard_log ("Looking keyid: %x.%x\n", keyid[0], keyid[1]); ctx = NULL; while ((p = cdk_kbnode_walk (knode, &ctx, 0))) @@ -788,7 +788,8 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], else cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); - _gnutls_hard_log("Found keyid: %x.%x\n", local_keyid[0], local_keyid[1]); + _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0], + local_keyid[1]); if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) { return i; diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index 9450e33cb4..a3cdf12751 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -87,13 +87,13 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key) gnutls_sec_param_t gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key) { -gnutls_pk_algorithm_t algo; -unsigned int bits; + gnutls_pk_algorithm_t algo; + unsigned int bits; algo = gnutls_openpgp_privkey_get_pk_algorithm (key, &bits); - if (algo == GNUTLS_PK_UNKNOWN) + if (algo == GNUTLS_PK_UNKNOWN) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_SEC_PARAM_UNKNOWN; } @@ -718,7 +718,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, gnutls_pk_params_st pk_params; cdk_packet_t pkt; - memset(&pk_params, 0, sizeof(pk_params)); + memset (&pk_params, 0, sizeof (pk_params)); if (keyid == NULL) pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY); @@ -739,7 +739,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, case GNUTLS_PK_RSA: /* openpgp does not hold all parameters as in PKCS #1 */ - pk_params.params_nr = RSA_PRIVATE_PARAMS-2; + pk_params.params_nr = RSA_PRIVATE_PARAMS - 2; break; case GNUTLS_PK_DSA: pk_params.params_nr = DSA_PRIVATE_PARAMS; @@ -758,9 +758,9 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, goto error; } } - /* fixup will generate exp1 and exp2 that are not - * available here. - */ + /* fixup will generate exp1 and exp2 that are not + * available here. + */ result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, &pk_params); if (result < 0) { @@ -775,7 +775,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, } *params_size = pk_params.params_nr; - for(i=0;i<pk_params.params_nr;i++) + for (i = 0; i < pk_params.params_nr; i++) params[i] = pk_params.params[i]; return 0; diff --git a/lib/pakchois/dlopen.c b/lib/pakchois/dlopen.c index c7fab3a76a..624f302722 100644 --- a/lib/pakchois/dlopen.c +++ b/lib/pakchois/dlopen.c @@ -27,22 +27,25 @@ #ifdef _WIN32 -# include <windows.h> +#include <windows.h> -void *dlopen(const char *filename, int flag) +void * +dlopen (const char *filename, int flag) { - return LoadLibrary(filename); + return LoadLibrary (filename); } -void *dlsym(void *handle, const char *symbol) +void * +dlsym (void *handle, const char *symbol) { - return GetProcAddress((HINSTANCE)handle, symbol); + return GetProcAddress ((HINSTANCE) handle, symbol); } -int dlclose(void *handle) +int +dlclose (void *handle) { - FreeLibrary((HINSTANCE)handle); + FreeLibrary ((HINSTANCE) handle); } #endif diff --git a/lib/pakchois/dlopen.h b/lib/pakchois/dlopen.h index a8a5fab000..47362cb035 100644 --- a/lib/pakchois/dlopen.h +++ b/lib/pakchois/dlopen.h @@ -1,5 +1,5 @@ #ifndef DLOPEN_H -# define DLOPEN_H +#define DLOPEN_H #include "config.h" @@ -8,13 +8,13 @@ #define RTLD_LOCAL 0 #define RTLD_NOW 1 -void *dlopen(const char *filename, int flag); -void *dlsym(void *handle, const char *symbol); -int dlclose(void *handle); +void *dlopen (const char *filename, int flag); +void *dlsym (void *handle, const char *symbol); +int dlclose (void *handle); #else -# include <dlfcn.h> +#include <dlfcn.h> #endif diff --git a/lib/pakchois/errors.c b/lib/pakchois/errors.c index de09b92d53..d223239d8f 100644 --- a/lib/pakchois/errors.c +++ b/lib/pakchois/errors.c @@ -46,101 +46,189 @@ #define _(x) x #endif -const char *pakchois_error(ck_rv_t rv) +const char * +pakchois_error (ck_rv_t rv) { - if (rv >= CKR_VENDOR_DEFINED) { - return _("Vendor defined error"); + if (rv >= CKR_VENDOR_DEFINED) + { + return _("Vendor defined error"); } - switch (rv) { - case CKR_OK: return _("OK"); - case CKR_CANCEL: return _("Cancel"); - case CKR_HOST_MEMORY: return _("Host memory"); - case CKR_SLOT_ID_INVALID: return _("Slot id invalid"); - case CKR_GENERAL_ERROR: return _("General error"); - case CKR_FUNCTION_FAILED: return _("Function failed"); - case CKR_ARGUMENTS_BAD: return _("Arguments bad"); - case CKR_NO_EVENT: return _("No event"); - case CKR_NEED_TO_CREATE_THREADS: return _("Need to create threads"); - case CKR_CANT_LOCK: return _("Can't lock"); - case CKR_ATTRIBUTE_READ_ONLY: return _("Attribute read only"); - case CKR_ATTRIBUTE_SENSITIVE: return _("Attribute sensitive"); - case CKR_ATTRIBUTE_TYPE_INVALID: return _("Attribute type invalid"); - case CKR_ATTRIBUTE_VALUE_INVALID: return _("Attribute value invalid"); - case CKR_DATA_INVALID: return _("Data invalid"); - case CKR_DATA_LEN_RANGE: return _("Data len range"); - case CKR_DEVICE_ERROR: return _("Device error"); - case CKR_DEVICE_MEMORY: return _("Device memory"); - case CKR_DEVICE_REMOVED: return _("Device removed"); - case CKR_ENCRYPTED_DATA_INVALID: return _("Encrypted data invalid"); - case CKR_ENCRYPTED_DATA_LEN_RANGE: return _("Encrypted data len range"); - case CKR_FUNCTION_CANCELED: return _("Function canceled"); - case CKR_FUNCTION_NOT_PARALLEL: return _("Function not parallel"); - case CKR_FUNCTION_NOT_SUPPORTED: return _("Function not supported"); - case CKR_KEY_HANDLE_INVALID: return _("Key handle invalid"); - case CKR_KEY_SIZE_RANGE: return _("Key size range"); - case CKR_KEY_TYPE_INCONSISTENT: return _("Key type inconsistent"); - case CKR_KEY_NOT_NEEDED: return _("Key not needed"); - case CKR_KEY_CHANGED: return _("Key changed"); - case CKR_KEY_NEEDED: return _("Key needed"); - case CKR_KEY_INDIGESTIBLE: return _("Key indigestible"); - case CKR_KEY_FUNCTION_NOT_PERMITTED: return _("Key function not permitted"); - case CKR_KEY_NOT_WRAPPABLE: return _("Key not wrappable"); - case CKR_KEY_UNEXTRACTABLE: return _("Key unextractable"); - case CKR_MECHANISM_INVALID: return _("Mechanism invalid"); - case CKR_MECHANISM_PARAM_INVALID: return _("Mechanism param invalid"); - case CKR_OBJECT_HANDLE_INVALID: return _("Object handle invalid"); - case CKR_OPERATION_ACTIVE: return _("Operation active"); - case CKR_OPERATION_NOT_INITIALIZED: return _("Operation not initialized"); - case CKR_PIN_INCORRECT: return _("PIN incorrect"); - case CKR_PIN_INVALID: return _("PIN invalid"); - case CKR_PIN_LEN_RANGE: return _("PIN len range"); - case CKR_PIN_EXPIRED: return _("PIN expired"); - case CKR_PIN_LOCKED: return _("PIN locked"); - case CKR_SESSION_CLOSED: return _("Session closed"); - case CKR_SESSION_COUNT: return _("Session count"); - case CKR_SESSION_HANDLE_INVALID: return _("Session handle invalid"); - case CKR_SESSION_PARALLEL_NOT_SUPPORTED: return _("Session parallel not supported"); - case CKR_SESSION_READ_ONLY: return _("Session read only"); - case CKR_SESSION_EXISTS: return _("Session exists"); - case CKR_SESSION_READ_ONLY_EXISTS: return _("Session read only exists"); - case CKR_SESSION_READ_WRITE_SO_EXISTS: return _("Session read write so exists"); - case CKR_SIGNATURE_INVALID: return _("Signature invalid"); - case CKR_SIGNATURE_LEN_RANGE: return _("Signature length range"); - case CKR_TEMPLATE_INCOMPLETE: return _("Template incomplete"); - case CKR_TEMPLATE_INCONSISTENT: return _("Template inconsistent"); - case CKR_TOKEN_NOT_PRESENT: return _("Token not present"); - case CKR_TOKEN_NOT_RECOGNIZED: return _("Token not recognized"); - case CKR_TOKEN_WRITE_PROTECTED: return _("Token write protected"); - case CKR_UNWRAPPING_KEY_HANDLE_INVALID: return _("Unwrapping key handle invalid"); - case CKR_UNWRAPPING_KEY_SIZE_RANGE: return _("Unwrapping key size range"); - case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: return _("Unwrapping key type inconsistent"); - case CKR_USER_ALREADY_LOGGED_IN: return _("User already logged in"); - case CKR_USER_NOT_LOGGED_IN: return _("User not logged in"); - case CKR_USER_PIN_NOT_INITIALIZED: return _("User PIN not initialized"); - case CKR_USER_TYPE_INVALID: return _("User type invalid"); - case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: return _("Another user already logged in"); - case CKR_USER_TOO_MANY_TYPES: return _("User too many types"); - case CKR_WRAPPED_KEY_INVALID: return _("Wrapped key invalid"); - case CKR_WRAPPED_KEY_LEN_RANGE: return _("Wrapped key length range"); - case CKR_WRAPPING_KEY_HANDLE_INVALID: return _("Wrapping key handle invalid"); - case CKR_WRAPPING_KEY_SIZE_RANGE: return _("Wrapping key size range"); - case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: return _("Wrapping key type inconsistent"); - case CKR_RANDOM_SEED_NOT_SUPPORTED: return _("Random seed not supported"); - case CKR_RANDOM_NO_RNG: return _("Random no rng"); - case CKR_DOMAIN_PARAMS_INVALID: return _("Domain params invalid"); - case CKR_BUFFER_TOO_SMALL: return _("Buffer too small"); - case CKR_SAVED_STATE_INVALID: return _("Saved state invalid"); - case CKR_INFORMATION_SENSITIVE: return _("Information sensitive"); - case CKR_STATE_UNSAVEABLE: return _("State unsaveable"); - case CKR_CRYPTOKI_NOT_INITIALIZED: return _("Cryptoki not initialized"); - case CKR_CRYPTOKI_ALREADY_INITIALIZED: return _("Cryptoki already initialized"); - case CKR_MUTEX_BAD: return _("Mutex bad"); - case CKR_MUTEX_NOT_LOCKED: return _("Mutex not locked"); - case CKR_FUNCTION_REJECTED: return _("Function rejected"); + switch (rv) + { + case CKR_OK: + return _("OK"); + case CKR_CANCEL: + return _("Cancel"); + case CKR_HOST_MEMORY: + return _("Host memory"); + case CKR_SLOT_ID_INVALID: + return _("Slot id invalid"); + case CKR_GENERAL_ERROR: + return _("General error"); + case CKR_FUNCTION_FAILED: + return _("Function failed"); + case CKR_ARGUMENTS_BAD: + return _("Arguments bad"); + case CKR_NO_EVENT: + return _("No event"); + case CKR_NEED_TO_CREATE_THREADS: + return _("Need to create threads"); + case CKR_CANT_LOCK: + return _("Can't lock"); + case CKR_ATTRIBUTE_READ_ONLY: + return _("Attribute read only"); + case CKR_ATTRIBUTE_SENSITIVE: + return _("Attribute sensitive"); + case CKR_ATTRIBUTE_TYPE_INVALID: + return _("Attribute type invalid"); + case CKR_ATTRIBUTE_VALUE_INVALID: + return _("Attribute value invalid"); + case CKR_DATA_INVALID: + return _("Data invalid"); + case CKR_DATA_LEN_RANGE: + return _("Data len range"); + case CKR_DEVICE_ERROR: + return _("Device error"); + case CKR_DEVICE_MEMORY: + return _("Device memory"); + case CKR_DEVICE_REMOVED: + return _("Device removed"); + case CKR_ENCRYPTED_DATA_INVALID: + return _("Encrypted data invalid"); + case CKR_ENCRYPTED_DATA_LEN_RANGE: + return _("Encrypted data len range"); + case CKR_FUNCTION_CANCELED: + return _("Function canceled"); + case CKR_FUNCTION_NOT_PARALLEL: + return _("Function not parallel"); + case CKR_FUNCTION_NOT_SUPPORTED: + return _("Function not supported"); + case CKR_KEY_HANDLE_INVALID: + return _("Key handle invalid"); + case CKR_KEY_SIZE_RANGE: + return _("Key size range"); + case CKR_KEY_TYPE_INCONSISTENT: + return _("Key type inconsistent"); + case CKR_KEY_NOT_NEEDED: + return _("Key not needed"); + case CKR_KEY_CHANGED: + return _("Key changed"); + case CKR_KEY_NEEDED: + return _("Key needed"); + case CKR_KEY_INDIGESTIBLE: + return _("Key indigestible"); + case CKR_KEY_FUNCTION_NOT_PERMITTED: + return _("Key function not permitted"); + case CKR_KEY_NOT_WRAPPABLE: + return _("Key not wrappable"); + case CKR_KEY_UNEXTRACTABLE: + return _("Key unextractable"); + case CKR_MECHANISM_INVALID: + return _("Mechanism invalid"); + case CKR_MECHANISM_PARAM_INVALID: + return _("Mechanism param invalid"); + case CKR_OBJECT_HANDLE_INVALID: + return _("Object handle invalid"); + case CKR_OPERATION_ACTIVE: + return _("Operation active"); + case CKR_OPERATION_NOT_INITIALIZED: + return _("Operation not initialized"); + case CKR_PIN_INCORRECT: + return _("PIN incorrect"); + case CKR_PIN_INVALID: + return _("PIN invalid"); + case CKR_PIN_LEN_RANGE: + return _("PIN len range"); + case CKR_PIN_EXPIRED: + return _("PIN expired"); + case CKR_PIN_LOCKED: + return _("PIN locked"); + case CKR_SESSION_CLOSED: + return _("Session closed"); + case CKR_SESSION_COUNT: + return _("Session count"); + case CKR_SESSION_HANDLE_INVALID: + return _("Session handle invalid"); + case CKR_SESSION_PARALLEL_NOT_SUPPORTED: + return _("Session parallel not supported"); + case CKR_SESSION_READ_ONLY: + return _("Session read only"); + case CKR_SESSION_EXISTS: + return _("Session exists"); + case CKR_SESSION_READ_ONLY_EXISTS: + return _("Session read only exists"); + case CKR_SESSION_READ_WRITE_SO_EXISTS: + return _("Session read write so exists"); + case CKR_SIGNATURE_INVALID: + return _("Signature invalid"); + case CKR_SIGNATURE_LEN_RANGE: + return _("Signature length range"); + case CKR_TEMPLATE_INCOMPLETE: + return _("Template incomplete"); + case CKR_TEMPLATE_INCONSISTENT: + return _("Template inconsistent"); + case CKR_TOKEN_NOT_PRESENT: + return _("Token not present"); + case CKR_TOKEN_NOT_RECOGNIZED: + return _("Token not recognized"); + case CKR_TOKEN_WRITE_PROTECTED: + return _("Token write protected"); + case CKR_UNWRAPPING_KEY_HANDLE_INVALID: + return _("Unwrapping key handle invalid"); + case CKR_UNWRAPPING_KEY_SIZE_RANGE: + return _("Unwrapping key size range"); + case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: + return _("Unwrapping key type inconsistent"); + case CKR_USER_ALREADY_LOGGED_IN: + return _("User already logged in"); + case CKR_USER_NOT_LOGGED_IN: + return _("User not logged in"); + case CKR_USER_PIN_NOT_INITIALIZED: + return _("User PIN not initialized"); + case CKR_USER_TYPE_INVALID: + return _("User type invalid"); + case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: + return _("Another user already logged in"); + case CKR_USER_TOO_MANY_TYPES: + return _("User too many types"); + case CKR_WRAPPED_KEY_INVALID: + return _("Wrapped key invalid"); + case CKR_WRAPPED_KEY_LEN_RANGE: + return _("Wrapped key length range"); + case CKR_WRAPPING_KEY_HANDLE_INVALID: + return _("Wrapping key handle invalid"); + case CKR_WRAPPING_KEY_SIZE_RANGE: + return _("Wrapping key size range"); + case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: + return _("Wrapping key type inconsistent"); + case CKR_RANDOM_SEED_NOT_SUPPORTED: + return _("Random seed not supported"); + case CKR_RANDOM_NO_RNG: + return _("Random no rng"); + case CKR_DOMAIN_PARAMS_INVALID: + return _("Domain params invalid"); + case CKR_BUFFER_TOO_SMALL: + return _("Buffer too small"); + case CKR_SAVED_STATE_INVALID: + return _("Saved state invalid"); + case CKR_INFORMATION_SENSITIVE: + return _("Information sensitive"); + case CKR_STATE_UNSAVEABLE: + return _("State unsaveable"); + case CKR_CRYPTOKI_NOT_INITIALIZED: + return _("Cryptoki not initialized"); + case CKR_CRYPTOKI_ALREADY_INITIALIZED: + return _("Cryptoki already initialized"); + case CKR_MUTEX_BAD: + return _("Mutex bad"); + case CKR_MUTEX_NOT_LOCKED: + return _("Mutex not locked"); + case CKR_FUNCTION_REJECTED: + return _("Function rejected"); default: - break; + break; } - return _("Unknown error"); + return _("Unknown error"); } diff --git a/lib/pakchois/pakchois.c b/lib/pakchois/pakchois.c index 6785416efa..0665cb3425 100644 --- a/lib/pakchois/pakchois.c +++ b/lib/pakchois/pakchois.c @@ -50,25 +50,27 @@ #include "dlopen.h" #ifdef HAVE_WORDEXP -# include <wordexp.h> +#include <wordexp.h> #endif #include "pakchois.h" -struct provider { - dev_t dev; - ino_t ino; - char *name; - void *handle; - void *mutex; - const struct ck_function_list *fns; - unsigned int refcount; - struct provider *next, **prevref; - void *reserved; +struct provider +{ + dev_t dev; + ino_t ino; + char *name; + void *handle; + void *mutex; + const struct ck_function_list *fns; + unsigned int refcount; + struct provider *next, **prevref; + void *reserved; }; -struct pakchois_module_s { - struct slot *slots; - struct provider *provider; +struct pakchois_module_s +{ + struct slot *slots; + struct provider *provider; }; static void *provider_mutex = NULL; @@ -77,77 +79,88 @@ static void *provider_mutex = NULL; * individual module must performed whilst holding this mutex. */ static struct provider *provider_list; -struct pakchois_session_s { - pakchois_module_t *module; - ck_session_handle_t id; - pakchois_notify_t notify; - void *notify_data; - /* Doubly-linked list. Either prevref = &previous->next or else - * prevref = &slot->sessions for the list head. */ - pakchois_session_t **prevref; - pakchois_session_t *next; +struct pakchois_session_s +{ + pakchois_module_t *module; + ck_session_handle_t id; + pakchois_notify_t notify; + void *notify_data; + /* Doubly-linked list. Either prevref = &previous->next or else + * prevref = &slot->sessions for the list head. */ + pakchois_session_t **prevref; + pakchois_session_t *next; }; -struct slot { - ck_slot_id_t id; - pakchois_session_t *sessions; - struct slot *next; +struct slot +{ + ck_slot_id_t id; + pakchois_session_t *sessions; + struct slot *next; }; #define DIR_DELIMITER '/' -static char *pkcs11ize(const char *name) -{ - int len; - char *oname; - char *base; - char *suffix; - - oname = strdup(name); - if (oname == NULL) { - return NULL; - } - - /* basename has too many ifs to use */ - base = strrchr(oname, DIR_DELIMITER); - if (base == NULL) { - base = oname; - } else { - base++; - } - - suffix = strchr(base, '.'); - if (suffix != NULL) { - if (strncmp(suffix, ".so", 3) == 0) { - suffix[0] = 0; /* null terminate before . */ - } +static char * +pkcs11ize (const char *name) +{ + int len; + char *oname; + char *base; + char *suffix; + + oname = strdup (name); + if (oname == NULL) + { + return NULL; + } + + /* basename has too many ifs to use */ + base = strrchr (oname, DIR_DELIMITER); + if (base == NULL) + { + base = oname; + } + else + { + base++; + } + + suffix = strchr (base, '.'); + if (suffix != NULL) + { + if (strncmp (suffix, ".so", 3) == 0) + { + suffix[0] = 0; /* null terminate before . */ } - - /* check and remove for -p11 or -pkcs11 */ - suffix = base; - while ((suffix = strchr(suffix, '-')) != NULL) { - if (strncasecmp(suffix, "-p11", 4) == 0 || - strncasecmp(suffix, "-pkcs11", 7) == 0) { - suffix[0] = 0; - break; - } - suffix++; + } + + /* check and remove for -p11 or -pkcs11 */ + suffix = base; + while ((suffix = strchr (suffix, '-')) != NULL) + { + if (strncasecmp (suffix, "-p11", 4) == 0 || + strncasecmp (suffix, "-pkcs11", 7) == 0) + { + suffix[0] = 0; + break; } + suffix++; + } - len = strlen(base); + len = strlen (base); - memmove(oname, base, len); - oname[len] = 0; + memmove (oname, base, len); + oname[len] = 0; - return oname; + return oname; } static const char *suffix_prefixes[][2] = { - {"lib", "pk11.so"}, - {"", "-pkcs11.so"}, - {"", ".so"}, - {"lib", ".so"}, - {NULL, NULL} + {"lib", "pk11.so"}, + {"", "-pkcs11.so"}, + {"", ".so"}, + {"lib", ".so"}, + {NULL, NULL} }; #define CALL(name, args) (mod->provider->fns->C_ ## name) args @@ -160,979 +173,1063 @@ static const char *suffix_prefixes[][2] = { #define CALLS7(n, a, b, c, d, e, f, g) CALLS(n, (sess->id, a, b, c, d, e, f, g)) #ifndef PAKCHOIS_MODPATH -# define PAKCHOIS_MODPATH "/lib:/usr/lib" +#define PAKCHOIS_MODPATH "/lib:/usr/lib" #endif /* Returns an allocated name of the real module as well * as it's inode and device numbers. */ -static char *find_pkcs11_module_name(const char *hint, dev_t * dev, - ino_t * ino) -{ - char module_path[] = PAKCHOIS_MODPATH; - char *next = module_path; - struct stat st; - - while (next) { - char *dir = next, *sep = strchr(next, ':'); - unsigned i; - - if (sep) { - *sep++ = '\0'; - next = sep; - } else { - next = NULL; - } +static char * +find_pkcs11_module_name (const char *hint, dev_t * dev, ino_t * ino) +{ + char module_path[] = PAKCHOIS_MODPATH; + char *next = module_path; + struct stat st; + + while (next) + { + char *dir = next, *sep = strchr (next, ':'); + unsigned i; + + if (sep) + { + *sep++ = '\0'; + next = sep; + } + else + { + next = NULL; + } - for (i = 0; suffix_prefixes[i][0]; i++) { - char path[PATH_MAX]; + for (i = 0; suffix_prefixes[i][0]; i++) + { + char path[PATH_MAX]; - snprintf(path, sizeof path, "%s/%s%s%s", dir, - suffix_prefixes[i][0], hint, - suffix_prefixes[i][1]); + snprintf (path, sizeof path, "%s/%s%s%s", dir, + suffix_prefixes[i][0], hint, suffix_prefixes[i][1]); - if (stat(path, &st) < 0) - continue; + if (stat (path, &st) < 0) + continue; - *dev = st.st_dev; - *ino = st.st_ino; + *dev = st.st_dev; + *ino = st.st_ino; - return strdup(path); - } + return strdup (path); } + } - return NULL; + return NULL; } /* Expands the given filename and returns an allocated * string, if the expanded file exists. In that case * dev and ino are filled in as well. */ -static char *find_real_module_name(const char *name, dev_t * dev, - ino_t * ino) +static char * +find_real_module_name (const char *name, dev_t * dev, ino_t * ino) { - char *exname = NULL; - struct stat st; + char *exname = NULL; + struct stat st; #ifdef HAVE_WORDEXP - int len; - wordexp_t we; - - len = wordexp(name, &we, 0); - if (len == 0) { /* success */ - if (we.we_wordc > 0) { /* we care about the 1st */ - exname = strdup(we.we_wordv[0]); - } - wordfree(&we); + int len; + wordexp_t we; + + len = wordexp (name, &we, 0); + if (len == 0) + { /* success */ + if (we.we_wordc > 0) + { /* we care about the 1st */ + exname = strdup (we.we_wordv[0]); } + wordfree (&we); + } #endif - if (exname == NULL) - exname = strdup(name); - - /* find file information */ - if (exname != NULL) { - if (stat(exname, &st) >= 0) { - *dev = st.st_dev; - *ino = st.st_ino; - } else { - free(exname); - return NULL; - } + if (exname == NULL) + exname = strdup (name); + + /* find file information */ + if (exname != NULL) + { + if (stat (exname, &st) >= 0) + { + *dev = st.st_dev; + *ino = st.st_ino; + } + else + { + free (exname); + return NULL; } + } - return exname; + return exname; } -static struct provider *find_provider(dev_t dev, ino_t ino) +static struct provider * +find_provider (dev_t dev, ino_t ino) { - struct provider *p; + struct provider *p; - for (p = provider_list; p; p = p->next) { - if (dev == p->dev && ino == p->ino) { - return p; - } + for (p = provider_list; p; p = p->next) + { + if (dev == p->dev && ino == p->ino) + { + return p; } + } - return NULL; + return NULL; } /* The provider list must be locked when calling it */ -static ck_rv_t load_pkcs11_module(struct provider **provider, - const char *name, dev_t dev, ino_t ino, - void *reserved) -{ - struct provider *prov; - CK_C_GetFunctionList gfl; - struct ck_c_initialize_args args; - struct ck_function_list *fns; - void *h; - ck_rv_t rv; - - /* try the plain name first */ - h = dlopen(name, RTLD_LOCAL | RTLD_NOW); - if (h == NULL) { - return CKR_GENERAL_ERROR; - } - - gfl = dlsym(h, "C_GetFunctionList"); - if (!gfl) { - rv = CKR_GENERAL_ERROR; - goto fail_dso; - } - - prov = malloc(sizeof *prov); - if (prov == NULL) { - rv = CKR_HOST_MEMORY; - goto fail_dso; - } - - if (gnutls_mutex_init(&prov->mutex)) { - rv = CKR_CANT_LOCK; - goto fail_ctx; - } - - rv = gfl(&fns); - if (rv != CKR_OK) { - goto fail_ctx; - } - - prov->dev = dev; - prov->ino = ino; - prov->name = pkcs11ize(name); - prov->handle = h; - prov->fns = fns; - prov->refcount = 1; - prov->reserved = reserved; - - /* Require OS locking, the only sane option. */ - memset(&args, 0, sizeof args); - args.flags = CKF_OS_LOCKING_OK; - args.reserved = reserved; - - rv = fns->C_Initialize(&args); - if (rv != CKR_OK) { - goto fail_ctx; - } - - prov->next = provider_list; - prov->prevref = &provider_list; - if (prov->next) { - prov->next->prevref = &prov->next; - } - provider_list = prov; - - *provider = prov; - return CKR_OK; - - fail_ctx: - free(prov); - fail_dso: - dlclose(h); - - return rv; +static ck_rv_t +load_pkcs11_module (struct provider **provider, + const char *name, dev_t dev, ino_t ino, void *reserved) +{ + struct provider *prov; + CK_C_GetFunctionList gfl; + struct ck_c_initialize_args args; + struct ck_function_list *fns; + void *h; + ck_rv_t rv; + + /* try the plain name first */ + h = dlopen (name, RTLD_LOCAL | RTLD_NOW); + if (h == NULL) + { + return CKR_GENERAL_ERROR; + } + + gfl = dlsym (h, "C_GetFunctionList"); + if (!gfl) + { + rv = CKR_GENERAL_ERROR; + goto fail_dso; + } + + prov = malloc (sizeof *prov); + if (prov == NULL) + { + rv = CKR_HOST_MEMORY; + goto fail_dso; + } + + if (gnutls_mutex_init (&prov->mutex)) + { + rv = CKR_CANT_LOCK; + goto fail_ctx; + } + + rv = gfl (&fns); + if (rv != CKR_OK) + { + goto fail_ctx; + } + + prov->dev = dev; + prov->ino = ino; + prov->name = pkcs11ize (name); + prov->handle = h; + prov->fns = fns; + prov->refcount = 1; + prov->reserved = reserved; + + /* Require OS locking, the only sane option. */ + memset (&args, 0, sizeof args); + args.flags = CKF_OS_LOCKING_OK; + args.reserved = reserved; + + rv = fns->C_Initialize (&args); + if (rv != CKR_OK) + { + goto fail_ctx; + } + + prov->next = provider_list; + prov->prevref = &provider_list; + if (prov->next) + { + prov->next->prevref = &prov->next; + } + provider_list = prov; + + *provider = prov; + return CKR_OK; + +fail_ctx: + free (prov); +fail_dso: + dlclose (h); + + return rv; } /* Will load a provider using the given name. If real_name is zero * name is used as a hint to find library otherwise it is used as * absolute name. */ -static ck_rv_t load_provider(struct provider **provider, const char *name, - void *reserved, int real_name) -{ - ck_rv_t rv; - char *cname = NULL; - dev_t dev; - ino_t ino; +static ck_rv_t +load_provider (struct provider **provider, const char *name, + void *reserved, int real_name) +{ + ck_rv_t rv; + char *cname = NULL; + dev_t dev; + ino_t ino; + + if (gnutls_mutex_lock (&provider_mutex) != 0) + { + return CKR_CANT_LOCK; + } + + if (real_name) + { + cname = find_real_module_name (name, &dev, &ino); + } + else + { + cname = find_pkcs11_module_name (name, &dev, &ino); + } - if (gnutls_mutex_lock(&provider_mutex) != 0) { - return CKR_CANT_LOCK; - } - - if (real_name) { - cname = find_real_module_name(name, &dev, &ino); - } else { - cname = find_pkcs11_module_name(name, &dev, &ino); - } + if (cname == NULL) + { + rv = CKR_ARGUMENTS_BAD; + goto fail_locked; + } - if (cname == NULL) { - rv = CKR_ARGUMENTS_BAD; - goto fail_locked; - } + *provider = find_provider (dev, ino); + if (*provider) + { + (*provider)->refcount++; + free (cname); + gnutls_mutex_unlock (&provider_mutex); + return CKR_OK; + } - *provider = find_provider(dev, ino); - if (*provider) { - (*provider)->refcount++; - free(cname); - gnutls_mutex_unlock(&provider_mutex); - return CKR_OK; - } + rv = load_pkcs11_module (provider, cname, dev, ino, reserved); + if (rv != CKR_OK) + { + goto fail_ndup; + } - rv = load_pkcs11_module(provider, cname, dev, ino, reserved); - if (rv != CKR_OK) { - goto fail_ndup; - } + rv = CKR_OK; - rv = CKR_OK; - - fail_ndup: - free(cname); - fail_locked: - gnutls_mutex_unlock(&provider_mutex); - return rv; +fail_ndup: + free (cname); +fail_locked: + gnutls_mutex_unlock (&provider_mutex); + return rv; } -static void providers_reinit(void) +static void +providers_reinit (void) { - struct ck_c_initialize_args args; - ck_rv_t rv; - struct provider *p; + struct ck_c_initialize_args args; + ck_rv_t rv; + struct provider *p; - assert(gnutls_mutex_lock(&provider_mutex) == 0); + assert (gnutls_mutex_lock (&provider_mutex) == 0); - memset(&args, 0, sizeof args); - args.flags = CKF_OS_LOCKING_OK; + memset (&args, 0, sizeof args); + args.flags = CKF_OS_LOCKING_OK; - for (p = provider_list; p; p = p->next) { - args.reserved = p->reserved; - rv = p->fns->C_Initialize(&args); - assert(rv == CKR_OK); /* what can we do? */ - } + for (p = provider_list; p; p = p->next) + { + args.reserved = p->reserved; + rv = p->fns->C_Initialize (&args); + assert (rv == CKR_OK); /* what can we do? */ + } - gnutls_mutex_unlock(&provider_mutex); + gnutls_mutex_unlock (&provider_mutex); } -static ck_rv_t load_module(pakchois_module_t ** module, const char *name, - void *reserved, unsigned int real_name) +static ck_rv_t +load_module (pakchois_module_t ** module, const char *name, + void *reserved, unsigned int real_name) { - ck_rv_t rv; - pakchois_module_t *pm = malloc(sizeof *pm); - static int forkinit = 0; + ck_rv_t rv; + pakchois_module_t *pm = malloc (sizeof *pm); + static int forkinit = 0; - if (!pm) { - return CKR_HOST_MEMORY; - } + if (!pm) + { + return CKR_HOST_MEMORY; + } - if (provider_mutex == NULL) { - gnutls_mutex_init(&provider_mutex); - } + if (provider_mutex == NULL) + { + gnutls_mutex_init (&provider_mutex); + } - assert(gnutls_mutex_lock(&provider_mutex) == 0); + assert (gnutls_mutex_lock (&provider_mutex) == 0); - if (forkinit == 0) { - _gnutls_atfork(NULL, NULL, providers_reinit); - forkinit++; - } + if (forkinit == 0) + { + _gnutls_atfork (NULL, NULL, providers_reinit); + forkinit++; + } - gnutls_mutex_unlock(&provider_mutex); + gnutls_mutex_unlock (&provider_mutex); - rv = load_provider(&pm->provider, name, reserved, real_name); - if (rv) { - return rv; - } + rv = load_provider (&pm->provider, name, reserved, real_name); + if (rv) + { + return rv; + } - *module = pm; - pm->slots = NULL; + *module = pm; + pm->slots = NULL; - return CKR_OK; + return CKR_OK; } -ck_rv_t pakchois_module_load(pakchois_module_t ** module, const char *name) +ck_rv_t +pakchois_module_load (pakchois_module_t ** module, const char *name) { - return load_module(module, name, NULL, 0); + return load_module (module, name, NULL, 0); } -ck_rv_t pakchois_module_load_abs(pakchois_module_t ** module, - const char *name) +ck_rv_t +pakchois_module_load_abs (pakchois_module_t ** module, const char *name) { - return load_module(module, name, NULL, 1); + return load_module (module, name, NULL, 1); } -ck_rv_t pakchois_module_nssload(pakchois_module_t ** module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, - const char *secmod_db) +ck_rv_t +pakchois_module_nssload (pakchois_module_t ** module, + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, const char *secmod_db) { - char buf[256]; + char buf[256]; - snprintf(buf, sizeof buf, - "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", - directory, cert_prefix ? cert_prefix : "", - key_prefix ? key_prefix : "", - secmod_db ? secmod_db : "secmod.db"); + snprintf (buf, sizeof buf, + "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", + directory, cert_prefix ? cert_prefix : "", + key_prefix ? key_prefix : "", + secmod_db ? secmod_db : "secmod.db"); - return load_module(module, name, buf, 0); + return load_module (module, name, buf, 0); } -ck_rv_t pakchois_module_nssload_abs(pakchois_module_t ** module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, - const char *secmod_db) +ck_rv_t +pakchois_module_nssload_abs (pakchois_module_t ** module, + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, const char *secmod_db) { - char buf[256]; + char buf[256]; - snprintf(buf, sizeof buf, - "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", - directory, cert_prefix ? cert_prefix : "", - key_prefix ? key_prefix : "", - secmod_db ? secmod_db : "secmod.db"); + snprintf (buf, sizeof buf, + "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", + directory, cert_prefix ? cert_prefix : "", + key_prefix ? key_prefix : "", + secmod_db ? secmod_db : "secmod.db"); - return load_module(module, name, buf, 1); + return load_module (module, name, buf, 1); } /* Unreference a provider structure and destoy if, if necessary. Must * be called WIHTOUT the provider mutex held. */ -static void provider_unref(struct provider *prov) -{ - assert(gnutls_mutex_lock(&provider_mutex) == 0); - - if (--prov->refcount == 0) { - prov->fns->C_Finalize(NULL); - dlclose(prov->handle); - *prov->prevref = prov->next; - if (prov->next) { - prov->next->prevref = prov->prevref; - } - free(prov->name); - free(prov); +static void +provider_unref (struct provider *prov) +{ + assert (gnutls_mutex_lock (&provider_mutex) == 0); + + if (--prov->refcount == 0) + { + prov->fns->C_Finalize (NULL); + dlclose (prov->handle); + *prov->prevref = prov->next; + if (prov->next) + { + prov->next->prevref = prov->prevref; } - gnutls_mutex_unlock(&provider_mutex); + free (prov->name); + free (prov); + } + gnutls_mutex_unlock (&provider_mutex); } -void pakchois_module_destroy(pakchois_module_t * mod) +void +pakchois_module_destroy (pakchois_module_t * mod) { - provider_unref(mod->provider); + provider_unref (mod->provider); - while (mod->slots) { - struct slot *slot = mod->slots; - pakchois_close_all_sessions(mod, slot->id); - mod->slots = slot->next; - free(slot); - } + while (mod->slots) + { + struct slot *slot = mod->slots; + pakchois_close_all_sessions (mod, slot->id); + mod->slots = slot->next; + free (slot); + } - free(mod); + free (mod); } #ifdef __GNUC__ -static void pakchois_destructor(void) - __attribute__ ((destructor)); +static void pakchois_destructor (void) __attribute__ ((destructor)); -static void pakchois_destructor(void) +static void +pakchois_destructor (void) { - if (provider_mutex != NULL) - gnutls_mutex_deinit(&provider_mutex); + if (provider_mutex != NULL) + gnutls_mutex_deinit (&provider_mutex); } #else #warning need destructor support #endif -ck_rv_t pakchois_get_info(pakchois_module_t * mod, struct ck_info *info) +ck_rv_t +pakchois_get_info (pakchois_module_t * mod, struct ck_info *info) { - return CALL(GetInfo, (info)); + return CALL (GetInfo, (info)); } -ck_rv_t pakchois_get_slot_list(pakchois_module_t * mod, - unsigned char token_present, - ck_slot_id_t * slot_list, - unsigned long *count) +ck_rv_t +pakchois_get_slot_list (pakchois_module_t * mod, + unsigned char token_present, + ck_slot_id_t * slot_list, unsigned long *count) { - return CALL(GetSlotList, (token_present, slot_list, count)); + return CALL (GetSlotList, (token_present, slot_list, count)); } -ck_rv_t pakchois_get_slot_info(pakchois_module_t * mod, - ck_slot_id_t slot_id, - struct ck_slot_info * info) +ck_rv_t +pakchois_get_slot_info (pakchois_module_t * mod, + ck_slot_id_t slot_id, struct ck_slot_info * info) { - return CALL(GetSlotInfo, (slot_id, info)); + return CALL (GetSlotInfo, (slot_id, info)); } -ck_rv_t pakchois_get_token_info(pakchois_module_t * mod, - ck_slot_id_t slot_id, - struct ck_token_info * info) +ck_rv_t +pakchois_get_token_info (pakchois_module_t * mod, + ck_slot_id_t slot_id, struct ck_token_info * info) { - return CALL(GetTokenInfo, (slot_id, info)); + return CALL (GetTokenInfo, (slot_id, info)); } -ck_rv_t pakchois_wait_for_slot_event(pakchois_module_t * mod, - ck_flags_t flags, ck_slot_id_t * slot, - void *reserved) +ck_rv_t +pakchois_wait_for_slot_event (pakchois_module_t * mod, + ck_flags_t flags, ck_slot_id_t * slot, + void *reserved) { - ck_rv_t rv; + ck_rv_t rv; - if (gnutls_mutex_lock(&mod->provider->mutex)) { - return CKR_CANT_LOCK; - } + if (gnutls_mutex_lock (&mod->provider->mutex)) + { + return CKR_CANT_LOCK; + } - rv = CALL(WaitForSlotEvent, (flags, slot, reserved)); - gnutls_mutex_unlock(&mod->provider->mutex); - return rv; + rv = CALL (WaitForSlotEvent, (flags, slot, reserved)); + gnutls_mutex_unlock (&mod->provider->mutex); + return rv; } -ck_rv_t pakchois_get_mechanism_list(pakchois_module_t * mod, - ck_slot_id_t slot_id, - ck_mechanism_type_t * mechanism_list, - unsigned long *count) +ck_rv_t +pakchois_get_mechanism_list (pakchois_module_t * mod, + ck_slot_id_t slot_id, + ck_mechanism_type_t * mechanism_list, + unsigned long *count) { - return CALL(GetMechanismList, (slot_id, mechanism_list, count)); + return CALL (GetMechanismList, (slot_id, mechanism_list, count)); } -ck_rv_t pakchois_get_mechanism_info(pakchois_module_t * mod, - ck_slot_id_t slot_id, - ck_mechanism_type_t type, - struct ck_mechanism_info * info) +ck_rv_t +pakchois_get_mechanism_info (pakchois_module_t * mod, + ck_slot_id_t slot_id, + ck_mechanism_type_t type, + struct ck_mechanism_info * info) { - return CALL(GetMechanismInfo, (slot_id, type, info)); + return CALL (GetMechanismInfo, (slot_id, type, info)); } -ck_rv_t pakchois_init_token(pakchois_module_t * mod, - ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label) +ck_rv_t +pakchois_init_token (pakchois_module_t * mod, + ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label) { - return CALL(InitToken, (slot_id, pin, pin_len, label)); + return CALL (InitToken, (slot_id, pin, pin_len, label)); } -ck_rv_t pakchois_init_pin(pakchois_session_t * sess, unsigned char *pin, - unsigned long pin_len) +ck_rv_t +pakchois_init_pin (pakchois_session_t * sess, unsigned char *pin, + unsigned long pin_len) { - return CALLS2(InitPIN, pin, pin_len); + return CALLS2 (InitPIN, pin, pin_len); } -ck_rv_t pakchois_set_pin(pakchois_session_t * sess, unsigned char *old_pin, - unsigned long old_len, unsigned char *new_pin, - unsigned long new_len) +ck_rv_t +pakchois_set_pin (pakchois_session_t * sess, unsigned char *old_pin, + unsigned long old_len, unsigned char *new_pin, + unsigned long new_len) { - return CALLS4(SetPIN, old_pin, old_len, new_pin, new_len); + return CALLS4 (SetPIN, old_pin, old_len, new_pin, new_len); } -static ck_rv_t notify_thunk(ck_session_handle_t session, - ck_notification_t event, void *application) +static ck_rv_t +notify_thunk (ck_session_handle_t session, + ck_notification_t event, void *application) { - pakchois_session_t *sess = application; + pakchois_session_t *sess = application; - return sess->notify(sess, event, sess->notify_data); + return sess->notify (sess, event, sess->notify_data); } -static struct slot *find_slot(pakchois_module_t * mod, ck_slot_id_t id) +static struct slot * +find_slot (pakchois_module_t * mod, ck_slot_id_t id) { - struct slot *slot; + struct slot *slot; - for (slot = mod->slots; slot; slot = slot->next) - if (slot->id == id) - return slot; + for (slot = mod->slots; slot; slot = slot->next) + if (slot->id == id) + return slot; - return NULL; + return NULL; } -static struct slot *find_or_create_slot(pakchois_module_t * mod, - ck_slot_id_t id) +static struct slot * +find_or_create_slot (pakchois_module_t * mod, ck_slot_id_t id) { - struct slot *slot = find_slot(mod, id); + struct slot *slot = find_slot (mod, id); - if (slot) { - return slot; - } + if (slot) + { + return slot; + } - slot = malloc(sizeof *slot); - if (!slot) { - return NULL; - } + slot = malloc (sizeof *slot); + if (!slot) + { + return NULL; + } - slot->id = id; - slot->sessions = NULL; - slot->next = mod->slots; - mod->slots = slot; + slot->id = id; + slot->sessions = NULL; + slot->next = mod->slots; + mod->slots = slot; - return slot; + return slot; } -static ck_rv_t insert_session(pakchois_module_t * mod, - pakchois_session_t * session, - ck_slot_id_t id) +static ck_rv_t +insert_session (pakchois_module_t * mod, + pakchois_session_t * session, ck_slot_id_t id) { - struct slot *slot = find_or_create_slot(mod, id); + struct slot *slot = find_or_create_slot (mod, id); - if (!slot) { - return CKR_HOST_MEMORY; - } + if (!slot) + { + return CKR_HOST_MEMORY; + } - session->prevref = &slot->sessions; - session->next = slot->sessions; - if (session->next) { - session->next->prevref = session->prevref; - } - slot->sessions = session; + session->prevref = &slot->sessions; + session->next = slot->sessions; + if (session->next) + { + session->next->prevref = session->prevref; + } + slot->sessions = session; - return CKR_OK; + return CKR_OK; } -ck_rv_t pakchois_open_session(pakchois_module_t * mod, - ck_slot_id_t slot_id, ck_flags_t flags, - void *application, pakchois_notify_t notify, - pakchois_session_t ** session) +ck_rv_t +pakchois_open_session (pakchois_module_t * mod, + ck_slot_id_t slot_id, ck_flags_t flags, + void *application, pakchois_notify_t notify, + pakchois_session_t ** session) { - ck_session_handle_t sh; - pakchois_session_t *sess; - ck_rv_t rv; + ck_session_handle_t sh; + pakchois_session_t *sess; + ck_rv_t rv; - sess = calloc(1, sizeof *sess); - if (sess == NULL) { - return CKR_HOST_MEMORY; - } + sess = calloc (1, sizeof *sess); + if (sess == NULL) + { + return CKR_HOST_MEMORY; + } - rv = CALL(OpenSession, (slot_id, flags, sess, notify_thunk, &sh)); - if (rv != CKR_OK) { - free(sess); - return rv; - } + rv = CALL (OpenSession, (slot_id, flags, sess, notify_thunk, &sh)); + if (rv != CKR_OK) + { + free (sess); + return rv; + } - *session = sess; - sess->module = mod; - sess->id = sh; + *session = sess; + sess->module = mod; + sess->id = sh; - return insert_session(mod, sess, slot_id); + return insert_session (mod, sess, slot_id); } -ck_rv_t pakchois_close_session(pakchois_session_t * sess) +ck_rv_t +pakchois_close_session (pakchois_session_t * sess) { - /* PKCS#11 says that all bets are off on failure, so destroy the - * session object and just return the error code. */ - ck_rv_t rv = CALLS(CloseSession, (sess->id)); - *sess->prevref = sess->next; - if (sess->next) { - sess->next->prevref = sess->prevref; - } - free(sess); - return rv; + /* PKCS#11 says that all bets are off on failure, so destroy the + * session object and just return the error code. */ + ck_rv_t rv = CALLS (CloseSession, (sess->id)); + *sess->prevref = sess->next; + if (sess->next) + { + sess->next->prevref = sess->prevref; + } + free (sess); + return rv; } -ck_rv_t pakchois_close_all_sessions(pakchois_module_t * mod, - ck_slot_id_t slot_id) +ck_rv_t +pakchois_close_all_sessions (pakchois_module_t * mod, ck_slot_id_t slot_id) { - struct slot *slot; - ck_rv_t rv, frv = CKR_OK; + struct slot *slot; + ck_rv_t rv, frv = CKR_OK; - slot = find_slot(mod, slot_id); + slot = find_slot (mod, slot_id); - if (!slot) { - return CKR_SLOT_ID_INVALID; - } + if (!slot) + { + return CKR_SLOT_ID_INVALID; + } - while (slot->sessions) { - rv = pakchois_close_session(slot->sessions); - if (rv != CKR_OK) { - frv = rv; - } + while (slot->sessions) + { + rv = pakchois_close_session (slot->sessions); + if (rv != CKR_OK) + { + frv = rv; } + } - return frv; + return frv; } -ck_rv_t pakchois_get_session_info(pakchois_session_t * sess, - struct ck_session_info * info) +ck_rv_t +pakchois_get_session_info (pakchois_session_t * sess, + struct ck_session_info * info) { - return CALLS1(GetSessionInfo, info); + return CALLS1 (GetSessionInfo, info); } -ck_rv_t pakchois_get_operation_state(pakchois_session_t * sess, - unsigned char *operation_state, - unsigned long *operation_state_len) +ck_rv_t +pakchois_get_operation_state (pakchois_session_t * sess, + unsigned char *operation_state, + unsigned long *operation_state_len) { - return CALLS2(GetOperationState, operation_state, - operation_state_len); + return CALLS2 (GetOperationState, operation_state, operation_state_len); } -ck_rv_t pakchois_set_operation_state(pakchois_session_t * sess, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key) +ck_rv_t +pakchois_set_operation_state (pakchois_session_t * sess, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key) { - return CALLS4(SetOperationState, operation_state, - operation_state_len, encryption_key, - authentiation_key); + return CALLS4 (SetOperationState, operation_state, + operation_state_len, encryption_key, authentiation_key); } -ck_rv_t pakchois_login(pakchois_session_t * sess, ck_user_type_t user_type, - unsigned char *pin, unsigned long pin_len) +ck_rv_t +pakchois_login (pakchois_session_t * sess, ck_user_type_t user_type, + unsigned char *pin, unsigned long pin_len) { - return CALLS3(Login, user_type, pin, pin_len); + return CALLS3 (Login, user_type, pin, pin_len); } -ck_rv_t pakchois_logout(pakchois_session_t * sess) +ck_rv_t +pakchois_logout (pakchois_session_t * sess) { - return CALLS(Logout, (sess->id)); + return CALLS (Logout, (sess->id)); } -ck_rv_t pakchois_create_object(pakchois_session_t * sess, - struct ck_attribute * templ, - unsigned long count, - ck_object_handle_t * object) +ck_rv_t +pakchois_create_object (pakchois_session_t * sess, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * object) { - return CALLS3(CreateObject, templ, count, object); + return CALLS3 (CreateObject, templ, count, object); } -ck_rv_t pakchois_copy_object(pakchois_session_t * sess, - ck_object_handle_t object, - struct ck_attribute * templ, - unsigned long count, - ck_object_handle_t * new_object) +ck_rv_t +pakchois_copy_object (pakchois_session_t * sess, + ck_object_handle_t object, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * new_object) { - return CALLS4(CopyObject, object, templ, count, new_object); + return CALLS4 (CopyObject, object, templ, count, new_object); } -ck_rv_t pakchois_destroy_object(pakchois_session_t * sess, - ck_object_handle_t object) +ck_rv_t +pakchois_destroy_object (pakchois_session_t * sess, ck_object_handle_t object) { - return CALLS1(DestroyObject, object); + return CALLS1 (DestroyObject, object); } -ck_rv_t pakchois_get_object_size(pakchois_session_t * sess, - ck_object_handle_t object, - unsigned long *size) +ck_rv_t +pakchois_get_object_size (pakchois_session_t * sess, + ck_object_handle_t object, unsigned long *size) { - return CALLS2(GetObjectSize, object, size); + return CALLS2 (GetObjectSize, object, size); } -ck_rv_t pakchois_get_attribute_value(pakchois_session_t * sess, - ck_object_handle_t object, - struct ck_attribute * templ, - unsigned long count) +ck_rv_t +pakchois_get_attribute_value (pakchois_session_t * sess, + ck_object_handle_t object, + struct ck_attribute * templ, + unsigned long count) { - return CALLS3(GetAttributeValue, object, templ, count); + return CALLS3 (GetAttributeValue, object, templ, count); } -ck_rv_t pakchois_set_attribute_value(pakchois_session_t * sess, - ck_object_handle_t object, - struct ck_attribute * templ, - unsigned long count) +ck_rv_t +pakchois_set_attribute_value (pakchois_session_t * sess, + ck_object_handle_t object, + struct ck_attribute * templ, + unsigned long count) { - return CALLS3(SetAttributeValue, object, templ, count); + return CALLS3 (SetAttributeValue, object, templ, count); } -ck_rv_t pakchois_find_objects_init(pakchois_session_t * sess, - struct ck_attribute * templ, - unsigned long count) +ck_rv_t +pakchois_find_objects_init (pakchois_session_t * sess, + struct ck_attribute * templ, unsigned long count) { - return CALLS2(FindObjectsInit, templ, count); + return CALLS2 (FindObjectsInit, templ, count); } -ck_rv_t pakchois_find_objects(pakchois_session_t * sess, - ck_object_handle_t * object, - unsigned long max_object_count, - unsigned long *object_count) +ck_rv_t +pakchois_find_objects (pakchois_session_t * sess, + ck_object_handle_t * object, + unsigned long max_object_count, + unsigned long *object_count) { - return CALLS3(FindObjects, object, max_object_count, object_count); + return CALLS3 (FindObjects, object, max_object_count, object_count); } -ck_rv_t pakchois_find_objects_final(pakchois_session_t * sess) +ck_rv_t +pakchois_find_objects_final (pakchois_session_t * sess) { - return CALLS(FindObjectsFinal, (sess->id)); + return CALLS (FindObjectsFinal, (sess->id)); } -ck_rv_t pakchois_encrypt_init(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) +ck_rv_t +pakchois_encrypt_init (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + ck_object_handle_t key) { - return CALLS2(EncryptInit, mechanism, key); + return CALLS2 (EncryptInit, mechanism, key); } -ck_rv_t pakchois_encrypt(pakchois_session_t * sess, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len) +ck_rv_t +pakchois_encrypt (pakchois_session_t * sess, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len) { - return CALLS4(Encrypt, data, data_len, - encrypted_data, encrypted_data_len); + return CALLS4 (Encrypt, data, data_len, encrypted_data, encrypted_data_len); } -ck_rv_t pakchois_encrypt_update(pakchois_session_t * sess, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len) +ck_rv_t +pakchois_encrypt_update (pakchois_session_t * sess, + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len) { - return CALLS4(EncryptUpdate, part, part_len, - encrypted_part, encrypted_part_len); + return CALLS4 (EncryptUpdate, part, part_len, + encrypted_part, encrypted_part_len); } -ck_rv_t pakchois_encrypt_final(pakchois_session_t * sess, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len) +ck_rv_t +pakchois_encrypt_final (pakchois_session_t * sess, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len) { - return CALLS2(EncryptFinal, last_encrypted_part, - last_encrypted_part_len); + return CALLS2 (EncryptFinal, last_encrypted_part, last_encrypted_part_len); } -ck_rv_t pakchois_decrypt_init(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) +ck_rv_t +pakchois_decrypt_init (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + ck_object_handle_t key) { - return CALLS2(DecryptInit, mechanism, key); + return CALLS2 (DecryptInit, mechanism, key); } -ck_rv_t pakchois_decrypt(pakchois_session_t * sess, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len) +ck_rv_t +pakchois_decrypt (pakchois_session_t * sess, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len) { - return CALLS4(Decrypt, encrypted_data, encrypted_data_len, data, - data_len); + return CALLS4 (Decrypt, encrypted_data, encrypted_data_len, data, data_len); } -ck_rv_t pakchois_decrypt_update(pakchois_session_t * sess, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len) +ck_rv_t +pakchois_decrypt_update (pakchois_session_t * sess, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len) { - return CALLS4(DecryptUpdate, encrypted_part, encrypted_part_len, - part, part_len); + return CALLS4 (DecryptUpdate, encrypted_part, encrypted_part_len, + part, part_len); } -ck_rv_t pakchois_decrypt_final(pakchois_session_t * sess, - unsigned char *last_part, - unsigned long *last_part_len) +ck_rv_t +pakchois_decrypt_final (pakchois_session_t * sess, + unsigned char *last_part, + unsigned long *last_part_len) { - return CALLS2(DecryptFinal, last_part, last_part_len); + return CALLS2 (DecryptFinal, last_part, last_part_len); } -ck_rv_t pakchois_digest_init(pakchois_session_t * sess, - struct ck_mechanism * mechanism) +ck_rv_t +pakchois_digest_init (pakchois_session_t * sess, + struct ck_mechanism * mechanism) { - return CALLS1(DigestInit, mechanism); + return CALLS1 (DigestInit, mechanism); } -ck_rv_t pakchois_digest(pakchois_session_t * sess, unsigned char *data, - unsigned long data_len, unsigned char *digest, - unsigned long *digest_len) +ck_rv_t +pakchois_digest (pakchois_session_t * sess, unsigned char *data, + unsigned long data_len, unsigned char *digest, + unsigned long *digest_len) { - return CALLS4(Digest, data, data_len, digest, digest_len); + return CALLS4 (Digest, data, data_len, digest, digest_len); } -ck_rv_t pakchois_digest_update(pakchois_session_t * sess, - unsigned char *part, unsigned long part_len) +ck_rv_t +pakchois_digest_update (pakchois_session_t * sess, + unsigned char *part, unsigned long part_len) { - return CALLS2(DigestUpdate, part, part_len); + return CALLS2 (DigestUpdate, part, part_len); } -ck_rv_t pakchois_digest_key(pakchois_session_t * sess, - ck_object_handle_t key) +ck_rv_t +pakchois_digest_key (pakchois_session_t * sess, ck_object_handle_t key) { - return CALLS1(DigestKey, key); + return CALLS1 (DigestKey, key); } -ck_rv_t pakchois_digest_final(pakchois_session_t * sess, - unsigned char *digest, - unsigned long *digest_len) +ck_rv_t +pakchois_digest_final (pakchois_session_t * sess, + unsigned char *digest, unsigned long *digest_len) { - return CALLS2(DigestFinal, digest, digest_len); + return CALLS2 (DigestFinal, digest, digest_len); } -ck_rv_t pakchois_sign_init(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) +ck_rv_t +pakchois_sign_init (pakchois_session_t * sess, + struct ck_mechanism * mechanism, ck_object_handle_t key) { - return CALLS2(SignInit, mechanism, key); + return CALLS2 (SignInit, mechanism, key); } -ck_rv_t pakchois_sign(pakchois_session_t * sess, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long *signature_len) +ck_rv_t +pakchois_sign (pakchois_session_t * sess, unsigned char *data, + unsigned long data_len, unsigned char *signature, + unsigned long *signature_len) { - return CALLS4(Sign, data, data_len, signature, signature_len); + return CALLS4 (Sign, data, data_len, signature, signature_len); } -ck_rv_t pakchois_sign_update(pakchois_session_t * sess, - unsigned char *part, unsigned long part_len) +ck_rv_t +pakchois_sign_update (pakchois_session_t * sess, + unsigned char *part, unsigned long part_len) { - return CALLS2(SignUpdate, part, part_len); + return CALLS2 (SignUpdate, part, part_len); } -ck_rv_t pakchois_sign_final(pakchois_session_t * sess, - unsigned char *signature, - unsigned long *signature_len) +ck_rv_t +pakchois_sign_final (pakchois_session_t * sess, + unsigned char *signature, unsigned long *signature_len) { - return CALLS2(SignFinal, signature, signature_len); + return CALLS2 (SignFinal, signature, signature_len); } -ck_rv_t pakchois_sign_recover_init(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) +ck_rv_t +pakchois_sign_recover_init (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + ck_object_handle_t key) { - return CALLS2(SignRecoverInit, mechanism, key); + return CALLS2 (SignRecoverInit, mechanism, key); } -ck_rv_t pakchois_sign_recover(pakchois_session_t * sess, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len) +ck_rv_t +pakchois_sign_recover (pakchois_session_t * sess, + unsigned char *data, unsigned long data_len, + unsigned char *signature, unsigned long *signature_len) { - return CALLS4(SignRecover, data, data_len, signature, - signature_len); + return CALLS4 (SignRecover, data, data_len, signature, signature_len); } -ck_rv_t pakchois_verify_init(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) +ck_rv_t +pakchois_verify_init (pakchois_session_t * sess, + struct ck_mechanism * mechanism, ck_object_handle_t key) { - return CALLS2(VerifyInit, mechanism, key); + return CALLS2 (VerifyInit, mechanism, key); } -ck_rv_t pakchois_verify(pakchois_session_t * sess, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long signature_len) +ck_rv_t +pakchois_verify (pakchois_session_t * sess, unsigned char *data, + unsigned long data_len, unsigned char *signature, + unsigned long signature_len) { - return CALLS4(Verify, data, data_len, signature, signature_len); + return CALLS4 (Verify, data, data_len, signature, signature_len); } -ck_rv_t pakchois_verify_update(pakchois_session_t * sess, - unsigned char *part, unsigned long part_len) +ck_rv_t +pakchois_verify_update (pakchois_session_t * sess, + unsigned char *part, unsigned long part_len) { - return CALLS2(VerifyUpdate, part, part_len); + return CALLS2 (VerifyUpdate, part, part_len); } -ck_rv_t pakchois_verify_final(pakchois_session_t * sess, - unsigned char *signature, - unsigned long signature_len) +ck_rv_t +pakchois_verify_final (pakchois_session_t * sess, + unsigned char *signature, unsigned long signature_len) { - return CALLS2(VerifyFinal, signature, signature_len); + return CALLS2 (VerifyFinal, signature, signature_len); } -ck_rv_t pakchois_verify_recover_init(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) +ck_rv_t +pakchois_verify_recover_init (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + ck_object_handle_t key) { - return CALLS2(VerifyRecoverInit, mechanism, key); + return CALLS2 (VerifyRecoverInit, mechanism, key); } -ck_rv_t pakchois_verify_recover(pakchois_session_t * sess, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, - unsigned long *data_len) +ck_rv_t +pakchois_verify_recover (pakchois_session_t * sess, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, unsigned long *data_len) { - return CALLS4(VerifyRecover, signature, signature_len, data, - data_len); + return CALLS4 (VerifyRecover, signature, signature_len, data, data_len); } -ck_rv_t pakchois_digest_encrypt_update(pakchois_session_t * sess, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len) +ck_rv_t +pakchois_digest_encrypt_update (pakchois_session_t * sess, + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len) { - return CALLS4(DigestEncryptUpdate, part, part_len, - encrypted_part, encrypted_part_len); + return CALLS4 (DigestEncryptUpdate, part, part_len, + encrypted_part, encrypted_part_len); } -ck_rv_t pakchois_decrypt_digest_update(pakchois_session_t * sess, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len) +ck_rv_t +pakchois_decrypt_digest_update (pakchois_session_t * sess, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len) { - return CALLS4(DecryptDigestUpdate, encrypted_part, - encrypted_part_len, part, part_len); + return CALLS4 (DecryptDigestUpdate, encrypted_part, + encrypted_part_len, part, part_len); } -ck_rv_t pakchois_sign_encrypt_update(pakchois_session_t * sess, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len) +ck_rv_t +pakchois_sign_encrypt_update (pakchois_session_t * sess, + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len) { - return CALLS4(SignEncryptUpdate, part, part_len, - encrypted_part, encrypted_part_len); + return CALLS4 (SignEncryptUpdate, part, part_len, + encrypted_part, encrypted_part_len); } -ck_rv_t pakchois_decrypt_verify_update(pakchois_session_t * sess, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len) +ck_rv_t +pakchois_decrypt_verify_update (pakchois_session_t * sess, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len) { - return CALLS4(DecryptVerifyUpdate, encrypted_part, - encrypted_part_len, part, part_len); + return CALLS4 (DecryptVerifyUpdate, encrypted_part, + encrypted_part_len, part, part_len); } -ck_rv_t pakchois_generate_key(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - struct ck_attribute * templ, - unsigned long count, - ck_object_handle_t * key) +ck_rv_t +pakchois_generate_key (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * key) { - return CALLS4(GenerateKey, mechanism, templ, count, key); + return CALLS4 (GenerateKey, mechanism, templ, count, key); } -ck_rv_t pakchois_generate_key_pair(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - struct ck_attribute * - public_key_template, - unsigned long - public_key_attribute_count, - struct ck_attribute * - private_key_template, - unsigned long - private_key_attribute_count, - ck_object_handle_t * public_key, - ck_object_handle_t * private_key) +ck_rv_t +pakchois_generate_key_pair (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + struct ck_attribute * + public_key_template, + unsigned long + public_key_attribute_count, + struct ck_attribute * + private_key_template, + unsigned long + private_key_attribute_count, + ck_object_handle_t * public_key, + ck_object_handle_t * private_key) { - return CALLS7(GenerateKeyPair, mechanism, - public_key_template, public_key_attribute_count, - private_key_template, private_key_attribute_count, - public_key, private_key); + return CALLS7 (GenerateKeyPair, mechanism, + public_key_template, public_key_attribute_count, + private_key_template, private_key_attribute_count, + public_key, private_key); } -ck_rv_t pakchois_wrap_key(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, - unsigned char *wrapped_key, - unsigned long *wrapped_key_len) +ck_rv_t +pakchois_wrap_key (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, unsigned long *wrapped_key_len) { - return CALLS5(WrapKey, mechanism, wrapping_key, - key, wrapped_key, wrapped_key_len); + return CALLS5 (WrapKey, mechanism, wrapping_key, + key, wrapped_key, wrapped_key_len); } -ck_rv_t pakchois_unwrap_key(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute * templ, - unsigned long attribute_count, - ck_object_handle_t * key) +ck_rv_t +pakchois_unwrap_key (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute * templ, + unsigned long attribute_count, ck_object_handle_t * key) { - return CALLS7(UnwrapKey, mechanism, unwrapping_key, - wrapped_key, wrapped_key_len, templ, attribute_count, - key); + return CALLS7 (UnwrapKey, mechanism, unwrapping_key, + wrapped_key, wrapped_key_len, templ, attribute_count, key); } -ck_rv_t pakchois_derive_key(pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t base_key, - struct ck_attribute * templ, - unsigned long attribute_count, - ck_object_handle_t * key) +ck_rv_t +pakchois_derive_key (pakchois_session_t * sess, + struct ck_mechanism * mechanism, + ck_object_handle_t base_key, + struct ck_attribute * templ, + unsigned long attribute_count, ck_object_handle_t * key) { - return CALLS5(DeriveKey, mechanism, base_key, templ, - attribute_count, key); + return CALLS5 (DeriveKey, mechanism, base_key, templ, attribute_count, key); } -ck_rv_t pakchois_seed_random(pakchois_session_t * sess, - unsigned char *seed, unsigned long seed_len) +ck_rv_t +pakchois_seed_random (pakchois_session_t * sess, + unsigned char *seed, unsigned long seed_len) { - return CALLS2(SeedRandom, seed, seed_len); + return CALLS2 (SeedRandom, seed, seed_len); } -ck_rv_t pakchois_generate_random(pakchois_session_t * sess, - unsigned char *random_data, - unsigned long random_len) +ck_rv_t +pakchois_generate_random (pakchois_session_t * sess, + unsigned char *random_data, + unsigned long random_len) { - return CALLS2(GenerateRandom, random_data, random_len); + return CALLS2 (GenerateRandom, random_data, random_len); } diff --git a/lib/pakchois/pakchois.h b/lib/pakchois/pakchois.h index eaee4bd524..e4b67b2577 100644 --- a/lib/pakchois/pakchois.h +++ b/lib/pakchois/pakchois.h @@ -65,39 +65,40 @@ typedef struct pakchois_session_s pakchois_session_t; * "gnome-keyring"). Returns CKR_OK on success. Any module of given * name may be safely loaded multiple times within an application; the * underlying PKCS#11 provider will be loaded only once. */ -ck_rv_t pakchois_module_load(pakchois_module_t **module, const char *name); +ck_rv_t pakchois_module_load (pakchois_module_t ** module, const char *name); /* Load a PKCS#11 module by absolute file name (for example "/lib/opensc-pkcs.so" * Returns CKR_OK on success. Any module of given name may be safely loaded * multiple times within an application; the underlying PKCS#11 provider will * be loaded only once. */ -ck_rv_t pakchois_module_load_abs(pakchois_module_t **module, const char *name); +ck_rv_t pakchois_module_load_abs (pakchois_module_t ** module, + const char *name); /* Load an NSS "softokn" which violates the PKCS#11 standard in * initialization, with given name (e.g. "softokn3"). The directory * in which the NSS database resides must be specified; the other * arguments may be NULL to use defaults. Returns CKR_OK on * success. */ -ck_rv_t pakchois_module_nssload(pakchois_module_t **module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, - const char *secmod_db); - -ck_rv_t pakchois_module_nssload_abs(pakchois_module_t **module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, - const char *secmod_db); +ck_rv_t pakchois_module_nssload (pakchois_module_t ** module, + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, + const char *secmod_db); + +ck_rv_t pakchois_module_nssload_abs (pakchois_module_t ** module, + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, + const char *secmod_db); /* Destroy a PKCS#11 module. */ -void pakchois_module_destroy(pakchois_module_t *module); +void pakchois_module_destroy (pakchois_module_t * module); /* Return the error string corresponding to the given return value. * Never returns NULL. */ -const char *pakchois_error(ck_rv_t rv); +const char *pakchois_error (ck_rv_t rv); /* All following interfaces model the PKCS#11 equivalents, without the camel-cased naming convention. The PKCS#11 specification has @@ -131,244 +132,247 @@ const char *pakchois_error(ck_rv_t rv); concurrently from separate threads, undefined behavioure results. */ -ck_rv_t pakchois_get_info(pakchois_module_t *module, struct ck_info *info); +ck_rv_t pakchois_get_info (pakchois_module_t * module, struct ck_info *info); -ck_rv_t pakchois_get_slot_list(pakchois_module_t *module, - unsigned char token_present, - ck_slot_id_t *slot_list, - unsigned long *count); +ck_rv_t pakchois_get_slot_list (pakchois_module_t * module, + unsigned char token_present, + ck_slot_id_t * slot_list, + unsigned long *count); -ck_rv_t pakchois_get_slot_info(pakchois_module_t *module, - ck_slot_id_t slot_id, - struct ck_slot_info *info); - -ck_rv_t pakchois_get_token_info(pakchois_module_t *module, +ck_rv_t pakchois_get_slot_info (pakchois_module_t * module, ck_slot_id_t slot_id, - struct ck_token_info *info); - -ck_rv_t pakchois_wait_for_slot_event(pakchois_module_t *module, - ck_flags_t flags, ck_slot_id_t *slot, - void *reserved); - -ck_rv_t pakchois_get_mechanism_list(pakchois_module_t *module, - ck_slot_id_t slot_id, - ck_mechanism_type_t *mechanism_list, - unsigned long *count); - -ck_rv_t pakchois_get_mechanism_info(pakchois_module_t *module, - ck_slot_id_t slot_id, - ck_mechanism_type_t type, - struct ck_mechanism_info *info); - -ck_rv_t pakchois_init_token(pakchois_module_t *module, - ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label); - -ck_rv_t pakchois_init_pin(pakchois_session_t *session, unsigned char *pin, - unsigned long pin_len); - -ck_rv_t pakchois_set_pin(pakchois_session_t *session, unsigned char *old_pin, - unsigned long old_len, unsigned char *new_pin, - unsigned long new_len); - -typedef ck_rv_t (*pakchois_notify_t) (pakchois_session_t *sess, - ck_notification_t event, - void *application); - -ck_rv_t pakchois_open_session(pakchois_module_t *module, - ck_slot_id_t slot_id, ck_flags_t flags, - void *application, pakchois_notify_t notify, - pakchois_session_t **session); - -ck_rv_t pakchois_close_session(pakchois_session_t *session); - -ck_rv_t pakchois_close_all_sessions(pakchois_module_t *module, - ck_slot_id_t slot_id); - -ck_rv_t pakchois_get_session_info(pakchois_session_t *session, - struct ck_session_info *info); -ck_rv_t pakchois_get_operation_state(pakchois_session_t *session, - unsigned char *operation_state, - unsigned long *operation_state_len); -ck_rv_t pakchois_set_operation_state(pakchois_session_t *session, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key); - -ck_rv_t pakchois_login(pakchois_session_t *session, ck_user_type_t user_type, - unsigned char *pin, unsigned long pin_len); -ck_rv_t pakchois_logout(pakchois_session_t *session); - -ck_rv_t pakchois_create_object(pakchois_session_t *session, - struct ck_attribute *templ, - unsigned long count, - ck_object_handle_t *object); -ck_rv_t pakchois_copy_object(pakchois_session_t *session, - ck_object_handle_t object, - struct ck_attribute *templ, unsigned long count, - ck_object_handle_t *new_object); -ck_rv_t pakchois_destroy_object(pakchois_session_t *session, - ck_object_handle_t object); -ck_rv_t pakchois_get_object_size(pakchois_session_t *session, - ck_object_handle_t object, - unsigned long *size); - -ck_rv_t pakchois_get_attribute_value(pakchois_session_t *session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count); -ck_rv_t pakchois_set_attribute_value(pakchois_session_t *session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count); -ck_rv_t pakchois_find_objects_init(pakchois_session_t *session, - struct ck_attribute *templ, - unsigned long count); -ck_rv_t pakchois_find_objects(pakchois_session_t *session, - ck_object_handle_t *object, - unsigned long max_object_count, - unsigned long *object_count); -ck_rv_t pakchois_find_objects_final(pakchois_session_t *session); - -ck_rv_t pakchois_encrypt_init(pakchois_session_t *session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); -ck_rv_t pakchois_encrypt(pakchois_session_t *session, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len); -ck_rv_t pakchois_encrypt_update(pakchois_session_t *session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len); -ck_rv_t pakchois_encrypt_final(pakchois_session_t *session, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len); - -ck_rv_t pakchois_decrypt_init(pakchois_session_t *session, + struct ck_slot_info *info); + +ck_rv_t pakchois_get_token_info (pakchois_module_t * module, + ck_slot_id_t slot_id, + struct ck_token_info *info); + +ck_rv_t pakchois_wait_for_slot_event (pakchois_module_t * module, + ck_flags_t flags, ck_slot_id_t * slot, + void *reserved); + +ck_rv_t pakchois_get_mechanism_list (pakchois_module_t * module, + ck_slot_id_t slot_id, + ck_mechanism_type_t * mechanism_list, + unsigned long *count); + +ck_rv_t pakchois_get_mechanism_info (pakchois_module_t * module, + ck_slot_id_t slot_id, + ck_mechanism_type_t type, + struct ck_mechanism_info *info); + +ck_rv_t pakchois_init_token (pakchois_module_t * module, + ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label); + +ck_rv_t pakchois_init_pin (pakchois_session_t * session, unsigned char *pin, + unsigned long pin_len); + +ck_rv_t pakchois_set_pin (pakchois_session_t * session, + unsigned char *old_pin, unsigned long old_len, + unsigned char *new_pin, unsigned long new_len); + +typedef ck_rv_t (*pakchois_notify_t) (pakchois_session_t * sess, + ck_notification_t event, + void *application); + +ck_rv_t pakchois_open_session (pakchois_module_t * module, + ck_slot_id_t slot_id, ck_flags_t flags, + void *application, pakchois_notify_t notify, + pakchois_session_t ** session); + +ck_rv_t pakchois_close_session (pakchois_session_t * session); + +ck_rv_t pakchois_close_all_sessions (pakchois_module_t * module, + ck_slot_id_t slot_id); + +ck_rv_t pakchois_get_session_info (pakchois_session_t * session, + struct ck_session_info *info); +ck_rv_t pakchois_get_operation_state (pakchois_session_t * session, + unsigned char *operation_state, + unsigned long *operation_state_len); +ck_rv_t pakchois_set_operation_state (pakchois_session_t * session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key); + +ck_rv_t pakchois_login (pakchois_session_t * session, + ck_user_type_t user_type, unsigned char *pin, + unsigned long pin_len); +ck_rv_t pakchois_logout (pakchois_session_t * session); + +ck_rv_t pakchois_create_object (pakchois_session_t * session, + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t * object); +ck_rv_t pakchois_copy_object (pakchois_session_t * session, + ck_object_handle_t object, + struct ck_attribute *templ, unsigned long count, + ck_object_handle_t * new_object); +ck_rv_t pakchois_destroy_object (pakchois_session_t * session, + ck_object_handle_t object); +ck_rv_t pakchois_get_object_size (pakchois_session_t * session, + ck_object_handle_t object, + unsigned long *size); + +ck_rv_t pakchois_get_attribute_value (pakchois_session_t * session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count); +ck_rv_t pakchois_set_attribute_value (pakchois_session_t * session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count); +ck_rv_t pakchois_find_objects_init (pakchois_session_t * session, + struct ck_attribute *templ, + unsigned long count); +ck_rv_t pakchois_find_objects (pakchois_session_t * session, + ck_object_handle_t * object, + unsigned long max_object_count, + unsigned long *object_count); +ck_rv_t pakchois_find_objects_final (pakchois_session_t * session); + +ck_rv_t pakchois_encrypt_init (pakchois_session_t * session, + struct ck_mechanism *mechanism, + ck_object_handle_t key); +ck_rv_t pakchois_encrypt (pakchois_session_t * session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len); +ck_rv_t pakchois_encrypt_update (pakchois_session_t * session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len); +ck_rv_t pakchois_encrypt_final (pakchois_session_t * session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len); + +ck_rv_t pakchois_decrypt_init (pakchois_session_t * session, + struct ck_mechanism *mechanism, + ck_object_handle_t key); +ck_rv_t pakchois_decrypt (pakchois_session_t * session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len); +ck_rv_t pakchois_decrypt_update (pakchois_session_t * session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len); +ck_rv_t pakchois_decrypt_final (pakchois_session_t * session, + unsigned char *last_part, + unsigned long *last_part_len); +ck_rv_t pakchois_digest_init (pakchois_session_t * session, + struct ck_mechanism *mechanism); +ck_rv_t pakchois_digest (pakchois_session_t * session, unsigned char *data, + unsigned long data_len, unsigned char *digest, + unsigned long *digest_len); +ck_rv_t pakchois_digest_update (pakchois_session_t * session, + unsigned char *part, unsigned long part_len); +ck_rv_t pakchois_digest_key (pakchois_session_t * session, + ck_object_handle_t key); +ck_rv_t pakchois_digest_final (pakchois_session_t * session, + unsigned char *digest, + unsigned long *digest_len); + +ck_rv_t pakchois_sign_init (pakchois_session_t * session, + struct ck_mechanism *mechanism, + ck_object_handle_t key); +ck_rv_t pakchois_sign (pakchois_session_t * session, unsigned char *data, + unsigned long data_len, unsigned char *signature, + unsigned long *signature_len); +ck_rv_t pakchois_sign_update (pakchois_session_t * session, + unsigned char *part, unsigned long part_len); +ck_rv_t pakchois_sign_final (pakchois_session_t * session, + unsigned char *signature, + unsigned long *signature_len); +ck_rv_t pakchois_sign_recover_init (pakchois_session_t * session, + struct ck_mechanism *mechanism, + ck_object_handle_t key); +ck_rv_t pakchois_sign_recover (pakchois_session_t * session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len); + +ck_rv_t pakchois_verify_init (pakchois_session_t * session, struct ck_mechanism *mechanism, ck_object_handle_t key); -ck_rv_t pakchois_decrypt(pakchois_session_t *session, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len); -ck_rv_t pakchois_decrypt_update(pakchois_session_t *session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len); -ck_rv_t pakchois_decrypt_final(pakchois_session_t *session, - unsigned char *last_part, - unsigned long *last_part_len); -ck_rv_t pakchois_digest_init(pakchois_session_t *session, - struct ck_mechanism *mechanism); -ck_rv_t pakchois_digest(pakchois_session_t *session, unsigned char *data, - unsigned long data_len, unsigned char *digest, - unsigned long *digest_len); -ck_rv_t pakchois_digest_update(pakchois_session_t *session, - unsigned char *part, unsigned long part_len); -ck_rv_t pakchois_digest_key(pakchois_session_t *session, - ck_object_handle_t key); -ck_rv_t pakchois_digest_final(pakchois_session_t *session, - unsigned char *digest, - unsigned long *digest_len); - -ck_rv_t pakchois_sign_init(pakchois_session_t *session, +ck_rv_t pakchois_verify (pakchois_session_t * session, unsigned char *data, + unsigned long data_len, unsigned char *signature, + unsigned long signature_len); +ck_rv_t pakchois_verify_update (pakchois_session_t * session, + unsigned char *part, unsigned long part_len); +ck_rv_t pakchois_verify_final (pakchois_session_t * session, + unsigned char *signature, + unsigned long signature_len); +ck_rv_t pakchois_verify_recover_init (pakchois_session_t * session, + struct ck_mechanism *mechanism, + ck_object_handle_t key); +ck_rv_t pakchois_verify_recover (pakchois_session_t * session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, + unsigned long *data_len); + +ck_rv_t pakchois_digest_encrypt_update (pakchois_session_t * session, + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len); +ck_rv_t pakchois_decrypt_digest_update (pakchois_session_t * session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len); +ck_rv_t pakchois_sign_encrypt_update (pakchois_session_t * session, + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len); +ck_rv_t pakchois_decrypt_verify_update (pakchois_session_t * session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len); + +ck_rv_t pakchois_generate_key (pakchois_session_t * session, + struct ck_mechanism *mechanism, + struct ck_attribute *templ, + unsigned long count, ck_object_handle_t * key); +ck_rv_t pakchois_generate_key_pair (pakchois_session_t * session, + struct ck_mechanism *mechanism, + struct ck_attribute *public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute *private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t * public_key, + ck_object_handle_t * private_key); + +ck_rv_t pakchois_wrap_key (pakchois_session_t * session, struct ck_mechanism *mechanism, - ck_object_handle_t key); -ck_rv_t pakchois_sign(pakchois_session_t *session, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long *signature_len); -ck_rv_t pakchois_sign_update(pakchois_session_t *session, - unsigned char *part, unsigned long part_len); -ck_rv_t pakchois_sign_final(pakchois_session_t *session, - unsigned char *signature, - unsigned long *signature_len); -ck_rv_t pakchois_sign_recover_init(pakchois_session_t *session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); -ck_rv_t pakchois_sign_recover(pakchois_session_t *session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len); - -ck_rv_t pakchois_verify_init(pakchois_session_t *session, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, unsigned char *wrapped_key, + unsigned long *wrapped_key_len); +ck_rv_t pakchois_unwrap_key (pakchois_session_t * session, struct ck_mechanism *mechanism, - ck_object_handle_t key); -ck_rv_t pakchois_verify(pakchois_session_t *session, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long signature_len); -ck_rv_t pakchois_verify_update(pakchois_session_t *session, - unsigned char *part, unsigned long part_len); -ck_rv_t pakchois_verify_final(pakchois_session_t *session, - unsigned char *signature, - unsigned long signature_len); -ck_rv_t pakchois_verify_recover_init(pakchois_session_t *session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); -ck_rv_t pakchois_verify_recover(pakchois_session_t *session, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, unsigned long *data_len); - -ck_rv_t pakchois_digest_encrypt_update(pakchois_session_t *session, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len); -ck_rv_t pakchois_decrypt_digest_update(pakchois_session_t *session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len); -ck_rv_t pakchois_sign_encrypt_update(pakchois_session_t *session, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len); -ck_rv_t pakchois_decrypt_verify_update(pakchois_session_t *session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len); - -ck_rv_t pakchois_generate_key(pakchois_session_t *session, - struct ck_mechanism *mechanism, - struct ck_attribute *templ, - unsigned long count, ck_object_handle_t *key); -ck_rv_t pakchois_generate_key_pair(pakchois_session_t *session, - struct ck_mechanism *mechanism, - struct ck_attribute *public_key_template, - unsigned long public_key_attribute_count, - struct ck_attribute *private_key_template, - unsigned long private_key_attribute_count, - ck_object_handle_t *public_key, - ck_object_handle_t *private_key); - -ck_rv_t pakchois_wrap_key(pakchois_session_t *session, - struct ck_mechanism *mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, unsigned char *wrapped_key, - unsigned long *wrapped_key_len); -ck_rv_t pakchois_unwrap_key(pakchois_session_t *session, - struct ck_mechanism *mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key); -ck_rv_t pakchois_derive_key(pakchois_session_t *session, - struct ck_mechanism *mechanism, - ck_object_handle_t base_key, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key); - -ck_rv_t pakchois_seed_random(pakchois_session_t *session, - unsigned char *seed, unsigned long seed_len); -ck_rv_t pakchois_generate_random(pakchois_session_t *session, - unsigned char *random_data, - unsigned long random_len); + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t * key); +ck_rv_t pakchois_derive_key (pakchois_session_t * session, + struct ck_mechanism *mechanism, + ck_object_handle_t base_key, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t * key); + +ck_rv_t pakchois_seed_random (pakchois_session_t * session, + unsigned char *seed, unsigned long seed_len); +ck_rv_t pakchois_generate_random (pakchois_session_t * session, + unsigned char *random_data, + unsigned long random_len); #endif /* PAKCHOIS_H */ diff --git a/lib/pakchois/pakchois11.h b/lib/pakchois/pakchois11.h index 2e6a1e3ed3..e5056ce2d5 100644 --- a/lib/pakchois/pakchois11.h +++ b/lib/pakchois/pakchois11.h @@ -54,7 +54,8 @@ #define PKCS11_H 1 #if defined(__cplusplus) -extern "C" { +extern "C" +{ #endif @@ -94,8 +95,8 @@ extern "C" { #define CK_SPEC #endif - + #ifdef CRYPTOKI_COMPAT /* If we are in compatibility mode, switch all exposed names to the PKCS #11 variant. There are corresponding #undefs below. */ @@ -179,45 +180,45 @@ extern "C" { #define unlock_mutex UnlockMutex #define reserved pReserved -#endif /* CRYPTOKI_COMPAT */ - +#endif /* CRYPTOKI_COMPAT */ -typedef unsigned long ck_flags_t; -struct ck_version -{ - unsigned char major; - unsigned char minor; -}; + typedef unsigned long ck_flags_t; + struct ck_version + { + unsigned char major; + unsigned char minor; + }; -struct ck_info -{ - struct ck_version cryptoki_version; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - unsigned char library_description[32]; - struct ck_version library_version; -}; + + struct ck_info + { + struct ck_version cryptoki_version; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + unsigned char library_description[32]; + struct ck_version library_version; + }; -typedef unsigned long ck_notification_t; + typedef unsigned long ck_notification_t; #define CKN_SURRENDER (0) -typedef unsigned long ck_slot_id_t; + typedef unsigned long ck_slot_id_t; -struct ck_slot_info -{ - unsigned char slot_description[64]; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - struct ck_version hardware_version; - struct ck_version firmware_version; -}; + struct ck_slot_info + { + unsigned char slot_description[64]; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + struct ck_version hardware_version; + struct ck_version firmware_version; + }; #define CKF_TOKEN_PRESENT (1 << 0) @@ -226,27 +227,27 @@ struct ck_slot_info #define CKF_ARRAY_ATTRIBUTE (1 << 30) -struct ck_token_info -{ - unsigned char label[32]; - unsigned char manufacturer_id[32]; - unsigned char model[16]; - unsigned char serial_number[16]; - ck_flags_t flags; - unsigned long max_session_count; - unsigned long session_count; - unsigned long max_rw_session_count; - unsigned long rw_session_count; - unsigned long max_pin_len; - unsigned long min_pin_len; - unsigned long total_public_memory; - unsigned long free_public_memory; - unsigned long total_private_memory; - unsigned long free_private_memory; - struct ck_version hardware_version; - struct ck_version firmware_version; - unsigned char utc_time[16]; -}; + struct ck_token_info + { + unsigned char label[32]; + unsigned char manufacturer_id[32]; + unsigned char model[16]; + unsigned char serial_number[16]; + ck_flags_t flags; + unsigned long max_session_count; + unsigned long session_count; + unsigned long max_rw_session_count; + unsigned long rw_session_count; + unsigned long max_pin_len; + unsigned long min_pin_len; + unsigned long total_public_memory; + unsigned long free_public_memory; + unsigned long total_private_memory; + unsigned long free_private_memory; + struct ck_version hardware_version; + struct ck_version firmware_version; + unsigned char utc_time[16]; + }; #define CKF_RNG (1 << 0) @@ -272,19 +273,19 @@ struct ck_token_info #define CK_EFFECTIVELY_INFINITE (0) -typedef unsigned long ck_session_handle_t; + typedef unsigned long ck_session_handle_t; #define CK_INVALID_HANDLE (0) -typedef unsigned long ck_user_type_t; + typedef unsigned long ck_user_type_t; #define CKU_SO (0) #define CKU_USER (1) #define CKU_CONTEXT_SPECIFIC (2) -typedef unsigned long ck_state_t; + typedef unsigned long ck_state_t; #define CKS_RO_PUBLIC_SESSION (0) #define CKS_RO_USER_FUNCTIONS (1) @@ -293,22 +294,22 @@ typedef unsigned long ck_state_t; #define CKS_RW_SO_FUNCTIONS (4) -struct ck_session_info -{ - ck_slot_id_t slot_id; - ck_state_t state; - ck_flags_t flags; - unsigned long device_error; -}; + struct ck_session_info + { + ck_slot_id_t slot_id; + ck_state_t state; + ck_flags_t flags; + unsigned long device_error; + }; #define CKF_RW_SESSION (1 << 1) #define CKF_SERIAL_SESSION (1 << 2) -typedef unsigned long ck_object_handle_t; + typedef unsigned long ck_object_handle_t; -typedef unsigned long ck_object_class_t; + typedef unsigned long ck_object_class_t; #define CKO_DATA (0) #define CKO_CERTIFICATE (1) @@ -321,7 +322,7 @@ typedef unsigned long ck_object_class_t; #define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31)) -typedef unsigned long ck_hw_feature_type_t; + typedef unsigned long ck_hw_feature_type_t; #define CKH_MONOTONIC_COUNTER (1) #define CKH_CLOCK (2) @@ -329,7 +330,7 @@ typedef unsigned long ck_hw_feature_type_t; #define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31)) -typedef unsigned long ck_key_type_t; + typedef unsigned long ck_key_type_t; #define CKK_RSA (0) #define CKK_DSA (1) @@ -359,7 +360,7 @@ typedef unsigned long ck_key_type_t; #define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31)) -typedef unsigned long ck_certificate_type_t; + typedef unsigned long ck_certificate_type_t; #define CKC_X_509 (0) #define CKC_X_509_ATTR_CERT (1) @@ -367,7 +368,7 @@ typedef unsigned long ck_certificate_type_t; #define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31)) -typedef unsigned long ck_attribute_type_t; + typedef unsigned long ck_attribute_type_t; #define CKA_CLASS (0) #define CKA_TOKEN (1) @@ -456,23 +457,23 @@ typedef unsigned long ck_attribute_type_t; #define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31)) -struct ck_attribute -{ - ck_attribute_type_t type; - void *value; - unsigned long value_len; -}; + struct ck_attribute + { + ck_attribute_type_t type; + void *value; + unsigned long value_len; + }; -struct ck_date -{ - unsigned char year[4]; - unsigned char month[2]; - unsigned char day[2]; -}; + struct ck_date + { + unsigned char year[4]; + unsigned char month[2]; + unsigned char day[2]; + }; -typedef unsigned long ck_mechanism_type_t; + typedef unsigned long ck_mechanism_type_t; #define CKM_RSA_PKCS_KEY_PAIR_GEN (0) #define CKM_RSA_PKCS (1) @@ -675,20 +676,20 @@ typedef unsigned long ck_mechanism_type_t; #define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31)) -struct ck_mechanism -{ - ck_mechanism_type_t mechanism; - void *parameter; - unsigned long parameter_len; -}; + struct ck_mechanism + { + ck_mechanism_type_t mechanism; + void *parameter; + unsigned long parameter_len; + }; -struct ck_mechanism_info -{ - unsigned long min_key_size; - unsigned long max_key_size; - ck_flags_t flags; -}; + struct ck_mechanism_info + { + unsigned long min_key_size; + unsigned long max_key_size; + ck_flags_t flags; + }; #define CKF_HW (1 << 0) #define CKF_ENCRYPT (1 << 8) @@ -710,385 +711,379 @@ struct ck_mechanism_info #define CKF_DONT_BLOCK (1) -typedef unsigned long ck_rv_t; + typedef unsigned long ck_rv_t; -typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, - ck_notification_t event, void *application); + typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, + ck_notification_t event, void *application); /* Forward reference. */ -struct ck_function_list; + struct ck_function_list; #define _CK_DECLARE_FUNCTION(name, args) \ typedef ck_rv_t (*CK_ ## name) args; \ ck_rv_t CK_SPEC name args -_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); -_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); -_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); -_CK_DECLARE_FUNCTION (C_GetFunctionList, - (struct ck_function_list **function_list)); - -_CK_DECLARE_FUNCTION (C_GetSlotList, - (unsigned char token_present, ck_slot_id_t *slot_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetSlotInfo, - (ck_slot_id_t slot_id, struct ck_slot_info *info)); -_CK_DECLARE_FUNCTION (C_GetTokenInfo, - (ck_slot_id_t slot_id, struct ck_token_info *info)); -_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, - (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); -_CK_DECLARE_FUNCTION (C_GetMechanismList, - (ck_slot_id_t slot_id, - ck_mechanism_type_t *mechanism_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetMechanismInfo, - (ck_slot_id_t slot_id, ck_mechanism_type_t type, - struct ck_mechanism_info *info)); -_CK_DECLARE_FUNCTION (C_InitToken, - (ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label)); -_CK_DECLARE_FUNCTION (C_InitPIN, - (ck_session_handle_t session, unsigned char *pin, - unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_SetPIN, - (ck_session_handle_t session, unsigned char *old_pin, - unsigned long old_len, unsigned char *new_pin, - unsigned long new_len)); - -_CK_DECLARE_FUNCTION (C_OpenSession, - (ck_slot_id_t slot_id, ck_flags_t flags, - void *application, ck_notify_t notify, - ck_session_handle_t *session)); -_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); -_CK_DECLARE_FUNCTION (C_GetSessionInfo, - (ck_session_handle_t session, - struct ck_session_info *info)); -_CK_DECLARE_FUNCTION (C_GetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long *operation_state_len)); -_CK_DECLARE_FUNCTION (C_SetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key)); -_CK_DECLARE_FUNCTION (C_Login, - (ck_session_handle_t session, ck_user_type_t user_type, - unsigned char *pin, unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_CreateObject, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count, ck_object_handle_t *object)); -_CK_DECLARE_FUNCTION (C_CopyObject, - (ck_session_handle_t session, ck_object_handle_t object, - struct ck_attribute *templ, unsigned long count, - ck_object_handle_t *new_object)); -_CK_DECLARE_FUNCTION (C_DestroyObject, - (ck_session_handle_t session, - ck_object_handle_t object)); -_CK_DECLARE_FUNCTION (C_GetObjectSize, - (ck_session_handle_t session, - ck_object_handle_t object, - unsigned long *size)); -_CK_DECLARE_FUNCTION (C_GetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_SetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjectsInit, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjects, - (ck_session_handle_t session, - ck_object_handle_t *object, - unsigned long max_object_count, - unsigned long *object_count)); -_CK_DECLARE_FUNCTION (C_FindObjectsFinal, - (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_EncryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Encrypt, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len)); -_CK_DECLARE_FUNCTION (C_EncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_EncryptFinal, - (ck_session_handle_t session, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len)); - -_CK_DECLARE_FUNCTION (C_DecryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Decrypt, - (ck_session_handle_t session, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len)); -_CK_DECLARE_FUNCTION (C_DecryptUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_DecryptFinal, - (ck_session_handle_t session, - unsigned char *last_part, - unsigned long *last_part_len)); - -_CK_DECLARE_FUNCTION (C_DigestInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism)); -_CK_DECLARE_FUNCTION (C_Digest, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *digest, - unsigned long *digest_len)); -_CK_DECLARE_FUNCTION (C_DigestUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_DigestKey, - (ck_session_handle_t session, ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_DigestFinal, - (ck_session_handle_t session, - unsigned char *digest, - unsigned long *digest_len)); - -_CK_DECLARE_FUNCTION (C_SignInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Sign, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_SignFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_SignRecover, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); - -_CK_DECLARE_FUNCTION (C_VerifyInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Verify, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_VerifyFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_VerifyRecover, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, - unsigned long *data_len)); - -_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); - -_CK_DECLARE_FUNCTION (C_GenerateKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *templ, - unsigned long count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_GenerateKeyPair, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *public_key_template, - unsigned long public_key_attribute_count, - struct ck_attribute *private_key_template, - unsigned long private_key_attribute_count, - ck_object_handle_t *public_key, - ck_object_handle_t *private_key)); -_CK_DECLARE_FUNCTION (C_WrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, - unsigned char *wrapped_key, - unsigned long *wrapped_key_len)); -_CK_DECLARE_FUNCTION (C_UnwrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_DeriveKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t base_key, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); - -_CK_DECLARE_FUNCTION (C_SeedRandom, - (ck_session_handle_t session, unsigned char *seed, - unsigned long seed_len)); -_CK_DECLARE_FUNCTION (C_GenerateRandom, - (ck_session_handle_t session, - unsigned char *random_data, - unsigned long random_len)); - -_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); - - -struct ck_function_list -{ - struct ck_version version; - CK_C_Initialize C_Initialize; - CK_C_Finalize C_Finalize; - CK_C_GetInfo C_GetInfo; - CK_C_GetFunctionList C_GetFunctionList; - CK_C_GetSlotList C_GetSlotList; - CK_C_GetSlotInfo C_GetSlotInfo; - CK_C_GetTokenInfo C_GetTokenInfo; - CK_C_GetMechanismList C_GetMechanismList; - CK_C_GetMechanismInfo C_GetMechanismInfo; - CK_C_InitToken C_InitToken; - CK_C_InitPIN C_InitPIN; - CK_C_SetPIN C_SetPIN; - CK_C_OpenSession C_OpenSession; - CK_C_CloseSession C_CloseSession; - CK_C_CloseAllSessions C_CloseAllSessions; - CK_C_GetSessionInfo C_GetSessionInfo; - CK_C_GetOperationState C_GetOperationState; - CK_C_SetOperationState C_SetOperationState; - CK_C_Login C_Login; - CK_C_Logout C_Logout; - CK_C_CreateObject C_CreateObject; - CK_C_CopyObject C_CopyObject; - CK_C_DestroyObject C_DestroyObject; - CK_C_GetObjectSize C_GetObjectSize; - CK_C_GetAttributeValue C_GetAttributeValue; - CK_C_SetAttributeValue C_SetAttributeValue; - CK_C_FindObjectsInit C_FindObjectsInit; - CK_C_FindObjects C_FindObjects; - CK_C_FindObjectsFinal C_FindObjectsFinal; - CK_C_EncryptInit C_EncryptInit; - CK_C_Encrypt C_Encrypt; - CK_C_EncryptUpdate C_EncryptUpdate; - CK_C_EncryptFinal C_EncryptFinal; - CK_C_DecryptInit C_DecryptInit; - CK_C_Decrypt C_Decrypt; - CK_C_DecryptUpdate C_DecryptUpdate; - CK_C_DecryptFinal C_DecryptFinal; - CK_C_DigestInit C_DigestInit; - CK_C_Digest C_Digest; - CK_C_DigestUpdate C_DigestUpdate; - CK_C_DigestKey C_DigestKey; - CK_C_DigestFinal C_DigestFinal; - CK_C_SignInit C_SignInit; - CK_C_Sign C_Sign; - CK_C_SignUpdate C_SignUpdate; - CK_C_SignFinal C_SignFinal; - CK_C_SignRecoverInit C_SignRecoverInit; - CK_C_SignRecover C_SignRecover; - CK_C_VerifyInit C_VerifyInit; - CK_C_Verify C_Verify; - CK_C_VerifyUpdate C_VerifyUpdate; - CK_C_VerifyFinal C_VerifyFinal; - CK_C_VerifyRecoverInit C_VerifyRecoverInit; - CK_C_VerifyRecover C_VerifyRecover; - CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; - CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; - CK_C_SignEncryptUpdate C_SignEncryptUpdate; - CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; - CK_C_GenerateKey C_GenerateKey; - CK_C_GenerateKeyPair C_GenerateKeyPair; - CK_C_WrapKey C_WrapKey; - CK_C_UnwrapKey C_UnwrapKey; - CK_C_DeriveKey C_DeriveKey; - CK_C_SeedRandom C_SeedRandom; - CK_C_GenerateRandom C_GenerateRandom; - CK_C_GetFunctionStatus C_GetFunctionStatus; - CK_C_CancelFunction C_CancelFunction; - CK_C_WaitForSlotEvent C_WaitForSlotEvent; -}; - - -typedef ck_rv_t (*ck_createmutex_t) (void **mutex); -typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); -typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); -typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); - - -struct ck_c_initialize_args -{ - ck_createmutex_t create_mutex; - ck_destroymutex_t destroy_mutex; - ck_lockmutex_t lock_mutex; - ck_unlockmutex_t unlock_mutex; - ck_flags_t flags; - void *reserved; -}; + _CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); + _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); + _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info * info)); + _CK_DECLARE_FUNCTION (C_GetFunctionList, + (struct ck_function_list ** function_list)); + + _CK_DECLARE_FUNCTION (C_GetSlotList, + (unsigned char token_present, + ck_slot_id_t * slot_list, unsigned long *count)); + _CK_DECLARE_FUNCTION (C_GetSlotInfo, + (ck_slot_id_t slot_id, struct ck_slot_info * info)); + _CK_DECLARE_FUNCTION (C_GetTokenInfo, + (ck_slot_id_t slot_id, + struct ck_token_info * info)); + _CK_DECLARE_FUNCTION (C_WaitForSlotEvent, + (ck_flags_t flags, ck_slot_id_t * slot, + void *reserved)); + _CK_DECLARE_FUNCTION (C_GetMechanismList, + (ck_slot_id_t slot_id, + ck_mechanism_type_t * mechanism_list, + unsigned long *count)); + _CK_DECLARE_FUNCTION (C_GetMechanismInfo, + (ck_slot_id_t slot_id, ck_mechanism_type_t type, + struct ck_mechanism_info * info)); + _CK_DECLARE_FUNCTION (C_InitToken, + (ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label)); + _CK_DECLARE_FUNCTION (C_InitPIN, + (ck_session_handle_t session, unsigned char *pin, + unsigned long pin_len)); + _CK_DECLARE_FUNCTION (C_SetPIN, + (ck_session_handle_t session, + unsigned char *old_pin, unsigned long old_len, + unsigned char *new_pin, unsigned long new_len)); + + _CK_DECLARE_FUNCTION (C_OpenSession, + (ck_slot_id_t slot_id, ck_flags_t flags, + void *application, ck_notify_t notify, + ck_session_handle_t * session)); + _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); + _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); + _CK_DECLARE_FUNCTION (C_GetSessionInfo, + (ck_session_handle_t session, + struct ck_session_info * info)); + _CK_DECLARE_FUNCTION (C_GetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long *operation_state_len)); + _CK_DECLARE_FUNCTION (C_SetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key)); + _CK_DECLARE_FUNCTION (C_Login, + (ck_session_handle_t session, + ck_user_type_t user_type, unsigned char *pin, + unsigned long pin_len)); + _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); + + _CK_DECLARE_FUNCTION (C_CreateObject, + (ck_session_handle_t session, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * object)); + _CK_DECLARE_FUNCTION (C_CopyObject, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute * templ, unsigned long count, + ck_object_handle_t * new_object)); + _CK_DECLARE_FUNCTION (C_DestroyObject, + (ck_session_handle_t session, + ck_object_handle_t object)); + _CK_DECLARE_FUNCTION (C_GetObjectSize, + (ck_session_handle_t session, + ck_object_handle_t object, unsigned long *size)); + _CK_DECLARE_FUNCTION (C_GetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute * templ, unsigned long count)); + _CK_DECLARE_FUNCTION (C_SetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute * templ, unsigned long count)); + _CK_DECLARE_FUNCTION (C_FindObjectsInit, + (ck_session_handle_t session, + struct ck_attribute * templ, unsigned long count)); + _CK_DECLARE_FUNCTION (C_FindObjects, + (ck_session_handle_t session, + ck_object_handle_t * object, + unsigned long max_object_count, + unsigned long *object_count)); + _CK_DECLARE_FUNCTION (C_FindObjectsFinal, (ck_session_handle_t session)); + + _CK_DECLARE_FUNCTION (C_EncryptInit, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); + _CK_DECLARE_FUNCTION (C_Encrypt, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len)); + _CK_DECLARE_FUNCTION (C_EncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); + _CK_DECLARE_FUNCTION (C_EncryptFinal, + (ck_session_handle_t session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len)); + + _CK_DECLARE_FUNCTION (C_DecryptInit, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); + _CK_DECLARE_FUNCTION (C_Decrypt, + (ck_session_handle_t session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len)); + _CK_DECLARE_FUNCTION (C_DecryptUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); + _CK_DECLARE_FUNCTION (C_DecryptFinal, + (ck_session_handle_t session, + unsigned char *last_part, + unsigned long *last_part_len)); + + _CK_DECLARE_FUNCTION (C_DigestInit, + (ck_session_handle_t session, + struct ck_mechanism * mechanism)); + _CK_DECLARE_FUNCTION (C_Digest, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *digest, unsigned long *digest_len)); + _CK_DECLARE_FUNCTION (C_DigestUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); + _CK_DECLARE_FUNCTION (C_DigestKey, + (ck_session_handle_t session, + ck_object_handle_t key)); + _CK_DECLARE_FUNCTION (C_DigestFinal, + (ck_session_handle_t session, unsigned char *digest, + unsigned long *digest_len)); + + _CK_DECLARE_FUNCTION (C_SignInit, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); + _CK_DECLARE_FUNCTION (C_Sign, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); + _CK_DECLARE_FUNCTION (C_SignUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); + _CK_DECLARE_FUNCTION (C_SignFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long *signature_len)); + _CK_DECLARE_FUNCTION (C_SignRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); + _CK_DECLARE_FUNCTION (C_SignRecover, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); + + _CK_DECLARE_FUNCTION (C_VerifyInit, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); + _CK_DECLARE_FUNCTION (C_Verify, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long signature_len)); + _CK_DECLARE_FUNCTION (C_VerifyUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); + _CK_DECLARE_FUNCTION (C_VerifyFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len)); + _CK_DECLARE_FUNCTION (C_VerifyRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); + _CK_DECLARE_FUNCTION (C_VerifyRecover, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, unsigned long *data_len)); + + _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); + _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); + _CK_DECLARE_FUNCTION (C_SignEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); + _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); + + _CK_DECLARE_FUNCTION (C_GenerateKey, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * key)); + _CK_DECLARE_FUNCTION (C_GenerateKeyPair, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + struct ck_attribute * public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute * private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t * public_key, + ck_object_handle_t * private_key)); + _CK_DECLARE_FUNCTION (C_WrapKey, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, + unsigned long *wrapped_key_len)); + _CK_DECLARE_FUNCTION (C_UnwrapKey, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute * templ, + unsigned long attribute_count, + ck_object_handle_t * key)); + _CK_DECLARE_FUNCTION (C_DeriveKey, + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t base_key, + struct ck_attribute * templ, + unsigned long attribute_count, + ck_object_handle_t * key)); + + _CK_DECLARE_FUNCTION (C_SeedRandom, + (ck_session_handle_t session, unsigned char *seed, + unsigned long seed_len)); + _CK_DECLARE_FUNCTION (C_GenerateRandom, + (ck_session_handle_t session, + unsigned char *random_data, + unsigned long random_len)); + + _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); + _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); + + + struct ck_function_list + { + struct ck_version version; + CK_C_Initialize C_Initialize; + CK_C_Finalize C_Finalize; + CK_C_GetInfo C_GetInfo; + CK_C_GetFunctionList C_GetFunctionList; + CK_C_GetSlotList C_GetSlotList; + CK_C_GetSlotInfo C_GetSlotInfo; + CK_C_GetTokenInfo C_GetTokenInfo; + CK_C_GetMechanismList C_GetMechanismList; + CK_C_GetMechanismInfo C_GetMechanismInfo; + CK_C_InitToken C_InitToken; + CK_C_InitPIN C_InitPIN; + CK_C_SetPIN C_SetPIN; + CK_C_OpenSession C_OpenSession; + CK_C_CloseSession C_CloseSession; + CK_C_CloseAllSessions C_CloseAllSessions; + CK_C_GetSessionInfo C_GetSessionInfo; + CK_C_GetOperationState C_GetOperationState; + CK_C_SetOperationState C_SetOperationState; + CK_C_Login C_Login; + CK_C_Logout C_Logout; + CK_C_CreateObject C_CreateObject; + CK_C_CopyObject C_CopyObject; + CK_C_DestroyObject C_DestroyObject; + CK_C_GetObjectSize C_GetObjectSize; + CK_C_GetAttributeValue C_GetAttributeValue; + CK_C_SetAttributeValue C_SetAttributeValue; + CK_C_FindObjectsInit C_FindObjectsInit; + CK_C_FindObjects C_FindObjects; + CK_C_FindObjectsFinal C_FindObjectsFinal; + CK_C_EncryptInit C_EncryptInit; + CK_C_Encrypt C_Encrypt; + CK_C_EncryptUpdate C_EncryptUpdate; + CK_C_EncryptFinal C_EncryptFinal; + CK_C_DecryptInit C_DecryptInit; + CK_C_Decrypt C_Decrypt; + CK_C_DecryptUpdate C_DecryptUpdate; + CK_C_DecryptFinal C_DecryptFinal; + CK_C_DigestInit C_DigestInit; + CK_C_Digest C_Digest; + CK_C_DigestUpdate C_DigestUpdate; + CK_C_DigestKey C_DigestKey; + CK_C_DigestFinal C_DigestFinal; + CK_C_SignInit C_SignInit; + CK_C_Sign C_Sign; + CK_C_SignUpdate C_SignUpdate; + CK_C_SignFinal C_SignFinal; + CK_C_SignRecoverInit C_SignRecoverInit; + CK_C_SignRecover C_SignRecover; + CK_C_VerifyInit C_VerifyInit; + CK_C_Verify C_Verify; + CK_C_VerifyUpdate C_VerifyUpdate; + CK_C_VerifyFinal C_VerifyFinal; + CK_C_VerifyRecoverInit C_VerifyRecoverInit; + CK_C_VerifyRecover C_VerifyRecover; + CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_C_SignEncryptUpdate C_SignEncryptUpdate; + CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_C_GenerateKey C_GenerateKey; + CK_C_GenerateKeyPair C_GenerateKeyPair; + CK_C_WrapKey C_WrapKey; + CK_C_UnwrapKey C_UnwrapKey; + CK_C_DeriveKey C_DeriveKey; + CK_C_SeedRandom C_SeedRandom; + CK_C_GenerateRandom C_GenerateRandom; + CK_C_GetFunctionStatus C_GetFunctionStatus; + CK_C_CancelFunction C_CancelFunction; + CK_C_WaitForSlotEvent C_WaitForSlotEvent; + }; + + + typedef ck_rv_t (*ck_createmutex_t) (void **mutex); + typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); + typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); + typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); + + + struct ck_c_initialize_args + { + ck_createmutex_t create_mutex; + ck_destroymutex_t destroy_mutex; + ck_lockmutex_t lock_mutex; + ck_unlockmutex_t unlock_mutex; + ck_flags_t flags; + void *reserved; + }; #define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0) @@ -1180,9 +1175,9 @@ struct ck_c_initialize_args #define CKR_MUTEX_NOT_LOCKED (0x1a1) #define CKR_FUNCTION_REJECTED (0x200) #define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31)) + - /* Compatibility layer. */ #ifdef CRYPTOKI_COMPAT @@ -1193,18 +1188,18 @@ struct ck_c_initialize_args /* For NULL. */ #include <stddef.h> -typedef unsigned char CK_BYTE; -typedef unsigned char CK_CHAR; -typedef unsigned char CK_UTF8CHAR; -typedef unsigned char CK_BBOOL; -typedef unsigned long int CK_ULONG; -typedef long int CK_LONG; -typedef CK_BYTE *CK_BYTE_PTR; -typedef CK_CHAR *CK_CHAR_PTR; -typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; -typedef CK_ULONG *CK_ULONG_PTR; -typedef void *CK_VOID_PTR; -typedef void **CK_VOID_PTR_PTR; + typedef unsigned char CK_BYTE; + typedef unsigned char CK_CHAR; + typedef unsigned char CK_UTF8CHAR; + typedef unsigned char CK_BBOOL; + typedef unsigned long int CK_ULONG; + typedef long int CK_LONG; + typedef CK_BYTE *CK_BYTE_PTR; + typedef CK_CHAR *CK_CHAR_PTR; + typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; + typedef CK_ULONG *CK_ULONG_PTR; + typedef void *CK_VOID_PTR; + typedef void **CK_VOID_PTR_PTR; #define CK_FALSE 0 #define CK_TRUE 1 #ifndef CK_DISABLE_TRUE_FALSE @@ -1216,49 +1211,49 @@ typedef void **CK_VOID_PTR_PTR; #endif #endif -typedef struct ck_version CK_VERSION; -typedef struct ck_version *CK_VERSION_PTR; + typedef struct ck_version CK_VERSION; + typedef struct ck_version *CK_VERSION_PTR; -typedef struct ck_info CK_INFO; -typedef struct ck_info *CK_INFO_PTR; + typedef struct ck_info CK_INFO; + typedef struct ck_info *CK_INFO_PTR; -typedef ck_slot_id_t *CK_SLOT_ID_PTR; + typedef ck_slot_id_t *CK_SLOT_ID_PTR; -typedef struct ck_slot_info CK_SLOT_INFO; -typedef struct ck_slot_info *CK_SLOT_INFO_PTR; + typedef struct ck_slot_info CK_SLOT_INFO; + typedef struct ck_slot_info *CK_SLOT_INFO_PTR; -typedef struct ck_token_info CK_TOKEN_INFO; -typedef struct ck_token_info *CK_TOKEN_INFO_PTR; + typedef struct ck_token_info CK_TOKEN_INFO; + typedef struct ck_token_info *CK_TOKEN_INFO_PTR; -typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; + typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; -typedef struct ck_session_info CK_SESSION_INFO; -typedef struct ck_session_info *CK_SESSION_INFO_PTR; + typedef struct ck_session_info CK_SESSION_INFO; + typedef struct ck_session_info *CK_SESSION_INFO_PTR; -typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; + typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; -typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; + typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; -typedef struct ck_attribute CK_ATTRIBUTE; -typedef struct ck_attribute *CK_ATTRIBUTE_PTR; + typedef struct ck_attribute CK_ATTRIBUTE; + typedef struct ck_attribute *CK_ATTRIBUTE_PTR; -typedef struct ck_date CK_DATE; -typedef struct ck_date *CK_DATE_PTR; + typedef struct ck_date CK_DATE; + typedef struct ck_date *CK_DATE_PTR; -typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; + typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; -typedef struct ck_mechanism CK_MECHANISM; -typedef struct ck_mechanism *CK_MECHANISM_PTR; + typedef struct ck_mechanism CK_MECHANISM; + typedef struct ck_mechanism *CK_MECHANISM_PTR; -typedef struct ck_mechanism_info CK_MECHANISM_INFO; -typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; + typedef struct ck_mechanism_info CK_MECHANISM_INFO; + typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; -typedef struct ck_function_list CK_FUNCTION_LIST; -typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; -typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; + typedef struct ck_function_list CK_FUNCTION_LIST; + typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; + typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; -typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; -typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; + typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; + typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; #define NULL_PTR NULL @@ -1342,9 +1337,9 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; #undef unlock_mutex #undef reserved -#endif /* CRYPTOKI_COMPAT */ - +#endif /* CRYPTOKI_COMPAT */ + /* System dependencies. */ #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) #pragma pack(pop, cryptoki) @@ -1354,4 +1349,4 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; } #endif -#endif /* PKCS11_H */ +#endif /* PKCS11_H */ diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 066793b163..c825fb42a5 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -33,33 +33,37 @@ #define MAX_PROVIDERS 16 -static void terminate_string(unsigned char *str, size_t len); +static void terminate_string (unsigned char *str, size_t len); /* XXX: try to eliminate this */ #define MAX_CERT_SIZE 8*1024 -struct gnutls_pkcs11_provider_s { - pakchois_module_t *module; - unsigned long nslots; - ck_slot_id_t *slots; - struct ck_info info; +struct gnutls_pkcs11_provider_s +{ + pakchois_module_t *module; + unsigned long nslots; + ck_slot_id_t *slots; + struct ck_info info; }; -struct flags_find_data_st { - struct pkcs11_url_info info; - unsigned int slot_flags; +struct flags_find_data_st +{ + struct pkcs11_url_info info; + unsigned int slot_flags; }; -struct url_find_data_st { - gnutls_pkcs11_obj_t crt; +struct url_find_data_st +{ + gnutls_pkcs11_obj_t crt; }; -struct crt_find_data_st { - gnutls_pkcs11_obj_t *p_list; - unsigned int *n_list; - unsigned int current; - gnutls_pkcs11_obj_attr_t flags; - struct pkcs11_url_info info; +struct crt_find_data_st +{ + gnutls_pkcs11_obj_t *p_list; + unsigned int *n_list; + unsigned int current; + gnutls_pkcs11_obj_attr_t flags; + struct pkcs11_url_info info; }; @@ -72,98 +76,101 @@ static void *pin_data; gnutls_pkcs11_token_callback_t token_func; void *token_data; -int pkcs11_rv_to_err(ck_rv_t rv) +int +pkcs11_rv_to_err (ck_rv_t rv) { - switch (rv) { - case CKR_OK: - return 0; - case CKR_HOST_MEMORY: - return GNUTLS_E_MEMORY_ERROR; - case CKR_SLOT_ID_INVALID: - return GNUTLS_E_PKCS11_SLOT_ERROR; - case CKR_ARGUMENTS_BAD: - case CKR_MECHANISM_PARAM_INVALID: - return GNUTLS_E_INVALID_REQUEST; - case CKR_NEED_TO_CREATE_THREADS: - case CKR_CANT_LOCK: - case CKR_FUNCTION_NOT_PARALLEL: - case CKR_MUTEX_BAD: - case CKR_MUTEX_NOT_LOCKED: - return GNUTLS_E_LOCKING_ERROR; - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR; - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - return GNUTLS_E_PKCS11_DEVICE_ERROR; - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_OBJECT_HANDLE_INVALID: - return GNUTLS_E_PKCS11_DATA_ERROR; - case CKR_FUNCTION_NOT_SUPPORTED: - case CKR_MECHANISM_INVALID: - return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR; - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_KEY_NOT_NEEDED: - case CKR_KEY_CHANGED: - case CKR_KEY_NEEDED: - case CKR_KEY_INDIGESTIBLE: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_NOT_WRAPPABLE: - case CKR_KEY_UNEXTRACTABLE: - return GNUTLS_E_PKCS11_KEY_ERROR; - case CKR_PIN_INCORRECT: - case CKR_PIN_INVALID: - case CKR_PIN_LEN_RANGE: - return GNUTLS_E_PKCS11_PIN_ERROR; - case CKR_PIN_EXPIRED: - return GNUTLS_E_PKCS11_PIN_EXPIRED; - case CKR_PIN_LOCKED: - return GNUTLS_E_PKCS11_PIN_LOCKED; - case CKR_SESSION_CLOSED: - case CKR_SESSION_COUNT: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_PARALLEL_NOT_SUPPORTED: - case CKR_SESSION_READ_ONLY: - case CKR_SESSION_EXISTS: - case CKR_SESSION_READ_ONLY_EXISTS: - case CKR_SESSION_READ_WRITE_SO_EXISTS: - return GNUTLS_E_PKCS11_SESSION_ERROR; - case CKR_SIGNATURE_INVALID: - case CKR_SIGNATURE_LEN_RANGE: - return GNUTLS_E_PKCS11_SIGNATURE_ERROR; - case CKR_TOKEN_NOT_PRESENT: - case CKR_TOKEN_NOT_RECOGNIZED: - case CKR_TOKEN_WRITE_PROTECTED: - return GNUTLS_E_PKCS11_TOKEN_ERROR; - case CKR_USER_ALREADY_LOGGED_IN: - case CKR_USER_NOT_LOGGED_IN: - case CKR_USER_PIN_NOT_INITIALIZED: - case CKR_USER_TYPE_INVALID: - case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: - case CKR_USER_TOO_MANY_TYPES: - return GNUTLS_E_PKCS11_USER_ERROR; - case CKR_BUFFER_TOO_SMALL: - return GNUTLS_E_SHORT_MEMORY_BUFFER; - default: - return GNUTLS_E_PKCS11_ERROR; - } + switch (rv) + { + case CKR_OK: + return 0; + case CKR_HOST_MEMORY: + return GNUTLS_E_MEMORY_ERROR; + case CKR_SLOT_ID_INVALID: + return GNUTLS_E_PKCS11_SLOT_ERROR; + case CKR_ARGUMENTS_BAD: + case CKR_MECHANISM_PARAM_INVALID: + return GNUTLS_E_INVALID_REQUEST; + case CKR_NEED_TO_CREATE_THREADS: + case CKR_CANT_LOCK: + case CKR_FUNCTION_NOT_PARALLEL: + case CKR_MUTEX_BAD: + case CKR_MUTEX_NOT_LOCKED: + return GNUTLS_E_LOCKING_ERROR; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR; + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + return GNUTLS_E_PKCS11_DEVICE_ERROR; + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_OBJECT_HANDLE_INVALID: + return GNUTLS_E_PKCS11_DATA_ERROR; + case CKR_FUNCTION_NOT_SUPPORTED: + case CKR_MECHANISM_INVALID: + return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR; + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_KEY_NOT_NEEDED: + case CKR_KEY_CHANGED: + case CKR_KEY_NEEDED: + case CKR_KEY_INDIGESTIBLE: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_NOT_WRAPPABLE: + case CKR_KEY_UNEXTRACTABLE: + return GNUTLS_E_PKCS11_KEY_ERROR; + case CKR_PIN_INCORRECT: + case CKR_PIN_INVALID: + case CKR_PIN_LEN_RANGE: + return GNUTLS_E_PKCS11_PIN_ERROR; + case CKR_PIN_EXPIRED: + return GNUTLS_E_PKCS11_PIN_EXPIRED; + case CKR_PIN_LOCKED: + return GNUTLS_E_PKCS11_PIN_LOCKED; + case CKR_SESSION_CLOSED: + case CKR_SESSION_COUNT: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_PARALLEL_NOT_SUPPORTED: + case CKR_SESSION_READ_ONLY: + case CKR_SESSION_EXISTS: + case CKR_SESSION_READ_ONLY_EXISTS: + case CKR_SESSION_READ_WRITE_SO_EXISTS: + return GNUTLS_E_PKCS11_SESSION_ERROR; + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + return GNUTLS_E_PKCS11_SIGNATURE_ERROR; + case CKR_TOKEN_NOT_PRESENT: + case CKR_TOKEN_NOT_RECOGNIZED: + case CKR_TOKEN_WRITE_PROTECTED: + return GNUTLS_E_PKCS11_TOKEN_ERROR; + case CKR_USER_ALREADY_LOGGED_IN: + case CKR_USER_NOT_LOGGED_IN: + case CKR_USER_PIN_NOT_INITIALIZED: + case CKR_USER_TYPE_INVALID: + case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: + case CKR_USER_TOO_MANY_TYPES: + return GNUTLS_E_PKCS11_USER_ERROR; + case CKR_BUFFER_TOO_SMALL: + return GNUTLS_E_SHORT_MEMORY_BUFFER; + default: + return GNUTLS_E_PKCS11_ERROR; + } } /* Fake scan */ -void pkcs11_rescan_slots(void) +void +pkcs11_rescan_slots (void) { - unsigned long slots; + unsigned long slots; - pakchois_get_slot_list(providers[active_providers - 1].module, 0, - NULL, &slots); + pakchois_get_slot_list (providers[active_providers - 1].module, 0, + NULL, &slots); } /** @@ -178,66 +185,75 @@ void pkcs11_rescan_slots(void) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_add_provider(const char *name, const char *params) +int +gnutls_pkcs11_add_provider (const char *name, const char *params) { - if (active_providers >= MAX_PROVIDERS) { - gnutls_assert(); - return GNUTLS_E_CONSTRAINT_ERROR; - } - - active_providers++; - if (pakchois_module_load_abs - (&providers[active_providers - 1].module, name) != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("p11: Cannot load provider %s\n", name); - active_providers--; - return GNUTLS_E_PKCS11_LOAD_ERROR; - } - - /* cache the number of slots in this module */ - if (pakchois_get_slot_list - (providers[active_providers - 1].module, 0, NULL, - &providers[active_providers - 1].nslots) != CKR_OK) { - gnutls_assert(); - goto fail; - } - - providers[active_providers - 1].slots = - gnutls_malloc(sizeof(*providers[active_providers - 1].slots) * - providers[active_providers - 1].nslots); - if (providers[active_providers - 1].slots == NULL) { - gnutls_assert(); - goto fail; - } - - if (pakchois_get_slot_list - (providers[active_providers - 1].module, 0, - providers[active_providers - 1].slots, - &providers[active_providers - 1].nslots) != CKR_OK) { - gnutls_assert(); - gnutls_free(providers[active_providers - 1].slots); - goto fail; - } - - memset( &providers[active_providers-1].info, 0, sizeof(providers[active_providers-1].info)); - pakchois_get_info(providers[active_providers - 1].module, &providers[active_providers-1].info); - - terminate_string(providers[active_providers-1].info.manufacturer_id, - sizeof(providers[active_providers-1].info.manufacturer_id)); - terminate_string(providers[active_providers-1].info.library_description, - sizeof(providers[active_providers-1].info.library_description)); - - _gnutls_debug_log("p11: loaded provider '%s' with %d slots\n", - name, - (int) providers[active_providers - 1].nslots); - - return 0; - - fail: - pakchois_module_destroy(providers[active_providers - 1].module); - active_providers--; - return GNUTLS_E_PKCS11_LOAD_ERROR; + if (active_providers >= MAX_PROVIDERS) + { + gnutls_assert (); + return GNUTLS_E_CONSTRAINT_ERROR; + } + + active_providers++; + if (pakchois_module_load_abs + (&providers[active_providers - 1].module, name) != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("p11: Cannot load provider %s\n", name); + active_providers--; + return GNUTLS_E_PKCS11_LOAD_ERROR; + } + + /* cache the number of slots in this module */ + if (pakchois_get_slot_list + (providers[active_providers - 1].module, 0, NULL, + &providers[active_providers - 1].nslots) != CKR_OK) + { + gnutls_assert (); + goto fail; + } + + providers[active_providers - 1].slots = + gnutls_malloc (sizeof (*providers[active_providers - 1].slots) * + providers[active_providers - 1].nslots); + if (providers[active_providers - 1].slots == NULL) + { + gnutls_assert (); + goto fail; + } + + if (pakchois_get_slot_list + (providers[active_providers - 1].module, 0, + providers[active_providers - 1].slots, + &providers[active_providers - 1].nslots) != CKR_OK) + { + gnutls_assert (); + gnutls_free (providers[active_providers - 1].slots); + goto fail; + } + + memset (&providers[active_providers - 1].info, 0, + sizeof (providers[active_providers - 1].info)); + pakchois_get_info (providers[active_providers - 1].module, + &providers[active_providers - 1].info); + + terminate_string (providers[active_providers - 1].info.manufacturer_id, + sizeof (providers[active_providers - 1]. + info.manufacturer_id)); + terminate_string (providers[active_providers - 1].info.library_description, + sizeof (providers[active_providers - 1]. + info.library_description)); + + _gnutls_debug_log ("p11: loaded provider '%s' with %d slots\n", + name, (int) providers[active_providers - 1].nslots); + + return 0; + +fail: + pakchois_module_destroy (providers[active_providers - 1].module); + active_providers--; + return GNUTLS_E_PKCS11_LOAD_ERROR; } @@ -256,76 +272,80 @@ int gnutls_pkcs11_add_provider(const char *name, const char *params) * * Returns: zero on success or a negative value on error. **/ -int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt, - gnutls_pkcs11_obj_info_t itype, - void *output, size_t * output_size) +int +gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, + gnutls_pkcs11_obj_info_t itype, + void *output, size_t * output_size) { - return pkcs11_get_info(&crt->info, itype, output, output_size); + return pkcs11_get_info (&crt->info, itype, output, output_size); } -int pkcs11_get_info(struct pkcs11_url_info *info, - gnutls_pkcs11_obj_info_t itype, void *output, - size_t * output_size) +int +pkcs11_get_info (struct pkcs11_url_info *info, + gnutls_pkcs11_obj_info_t itype, void *output, + size_t * output_size) { - const char *str = NULL; - size_t len; - - switch (itype) { - case GNUTLS_PKCS11_OBJ_ID: - if (*output_size < info->certid_raw_size) { - *output_size = info->certid_raw_size; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - if (output) - memcpy(output, info->certid_raw, - info->certid_raw_size); - *output_size = info->certid_raw_size; - - return 0; - case GNUTLS_PKCS11_OBJ_ID_HEX: - str = info->id; - break; - case GNUTLS_PKCS11_OBJ_LABEL: - str = info->label; - break; - case GNUTLS_PKCS11_OBJ_TOKEN_LABEL: - str = info->token; - break; - case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL: - str = info->serial; - break; - case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER: - str = info->manufacturer; - break; - case GNUTLS_PKCS11_OBJ_TOKEN_MODEL: - str = info->model; - break; - case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION: - str = info->lib_desc; - break; - case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION: - str = info->lib_version; - break; - case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER: - str = info->lib_manufacturer; - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - len = strlen(str); - - if (len + 1 > *output_size) { - *output_size = len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - strcpy(output, str); - - *output_size = len; - - return 0; + const char *str = NULL; + size_t len; + + switch (itype) + { + case GNUTLS_PKCS11_OBJ_ID: + if (*output_size < info->certid_raw_size) + { + *output_size = info->certid_raw_size; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + if (output) + memcpy (output, info->certid_raw, info->certid_raw_size); + *output_size = info->certid_raw_size; + + return 0; + case GNUTLS_PKCS11_OBJ_ID_HEX: + str = info->id; + break; + case GNUTLS_PKCS11_OBJ_LABEL: + str = info->label; + break; + case GNUTLS_PKCS11_OBJ_TOKEN_LABEL: + str = info->token; + break; + case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL: + str = info->serial; + break; + case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER: + str = info->manufacturer; + break; + case GNUTLS_PKCS11_OBJ_TOKEN_MODEL: + str = info->model; + break; + case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION: + str = info->lib_desc; + break; + case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION: + str = info->lib_version; + break; + case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER: + str = info->lib_manufacturer; + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + len = strlen (str); + + if (len + 1 > *output_size) + { + *output_size = len + 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + strcpy (output, str); + + *output_size = len; + + return 0; } static int init = 0; @@ -347,62 +367,66 @@ static int init = 0; * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_init(unsigned int flags, const char *configfile) +int +gnutls_pkcs11_init (unsigned int flags, const char *configfile) { - int ret; - - if (init != 0) { - init++; - return 0; - } - init++; - - if (flags == GNUTLS_PKCS11_FLAG_MANUAL) - return 0; - else { - FILE *fp; - char line[512]; - const char *library; - - if (configfile == NULL) - configfile = "/etc/gnutls/pkcs11.conf"; - - fp = fopen(configfile, "r"); - if (fp == NULL) { - gnutls_assert(); - _gnutls_debug_log("Cannot load %s\n", configfile); - return GNUTLS_E_FILE_ERROR; + int ret; + + if (init != 0) + { + init++; + return 0; + } + init++; + + if (flags == GNUTLS_PKCS11_FLAG_MANUAL) + return 0; + else + { + FILE *fp; + char line[512]; + const char *library; + + if (configfile == NULL) + configfile = "/etc/gnutls/pkcs11.conf"; + + fp = fopen (configfile, "r"); + if (fp == NULL) + { + gnutls_assert (); + _gnutls_debug_log ("Cannot load %s\n", configfile); + return GNUTLS_E_FILE_ERROR; + } + + while (fgets (line, sizeof (line), fp) != NULL) + { + if (strncmp (line, "load", sizeof ("load") - 1) == 0) + { + char *p; + p = strchr (line, '='); + if (p == NULL) + continue; + + library = ++p; + + p = strchr (line, '\n'); + if (p != NULL) + { + *p = 0; } - while (fgets(line, sizeof(line), fp) != NULL) { - if (strncmp(line, "load", sizeof("load") - 1) == 0) { - char *p; - p = strchr(line, '='); - if (p == NULL) - continue; - - library = ++p; - - p = strchr(line, '\n'); - if (p != NULL) { - *p = 0; - } - - ret = - gnutls_pkcs11_add_provider(library, - NULL); - if (ret < 0) { - gnutls_assert(); - _gnutls_debug_log - ("Cannot load provider: %s\n", - library); - continue; - } - } + ret = gnutls_pkcs11_add_provider (library, NULL); + if (ret < 0) + { + gnutls_assert (); + _gnutls_debug_log ("Cannot load provider: %s\n", library); + continue; } + } } + } - return 0; + return 0; } /** @@ -411,22 +435,25 @@ int gnutls_pkcs11_init(unsigned int flags, const char *configfile) * This function will deinitialize the PKCS 11 subsystem in gnutls. * **/ -void gnutls_pkcs11_deinit(void) +void +gnutls_pkcs11_deinit (void) { - int i; - - init--; - if (init > 0) - return; - if (init < 0) { - init = 0; - return; - } - - for (i = 0; i < active_providers; i++) { - pakchois_module_destroy(providers[i].module); - } - active_providers = 0; + int i; + + init--; + if (init > 0) + return; + if (init < 0) + { + init = 0; + return; + } + + for (i = 0; i < active_providers; i++) + { + pakchois_module_destroy (providers[i].module); + } + active_providers = 0; } /** @@ -457,11 +484,12 @@ void gnutls_pkcs11_deinit(void) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -void gnutls_pkcs11_set_pin_function(gnutls_pkcs11_pin_callback_t fn, - void *userdata) +void +gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, + void *userdata) { - pin_func = fn; - pin_data = userdata; + pin_func = fn; + pin_data = userdata; } /** @@ -475,356 +503,415 @@ void gnutls_pkcs11_set_pin_function(gnutls_pkcs11_pin_callback_t fn, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -void gnutls_pkcs11_set_token_function(gnutls_pkcs11_token_callback_t fn, - void *userdata) +void +gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, + void *userdata) { - token_func = fn; - token_data = userdata; + token_func = fn; + token_data = userdata; } -static int unescape_string(char *output, const char *input, size_t * size, - char terminator) +static int +unescape_string (char *output, const char *input, size_t * size, + char terminator) { - gnutls_buffer_st str; - int ret = 0; - char *p; - int len; - - _gnutls_buffer_init(&str); - - /* find terminator */ - p = strchr(input, terminator); - if (p != NULL) - len = p - input; - else - len = strlen(input); - - ret = _gnutls_buffer_append_data(&str, input, len); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = _gnutls_buffer_unescape(&str); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = _gnutls_buffer_append_data(&str, "", 1); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - _gnutls_buffer_pop_data(&str, output, size); - - _gnutls_buffer_clear(&str); - - return ret; + gnutls_buffer_st str; + int ret = 0; + char *p; + int len; + + _gnutls_buffer_init (&str); + + /* find terminator */ + p = strchr (input, terminator); + if (p != NULL) + len = p - input; + else + len = strlen (input); + + ret = _gnutls_buffer_append_data (&str, input, len); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = _gnutls_buffer_unescape (&str); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = _gnutls_buffer_append_data (&str, "", 1); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + _gnutls_buffer_pop_data (&str, output, size); + + _gnutls_buffer_clear (&str); + + return ret; } -int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info) +int +pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) { - int ret; - char *p1, *p2; - size_t l; + int ret; + char *p1, *p2; + size_t l; - memset(info, 0, sizeof(*info)); + memset (info, 0, sizeof (*info)); - if (strstr(url, "pkcs11:") == NULL) { - ret = GNUTLS_E_PARSING_ERROR; - goto cleanup; - } + if (strstr (url, "pkcs11:") == NULL) + { + ret = GNUTLS_E_PARSING_ERROR; + goto cleanup; + } - if ((p1 = strstr(url, "library-manufacturer=")) != NULL) { - p1 += sizeof("library-manufacturer=") - 1; - l = sizeof(info->lib_manufacturer); + if ((p1 = strstr (url, "library-manufacturer=")) != NULL) + { + p1 += sizeof ("library-manufacturer=") - 1; + l = sizeof (info->lib_manufacturer); - ret = unescape_string(info->lib_manufacturer, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->lib_manufacturer, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, "library-description=")) != NULL) { - p1 += sizeof("library-description=") - 1; - l = sizeof(info->lib_desc); + if ((p1 = strstr (url, "library-description=")) != NULL) + { + p1 += sizeof ("library-description=") - 1; + l = sizeof (info->lib_desc); - ret = unescape_string(info->lib_desc, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->lib_desc, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, "library-version=")) != NULL) { - p1 += sizeof("library-version=") - 1; - l = sizeof(info->lib_version); + if ((p1 = strstr (url, "library-version=")) != NULL) + { + p1 += sizeof ("library-version=") - 1; + l = sizeof (info->lib_version); - ret = unescape_string(info->lib_version, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->lib_version, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, ";manufacturer=")) != NULL || - (p1 = strstr(url, ":manufacturer=")) != NULL) { + if ((p1 = strstr (url, ";manufacturer=")) != NULL || + (p1 = strstr (url, ":manufacturer=")) != NULL) + { - p1 += sizeof(";manufacturer=") - 1; - l = sizeof(info->manufacturer); + p1 += sizeof (";manufacturer=") - 1; + l = sizeof (info->manufacturer); - ret = unescape_string(info->manufacturer, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->manufacturer, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, "token=")) != NULL) { - p1 += sizeof("token=") - 1; - l = sizeof(info->token); + if ((p1 = strstr (url, "token=")) != NULL) + { + p1 += sizeof ("token=") - 1; + l = sizeof (info->token); - ret = unescape_string(info->token, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->token, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, "object=")) != NULL) { - p1 += sizeof("object=") - 1; - l = sizeof(info->label); + if ((p1 = strstr (url, "object=")) != NULL) + { + p1 += sizeof ("object=") - 1; + l = sizeof (info->label); - ret = unescape_string(info->label, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->label, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, "serial=")) != NULL) { - p1 += sizeof("serial=") - 1; - l = sizeof(info->serial); + if ((p1 = strstr (url, "serial=")) != NULL) + { + p1 += sizeof ("serial=") - 1; + l = sizeof (info->serial); - ret = unescape_string(info->serial, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->serial, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, "model=")) != NULL) { - p1 += sizeof("model=") - 1; - l = sizeof(info->model); + if ((p1 = strstr (url, "model=")) != NULL) + { + p1 += sizeof ("model=") - 1; + l = sizeof (info->model); - ret = unescape_string(info->model, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->model, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if ((p1 = strstr(url, "objecttype=")) != NULL) { - p1 += sizeof("objecttype=") - 1; - l = sizeof(info->model); + if ((p1 = strstr (url, "objecttype=")) != NULL) + { + p1 += sizeof ("objecttype=") - 1; + l = sizeof (info->model); - ret = unescape_string(info->type, p1, &l, ';'); - if (ret < 0) { - goto cleanup; - } + ret = unescape_string (info->type, p1, &l, ';'); + if (ret < 0) + { + goto cleanup; } + } - if (((p1 = strstr(url, ";id=")) != NULL) - || ((p1 = strstr(url, ":id=")) != NULL)) { - p1 += sizeof(";id=") - 1; - - if ((p2 = strchr(p1, ';')) == NULL) { - l = strlen(p1); - } else { - l = p2 - p1; - } - - if (l > sizeof(info->id) - 1) { - gnutls_assert(); - ret = GNUTLS_E_PARSING_ERROR; - } + if (((p1 = strstr (url, ";id=")) != NULL) + || ((p1 = strstr (url, ":id=")) != NULL)) + { + p1 += sizeof (";id=") - 1; - memcpy(info->id, p1, l); - info->id[l] = 0; - - /* convert to raw */ - info->certid_raw_size = sizeof(info->certid_raw); - ret = - _gnutls_hex2bin(info->id, strlen(info->id), - info->certid_raw, - &info->certid_raw_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + if ((p2 = strchr (p1, ';')) == NULL) + { + l = strlen (p1); } - - ret = 0; - - cleanup: - - return ret; - -} - -#define INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|:;,.+-" - -static int append(gnutls_buffer_st * dest, const char *tname, - const char *p11name, int init) -{ - gnutls_buffer_st tmpstr; - int ret; - - _gnutls_buffer_init(&tmpstr); - if ((ret = _gnutls_buffer_append_str(&tmpstr, tname)) < 0) { - gnutls_assert(); - goto cleanup; + else + { + l = p2 - p1; } - ret = _gnutls_buffer_escape(&tmpstr, INVALID_CHARS); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + if (l > sizeof (info->id) - 1) + { + gnutls_assert (); + ret = GNUTLS_E_PARSING_ERROR; } - if ((ret = _gnutls_buffer_append_data(&tmpstr, "", 1)) < 0) { - gnutls_assert(); - goto cleanup; - } + memcpy (info->id, p1, l); + info->id[l] = 0; - if ((ret = - _gnutls_buffer_append_printf(dest, "%s%s=%s", - (init != 0) ? ";" : "", p11name, - tmpstr.data)) < 0) { - gnutls_assert(); - goto cleanup; + /* convert to raw */ + info->certid_raw_size = sizeof (info->certid_raw); + ret = + _gnutls_hex2bin (info->id, strlen (info->id), + info->certid_raw, &info->certid_raw_size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } + } - ret = 0; + ret = 0; - cleanup: - _gnutls_buffer_clear(&tmpstr); +cleanup: - return ret; + return ret; } +#define INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|:;,.+-" -int pkcs11_info_to_url(const struct pkcs11_url_info *info, gnutls_pkcs11_url_type_t detailed, char **url) +static int +append (gnutls_buffer_st * dest, const char *tname, + const char *p11name, int init) { - gnutls_buffer_st str; - int init = 0; - int ret; - - _gnutls_buffer_init(&str); - - _gnutls_buffer_append_str(&str, "pkcs11:"); - - if (info->token[0]) { - ret = append(&str, info->token, "token", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - - if (info->serial[0]) { - ret = append(&str, info->serial, "serial", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - - if (info->model[0]) { - ret = append(&str, info->model, "model", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - - - if (info->manufacturer[0]) { - ret = - append(&str, info->manufacturer, "manufacturer", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - - if (info->label[0]) { - ret = append(&str, info->label, "object", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } + gnutls_buffer_st tmpstr; + int ret; + + _gnutls_buffer_init (&tmpstr); + if ((ret = _gnutls_buffer_append_str (&tmpstr, tname)) < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = _gnutls_buffer_escape (&tmpstr, INVALID_CHARS); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + if ((ret = _gnutls_buffer_append_data (&tmpstr, "", 1)) < 0) + { + gnutls_assert (); + goto cleanup; + } + + if ((ret = + _gnutls_buffer_append_printf (dest, "%s%s=%s", + (init != 0) ? ";" : "", p11name, + tmpstr.data)) < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = 0; - if (info->type[0]) { - ret = append(&str, info->type, "objecttype", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - - if (detailed > GNUTLS_PKCS11_URL_GENERIC) { - if (info->lib_manufacturer[0]) { - ret = append(&str, info->lib_manufacturer, "library-manufacturer", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - - if (info->lib_desc[0]) { - ret = append(&str, info->lib_desc, "library-description", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - } - - if (detailed > GNUTLS_PKCS11_URL_LIB) { - if (info->lib_version[0]) { - ret = append(&str, info->lib_version, "library-version", init); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - init = 1; - } - } +cleanup: + _gnutls_buffer_clear (&tmpstr); - if (info->id[0] != 0) { - ret = - _gnutls_buffer_append_printf(&str, ";id=%s", info->id); - if (ret < 0) { - gnutls_assert(); - return ret; - } - } + return ret; - _gnutls_buffer_append_data(&str, "", 1); +} - *url = str.data; - return 0; +int +pkcs11_info_to_url (const struct pkcs11_url_info *info, + gnutls_pkcs11_url_type_t detailed, char **url) +{ + gnutls_buffer_st str; + int init = 0; + int ret; + + _gnutls_buffer_init (&str); + + _gnutls_buffer_append_str (&str, "pkcs11:"); + + if (info->token[0]) + { + ret = append (&str, info->token, "token", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + + if (info->serial[0]) + { + ret = append (&str, info->serial, "serial", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + + if (info->model[0]) + { + ret = append (&str, info->model, "model", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + + + if (info->manufacturer[0]) + { + ret = append (&str, info->manufacturer, "manufacturer", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + + if (info->label[0]) + { + ret = append (&str, info->label, "object", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + + if (info->type[0]) + { + ret = append (&str, info->type, "objecttype", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + + if (detailed > GNUTLS_PKCS11_URL_GENERIC) + { + if (info->lib_manufacturer[0]) + { + ret = + append (&str, info->lib_manufacturer, "library-manufacturer", + init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + + if (info->lib_desc[0]) + { + ret = append (&str, info->lib_desc, "library-description", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + } + + if (detailed > GNUTLS_PKCS11_URL_LIB) + { + if (info->lib_version[0]) + { + ret = append (&str, info->lib_version, "library-version", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } + } + + if (info->id[0] != 0) + { + ret = _gnutls_buffer_append_printf (&str, ";id=%s", info->id); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } + + _gnutls_buffer_append_data (&str, "", 1); + + *url = str.data; + + return 0; - cleanup: - _gnutls_buffer_clear(&str); - return ret; +cleanup: + _gnutls_buffer_clear (&str); + return ret; } /** @@ -836,15 +923,17 @@ int pkcs11_info_to_url(const struct pkcs11_url_info *info, gnutls_pkcs11_url_typ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * crt) +int +gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * crt) { - *crt = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_obj_st)); - if (*crt == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; + *crt = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_obj_st)); + if (*crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + return 0; } /** @@ -853,10 +942,11 @@ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * crt) * * This function will deinitialize a certificate structure. **/ -void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t crt) +void +gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t crt) { - _gnutls_free_datum(&crt->raw); - free(crt); + _gnutls_free_datum (&crt->raw); + free (crt); } /** @@ -881,737 +971,798 @@ void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t crt) * returned, and 0 on success. **/ int -gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj, - void *output_data, size_t * output_data_size) +gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj, + void *output_data, size_t * output_data_size) { - if (obj == NULL || obj->raw.data == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (output_data == NULL || *output_data_size < obj->raw.size) { - *output_data_size = obj->raw.size; - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - *output_data_size = obj->raw.size; - - memcpy(output_data, obj->raw.data, obj->raw.size); - return 0; + if (obj == NULL || obj->raw.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (output_data == NULL || *output_data_size < obj->raw.size) + { + *output_data_size = obj->raw.size; + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + *output_data_size = obj->raw.size; + + memcpy (output_data, obj->raw.data, obj->raw.size); + return 0; } -static void terminate_string(unsigned char *str, size_t len) +static void +terminate_string (unsigned char *str, size_t len) { - unsigned char *ptr = str + len - 1; + unsigned char *ptr = str + len - 1; - while ((*ptr == ' ' || *ptr == '\t' || *ptr == '\0') && ptr >= str) - ptr--; + while ((*ptr == ' ' || *ptr == '\t' || *ptr == '\0') && ptr >= str) + ptr--; - if (ptr == str - 1) - str[0] = '\0'; - else if (ptr == str + len - 1) - str[len - 1] = '\0'; - else - ptr[1] = '\0'; + if (ptr == str - 1) + str[0] = '\0'; + else if (ptr == str + len - 1) + str[len - 1] = '\0'; + else + ptr[1] = '\0'; } -int pkcs11_find_object(pakchois_session_t ** _pks, - ck_object_handle_t * _obj, - struct pkcs11_url_info *info, unsigned int flags) +int +pkcs11_find_object (pakchois_session_t ** _pks, + ck_object_handle_t * _obj, + struct pkcs11_url_info *info, unsigned int flags) { - int ret; - pakchois_session_t *pks; - ck_object_handle_t obj; - ck_object_class_t class; - struct ck_attribute a[4]; - int a_vals = 0; - unsigned long count; - ck_rv_t rv; - - class = pkcs11_strtype_to_class(info->type); - if (class == -1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = pkcs11_open_session(&pks, info, flags & SESSION_LOGIN); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - a[a_vals].type = CKA_CLASS; - a[a_vals].value = &class; - a[a_vals].value_len = sizeof class; - a_vals++; - - if (info->certid_raw_size > 0) { - a[a_vals].type = CKA_ID; - a[a_vals].value = info->certid_raw; - a[a_vals].value_len = info->certid_raw_size; - a_vals++; - } - - rv = pakchois_find_objects_init(pks, a, a_vals); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pk11: FindObjectsInit failed.\n"); - ret = pkcs11_rv_to_err(rv); - goto fail; - } - - if (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - *_obj = obj; - *_pks = pks; - pakchois_find_objects_final(pks); - return 0; - - } - - pakchois_find_objects_final(pks); - fail: - pakchois_close_session(pks); - - return ret; + int ret; + pakchois_session_t *pks; + ck_object_handle_t obj; + ck_object_class_t class; + struct ck_attribute a[4]; + int a_vals = 0; + unsigned long count; + ck_rv_t rv; + + class = pkcs11_strtype_to_class (info->type); + if (class == -1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = pkcs11_open_session (&pks, info, flags & SESSION_LOGIN); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + a[a_vals].type = CKA_CLASS; + a[a_vals].value = &class; + a[a_vals].value_len = sizeof class; + a_vals++; + + if (info->certid_raw_size > 0) + { + a[a_vals].type = CKA_ID; + a[a_vals].value = info->certid_raw; + a[a_vals].value_len = info->certid_raw_size; + a_vals++; + } + + rv = pakchois_find_objects_init (pks, a, a_vals); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: FindObjectsInit failed.\n"); + ret = pkcs11_rv_to_err (rv); + goto fail; + } + + if (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1) + { + *_obj = obj; + *_pks = pks; + pakchois_find_objects_final (pks); + return 0; + + } + + pakchois_find_objects_final (pks); +fail: + pakchois_close_session (pks); + + return ret; } -static void fix_strings(struct token_info *info) +static void +fix_strings (struct token_info *info) { - terminate_string(info->tinfo.manufacturer_id, - sizeof info-> - tinfo.manufacturer_id); - terminate_string(info->tinfo.label, - sizeof info->tinfo.label); - terminate_string(info->tinfo.model, - sizeof info->tinfo.model); - terminate_string(info->tinfo.serial_number, - sizeof info->tinfo.serial_number); - terminate_string(info->sinfo.slot_description, - sizeof info->sinfo.slot_description); + terminate_string (info->tinfo.manufacturer_id, + sizeof info->tinfo.manufacturer_id); + terminate_string (info->tinfo.label, sizeof info->tinfo.label); + terminate_string (info->tinfo.model, sizeof info->tinfo.model); + terminate_string (info->tinfo.serial_number, + sizeof info->tinfo.serial_number); + terminate_string (info->sinfo.slot_description, + sizeof info->sinfo.slot_description); } -int pkcs11_open_session(pakchois_session_t ** _pks, - struct pkcs11_url_info *info, unsigned int flags) +int +pkcs11_open_session (pakchois_session_t ** _pks, + struct pkcs11_url_info *info, unsigned int flags) { - ck_rv_t rv; - int x, z, ret; - pakchois_session_t *pks = NULL; - - for (x = 0; x < active_providers; x++) { - for (z = 0; z < providers[x].nslots; z++) { - struct token_info tinfo; - - rv = pakchois_open_session(providers[x].module, - providers[x].slots[z], - ((flags & SESSION_WRITE) - ? CKF_RW_SESSION : 0) | - CKF_SERIAL_SESSION, - NULL, NULL, &pks); - if (rv != CKR_OK) { - continue; - } - - if (pakchois_get_token_info - (providers[x].module, providers[x].slots[z], - &tinfo.tinfo) != CKR_OK) { - goto next; - } - tinfo.sid = providers[x].slots[z]; - tinfo.prov = &providers[x]; - - if (pakchois_get_slot_info - (providers[x].module, providers[x].slots[z], - &tinfo.sinfo) != CKR_OK) { - goto next; - } - - /* XXX make wrapper for token_info? */ - fix_strings(&tinfo); - - if (pkcs11_token_matches_info(info, &tinfo.tinfo, - &providers[x].info) < - 0) { - goto next; - } - - if (flags & SESSION_LOGIN) { - ret = pkcs11_login(pks, &tinfo); - if (ret < 0) { - gnutls_assert(); - pakchois_close_session(pks); - return ret; - } - } - - /* ok found */ - *_pks = pks; - return 0; - - next: - pakchois_close_session(pks); + ck_rv_t rv; + int x, z, ret; + pakchois_session_t *pks = NULL; + + for (x = 0; x < active_providers; x++) + { + for (z = 0; z < providers[x].nslots; z++) + { + struct token_info tinfo; + + rv = pakchois_open_session (providers[x].module, + providers[x].slots[z], + ((flags & SESSION_WRITE) + ? CKF_RW_SESSION : 0) | + CKF_SERIAL_SESSION, NULL, NULL, &pks); + if (rv != CKR_OK) + { + continue; + } + + if (pakchois_get_token_info + (providers[x].module, providers[x].slots[z], + &tinfo.tinfo) != CKR_OK) + { + goto next; + } + tinfo.sid = providers[x].slots[z]; + tinfo.prov = &providers[x]; + + if (pakchois_get_slot_info + (providers[x].module, providers[x].slots[z], + &tinfo.sinfo) != CKR_OK) + { + goto next; + } + + /* XXX make wrapper for token_info? */ + fix_strings (&tinfo); + + if (pkcs11_token_matches_info (info, &tinfo.tinfo, + &providers[x].info) < 0) + { + goto next; + } + + if (flags & SESSION_LOGIN) + { + ret = pkcs11_login (pks, &tinfo); + if (ret < 0) + { + gnutls_assert (); + pakchois_close_session (pks); + return ret; } + } + + /* ok found */ + *_pks = pks; + return 0; + + next: + pakchois_close_session (pks); } + } - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } -int _pkcs11_traverse_tokens(find_func_t find_func, void *input, - unsigned int flags) +int +_pkcs11_traverse_tokens (find_func_t find_func, void *input, + unsigned int flags) { - ck_rv_t rv; - int found = 0, x, z, ret; - pakchois_session_t *pks = NULL; - - for (x = 0; x < active_providers; x++) { - for (z = 0; z < providers[x].nslots; z++) { - struct token_info info; - - ret = GNUTLS_E_PKCS11_ERROR; - - rv = pakchois_open_session(providers[x].module, - providers[x].slots[z], - ((flags & SESSION_WRITE) - ? CKF_RW_SESSION : 0) | - CKF_SERIAL_SESSION, - NULL, NULL, &pks); - if (rv != CKR_OK) { - continue; - } - - if (pakchois_get_token_info - (providers[x].module, providers[x].slots[z], - &info.tinfo) != CKR_OK) { - goto next; - } - info.sid = providers[x].slots[z]; - info.prov = &providers[x]; - - if (pakchois_get_slot_info - (providers[x].module, providers[x].slots[z], - &info.sinfo) != CKR_OK) { - goto next; - } - - /* XXX make wrapper for token_info? */ - fix_strings(&info); - - if (flags & SESSION_LOGIN) { - ret = pkcs11_login(pks, &info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - } - - ret = find_func(pks, &info, &providers[x].info, input); - - next: - - if (ret == 0) { - found = 1; - goto finish; - } else { - pakchois_close_session(pks); - pks = NULL; - } + ck_rv_t rv; + int found = 0, x, z, ret; + pakchois_session_t *pks = NULL; + + for (x = 0; x < active_providers; x++) + { + for (z = 0; z < providers[x].nslots; z++) + { + struct token_info info; + + ret = GNUTLS_E_PKCS11_ERROR; + + rv = pakchois_open_session (providers[x].module, + providers[x].slots[z], + ((flags & SESSION_WRITE) + ? CKF_RW_SESSION : 0) | + CKF_SERIAL_SESSION, NULL, NULL, &pks); + if (rv != CKR_OK) + { + continue; + } + + if (pakchois_get_token_info + (providers[x].module, providers[x].slots[z], + &info.tinfo) != CKR_OK) + { + goto next; + } + info.sid = providers[x].slots[z]; + info.prov = &providers[x]; + + if (pakchois_get_slot_info + (providers[x].module, providers[x].slots[z], + &info.sinfo) != CKR_OK) + { + goto next; + } + + /* XXX make wrapper for token_info? */ + fix_strings (&info); + + if (flags & SESSION_LOGIN) + { + ret = pkcs11_login (pks, &info); + if (ret < 0) + { + gnutls_assert (); + return ret; } - } - - finish: - /* final call */ - - if (found == 0) { - ret = find_func(pks, NULL, NULL, input); - } else { - ret = 0; - } - - if (pks != NULL) { - pakchois_close_session(pks); - } - - return ret; + } + + ret = find_func (pks, &info, &providers[x].info, input); + + next: + + if (ret == 0) + { + found = 1; + goto finish; + } + else + { + pakchois_close_session (pks); + pks = NULL; + } + } + } + +finish: + /* final call */ + + if (found == 0) + { + ret = find_func (pks, NULL, NULL, input); + } + else + { + ret = 0; + } + + if (pks != NULL) + { + pakchois_close_session (pks); + } + + return ret; } -static const char *pkcs11_obj_type_to_str(gnutls_pkcs11_obj_type_t type) +static const char * +pkcs11_obj_type_to_str (gnutls_pkcs11_obj_type_t type) { - switch (type) { - case GNUTLS_PKCS11_OBJ_X509_CRT: - return "cert"; - case GNUTLS_PKCS11_OBJ_PUBKEY: - return "public"; - case GNUTLS_PKCS11_OBJ_PRIVKEY: - return "private"; - case GNUTLS_PKCS11_OBJ_SECRET_KEY: - return "secretkey"; - case GNUTLS_PKCS11_OBJ_DATA: - return "data"; - case GNUTLS_PKCS11_OBJ_UNKNOWN: - default: - return "unknown"; - } + switch (type) + { + case GNUTLS_PKCS11_OBJ_X509_CRT: + return "cert"; + case GNUTLS_PKCS11_OBJ_PUBKEY: + return "public"; + case GNUTLS_PKCS11_OBJ_PRIVKEY: + return "private"; + case GNUTLS_PKCS11_OBJ_SECRET_KEY: + return "secretkey"; + case GNUTLS_PKCS11_OBJ_DATA: + return "data"; + case GNUTLS_PKCS11_OBJ_UNKNOWN: + default: + return "unknown"; + } } /* imports a raw certificate from a token to a pkcs11_obj_t structure. */ -static int pkcs11_obj_import(unsigned int class, gnutls_pkcs11_obj_t obj, - const gnutls_datum_t * data, - const gnutls_datum_t * id, - const gnutls_datum_t * label, - struct ck_token_info *tinfo, - struct ck_info *lib_info) +static int +pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj, + const gnutls_datum_t * data, + const gnutls_datum_t * id, + const gnutls_datum_t * label, + struct ck_token_info *tinfo, struct ck_info *lib_info) { - char *s; - int ret; - - switch (class) { - case CKO_CERTIFICATE: - obj->type = GNUTLS_PKCS11_OBJ_X509_CRT; - break; - case CKO_PUBLIC_KEY: - obj->type = GNUTLS_PKCS11_OBJ_PUBKEY; - break; - case CKO_PRIVATE_KEY: - obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY; - break; - case CKO_SECRET_KEY: - obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY; - break; - case CKO_DATA: - obj->type = GNUTLS_PKCS11_OBJ_DATA; - break; - default: - obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN; - } - - if (obj->type != GNUTLS_PKCS11_OBJ_UNKNOWN) - strcpy(obj->info.type, pkcs11_obj_type_to_str(obj->type)); - - if (data && data->data) { - ret = _gnutls_set_datum(&obj->raw, data->data, data->size); - if (ret < 0) { - gnutls_assert(); - return ret; - } - } - - terminate_string(tinfo->manufacturer_id, - sizeof tinfo->manufacturer_id); - terminate_string(tinfo->label, sizeof tinfo->label); - terminate_string(tinfo->model, sizeof tinfo->model); - terminate_string(tinfo->serial_number, - sizeof tinfo->serial_number); - - /* write data */ - snprintf(obj->info.manufacturer, sizeof(obj->info.manufacturer), - "%s", tinfo->manufacturer_id); - snprintf(obj->info.token, sizeof(obj->info.token), "%s", - tinfo->label); - snprintf(obj->info.model, sizeof(obj->info.model), "%s", - tinfo->model); - snprintf(obj->info.serial, sizeof(obj->info.serial), "%s", - tinfo->serial_number); - - snprintf(obj->info.lib_manufacturer, sizeof(obj->info.lib_manufacturer), "%s", - lib_info->manufacturer_id); - snprintf(obj->info.lib_desc, sizeof(obj->info.lib_desc), "%s", - lib_info->library_description); - snprintf(obj->info.lib_version, sizeof(obj->info.lib_version), - "%u.%u", (unsigned int)lib_info->library_version.major, - (unsigned int)lib_info->library_version.minor); - - - - if (label && label->data) { - memcpy(obj->info.label, label->data, label->size); - obj->info.label[label->size] = 0; - } - - if (id && id->data) { - s = _gnutls_bin2hex(id->data, id->size, obj->info.id, - sizeof(obj->info.id), ":"); - if (s == NULL) { - gnutls_assert(); - return GNUTLS_E_PKCS11_ERROR; - } - - memmove(obj->info.certid_raw, id->data, id->size); - obj->info.certid_raw_size = id->size; - } - - return 0; + char *s; + int ret; + + switch (class) + { + case CKO_CERTIFICATE: + obj->type = GNUTLS_PKCS11_OBJ_X509_CRT; + break; + case CKO_PUBLIC_KEY: + obj->type = GNUTLS_PKCS11_OBJ_PUBKEY; + break; + case CKO_PRIVATE_KEY: + obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY; + break; + case CKO_SECRET_KEY: + obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY; + break; + case CKO_DATA: + obj->type = GNUTLS_PKCS11_OBJ_DATA; + break; + default: + obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN; + } + + if (obj->type != GNUTLS_PKCS11_OBJ_UNKNOWN) + strcpy (obj->info.type, pkcs11_obj_type_to_str (obj->type)); + + if (data && data->data) + { + ret = _gnutls_set_datum (&obj->raw, data->data, data->size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } + + terminate_string (tinfo->manufacturer_id, sizeof tinfo->manufacturer_id); + terminate_string (tinfo->label, sizeof tinfo->label); + terminate_string (tinfo->model, sizeof tinfo->model); + terminate_string (tinfo->serial_number, sizeof tinfo->serial_number); + + /* write data */ + snprintf (obj->info.manufacturer, sizeof (obj->info.manufacturer), + "%s", tinfo->manufacturer_id); + snprintf (obj->info.token, sizeof (obj->info.token), "%s", tinfo->label); + snprintf (obj->info.model, sizeof (obj->info.model), "%s", tinfo->model); + snprintf (obj->info.serial, sizeof (obj->info.serial), "%s", + tinfo->serial_number); + + snprintf (obj->info.lib_manufacturer, sizeof (obj->info.lib_manufacturer), + "%s", lib_info->manufacturer_id); + snprintf (obj->info.lib_desc, sizeof (obj->info.lib_desc), "%s", + lib_info->library_description); + snprintf (obj->info.lib_version, sizeof (obj->info.lib_version), "%u.%u", + (unsigned int) lib_info->library_version.major, + (unsigned int) lib_info->library_version.minor); + + + + if (label && label->data) + { + memcpy (obj->info.label, label->data, label->size); + obj->info.label[label->size] = 0; + } + + if (id && id->data) + { + s = _gnutls_bin2hex (id->data, id->size, obj->info.id, + sizeof (obj->info.id), ":"); + if (s == NULL) + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } + + memmove (obj->info.certid_raw, id->data, id->size); + obj->info.certid_raw_size = id->size; + } + + return 0; } -static int pkcs11_obj_import_pubkey(pakchois_session_t * pks, - ck_object_handle_t obj, - gnutls_pkcs11_obj_t crt, - const gnutls_datum_t * id, - const gnutls_datum_t * label, - struct ck_token_info *tinfo, - struct ck_info* lib_info) +static int +pkcs11_obj_import_pubkey (pakchois_session_t * pks, + ck_object_handle_t obj, + gnutls_pkcs11_obj_t crt, + const gnutls_datum_t * id, + const gnutls_datum_t * label, + struct ck_token_info *tinfo, + struct ck_info *lib_info) { - struct ck_attribute a[4]; - ck_key_type_t key_type; - opaque tmp1[2048]; - opaque tmp2[2048]; - int ret; - unsigned int tval; - - a[0].type = CKA_KEY_TYPE; - a[0].value = &key_type; - a[0].value_len = sizeof(key_type); - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - switch (key_type) { - case CKK_RSA: - a[0].type = CKA_MODULUS; - a[0].value = tmp1; - a[0].value_len = sizeof(tmp1); - a[1].type = CKA_PUBLIC_EXPONENT; - a[1].value = tmp2; - a[1].value_len = sizeof(tmp2); - - if (pakchois_get_attribute_value(pks, obj, a, 2) == - CKR_OK) { - - ret = - _gnutls_set_datum(&crt->pubkey[0], - a[0].value, - a[0].value_len); - - if (ret >= 0) - ret = - _gnutls_set_datum(&crt->pubkey - [1], - a[1].value, - a - [1].value_len); - - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(&crt->pubkey - [1]); - _gnutls_free_datum(&crt->pubkey - [0]); - return GNUTLS_E_MEMORY_ERROR; - } - } else { - gnutls_assert(); - return GNUTLS_E_PKCS11_ERROR; - } - crt->pk_algorithm = GNUTLS_PK_RSA; - break; - case CKK_DSA: - a[0].type = CKA_PRIME; - a[0].value = tmp1; - a[0].value_len = sizeof(tmp1); - a[1].type = CKA_SUBPRIME; - a[1].value = tmp2; - a[1].value_len = sizeof(tmp2); - - if (pakchois_get_attribute_value(pks, obj, a, 2) == - CKR_OK) { - ret = - _gnutls_set_datum(&crt->pubkey[0], - a[0].value, - a[0].value_len); - - if (ret >= 0) - ret = - _gnutls_set_datum(&crt->pubkey - [1], - a[1].value, - a - [1].value_len); - - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(&crt->pubkey - [1]); - _gnutls_free_datum(&crt->pubkey - [0]); - return GNUTLS_E_MEMORY_ERROR; - } - } else { - gnutls_assert(); - return GNUTLS_E_PKCS11_ERROR; - } - - a[0].type = CKA_BASE; - a[0].value = tmp1; - a[0].value_len = sizeof(tmp1); - a[1].type = CKA_VALUE; - a[1].value = tmp2; - a[1].value_len = sizeof(tmp2); - - if (pakchois_get_attribute_value(pks, obj, a, 2) == - CKR_OK) { - ret = - _gnutls_set_datum(&crt->pubkey[2], - a[0].value, - a[0].value_len); - - if (ret >= 0) - ret = - _gnutls_set_datum(&crt->pubkey - [3], - a[1].value, - a - [1].value_len); - - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(&crt->pubkey - [0]); - _gnutls_free_datum(&crt->pubkey - [1]); - _gnutls_free_datum(&crt->pubkey - [2]); - _gnutls_free_datum(&crt->pubkey - [3]); - return GNUTLS_E_MEMORY_ERROR; - } - } else { - gnutls_assert(); - return GNUTLS_E_PKCS11_ERROR; - } - crt->pk_algorithm = GNUTLS_PK_RSA; - break; - default: - gnutls_assert(); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - } - - /* read key usage flags */ - a[0].type = CKA_ENCRYPT; - a[0].value = &tval; - a[0].value_len = sizeof(tval); - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - if (tval != 0) { - crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT; - } - } - - a[0].type = CKA_VERIFY; - a[0].value = &tval; - a[0].value_len = sizeof(tval); - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - if (tval != 0) { - crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | - GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN - | GNUTLS_KEY_NON_REPUDIATION; - } - } - - a[0].type = CKA_VERIFY_RECOVER; - a[0].value = &tval; - a[0].value_len = sizeof(tval); - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - if (tval != 0) { - crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | - GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN - | GNUTLS_KEY_NON_REPUDIATION; + struct ck_attribute a[4]; + ck_key_type_t key_type; + opaque tmp1[2048]; + opaque tmp2[2048]; + int ret; + unsigned int tval; + + a[0].type = CKA_KEY_TYPE; + a[0].value = &key_type; + a[0].value_len = sizeof (key_type); + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + switch (key_type) + { + case CKK_RSA: + a[0].type = CKA_MODULUS; + a[0].value = tmp1; + a[0].value_len = sizeof (tmp1); + a[1].type = CKA_PUBLIC_EXPONENT; + a[1].value = tmp2; + a[1].value_len = sizeof (tmp2); + + if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) + { + + ret = + _gnutls_set_datum (&crt->pubkey[0], + a[0].value, a[0].value_len); + + if (ret >= 0) + ret = + _gnutls_set_datum (&crt->pubkey + [1], a[1].value, a[1].value_len); + + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (&crt->pubkey[1]); + _gnutls_free_datum (&crt->pubkey[0]); + return GNUTLS_E_MEMORY_ERROR; } - } - - a[0].type = CKA_DERIVE; - a[0].value = &tval; - a[0].value_len = sizeof(tval); - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - if (tval != 0) { - crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT; + } + else + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } + crt->pk_algorithm = GNUTLS_PK_RSA; + break; + case CKK_DSA: + a[0].type = CKA_PRIME; + a[0].value = tmp1; + a[0].value_len = sizeof (tmp1); + a[1].type = CKA_SUBPRIME; + a[1].value = tmp2; + a[1].value_len = sizeof (tmp2); + + if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) + { + ret = + _gnutls_set_datum (&crt->pubkey[0], + a[0].value, a[0].value_len); + + if (ret >= 0) + ret = + _gnutls_set_datum (&crt->pubkey + [1], a[1].value, a[1].value_len); + + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (&crt->pubkey[1]); + _gnutls_free_datum (&crt->pubkey[0]); + return GNUTLS_E_MEMORY_ERROR; } - } - - a[0].type = CKA_WRAP; - a[0].value = &tval; - a[0].value_len = sizeof(tval); - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - if (tval != 0) { - crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; + } + else + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } + + a[0].type = CKA_BASE; + a[0].value = tmp1; + a[0].value_len = sizeof (tmp1); + a[1].type = CKA_VALUE; + a[1].value = tmp2; + a[1].value_len = sizeof (tmp2); + + if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) + { + ret = + _gnutls_set_datum (&crt->pubkey[2], + a[0].value, a[0].value_len); + + if (ret >= 0) + ret = + _gnutls_set_datum (&crt->pubkey + [3], a[1].value, a[1].value_len); + + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (&crt->pubkey[0]); + _gnutls_free_datum (&crt->pubkey[1]); + _gnutls_free_datum (&crt->pubkey[2]); + _gnutls_free_datum (&crt->pubkey[3]); + return GNUTLS_E_MEMORY_ERROR; } - } - - return pkcs11_obj_import(CKO_PUBLIC_KEY, crt, NULL, id, label, - tinfo, lib_info); + } + else + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } + crt->pk_algorithm = GNUTLS_PK_RSA; + break; + default: + gnutls_assert (); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; + } + } + + /* read key usage flags */ + a[0].type = CKA_ENCRYPT; + a[0].value = &tval; + a[0].value_len = sizeof (tval); + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + if (tval != 0) + { + crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT; + } + } + + a[0].type = CKA_VERIFY; + a[0].value = &tval; + a[0].value_len = sizeof (tval); + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + if (tval != 0) + { + crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN + | GNUTLS_KEY_NON_REPUDIATION; + } + } + + a[0].type = CKA_VERIFY_RECOVER; + a[0].value = &tval; + a[0].value_len = sizeof (tval); + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + if (tval != 0) + { + crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN + | GNUTLS_KEY_NON_REPUDIATION; + } + } + + a[0].type = CKA_DERIVE; + a[0].value = &tval; + a[0].value_len = sizeof (tval); + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + if (tval != 0) + { + crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT; + } + } + + a[0].type = CKA_WRAP; + a[0].value = &tval; + a[0].value_len = sizeof (tval); + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + if (tval != 0) + { + crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; + } + } + + return pkcs11_obj_import (CKO_PUBLIC_KEY, crt, NULL, id, label, + tinfo, lib_info); } -ck_object_class_t pkcs11_strtype_to_class(const char *type) +ck_object_class_t +pkcs11_strtype_to_class (const char *type) { - ck_object_class_t class; - - if (strcmp(type, "cert") == 0) { - class = CKO_CERTIFICATE; - } else if (strcmp(type, "public") == 0) { - class = CKO_PUBLIC_KEY; - } else if (strcmp(type, "private") == 0) { - class = CKO_PRIVATE_KEY; - } else if (strcmp(type, "secretkey") == 0) { - class = CKO_SECRET_KEY; - } else if (strcmp(type, "data") == 0) { - class = CKO_DATA; - } else { - class = -1; - } - - return class; + ck_object_class_t class; + + if (strcmp (type, "cert") == 0) + { + class = CKO_CERTIFICATE; + } + else if (strcmp (type, "public") == 0) + { + class = CKO_PUBLIC_KEY; + } + else if (strcmp (type, "private") == 0) + { + class = CKO_PRIVATE_KEY; + } + else if (strcmp (type, "secretkey") == 0) + { + class = CKO_SECRET_KEY; + } + else if (strcmp (type, "data") == 0) + { + class = CKO_DATA; + } + else + { + class = -1; + } + + return class; } -static int find_obj_url(pakchois_session_t * pks, struct token_info *info, - struct ck_info* lib_info, void *input) +static int +find_obj_url (pakchois_session_t * pks, struct token_info *info, + struct ck_info *lib_info, void *input) { - struct url_find_data_st *find_data = input; - struct ck_attribute a[4]; - ck_object_class_t class = -1; - ck_certificate_type_t type = -1; - ck_rv_t rv; - ck_object_handle_t obj; - unsigned long count, a_vals; - int found = 0, ret; - opaque *cert_data = NULL; - char label_tmp[PKCS11_LABEL_SIZE]; - - if (info == NULL) { /* we don't support multiple calls */ - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - /* do not bother reading the token if basic fields do not match - */ - if (pkcs11_token_matches_info(&find_data->crt->info, &info->tinfo, lib_info) - < 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + struct url_find_data_st *find_data = input; + struct ck_attribute a[4]; + ck_object_class_t class = -1; + ck_certificate_type_t type = -1; + ck_rv_t rv; + ck_object_handle_t obj; + unsigned long count, a_vals; + int found = 0, ret; + opaque *cert_data = NULL; + char label_tmp[PKCS11_LABEL_SIZE]; + + if (info == NULL) + { /* we don't support multiple calls */ + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + /* do not bother reading the token if basic fields do not match + */ + if (pkcs11_token_matches_info + (&find_data->crt->info, &info->tinfo, lib_info) < 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + if (find_data->crt->info.type[0] != 0) + { + class = pkcs11_strtype_to_class (find_data->crt->info.type); + if (class == CKO_CERTIFICATE) + type = CKC_X_509; + + if (class == -1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + } + + /* search the token for the id */ + + cert_data = gnutls_malloc (MAX_CERT_SIZE); + if (cert_data == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + /* Find objects with given class and type */ + + a[0].type = CKA_ID; + a[0].value = find_data->crt->info.certid_raw; + a[0].value_len = find_data->crt->info.certid_raw_size; + + a_vals = 1; + + if (class != -1) + { + a[a_vals].type = CKA_CLASS; + a[a_vals].value = &class; + a[a_vals].value_len = sizeof class; + a_vals++; + } + + if (type != -1) + { + a[a_vals].type = CKA_CERTIFICATE_TYPE; + a[a_vals].value = &type; + a[a_vals].value_len = sizeof type; + a_vals++; + } + + rv = pakchois_find_objects_init (pks, a, a_vals); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: FindObjectsInit failed.\n"); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1) + { + + a[0].type = CKA_VALUE; + a[0].value = cert_data; + a[0].value_len = MAX_CERT_SIZE; + a[1].type = CKA_LABEL; + a[1].value = label_tmp; + a[1].value_len = sizeof (label_tmp); + + if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) + { + gnutls_datum_t id = { find_data->crt->info.certid_raw, + find_data->crt->info.certid_raw_size + }; + gnutls_datum_t data = { a[0].value, a[0].value_len }; + gnutls_datum_t label = { a[1].value, a[1].value_len }; + + if (class == CKO_PUBLIC_KEY) + { + ret = + pkcs11_obj_import_pubkey (pks, obj, + find_data->crt, + &id, &label, + &info->tinfo, lib_info); + } + else + { + ret = + pkcs11_obj_import (class, + find_data->crt, + &data, &id, &label, + &info->tinfo, lib_info); + } + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + found = 1; + break; + } + else + { + _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n"); + } + } + + if (found == 0) + { + gnutls_assert (); + ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + else + { + ret = 0; + } - if (find_data->crt->info.type[0] != 0) { - class = pkcs11_strtype_to_class(find_data->crt->info.type); - if (class == CKO_CERTIFICATE) - type = CKC_X_509; - - if (class == -1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - } - - /* search the token for the id */ - - cert_data = gnutls_malloc(MAX_CERT_SIZE); - if (cert_data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - /* Find objects with given class and type */ - - a[0].type = CKA_ID; - a[0].value = find_data->crt->info.certid_raw; - a[0].value_len = find_data->crt->info.certid_raw_size; - - a_vals = 1; - - if (class != -1) { - a[a_vals].type = CKA_CLASS; - a[a_vals].value = &class; - a[a_vals].value_len = sizeof class; - a_vals++; - } - - if (type != -1) { - a[a_vals].type = CKA_CERTIFICATE_TYPE; - a[a_vals].value = &type; - a[a_vals].value_len = sizeof type; - a_vals++; - } - - rv = pakchois_find_objects_init(pks, a, a_vals); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pk11: FindObjectsInit failed.\n"); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - - a[0].type = CKA_VALUE; - a[0].value = cert_data; - a[0].value_len = MAX_CERT_SIZE; - a[1].type = CKA_LABEL; - a[1].value = label_tmp; - a[1].value_len = sizeof(label_tmp); - - if (pakchois_get_attribute_value(pks, obj, a, 2) == CKR_OK) { - gnutls_datum_t id = - { find_data->crt->info.certid_raw, - find_data->crt->info.certid_raw_size - }; - gnutls_datum_t data = - { a[0].value, a[0].value_len }; - gnutls_datum_t label = - { a[1].value, a[1].value_len }; - - if (class == CKO_PUBLIC_KEY) { - ret = - pkcs11_obj_import_pubkey(pks, obj, - find_data->crt, - &id, &label, - &info->tinfo, - lib_info); - } else { - ret = - pkcs11_obj_import(class, - find_data->crt, - &data, &id, &label, - &info->tinfo, lib_info); - } - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - found = 1; - break; - } else { - _gnutls_debug_log - ("pk11: Skipped cert, missing attrs.\n"); - } - } - - if (found == 0) { - gnutls_assert(); - ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } else { - ret = 0; - } - - cleanup: - gnutls_free(cert_data); - pakchois_find_objects_final(pks); +cleanup: + gnutls_free (cert_data); + pakchois_find_objects_final (pks); - return ret; + return ret; } -unsigned int pkcs11_obj_flags_to_int(unsigned int flags) +unsigned int +pkcs11_obj_flags_to_int (unsigned int flags) { - switch (flags) { - case GNUTLS_PKCS11_OBJ_FLAG_LOGIN: - return SESSION_LOGIN; - default: - return 0; - } + switch (flags) + { + case GNUTLS_PKCS11_OBJ_FLAG_LOGIN: + return SESSION_LOGIN; + default: + return 0; + } } /** @@ -1628,72 +1779,78 @@ unsigned int pkcs11_obj_flags_to_int(unsigned int flags) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t cert, const char *url, - unsigned int flags) +int +gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url, + unsigned int flags) { - int ret; - struct url_find_data_st find_data; - - /* fill in the find data structure */ - find_data.crt = cert; - - ret = pkcs11_url_to_info(url, &cert->info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = - _pkcs11_traverse_tokens(find_obj_url, &find_data, - pkcs11_obj_flags_to_int(flags)); - - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return 0; + int ret; + struct url_find_data_st find_data; + + /* fill in the find data structure */ + find_data.crt = cert; + + ret = pkcs11_url_to_info (url, &cert->info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = + _pkcs11_traverse_tokens (find_obj_url, &find_data, + pkcs11_obj_flags_to_int (flags)); + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return 0; } -struct token_num { - struct pkcs11_url_info info; - unsigned int seq; /* which one we are looking for */ - unsigned int current; /* which one are we now */ +struct token_num +{ + struct pkcs11_url_info info; + unsigned int seq; /* which one we are looking for */ + unsigned int current; /* which one are we now */ }; -static int find_token_num(pakchois_session_t * pks, - struct token_info *tinfo, - struct ck_info* lib_info, - void *input) +static int +find_token_num (pakchois_session_t * pks, + struct token_info *tinfo, + struct ck_info *lib_info, void *input) { - struct token_num *find_data = input; + struct token_num *find_data = input; - if (tinfo == NULL) { /* we don't support multiple calls */ - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (tinfo == NULL) + { /* we don't support multiple calls */ + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (find_data->current == find_data->seq) { - strcpy(find_data->info.manufacturer, - tinfo->tinfo.manufacturer_id); - strcpy(find_data->info.token, tinfo->tinfo.label); - strcpy(find_data->info.model, tinfo->tinfo.model); - strcpy(find_data->info.serial, tinfo->tinfo.serial_number); + if (find_data->current == find_data->seq) + { + strcpy (find_data->info.manufacturer, tinfo->tinfo.manufacturer_id); + strcpy (find_data->info.token, tinfo->tinfo.label); + strcpy (find_data->info.model, tinfo->tinfo.model); + strcpy (find_data->info.serial, tinfo->tinfo.serial_number); - strcpy(find_data->info.lib_manufacturer, lib_info->manufacturer_id); - strcpy(find_data->info.lib_desc, lib_info->library_description); - snprintf(find_data->info.lib_version, sizeof(find_data->info.lib_version), - "%u.%u", (unsigned int)lib_info->library_version.major, - (unsigned int)lib_info->library_version.minor); + strcpy (find_data->info.lib_manufacturer, lib_info->manufacturer_id); + strcpy (find_data->info.lib_desc, lib_info->library_description); + snprintf (find_data->info.lib_version, + sizeof (find_data->info.lib_version), "%u.%u", + (unsigned int) lib_info->library_version.major, + (unsigned int) lib_info->library_version.minor); - return 0; - } + return 0; + } - find_data->current++; - /* search the token for the id */ + find_data->current++; + /* search the token for the id */ - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */ + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */ } /** @@ -1709,27 +1866,31 @@ static int find_token_num(pakchois_session_t * pks, * if the sequence number exceeds the available tokens, otherwise a negative error value. **/ -int gnutls_pkcs11_token_get_url(unsigned int seq, gnutls_pkcs11_url_type_t detailed, char **url) +int +gnutls_pkcs11_token_get_url (unsigned int seq, + gnutls_pkcs11_url_type_t detailed, char **url) { - int ret; - struct token_num tn; + int ret; + struct token_num tn; - memset(&tn, 0, sizeof(tn)); - tn.seq = seq; + memset (&tn, 0, sizeof (tn)); + tn.seq = seq; - ret = _pkcs11_traverse_tokens(find_token_num, &tn, 0); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = _pkcs11_traverse_tokens (find_token_num, &tn, 0); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - ret = pkcs11_info_to_url(&tn.info, detailed, url); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = pkcs11_info_to_url (&tn.info, detailed, url); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - return 0; + return 0; } @@ -1745,51 +1906,55 @@ int gnutls_pkcs11_token_get_url(unsigned int seq, gnutls_pkcs11_url_type_t detai * * Returns: zero on success or a negative value on error. **/ -int gnutls_pkcs11_token_get_info(const char *url, - gnutls_pkcs11_token_info_t ttype, - void *output, size_t * output_size) +int +gnutls_pkcs11_token_get_info (const char *url, + gnutls_pkcs11_token_info_t ttype, + void *output, size_t * output_size) { - const char *str; - size_t len; - struct pkcs11_url_info info; - int ret; - - ret = pkcs11_url_to_info(url, &info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - switch (ttype) { - case GNUTLS_PKCS11_TOKEN_LABEL: - str = info.token; - break; - case GNUTLS_PKCS11_TOKEN_SERIAL: - str = info.serial; - break; - case GNUTLS_PKCS11_TOKEN_MANUFACTURER: - str = info.manufacturer; - break; - case GNUTLS_PKCS11_TOKEN_MODEL: - str = info.model; - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - len = strlen(str); - - if (len + 1 > *output_size) { - *output_size = len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - strcpy(output, str); - - *output_size = len; - - return 0; + const char *str; + size_t len; + struct pkcs11_url_info info; + int ret; + + ret = pkcs11_url_to_info (url, &info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + switch (ttype) + { + case GNUTLS_PKCS11_TOKEN_LABEL: + str = info.token; + break; + case GNUTLS_PKCS11_TOKEN_SERIAL: + str = info.serial; + break; + case GNUTLS_PKCS11_TOKEN_MANUFACTURER: + str = info.manufacturer; + break; + case GNUTLS_PKCS11_TOKEN_MODEL: + str = info.model; + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + len = strlen (str); + + if (len + 1 > *output_size) + { + *output_size = len + 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + strcpy (output, str); + + *output_size = len; + + return 0; } /** @@ -1803,17 +1968,20 @@ int gnutls_pkcs11_token_get_info(const char *url, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t cert, gnutls_pkcs11_url_type_t detailed, char **url) +int +gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t cert, + gnutls_pkcs11_url_type_t detailed, char **url) { - int ret; + int ret; - ret = pkcs11_info_to_url(&cert->info, detailed, url); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = pkcs11_info_to_url (&cert->info, detailed, url); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - return 0; + return 0; } /** @@ -1825,481 +1993,535 @@ int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t cert, gnutls_pkcs11_url_typ * * Returns: The type of the certificate. **/ -gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t - obj) +gnutls_pkcs11_obj_type_t +gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj) { - return obj->type; + return obj->type; } -struct pkey_list { - gnutls_buffer_st *key_ids; - size_t key_ids_size; +struct pkey_list +{ + gnutls_buffer_st *key_ids; + size_t key_ids_size; }; -int pkcs11_login(pakchois_session_t * pks, const struct token_info *info) +int +pkcs11_login (pakchois_session_t * pks, const struct token_info *info) { - int attempt = 0, ret; - ck_rv_t rv; - char* token_url; - int pin_len; - struct pkcs11_url_info uinfo; - - - if ((info->tinfo.flags & CKF_LOGIN_REQUIRED) == 0) { - gnutls_assert(); - _gnutls_debug_log("pk11: No login required.\n"); - return 0; - } - - memset(&uinfo, 0, sizeof(uinfo)); - strcpy(uinfo.manufacturer, info->tinfo.manufacturer_id); - strcpy(uinfo.token, info->tinfo.label); - strcpy(uinfo.model, info->tinfo.model); - strcpy(uinfo.serial, info->tinfo.serial_number); - ret = pkcs11_info_to_url(&uinfo, 1, &token_url); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - /* For a token with a "protected" (out-of-band) authentication - * path, calling login with a NULL username is all that is - * required. */ - if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) { - if (pakchois_login(pks, CKU_USER, NULL, 0) == CKR_OK) { - return 0; - } else { - gnutls_assert(); - _gnutls_debug_log - ("pk11: Protected login failed.\n"); - ret = GNUTLS_E_PKCS11_ERROR; - goto cleanup; - } - } - - /* Otherwise, PIN entry is necessary for login, so fail if there's - * no callback. */ - if (!pin_func) { - gnutls_assert(); - _gnutls_debug_log - ("pk11: No pin callback but login required.\n"); - ret = GNUTLS_E_PKCS11_ERROR; - goto cleanup; - } - - do { - struct ck_token_info tinfo; - char pin[GNUTLS_PKCS11_MAX_PIN_LEN]; - unsigned int flags; - - /* If login has been attempted once already, check the token - * status again, the flags might change. */ - if (attempt) { - if (pakchois_get_token_info - (info->prov->module, info->sid, - &tinfo) != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log - ("pk11: GetTokenInfo failed\n"); - ret = GNUTLS_E_PKCS11_ERROR; - goto cleanup; - } - } - - flags = 0; - if (tinfo.flags & CKF_USER_PIN_COUNT_LOW) - flags |= GNUTLS_PKCS11_PIN_COUNT_LOW; - if (tinfo.flags & CKF_USER_PIN_FINAL_TRY) - flags |= GNUTLS_PKCS11_PIN_FINAL_TRY; - - ret = pin_func(pin_data, attempt++, - (char *) token_url, - (char *) info->tinfo.label, flags, - pin, sizeof(pin)); - if (ret < 0) { - gnutls_assert(); - ret = GNUTLS_E_PKCS11_PIN_ERROR; - goto cleanup; - } - pin_len = strlen(pin); - - rv = pakchois_login(pks, CKU_USER, (unsigned char *) pin, - pin_len); - - /* Try to scrub the pin off the stack. Clever compilers will - * probably optimize this away, oh well. */ - memset(pin, 0, sizeof pin); - } while (rv == CKR_PIN_INCORRECT); - - _gnutls_debug_log("pk11: Login result = %lu\n", rv); - - - ret = (rv == CKR_OK - || rv == - CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err(rv); + int attempt = 0, ret; + ck_rv_t rv; + char *token_url; + int pin_len; + struct pkcs11_url_info uinfo; + + + if ((info->tinfo.flags & CKF_LOGIN_REQUIRED) == 0) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: No login required.\n"); + return 0; + } + + memset (&uinfo, 0, sizeof (uinfo)); + strcpy (uinfo.manufacturer, info->tinfo.manufacturer_id); + strcpy (uinfo.token, info->tinfo.label); + strcpy (uinfo.model, info->tinfo.model); + strcpy (uinfo.serial, info->tinfo.serial_number); + ret = pkcs11_info_to_url (&uinfo, 1, &token_url); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + /* For a token with a "protected" (out-of-band) authentication + * path, calling login with a NULL username is all that is + * required. */ + if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + { + if (pakchois_login (pks, CKU_USER, NULL, 0) == CKR_OK) + { + return 0; + } + else + { + gnutls_assert (); + _gnutls_debug_log ("pk11: Protected login failed.\n"); + ret = GNUTLS_E_PKCS11_ERROR; + goto cleanup; + } + } + + /* Otherwise, PIN entry is necessary for login, so fail if there's + * no callback. */ + if (!pin_func) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: No pin callback but login required.\n"); + ret = GNUTLS_E_PKCS11_ERROR; + goto cleanup; + } + + do + { + struct ck_token_info tinfo; + char pin[GNUTLS_PKCS11_MAX_PIN_LEN]; + unsigned int flags; + + /* If login has been attempted once already, check the token + * status again, the flags might change. */ + if (attempt) + { + if (pakchois_get_token_info + (info->prov->module, info->sid, &tinfo) != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: GetTokenInfo failed\n"); + ret = GNUTLS_E_PKCS11_ERROR; + goto cleanup; + } + } + + flags = 0; + if (tinfo.flags & CKF_USER_PIN_COUNT_LOW) + flags |= GNUTLS_PKCS11_PIN_COUNT_LOW; + if (tinfo.flags & CKF_USER_PIN_FINAL_TRY) + flags |= GNUTLS_PKCS11_PIN_FINAL_TRY; + + ret = pin_func (pin_data, attempt++, + (char *) token_url, + (char *) info->tinfo.label, flags, pin, sizeof (pin)); + if (ret < 0) + { + gnutls_assert (); + ret = GNUTLS_E_PKCS11_PIN_ERROR; + goto cleanup; + } + pin_len = strlen (pin); + + rv = pakchois_login (pks, CKU_USER, (unsigned char *) pin, pin_len); + + /* Try to scrub the pin off the stack. Clever compilers will + * probably optimize this away, oh well. */ + memset (pin, 0, sizeof pin); + } + while (rv == CKR_PIN_INCORRECT); + + _gnutls_debug_log ("pk11: Login result = %lu\n", rv); + + + ret = (rv == CKR_OK + || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv); cleanup: - gnutls_free(token_url); - return ret; + gnutls_free (token_url); + return ret; } -static int find_privkeys(pakchois_session_t * pks, struct token_info *info, - struct pkey_list *list) +static int +find_privkeys (pakchois_session_t * pks, struct token_info *info, + struct pkey_list *list) { - struct ck_attribute a[3]; - ck_object_class_t class; - ck_rv_t rv; - ck_object_handle_t obj; - unsigned long count, current; - char certid_tmp[PKCS11_ID_SIZE]; - - class = CKO_PRIVATE_KEY; - - /* Find an object with private key class and a certificate ID - * which matches the certificate. */ - /* FIXME: also match the cert subject. */ - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof class; - - rv = pakchois_find_objects_init(pks, a, 1); - if (rv != CKR_OK) { - gnutls_assert(); - return pkcs11_rv_to_err(rv); - } - - list->key_ids_size = 0; - while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - list->key_ids_size++; - } - - pakchois_find_objects_final(pks); - - if (list->key_ids_size == 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - list->key_ids = - gnutls_malloc(sizeof(gnutls_buffer_st) * list->key_ids_size); - if (list->key_ids == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - /* actual search */ - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof class; - - rv = pakchois_find_objects_init(pks, a, 1); - if (rv != CKR_OK) { - gnutls_assert(); - return pkcs11_rv_to_err(rv); - } - - current = 0; - while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - - a[0].type = CKA_ID; - a[0].value = certid_tmp; - a[0].value_len = sizeof(certid_tmp); - - _gnutls_buffer_init(&list->key_ids[current]); - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - _gnutls_buffer_append_data(&list->key_ids[current], - a[0].value, - a[0].value_len); - current++; - } - - if (current > list->key_ids_size) - break; - } - - pakchois_find_objects_final(pks); - - list->key_ids_size = current - 1; - - return 0; + struct ck_attribute a[3]; + ck_object_class_t class; + ck_rv_t rv; + ck_object_handle_t obj; + unsigned long count, current; + char certid_tmp[PKCS11_ID_SIZE]; + + class = CKO_PRIVATE_KEY; + + /* Find an object with private key class and a certificate ID + * which matches the certificate. */ + /* FIXME: also match the cert subject. */ + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof class; + + rv = pakchois_find_objects_init (pks, a, 1); + if (rv != CKR_OK) + { + gnutls_assert (); + return pkcs11_rv_to_err (rv); + } + + list->key_ids_size = 0; + while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1) + { + list->key_ids_size++; + } + + pakchois_find_objects_final (pks); + + if (list->key_ids_size == 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + list->key_ids = + gnutls_malloc (sizeof (gnutls_buffer_st) * list->key_ids_size); + if (list->key_ids == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + /* actual search */ + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof class; + + rv = pakchois_find_objects_init (pks, a, 1); + if (rv != CKR_OK) + { + gnutls_assert (); + return pkcs11_rv_to_err (rv); + } + + current = 0; + while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1) + { + + a[0].type = CKA_ID; + a[0].value = certid_tmp; + a[0].value_len = sizeof (certid_tmp); + + _gnutls_buffer_init (&list->key_ids[current]); + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + _gnutls_buffer_append_data (&list->key_ids[current], + a[0].value, a[0].value_len); + current++; + } + + if (current > list->key_ids_size) + break; + } + + pakchois_find_objects_final (pks); + + list->key_ids_size = current - 1; + + return 0; } /* Recover certificate list from tokens */ -static int find_objs(pakchois_session_t * pks, struct token_info *info, - struct ck_info* lib_info, void *input) +static int +find_objs (pakchois_session_t * pks, struct token_info *info, + struct ck_info *lib_info, void *input) { - struct crt_find_data_st *find_data = input; - struct ck_attribute a[4]; - ck_object_class_t class = -1; - ck_certificate_type_t type = -1; - unsigned int trusted; - ck_rv_t rv; - ck_object_handle_t obj; - unsigned long count; - opaque *cert_data; - char certid_tmp[PKCS11_ID_SIZE]; - char label_tmp[PKCS11_LABEL_SIZE]; - int ret, i; - struct pkey_list plist; /* private key holder */ - int tot_values = 0; - - if (info == NULL) { /* final call */ - if (find_data->current <= *find_data->n_list) - ret = 0; - else - ret = GNUTLS_E_SHORT_MEMORY_BUFFER; - - *find_data->n_list = find_data->current; - - return ret; - } - - /* do not bother reading the token if basic fields do not match - */ - if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - if (find_data->info.type[0] != 0) { - class = pkcs11_strtype_to_class(find_data->info.type); - if (class == CKO_CERTIFICATE) - type = CKC_X_509; - else - type = -1; - - if (class == -1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - } - - - memset(&plist, 0, sizeof(plist)); - - if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) { - ret = find_privkeys(pks, info, &plist); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - if (plist.key_ids_size == 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - } - - cert_data = gnutls_malloc(MAX_CERT_SIZE); - if (cert_data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - /* Find objects with cert class and X.509 cert type. */ - - tot_values = 0; - - if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL - || find_data->flags == - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) { - class = CKO_CERTIFICATE; - type = CKC_X_509; - trusted = 1; - - a[tot_values].type = CKA_CLASS; - a[tot_values].value = &class; - a[tot_values].value_len = sizeof class; - tot_values++; - - a[tot_values].type = CKA_CERTIFICATE_TYPE; - a[tot_values].value = &type; - a[tot_values].value_len = sizeof type; - tot_values++; - - } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED) { - class = CKO_CERTIFICATE; - type = CKC_X_509; - trusted = 1; - - a[tot_values].type = CKA_CLASS; - a[tot_values].value = &class; - a[tot_values].value_len = sizeof class; - tot_values++; - - a[tot_values].type = CKA_TRUSTED; - a[tot_values].value = &trusted; - a[tot_values].value_len = sizeof trusted; - tot_values++; - - } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY) { - class = CKO_PUBLIC_KEY; - - a[tot_values].type = CKA_CLASS; - a[tot_values].value = &class; - a[tot_values].value_len = sizeof class; - tot_values++; - } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) { - class = CKO_PRIVATE_KEY; - - a[tot_values].type = CKA_CLASS; - a[tot_values].value = &class; - a[tot_values].value_len = sizeof class; - tot_values++; - } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) { - if (class != -1) { - a[tot_values].type = CKA_CLASS; - a[tot_values].value = &class; - a[tot_values].value_len = sizeof class; - tot_values++; - } - if (type != -1) { - a[tot_values].type = CKA_CERTIFICATE_TYPE; - a[tot_values].value = &type; - a[tot_values].value_len = sizeof type; - tot_values++; - } - } else { - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; - goto fail; - } - - if (find_data->info.certid_raw_size != 0) { - a[tot_values].type = CKA_ID; - a[tot_values].value = find_data->info.certid_raw; - a[tot_values].value_len = find_data->info.certid_raw_size; - tot_values++; - } - - rv = pakchois_find_objects_init(pks, a, tot_values); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pk11: FindObjectsInit failed.\n"); - return pkcs11_rv_to_err(rv); - } - - while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - gnutls_datum_t label, id, value; - - a[0].type = CKA_LABEL; - a[0].value = label_tmp; - a[0].value_len = sizeof label_tmp; - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - label.data = a[0].value; - label.size = a[0].value_len; - } else { - label.data = NULL; - label.size = 0; - } - - a[0].type = CKA_ID; - a[0].value = certid_tmp; - a[0].value_len = sizeof certid_tmp; - - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - id.data = a[0].value; - id.size = a[0].value_len; - } else { - id.data = NULL; - id.size = 0; - } - - a[0].type = CKA_VALUE; - a[0].value = cert_data; - a[0].value_len = MAX_CERT_SIZE; - if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) { - value.data = a[0].value; - value.size = a[0].value_len; - } else { - value.data = NULL; - value.size = 0; - } - - if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) { - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof class; - - pakchois_get_attribute_value(pks, obj, a, 1); - } - - if (find_data->flags == - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) { - for (i = 0; i < plist.key_ids_size; i++) { - if (plist.key_ids[i].length != - a[1].value_len - || memcmp(plist.key_ids[i].data, - a[1].value, - a[1].value_len) != 0) { - /* not found */ - continue; - } - } - } - - if (find_data->current < *find_data->n_list) { - ret = - gnutls_pkcs11_obj_init(&find_data->p_list - [find_data->current]); - if (ret < 0) { - gnutls_assert(); - goto fail; - } - - if (class == CKO_PUBLIC_KEY) { - ret = - pkcs11_obj_import_pubkey(pks, obj, - find_data->p_list - [find_data->current], - &id, &label, - &info->tinfo, - lib_info); - } else { - ret = - pkcs11_obj_import(class, - find_data->p_list - [find_data->current], - &value, &id, &label, - &info->tinfo, lib_info); - } - if (ret < 0) { - gnutls_assert(); - goto fail; - } - } - - find_data->current++; - - } - - gnutls_free(cert_data); - pakchois_find_objects_final(pks); - - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */ - - fail: - gnutls_free(cert_data); - pakchois_find_objects_final(pks); - if (plist.key_ids != NULL) { - for (i = 0; i < plist.key_ids_size; i++) { - _gnutls_buffer_clear(&plist.key_ids[i]); + struct crt_find_data_st *find_data = input; + struct ck_attribute a[4]; + ck_object_class_t class = -1; + ck_certificate_type_t type = -1; + unsigned int trusted; + ck_rv_t rv; + ck_object_handle_t obj; + unsigned long count; + opaque *cert_data; + char certid_tmp[PKCS11_ID_SIZE]; + char label_tmp[PKCS11_LABEL_SIZE]; + int ret, i; + struct pkey_list plist; /* private key holder */ + int tot_values = 0; + + if (info == NULL) + { /* final call */ + if (find_data->current <= *find_data->n_list) + ret = 0; + else + ret = GNUTLS_E_SHORT_MEMORY_BUFFER; + + *find_data->n_list = find_data->current; + + return ret; + } + + /* do not bother reading the token if basic fields do not match + */ + if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) < + 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + if (find_data->info.type[0] != 0) + { + class = pkcs11_strtype_to_class (find_data->info.type); + if (class == CKO_CERTIFICATE) + type = CKC_X_509; + else + type = -1; + + if (class == -1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + } + + + memset (&plist, 0, sizeof (plist)); + + if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) + { + ret = find_privkeys (pks, info, &plist); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + if (plist.key_ids_size == 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + } + + cert_data = gnutls_malloc (MAX_CERT_SIZE); + if (cert_data == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + /* Find objects with cert class and X.509 cert type. */ + + tot_values = 0; + + if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL + || find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) + { + class = CKO_CERTIFICATE; + type = CKC_X_509; + trusted = 1; + + a[tot_values].type = CKA_CLASS; + a[tot_values].value = &class; + a[tot_values].value_len = sizeof class; + tot_values++; + + a[tot_values].type = CKA_CERTIFICATE_TYPE; + a[tot_values].value = &type; + a[tot_values].value_len = sizeof type; + tot_values++; + + } + else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED) + { + class = CKO_CERTIFICATE; + type = CKC_X_509; + trusted = 1; + + a[tot_values].type = CKA_CLASS; + a[tot_values].value = &class; + a[tot_values].value_len = sizeof class; + tot_values++; + + a[tot_values].type = CKA_TRUSTED; + a[tot_values].value = &trusted; + a[tot_values].value_len = sizeof trusted; + tot_values++; + + } + else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY) + { + class = CKO_PUBLIC_KEY; + + a[tot_values].type = CKA_CLASS; + a[tot_values].value = &class; + a[tot_values].value_len = sizeof class; + tot_values++; + } + else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) + { + class = CKO_PRIVATE_KEY; + + a[tot_values].type = CKA_CLASS; + a[tot_values].value = &class; + a[tot_values].value_len = sizeof class; + tot_values++; + } + else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) + { + if (class != -1) + { + a[tot_values].type = CKA_CLASS; + a[tot_values].value = &class; + a[tot_values].value_len = sizeof class; + tot_values++; + } + if (type != -1) + { + a[tot_values].type = CKA_CERTIFICATE_TYPE; + a[tot_values].value = &type; + a[tot_values].value_len = sizeof type; + tot_values++; + } + } + else + { + gnutls_assert (); + ret = GNUTLS_E_INVALID_REQUEST; + goto fail; + } + + if (find_data->info.certid_raw_size != 0) + { + a[tot_values].type = CKA_ID; + a[tot_values].value = find_data->info.certid_raw; + a[tot_values].value_len = find_data->info.certid_raw_size; + tot_values++; + } + + rv = pakchois_find_objects_init (pks, a, tot_values); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: FindObjectsInit failed.\n"); + return pkcs11_rv_to_err (rv); + } + + while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1) + { + gnutls_datum_t label, id, value; + + a[0].type = CKA_LABEL; + a[0].value = label_tmp; + a[0].value_len = sizeof label_tmp; + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + label.data = a[0].value; + label.size = a[0].value_len; + } + else + { + label.data = NULL; + label.size = 0; + } + + a[0].type = CKA_ID; + a[0].value = certid_tmp; + a[0].value_len = sizeof certid_tmp; + + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + id.data = a[0].value; + id.size = a[0].value_len; + } + else + { + id.data = NULL; + id.size = 0; + } + + a[0].type = CKA_VALUE; + a[0].value = cert_data; + a[0].value_len = MAX_CERT_SIZE; + if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) + { + value.data = a[0].value; + value.size = a[0].value_len; + } + else + { + value.data = NULL; + value.size = 0; + } + + if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) + { + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof class; + + pakchois_get_attribute_value (pks, obj, a, 1); + } + + if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) + { + for (i = 0; i < plist.key_ids_size; i++) + { + if (plist.key_ids[i].length != + a[1].value_len + || memcmp (plist.key_ids[i].data, + a[1].value, a[1].value_len) != 0) + { + /* not found */ + continue; } - gnutls_free(plist.key_ids); - } - for (i = 0; i < find_data->current; i++) { - gnutls_pkcs11_obj_deinit(find_data->p_list[i]); - } - find_data->current = 0; - - return ret; + } + } + + if (find_data->current < *find_data->n_list) + { + ret = + gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]); + if (ret < 0) + { + gnutls_assert (); + goto fail; + } + + if (class == CKO_PUBLIC_KEY) + { + ret = + pkcs11_obj_import_pubkey (pks, obj, + find_data->p_list + [find_data->current], + &id, &label, + &info->tinfo, lib_info); + } + else + { + ret = + pkcs11_obj_import (class, + find_data->p_list + [find_data->current], + &value, &id, &label, + &info->tinfo, lib_info); + } + if (ret < 0) + { + gnutls_assert (); + goto fail; + } + } + + find_data->current++; + + } + + gnutls_free (cert_data); + pakchois_find_objects_final (pks); + + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */ + +fail: + gnutls_free (cert_data); + pakchois_find_objects_final (pks); + if (plist.key_ids != NULL) + { + for (i = 0; i < plist.key_ids_size; i++) + { + _gnutls_buffer_clear (&plist.key_ids[i]); + } + gnutls_free (plist.key_ids); + } + for (i = 0; i < find_data->current; i++) + { + gnutls_pkcs11_obj_deinit (find_data->p_list[i]); + } + find_data->current = 0; + + return ret; } /** @@ -2316,40 +2538,44 @@ static int find_objs(pakchois_session_t * pks, struct token_info *info, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list, - unsigned int *n_list, - const char *url, - gnutls_pkcs11_obj_attr_t attrs, - unsigned int flags) +int +gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, + unsigned int *n_list, + const char *url, + gnutls_pkcs11_obj_attr_t attrs, + unsigned int flags) { - int ret; - struct crt_find_data_st find_data; - - /* fill in the find data structure */ - find_data.p_list = p_list; - find_data.n_list = n_list; - find_data.flags = attrs; - find_data.current = 0; - - if (url == NULL || url[0] == 0) { - url = "pkcs11:"; - } - - ret = pkcs11_url_to_info(url, &find_data.info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = - _pkcs11_traverse_tokens(find_objs, &find_data, - pkcs11_obj_flags_to_int(flags)); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return 0; + int ret; + struct crt_find_data_st find_data; + + /* fill in the find data structure */ + find_data.p_list = p_list; + find_data.n_list = n_list; + find_data.flags = attrs; + find_data.current = 0; + + if (url == NULL || url[0] == 0) + { + url = "pkcs11:"; + } + + ret = pkcs11_url_to_info (url, &find_data.info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = + _pkcs11_traverse_tokens (find_objs, &find_data, + pkcs11_obj_flags_to_int (flags)); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return 0; } /** @@ -2365,36 +2591,40 @@ int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt, - const char *url, unsigned int flags) +int +gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, + const char *url, unsigned int flags) { - gnutls_pkcs11_obj_t pcrt; - int ret; - - ret = gnutls_pkcs11_obj_init(&pcrt); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = gnutls_x509_crt_import(crt, &pcrt->raw, GNUTLS_X509_FMT_DER); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = 0; - cleanup: + gnutls_pkcs11_obj_t pcrt; + int ret; + + ret = gnutls_pkcs11_obj_init (&pcrt); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = gnutls_x509_crt_import (crt, &pcrt->raw, GNUTLS_X509_FMT_DER); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = 0; +cleanup: - gnutls_pkcs11_obj_deinit(pcrt); + gnutls_pkcs11_obj_deinit (pcrt); - return ret; + return ret; } @@ -2409,11 +2639,11 @@ int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt, - gnutls_pkcs11_obj_t pkcs11_crt) +int +gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, + gnutls_pkcs11_obj_t pkcs11_crt) { - return gnutls_x509_crt_import(crt, &pkcs11_crt->raw, - GNUTLS_X509_FMT_DER); + return gnutls_x509_crt_import (crt, &pkcs11_crt->raw, GNUTLS_X509_FMT_DER); } /** @@ -2429,60 +2659,69 @@ int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs, - unsigned int cert_max, - gnutls_pkcs11_obj_t * const objs, - unsigned int flags) +int +gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, + unsigned int cert_max, + gnutls_pkcs11_obj_t * const objs, + unsigned int flags) { - int i, j; - int ret; - - for (i = 0; i < cert_max; i++) { - ret = gnutls_x509_crt_init(&certs[i]); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + int i, j; + int ret; - ret = gnutls_x509_crt_import_pkcs11(certs[i], objs[i]); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + for (i = 0; i < cert_max; i++) + { + ret = gnutls_x509_crt_init (&certs[i]); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - return 0; - - cleanup: - for (j = 0; j < i; j++) { - gnutls_x509_crt_deinit(certs[j]); + ret = gnutls_x509_crt_import_pkcs11 (certs[i], objs[i]); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } + } + + return 0; + +cleanup: + for (j = 0; j < i; j++) + { + gnutls_x509_crt_deinit (certs[j]); + } - return ret; + return ret; } -static int find_flags(pakchois_session_t * pks, struct token_info *info, - struct ck_info* lib_info, void *input) +static int +find_flags (pakchois_session_t * pks, struct token_info *info, + struct ck_info *lib_info, void *input) { - struct flags_find_data_st *find_data = input; + struct flags_find_data_st *find_data = input; - if (info == NULL) { /* we don't support multiple calls */ - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info == NULL) + { /* we don't support multiple calls */ + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - /* do not bother reading the token if basic fields do not match - */ - if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + /* do not bother reading the token if basic fields do not match + */ + if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) < + 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - /* found token! */ + /* found token! */ - find_data->slot_flags = info->sinfo.flags; + find_data->slot_flags = info->sinfo.flags; - return 0; + return 0; } /** @@ -2494,94 +2733,107 @@ static int find_flags(pakchois_session_t * pks, struct token_info *info, * * Returns: zero on success or a negative value on error. **/ -int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags) +int +gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags) { - struct flags_find_data_st find_data; - int ret; + struct flags_find_data_st find_data; + int ret; - ret = pkcs11_url_to_info(url, &find_data.info); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = pkcs11_url_to_info (url, &find_data.info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - ret = _pkcs11_traverse_tokens(find_flags, &find_data, 0); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = _pkcs11_traverse_tokens (find_flags, &find_data, 0); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - *flags = 0; - if (find_data.slot_flags & CKF_HW_SLOT) - *flags |= GNUTLS_PKCS11_TOKEN_HW; + *flags = 0; + if (find_data.slot_flags & CKF_HW_SLOT) + *flags |= GNUTLS_PKCS11_TOKEN_HW; - return 0; + return 0; } -const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t type) +const char * +gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type) { - switch (type) { - case GNUTLS_PKCS11_OBJ_X509_CRT: - return "X.509 Certificate"; - case GNUTLS_PKCS11_OBJ_PUBKEY: - return "Public key"; - case GNUTLS_PKCS11_OBJ_PRIVKEY: - return "Private key"; - case GNUTLS_PKCS11_OBJ_SECRET_KEY: - return "Secret key"; - case GNUTLS_PKCS11_OBJ_DATA: - return "Data"; - case GNUTLS_PKCS11_OBJ_UNKNOWN: - default: - return "Unknown"; - } + switch (type) + { + case GNUTLS_PKCS11_OBJ_X509_CRT: + return "X.509 Certificate"; + case GNUTLS_PKCS11_OBJ_PUBKEY: + return "Public key"; + case GNUTLS_PKCS11_OBJ_PRIVKEY: + return "Private key"; + case GNUTLS_PKCS11_OBJ_SECRET_KEY: + return "Secret key"; + case GNUTLS_PKCS11_OBJ_DATA: + return "Data"; + case GNUTLS_PKCS11_OBJ_UNKNOWN: + default: + return "Unknown"; + } } -int pkcs11_token_matches_info(struct pkcs11_url_info *info, - struct ck_token_info *tinfo, struct ck_info *lib_info) +int +pkcs11_token_matches_info (struct pkcs11_url_info *info, + struct ck_token_info *tinfo, + struct ck_info *lib_info) { - if (info->manufacturer[0] != 0) { - if (strcmp(info->manufacturer, tinfo->manufacturer_id) != - 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info->manufacturer[0] != 0) + { + if (strcmp (info->manufacturer, tinfo->manufacturer_id) != 0) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (info->token[0] != 0) { - if (strcmp(info->token, tinfo->label) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info->token[0] != 0) + { + if (strcmp (info->token, tinfo->label) != 0) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (info->model[0] != 0) { - if (strcmp(info->model, tinfo->model) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info->model[0] != 0) + { + if (strcmp (info->model, tinfo->model) != 0) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (info->serial[0] != 0) { - if (strcmp(info->serial, tinfo->serial_number) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info->serial[0] != 0) + { + if (strcmp (info->serial, tinfo->serial_number) != 0) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (info->lib_manufacturer[0] != 0) { - if (strcmp(info->lib_manufacturer, lib_info->manufacturer_id) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info->lib_manufacturer[0] != 0) + { + if (strcmp (info->lib_manufacturer, lib_info->manufacturer_id) != 0) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (info->lib_desc[0] != 0) { - if (strcmp(info->lib_desc, lib_info->library_description) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info->lib_desc[0] != 0) + { + if (strcmp (info->lib_desc, lib_info->library_description) != 0) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (info->lib_version[0] != 0) { - char version[16]; - - snprintf(version, sizeof(version), "%u.%u", - (unsigned int)lib_info->library_version.major, - (unsigned int)lib_info->library_version.minor); - if (strcmp(info->lib_version, version) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (info->lib_version[0] != 0) + { + char version[16]; + + snprintf (version, sizeof (version), "%u.%u", + (unsigned int) lib_info->library_version.major, + (unsigned int) lib_info->library_version.minor); + if (strcmp (info->lib_version, version) != 0) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - return 0; + return 0; } diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 46ad5cacb7..354bba3be7 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -1,5 +1,5 @@ #ifndef PKCS11_INT_H -# define PKCS11_INT_H +#define PKCS11_INT_H #include <pakchois/pakchois.h> #include <gnutls/pkcs11.h> @@ -7,48 +7,47 @@ #define PKCS11_ID_SIZE 128 #define PKCS11_LABEL_SIZE 128 -struct token_info { - struct ck_token_info tinfo; - struct ck_slot_info sinfo; - ck_slot_id_t sid; - struct gnutls_pkcs11_provider_s *prov; +struct token_info +{ + struct ck_token_info tinfo; + struct ck_slot_info sinfo; + ck_slot_id_t sid; + struct gnutls_pkcs11_provider_s *prov; }; -struct pkcs11_url_info { - /* everything here is null terminated strings */ - opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */ - opaque type[16]; /* cert/key etc. */ - - opaque lib_manufacturer[sizeof - (((struct ck_info *) NULL)-> - manufacturer_id) + 1]; - opaque lib_desc[sizeof - (((struct ck_info *) NULL)-> - library_description) + 1]; - opaque lib_version[12]; - - opaque manufacturer[sizeof - (((struct ck_token_info *) NULL)-> - manufacturer_id) + 1]; - opaque token[sizeof(((struct ck_token_info *) NULL)->label) + 1]; - opaque serial[sizeof(((struct ck_token_info *) NULL)-> - serial_number) + 1]; - opaque model[sizeof(((struct ck_token_info *) NULL)->model) + 1]; - opaque label[PKCS11_LABEL_SIZE + 1]; - - opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */ - size_t certid_raw_size; +struct pkcs11_url_info +{ + /* everything here is null terminated strings */ + opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */ + opaque type[16]; /* cert/key etc. */ + + opaque lib_manufacturer[sizeof + (((struct ck_info *) NULL)->manufacturer_id) + 1]; + opaque lib_desc[sizeof + (((struct ck_info *) NULL)->library_description) + 1]; + opaque lib_version[12]; + + opaque manufacturer[sizeof + (((struct ck_token_info *) NULL)->manufacturer_id) + 1]; + opaque token[sizeof (((struct ck_token_info *) NULL)->label) + 1]; + opaque serial[sizeof (((struct ck_token_info *) NULL)->serial_number) + 1]; + opaque model[sizeof (((struct ck_token_info *) NULL)->model) + 1]; + opaque label[PKCS11_LABEL_SIZE + 1]; + + opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */ + size_t certid_raw_size; }; -struct gnutls_pkcs11_obj_st { - gnutls_datum_t raw; - gnutls_pkcs11_obj_type_t type; - struct pkcs11_url_info info; +struct gnutls_pkcs11_obj_st +{ + gnutls_datum_t raw; + gnutls_pkcs11_obj_type_t type; + struct pkcs11_url_info info; - /* only when pubkey */ - gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE]; - gnutls_pk_algorithm pk_algorithm; - unsigned int key_usage; + /* only when pubkey */ + gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE]; + gnutls_pk_algorithm pk_algorithm; + unsigned int key_usage; }; /* thus function is called for every token in the traverse_tokens @@ -56,40 +55,41 @@ struct gnutls_pkcs11_obj_st { * It should return 0 if found what it was looking for. */ typedef int (*find_func_t) (pakchois_session_t * pks, - struct token_info * tinfo, struct ck_info*, void *input); + struct token_info * tinfo, struct ck_info *, + void *input); -int pkcs11_rv_to_err(ck_rv_t rv); -int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info); +int pkcs11_rv_to_err (ck_rv_t rv); +int pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info); -int pkcs11_get_info(struct pkcs11_url_info *info, - gnutls_pkcs11_obj_info_t itype, void *output, - size_t * output_size); -int pkcs11_login(pakchois_session_t * pks, const struct token_info *info); +int pkcs11_get_info (struct pkcs11_url_info *info, + gnutls_pkcs11_obj_info_t itype, void *output, + size_t * output_size); +int pkcs11_login (pakchois_session_t * pks, const struct token_info *info); extern gnutls_pkcs11_token_callback_t token_func; extern void *token_data; -void pkcs11_rescan_slots(void); -int pkcs11_info_to_url(const struct pkcs11_url_info *info, gnutls_pkcs11_url_type_t detailed, char **url); +void pkcs11_rescan_slots (void); +int pkcs11_info_to_url (const struct pkcs11_url_info *info, + gnutls_pkcs11_url_type_t detailed, char **url); #define SESSION_WRITE 1 #define SESSION_LOGIN 2 -int pkcs11_open_session(pakchois_session_t ** _pks, - struct pkcs11_url_info *info, - unsigned int flags); -int _pkcs11_traverse_tokens(find_func_t find_func, void *input, - unsigned int flags); -ck_object_class_t pkcs11_strtype_to_class(const char *type); +int pkcs11_open_session (pakchois_session_t ** _pks, + struct pkcs11_url_info *info, unsigned int flags); +int _pkcs11_traverse_tokens (find_func_t find_func, void *input, + unsigned int flags); +ck_object_class_t pkcs11_strtype_to_class (const char *type); -int pkcs11_token_matches_info(struct pkcs11_url_info *info, - struct ck_token_info *tinfo, struct ck_info *lib_info); +int pkcs11_token_matches_info (struct pkcs11_url_info *info, + struct ck_token_info *tinfo, + struct ck_info *lib_info); /* flags are SESSION_* */ -int pkcs11_find_object(pakchois_session_t ** _pks, - ck_object_handle_t * _obj, - struct pkcs11_url_info *info, - unsigned int flags); +int pkcs11_find_object (pakchois_session_t ** _pks, + ck_object_handle_t * _obj, + struct pkcs11_url_info *info, unsigned int flags); -unsigned int pkcs11_obj_flags_to_int(unsigned int flags); +unsigned int pkcs11_obj_flags_to_int (unsigned int flags); #endif diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index dc738d3ce2..5d5cf48250 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -31,10 +31,11 @@ #include <pkcs11_int.h> #include <sign.h> -struct gnutls_pkcs11_privkey_st { - gnutls_pk_algorithm_t pk_algorithm; - unsigned int flags; - struct pkcs11_url_info info; +struct gnutls_pkcs11_privkey_st +{ + gnutls_pk_algorithm_t pk_algorithm; + unsigned int flags; + struct pkcs11_url_info info; }; /** @@ -46,15 +47,17 @@ struct gnutls_pkcs11_privkey_st { * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key) +int +gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key) { - *key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st)); - if (*key == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; + *key = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_privkey_st)); + if (*key == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + return 0; } /** @@ -63,9 +66,10 @@ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key) * * This function will deinitialize a private key structure. **/ -void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key) +void +gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key) { - gnutls_free(key); + gnutls_free (key); } /** @@ -78,12 +82,13 @@ void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key) * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative value on error. **/ -int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key, - unsigned int *bits) +int +gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, + unsigned int *bits) { - if (bits) - *bits = 0; /* FIXME */ - return key->pk_algorithm; + if (bits) + *bits = 0; /* FIXME */ + return key->pk_algorithm; } /** @@ -100,11 +105,12 @@ int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key, * * Returns: zero on success or a negative value on error. **/ -int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey, - gnutls_pkcs11_obj_info_t itype, - void *output, size_t * output_size) +int +gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey, + gnutls_pkcs11_obj_info_t itype, + void *output, size_t * output_size) { - return pkcs11_get_info(&pkey->info, itype, output, output_size); + return pkcs11_get_info (&pkey->info, itype, output, output_size); } @@ -125,45 +131,49 @@ int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey, * negative error value. **/ int -gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) +gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer, + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { - int ret; - gnutls_datum_t digest; - - switch (signer->pk_algorithm) { - case GNUTLS_PK_RSA: - ret = pk_pkcs1_rsa_hash(hash, data, &digest); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - case GNUTLS_PK_DSA: - ret = pk_dsa_hash(hash, data, &digest); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - break; - default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + int ret; + gnutls_datum_t digest; + + switch (signer->pk_algorithm) + { + case GNUTLS_PK_RSA: + ret = pk_pkcs1_rsa_hash (hash, data, &digest); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_DSA: + ret = pk_dsa_hash (hash, data, &digest); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = gnutls_pkcs11_privkey_sign_hash(signer, &digest, signature); - _gnutls_free_datum(&digest); + break; + default: + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature); + _gnutls_free_datum (&digest); + + if (ret < 0) + { + gnutls_assert (); + return ret; + } - return 0; + return 0; } @@ -194,61 +204,64 @@ gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t signer, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) +int +gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { - ck_rv_t rv; - int ret; - struct ck_mechanism mech; - unsigned long siglen; - pakchois_session_t *pks; - ck_object_handle_t obj; - - FIND_OBJECT(pks, obj, key); - - mech.mechanism = - key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS; - mech.parameter = NULL; - mech.parameter_len = 0; - - /* Initialize signing operation; using the private key discovered - * earlier. */ - rv = pakchois_sign_init(pks, &mech, obj); - if (rv != CKR_OK) { - gnutls_assert(); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - /* Work out how long the signature must be: */ - rv = pakchois_sign(pks, hash->data, hash->size, NULL, &siglen); - if (rv != CKR_OK) { - gnutls_assert(); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - signature->data = gnutls_malloc(siglen); - signature->size = siglen; - - rv = pakchois_sign(pks, hash->data, hash->size, - signature->data, &siglen); - if (rv != CKR_OK) { - gnutls_free(signature->data); - gnutls_assert(); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - signature->size = siglen; - - ret = 0; - - cleanup: - pakchois_close_session(pks); - - return ret; + ck_rv_t rv; + int ret; + struct ck_mechanism mech; + unsigned long siglen; + pakchois_session_t *pks; + ck_object_handle_t obj; + + FIND_OBJECT (pks, obj, key); + + mech.mechanism = + key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS; + mech.parameter = NULL; + mech.parameter_len = 0; + + /* Initialize signing operation; using the private key discovered + * earlier. */ + rv = pakchois_sign_init (pks, &mech, obj); + if (rv != CKR_OK) + { + gnutls_assert (); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + /* Work out how long the signature must be: */ + rv = pakchois_sign (pks, hash->data, hash->size, NULL, &siglen); + if (rv != CKR_OK) + { + gnutls_assert (); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + signature->data = gnutls_malloc (siglen); + signature->size = siglen; + + rv = pakchois_sign (pks, hash->data, hash->size, signature->data, &siglen); + if (rv != CKR_OK) + { + gnutls_free (signature->data); + gnutls_assert (); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + signature->size = siglen; + + ret = 0; + +cleanup: + pakchois_close_session (pks); + + return ret; } @@ -266,31 +279,34 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, - const char *url, unsigned int flags) +int +gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey, + const char *url, unsigned int flags) { - int ret; - - ret = pkcs11_url_to_info(url, &pkey->info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - pkey->flags = flags; - - if (pkey->info.type[0] != 0 - && strcmp(pkey->info.type, "private") != 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (pkey->info.id[0] == 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - return 0; + int ret; + + ret = pkcs11_url_to_info (url, &pkey->info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + pkey->flags = flags; + + if (pkey->info.type[0] != 0 && strcmp (pkey->info.type, "private") != 0) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (pkey->info.id[0] == 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + return 0; } /** @@ -307,63 +323,66 @@ int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, * negative error value. **/ int -gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) +gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { - ck_rv_t rv; - int ret; - struct ck_mechanism mech; - unsigned long siglen; - pakchois_session_t *pks; - ck_object_handle_t obj; - - FIND_OBJECT(pks, obj, key); - - mech.mechanism = - key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS; - mech.parameter = NULL; - mech.parameter_len = 0; - - /* Initialize signing operation; using the private key discovered - * earlier. */ - rv = pakchois_decrypt_init(pks, &mech, obj); - if (rv != CKR_OK) { - gnutls_assert(); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - /* Work out how long the plaintext must be: */ - rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size, - NULL, &siglen); - if (rv != CKR_OK) { - gnutls_assert(); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - plaintext->data = gnutls_malloc(siglen); - plaintext->size = siglen; - - rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size, - plaintext->data, &siglen); - if (rv != CKR_OK) { - gnutls_free(plaintext->data); - gnutls_assert(); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - plaintext->size = siglen; - - ret = 0; - - cleanup: - pakchois_close_session(pks); - - return ret; + ck_rv_t rv; + int ret; + struct ck_mechanism mech; + unsigned long siglen; + pakchois_session_t *pks; + ck_object_handle_t obj; + + FIND_OBJECT (pks, obj, key); + + mech.mechanism = + key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS; + mech.parameter = NULL; + mech.parameter_len = 0; + + /* Initialize signing operation; using the private key discovered + * earlier. */ + rv = pakchois_decrypt_init (pks, &mech, obj); + if (rv != CKR_OK) + { + gnutls_assert (); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + /* Work out how long the plaintext must be: */ + rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size, + NULL, &siglen); + if (rv != CKR_OK) + { + gnutls_assert (); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + plaintext->data = gnutls_malloc (siglen); + plaintext->size = siglen; + + rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size, + plaintext->data, &siglen); + if (rv != CKR_OK) + { + gnutls_free (plaintext->data); + gnutls_assert (); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + plaintext->size = siglen; + + ret = 0; + +cleanup: + pakchois_close_session (pks); + + return ret; } /** @@ -377,16 +396,19 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key, - gnutls_pkcs11_url_type_t detailed, char **url) +int +gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, + gnutls_pkcs11_url_type_t detailed, + char **url) { - int ret; + int ret; - ret = pkcs11_info_to_url(&key->info, detailed, url); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = pkcs11_info_to_url (&key->info, detailed, url); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - return 0; + return 0; } diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index fac39de9c2..15fd10c599 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -41,118 +41,126 @@ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_copy_x509_crt(const char *token_url, - gnutls_x509_crt_t crt, const char *label, - unsigned int flags) +int +gnutls_pkcs11_copy_x509_crt (const char *token_url, + gnutls_x509_crt_t crt, const char *label, + unsigned int flags) { - int ret; - pakchois_session_t *pks; - struct pkcs11_url_info info; - ck_rv_t rv; - size_t der_size, id_size; - opaque *der = NULL; - opaque id[20]; - struct ck_attribute a[8]; - ck_object_class_t class = CKO_CERTIFICATE; - ck_certificate_type_t type = CKC_X_509; - ck_object_handle_t obj; - unsigned int tval = 1; - int a_val; - - ret = pkcs11_url_to_info(token_url, &info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = - pkcs11_open_session(&pks, &info, - SESSION_WRITE | pkcs11_obj_flags_to_int(flags)); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = gnutls_x509_crt_export(crt, - GNUTLS_X509_FMT_DER, NULL, &der_size); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - goto cleanup; - } - - der = gnutls_malloc(der_size); - if (der == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - ret = gnutls_x509_crt_export(crt, - GNUTLS_X509_FMT_DER, der, &der_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - id_size = sizeof(id); - ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - /* FIXME: copy key usage flags */ - - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof(class); - a[1].type = CKA_ID; - a[1].value = id; - a[1].value_len = id_size; - a[2].type = CKA_VALUE; - a[2].value = der; - a[2].value_len = der_size; - a[3].type = CKA_TOKEN; - a[3].value = &tval; - a[3].value_len = sizeof(tval); - a[4].type = CKA_CERTIFICATE_TYPE; - a[4].value = &type; - a[4].value_len = sizeof(type); - - a_val = 5; - - if (label) { - a[a_val].type = CKA_LABEL; - a[a_val].value = (void *) label; - a[a_val].value_len = strlen(label); - a_val++; - } - - if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) { - a[a_val].type = CKA_TRUSTED; - a[a_val].value = &tval; - a[a_val].value_len = sizeof(tval); - a_val++; - } - - rv = pakchois_create_object(pks, a, a_val, &obj); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv)); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - /* generated! - */ - - ret = 0; - - cleanup: - gnutls_free(der); - pakchois_close_session(pks); - - return ret; + int ret; + pakchois_session_t *pks; + struct pkcs11_url_info info; + ck_rv_t rv; + size_t der_size, id_size; + opaque *der = NULL; + opaque id[20]; + struct ck_attribute a[8]; + ck_object_class_t class = CKO_CERTIFICATE; + ck_certificate_type_t type = CKC_X_509; + ck_object_handle_t obj; + unsigned int tval = 1; + int a_val; + + ret = pkcs11_url_to_info (token_url, &info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = + pkcs11_open_session (&pks, &info, + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, NULL, &der_size); + if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_assert (); + goto cleanup; + } + + der = gnutls_malloc (der_size); + if (der == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, der, &der_size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + id_size = sizeof (id); + ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + /* FIXME: copy key usage flags */ + + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof (class); + a[1].type = CKA_ID; + a[1].value = id; + a[1].value_len = id_size; + a[2].type = CKA_VALUE; + a[2].value = der; + a[2].value_len = der_size; + a[3].type = CKA_TOKEN; + a[3].value = &tval; + a[3].value_len = sizeof (tval); + a[4].type = CKA_CERTIFICATE_TYPE; + a[4].value = &type; + a[4].value_len = sizeof (type); + + a_val = 5; + + if (label) + { + a[a_val].type = CKA_LABEL; + a[a_val].value = (void *) label; + a[a_val].value_len = strlen (label); + a_val++; + } + + if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) + { + a[a_val].type = CKA_TRUSTED; + a[a_val].value = &tval; + a[a_val].value_len = sizeof (tval); + a_val++; + } + + rv = pakchois_create_object (pks, a, a_val, &obj); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + /* generated! + */ + + ret = 0; + +cleanup: + gnutls_free (der); + pakchois_close_session (pks); + + return ret; } @@ -171,330 +179,354 @@ int gnutls_pkcs11_copy_x509_crt(const char *token_url, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_copy_x509_privkey(const char *token_url, - gnutls_x509_privkey_t key, - const char *label, - unsigned int key_usage, - unsigned int flags) +int +gnutls_pkcs11_copy_x509_privkey (const char *token_url, + gnutls_x509_privkey_t key, + const char *label, + unsigned int key_usage, unsigned int flags) { - int ret; - pakchois_session_t *pks; - struct pkcs11_url_info info; - ck_rv_t rv; - size_t id_size; - opaque id[20]; - struct ck_attribute a[16]; - ck_object_class_t class = CKO_PRIVATE_KEY; - ck_object_handle_t obj; - ck_key_type_t type; - unsigned int tval = 1; - int a_val; - gnutls_pk_algorithm_t pk; - gnutls_datum_t p, q, g, y, x; - gnutls_datum_t m, e, d, u, exp1, exp2; - - - ret = pkcs11_url_to_info(token_url, &info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - id_size = sizeof(id); - ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + int ret; + pakchois_session_t *pks; + struct pkcs11_url_info info; + ck_rv_t rv; + size_t id_size; + opaque id[20]; + struct ck_attribute a[16]; + ck_object_class_t class = CKO_PRIVATE_KEY; + ck_object_handle_t obj; + ck_key_type_t type; + unsigned int tval = 1; + int a_val; + gnutls_pk_algorithm_t pk; + gnutls_datum_t p, q, g, y, x; + gnutls_datum_t m, e, d, u, exp1, exp2; + + + ret = pkcs11_url_to_info (token_url, &info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + id_size = sizeof (id); + ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = + pkcs11_open_session (&pks, &info, + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + /* FIXME: copy key usage flags */ + a_val = 0; + a[a_val].type = CKA_CLASS; + a[a_val].value = &class; + a[a_val].value_len = sizeof (class); + a_val++; + + a[a_val].type = CKA_ID; + a[a_val].value = id; + a[a_val].value_len = id_size; + a_val++; + + a[a_val].type = CKA_KEY_TYPE; + a[a_val].value = &type; + a[a_val].value_len = sizeof (type); + a_val++; + + if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) + tval = 1; + else + tval = 0; + + a[a_val].type = CKA_SENSITIVE; + a[a_val].value = &tval; + a[a_val].value_len = sizeof (tval); + a_val++; + + pk = gnutls_x509_privkey_get_pk_algorithm (key); + switch (pk) + { + case GNUTLS_PK_RSA: + { ret = - pkcs11_open_session(&pks, &info, - SESSION_WRITE | pkcs11_obj_flags_to_int(flags)); - if (ret < 0) { - gnutls_assert(); - return ret; - } + gnutls_x509_privkey_export_rsa_raw2 (key, &m, + &e, &d, &p, + &q, &u, &exp1, &exp2); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + type = CKK_RSA; + + a[a_val].type = CKA_MODULUS; + a[a_val].value = m.data; + a[a_val].value_len = m.size; + a_val++; - /* FIXME: copy key usage flags */ - a_val = 0; - a[a_val].type = CKA_CLASS; - a[a_val].value = &class; - a[a_val].value_len = sizeof(class); + a[a_val].type = CKA_PUBLIC_EXPONENT; + a[a_val].value = e.data; + a[a_val].value_len = e.size; a_val++; - - a[a_val].type = CKA_ID; - a[a_val].value = id; - a[a_val].value_len = id_size; + + a[a_val].type = CKA_PRIVATE_EXPONENT; + a[a_val].value = d.data; + a[a_val].value_len = d.size; a_val++; - - a[a_val].type = CKA_KEY_TYPE; - a[a_val].value = &type; - a[a_val].value_len = sizeof(type); + + a[a_val].type = CKA_PRIME_1; + a[a_val].value = p.data; + a[a_val].value_len = p.size; a_val++; - - if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) - tval = 1; - else - tval = 0; - - a[a_val].type = CKA_SENSITIVE; - a[a_val].value = &tval; - a[a_val].value_len = sizeof(tval); + + a[a_val].type = CKA_PRIME_2; + a[a_val].value = q.data; + a[a_val].value_len = q.size; a_val++; - pk = gnutls_x509_privkey_get_pk_algorithm(key); - switch (pk) { - case GNUTLS_PK_RSA:{ - - ret = - gnutls_x509_privkey_export_rsa_raw2(key, &m, - &e, &d, &p, - &q, &u, - &exp1, - &exp2); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - type = CKK_RSA; - - a[a_val].type = CKA_MODULUS; - a[a_val].value = m.data; - a[a_val].value_len = m.size; - a_val++; - - a[a_val].type = CKA_PUBLIC_EXPONENT; - a[a_val].value = e.data; - a[a_val].value_len = e.size; - a_val++; - - a[a_val].type = CKA_PRIVATE_EXPONENT; - a[a_val].value = d.data; - a[a_val].value_len = d.size; - a_val++; - - a[a_val].type = CKA_PRIME_1; - a[a_val].value = p.data; - a[a_val].value_len = p.size; - a_val++; - - a[a_val].type = CKA_PRIME_2; - a[a_val].value = q.data; - a[a_val].value_len = q.size; - a_val++; - - a[a_val].type = CKA_COEFFICIENT; - a[a_val].value = u.data; - a[a_val].value_len = u.size; - a_val++; - - a[a_val].type = CKA_EXPONENT_1; - a[a_val].value = exp1.data; - a[a_val].value_len = exp1.size; - a_val++; - - a[a_val].type = CKA_EXPONENT_2; - a[a_val].value = exp2.data; - a[a_val].value_len = exp2.size; - a_val++; - - break; - } - case GNUTLS_PK_DSA:{ - ret = - gnutls_x509_privkey_export_dsa_raw(key, &p, &q, - &g, &y, &x); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - type = CKK_DSA; - - a[a_val].type = CKA_PRIME; - a[a_val].value = p.data; - a[a_val].value_len = p.size; - a_val++; - - a[a_val].type = CKA_SUBPRIME; - a[a_val].value = q.data; - a[a_val].value_len = q.size; - a_val++; - - a[a_val].type = CKA_BASE; - a[a_val].value = g.data; - a[a_val].value_len = g.size; - a_val++; - - a[a_val].type = CKA_VALUE; - a[a_val].value = x.data; - a[a_val].value_len = x.size; - a_val++; - - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } + a[a_val].type = CKA_COEFFICIENT; + a[a_val].value = u.data; + a[a_val].value_len = u.size; + a_val++; - rv = pakchois_create_object(pks, a, a_val, &obj); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv)); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } + a[a_val].type = CKA_EXPONENT_1; + a[a_val].value = exp1.data; + a[a_val].value_len = exp1.size; + a_val++; - /* generated! - */ - - switch (pk) { - case GNUTLS_PK_RSA:{ - gnutls_free(m.data); - gnutls_free(e.data); - gnutls_free(d.data); - gnutls_free(p.data); - gnutls_free(q.data); - gnutls_free(u.data); - gnutls_free(exp1.data); - gnutls_free(exp2.data); - break; - } - case GNUTLS_PK_DSA:{ - gnutls_free(p.data); - gnutls_free(q.data); - gnutls_free(g.data); - gnutls_free(y.data); - gnutls_free(x.data); - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } + a[a_val].type = CKA_EXPONENT_2; + a[a_val].value = exp2.data; + a[a_val].value_len = exp2.size; + a_val++; - ret = 0; + break; + } + case GNUTLS_PK_DSA: + { + ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + type = CKK_DSA; + + a[a_val].type = CKA_PRIME; + a[a_val].value = p.data; + a[a_val].value_len = p.size; + a_val++; - cleanup: - pakchois_close_session(pks); + a[a_val].type = CKA_SUBPRIME; + a[a_val].value = q.data; + a[a_val].value_len = q.size; + a_val++; - return ret; + a[a_val].type = CKA_BASE; + a[a_val].value = g.data; + a[a_val].value_len = g.size; + a_val++; + + a[a_val].type = CKA_VALUE; + a[a_val].value = x.data; + a[a_val].value_len = x.size; + a_val++; + + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } + + rv = pakchois_create_object (pks, a, a_val, &obj); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + /* generated! + */ + + switch (pk) + { + case GNUTLS_PK_RSA: + { + gnutls_free (m.data); + gnutls_free (e.data); + gnutls_free (d.data); + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (u.data); + gnutls_free (exp1.data); + gnutls_free (exp2.data); + break; + } + case GNUTLS_PK_DSA: + { + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); + gnutls_free (x.data); + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } + + ret = 0; + +cleanup: + pakchois_close_session (pks); + + return ret; } -struct delete_data_st { - struct pkcs11_url_info info; - unsigned int deleted; /* how many */ +struct delete_data_st +{ + struct pkcs11_url_info info; + unsigned int deleted; /* how many */ }; -static int delete_obj_url(pakchois_session_t * pks, - struct token_info *info, - struct ck_info * lib_info, - void *input) +static int +delete_obj_url (pakchois_session_t * pks, + struct token_info *info, + struct ck_info *lib_info, void *input) { - struct delete_data_st *find_data = input; - struct ck_attribute a[4]; - ck_object_class_t class; - ck_certificate_type_t type = -1; - ck_rv_t rv; - ck_object_handle_t obj; - unsigned long count, a_vals; - int found = 0, ret; - - - if (info == NULL) { /* we don't support multiple calls */ - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + struct delete_data_st *find_data = input; + struct ck_attribute a[4]; + ck_object_class_t class; + ck_certificate_type_t type = -1; + ck_rv_t rv; + ck_object_handle_t obj; + unsigned long count, a_vals; + int found = 0, ret; + + + if (info == NULL) + { /* we don't support multiple calls */ + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + /* do not bother reading the token if basic fields do not match + */ + if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) < + 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + class = CKO_CERTIFICATE; /* default */ + + if (find_data->info.type[0] != 0) + { + class = pkcs11_strtype_to_class (find_data->info.type); + if (class == CKO_CERTIFICATE) + type = CKC_X_509; + + if (class == -1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - - /* do not bother reading the token if basic fields do not match - */ - if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + a_vals = 0; + + /* Find objects with given class and type */ + if (find_data->info.certid_raw_size > 0) + { + a[a_vals].type = CKA_ID; + a[a_vals].value = find_data->info.certid_raw; + a[a_vals].value_len = find_data->info.certid_raw_size; + a_vals++; + } + + if (class != -1) + { + a[a_vals].type = CKA_CLASS; + a[a_vals].value = &class; + a[a_vals].value_len = sizeof class; + a_vals++; + } + + if (type != -1) + { + a[a_vals].type = CKA_CERTIFICATE_TYPE; + a[a_vals].value = &type; + a[a_vals].value_len = sizeof type; + a_vals++; + } + + if (find_data->info.label[0] != 0) + { + a[a_vals].type = CKA_LABEL; + a[a_vals].value = find_data->info.label; + a[a_vals].value_len = strlen (find_data->info.label); + a_vals++; + } + + rv = pakchois_find_objects_init (pks, a, a_vals); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: FindObjectsInit failed.\n"); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1) + { + rv = pakchois_destroy_object (pks, obj); + if (rv != CKR_OK) + { + _gnutls_debug_log + ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv)); } - - class = CKO_CERTIFICATE; /* default */ - - if (find_data->info.type[0] != 0) { - class = pkcs11_strtype_to_class(find_data->info.type); - if (class == CKO_CERTIFICATE) - type = CKC_X_509; - - if (class == -1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + else + { + find_data->deleted++; } - a_vals = 0; + found = 1; + } - /* Find objects with given class and type */ - if (find_data->info.certid_raw_size > 0) { - a[a_vals].type = CKA_ID; - a[a_vals].value = find_data->info.certid_raw; - a[a_vals].value_len = find_data->info.certid_raw_size; - a_vals++; - } - - if (class != -1) { - a[a_vals].type = CKA_CLASS; - a[a_vals].value = &class; - a[a_vals].value_len = sizeof class; - a_vals++; - } + if (found == 0) + { + gnutls_assert (); + ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + else + { + ret = 0; + } - if (type != -1) { - a[a_vals].type = CKA_CERTIFICATE_TYPE; - a[a_vals].value = &type; - a[a_vals].value_len = sizeof type; - a_vals++; - } +cleanup: + pakchois_find_objects_final (pks); - if (find_data->info.label[0] != 0) { - a[a_vals].type = CKA_LABEL; - a[a_vals].value = find_data->info.label; - a[a_vals].value_len = strlen(find_data->info.label); - a_vals++; - } - - rv = pakchois_find_objects_init(pks, a, a_vals); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pk11: FindObjectsInit failed.\n"); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - rv = pakchois_destroy_object(pks, obj); - if (rv != CKR_OK) { - _gnutls_debug_log - ("pkcs11: Cannot destroy object: %s\n", - pakchois_error(rv)); - } else { - find_data->deleted++; - } - - found = 1; - } - - if (found == 0) { - gnutls_assert(); - ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } else { - ret = 0; - } - - cleanup: - pakchois_find_objects_final(pks); - - return ret; + return ret; } @@ -508,27 +540,30 @@ static int delete_obj_url(pakchois_session_t * pks, * Returns: On success, the number of objects deleted is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags) +int +gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags) { - int ret; - struct delete_data_st find_data; - - memset(&find_data, 0, sizeof(find_data)); - - ret = pkcs11_url_to_info(object_url, &find_data.info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = - _pkcs11_traverse_tokens(delete_obj_url, &find_data, - SESSION_WRITE|pkcs11_obj_flags_to_int(flags)); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return find_data.deleted; + int ret; + struct delete_data_st find_data; + + memset (&find_data, 0, sizeof (find_data)); + + ret = pkcs11_url_to_info (object_url, &find_data.info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = + _pkcs11_traverse_tokens (delete_obj_url, &find_data, + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return find_data.deleted; } diff --git a/lib/random.c b/lib/random.c index 9acbe1f408..d3f363949c 100644 --- a/lib/random.c +++ b/lib/random.c @@ -70,7 +70,8 @@ _gnutls_rnd_deinit (void) * **/ -int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len) +int +gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len) { if (len > 0) { diff --git a/lib/random.h b/lib/random.h index 8859f8a329..8475d9a98b 100644 --- a/lib/random.h +++ b/lib/random.h @@ -23,7 +23,7 @@ */ #ifndef RANDOM_H -# define RANDOM_H +#define RANDOM_H #include <gnutls/crypto.h> diff --git a/lib/system.c b/lib/system.c index ec05590992..0f393c311c 100644 --- a/lib/system.c +++ b/lib/system.c @@ -29,12 +29,12 @@ #include <errno.h> #ifdef _WIN32 -# include <windows.h> +#include <windows.h> #else -# ifdef HAVE_PTHREAD_LOCKS -# include <pthread.h> -# endif +#ifdef HAVE_PTHREAD_LOCKS +#include <pthread.h> +#endif #endif /* We need to disable gnulib's replacement wrappers to get native @@ -49,52 +49,60 @@ */ #ifdef _WIN32 -int system_errno(gnutls_transport_ptr) +int +system_errno (gnutls_transport_ptr) { int tmperr = WSAGetLastError (); int ret = 0; switch (tmperr) { - case WSAEWOULDBLOCK: - ret = EAGAIN; - break; - case WSAEINTR: - ret = EINTR; - break; - default: - ret = EIO; - break; - } - WSASetLastError (tmperr); + case WSAEWOULDBLOCK: + ret = EAGAIN; + break; + case WSAEINTR: + ret = EINTR; + break; + default: + ret = EIO; + break; + } + WSASetLastError (tmperr); return ret; } -ssize_t system_write(gnutls_transport_ptr ptr, const void* data, size_t data_size) +ssize_t +system_write (gnutls_transport_ptr ptr, const void *data, size_t data_size) { - return send( GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0); + return send (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0); } #else /* POSIX */ -int system_errno(gnutls_transport_ptr ptr) +int +system_errno (gnutls_transport_ptr ptr) { return errno; } -ssize_t system_writev(gnutls_transport_ptr ptr, const giovec_t * iovec, int iovec_cnt) +ssize_t +system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec, + int iovec_cnt) { - return writev(GNUTLS_POINTER_TO_INT(ptr), (struct iovec*) iovec, iovec_cnt); + return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec, + iovec_cnt); } #endif -ssize_t system_read(gnutls_transport_ptr ptr, void* data, size_t data_size) +ssize_t +system_read (gnutls_transport_ptr ptr, void *data, size_t data_size) { - return recv( GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0); + return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0); } -ssize_t system_read_peek(gnutls_transport_ptr ptr, void* data, size_t data_size) +ssize_t +system_read_peek (gnutls_transport_ptr ptr, void *data, size_t data_size) { - return recv( GNUTLS_POINTER_TO_INT(ptr), data, data_size, MSG_PEEK); + return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, MSG_PEEK); } /* Thread stuff */ @@ -103,42 +111,48 @@ ssize_t system_read_peek(gnutls_transport_ptr ptr, void* data, size_t data_size) /* FIXME: win32 locks are untested */ -static int gnutls_system_mutex_init (void **priv) +static int +gnutls_system_mutex_init (void **priv) { CRITICAL_SECTION *lock = malloc (sizeof (CRITICAL_SECTION)); int ret; - if (lock==NULL) + if (lock == NULL) return GNUTLS_E_MEMORY_ERROR; - InitializeCriticalSection(lock); - + InitializeCriticalSection (lock); + *priv = lock; - + return 0; } -static int gnutls_system_mutex_deinit (void **priv) +static int +gnutls_system_mutex_deinit (void **priv) { - DeleteCriticalSection((CRITICAL_SECTION*)*priv); - free(*priv); - + DeleteCriticalSection ((CRITICAL_SECTION *) * priv); + free (*priv); + return 0; } -static int gnutls_system_mutex_lock (void **priv) +static int +gnutls_system_mutex_lock (void **priv) { - EnterCriticalSection((CRITICAL_SECTION*)*priv); + EnterCriticalSection ((CRITICAL_SECTION *) * priv); return 0; } -static int gnutls_system_mutex_unlock (void **priv) +static int +gnutls_system_mutex_unlock (void **priv) { - LeaveCriticalSection((CRITICAL_SECTION*)*priv); + LeaveCriticalSection ((CRITICAL_SECTION *) * priv); return 0; } -int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void)) +int +_gnutls_atfork (void (*prepare) (void), void (*parent) (void), + void (*child) (void)) { return 0; } @@ -148,86 +162,98 @@ int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(vo #ifdef HAVE_PTHREAD_LOCKS -static int gnutls_system_mutex_init (void **priv) +static int +gnutls_system_mutex_init (void **priv) { pthread_mutex_t *lock = malloc (sizeof (pthread_mutex_t)); int ret; - if (lock==NULL) + if (lock == NULL) return GNUTLS_E_MEMORY_ERROR; - ret = pthread_mutex_init (lock, NULL); - if (ret) - { - free(lock); - gnutls_assert(); - return GNUTLS_E_LOCKING_ERROR; - } - + ret = pthread_mutex_init (lock, NULL); + if (ret) + { + free (lock); + gnutls_assert (); + return GNUTLS_E_LOCKING_ERROR; + } + *priv = lock; - + return 0; } -static int gnutls_system_mutex_deinit (void **priv) +static int +gnutls_system_mutex_deinit (void **priv) { - pthread_mutex_destroy((pthread_mutex_t*)*priv); - free(*priv); + pthread_mutex_destroy ((pthread_mutex_t *) * priv); + free (*priv); return 0; } -static int gnutls_system_mutex_lock (void **priv) +static int +gnutls_system_mutex_lock (void **priv) { - if (pthread_mutex_lock((pthread_mutex_t*)*priv)) + if (pthread_mutex_lock ((pthread_mutex_t *) * priv)) { - gnutls_assert(); - return GNUTLS_E_LOCKING_ERROR; + gnutls_assert (); + return GNUTLS_E_LOCKING_ERROR; } return 0; } -static int gnutls_system_mutex_unlock (void **priv) +static int +gnutls_system_mutex_unlock (void **priv) { - if (pthread_mutex_unlock((pthread_mutex_t*)*priv)) + if (pthread_mutex_unlock ((pthread_mutex_t *) * priv)) { - gnutls_assert(); - return GNUTLS_E_LOCKING_ERROR; + gnutls_assert (); + return GNUTLS_E_LOCKING_ERROR; } return 0; } -int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void)) +int +_gnutls_atfork (void (*prepare) (void), void (*parent) (void), + void (*child) (void)) { - return pthread_atfork(prepare, parent, child); + return pthread_atfork (prepare, parent, child); } #endif /* PTHREAD_LOCKS */ #ifdef HAVE_NO_LOCKS -static int gnutls_system_mutex_init (void **priv) +static int +gnutls_system_mutex_init (void **priv) { return 0; } -static int gnutls_system_mutex_deinit (void **priv) +static int +gnutls_system_mutex_deinit (void **priv) { return 0; } -static int gnutls_system_mutex_lock (void **priv) +static int +gnutls_system_mutex_lock (void **priv) { return 0; } -static int gnutls_system_mutex_unlock (void **priv) +static int +gnutls_system_mutex_unlock (void **priv) { return 0; } -int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void)) +int +_gnutls_atfork (void (*prepare) (void), void (*parent) (void), + void (*child) (void)) { return 0; } diff --git a/lib/system.h b/lib/system.h index a8257d4382..773915c9df 100644 --- a/lib/system.h +++ b/lib/system.h @@ -1,33 +1,37 @@ #ifndef SYSTEM_H -# define SYSTEM_H +#define SYSTEM_H #include <gnutls_int.h> #ifndef _WIN32 -# include <sys/uio.h> /* for writev */ +#include <sys/uio.h> /* for writev */ #endif -int system_errno(gnutls_transport_ptr); +int system_errno (gnutls_transport_ptr); #ifdef _WIN32 -ssize_t system_write(gnutls_transport_ptr ptr, const void* data, size_t data_size); +ssize_t system_write (gnutls_transport_ptr ptr, const void *data, + size_t data_size); #else -# define HAVE_WRITEV -ssize_t system_writev(gnutls_transport_ptr ptr, const giovec_t * iovec, int iovec_cnt); +#define HAVE_WRITEV +ssize_t system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec, + int iovec_cnt); #endif -ssize_t system_read(gnutls_transport_ptr ptr, void* data, size_t data_size); -ssize_t system_read_peek(gnutls_transport_ptr ptr, void* data, size_t data_size); +ssize_t system_read (gnutls_transport_ptr ptr, void *data, size_t data_size); +ssize_t system_read_peek (gnutls_transport_ptr ptr, void *data, + size_t data_size); #ifdef _WIN32 -# define HAVE_WIN32_LOCKS +#define HAVE_WIN32_LOCKS #else -# ifdef HAVE_LIBPTHREAD -# define HAVE_PTHREAD_LOCKS -# else -# define HAVE_NO_LOCKS -# endif +#ifdef HAVE_LIBPTHREAD +#define HAVE_PTHREAD_LOCKS +#else +#define HAVE_NO_LOCKS +#endif #endif -int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void)); +int _gnutls_atfork (void (*prepare) (void), void (*parent) (void), + void (*child) (void)); #endif /* SYSTEM_H */ diff --git a/lib/x509/common.c b/lib/x509/common.c index e0b137e828..44b852827c 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -42,7 +42,7 @@ struct oid2string const char *ldap_desc; int choice; /* of type DirectoryString */ int printable; - const char* asn_desc; /* description in the pkix file */ + const char *asn_desc; /* description in the pkix file */ }; /* This list contains all the OIDs that may be @@ -54,7 +54,8 @@ static const struct oid2string _oid2str[] = { {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1, "PKIX1.GeneralizedTime"}, {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1, "PKIX1.DirectoryString"}, {"1.3.6.1.5.5.7.9.3", "gender", 0, 1, "PKIX1.PrintableString"}, - {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1, "PKIX1.PrintableString"}, + {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1, + "PKIX1.PrintableString"}, {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1, "PKIX1.PrintableString"}, {"2.5.4.6", "C", 0, 1, "PKIX1.PrintableString"}, @@ -83,9 +84,13 @@ static const struct oid2string _oid2str[] = { /* Extended validation */ - {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName", 1, 1, "PKIX1.DirectoryString"}, - {"1.3.6.1.4.1.311.60.2.1.2", "jurisdictionOfIncorporationStateOrProvinceName", 1, 1, "PKIX1.DirectoryString"}, - {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName", 0, 1, "PKIX1.PrintableString"}, + {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName", 1, + 1, "PKIX1.DirectoryString"}, + {"1.3.6.1.4.1.311.60.2.1.2", + "jurisdictionOfIncorporationStateOrProvinceName", 1, 1, + "PKIX1.DirectoryString"}, + {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName", 0, 1, + "PKIX1.PrintableString"}, /* PKCS #9 */ @@ -231,7 +236,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, return GNUTLS_E_INTERNAL_ERROR; } - ANAME = _gnutls_x509_oid2asn_string(oid); + ANAME = _gnutls_x509_oid2asn_string (oid); CHOICE = _gnutls_x509_oid_data_choice (oid); if (ANAME == NULL) @@ -1166,15 +1171,17 @@ cleanup: return result; } -void _asnstr_append_name(char* name, size_t name_size, const char* part1, const char* part2) +void +_asnstr_append_name (char *name, size_t name_size, const char *part1, + const char *part2) { - if (part1[0] != 0) + if (part1[0] != 0) { - _gnutls_str_cpy (name, name_size, part1); - _gnutls_str_cat (name, name_size, part2); + _gnutls_str_cpy (name, name_size, part1); + _gnutls_str_cat (name, name_size, part2); } else - _gnutls_str_cpy (name, name_size, part2+1 /* remove initial dot */); + _gnutls_str_cpy (name, name_size, part2 + 1 /* remove initial dot */ ); } @@ -1203,7 +1210,7 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, /* write the OID */ - _asnstr_append_name(name, sizeof(name), dst_name, ".algorithm.algorithm"); + _asnstr_append_name (name, sizeof (name), dst_name, ".algorithm.algorithm"); result = asn1_write_value (dst, name, pk, 1); if (result != ASN1_SUCCESS) @@ -1216,7 +1223,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, { /* disable parameters, which are not used in RSA. */ - _asnstr_append_name(name, sizeof(name), dst_name, ".algorithm.parameters"); + _asnstr_append_name (name, sizeof (name), dst_name, + ".algorithm.parameters"); result = asn1_write_value (dst, name, NULL, 0); if (result != ASN1_SUCCESS) @@ -1234,7 +1242,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, /* Write the DER parameters. (in bits) */ - _asnstr_append_name(name, sizeof(name), dst_name, ".subjectPublicKey"); + _asnstr_append_name (name, sizeof (name), dst_name, + ".subjectPublicKey"); result = asn1_write_value (dst, name, der.data, der.size * 8); _gnutls_free_datum (&der); @@ -1257,7 +1266,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, /* Write the DER parameters. */ - _asnstr_append_name(name, sizeof(name), dst_name, ".algorithm.parameters"); + _asnstr_append_name (name, sizeof (name), dst_name, + ".algorithm.parameters"); result = asn1_write_value (dst, name, der.data, der.size); _gnutls_free_datum (&der); @@ -1275,7 +1285,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, return result; } - _asnstr_append_name(name, sizeof(name), dst_name, ".subjectPublicKey"); + _asnstr_append_name (name, sizeof (name), dst_name, + ".subjectPublicKey"); result = asn1_write_value (dst, name, der.data, der.size * 8); _gnutls_free_datum (&der); @@ -1309,7 +1320,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, char name[128]; - _asnstr_append_name(name, sizeof(name), src_name, ".algorithm.algorithm"); + _asnstr_append_name (name, sizeof (name), src_name, ".algorithm.algorithm"); len = sizeof (oid); result = asn1_read_value (src, name, oid, &len); @@ -1333,7 +1344,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, /* Now read the parameters' bits */ - _asnstr_append_name(name, sizeof(name), src_name, ".subjectPublicKey"); + _asnstr_append_name (name, sizeof (name), src_name, ".subjectPublicKey"); len = 0; result = asn1_read_value (src, name, NULL, &len); @@ -1358,7 +1369,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, return GNUTLS_E_MEMORY_ERROR; } - _asnstr_append_name(name, sizeof(name), src_name, ".subjectPublicKey"); + _asnstr_append_name (name, sizeof (name), src_name, ".subjectPublicKey"); result = asn1_read_value (src, name, str, &len); diff --git a/lib/x509/common.h b/lib/x509/common.h index 34981bd936..c6c2406c56 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -24,7 +24,7 @@ */ #ifndef COMMON_H -# define COMMON_H +#define COMMON_H #include <gnutls_algorithms.h> @@ -75,7 +75,7 @@ int _gnutls_x509_oid_data2string (const char *OID, void *value, int _gnutls_x509_data2hex (const opaque * data, size_t data_size, opaque * out, size_t * sizeof_out); -const char * _gnutls_x509_oid2asn_string (const char *oid); +const char *_gnutls_x509_oid2asn_string (const char *oid); const char *_gnutls_x509_oid2ldap_string (const char *OID); @@ -136,20 +136,22 @@ int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, gnutls_datum_t * signature); -gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash(bigint_t q); +gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash (bigint_t q); int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, - bigint_t * params, int *params_size); + bigint_t * params, int *params_size); -int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t* params, int params_size, - unsigned char *output_data, size_t * output_data_size); +int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params, + int params_size, unsigned char *output_data, + size_t * output_data_size); -void _asnstr_append_name(char* name, size_t name_size, const char* part1, const char* part2); +void _asnstr_append_name (char *name, size_t name_size, const char *part1, + const char *part2); int pubkey_verify_sig (const gnutls_datum_t * tbs, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_algorithm_t pk, bigint_t * issuer_params, - int issuer_params_size); + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_pk_algorithm_t pk, bigint_t * issuer_params, + int issuer_params_size); #endif diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index c9c784d0aa..a374cf676a 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -109,14 +109,14 @@ gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, return GNUTLS_E_INVALID_REQUEST; } - result = gnutls_privkey_init(&privkey); + result = gnutls_privkey_init (&privkey); if (result < 0) { gnutls_assert (); return result; } - result = gnutls_privkey_import_x509(privkey, issuer_key, 0); + result = gnutls_privkey_import_x509 (privkey, issuer_key, 0); if (result < 0) { gnutls_assert (); @@ -133,7 +133,7 @@ gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, result = 0; fail: - gnutls_privkey_deinit(privkey); + gnutls_privkey_deinit (privkey); return result; } @@ -475,8 +475,9 @@ gnutls_x509_crl_set_number (gnutls_x509_crl_t crl, **/ int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index f80c280c26..6e13661f3a 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -1022,14 +1022,14 @@ gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - result = gnutls_privkey_init(&privkey); + result = gnutls_privkey_init (&privkey); if (result < 0) { gnutls_assert (); return result; } - result = gnutls_privkey_import_x509(privkey, key, 0); + result = gnutls_privkey_import_x509 (privkey, key, 0); if (result < 0) { gnutls_assert (); @@ -1046,7 +1046,7 @@ gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, result = 0; fail: - gnutls_privkey_deinit(privkey); + gnutls_privkey_deinit (privkey); return result; } @@ -1065,12 +1065,12 @@ fail: int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) { -gnutls_digest_algorithm_t dig; -int ret = gnutls_x509_crq_get_preferred_hash_algorithm (crq, &dig, NULL); + gnutls_digest_algorithm_t dig; + int ret = gnutls_x509_crq_get_preferred_hash_algorithm (crq, &dig, NULL); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -2294,7 +2294,8 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, - gnutls_digest_algorithm_t * hash, unsigned int *mand) + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; int params_size; @@ -2314,8 +2315,10 @@ gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, return ret; } - ret = _gnutls_pk_get_hash_algorithm(gnutls_x509_crq_get_pk_algorithm (crq, NULL), - params, params_size, hash, mand); + ret = + _gnutls_pk_get_hash_algorithm (gnutls_x509_crq_get_pk_algorithm + (crq, NULL), params, params_size, hash, + mand); /* release allocated mpis */ for (i = 0; i < params_size; i++) @@ -2509,7 +2512,8 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, **/ int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, - gnutls_digest_algorithm_t dig, unsigned int flags) + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; gnutls_datum_t signature; @@ -2534,9 +2538,7 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, /* Step 1. Self sign the request. */ - result = - _gnutls_x509_get_tbs (crq->crq, "certificationRequestInfo", - &tbs); + result = _gnutls_x509_get_tbs (crq->crq, "certificationRequestInfo", &tbs); if (result < 0) { @@ -2545,7 +2547,7 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, } result = gnutls_privkey_sign_data (key, dig, 0, &tbs, &signature); - gnutls_free(tbs.data); + gnutls_free (tbs.data); if (result < 0) { @@ -2570,7 +2572,8 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, /* Step 3. Write the signatureAlgorithm field. */ result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm", - gnutls_privkey_get_pk_algorithm(key, NULL), dig); + gnutls_privkey_get_pk_algorithm + (key, NULL), dig); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 4288470081..81b8890375 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -281,7 +281,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, gnutls_assert (); _gnutls_x509_log ("Found OID: '%s' with value '%s'\n", - oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped, NULL)); + oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped, + NULL)); goto cleanup; } STR_APPEND (str_escape (string, escaped, sizeof_escaped)); @@ -655,7 +656,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid, /* Find how to encode the data. */ - val_name = _gnutls_x509_oid2asn_string(given_oid); + val_name = _gnutls_x509_oid2asn_string (given_oid); if (val_name == NULL) { gnutls_assert (); diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 0190480f27..9673d0b9dd 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -208,25 +208,25 @@ _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, bigint_t * params) */ int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, - bigint_t * params, int *params_size) + bigint_t * params, int *params_size) { int result; char name[256]; gnutls_datum_t tmp = { NULL, 0 }; gnutls_pk_algorithm pk_algorithm; - result = _gnutls_x509_get_pk_algorithm(asn, root, NULL); + result = _gnutls_x509_get_pk_algorithm (asn, root, NULL); if (result < 0) { - gnutls_assert(); + gnutls_assert (); return result; } - + pk_algorithm = result; /* Read the algorithm's parameters */ - _asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey"); + _asnstr_append_name (name, sizeof (name), root, ".subjectPublicKey"); result = _gnutls_x509_read_value (asn, name, &tmp, 2); if (result < 0) @@ -284,7 +284,8 @@ _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, */ _gnutls_free_datum (&tmp); - _asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters"); + _asnstr_append_name (name, sizeof (name), root, + ".algorithm.parameters"); result = _gnutls_x509_read_value (asn, name, &tmp, 0); /* FIXME: If the parameters are not included in the certificate @@ -333,8 +334,8 @@ _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, /* Read the algorithm's OID */ return _gnutls_get_asn_mpis (cert->cert, - "tbsCertificate.subjectPublicKeyInfo", params, - params_size); + "tbsCertificate.subjectPublicKeyInfo", params, + params_size); } #ifdef ENABLE_PKI @@ -348,8 +349,8 @@ _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert, /* Read the algorithm's OID */ return _gnutls_get_asn_mpis (cert->crq, - "certificationRequestInfo.subjectPKInfo", params, - params_size); + "certificationRequestInfo.subjectPKInfo", + params, params_size); } #endif @@ -436,7 +437,9 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, if (pk == NULL) { gnutls_assert (); - _gnutls_debug_log("Cannot find OID for sign algorithm pk: %d dig: %d\n", (int)pk_algorithm, (int)dig); + _gnutls_debug_log + ("Cannot find OID for sign algorithm pk: %d dig: %d\n", + (int) pk_algorithm, (int) dig); return GNUTLS_E_INVALID_REQUEST; } diff --git a/lib/x509/output.c b/lib/x509/output.c index 56154cb0e5..b8336803c9 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -43,7 +43,8 @@ #define ERROR_STR (char*) "(error)" static void -hexdump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc) +hexdump (gnutls_buffer_st * str, const char *data, size_t len, + const char *spc) { size_t j; @@ -707,7 +708,8 @@ print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type, } static void -guiddump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc) +guiddump (gnutls_buffer_st * str, const char *data, size_t len, + const char *spc) { size_t j; @@ -739,7 +741,7 @@ static void print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert) { int result; - char buf[256]; /* if its longer, we won't bother to print it */ + char buf[256]; /* if its longer, we won't bother to print it */ ssize_t buf_size = 256; result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size); @@ -747,9 +749,10 @@ print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert) { addf (str, ("\t\tIssuer Unique ID:\n")); hexdump (str, buf, buf_size, "\t\t\t"); - if (buf_size == 16) { /* this could be a GUID */ - guiddump (str, buf, buf_size, "\t\t\t"); - } + if (buf_size == 16) + { /* this could be a GUID */ + guiddump (str, buf, buf_size, "\t\t\t"); + } } buf_size = 256; @@ -758,9 +761,10 @@ print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert) { addf (str, ("\t\tSubject Unique ID:\n")); hexdump (str, buf, buf_size, "\t\t\t"); - if (buf_size == 16) { /* this could be a GUID */ - guiddump (str, buf, buf_size, "\t\t\t"); - } + if (buf_size == 16) + { /* this could be a GUID */ + guiddump (str, buf, buf_size, "\t\t\t"); + } } } @@ -1156,7 +1160,9 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) name = _("unknown"); addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); - addf (str, _("\tCertificate Security Level: %s\n"), gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param(err, bits))); + addf (str, _("\tCertificate Security Level: %s\n"), + gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param + (err, bits))); #ifdef ENABLE_PKI switch (err) @@ -1218,8 +1224,8 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) } } - print_unique_ids(str, cert); - + print_unique_ids (str, cert); + /* Extensions. */ if (gnutls_x509_crt_get_version (cert) >= 3) { diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 7929f94d1b..367f901bb2 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -376,7 +376,8 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, result = _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); - if (result >= 0) key->pk_algorithm = GNUTLS_PK_RSA; + if (result >= 0) + key->pk_algorithm = GNUTLS_PK_RSA; if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { @@ -389,7 +390,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, if (result == 0) result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); - + goto failover; } @@ -451,9 +452,9 @@ failover: #ifdef ENABLE_PKI if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { - _gnutls_debug_log("Falling back to PKCS #8 key decoding\n"); - result = gnutls_x509_privkey_import_pkcs8 (key, data, format, - NULL, GNUTLS_PKCS_PLAIN); + _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n"); + result = gnutls_x509_privkey_import_pkcs8 (key, data, format, + NULL, GNUTLS_PKCS_PLAIN); } #endif @@ -494,7 +495,8 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, const gnutls_datum_t * q, const gnutls_datum_t * u) { - return gnutls_x509_privkey_import_rsa_raw2( key, m, e, d, p, q, u, NULL, NULL); + return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL, + NULL); } /** @@ -516,20 +518,20 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, **/ int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u, - const gnutls_datum_t * e1, - const gnutls_datum_t * e2) + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u, + const gnutls_datum_t * e1, + const gnutls_datum_t * e2) { int i = 0, ret; size_t siz = 0; gnutls_pk_params_st pk_params; - memset(&pk_params, 0, sizeof(pk_params)); + memset (&pk_params, 0, sizeof (pk_params)); if (key == NULL) { @@ -597,24 +599,24 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, { siz = e1->size; if (_gnutls_mpi_scan_nz (&key->params[6], e1->data, siz)) - { - gnutls_assert (); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } key->params_size++; siz = e2->size; if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz)) - { - gnutls_assert (); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - key->params_size++; - } + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + key->params_size++; + } - for(i=0;i<key->params_size;i++) + for (i = 0; i < key->params_size; i++) { pk_params.params[i] = key->params[i]; } @@ -629,7 +631,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, return ret; } - for(i=0;i<pk_params.params_nr;i++) + for (i = 0; i < pk_params.params_nr; i++) { key->params[i] = pk_params.params[i]; } @@ -639,11 +641,11 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, { ret = _gnutls_asn1_encode_rsa (&key->key, key->params); if (ret < 0) - { - gnutls_assert (); - FREE_RSA_PRIVATE_PARAMS; - return ret; - } + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return ret; + } } key->params_size = RSA_PRIVATE_PARAMS; @@ -854,20 +856,22 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key) { -int ret; + int ret; switch (key->pk_algorithm) { - case GNUTLS_PK_RSA: - ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits(key->params[0]/*m*/)); - break; - case GNUTLS_PK_DSA: - ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits(key->params[0] /*p*/)); - break; - default: - ret = GNUTLS_SEC_PARAM_UNKNOWN; + case GNUTLS_PK_RSA: + ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */ + )); + break; + case GNUTLS_PK_DSA: + ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */ + )); + break; + default: + ret = GNUTLS_SEC_PARAM_UNKNOWN; } - + return ret; } @@ -895,7 +899,8 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, gnutls_datum_t * q, gnutls_datum_t * u) { - return gnutls_x509_privkey_export_rsa_raw2(key, m, e, d, p, q, u, NULL, NULL); + return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL, + NULL); } /** @@ -919,10 +924,10 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, **/ int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t* e1, gnutls_datum_t* e2) + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u, + gnutls_datum_t * e1, gnutls_datum_t * e2) { int ret; gnutls_pk_params_st pk_params; @@ -1004,10 +1009,10 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, { ret = _gnutls_mpi_dprint (key->params[6], e1); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } /* E2 */ @@ -1015,10 +1020,10 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, { ret = _gnutls_mpi_dprint (key->params[7], e2); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } gnutls_pk_params_release (&pk_params); @@ -1134,14 +1139,14 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) memset (&pk_params, 0, sizeof (pk_params)); - memset(&m, 0, sizeof(m)); - memset(&p, 0, sizeof(e)); - memset(&q, 0, sizeof(d)); - memset(&p, 0, sizeof(p)); - memset(&q, 0, sizeof(q)); - memset(&u, 0, sizeof(u)); - memset(&exp1, 0, sizeof(exp1)); - memset(&exp2, 0, sizeof(exp2)); + memset (&m, 0, sizeof (m)); + memset (&p, 0, sizeof (e)); + memset (&q, 0, sizeof (d)); + memset (&p, 0, sizeof (p)); + memset (&q, 0, sizeof (q)); + memset (&u, 0, sizeof (u)); + memset (&exp1, 0, sizeof (exp1)); + memset (&exp2, 0, sizeof (exp2)); result = _gnutls_pk_params_copy (&pk_params, params, RSA_PRIVATE_PARAMS); if (result < 0) @@ -1159,59 +1164,59 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) /* retrieve as data */ - result = _gnutls_mpi_dprint_lz( pk_params.params[0], &m); + result = _gnutls_mpi_dprint_lz (pk_params.params[0], &m); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - result = _gnutls_mpi_dprint_lz( pk_params.params[1], &e); + result = _gnutls_mpi_dprint_lz (pk_params.params[1], &e); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - result = _gnutls_mpi_dprint_lz( pk_params.params[2], &d); + result = _gnutls_mpi_dprint_lz (pk_params.params[2], &d); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - result = _gnutls_mpi_dprint_lz( pk_params.params[3], &p); + result = _gnutls_mpi_dprint_lz (pk_params.params[3], &p); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - result = _gnutls_mpi_dprint_lz( pk_params.params[4], &q); + result = _gnutls_mpi_dprint_lz (pk_params.params[4], &q); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - result = _gnutls_mpi_dprint_lz( pk_params.params[5], &u); + result = _gnutls_mpi_dprint_lz (pk_params.params[5], &u); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - result = _gnutls_mpi_dprint_lz( pk_params.params[6], &exp1); + result = _gnutls_mpi_dprint_lz (pk_params.params[6], &exp1); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } - result = _gnutls_mpi_dprint_lz( pk_params.params[7], &exp2); + result = _gnutls_mpi_dprint_lz (pk_params.params[7], &exp2); if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } @@ -1324,14 +1329,14 @@ cleanup: gnutls_pk_params_release (&pk_params); - _gnutls_free_datum(&m); - _gnutls_free_datum(&d); - _gnutls_free_datum(&e); - _gnutls_free_datum(&p); - _gnutls_free_datum(&q); - _gnutls_free_datum(&u); - _gnutls_free_datum(&exp1); - _gnutls_free_datum(&exp2); + _gnutls_free_datum (&m); + _gnutls_free_datum (&d); + _gnutls_free_datum (&e); + _gnutls_free_datum (&p); + _gnutls_free_datum (&q); + _gnutls_free_datum (&u); + _gnutls_free_datum (&exp1); + _gnutls_free_datum (&exp2); return result; } @@ -1493,11 +1498,11 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, { case GNUTLS_PK_DSA: ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits); - if (params_len != DSA_PRIVATE_PARAMS) - { - gnutls_assert(); - ret = GNUTLS_E_INTERNAL_ERROR; - } + if (params_len != DSA_PRIVATE_PARAMS) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + } if (ret < 0) { @@ -1520,11 +1525,11 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, break; case GNUTLS_PK_RSA: ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits); - if (params_len != RSA_PRIVATE_PARAMS) - { - gnutls_assert(); - ret = GNUTLS_E_INTERNAL_ERROR; - } + if (params_len != RSA_PRIVATE_PARAMS) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + } if (ret < 0) { gnutls_assert (); @@ -1674,19 +1679,18 @@ cleanup: **/ int gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; - + switch (signer->pk_algorithm) { case GNUTLS_PK_RSA: - ret = - pk_pkcs1_rsa_hash (hash, data, &digest); + ret = pk_pkcs1_rsa_hash (hash, data, &digest); if (ret < 0) { gnutls_assert (); @@ -1695,7 +1699,9 @@ gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer, break; case GNUTLS_PK_DSA: /* override hash for DSA */ - ret = pk_dsa_hash (_gnutls_dsa_q_to_hash(signer->params[1]), data, &digest); + ret = + pk_dsa_hash (_gnutls_dsa_q_to_hash (signer->params[1]), data, + &digest); if (ret < 0) { gnutls_assert (); @@ -1707,10 +1713,10 @@ gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer, gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } - - ret = gnutls_x509_privkey_sign_hash(signer, &digest, signature); + + ret = gnutls_x509_privkey_sign_hash (signer, &digest, signature); _gnutls_free_datum (&digest); - + if (ret < 0) { gnutls_assert (); @@ -1749,7 +1755,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, } result = _gnutls_soft_sign (key->pk_algorithm, key->params, - key->params_size, hash, signature); + key->params_size, hash, signature); if (result < 0) { gnutls_assert (); @@ -1801,7 +1807,7 @@ gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - result = gnutls_x509_privkey_sign_data2(key, digest, flags, data, &sig); + result = gnutls_x509_privkey_sign_data2 (key, digest, flags, data, &sig); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/sign.c b/lib/x509/sign.c index ca0f768f09..cab6c046d2 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -49,7 +49,8 @@ */ static int encode_ber_digest_info (gnutls_digest_algorithm_t hash, - const gnutls_datum_t * digest, gnutls_datum_t * output) + const gnutls_datum_t * digest, + gnutls_datum_t * output) { ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; int result; @@ -131,7 +132,8 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash, * params[1] is public key */ int -pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * output) +pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, + const gnutls_datum_t * text, gnutls_datum_t * output) { int ret; opaque _digest[MAX_HASH_SIZE]; @@ -163,23 +165,24 @@ pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, } int -pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * digest) +pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, + gnutls_datum_t * digest) { int ret; digest_hd_st hd; if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 && - hash != GNUTLS_DIG_SHA256) + hash != GNUTLS_DIG_SHA256) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - digest->size = _gnutls_hash_get_algo_len(hash); - digest->data = gnutls_malloc( digest->size); + digest->size = _gnutls_hash_get_algo_len (hash); + digest->data = gnutls_malloc (digest->size); if (digest->data == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } @@ -197,7 +200,7 @@ pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls return 0; fail: - gnutls_free(digest->data); + gnutls_free (digest->data); return ret; } @@ -208,7 +211,7 @@ fail: */ int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name, - gnutls_datum_t * tbs) + gnutls_datum_t * tbs) { int result; opaque *buf; @@ -254,8 +257,7 @@ _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name, int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, gnutls_digest_algorithm_t dig, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key) + gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key) { int result; gnutls_datum_t signature; @@ -280,7 +282,8 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, _gnutls_str_cat (name, sizeof (name), ".signature"); result = _gnutls_x509_write_sig_params (src, name, - gnutls_privkey_get_pk_algorithm(issuer_key, NULL), dig); + gnutls_privkey_get_pk_algorithm + (issuer_key, NULL), dig); if (result < 0) { gnutls_assert (); @@ -298,7 +301,7 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, } result = gnutls_privkey_sign_data (issuer_key, dig, 0, &tbs, &signature); - gnutls_free(tbs.data); + gnutls_free (tbs.data); if (result < 0) { @@ -324,7 +327,8 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, */ result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", - gnutls_privkey_get_pk_algorithm(issuer_key, NULL), dig); + gnutls_privkey_get_pk_algorithm + (issuer_key, NULL), dig); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/sign.h b/lib/x509/sign.h index cce2ca8786..190e4c363b 100644 --- a/lib/x509/sign.h +++ b/lib/x509/sign.h @@ -1,7 +1,9 @@ #ifndef GNUTLS_SIGN_H -# define GNUTLS_SIGN_H +#define GNUTLS_SIGN_H -int pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * output); -int pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * output); +int pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, + const gnutls_datum_t * text, gnutls_datum_t * output); +int pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, + gnutls_datum_t * output); #endif diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 9c047ccecd..c9ac8b1fd7 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -58,7 +58,8 @@ static int check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) { gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = - {NULL, 0}; + { + NULL, 0}; int result; opaque serial1[128], serial2[128]; size_t serial1_size, serial2_size; @@ -79,7 +80,8 @@ check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) goto cmp; } - if (serial2_size != serial1_size || memcmp(serial1, serial2, serial1_size) != 0) + if (serial2_size != serial1_size + || memcmp (serial1, serial2, serial1_size) != 0) { return 1; } @@ -496,36 +498,35 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, * self-signed E but already removed above), and we trust B, remove * B, C and D. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - i = 0; /* also replace the first one */ + i = 0; /* also replace the first one */ else - i = 1; /* do not replace the first one */ - + i = 1; /* do not replace the first one */ + for (; i < clist_size; i++) { int j; for (j = 0; j < tcas_size; j++) - { - if (check_if_same_cert (certificate_list[i], - trusted_cas[j]) == 0) + { + if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0) { /* explicity time check for trusted CA that we remove from * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS */ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS) - && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) - { - status |= check_time (trusted_cas[j], now); - if (status != 0) - { - return status; - } + && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) + { + status |= check_time (trusted_cas[j], now); + if (status != 0) + { + return status; + } } - clist_size = i; + clist_size = i; break; } - } - /* clist_size may have been changed which gets out of loop */ + } + /* clist_size may have been changed which gets out of loop */ } if (clist_size == 0) @@ -827,10 +828,10 @@ dsa_verify_sig (const gnutls_datum_t * text, */ int pubkey_verify_sig (const gnutls_datum_t * tbs, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_algorithm_t pk, bigint_t * issuer_params, - int issuer_params_size) + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_pk_algorithm_t pk, bigint_t * issuer_params, + int issuer_params_size) { switch (pk) @@ -864,17 +865,23 @@ pubkey_verify_sig (const gnutls_datum_t * tbs, } } -gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash(bigint_t q) +gnutls_digest_algorithm_t +_gnutls_dsa_q_to_hash (bigint_t q) { - int bits = _gnutls_mpi_get_nbits(q); - - if (bits <= 160) { - return GNUTLS_DIG_SHA1; - } else if (bits <= 224) { - return GNUTLS_DIG_SHA224; - } else { - return GNUTLS_DIG_SHA256; - } + int bits = _gnutls_mpi_get_nbits (q); + + if (bits <= 160) + { + return GNUTLS_DIG_SHA1; + } + else if (bits <= 224) + { + return GNUTLS_DIG_SHA224; + } + else + { + return GNUTLS_DIG_SHA256; + } } /* This will return the appropriate hash to verify the given signature. @@ -885,28 +892,30 @@ int _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, const gnutls_datum_t * signature, gnutls_pk_algorithm pk, - bigint_t* issuer_params, unsigned int issuer_params_size) + bigint_t * issuer_params, + unsigned int issuer_params_size) { opaque digest[MAX_HASH_SIZE]; gnutls_datum_t decrypted; int digest_size; int ret; - switch(pk) + switch (pk) { case GNUTLS_PK_DSA: - + if (hash) - *hash = _gnutls_dsa_q_to_hash(issuer_params[1]); + *hash = _gnutls_dsa_q_to_hash (issuer_params[1]); ret = 0; break; case GNUTLS_PK_RSA: - if (signature == NULL) {/* return a sensible algorithm */ - if (hash) - *hash = GNUTLS_DIG_SHA256; - return 0; - } + if (signature == NULL) + { /* return a sensible algorithm */ + if (hash) + *hash = GNUTLS_DIG_SHA256; + return 0; + } ret = _gnutls_pkcs1_rsa_decrypt (&decrypted, signature, @@ -979,8 +988,8 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, ret = pubkey_verify_sig (tbs, hash, signature, - gnutls_x509_crt_get_pk_algorithm (issuer, NULL), - issuer_params, issuer_params_size); + gnutls_x509_crt_get_pk_algorithm (issuer, NULL), + issuer_params, issuer_params_size); if (ret < 0) { gnutls_assert (); @@ -1010,7 +1019,7 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, int ret; ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm, - issuer->params, issuer->params_size); + issuer->params, issuer->params_size); if (ret < 0) { gnutls_assert (); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 7f95c32b26..c9b756a6f6 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -2186,16 +2186,17 @@ gnutls_x509_crt_export (gnutls_x509_crt_t cert, } int -_gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t* params, int params_size, - unsigned char *output_data, size_t * output_data_size) +_gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params, + int params_size, unsigned char *output_data, + size_t * output_data_size) { int result = 0; gnutls_datum_t der = { NULL, 0 }; digest_hd_st hd; - if (output_data==NULL || *output_data_size < 20) + if (output_data == NULL || *output_data_size < 20) { - gnutls_assert(); + gnutls_assert (); *output_data_size = 20; return GNUTLS_E_SHORT_MEMORY_BUFFER; } @@ -2257,7 +2258,9 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk, return result; } - result = _gnutls_get_key_id(pk, params, params_size, output_data, output_data_size); + result = + _gnutls_get_key_id (pk, params, params_size, output_data, + output_data_size); if (result < 0) { gnutls_assert (); @@ -2511,9 +2514,7 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, } issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; - ret = - _gnutls_x509_crt_get_mpis (crt, issuer_params, - &issuer_params_size); + ret = _gnutls_x509_crt_get_mpis (crt, issuer_params, &issuer_params_size); if (ret < 0) { gnutls_assert (); @@ -2521,8 +2522,10 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, } ret = _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash, - signature, gnutls_x509_crt_get_pk_algorithm (crt, NULL), - issuer_params, issuer_params_size); + signature, + gnutls_x509_crt_get_pk_algorithm (crt, + NULL), + issuer_params, issuer_params_size); /* release allocated mpis */ for (i = 0; i < issuer_params_size; i++) @@ -2552,7 +2555,8 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, - gnutls_digest_algorithm_t * hash, unsigned int *mand) + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; int issuer_params_size; @@ -2565,17 +2569,17 @@ gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, } issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; - ret = - _gnutls_x509_crt_get_mpis (crt, issuer_params, - &issuer_params_size); + ret = _gnutls_x509_crt_get_mpis (crt, issuer_params, &issuer_params_size); if (ret < 0) { gnutls_assert (); return ret; } - ret = _gnutls_pk_get_hash_algorithm(gnutls_x509_crt_get_pk_algorithm (crt, NULL), - issuer_params, issuer_params_size, hash, mand); + ret = + _gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm + (crt, NULL), issuer_params, + issuer_params_size, hash, mand); /* release allocated mpis */ for (i = 0; i < issuer_params_size; i++) @@ -3216,21 +3220,25 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, { int result; gnutls_datum_t datum = { NULL, 0 }; - + result = - _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID", &datum, 2); - - if (datum.size > *sizeof_buf) { /* then we're not going to fit */ - *sizeof_buf = datum.size; - buf[0] = '\0'; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - } else { - *sizeof_buf = datum.size; - memcpy(buf, datum.data, datum.size); - } - - _gnutls_free_datum(&datum); - + _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID", + &datum, 2); + + if (datum.size > *sizeof_buf) + { /* then we're not going to fit */ + *sizeof_buf = datum.size; + buf[0] = '\0'; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + } + else + { + *sizeof_buf = datum.size; + memcpy (buf, datum.data, datum.size); + } + + _gnutls_free_datum (&datum); + return result; } @@ -3252,24 +3260,28 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, **/ int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * sizeof_buf) + size_t * sizeof_buf) { int result; gnutls_datum_t datum = { NULL, 0 }; - + result = - _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID", &datum, 2); - - if (datum.size > *sizeof_buf) { /* then we're not going to fit */ - *sizeof_buf = datum.size; - buf[0] = '\0'; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - } else { - *sizeof_buf = datum.size; - memcpy(buf, datum.data, datum.size); - } - - _gnutls_free_datum(&datum); - + _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID", + &datum, 2); + + if (datum.size > *sizeof_buf) + { /* then we're not going to fit */ + *sizeof_buf = datum.size; + buf[0] = '\0'; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + } + else + { + *sizeof_buf = datum.size; + memcpy (buf, datum.data, datum.size); + } + + _gnutls_free_datum (&datum); + return result; } diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index b29b732546..924dee341c 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -24,7 +24,7 @@ */ #ifndef X509_H -# define X509_H +#define X509_H #include <gnutls/x509.h> #include <gnutls/abstract.h> @@ -33,10 +33,10 @@ /* Remove these when we require libtasn1 v1.6 or later. */ #ifndef ASN1_MAX_NAME_SIZE -# define ASN1_MAX_NAME_SIZE MAX_NAME_SIZE +#define ASN1_MAX_NAME_SIZE MAX_NAME_SIZE #endif #ifndef ASN1_MAX_ERROR_DESCRIPTION_SIZE -# define ASN1_MAX_ERROR_DESCRIPTION_SIZE MAX_ERROR_DESCRIPTION_SIZE +#define ASN1_MAX_ERROR_DESCRIPTION_SIZE MAX_ERROR_DESCRIPTION_SIZE #endif #define MAX_CRQ_EXTENSIONS_SIZE 8*1024 @@ -72,7 +72,7 @@ typedef struct gnutls_pkcs7_int ASN1_TYPE pkcs7; } gnutls_pkcs7_int; -#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */ +#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PRIVATE_PARAMS 5 @@ -81,11 +81,11 @@ typedef struct gnutls_pkcs7_int #define RSA_PUBLIC_PARAMS 2 #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0 -# error INCREASE MAX_PRIV_PARAMS +#error INCREASE MAX_PRIV_PARAMS #endif #if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0 -# error INCREASE MAX_PRIV_PARAMS +#error INCREASE MAX_PRIV_PARAMS #endif typedef struct gnutls_x509_privkey_int @@ -107,8 +107,8 @@ typedef struct gnutls_x509_privkey_int * using fixup. * The following two are also not always available thus fixup * will generate them. - * [6] e1 == d mod (p-1) - * [7] e2 == d mod (q-1) + * [6] e1 == d mod (p-1) + * [7] e2 == d mod (q-1) * DSA: [0] is p * [1] is q * [2] is g @@ -141,7 +141,7 @@ int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, /* sign.c */ int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name, - gnutls_datum_t * tbs); + gnutls_datum_t * tbs); int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, gnutls_digest_algorithm_t, gnutls_x509_crt_t issuer, @@ -190,7 +190,8 @@ int _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, const gnutls_datum_t * signature, gnutls_pk_algorithm pk, - bigint_t* issuer_params, unsigned int issuer_params_size); + bigint_t * issuer_params, + unsigned int issuer_params_size); int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, const gnutls_datum_t * hash, diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index dc47af20c3..e848f1d750 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -760,14 +760,14 @@ gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, return GNUTLS_E_INVALID_REQUEST; } - result = gnutls_privkey_init(&privkey); + result = gnutls_privkey_init (&privkey); if (result < 0) { gnutls_assert (); return result; } - result = gnutls_privkey_import_x509(privkey, issuer_key, 0); + result = gnutls_privkey_import_x509 (privkey, issuer_key, 0); if (result < 0) { gnutls_assert (); @@ -784,7 +784,7 @@ gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, result = 0; fail: - gnutls_privkey_deinit(privkey); + gnutls_privkey_deinit (privkey); return result; } @@ -1313,8 +1313,9 @@ gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; diff --git a/lib/x509_b64.c b/lib/x509_b64.c index c9bea304db..a07e8e2b4f 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -414,7 +414,8 @@ cpydata (const uint8_t * data, int data_size, uint8_t ** result) for (j = i = 0; i < data_size; i++) { - if (data[i] == '\n' || data[i] == '\r' || data[i] == ' ' || data[i] == '\t') + if (data[i] == '\n' || data[i] == '\r' || data[i] == ' ' + || data[i] == '\t') continue; (*result)[j] = data[i]; j++; @@ -462,7 +463,7 @@ _gnutls_fbase64_decode (const char *header, const opaque * data, return GNUTLS_E_BASE64_DECODING_ERROR; } - kdata = memmem (rdata+1, data_size-1, ENDSTR, sizeof (ENDSTR) - 1); + kdata = memmem (rdata + 1, data_size - 1, ENDSTR, sizeof (ENDSTR) - 1); /* allow CR as well. */ if (kdata == NULL) diff --git a/libextra/ext_inner_application.c b/libextra/ext_inner_application.c index f0df0f36b7..a72d87bb23 100644 --- a/libextra/ext_inner_application.c +++ b/libextra/ext_inner_application.c @@ -32,24 +32,24 @@ #define YES 1 static int _gnutls_inner_application_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_inner_application_send_params (gnutls_session_t session, - opaque * data, size_t); -static int ia_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv); -static int ia_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps); -static void ia_deinit_data(extension_priv_data_t priv); + opaque * data, size_t); +static int ia_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv); +static int ia_pack (extension_priv_data_t _priv, gnutls_buffer_st * ps); +static void ia_deinit_data (extension_priv_data_t priv); extension_entry_st ext_mod_ia = { - .name = "INNER APPLICATION", - .type = GNUTLS_EXTENSION_INNER_APPLICATION, - .parse_type = GNUTLS_EXT_TLS, - - .recv_func = _gnutls_inner_application_recv_params, - .send_func = _gnutls_inner_application_send_params, - .pack_func = ia_pack, - .unpack_func = ia_unpack, - .deinit_func = ia_deinit_data, + .name = "INNER APPLICATION", + .type = GNUTLS_EXTENSION_INNER_APPLICATION, + .parse_type = GNUTLS_EXT_TLS, + + .recv_func = _gnutls_inner_application_recv_params, + .send_func = _gnutls_inner_application_send_params, + .pack_func = ia_pack, + .unpack_func = ia_unpack, + .deinit_func = ia_deinit_data, }; static int @@ -66,18 +66,22 @@ _gnutls_inner_application_recv_params (gnutls_session_t session, return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_INNER_APPLICATION, epriv); + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_INNER_APPLICATION, + epriv); } else priv = epriv.ptr; @@ -87,7 +91,7 @@ _gnutls_inner_application_recv_params (gnutls_session_t session, switch ((unsigned char) *data) { - case NO: /* Peer's ia_on_resume == no */ + case NO: /* Peer's ia_on_resume == no */ priv->flags |= IA_PEER_ALLOW_SKIP; break; @@ -110,21 +114,25 @@ _gnutls_inner_application_send_params (gnutls_session_t session, opaque * data, size_t data_size) { extension_priv_data_t epriv; - ia_ext_st * priv = NULL; + ia_ext_st *priv = NULL; int ret; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_INNER_APPLICATION, epriv); + _gnutls_ext_set_session_data (session, + GNUTLS_EXTENSION_INNER_APPLICATION, + epriv); } else priv = epriv.ptr; @@ -135,20 +143,20 @@ _gnutls_inner_application_send_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_CLIENT) { gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); if (cred) - priv->flags |= IA_ENABLE; + priv->flags |= IA_ENABLE; } - else /* SERVER */ + else /* SERVER */ { gnutls_ia_server_credentials_t cred; cred = (gnutls_ia_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); if (cred) - priv->flags |= IA_PEER_ENABLE; + priv->flags |= IA_PEER_ENABLE; } /* If we don't want gnutls_ia locally, or we are a server and the @@ -180,7 +188,7 @@ _gnutls_inner_application_send_params (gnutls_session_t session, /* Client: value follows local setting */ if (priv->flags & IA_ALLOW_SKIP) - *data = NO; + *data = NO; } else { @@ -198,58 +206,61 @@ _gnutls_inner_application_send_params (gnutls_session_t session, * to record the peer's support for IA at all. Simon? */ if ((priv->flags & IA_ALLOW_SKIP) && - (priv->flags & IA_PEER_ALLOW_SKIP) && - session->internals.resumed == RESUME_TRUE) - *data = NO; + (priv->flags & IA_PEER_ALLOW_SKIP) && + session->internals.resumed == RESUME_TRUE) + *data = NO; } return 1; } -static void ia_deinit_data(extension_priv_data_t priv) +static void +ia_deinit_data (extension_priv_data_t priv) { - gnutls_free(priv.ptr); + gnutls_free (priv.ptr); } -static int ia_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps) +static int +ia_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) { -ia_ext_st* priv = epriv.ptr; -int ret; + ia_ext_st *priv = epriv.ptr; + int ret; - BUFFER_APPEND_NUM(ps, priv->flags); - BUFFER_APPEND_PFX(ps, priv->inner_secret, GNUTLS_MASTER_SIZE); + BUFFER_APPEND_NUM (ps, priv->flags); + BUFFER_APPEND_PFX (ps, priv->inner_secret, GNUTLS_MASTER_SIZE); return 0; } -static int ia_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv) +static int +ia_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv) { -ia_ext_st* priv; -int size, ret; -extension_priv_data_t epriv; + ia_ext_st *priv; + int size, ret; + extension_priv_data_t epriv; - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - BUFFER_POP_NUM(ps, priv->flags); - BUFFER_POP_NUM(ps, size); + BUFFER_POP_NUM (ps, priv->flags); + BUFFER_POP_NUM (ps, size); if (size != GNUTLS_MASTER_SIZE) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_PARSING_ERROR; } - BUFFER_POP(ps, priv->inner_secret, GNUTLS_MASTER_SIZE); + BUFFER_POP (ps, priv->inner_secret, GNUTLS_MASTER_SIZE); epriv.ptr = priv; *_priv = epriv; - + return 0; error: - gnutls_free(priv); + gnutls_free (priv); return ret; } diff --git a/libextra/ext_inner_application.h b/libextra/ext_inner_application.h index 3a037cde46..8590841e14 100644 --- a/libextra/ext_inner_application.h +++ b/libextra/ext_inner_application.h @@ -33,25 +33,29 @@ extension_entry_st ext_mod_ia; -typedef struct { +typedef struct +{ unsigned int flags; /* For TLS/IA. XXX: Move to IA credential? */ opaque inner_secret[GNUTLS_MASTER_SIZE]; } ia_ext_st; -inline static void _gnutls_ia_derive_inner_secret(gnutls_session_t session) +inline static void +_gnutls_ia_derive_inner_secret (gnutls_session_t session) { -extension_priv_data_t epriv; -ia_ext_st *priv; -int ret; - - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + extension_priv_data_t epriv; + ia_ext_st *priv; + int ret; + + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - return ; + return; } priv = epriv.ptr; - + memcpy (priv->inner_secret, session->security_parameters.master_secret, GNUTLS_MASTER_SIZE); diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c index 4455cc575f..b5772d592f 100644 --- a/libextra/gnutls_extra.c +++ b/libextra/gnutls_extra.c @@ -28,17 +28,17 @@ #include <ext_inner_application.h> #ifdef HAVE_GCRYPT -# include <gcrypt.h> +#include <gcrypt.h> #endif #ifdef USE_LZO -# ifdef USE_MINILZO -# include "minilzo/minilzo.h" -# elif HAVE_LZO_LZO1X_H -# include <lzo/lzo1x.h> -# elif HAVE_LZO1X_H -# include <lzo1x.h> -# endif +#ifdef USE_MINILZO +#include "minilzo/minilzo.h" +#elif HAVE_LZO_LZO1X_H +#include <lzo/lzo1x.h> +#elif HAVE_LZO1X_H +#include <lzo1x.h> +#endif #endif #include <gnutls/extra.h> @@ -149,7 +149,7 @@ gnutls_global_init_extra (void) #ifdef HAVE_GCRYPT -# ifdef gcry_fips_mode_active +#ifdef gcry_fips_mode_active /* Libgcrypt manual says that gcry_version_check must be called before calling gcry_fips_mode_active. */ gcry_check_version (NULL); @@ -157,10 +157,10 @@ gnutls_global_init_extra (void) { ret = gnutls_register_md5_handler (); if (ret) - fprintf (stderr, "gnutls_register_md5_handler: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "gnutls_register_md5_handler: %s\n", + gnutls_strerror (ret)); } -# endif +#endif #endif return 0; diff --git a/libextra/gnutls_ia.c b/libextra/gnutls_ia.c index f303386457..65d75a8d8c 100644 --- a/libextra/gnutls_ia.c +++ b/libextra/gnutls_ia.c @@ -97,7 +97,9 @@ _gnutls_send_inner_application (gnutls_session_t session, memcpy (p + 4, data, sizeofdata); } - len = _gnutls_send_int (session, GNUTLS_INNER_APPLICATION, -1, EPOCH_WRITE_CURRENT, p, plen, MBUFFER_FLUSH); + len = + _gnutls_send_int (session, GNUTLS_INNER_APPLICATION, -1, + EPOCH_WRITE_CURRENT, p, plen, MBUFFER_FLUSH); if (p) gnutls_free (p); @@ -175,10 +177,12 @@ _gnutls_ia_prf (gnutls_session_t session, extension_priv_data_t epriv; ia_ext_st *priv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } priv = epriv.ptr; @@ -228,10 +232,12 @@ gnutls_ia_permute_inner_secret (gnutls_session_t session, ia_ext_st *priv; int ret; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } priv = epriv.ptr; @@ -241,8 +247,7 @@ gnutls_ia_permute_inner_secret (gnutls_session_t session, inner_permutation_label, session_keys_size, session_keys, - GNUTLS_RANDOM_SIZE, - priv->inner_secret); + GNUTLS_RANDOM_SIZE, priv->inner_secret); } /** @@ -288,10 +293,12 @@ gnutls_ia_extract_inner_secret (gnutls_session_t session, char *buffer) ia_ext_st *priv; int ret; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return; } priv = epriv.ptr; @@ -327,10 +334,12 @@ gnutls_ia_endphase_send (gnutls_session_t session, int final_p) extension_priv_data_t epriv; ia_ext_st *priv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } priv = epriv.ptr; @@ -390,10 +399,12 @@ gnutls_ia_verify_endphase (gnutls_session_t session, const char *checksum) extension_priv_data_t epriv; ia_ext_st *priv; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_INNER_APPLICATION, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } priv = epriv.ptr; @@ -665,13 +676,15 @@ int gnutls_ia_handshake_p (gnutls_session_t session) { extension_priv_data_t epriv; - ia_ext_st * priv; + ia_ext_st *priv; int ret; - ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SERVER_NAME, &epriv); + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, + &epriv); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } priv = epriv.ptr; @@ -966,15 +979,16 @@ gnutls_ia_get_server_avp_ptr (gnutls_ia_server_credentials_t cred) * calling gnutls_ia_handshake() or one of the lower level gnutls_ia_* * functions. **/ -void gnutls_ia_enable (gnutls_session_t session, int allow_skip_on_resume) +void +gnutls_ia_enable (gnutls_session_t session, int allow_skip_on_resume) { extension_priv_data_t epriv; - ia_ext_st * priv; + ia_ext_st *priv; - priv = gnutls_calloc(1, sizeof(*priv)); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { - gnutls_assert(); + gnutls_assert (); return; } @@ -984,6 +998,7 @@ void gnutls_ia_enable (gnutls_session_t session, int allow_skip_on_resume) if (allow_skip_on_resume) priv->flags |= IA_ALLOW_SKIP; - _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_INNER_APPLICATION, epriv); + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, + epriv); } diff --git a/libextra/includes/gnutls/extra.h b/libextra/includes/gnutls/extra.h index 6a4be17131..4e93aaea1a 100644 --- a/libextra/includes/gnutls/extra.h +++ b/libextra/includes/gnutls/extra.h @@ -28,7 +28,7 @@ */ #ifndef GNUTLS_EXTRA_H -# define GNUTLS_EXTRA_H +#define GNUTLS_EXTRA_H #include <gnutls/gnutls.h> diff --git a/libextra/openssl_compat.h b/libextra/openssl_compat.h index 991269e3cb..4720ad1e81 100644 --- a/libextra/openssl_compat.h +++ b/libextra/openssl_compat.h @@ -24,7 +24,7 @@ */ #ifndef GNUTLS_COMPAT8_H -# define GNUTLS_COMPAT8_H +#define GNUTLS_COMPAT8_H /* Extra definitions */ #include <gnutls/openssl.h> diff --git a/src/benchmark.c b/src/benchmark.c index 73aba25e05..bd7ea7ce56 100644 --- a/src/benchmark.c +++ b/src/benchmark.c @@ -35,9 +35,10 @@ static unsigned char data[64 * 1024]; static int must_finish = 0; -static void alarm_handler(int signo) +static void +alarm_handler (int signo) { - must_finish = 1; + must_finish = 1; } static void @@ -46,29 +47,38 @@ tls_log_func (int level, const char *str) fprintf (stderr, "|<%d>| %s", level, str); } -static void value2human(double bytes, double time, double* data, double* speed,char* metric) +static void +value2human (double bytes, double time, double *data, double *speed, + char *metric) { - if (bytes > 1000 && bytes < 1000*1000) { - *data = ((double)bytes)/1000; - *speed = *data/time; - strcpy(metric, "Kb"); - return; - } else if (bytes >= 1000*1000 && bytes < 1000*1000*1000) { - *data = ((double)bytes)/(1000*1000); - *speed = *data/time; - strcpy(metric, "Mb"); - return; - } else if (bytes >= 1000*1000*1000) { - *data = ((double)bytes)/(1000*1000*1000); - *speed = *data/time; - strcpy(metric, "Gb"); - return; - } else { - *data = (double)bytes; - *speed = *data/time; - strcpy(metric, "bytes"); - return; - } + if (bytes > 1000 && bytes < 1000 * 1000) + { + *data = ((double) bytes) / 1000; + *speed = *data / time; + strcpy (metric, "Kb"); + return; + } + else if (bytes >= 1000 * 1000 && bytes < 1000 * 1000 * 1000) + { + *data = ((double) bytes) / (1000 * 1000); + *speed = *data / time; + strcpy (metric, "Mb"); + return; + } + else if (bytes >= 1000 * 1000 * 1000) + { + *data = ((double) bytes) / (1000 * 1000 * 1000); + *speed = *data / time; + strcpy (metric, "Gb"); + return; + } + else + { + *data = (double) bytes; + *speed = *data / time; + strcpy (metric, "bytes"); + return; + } } static void @@ -105,10 +115,10 @@ cipher_bench (int algo, int size) printf ("Checking %s (%dkb payload)... ", gnutls_cipher_get_name (algo), size); fflush (stdout); - + must_finish = 0; - alarm(5); - + alarm (5); + gettime (&start); ret = gnutls_cipher_init (&ctx, algo, &key, &iv); @@ -123,7 +133,7 @@ cipher_bench (int algo, int size) gnutls_cipher_encrypt (ctx, data, size * 1024); data_size += size * 1024; } - while(must_finish == 0); + while (must_finish == 0); gnutls_cipher_deinit (ctx); @@ -132,8 +142,8 @@ cipher_bench (int algo, int size) secs = (stop.tv_sec * 1000 + stop.tv_nsec / (1000 * 1000) - (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000))); secs /= 1000; - - value2human(data_size, secs, &ddata, &dspeed, metric); + + value2human (data_size, secs, &ddata, &dspeed, metric); printf ("Encrypted %.2f %s in %.2f secs: ", ddata, metric, secs); printf ("%.2f %s/sec\n", dspeed, metric); @@ -163,7 +173,7 @@ mac_bench (int algo, int size) fflush (stdout); must_finish = 0; - alarm(5); + alarm (5); gettime (&start); @@ -172,7 +182,7 @@ mac_bench (int algo, int size) gnutls_hmac_fast (algo, _key, blocksize, data, size * 1024, _key); data_size += size * 1024; } - while(must_finish == 0); + while (must_finish == 0); gettime (&stop); @@ -181,7 +191,7 @@ mac_bench (int algo, int size) (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000))); secs /= 1000; - value2human(data_size, secs, &ddata, &dspeed, metric); + value2human (data_size, secs, &ddata, &dspeed, metric); printf ("Hashed %.2f %s in %.2f secs: ", ddata, metric, secs); printf ("%.2f %s/sec\n", dspeed, metric); @@ -190,14 +200,14 @@ mac_bench (int algo, int size) } int -main (int argc, char** argv) +main (int argc, char **argv) { int debug_level = 0; if (argc > 1) debug_level = 2; - - signal(SIGALRM, alarm_handler); + + signal (SIGALRM, alarm_handler); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug_level); diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 44be8e959b..1def3a4b65 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -46,7 +46,7 @@ int get_sign_status (int server); void get_ip_addr_set (int type, void *crt); void get_dns_name_set (int type, void *crt); void get_email_set (int type, void *crt); -int get_ipsec_ike_status(void); +int get_ipsec_ike_status (void); void get_cn_crq_set (gnutls_x509_crq_t crq); void get_uid_crq_set (gnutls_x509_crq_t crq); diff --git a/src/certtool-common.h b/src/certtool-common.h index d8599c8054..1a2d881884 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -39,11 +39,15 @@ enum #define TYPE_CRQ 2 void certtool_version (void); -void pkcs11_list( FILE*outfile, const char* url, int type, unsigned int login, unsigned int detailed); -void pkcs11_export(FILE* outfile, const char *pkcs11_url, unsigned int login); -void pkcs11_token_list(FILE* outfile, unsigned int detailed); -void pkcs11_write(FILE* outfile, const char *pkcs11_url, const char* label, int trusted, unsigned int login); -void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int batch, unsigned int login); +void pkcs11_list (FILE * outfile, const char *url, int type, + unsigned int login, unsigned int detailed); +void pkcs11_export (FILE * outfile, const char *pkcs11_url, + unsigned int login); +void pkcs11_token_list (FILE * outfile, unsigned int detailed); +void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label, + int trusted, unsigned int login); +void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch, + unsigned int login); #define PKCS11_TYPE_CRT_ALL 1 #define PKCS11_TYPE_TRUSTED 2 @@ -65,7 +69,7 @@ gnutls_x509_crt_t load_cert (int mand); gnutls_pubkey_t load_pubkey (int mand); /* returns the bits specified in cmd */ -int get_bits(gnutls_pk_algorithm_t); +int get_bits (gnutls_pk_algorithm_t); /* prime.c */ int generate_prime (int how); diff --git a/src/certtool.c b/src/certtool.c index 794a0d6b6d..a437698008 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -71,7 +71,8 @@ static void gaa_parser (int argc, char **argv); void generate_self_signed (void); void generate_request (void); gnutls_x509_crt_t *load_cert_list (int mand, size_t * size); -static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out, unsigned int all); +static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out, + unsigned int all); static void print_hex_datum (gnutls_datum_t * dat); @@ -128,7 +129,7 @@ static void print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g) { - if (x) + if (x) { fprintf (outfile, "private key:"); print_hex_datum (x); @@ -146,13 +147,13 @@ print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p, static void print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t * exp1, gnutls_datum_t *exp2) + gnutls_datum_t * exp1, gnutls_datum_t * exp2) { fprintf (outfile, "modulus:"); print_hex_datum (m); fprintf (outfile, "public exponent:"); print_hex_datum (e); - if (d) + if (d) { fprintf (outfile, "private exponent:"); print_hex_datum (d); @@ -163,63 +164,70 @@ print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, fprintf (outfile, "coefficient:"); print_hex_datum (u); if (exp1 && exp2) - { - fprintf (outfile, "exp1:"); - print_hex_datum (exp1); - fprintf (outfile, "exp2:"); - print_hex_datum (exp2); - } + { + fprintf (outfile, "exp1:"); + print_hex_datum (exp1); + fprintf (outfile, "exp2:"); + print_hex_datum (exp2); + } } } -static gnutls_sec_param_t str_to_sec_param(const char* str) +static gnutls_sec_param_t +str_to_sec_param (const char *str) { - if (strcasecmp(str, "low")==0) + if (strcasecmp (str, "low") == 0) { return GNUTLS_SEC_PARAM_LOW; } - else if (strcasecmp(str, "normal")==0) + else if (strcasecmp (str, "normal") == 0) { return GNUTLS_SEC_PARAM_NORMAL; } - else if (strcasecmp(str, "high")==0) + else if (strcasecmp (str, "high") == 0) { return GNUTLS_SEC_PARAM_HIGH; } - else if (strcasecmp(str, "ultra")==0) + else if (strcasecmp (str, "ultra") == 0) { return GNUTLS_SEC_PARAM_ULTRA; } else { - fprintf(stderr, "Unknown security parameter string: %s\n", str); - exit(1); + fprintf (stderr, "Unknown security parameter string: %s\n", str); + exit (1); } } -int get_bits(gnutls_pk_algorithm_t key_type) +int +get_bits (gnutls_pk_algorithm_t key_type) { -int bits; + int bits; if (info.bits != 0) { static int warned = 0; - - if (warned == 0) - { - warned = 1; - fprintf(stderr, "** Note: Please use the --sec-param instead of --bits\n"); - } + + if (warned == 0) + { + warned = 1; + fprintf (stderr, + "** Note: Please use the --sec-param instead of --bits\n"); + } bits = info.bits; } else { if (info.sec_param) - { - bits = gnutls_sec_param_to_pk_bits(key_type, str_to_sec_param(info.sec_param)); - } - else bits = gnutls_sec_param_to_pk_bits(key_type, GNUTLS_SEC_PARAM_NORMAL); + { + bits = + gnutls_sec_param_to_pk_bits (key_type, + str_to_sec_param (info.sec_param)); + } + else + bits = + gnutls_sec_param_to_pk_bits (key_type, GNUTLS_SEC_PARAM_NORMAL); } return bits; @@ -243,17 +251,17 @@ generate_private_key_int (void) if (ret < 0) error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); - bits = get_bits(key_type); + bits = get_bits (key_type); - fprintf (stderr, "Generating a %d bit %s private key...\n", get_bits(key_type), - gnutls_pk_algorithm_get_name (key_type)); + fprintf (stderr, "Generating a %d bit %s private key...\n", + get_bits (key_type), gnutls_pk_algorithm_get_name (key_type)); if (info.quick_random == 0) fprintf (stderr, "This might take several minutes depending on availability of randomness" " in /dev/random.\n"); - ret = gnutls_x509_privkey_generate (key, key_type, get_bits(key_type), 0); + ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0); if (ret < 0) error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret)); @@ -561,8 +569,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, { result = gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_IPSEC_IKE, - 0); + GNUTLS_KP_IPSEC_IKE, 0); if (result < 0) error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result)); @@ -621,7 +628,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, { /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is set, then either digitalSignature or the nonRepudiation bits in the - KeyUsage extension MUST for all IKE certs */ + KeyUsage extension MUST for all IKE certs */ if (is_ike && (get_sign_status (server) != 1)) usage |= GNUTLS_KEY_NON_REPUDIATION; result = gnutls_x509_crt_set_key_usage (crt, usage); @@ -757,17 +764,18 @@ generate_crl (gnutls_x509_crt_t ca_crt) return crl; } -static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt crt) +static gnutls_digest_algorithm_t +get_dig (gnutls_x509_crt crt) { -gnutls_digest_algorithm_t dig; -int result; -unsigned int mand; + gnutls_digest_algorithm_t dig; + int result; + unsigned int mand; - result = gnutls_x509_crt_get_preferred_hash_algorithm(crt, &dig, &mand); + result = gnutls_x509_crt_get_preferred_hash_algorithm (crt, &dig, &mand); if (result < 0) { - error (EXIT_FAILURE, 0, "crl_preferred_hash_algorithm: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "crl_preferred_hash_algorithm: %s", + gnutls_strerror (result)); } /* if algorithm allows alternatives */ @@ -777,7 +785,8 @@ unsigned int mand; return dig; } -void generate_self_signed (void) +void +generate_self_signed (void) { gnutls_x509_crt_t crt; gnutls_x509_privkey_t key; @@ -807,7 +816,7 @@ void generate_self_signed (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, crt, key, get_dig(crt), 0); + result = gnutls_x509_crt_sign2 (crt, crt, key, get_dig (crt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -849,7 +858,7 @@ generate_signed_certificate (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig(ca_crt), 0); + result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig (ca_crt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -883,7 +892,7 @@ generate_proxy_certificate (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, eecrt, eekey, get_dig(eecrt), 0); + result = gnutls_x509_crt_sign2 (crt, eecrt, eekey, get_dig (eecrt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -952,7 +961,7 @@ update_signed_certificate (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig(ca_crt), 0); + result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig (ca_crt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -1066,25 +1075,27 @@ gaa_parser (int argc, char **argv) if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); - + if (info.pkcs11_provider != NULL) { - ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); - else { - ret = gnutls_pkcs11_add_provider(info.pkcs11_provider, NULL); - if (ret < 0) - error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", gnutls_strerror (ret)); - } + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + else + { + ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); + if (ret < 0) + error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", + gnutls_strerror (ret)); + } } else { - ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); + ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); } - + if ((ret = gnutls_global_init_extra ()) < 0) error (EXIT_FAILURE, 0, "global_init_extra: %s", gnutls_strerror (ret)); @@ -1155,19 +1166,21 @@ gaa_parser (int argc, char **argv) generate_pkcs8 (); break; case ACTION_PKCS11_LIST: - pkcs11_list(outfile, info.pkcs11_url, info.pkcs11_type, info.pkcs11_login, info.pkcs11_detailed_url); + pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type, + info.pkcs11_login, info.pkcs11_detailed_url); break; case ACTION_PKCS11_TOKENS: - pkcs11_token_list(outfile, info.pkcs11_detailed_url); + pkcs11_token_list (outfile, info.pkcs11_detailed_url); break; case ACTION_PKCS11_EXPORT_URL: - pkcs11_export(outfile, info.pkcs11_url, info.pkcs11_login); + pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login); break; case ACTION_PKCS11_WRITE_URL: - pkcs11_write(outfile, info.pkcs11_url, info.pkcs11_label, info.pkcs11_trusted, info.pkcs11_login); + pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label, + info.pkcs11_trusted, info.pkcs11_login); break; case ACTION_PKCS11_DELETE_URL: - pkcs11_delete(outfile, info.pkcs11_url, batch, info.pkcs11_login); + pkcs11_delete (outfile, info.pkcs11_url, batch, info.pkcs11_login); break; #ifdef ENABLE_OPENPGP case ACTION_PGP_INFO: @@ -1188,9 +1201,9 @@ gaa_parser (int argc, char **argv) exit (0); } fclose (outfile); - - gnutls_pkcs11_deinit(); - gnutls_global_deinit(); + + gnutls_pkcs11_deinit (); + gnutls_global_deinit (); } #define MAX_CRTS 500 @@ -1248,7 +1261,8 @@ certificate_info (int pubkey) fwrite (buffer, 1, size, outfile); - if (pubkey) pubkey_info(crt[i]); + if (pubkey) + pubkey_info (crt[i]); gnutls_x509_crt_deinit (crt[i]); } @@ -1367,7 +1381,9 @@ pgp_privkey_info (void) fprintf (outfile, "\tPublic Key Algorithm: "); cprint = gnutls_pk_algorithm_get_name (ret); fprintf (outfile, "%s\n", cprint ? cprint : "Unknown"); - fprintf (outfile, "\tKey Security Level: %s\n", gnutls_sec_param_get_name(gnutls_openpgp_privkey_sec_param(key))); + fprintf (outfile, "\tKey Security Level: %s\n", + gnutls_sec_param_get_name (gnutls_openpgp_privkey_sec_param + (key))); /* Print the raw public and private keys */ @@ -1671,12 +1687,11 @@ privkey_info (void) if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { if (info.pass) - pass = info.pass; + pass = info.pass; else - pass = get_pass (); + pass = get_pass (); ret = gnutls_x509_privkey_import_pkcs8 (key, &pem, - info.incert_format, - pass, 0); + info.incert_format, pass, 0); } if (ret < 0) error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret)); @@ -1689,7 +1704,8 @@ privkey_info (void) cprint = gnutls_pk_algorithm_get_name (ret); fprintf (outfile, "%s\n", cprint ? cprint : "Unknown"); - fprintf (outfile, "\tKey Security Level: %s\n", gnutls_sec_param_get_name(gnutls_x509_privkey_sec_param(key))); + fprintf (outfile, "\tKey Security Level: %s\n", + gnutls_sec_param_get_name (gnutls_x509_privkey_sec_param (key))); /* Print the raw public and private keys */ @@ -1697,7 +1713,9 @@ privkey_info (void) { gnutls_datum_t m, e, d, p, q, u, exp1, exp2; - ret = gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u, &exp1, &exp2); + ret = + gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u, + &exp1, &exp2); if (ret < 0) fprintf (stderr, "Error in key RSA data export: %s\n", gnutls_strerror (ret)); @@ -3159,70 +3177,88 @@ certtool_version (void) "Nikos Mavrogiannopoulos", "Simon Josefsson", (char *) NULL); } -static void print_key_usage(FILE* outfile, unsigned int usage) +static void +print_key_usage (FILE * outfile, unsigned int usage) { - if (usage & GNUTLS_KEY_DIGITAL_SIGNATURE) { - fprintf(outfile, "\tDigital signature.\n"); - } + if (usage & GNUTLS_KEY_DIGITAL_SIGNATURE) + { + fprintf (outfile, "\tDigital signature.\n"); + } - if (usage & GNUTLS_KEY_NON_REPUDIATION) { - fprintf(outfile, "\tNon repudiation.\n"); - } + if (usage & GNUTLS_KEY_NON_REPUDIATION) + { + fprintf (outfile, "\tNon repudiation.\n"); + } - if (usage & GNUTLS_KEY_KEY_ENCIPHERMENT) { - fprintf(outfile, "\tKey encipherment.\n"); - } + if (usage & GNUTLS_KEY_KEY_ENCIPHERMENT) + { + fprintf (outfile, "\tKey encipherment.\n"); + } - if (usage & GNUTLS_KEY_DATA_ENCIPHERMENT) { - fprintf(outfile, "\tData encipherment.\n"); - } + if (usage & GNUTLS_KEY_DATA_ENCIPHERMENT) + { + fprintf (outfile, "\tData encipherment.\n"); + } - if (usage & GNUTLS_KEY_KEY_AGREEMENT) { - fprintf(outfile, "\tKey agreement.\n"); - } + if (usage & GNUTLS_KEY_KEY_AGREEMENT) + { + fprintf (outfile, "\tKey agreement.\n"); + } - if (usage & GNUTLS_KEY_KEY_CERT_SIGN) { - fprintf(outfile, "\tCertificate signing.\n"); - } + if (usage & GNUTLS_KEY_KEY_CERT_SIGN) + { + fprintf (outfile, "\tCertificate signing.\n"); + } - if (usage & GNUTLS_KEY_NON_REPUDIATION) { - fprintf(outfile, "\tCRL signing.\n"); - } + if (usage & GNUTLS_KEY_NON_REPUDIATION) + { + fprintf (outfile, "\tCRL signing.\n"); + } - if (usage & GNUTLS_KEY_ENCIPHER_ONLY) { - fprintf(outfile, "\tKey encipher only.\n"); - } + if (usage & GNUTLS_KEY_ENCIPHER_ONLY) + { + fprintf (outfile, "\tKey encipher only.\n"); + } - if (usage & GNUTLS_KEY_DECIPHER_ONLY) { - fprintf(outfile, "\tKey decipher only.\n"); - } + if (usage & GNUTLS_KEY_DECIPHER_ONLY) + { + fprintf (outfile, "\tKey decipher only.\n"); + } } -void pubkey_info (gnutls_x509_crt crt) +void +pubkey_info (gnutls_x509_crt crt) { gnutls_pubkey_t pubkey; unsigned int bits, usage; int ret; size_t size; - const char* cprint; + const char *cprint; - ret = gnutls_pubkey_init(&pubkey); - if (ret < 0) { - error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret)); - } + ret = gnutls_pubkey_init (&pubkey); + if (ret < 0) + { + error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret)); + } - if (crt == NULL) { - crt = load_cert(0); - } - - if (crt != NULL) { - ret = gnutls_pubkey_import_x509(pubkey, crt, 0); - if (ret < 0) { - error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", gnutls_strerror (ret)); - } - } else { - pubkey = load_pubkey(1); - } + if (crt == NULL) + { + crt = load_cert (0); + } + + if (crt != NULL) + { + ret = gnutls_pubkey_import_x509 (pubkey, crt, 0); + if (ret < 0) + { + error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", + gnutls_strerror (ret)); + } + } + else + { + pubkey = load_pubkey (1); + } fprintf (outfile, "Public Key Info:\n\n"); ret = gnutls_pubkey_get_pk_algorithm (pubkey, &bits); @@ -3268,12 +3304,14 @@ void pubkey_info (gnutls_x509_crt crt) } ret = gnutls_pubkey_get_key_usage (pubkey, &usage); - if (ret < 0) { - error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s", gnutls_strerror (ret)); - } - + if (ret < 0) + { + error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s", + gnutls_strerror (ret)); + } + fprintf (outfile, "Public Key Usage:\n"); - print_key_usage(outfile, usage); + print_key_usage (outfile, usage); fprintf (outfile, "\n"); @@ -188,9 +188,11 @@ load_keys (void) ret = gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, 0); - - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - ret = gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + ret = + gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { @@ -241,12 +243,14 @@ load_keys (void) { gnutls_pkcs11_privkey_init (&pkcs11_key); - ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); - if (ret < 0) + ret = + gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); + if (ret < 0) { - fprintf(stderr, "*** Error loading url: %s\n", gnutls_strerror(ret)); - exit(1); - } + fprintf (stderr, "*** Error loading url: %s\n", + gnutls_strerror (ret)); + exit (1); + } } else { @@ -303,11 +307,12 @@ load_keys (void) gnutls_pkcs11_privkey_init (&pkcs11_key); ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0); - if (ret < 0) + if (ret < 0) { - fprintf(stderr, "*** Error loading url: %s\n", gnutls_strerror(ret)); - exit(1); - } + fprintf (stderr, "*** Error loading url: %s\n", + gnutls_strerror (ret)); + exit (1); + } } else { @@ -482,21 +487,21 @@ cert_callback (gnutls_session_t session, return -1; } - if (x509_key != NULL) - { + if (x509_key != NULL) + { st->key.x509 = x509_key; st->key_type = GNUTLS_PRIVKEY_X509; - } - else if (pkcs11_key != NULL) - { - st->key.pkcs11 = pkcs11_key; - st->key_type = GNUTLS_PRIVKEY_PKCS11; - } - else - { - printf ("- Could not find a suitable key to send to server\n"); - return -1; - } + } + else if (pkcs11_key != NULL) + { + st->key.pkcs11 = pkcs11_key; + st->key_type = GNUTLS_PRIVKEY_PKCS11; + } + else + { + printf ("- Could not find a suitable key to send to server\n"); + return -1; + } st->ncerts = x509_crt_size; @@ -513,21 +518,21 @@ cert_callback (gnutls_session_t session, if (pgp_crt != NULL) { - if (pgp_key != NULL) - { - st->key.pgp = pgp_key; - st->key_type = GNUTLS_PRIVKEY_OPENPGP; - } - else if (pkcs11_key != NULL) - { - st->key.pkcs11 = pkcs11_key; - st->key_type = GNUTLS_PRIVKEY_PKCS11; - } - else - { - printf ("- Could not find a suitable key to send to server\n"); - return -1; - } + if (pgp_key != NULL) + { + st->key.pgp = pgp_key; + st->key_type = GNUTLS_PRIVKEY_OPENPGP; + } + else if (pkcs11_key != NULL) + { + st->key.pkcs11 = pkcs11_key; + st->key_type = GNUTLS_PRIVKEY_PKCS11; + } + else + { + printf ("- Could not find a suitable key to send to server\n"); + return -1; + } st->ncerts = 1; @@ -594,7 +599,8 @@ init_tls_session (const char *hostname) gnutls_certificate_set_retrieve_function (xcred, cert_callback); gnutls_certificate_set_verify_function (xcred, cert_verify_callback); - gnutls_certificate_set_verify_flags(xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + gnutls_certificate_set_verify_flags (xcred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); /* send the fingerprint */ #ifdef ENABLE_OPENPGP @@ -616,7 +622,7 @@ init_tls_session (const char *hostname) } #ifdef ENABLE_SESSION_TICKET - if (disable_extensions ==0 && !info.noticket) + if (disable_extensions == 0 && !info.noticket) gnutls_session_ticket_enable_client (session); #endif @@ -830,8 +836,8 @@ after_handshake: signal (SIGALRM, &starttls_alarm); #endif - fflush(stdout); - fflush(stderr); + fflush (stdout); + fflush (stderr); /* do not buffer */ #if !(defined _WIN32 || defined __WIN32__) diff --git a/src/common.c b/src/common.c index 808146749e..51ba9465a6 100644 --- a/src/common.c +++ b/src/common.c @@ -116,8 +116,7 @@ print_x509_info (gnutls_session_t session, const char *hostname, int insecure) size_t size = 0; char *p = NULL; - ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, - p, &size); + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size); if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { p = malloc (size); @@ -886,65 +885,74 @@ service_to_port (const char *service) return ntohs (server_port->s_port); } -static int pin_callback(void* user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char* pin, size_t pin_max) +static int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { -const char* password; -int len; + const char *password; + int len; /* allow caching of PIN */ -static char* cached_url = NULL; -static char cached_pin[32] = ""; - - printf("PIN required for token '%s' with URL '%s'\n", token_label, token_url); - if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) - printf("*** This is the final try before locking!\n"); - if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) - printf("*** Only few tries left before locking!\n"); - - if (flags == 0 && cached_url != NULL) { - if (strcmp(cached_url, token_url)==0) { - strcpy(pin, cached_pin); - return 0; - } - } - - password = getpass("Enter pin: "); - if (password==NULL || password[0] == 0) { - fprintf(stderr, "No password given\n"); - exit(1); + static char *cached_url = NULL; + static char cached_pin[32] = ""; + + printf ("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + printf ("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + printf ("*** Only few tries left before locking!\n"); + + if (flags == 0 && cached_url != NULL) + { + if (strcmp (cached_url, token_url) == 0) + { + strcpy (pin, cached_pin); + return 0; } - - len = MIN(pin_max,strlen(password)); - memcpy(pin, password, len); - pin[len] = 0; - - /* cache */ - strcpy(cached_pin, pin); - free(cached_url); - cached_url = strdup(token_url); - - return 0; + } + + password = getpass ("Enter pin: "); + if (password == NULL || password[0] == 0) + { + fprintf (stderr, "No password given\n"); + exit (1); + } + + len = MIN (pin_max, strlen (password)); + memcpy (pin, password, len); + pin[len] = 0; + + /* cache */ + strcpy (cached_pin, pin); + free (cached_url); + cached_url = strdup (token_url); + + return 0; } -static int token_callback(void* user, const char* label, const unsigned retry) +static int +token_callback (void *user, const char *label, const unsigned retry) { -char buf[32]; -char *p; + char buf[32]; + char *p; - if (retry > 0) { - fprintf(stderr, "Could not find token %s\n", label); - return -1; - } - printf("Please insert token '%s' in slot and press enter\n", label); - p = fgets(buf, sizeof(buf), stdin); + if (retry > 0) + { + fprintf (stderr, "Could not find token %s\n", label); + return -1; + } + printf ("Please insert token '%s' in slot and press enter\n", label); + p = fgets (buf, sizeof (buf), stdin); - return 0; + return 0; } -void pkcs11_common(void) +void +pkcs11_common (void) { - gnutls_pkcs11_set_pin_function (pin_callback, NULL); - gnutls_pkcs11_set_token_function(token_callback, NULL); + gnutls_pkcs11_set_pin_function (pin_callback, NULL); + gnutls_pkcs11_set_token_function (token_callback, NULL); } diff --git a/src/common.h b/src/common.h index fb04fedd7e..e18ed4b676 100644 --- a/src/common.h +++ b/src/common.h @@ -10,14 +10,14 @@ #include <netinet/in.h> #include <signal.h> #ifdef _WIN32 -# include <io.h> -# include <winbase.h> +#include <io.h> +#include <winbase.h> #endif #ifndef __attribute__ -# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -# define __attribute__(Spec) /* empty */ -# endif +#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) +#define __attribute__(Spec) /* empty */ +#endif #endif /* the number of elements in the priority structures. @@ -40,5 +40,5 @@ void parse_protocols (char **protocols, int protocols_size, int *protocol_priority); const char *raw_to_string (const unsigned char *raw, size_t raw_size); int service_to_port (const char *service); -void pkcs11_common(void); +void pkcs11_common (void); void sockets_init (void); diff --git a/src/crypt.c b/src/crypt.c index 1553b43352..b4545612c9 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -33,10 +33,10 @@ #include <sys/stat.h> #ifndef _WIN32 -# include <pwd.h> -# include <unistd.h> +#include <pwd.h> +#include <unistd.h> #else -# include <windows.h> +#include <windows.h> #endif /* Gnulib portability files. */ diff --git a/src/pkcs11.c b/src/pkcs11.c index 2912b97c31..364f5735d3 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -32,431 +32,541 @@ #define MIN(x,y) ((x)<(y))?(x):(y) -static int pin_callback(void* user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char* pin, size_t pin_max) +static int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { -const char* password; -int len; + const char *password; + int len; /* allow caching of PIN */ -static char* cached_url = NULL; -static char cached_pin[32] = ""; - - printf("PIN required for token '%s' with URL '%s'\n", token_label, token_url); - if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) - printf("*** This is the final try before locking!\n"); - if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) - printf("*** Only few tries left before locking!\n"); - - if (flags == 0 && cached_url != NULL) { - if (strcmp(cached_url, token_url)==0) { - strcpy(pin, cached_pin); - return 0; - } + static char *cached_url = NULL; + static char cached_pin[32] = ""; + + printf ("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + printf ("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + printf ("*** Only few tries left before locking!\n"); + + if (flags == 0 && cached_url != NULL) + { + if (strcmp (cached_url, token_url) == 0) + { + strcpy (pin, cached_pin); + return 0; } - - password = getpass("Enter pin: "); - if (password==NULL || password[0] == 0) { - fprintf(stderr, "No password given\n"); - exit(1); - } - - len = MIN(pin_max,strlen(password)); - memcpy(pin, password, len); - pin[len] = 0; - - /* cache */ - strcpy(cached_pin, pin); - free(cached_url); - cached_url = strdup(token_url); - - return 0; + } + + password = getpass ("Enter pin: "); + if (password == NULL || password[0] == 0) + { + fprintf (stderr, "No password given\n"); + exit (1); + } + + len = MIN (pin_max, strlen (password)); + memcpy (pin, password, len); + pin[len] = 0; + + /* cache */ + strcpy (cached_pin, pin); + free (cached_url); + cached_url = strdup (token_url); + + return 0; } -static void pkcs11_common(void) +static void +pkcs11_common (void) { - gnutls_pkcs11_set_pin_function (pin_callback, NULL); + gnutls_pkcs11_set_pin_function (pin_callback, NULL); } -void pkcs11_delete(FILE* outfile, const char* url, int batch, unsigned int login) +void +pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login) { -int ret; -unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - if (!batch) { - pkcs11_list(outfile, url, PKCS11_TYPE_ALL, login, GNUTLS_PKCS11_URL_LIB); - ret = read_yesno("Are you sure you want to delete those objects? (y/N): "); - if (ret == 0) { - exit(1); - } + int ret; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + if (!batch) + { + pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login, + GNUTLS_PKCS11_URL_LIB); + ret = + read_yesno ("Are you sure you want to delete those objects? (y/N): "); + if (ret == 0) + { + exit (1); } - - ret = gnutls_pkcs11_delete_url(url, obj_flags); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fprintf(outfile, "\n%d objects deleted\n", ret); - - return; + } + + ret = gnutls_pkcs11_delete_url (url, obj_flags); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + fprintf (outfile, "\n%d objects deleted\n", ret); + + return; } - + /* lists certificates from a token */ -void pkcs11_list( FILE* outfile, const char* url, int type, unsigned int login, unsigned int detailed) +void +pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, + unsigned int detailed) { -gnutls_pkcs11_obj_t *crt_list; -gnutls_x509_crt_t xcrt; -unsigned int crt_list_size = 0; -int ret; -char* output; -int i, attrs; -unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common(); - - if (url == NULL) - url = "pkcs11:"; - - if (type == PKCS11_TYPE_TRUSTED) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; - } else if (type == PKCS11_TYPE_PK) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; - } else if (type == PKCS11_TYPE_CRT_ALL) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; - } else if (type == PKCS11_TYPE_PRIVKEY) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; - } else { - attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; + gnutls_pkcs11_obj_t *crt_list; + gnutls_x509_crt_t xcrt; + unsigned int crt_list_size = 0; + int ret; + char *output; + int i, attrs; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common (); + + if (url == NULL) + url = "pkcs11:"; + + if (type == PKCS11_TYPE_TRUSTED) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; + } + else if (type == PKCS11_TYPE_PK) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; + } + else if (type == PKCS11_TYPE_CRT_ALL) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; + } + else if (type == PKCS11_TYPE_PRIVKEY) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; + } + else + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; + } + + /* give some initial value to avoid asking for the pkcs11 pin twice. + */ + crt_list_size = 128; + crt_list = malloc (sizeof (*crt_list) * crt_list_size); + if (crt_list == NULL) + { + fprintf (stderr, "Memory error\n"); + exit (1); + } + + ret = gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url, + attrs, obj_flags); + if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + fprintf (stderr, "Error in crt_list_import (1): %s\n", + gnutls_strerror (ret)); + exit (1); + } + + if (crt_list_size == 0) + { + fprintf (stderr, "No matching objects found\n"); + exit (0); + } + + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + crt_list = realloc (crt_list, sizeof (*crt_list) * crt_list_size); + if (crt_list == NULL) + { + fprintf (stderr, "Memory error\n"); + exit (1); } - - /* give some initial value to avoid asking for the pkcs11 pin twice. - */ - crt_list_size = 128; - crt_list = malloc(sizeof(*crt_list)*crt_list_size); - if (crt_list == NULL) { - fprintf(stderr, "Memory error\n"); - exit(1); + + ret = + gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url, + attrs, obj_flags); + if (ret < 0) + { + fprintf (stderr, "Error in crt_list_import: %s\n", + gnutls_strerror (ret)); + exit (1); + } + } + + for (i = 0; i < crt_list_size; i++) + { + char buf[128]; + size_t size; + + ret = gnutls_pkcs11_obj_export_url (crt_list[i], detailed, &output); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, - attrs, obj_flags); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - fprintf(stderr, "Error in crt_list_import (1): %s\n", gnutls_strerror(ret)); - exit(1); + fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output); + + fprintf (outfile, "\tType: %s\n", + gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type + (crt_list[i]))); + + size = sizeof (buf); + ret = + gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + fprintf (outfile, "\tLabel: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, + buf, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - - if (crt_list_size == 0) { - fprintf(stderr, "No matching objects found\n"); - exit(0); + fprintf (outfile, "\tID: %s\n\n", buf); + + + + if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL + || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) + continue; + + ret = gnutls_x509_crt_init (&xcrt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { - crt_list = realloc(crt_list, sizeof(*crt_list)*crt_list_size); - if (crt_list == NULL) { - fprintf(stderr, "Memory error\n"); - exit(1); - } - - ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, attrs, obj_flags); - if (ret < 0) { - fprintf(stderr, "Error in crt_list_import: %s\n", gnutls_strerror(ret)); - exit(1); - } + + ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt_list[i]); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - - for (i=0;i<crt_list_size;i++) { - char buf[128]; - size_t size; - - ret = gnutls_pkcs11_obj_export_url(crt_list[i], detailed, &output); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fprintf(outfile, "Object %d:\n\tURL: %s\n", i, output); - - fprintf(outfile, "\tType: %s\n", gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_get_type( crt_list[i]))); - - size = sizeof(buf); - ret = gnutls_pkcs11_obj_get_info( crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fprintf(outfile, "\tLabel: %s\n", buf); - - size = sizeof(buf); - ret = gnutls_pkcs11_obj_get_info( crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fprintf(outfile, "\tID: %s\n\n", buf); - - - - if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) - continue; - - ret = gnutls_x509_crt_init(&xcrt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_x509_crt_import_pkcs11(xcrt, crt_list[i]); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } #if 0 - size = buffer_size; - ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fwrite (buffer, 1, size, outfile); - fputs("\n\n", outfile); + size = buffer_size; + ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + fwrite (buffer, 1, size, outfile); + fputs ("\n\n", outfile); #endif - gnutls_x509_crt_deinit(xcrt); + gnutls_x509_crt_deinit (xcrt); - } - - return; + } + + return; } -void pkcs11_export(FILE* outfile, const char* url, unsigned int login) +void +pkcs11_export (FILE * outfile, const char *url, unsigned int login) { -gnutls_pkcs11_obj_t crt; -gnutls_x509_crt_t xcrt; -gnutls_pubkey_t pubkey; -int ret; -size_t size; -unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common(); - - if (url == NULL) - url = "pkcs11:"; + gnutls_pkcs11_obj_t crt; + gnutls_x509_crt_t xcrt; + gnutls_pubkey_t pubkey; + int ret; + size_t size; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common (); + + if (url == NULL) + url = "pkcs11:"; + + ret = gnutls_pkcs11_obj_init (&crt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + ret = gnutls_pkcs11_obj_import_url (crt, url, obj_flags); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + switch (gnutls_pkcs11_obj_get_type (crt)) + { + case GNUTLS_PKCS11_OBJ_X509_CRT: + ret = gnutls_x509_crt_init (&xcrt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - ret = gnutls_pkcs11_obj_init(&crt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - ret = gnutls_pkcs11_obj_import_url( crt, url, obj_flags); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + size = buffer_size; + ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + fwrite (buffer, 1, size, outfile); + + gnutls_x509_crt_deinit (xcrt); + break; + case GNUTLS_PKCS11_OBJ_PUBKEY: + ret = gnutls_pubkey_init (&pubkey); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - switch(gnutls_pkcs11_obj_get_type(crt)) { - case GNUTLS_PKCS11_OBJ_X509_CRT: - ret = gnutls_x509_crt_init(&xcrt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_x509_crt_import_pkcs11(xcrt, crt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - size = buffer_size; - ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fwrite (buffer, 1, size, outfile); - - gnutls_x509_crt_deinit(xcrt); - break; - case GNUTLS_PKCS11_OBJ_PUBKEY: - ret = gnutls_pubkey_init(&pubkey); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_pubkey_import_pkcs11(pubkey, crt, 0); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - size = buffer_size; - ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fwrite (buffer, 1, size, outfile); - - gnutls_pubkey_deinit(pubkey); - break; - default: { - gnutls_datum data, enc; - - size = buffer_size; - ret = gnutls_pkcs11_obj_export (crt, buffer, &size); - if (ret < 0) { - break; - } - - data.data = buffer; - data.size = size; - - ret = gnutls_pem_base64_encode_alloc("DATA", &data, &enc); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fwrite (enc.data, 1, enc.size, outfile); - - gnutls_free(enc.data); - break; - } + ret = gnutls_pubkey_import_pkcs11 (pubkey, crt, 0); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - fputs("\n\n", outfile); + size = buffer_size; + ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + fwrite (buffer, 1, size, outfile); - gnutls_pkcs11_obj_deinit(crt); + gnutls_pubkey_deinit (pubkey); + break; + default: + { + gnutls_datum data, enc; - return; + size = buffer_size; + ret = gnutls_pkcs11_obj_export (crt, buffer, &size); + if (ret < 0) + { + break; + } -} + data.data = buffer; + data.size = size; -void pkcs11_token_list(FILE* outfile, unsigned int detailed) -{ -int ret; -int i; -char *url; -char buf[128]; -size_t size; + ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - pkcs11_common(); + fwrite (enc.data, 1, enc.size, outfile); - for (i=0;;i++) { - ret = gnutls_pkcs11_token_get_url(i, detailed, &url); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + gnutls_free (enc.data); + break; + } + } + fputs ("\n\n", outfile); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fprintf(outfile, "Token %d:\n\tURL: %s\n", i, url); + gnutls_pkcs11_obj_deinit (crt); - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_LABEL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + return; - fprintf(outfile, "\tLabel: %s\n", buf); +} - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_MANUFACTURER, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } +void +pkcs11_token_list (FILE * outfile, unsigned int detailed) +{ + int ret; + int i; + char *url; + char buf[128]; + size_t size; + + pkcs11_common (); + + for (i = 0;; i++) + { + ret = gnutls_pkcs11_token_get_url (i, detailed, &url); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - fprintf(outfile, "\tManufacturer: %s\n", buf); + fprintf (outfile, "Token %d:\n\tURL: %s\n", i, url); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_MODEL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + fprintf (outfile, "\tLabel: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER, + buf, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - fprintf(outfile, "\tModel: %s\n", buf); + fprintf (outfile, "\tManufacturer: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_SERIAL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + fprintf (outfile, "\tModel: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - fprintf(outfile, "\tSerial: %s\n", buf); - fprintf(outfile, "\n\n"); + fprintf (outfile, "\tSerial: %s\n", buf); + fprintf (outfile, "\n\n"); - gnutls_free(url); + gnutls_free (url); - } + } - return; + return; } -void pkcs11_write(FILE* outfile, const char* url, const char* label, int trusted, unsigned int login) +void +pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, + unsigned int login) { -gnutls_x509_crt_t xcrt; -gnutls_x509_privkey_t xkey; -int ret; -unsigned int flags = 0; -unsigned int key_usage; - - if (login) - flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common(); - - if (url == NULL) - url = "pkcs11:"; - - xcrt = load_cert(0); - if (xcrt != NULL) { - if (trusted) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; - ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - gnutls_x509_crt_get_key_usage(xcrt, &key_usage, NULL); + gnutls_x509_crt_t xcrt; + gnutls_x509_privkey_t xkey; + int ret; + unsigned int flags = 0; + unsigned int key_usage; + + if (login) + flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common (); + + if (url == NULL) + url = "pkcs11:"; + + xcrt = load_cert (0); + if (xcrt != NULL) + { + if (trusted) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - xkey = load_private_key(0); - if (xkey != NULL) { - ret = gnutls_pkcs11_copy_x509_privkey(url, xkey, label, key_usage, flags|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL); + } + + xkey = load_private_key (0); + if (xkey != NULL) + { + ret = + gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage, + flags | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } + } - if (xkey == NULL && xcrt == NULL) { - fprintf(stderr, "You must use --load-privkey or --load-certificate to load the file to be copied\n"); - exit (1); - } + if (xkey == NULL && xcrt == NULL) + { + fprintf (stderr, + "You must use --load-privkey or --load-certificate to load the file to be copied\n"); + exit (1); + } - return; + return; } diff --git a/src/prime.c b/src/prime.c index d845110f09..41f64a7e3e 100644 --- a/src/prime.c +++ b/src/prime.c @@ -48,7 +48,7 @@ generate_prime (int how) int ret; gnutls_dh_params_t dh_params; gnutls_datum_t p, g; - int bits = get_bits(GNUTLS_PK_DH); + int bits = get_bits (GNUTLS_PK_DH); gnutls_dh_params_init (&dh_params); @@ -50,10 +50,10 @@ main (int argc, char **argv) #include <sys/stat.h> #ifndef _WIN32 -# include <pwd.h> -# include <unistd.h> +#include <pwd.h> +#include <unistd.h> #else -# include <windows.h> +#include <windows.h> #endif /* Gnulib portability files. */ diff --git a/src/serv.c b/src/serv.c index a6ed9c5a90..d7782b90b2 100644 --- a/src/serv.c +++ b/src/serv.c @@ -737,19 +737,20 @@ listen_socket (const char *name, int listen_port) /* strips \r\n from the end of the string */ -static void strip (char* data) +static void +strip (char *data) { -int i; -int len = strlen(data); + int i; + int len = strlen (data); - for (i=0;i<len;i++) + for (i = 0; i < len; i++) { - if (data[i] == '\r' && data[i+1] == '\n' && data[i+1] == 0) - { - data[i] = '\n'; - data[i+1] = 0; - break; - } + if (data[i] == '\r' && data[i + 1] == '\n' && data[i + 1] == 0) + { + data[i] = '\n'; + data[i + 1] = 0; + break; + } } } @@ -782,7 +783,7 @@ get_response (gnutls_session_t session, char *request, } else { - strip(request); + strip (request); fprintf (stderr, "received: %s\n", request); if (request[0] == request[1] && request[0] == '*') { @@ -891,7 +892,7 @@ main (int argc, char **argv) exit (1); } - pkcs11_common(); + pkcs11_common (); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug); diff --git a/src/tests.c b/src/tests.c index 578518a70b..bb07d138ed 100644 --- a/src/tests.c +++ b/src/tests.c @@ -25,10 +25,10 @@ #include <gnutls/x509.h> #ifndef _WIN32 -# include <unistd.h> -# include <signal.h> +#include <unistd.h> +#include <signal.h> #else -# include <errno.h> +#include <errno.h> #endif #include <stdio.h> @@ -126,7 +126,7 @@ _gnutls_priority_set_direct (gnutls_session_t session, const char *str) if (ret < 0) { fprintf (stderr, "Error with string %s\n", str); - fprintf (stderr, "Error at %s: %s\n", err, gnutls_strerror(ret)); + fprintf (stderr, "Error at %s: %s\n", err, gnutls_strerror (ret)); exit (1); } } @@ -193,7 +193,7 @@ test_export (gnutls_session_t session) sprintf (prio_str, INIT_STR "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:" - ALL_MACS ":" ALL_KX ":%s" , protocol_str, rest); + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -301,7 +301,7 @@ test_safe_renegotiation_scsv (gnutls_session_t session) { int ret; - sprintf (prio_str, INIT_STR + sprintf (prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION"); _gnutls_priority_set_direct (session, prio_str); @@ -654,7 +654,7 @@ test_record_padding (gnutls_session_t session) } else { - strcat(rest, ":%COMPAT"); + strcat (rest, ":%COMPAT"); } return ret; @@ -709,8 +709,8 @@ test_tls1_1_fallback (gnutls_session_t session) sprintf (prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%s", - rest); + ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX + ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); diff --git a/tests/anonself.c b/tests/anonself.c index c75c0ee67e..40ef7bc4e5 100644 --- a/tests/anonself.c +++ b/tests/anonself.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/certder.c b/tests/certder.c index 5f931d3fa5..fc3991b690 100644 --- a/tests/certder.c +++ b/tests/certder.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include <gnutls/gnutls.h> diff --git a/tests/certificate_set_x509_crl.c b/tests/certificate_set_x509_crl.c index 07b0314375..b242ccd0f1 100644 --- a/tests/certificate_set_x509_crl.c +++ b/tests/certificate_set_x509_crl.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/certuniqueid.c b/tests/certuniqueid.c index 7a6104fb4f..96a363e51b 100644 --- a/tests/certuniqueid.c +++ b/tests/certuniqueid.c @@ -23,7 +23,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include "gnutls/gnutls.h" @@ -35,63 +35,114 @@ doit (void) { int ret; unsigned char der[] = { -0x30, 0x82, 0x03, 0x00, 0x30, 0x82, 0x01, 0xec, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xbd, -0x76, 0xdf, 0x42, 0x47, 0x0a, 0x00, 0x8d, 0x47, 0x3e, 0x74, 0x3f, 0xa1, 0xdc, 0x8b, 0xbd, 0x30, -0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x2d, 0x31, 0x2b, 0x30, 0x29, -0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00, 0x72, -0x00, 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77, 0x00, 0x73, 0x00, 0x2e, -0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, -0x34, 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30, 0x34, -0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x30, 0x2d, 0x31, 0x2b, 0x30, 0x29, 0x06, -0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00, 0x72, 0x00, -0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77, 0x00, 0x73, 0x00, 0x2e, 0x00, -0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, -0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, -0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, 0xd7, 0x32, 0x26, 0xd7, 0xfc, 0x69, -0x57, 0x4a, 0x55, 0x08, 0x2b, 0x97, 0xc1, 0x5b, 0x90, 0xfd, 0xe8, 0xf5, 0xf7, 0x9e, 0x7d, 0x34, -0xce, 0xe9, 0xbb, 0x38, 0xa0, 0x9f, 0xec, 0x84, 0x86, 0x3e, 0x47, 0x2e, 0x71, 0xd7, 0xc3, 0xbf, -0x89, 0xf3, 0x80, 0xb5, 0x77, 0x80, 0xd3, 0xb0, 0x56, 0x6b, 0x9c, 0xf4, 0xd3, 0x42, 0x2b, 0x26, -0x01, 0x5c, 0x42, 0xef, 0xf6, 0x51, 0x5a, 0xaa, 0x55, 0x6b, 0x30, 0xd3, 0x2c, 0xdc, 0xde, 0x36, -0x4d, 0xdd, 0xf3, 0x5f, 0x59, 0xba, 0x57, 0xd8, 0x39, 0x0f, 0x5b, 0xd3, 0xe1, 0x34, 0x39, 0x22, -0xaa, 0x71, 0x10, 0x59, 0x7a, 0xec, 0x9f, 0x1a, 0xf5, 0xa9, 0x40, 0xd6, 0x7b, 0x32, 0x5f, 0x19, -0x85, 0xc0, 0xfd, 0xa6, 0x6c, 0x32, 0x58, 0xdc, 0x7c, 0x07, 0x42, 0x36, 0xd0, 0x57, 0x78, 0x63, -0x60, 0x92, 0x1d, 0x1f, 0x9d, 0xbd, 0xcc, 0xd7, 0xe3, 0x1a, 0x57, 0xdb, 0x70, 0x80, 0x89, 0x36, -0x39, 0x01, 0x71, 0x5a, 0x2a, 0x05, 0x25, 0x13, 0x80, 0xf8, 0x49, 0x48, 0x5f, 0x06, 0xd0, 0xcb, -0x2c, 0x58, 0x9a, 0xe7, 0x8b, 0x6d, 0x17, 0x2c, 0xb2, 0x97, 0x2c, 0x15, 0xc9, 0x73, 0x6d, 0x8f, -0x4f, 0xf3, 0xf1, 0xb9, 0x70, 0x3f, 0xcb, 0x5f, 0x80, 0x85, 0x8b, 0xdf, 0xd2, 0x05, 0x95, 0x1c, -0xe4, 0x37, 0xee, 0xd2, 0x62, 0x49, 0x08, 0xdf, 0xf6, 0x02, 0xec, 0xe6, 0x9a, 0x37, 0xfc, 0x21, -0x7a, 0x98, 0x12, 0x1d, 0x79, 0xbf, 0xc7, 0x0f, 0x0a, 0x20, 0xf8, 0xef, 0xa5, 0xc6, 0x0e, 0x94, -0x5e, 0x17, 0x94, 0x12, 0x42, 0xfe, 0xd7, 0x22, 0xbd, 0x31, 0x27, 0xc7, 0xdb, 0x4a, 0x4e, 0x95, -0xe2, 0xc1, 0xdd, 0xe8, 0x0f, 0x7d, 0x1d, 0xe4, 0xfd, 0xb1, 0x27, 0x7b, 0xc1, 0x71, 0xfe, 0x27, -0x47, 0x89, 0xf4, 0xfc, 0x84, 0xa5, 0x57, 0x5d, 0x21, 0x02, 0x03, 0x01, 0x00, 0x01, 0x81, 0x11, -0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, 0x47, 0x42, 0xdf, 0x76, -0xbd, 0x82, 0x11, 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, 0x47, -0x42, 0xdf, 0x76, 0xbd, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x03, -0x82, 0x01, 0x01, 0x00, 0xa7, 0xb0, 0x66, 0x75, 0x14, 0x7e, 0x7d, 0xb5, 0x31, 0xec, 0xb2, 0xeb, -0x90, 0x80, 0x95, 0x25, 0x59, 0x0f, 0xe4, 0x15, 0x86, 0x2d, 0x9d, 0xd7, 0x35, 0xe9, 0x22, 0x74, -0xe7, 0x85, 0x36, 0x19, 0x4f, 0x27, 0x5c, 0x17, 0x63, 0x7b, 0x2a, 0xfe, 0x59, 0xe9, 0x76, 0x77, -0xd0, 0xc9, 0x40, 0x78, 0x7c, 0x31, 0x62, 0x1e, 0x87, 0x1b, 0xc1, 0x19, 0xef, 0x6f, 0x15, 0xe6, -0xce, 0x74, 0x84, 0x6d, 0xd6, 0x3b, 0x57, 0xd9, 0xa9, 0x13, 0xf6, 0x7d, 0x84, 0xe7, 0x8f, 0xc6, -0x01, 0x5f, 0xcf, 0xc4, 0x95, 0xc9, 0xde, 0x97, 0x17, 0x43, 0x12, 0x70, 0x27, 0xf9, 0xc4, 0xd7, -0xe1, 0x05, 0xbb, 0x63, 0x87, 0x5f, 0xdc, 0x20, 0xbd, 0xd1, 0xde, 0xd6, 0x2d, 0x9f, 0x3f, 0x5d, -0x0a, 0x27, 0x40, 0x11, 0x5f, 0x5d, 0x54, 0xa7, 0x28, 0xf9, 0x03, 0x2e, 0x84, 0x8d, 0x48, 0x60, -0xa1, 0x71, 0xa3, 0x46, 0x69, 0xdb, 0x88, 0x7b, 0xc1, 0xb6, 0x08, 0x2d, 0xdf, 0x25, 0x9d, 0x32, -0x76, 0x49, 0x0b, 0xba, 0xab, 0xdd, 0xc3, 0x00, 0x76, 0x8a, 0x94, 0xd2, 0x25, 0x43, 0xf0, 0xa9, -0x98, 0x65, 0x94, 0xc7, 0xdd, 0x7c, 0xd4, 0xe2, 0xe8, 0x33, 0xe2, 0x9a, 0xe9, 0x75, 0xf0, 0x0f, -0x61, 0x86, 0xee, 0x0e, 0xf7, 0x39, 0x6b, 0x30, 0x63, 0xe5, 0x46, 0xd4, 0x1c, 0x83, 0xa1, 0x28, -0x79, 0x76, 0x81, 0x48, 0x38, 0x72, 0xbc, 0x3f, 0x25, 0x53, 0x31, 0xaa, 0x02, 0xd1, 0x9b, 0x03, -0xa2, 0x5c, 0x94, 0x21, 0xb3, 0x8e, 0xdf, 0x2a, 0xa5, 0x4c, 0x65, 0xa2, 0xf9, 0xac, 0x38, 0x7a, -0xf9, 0x45, 0xb3, 0xd5, 0xda, 0xe5, 0xb9, 0x56, 0x9e, 0x47, 0xd5, 0x06, 0xe6, 0xca, 0xd7, 0x6e, -0x06, 0xdb, 0x6e, 0xa7, 0x7b, 0x4b, 0x13, 0x40, 0x3c, 0x12, 0x76, 0x99, 0x65, 0xb4, 0x54, 0xa1, -0xd8, 0x21, 0x5c, 0x27 -}; + 0x30, 0x82, 0x03, 0x00, 0x30, 0x82, 0x01, 0xec, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x10, 0xbd, + 0x76, 0xdf, 0x42, 0x47, 0x0a, 0x00, 0x8d, 0x47, 0x3e, 0x74, 0x3f, 0xa1, + 0xdc, 0x8b, 0xbd, 0x30, + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x2d, + 0x31, 0x2b, 0x30, 0x29, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b, + 0x00, 0x38, 0x00, 0x72, + 0x00, 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77, + 0x00, 0x73, 0x00, 0x2e, + 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x1e, 0x17, + 0x0d, 0x31, 0x30, 0x30, + 0x34, 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x17, 0x0d, + 0x31, 0x31, 0x30, 0x34, + 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x30, 0x2d, 0x31, + 0x2b, 0x30, 0x29, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, + 0x38, 0x00, 0x72, 0x00, + 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77, 0x00, + 0x73, 0x00, 0x2e, 0x00, + 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, 0xd7, 0x32, + 0x26, 0xd7, 0xfc, 0x69, + 0x57, 0x4a, 0x55, 0x08, 0x2b, 0x97, 0xc1, 0x5b, 0x90, 0xfd, 0xe8, 0xf5, + 0xf7, 0x9e, 0x7d, 0x34, + 0xce, 0xe9, 0xbb, 0x38, 0xa0, 0x9f, 0xec, 0x84, 0x86, 0x3e, 0x47, 0x2e, + 0x71, 0xd7, 0xc3, 0xbf, + 0x89, 0xf3, 0x80, 0xb5, 0x77, 0x80, 0xd3, 0xb0, 0x56, 0x6b, 0x9c, 0xf4, + 0xd3, 0x42, 0x2b, 0x26, + 0x01, 0x5c, 0x42, 0xef, 0xf6, 0x51, 0x5a, 0xaa, 0x55, 0x6b, 0x30, 0xd3, + 0x2c, 0xdc, 0xde, 0x36, + 0x4d, 0xdd, 0xf3, 0x5f, 0x59, 0xba, 0x57, 0xd8, 0x39, 0x0f, 0x5b, 0xd3, + 0xe1, 0x34, 0x39, 0x22, + 0xaa, 0x71, 0x10, 0x59, 0x7a, 0xec, 0x9f, 0x1a, 0xf5, 0xa9, 0x40, 0xd6, + 0x7b, 0x32, 0x5f, 0x19, + 0x85, 0xc0, 0xfd, 0xa6, 0x6c, 0x32, 0x58, 0xdc, 0x7c, 0x07, 0x42, 0x36, + 0xd0, 0x57, 0x78, 0x63, + 0x60, 0x92, 0x1d, 0x1f, 0x9d, 0xbd, 0xcc, 0xd7, 0xe3, 0x1a, 0x57, 0xdb, + 0x70, 0x80, 0x89, 0x36, + 0x39, 0x01, 0x71, 0x5a, 0x2a, 0x05, 0x25, 0x13, 0x80, 0xf8, 0x49, 0x48, + 0x5f, 0x06, 0xd0, 0xcb, + 0x2c, 0x58, 0x9a, 0xe7, 0x8b, 0x6d, 0x17, 0x2c, 0xb2, 0x97, 0x2c, 0x15, + 0xc9, 0x73, 0x6d, 0x8f, + 0x4f, 0xf3, 0xf1, 0xb9, 0x70, 0x3f, 0xcb, 0x5f, 0x80, 0x85, 0x8b, 0xdf, + 0xd2, 0x05, 0x95, 0x1c, + 0xe4, 0x37, 0xee, 0xd2, 0x62, 0x49, 0x08, 0xdf, 0xf6, 0x02, 0xec, 0xe6, + 0x9a, 0x37, 0xfc, 0x21, + 0x7a, 0x98, 0x12, 0x1d, 0x79, 0xbf, 0xc7, 0x0f, 0x0a, 0x20, 0xf8, 0xef, + 0xa5, 0xc6, 0x0e, 0x94, + 0x5e, 0x17, 0x94, 0x12, 0x42, 0xfe, 0xd7, 0x22, 0xbd, 0x31, 0x27, 0xc7, + 0xdb, 0x4a, 0x4e, 0x95, + 0xe2, 0xc1, 0xdd, 0xe8, 0x0f, 0x7d, 0x1d, 0xe4, 0xfd, 0xb1, 0x27, 0x7b, + 0xc1, 0x71, 0xfe, 0x27, + 0x47, 0x89, 0xf4, 0xfc, 0x84, 0xa5, 0x57, 0x5d, 0x21, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x81, 0x11, + 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, + 0x47, 0x42, 0xdf, 0x76, + 0xbd, 0x82, 0x11, 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, + 0x8d, 0x00, 0x0a, 0x47, + 0x42, 0xdf, 0x76, 0xbd, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, + 0x1d, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xa7, 0xb0, 0x66, 0x75, 0x14, 0x7e, 0x7d, 0xb5, + 0x31, 0xec, 0xb2, 0xeb, + 0x90, 0x80, 0x95, 0x25, 0x59, 0x0f, 0xe4, 0x15, 0x86, 0x2d, 0x9d, 0xd7, + 0x35, 0xe9, 0x22, 0x74, + 0xe7, 0x85, 0x36, 0x19, 0x4f, 0x27, 0x5c, 0x17, 0x63, 0x7b, 0x2a, 0xfe, + 0x59, 0xe9, 0x76, 0x77, + 0xd0, 0xc9, 0x40, 0x78, 0x7c, 0x31, 0x62, 0x1e, 0x87, 0x1b, 0xc1, 0x19, + 0xef, 0x6f, 0x15, 0xe6, + 0xce, 0x74, 0x84, 0x6d, 0xd6, 0x3b, 0x57, 0xd9, 0xa9, 0x13, 0xf6, 0x7d, + 0x84, 0xe7, 0x8f, 0xc6, + 0x01, 0x5f, 0xcf, 0xc4, 0x95, 0xc9, 0xde, 0x97, 0x17, 0x43, 0x12, 0x70, + 0x27, 0xf9, 0xc4, 0xd7, + 0xe1, 0x05, 0xbb, 0x63, 0x87, 0x5f, 0xdc, 0x20, 0xbd, 0xd1, 0xde, 0xd6, + 0x2d, 0x9f, 0x3f, 0x5d, + 0x0a, 0x27, 0x40, 0x11, 0x5f, 0x5d, 0x54, 0xa7, 0x28, 0xf9, 0x03, 0x2e, + 0x84, 0x8d, 0x48, 0x60, + 0xa1, 0x71, 0xa3, 0x46, 0x69, 0xdb, 0x88, 0x7b, 0xc1, 0xb6, 0x08, 0x2d, + 0xdf, 0x25, 0x9d, 0x32, + 0x76, 0x49, 0x0b, 0xba, 0xab, 0xdd, 0xc3, 0x00, 0x76, 0x8a, 0x94, 0xd2, + 0x25, 0x43, 0xf0, 0xa9, + 0x98, 0x65, 0x94, 0xc7, 0xdd, 0x7c, 0xd4, 0xe2, 0xe8, 0x33, 0xe2, 0x9a, + 0xe9, 0x75, 0xf0, 0x0f, + 0x61, 0x86, 0xee, 0x0e, 0xf7, 0x39, 0x6b, 0x30, 0x63, 0xe5, 0x46, 0xd4, + 0x1c, 0x83, 0xa1, 0x28, + 0x79, 0x76, 0x81, 0x48, 0x38, 0x72, 0xbc, 0x3f, 0x25, 0x53, 0x31, 0xaa, + 0x02, 0xd1, 0x9b, 0x03, + 0xa2, 0x5c, 0x94, 0x21, 0xb3, 0x8e, 0xdf, 0x2a, 0xa5, 0x4c, 0x65, 0xa2, + 0xf9, 0xac, 0x38, 0x7a, + 0xf9, 0x45, 0xb3, 0xd5, 0xda, 0xe5, 0xb9, 0x56, 0x9e, 0x47, 0xd5, 0x06, + 0xe6, 0xca, 0xd7, 0x6e, + 0x06, 0xdb, 0x6e, 0xa7, 0x7b, 0x4b, 0x13, 0x40, 0x3c, 0x12, 0x76, 0x99, + 0x65, 0xb4, 0x54, 0xa1, + 0xd8, 0x21, 0x5c, 0x27 + }; gnutls_datum_t derCert = { der, sizeof (der) }; gnutls_x509_crt_t cert; int result; - unsigned char expectedId[] = { 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, 0x47, 0x42, 0xdf, 0x76, 0xbd }; + unsigned char expectedId[] = + { 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, 0x47, + 0x42, 0xdf, 0x76, 0xbd + }; char buf[17]; ssize_t buf_size; @@ -114,12 +165,12 @@ doit (void) fail ("get_issuer_unique_id short error %d\n", result); if (buf_size != 16) fail ("get_issuer_unique_id buf size %zd\n", buf_size); - + buf_size = 16; result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size); if (result < 0) fail ("get_issuer_unique_id %d\n", result); - if (memcmp(buf, expectedId, buf_size) != 0) + if (memcmp (buf, expectedId, buf_size) != 0) fail ("expected id mismatch for issuer\n"); buf_size = 15; @@ -128,14 +179,14 @@ doit (void) fail ("get_subject_unique_id short error %d\n", result); if (buf_size != 16) fail ("get_subject_unique_id buf size %zd\n", buf_size); - + buf_size = 16; result = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size); if (result < 0) - fail ("get_subject_unique_id %d\n", result); - if (memcmp(buf, expectedId, buf_size) != 0) + fail ("get_subject_unique_id %d\n", result); + if (memcmp (buf, expectedId, buf_size) != 0) fail ("expected id mismatch for subject\n"); - + gnutls_x509_crt_deinit (cert); gnutls_global_deinit (); diff --git a/tests/chainverify.c b/tests/chainverify.c index 8aa7a0fcab..f5b8f89860 100644 --- a/tests/chainverify.c +++ b/tests/chainverify.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/crq_apis.c b/tests/crq_apis.c index 8fa593b868..f61e89cd2a 100644 --- a/tests/crq_apis.c +++ b/tests/crq_apis.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdlib.h> diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c index dd2be8abc1..6696ba7132 100644 --- a/tests/crq_key_id.c +++ b/tests/crq_key_id.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdlib.h> diff --git a/tests/crypto_rng.c b/tests/crypto_rng.c index e4b20404f6..fbeb10c5af 100644 --- a/tests/crypto_rng.c +++ b/tests/crypto_rng.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/cve-2008-4989.c b/tests/cve-2008-4989.c index d3f0354eb0..40af8623d8 100644 --- a/tests/cve-2008-4989.c +++ b/tests/cve-2008-4989.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/cve-2009-1415.c b/tests/cve-2009-1415.c index 69b85754e6..2a20178c5c 100644 --- a/tests/cve-2009-1415.c +++ b/tests/cve-2009-1415.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif /* diff --git a/tests/cve-2009-1416.c b/tests/cve-2009-1416.c index 1e91116d53..784521fcd7 100644 --- a/tests/cve-2009-1416.c +++ b/tests/cve-2009-1416.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif /* diff --git a/tests/dhepskself.c b/tests/dhepskself.c index 3ddbb2111f..54c48134c1 100644 --- a/tests/dhepskself.c +++ b/tests/dhepskself.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/dn.c b/tests/dn.c index 4ff06d528f..d86af537c0 100644 --- a/tests/dn.c +++ b/tests/dn.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include <stdio.h> diff --git a/tests/dn2.c b/tests/dn2.c index 42627d3e57..3caccd4291 100644 --- a/tests/dn2.c +++ b/tests/dn2.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include <stdio.h> diff --git a/tests/finished.c b/tests/finished.c index ac7aca36d6..afbdbcf572 100644 --- a/tests/finished.c +++ b/tests/finished.c @@ -23,7 +23,7 @@ /* Based on mini.c. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/gc.c b/tests/gc.c index bb1a485935..3f0b1b8353 100644 --- a/tests/gc.c +++ b/tests/gc.c @@ -19,7 +19,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/hostname-check.c b/tests/hostname-check.c index dbf5c1b6ce..918257e18c 100644 --- a/tests/hostname-check.c +++ b/tests/hostname-check.c @@ -21,14 +21,14 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <string.h> #include <gnutls/gnutls.h> #include <gnutls/x509.h> #ifdef ENABLE_OPENPGP -# include <gnutls/openpgp.h> +#include <gnutls/openpgp.h> #endif #include "utils.h" diff --git a/tests/init_roundtrip.c b/tests/init_roundtrip.c index 7a0d3b1803..f9922734e8 100644 --- a/tests/init_roundtrip.c +++ b/tests/init_roundtrip.c @@ -22,7 +22,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c index a83f7f9351..7dbbce6d26 100644 --- a/tests/mini-eagain.c +++ b/tests/mini-eagain.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -229,7 +229,7 @@ doit (void) fail ("server: didn't receive any data\n"); else if (ret < 0) { -// if (debug) +// if (debug) // fputs ("#", stdout); if (ret != GNUTLS_E_AGAIN) { @@ -240,14 +240,16 @@ doit (void) else { transferred += ret; -// if (debug) -// fputs ("*", stdout); +// if (debug) +// fputs ("*", stdout); } - msglen = strlen(MSG); - do { - ns = gnutls_record_send (server, MSG, msglen); - } while(ns == GNUTLS_E_AGAIN); + msglen = strlen (MSG); + do + { + ns = gnutls_record_send (server, MSG, msglen); + } + while (ns == GNUTLS_E_AGAIN); ret = gnutls_record_recv (client, buffer, MAX_BUF); if (ret == 0) @@ -257,7 +259,7 @@ doit (void) else if (ret < 0) { if (debug) - fputs ("!", stdout); + fputs ("!", stdout); if (ret != GNUTLS_E_AGAIN) { fail ("client: Error: %s\n", gnutls_strerror (ret)); @@ -266,14 +268,17 @@ doit (void) } else { - if (msglen != ret || memcmp(buffer, MSG, msglen) != 0) { + if (msglen != ret || memcmp (buffer, MSG, msglen) != 0) + { fail ("client: Transmitted data do not match\n"); - } + } - /* echo back */ - do { - ns = gnutls_record_send (client, buffer, msglen); - } while(ns == GNUTLS_E_AGAIN); + /* echo back */ + do + { + ns = gnutls_record_send (client, buffer, msglen); + } + while (ns == GNUTLS_E_AGAIN); transferred += ret; if (debug) diff --git a/tests/mini-x509-rehandshake.c b/tests/mini-x509-rehandshake.c index feafa7e3c0..f95c3796f6 100644 --- a/tests/mini-x509-rehandshake.c +++ b/tests/mini-x509-rehandshake.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -274,10 +274,10 @@ main (int argc, char *argv[]) } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 0f29ab13c8..551da19961 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/mini.c b/tests/mini.c index 585b6343ec..54706c021f 100644 --- a/tests/mini.c +++ b/tests/mini.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/moredn.c b/tests/moredn.c index a0566557f4..115686dc84 100644 --- a/tests/moredn.c +++ b/tests/moredn.c @@ -23,7 +23,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/mpi.c b/tests/mpi.c index 92470fdfd9..f670490b45 100644 --- a/tests/mpi.c +++ b/tests/mpi.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/netconf-psk.c b/tests/netconf-psk.c index 36c0ae1c72..2d606d4bf5 100644 --- a/tests/netconf-psk.c +++ b/tests/netconf-psk.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/nul-in-x509-names.c b/tests/nul-in-x509-names.c index 9225f74a43..f8bf78283f 100644 --- a/tests/nul-in-x509-names.c +++ b/tests/nul-in-x509-names.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdlib.h> diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c index 09b5d88371..13e7693cdf 100644 --- a/tests/openpgp-auth.c +++ b/tests/openpgp-auth.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <gnutls/gnutls.h> @@ -43,41 +43,40 @@ static const char message[] = "Hello, brave GNU world!"; /* The OpenPGP key pair for use and the key ID in those keys. */ static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc"; static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc"; -static const char *key_id = - NULL +static const char *key_id = NULL /* FIXME: The values below don't work as expected. */ /* "auto" */ - /* "bd572cdcccc07c35" */; + /* "bd572cdcccc07c35" */ ; static const char rsa_params_file[] = "../guile/tests/rsa-parameters.pem"; static const int protocols[] = { GNUTLS_TLS1_0, 0 }; static const int cert_types[] = { GNUTLS_CRT_OPENPGP, 0 }; -static const int ciphers[] = - { - GNUTLS_CIPHER_NULL, GNUTLS_CIPHER_ARCFOUR, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, - 0 - }; -static const int kx[] = - { - GNUTLS_KX_RSA, GNUTLS_KX_RSA_EXPORT, - GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, - 0 - }; -static const int macs[] = - { - GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160, GNUTLS_MAC_MD5, - 0 - }; + +static const int ciphers[] = { + GNUTLS_CIPHER_NULL, GNUTLS_CIPHER_ARCFOUR, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, + 0 +}; + +static const int kx[] = { + GNUTLS_KX_RSA, GNUTLS_KX_RSA_EXPORT, + GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, + 0 +}; + +static const int macs[] = { + GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160, GNUTLS_MAC_MD5, + 0 +}; static void log_message (int level, const char *message) { fprintf (stderr, "[%5d|%2d] %s", getpid (), level, message); } - + void doit () { @@ -89,7 +88,7 @@ doit () gnutls_global_init (); - srcdir = getenv ("srcdir") ?: "."; + srcdir = getenv ("srcdir") ? : "."; if (debug) { @@ -131,7 +130,8 @@ doit () gnutls_set_default_priority (session); gnutls_transport_set_ptr (session, - (gnutls_transport_ptr_t)(intptr_t) sockets[0]); + (gnutls_transport_ptr_t) (intptr_t) + sockets[0]); err = gnutls_certificate_allocate_credentials (&cred); if (err != 0) @@ -196,7 +196,8 @@ doit () gnutls_set_default_priority (session); gnutls_transport_set_ptr (session, - (gnutls_transport_ptr_t)(intptr_t) sockets[1]); + (gnutls_transport_ptr_t) (intptr_t) + sockets[1]); err = gnutls_certificate_allocate_credentials (&cred); if (err != 0) @@ -212,16 +213,16 @@ doit () err = gnutls_dh_params_init (&dh_params); if (err) - fail ("server DH params init %d\n", err); + fail ("server DH params init %d\n", err); err = gnutls_dh_params_generate2 (dh_params, 1024); if (err) - fail ("server DH params generate %d\n", err); + fail ("server DH params generate %d\n", err); gnutls_certificate_set_dh_params (cred, dh_params); rsa_data.data = - (unsigned char *) read_binary_file (rsa_params_file, &rsa_size); + (unsigned char *) read_binary_file (rsa_params_file, &rsa_size); rsa_data.size = rsa_size; err = gnutls_rsa_params_init (&rsa_params); diff --git a/tests/openpgp-keyring.c b/tests/openpgp-keyring.c index b505db806d..6e3224d080 100644 --- a/tests/openpgp-keyring.c +++ b/tests/openpgp-keyring.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include <stdio.h> diff --git a/tests/openpgpself.c b/tests/openpgpself.c index 2e9e543177..3732d3b39f 100644 --- a/tests/openpgpself.c +++ b/tests/openpgpself.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/openssl.c b/tests/openssl.c index 05e43d900f..188d82e9b2 100644 --- a/tests/openssl.c +++ b/tests/openssl.c @@ -22,7 +22,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/parse_ca.c b/tests/parse_ca.c index 5791a958cf..9f81887e27 100644 --- a/tests/parse_ca.c +++ b/tests/parse_ca.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/pgps2kgnu.c b/tests/pgps2kgnu.c index bb458610ee..1076bdea4f 100644 --- a/tests/pgps2kgnu.c +++ b/tests/pgps2kgnu.c @@ -26,7 +26,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c index 42ff96d806..e69104f7e1 100644 --- a/tests/pkcs12_encode.c +++ b/tests/pkcs12_encode.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <gnutls/gnutls.h> @@ -151,7 +151,8 @@ doit (void) i == 0 ? GNUTLS_PKCS8_USE_PKCS12_3DES : GNUTLS_PKCS_USE_PKCS12_RC2_40); if (ret < 0) - error (EXIT_FAILURE, 0, "bag_encrypt: %d: %s", ret, i==0?"3DES":"RC2-40"); + error (EXIT_FAILURE, 0, "bag_encrypt: %d: %s", ret, + i == 0 ? "3DES" : "RC2-40"); ret = gnutls_pkcs12_set_bag (pkcs12, bag); if (ret < 0) diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c index 671a44bddd..41c8d1299f 100644 --- a/tests/pkcs12_s2k.c +++ b/tests/pkcs12_s2k.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -133,12 +133,14 @@ doit (void) fail ("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc); if (strcmp (_gnutls_bin2hex (key, sizeof (key), - tmp, sizeof (tmp), NULL), values[x]) != 0) + tmp, sizeof (tmp), NULL), + values[x]) != 0) fail ("_gnutls_pkcs12_string_to_key failed[1]\n"); if (debug) printf ("ij: %d.%d: %s\n", i, j, - _gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp), NULL)); + _gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp), + NULL)); x++; } } diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c index 165dbbd2fc..ccbd35455b 100644 --- a/tests/pkcs12_s2k_pem.c +++ b/tests/pkcs12_s2k_pem.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif /* diff --git a/tests/pskself.c b/tests/pskself.c index 1de6e5c9e8..052e09027b 100644 --- a/tests/pskself.c +++ b/tests/pskself.c @@ -23,7 +23,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/resume.c b/tests/resume.c index 488dd8c20d..76078b4a59 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/safe-renegotiation/srn0.c b/tests/safe-renegotiation/srn0.c index 351cf71328..7310225578 100644 --- a/tests/safe-renegotiation/srn0.c +++ b/tests/safe-renegotiation/srn0.c @@ -29,7 +29,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -289,10 +289,10 @@ main (int argc, char *argv[]) } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -300,7 +300,8 @@ main (int argc, char *argv[]) if (!gnutls_safe_renegotiation_status (client) || !gnutls_safe_renegotiation_status (server)) { - tls_log_func (0, "Rehandshaked session not using safe renegotiation!\n"); + tls_log_func (0, + "Rehandshaked session not using safe renegotiation!\n"); exit_code = EXIT_FAILURE; } diff --git a/tests/safe-renegotiation/srn1.c b/tests/safe-renegotiation/srn1.c index 8cc0d5c213..ee40c3a796 100644 --- a/tests/safe-renegotiation/srn1.c +++ b/tests/safe-renegotiation/srn1.c @@ -28,7 +28,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -184,8 +184,7 @@ main (int argc, char *argv[]) GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", - NULL); + gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function (server, server_push); gnutls_transport_set_pull_function (server, server_pull); diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c index 726ca1b51f..6bc92e9a24 100644 --- a/tests/safe-renegotiation/srn2.c +++ b/tests/safe-renegotiation/srn2.c @@ -26,7 +26,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -295,10 +295,10 @@ main (int argc, char *argv[]) } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -313,7 +313,7 @@ main (int argc, char *argv[]) /* Check that this API does not affect anything after first handshake. - gnutls_safe_negotiation_set_initial (server, 0); */ + gnutls_safe_negotiation_set_initial (server, 0); */ sret = gnutls_rehandshake (server); if (debug_level > 0) @@ -363,10 +363,10 @@ main (int argc, char *argv[]) } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -422,10 +422,10 @@ main (int argc, char *argv[]) } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; diff --git a/tests/safe-renegotiation/srn3.c b/tests/safe-renegotiation/srn3.c index de821e93c4..06457a2dc1 100644 --- a/tests/safe-renegotiation/srn3.c +++ b/tests/safe-renegotiation/srn3.c @@ -28,7 +28,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -193,8 +193,7 @@ main (int argc, char *argv[]) gnutls_certificate_allocate_credentials (&clientx509cred); gnutls_init (&client, GNUTLS_CLIENT); gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct (client, "NORMAL:%SAFE_RENEGOTIATION", - NULL); + gnutls_priority_set_direct (client, "NORMAL:%SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function (client, client_push); gnutls_transport_set_pull_function (client, client_pull); diff --git a/tests/safe-renegotiation/srn4.c b/tests/safe-renegotiation/srn4.c index a0d8c62c19..488a0c3b69 100644 --- a/tests/safe-renegotiation/srn4.c +++ b/tests/safe-renegotiation/srn4.c @@ -28,7 +28,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -289,11 +289,11 @@ main (int argc, char *argv[]) } } while ( - /* Not done: */ - !(cret == GNUTLS_E_AGAIN - && sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_AGAIN + && sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_AGAIN && sret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) exit_code = 1; @@ -301,7 +301,8 @@ main (int argc, char *argv[]) if (gnutls_safe_renegotiation_status (client) || gnutls_safe_renegotiation_status (server)) { - tls_log_func (0, "Rehandshaked session not using safe renegotiation!\n"); + tls_log_func (0, + "Rehandshaked session not using safe renegotiation!\n"); exit_code = EXIT_FAILURE; } diff --git a/tests/safe-renegotiation/srn5.c b/tests/safe-renegotiation/srn5.c index 477ebb75a0..91d1b9474f 100644 --- a/tests/safe-renegotiation/srn5.c +++ b/tests/safe-renegotiation/srn5.c @@ -29,7 +29,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> @@ -295,11 +295,11 @@ main (int argc, char *argv[]) } } while ( - /* Not done: */ - !(sret == GNUTLS_E_AGAIN - && cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(sret == GNUTLS_E_AGAIN + && cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (sret != GNUTLS_E_AGAIN && cret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) exit_code = 1; @@ -307,7 +307,8 @@ main (int argc, char *argv[]) if (gnutls_safe_renegotiation_status (client) || gnutls_safe_renegotiation_status (server)) { - tls_log_func (0, "Rehandshaked session not using safe renegotiation!\n"); + tls_log_func (0, + "Rehandshaked session not using safe renegotiation!\n"); exit_code = EXIT_FAILURE; } diff --git a/tests/set_pkcs12_cred.c b/tests/set_pkcs12_cred.c index 6a4109fe2f..579e7aaa6b 100644 --- a/tests/set_pkcs12_cred.c +++ b/tests/set_pkcs12_cred.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdlib.h> diff --git a/tests/setcredcrash.c b/tests/setcredcrash.c index 7a6803a5d6..61225a3520 100644 --- a/tests/setcredcrash.c +++ b/tests/setcredcrash.c @@ -21,7 +21,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/simple.c b/tests/simple.c index 17d0cb55fa..4124876b14 100644 --- a/tests/simple.c +++ b/tests/simple.c @@ -22,7 +22,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/tlsia.c b/tests/tlsia.c index c97ce9517f..d4ebce4a66 100644 --- a/tests/tlsia.c +++ b/tests/tlsia.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/utils.c b/tests/utils.c index eb55d1f133..946c62d39d 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -22,7 +22,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include <stdio.h> diff --git a/tests/utils.h b/tests/utils.h index e5fd600d0b..47db94f61e 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -22,16 +22,16 @@ */ #ifndef UTILS_H -# define UTILS_H +#define UTILS_H -# include <string.h> -# include <stdarg.h> -# include <gnutls/gnutls.h> +#include <string.h> +#include <stdarg.h> +#include <gnutls/gnutls.h> #ifndef __attribute__ -# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -# define __attribute__(Spec) /* empty */ -# endif +#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) +#define __attribute__(Spec) /* empty */ +#endif #endif extern int debug; diff --git a/tests/x509_altname.c b/tests/x509_altname.c index 707b568623..432b44fb98 100644 --- a/tests/x509_altname.c +++ b/tests/x509_altname.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include "config.h" +#include "config.h" #endif #include <stdio.h> diff --git a/tests/x509dn.c b/tests/x509dn.c index a68af097a5..6095b3a8d2 100644 --- a/tests/x509dn.c +++ b/tests/x509dn.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/x509self.c b/tests/x509self.c index f10a51f331..0039a49398 100644 --- a/tests/x509self.c +++ b/tests/x509self.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c index 1eb749066f..1eb86f516b 100644 --- a/tests/x509sign-verify.c +++ b/tests/x509sign-verify.c @@ -24,7 +24,7 @@ /* Parts copied from GnuTLS example programs. */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdio.h> |