summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSimon Josefsson <simon@josefsson.org>2010-10-14 15:02:12 +0200
committerSimon Josefsson <simon@josefsson.org>2010-10-14 15:02:12 +0200
commit03636f4440ae918d6f710935a00806469f65f1c6 (patch)
tree1969ad6201816d1eb1421d93ef6900ec3b647788 /lib
parent59425cbec511cdc314f2a22ee95b299f8fa06fc8 (diff)
downloadgnutls-03636f4440ae918d6f710935a00806469f65f1c6.tar.gz
Indent (using GNU indent 2.2.11).
Diffstat (limited to 'lib')
-rw-r--r--lib/auth_cert.c285
-rw-r--r--lib/auth_cert.h26
-rw-r--r--lib/auth_dh_common.c4
-rw-r--r--lib/auth_dh_common.h2
-rw-r--r--lib/auth_psk.h4
-rw-r--r--lib/auth_rsa.c8
-rw-r--r--lib/auth_rsa_export.c19
-rw-r--r--lib/auth_srp.c28
-rw-r--r--lib/auth_srp.h2
-rw-r--r--lib/crypto-api.c16
-rw-r--r--lib/crypto.h2
-rw-r--r--lib/cryptodev.c90
-rw-r--r--lib/debug.c17
-rw-r--r--lib/debug.h2
-rw-r--r--lib/ext_cert_type.c25
-rw-r--r--lib/ext_max_record.c91
-rw-r--r--lib/ext_safe_renegotiation.c349
-rw-r--r--lib/ext_safe_renegotiation.h17
-rw-r--r--lib/ext_server_name.c159
-rw-r--r--lib/ext_server_name.h3
-rw-r--r--lib/ext_session_ticket.c194
-rw-r--r--lib/ext_session_ticket.h6
-rw-r--r--lib/ext_signature.c149
-rw-r--r--lib/ext_signature.h2
-rw-r--r--lib/ext_srp.c114
-rw-r--r--lib/ext_srp.h13
-rw-r--r--lib/gcrypt/init.c15
-rw-r--r--lib/gcrypt/mpi.c25
-rw-r--r--lib/gcrypt/pk.c55
-rw-r--r--lib/gnutls_alert.c4
-rw-r--r--lib/gnutls_algorithms.c71
-rw-r--r--lib/gnutls_algorithms.h2
-rw-r--r--lib/gnutls_auth.h2
-rw-r--r--lib/gnutls_buffers.c174
-rw-r--r--lib/gnutls_buffers.h11
-rw-r--r--lib/gnutls_cert.c2
-rw-r--r--lib/gnutls_cert.h2
-rw-r--r--lib/gnutls_cipher.c23
-rw-r--r--lib/gnutls_cipher.h8
-rw-r--r--lib/gnutls_cipher_int.c34
-rw-r--r--lib/gnutls_cipher_int.h20
-rw-r--r--lib/gnutls_compress.c18
-rw-r--r--lib/gnutls_compress.h8
-rw-r--r--lib/gnutls_constate.c126
-rw-r--r--lib/gnutls_constate.h13
-rw-r--r--lib/gnutls_datum.h2
-rw-r--r--lib/gnutls_dh.h2
-rw-r--r--lib/gnutls_errors.c38
-rw-r--r--lib/gnutls_errors.h59
-rw-r--r--lib/gnutls_extensions.c320
-rw-r--r--lib/gnutls_extensions.h45
-rw-r--r--lib/gnutls_global.c12
-rw-r--r--lib/gnutls_global.h4
-rw-r--r--lib/gnutls_handshake.c235
-rw-r--r--lib/gnutls_handshake.h2
-rw-r--r--lib/gnutls_hash_int.c34
-rw-r--r--lib/gnutls_hash_int.h16
-rw-r--r--lib/gnutls_int.h77
-rw-r--r--lib/gnutls_kx.c23
-rw-r--r--lib/gnutls_mbuffers.c64
-rw-r--r--lib/gnutls_mbuffers.h59
-rw-r--r--lib/gnutls_mem.h2
-rw-r--r--lib/gnutls_mpi.h6
-rw-r--r--lib/gnutls_num.h6
-rw-r--r--lib/gnutls_pk.c42
-rw-r--r--lib/gnutls_pk.h10
-rw-r--r--lib/gnutls_priority.c22
-rw-r--r--lib/gnutls_privkey.c315
-rw-r--r--lib/gnutls_pubkey.c1140
-rw-r--r--lib/gnutls_record.c61
-rw-r--r--lib/gnutls_record.h11
-rw-r--r--lib/gnutls_session_pack.c327
-rw-r--r--lib/gnutls_sig.c10
-rw-r--r--lib/gnutls_sig.h9
-rw-r--r--lib/gnutls_srp.c2
-rw-r--r--lib/gnutls_state.c15
-rw-r--r--lib/gnutls_state.h2
-rw-r--r--lib/gnutls_str.c341
-rw-r--r--lib/gnutls_str.h31
-rw-r--r--lib/gnutls_supplemental.c3
-rw-r--r--lib/gnutls_supplemental.h3
-rw-r--r--lib/gnutls_x509.c344
-rw-r--r--lib/includes/gnutls/abstract.h136
-rw-r--r--lib/includes/gnutls/compat.h108
-rw-r--r--lib/includes/gnutls/crypto.h27
-rw-r--r--lib/includes/gnutls/gnutls.h.in124
-rw-r--r--lib/includes/gnutls/gnutlsxx.h5
-rw-r--r--lib/includes/gnutls/openpgp.h29
-rw-r--r--lib/includes/gnutls/pkcs11.h195
-rw-r--r--lib/includes/gnutls/pkcs12.h12
-rw-r--r--lib/includes/gnutls/x509.h59
-rw-r--r--lib/locks.c7
-rw-r--r--lib/locks.h2
-rw-r--r--lib/nettle/cipher.c332
-rw-r--r--lib/nettle/egd.c198
-rw-r--r--lib/nettle/egd.h2
-rw-r--r--lib/nettle/init.c5
-rw-r--r--lib/nettle/mac.c400
-rw-r--r--lib/nettle/mpi.c832
-rw-r--r--lib/nettle/pk.c1026
-rw-r--r--lib/nettle/rnd.c557
-rw-r--r--lib/opencdk/armor.c13
-rw-r--r--lib/opencdk/hash.c2
-rw-r--r--lib/opencdk/kbnode.c2
-rw-r--r--lib/opencdk/keydb.c2
-rw-r--r--lib/opencdk/literal.c2
-rw-r--r--lib/opencdk/main.c4
-rw-r--r--lib/opencdk/misc.c2
-rw-r--r--lib/opencdk/new-packet.c2
-rw-r--r--lib/opencdk/pubkey.c4
-rw-r--r--lib/opencdk/read-packet.c5
-rw-r--r--lib/opencdk/seskey.c2
-rw-r--r--lib/opencdk/sig-check.c8
-rw-r--r--lib/opencdk/stream.c18
-rw-r--r--lib/opencdk/types.h16
-rw-r--r--lib/opencdk/verify.c4
-rw-r--r--lib/openpgp/gnutls_openpgp.c84
-rw-r--r--lib/openpgp/openpgp_int.h4
-rw-r--r--lib/openpgp/output.c7
-rw-r--r--lib/openpgp/pgp.c5
-rw-r--r--lib/openpgp/privkey.c20
-rw-r--r--lib/pakchois/dlopen.c17
-rw-r--r--lib/pakchois/dlopen.h10
-rw-r--r--lib/pakchois/errors.c270
-rw-r--r--lib/pakchois/pakchois.c1547
-rw-r--r--lib/pakchois/pakchois.h502
-rw-r--r--lib/pakchois/pakchois11.h1003
-rw-r--r--lib/pkcs11.c4312
-rw-r--r--lib/pkcs11_int.h120
-rw-r--r--lib/pkcs11_privkey.c422
-rw-r--r--lib/pkcs11_write.c893
-rw-r--r--lib/random.c3
-rw-r--r--lib/random.h2
-rw-r--r--lib/system.c162
-rw-r--r--lib/system.h34
-rw-r--r--lib/x509/common.c49
-rw-r--r--lib/x509/common.h24
-rw-r--r--lib/x509/crl_write.c11
-rw-r--r--lib/x509/crq.c33
-rw-r--r--lib/x509/dn.c5
-rw-r--r--lib/x509/mpi.c25
-rw-r--r--lib/x509/output.c30
-rw-r--r--lib/x509/privkey.c230
-rw-r--r--lib/x509/sign.c34
-rw-r--r--lib/x509/sign.h8
-rw-r--r--lib/x509/verify.c97
-rw-r--r--lib/x509/x509.c102
-rw-r--r--lib/x509/x509_int.h21
-rw-r--r--lib/x509/x509_write.c11
-rw-r--r--lib/x509_b64.c5
150 files changed, 10702 insertions, 9476 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 14344b08e6..2c0a5f2d16 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -49,19 +49,21 @@
#include "debug.h"
#ifdef ENABLE_OPENPGP
-# include "openpgp/gnutls_openpgp.h"
+#include "openpgp/gnutls_openpgp.h"
static gnutls_privkey_t alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
- key, int deinit);
+ key, int deinit);
static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
#endif
static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
unsigned);
-static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit);
+static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key,
+ int deinit);
-static gnutls_privkey_t alloc_and_load_pkcs11_key ( gnutls_pkcs11_privkey_t key, int deinit);
+static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t
+ key, int deinit);
/* Copies data from a internal certificate struct (gnutls_cert) to
@@ -411,29 +413,34 @@ get_issuers (gnutls_session_t session,
return 0;
}
-static void st_to_st2(gnutls_retr2_st *st2, gnutls_retr_st* st)
+static void
+st_to_st2 (gnutls_retr2_st * st2, gnutls_retr_st * st)
{
- st2->cert_type = st->type;
- if (st->type == GNUTLS_CRT_OPENPGP) {
- st2->key_type = GNUTLS_PRIVKEY_OPENPGP;
- } else {
- st2->key_type = GNUTLS_PRIVKEY_X509;
- }
- st2->ncerts = st->ncerts;
- st2->deinit_all = st->deinit_all;
-
- switch(st2->cert_type) {
- case GNUTLS_CRT_OPENPGP:
- st2->cert.pgp = st->cert.pgp;
- st2->key.pgp = st->key.pgp;
- break;
- case GNUTLS_CRT_X509:
- st2->cert.x509 = st->cert.x509;
- st2->key.x509 = st->key.x509;
- break;
- default:
- return;
- }
+ st2->cert_type = st->type;
+ if (st->type == GNUTLS_CRT_OPENPGP)
+ {
+ st2->key_type = GNUTLS_PRIVKEY_OPENPGP;
+ }
+ else
+ {
+ st2->key_type = GNUTLS_PRIVKEY_X509;
+ }
+ st2->ncerts = st->ncerts;
+ st2->deinit_all = st->deinit_all;
+
+ switch (st2->cert_type)
+ {
+ case GNUTLS_CRT_OPENPGP:
+ st2->cert.pgp = st->cert.pgp;
+ st2->key.pgp = st->key.pgp;
+ break;
+ case GNUTLS_CRT_X509:
+ st2->cert.x509 = st->cert.x509;
+ st2->key.x509 = st->key.x509;
+ break;
+ default:
+ return;
+ }
}
@@ -464,39 +471,42 @@ call_get_cert_callback (gnutls_session_t session,
memset (&st2, 0, sizeof (st2));
if (cred->get_cert_callback)
- {
- ret = cred->get_cert_callback( session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length, &st2);
+ {
+ ret = cred->get_cert_callback (session, issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length, &st2);
- }
+ }
else
- { /* compatibility mode */
- gnutls_retr_st st;
- memset (&st, 0, sizeof (st));
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (cred->server_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->server_get_cert_callback (session, &st);
- if (ret >= 0) st_to_st2(&st2, &st);
- }
- else
- { /* CLIENT */
-
- if (cred->client_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->client_get_cert_callback (session,
+ { /* compatibility mode */
+ gnutls_retr_st st;
+ memset (&st, 0, sizeof (st));
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ if (cred->server_get_cert_callback == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->server_get_cert_callback (session, &st);
+ if (ret >= 0)
+ st_to_st2 (&st2, &st);
+ }
+ else
+ { /* CLIENT */
+
+ if (cred->client_get_cert_callback == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->client_get_cert_callback (session,
issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length, &st);
- if (ret >= 0) st_to_st2(&st2, &st);
- }
+ pk_algos, pk_algos_length,
+ &st);
+ if (ret >= 0)
+ st_to_st2 (&st2, &st);
}
+ }
if (ret < 0)
{
@@ -522,67 +532,70 @@ call_get_cert_callback (gnutls_session_t session,
else
{ /* PGP */
if (st2.ncerts > 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
#ifdef ENABLE_OPENPGP
- {
- local_certs = alloc_and_load_pgp_certs (st2.cert.pgp);
+ {
+ local_certs = alloc_and_load_pgp_certs (st2.cert.pgp);
}
#else
- ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
- goto cleanup;
+ ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ goto cleanup;
#endif
}
- if (local_certs == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ if (local_certs == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
- switch(st2.key_type) {
- case GNUTLS_PRIVKEY_OPENPGP:
+ switch (st2.key_type)
+ {
+ case GNUTLS_PRIVKEY_OPENPGP:
#ifdef ENABLE_OPENPGP
- if (st2.key.pgp != NULL)
- {
- local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
- break;
+ if (st2.key.pgp != NULL)
+ {
+ local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
+ break;
#endif
- case GNUTLS_PRIVKEY_PKCS11:
- if (st2.key.pkcs11 != NULL)
- {
- local_key = alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
- break;
- case GNUTLS_PRIVKEY_X509:
- if (st2.key.x509 != NULL)
- {
- local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
- break;
+ case GNUTLS_PRIVKEY_PKCS11:
+ if (st2.key.pkcs11 != NULL)
+ {
+ local_key =
+ alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
+ break;
+ case GNUTLS_PRIVKEY_X509:
+ if (st2.key.x509 != NULL)
+ {
+ local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
}
+ break;
+ }
_gnutls_selected_certs_set (session, local_certs,
(local_certs != NULL) ? st2.ncerts : 0,
@@ -595,27 +608,27 @@ cleanup:
if (st2.cert_type == GNUTLS_CRT_X509)
{
if (st2.deinit_all)
- {
- for (i = 0; i < st2.ncerts; i++)
- {
- gnutls_x509_crt_deinit (st2.cert.x509[i]);
- }
- }
+ {
+ for (i = 0; i < st2.ncerts; i++)
+ {
+ gnutls_x509_crt_deinit (st2.cert.x509[i]);
+ }
+ }
}
else
{
#ifdef ENABLE_OPENPGP
- if (st2.deinit_all)
- {
- gnutls_openpgp_crt_deinit (st2.cert.pgp);
- }
+ if (st2.deinit_all)
+ {
+ gnutls_openpgp_crt_deinit (st2.cert.pgp);
+ }
#endif
}
-
+
if (ret < 0)
{
if (local_key != NULL)
- gnutls_privkey_deinit(local_key);
+ gnutls_privkey_deinit (local_key);
}
return ret;
@@ -649,7 +662,8 @@ _select_client_cert (gnutls_session_t session,
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- if (cred->client_get_cert_callback != NULL || cred->get_cert_callback != NULL)
+ if (cred->client_get_cert_callback != NULL
+ || cred->get_cert_callback != NULL)
{
/* use a callback to get certificate
@@ -1846,18 +1860,21 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit)
if (key == NULL)
return NULL;
- ret = gnutls_privkey_init(&local_key);
- if (ret < 0)
+ ret = gnutls_privkey_init (&local_key);
+ if (ret < 0)
{
gnutls_assert ();
return NULL;
}
- ret = gnutls_privkey_import_x509 (local_key, key, deinit?GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE:0);
+ ret =
+ gnutls_privkey_import_x509 (local_key, key,
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
+ 0);
if (ret < 0)
{
gnutls_assert ();
- gnutls_privkey_deinit(local_key);
+ gnutls_privkey_deinit (local_key);
return NULL;
}
@@ -1913,7 +1930,7 @@ alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert)
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_pgp_key ( gnutls_openpgp_privkey_t key, int deinit)
+alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit)
{
gnutls_privkey_t local_key;
int ret = 0;
@@ -1921,18 +1938,21 @@ alloc_and_load_pgp_key ( gnutls_openpgp_privkey_t key, int deinit)
if (key == NULL)
return NULL;
- ret = gnutls_privkey_init(&local_key);
+ ret = gnutls_privkey_init (&local_key);
if (ret < 0)
{
gnutls_assert ();
return NULL;
}
- ret = gnutls_privkey_import_openpgp (local_key, key, deinit?GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE:0);
+ ret =
+ gnutls_privkey_import_openpgp (local_key, key,
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
if (ret < 0)
{
gnutls_assert ();
- gnutls_privkey_deinit(local_key);
+ gnutls_privkey_deinit (local_key);
return NULL;
}
@@ -1944,7 +1964,7 @@ alloc_and_load_pgp_key ( gnutls_openpgp_privkey_t key, int deinit)
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_pkcs11_key ( gnutls_pkcs11_privkey_t key, int deinit)
+alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t key, int deinit)
{
gnutls_privkey_t local_key;
int ret = 0;
@@ -1952,18 +1972,21 @@ alloc_and_load_pkcs11_key ( gnutls_pkcs11_privkey_t key, int deinit)
if (key == NULL)
return NULL;
- ret = gnutls_privkey_init(&local_key);
+ ret = gnutls_privkey_init (&local_key);
if (ret < 0)
{
gnutls_assert ();
return NULL;
}
- ret = gnutls_privkey_import_pkcs11 (local_key, key, deinit?GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE:0);
+ ret =
+ gnutls_privkey_import_pkcs11 (local_key, key,
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
if (ret < 0)
{
gnutls_assert ();
- gnutls_privkey_deinit(local_key);
+ gnutls_privkey_deinit (local_key);
return NULL;
}
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index 1c1336d025..9a4e79921e 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -24,14 +24,14 @@
*/
#ifndef AUTH_CERT_H
-# define AUTH_CERT_H
-# include "gnutls_cert.h"
-# include "gnutls_auth.h"
-# include "auth_dh_common.h"
-# include "x509/x509_int.h"
-# include "openpgp/openpgp_int.h"
-# include <gnutls/abstract.h>
-# include <gnutls/compat.h>
+#define AUTH_CERT_H
+#include "gnutls_cert.h"
+#include "gnutls_auth.h"
+#include "auth_dh_common.h"
+#include "x509/x509_int.h"
+#include "openpgp/openpgp_int.h"
+#include <gnutls/abstract.h>
+#include <gnutls/compat.h>
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
@@ -93,8 +93,8 @@ typedef struct gnutls_certificate_credentials_st
*/
gnutls_datum_t x509_rdn_sequence;
- gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
- gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
+ gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
+ gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
gnutls_certificate_verify_function *verify_callback;
gnutls_certificate_retrieve_function *get_cert_callback;
@@ -167,7 +167,9 @@ int _gnutls_get_auth_info_gcert (gnutls_cert * gcert,
cert_auth_info_t info,
int flags /* OR of ConvFlags */ );
-int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr);
-int certificate_credentials_append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey);
+int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
+ res, gnutls_cert * crt, int nr);
+int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
+ gnutls_privkey_t pkey);
#endif
diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c
index bee2595212..456ce3ad9f 100644
--- a/lib/auth_dh_common.c
+++ b/lib/auth_dh_common.c
@@ -95,7 +95,7 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
{
ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
}
- else /* In DHE_PSK the key is set differently */
+ else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
@@ -176,7 +176,7 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque ** data)
{
ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
}
- else /* In DHE_PSK the key is set differently */
+ else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
diff --git a/lib/auth_dh_common.h b/lib/auth_dh_common.h
index 9fc13bafba..00ed02915d 100644
--- a/lib/auth_dh_common.h
+++ b/lib/auth_dh_common.h
@@ -24,7 +24,7 @@
*/
#ifndef AUTH_DH_COMMON
-# define AUTH_DH_COMMON
+#define AUTH_DH_COMMON
typedef struct
{
diff --git a/lib/auth_psk.h b/lib/auth_psk.h
index 013ed0dfd0..c79da6b79f 100644
--- a/lib/auth_psk.h
+++ b/lib/auth_psk.h
@@ -23,7 +23,7 @@
*/
#ifndef AUTH_PSK_H
-# define AUTH_PSK_H
+#define AUTH_PSK_H
#include <gnutls_auth.h>
#include <auth_dh_common.h>
@@ -70,7 +70,7 @@ typedef struct psk_auth_info_st psk_auth_info_st;
int
_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t * psk2);
#else
-# define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR
+#define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR
#endif /* ENABLE_PSK */
#endif
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 261803952f..1605c9b77c 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -58,7 +58,7 @@ const mod_auth_st rsa_auth_struct = {
_gnutls_proc_cert_server_certificate,
_gnutls_proc_cert_client_certificate,
NULL, /* proc server kx */
- proc_rsa_client_kx, /* proc client kx */
+ proc_rsa_client_kx, /* proc client kx */
_gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
_gnutls_proc_cert_cert_req /* proc server cert request */
};
@@ -146,7 +146,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session,
static int
proc_rsa_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
gnutls_datum_t plaintext;
gnutls_datum_t ciphertext;
@@ -177,7 +177,9 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data,
ciphertext.size = dsize;
}
- ret = gnutls_privkey_decrypt_data (session->internals.selected_key, 0, &ciphertext, &plaintext);
+ ret =
+ gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
+ &ciphertext, &plaintext);
if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
{
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index fc738b7146..47cef3690a 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -48,7 +48,7 @@ int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
static int gen_rsa_export_server_kx (gnutls_session_t, opaque **);
static int proc_rsa_export_server_kx (gnutls_session_t, opaque *, size_t);
static int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size);
+ size_t _data_size);
const mod_auth_st rsa_export_auth_struct = {
"RSA EXPORT",
@@ -99,18 +99,18 @@ _gnutls_get_private_rsa_params (gnutls_session_t session,
(&session->security_parameters.current_cipher_suite)
!= GNUTLS_KX_RSA_EXPORT || bits < 512)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
rsa_params =
- _gnutls_certificate_get_rsa_params (cred->rsa_params,
- cred->params_func, session);
+ _gnutls_certificate_get_rsa_params (cred->rsa_params,
+ cred->params_func, session);
/* EXPORT case: */
if (rsa_params == NULL)
{
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
}
/* In the export case, we do use temporary RSA params
@@ -123,8 +123,9 @@ _gnutls_get_private_rsa_params (gnutls_session_t session,
return 0;
}
-int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+int
+proc_rsa_export_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
{
gnutls_datum_t plaintext;
gnutls_datum_t ciphertext;
@@ -268,7 +269,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data)
/* abort sending this message if we have a certificate
* of 512 bits or less.
*/
- gnutls_privkey_get_pk_algorithm(apr_pkey, &bits);
+ gnutls_privkey_get_pk_algorithm (apr_pkey, &bits);
if (apr_pkey && bits <= 512)
{
gnutls_assert ();
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index 54bfd10124..ff78c430fb 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -144,12 +144,12 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data)
char buf[64];
uint8_t *data_b;
extension_priv_data_t epriv;
- srp_ext_st * priv;
+ srp_ext_st *priv;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
+ ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
+ if (ret < 0) /* peer didn't send a username */
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_UNKNOWN_SRP_USERNAME;
}
priv = epriv.ptr;
@@ -257,7 +257,8 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data)
_gnutls_write_uint16 (n_b, data_b);
_gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b,
- _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf), NULL));
+ _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf),
+ NULL));
_gnutls_srp_entry_free (pwd_entry);
@@ -275,12 +276,12 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data)
char buf[64];
gnutls_srp_client_credentials_t cred;
extension_priv_data_t epriv;
- srp_ext_st * priv;
+ srp_ext_st *priv;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
+ ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
+ if (ret < 0) /* peer didn't send a username */
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_UNKNOWN_SRP_USERNAME;
}
priv = epriv.ptr;
@@ -386,7 +387,8 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data)
}
_gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a,
- _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf), NULL));
+ _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf),
+ NULL));
_gnutls_mpi_release (&A);
@@ -737,12 +739,12 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data,
ssize_t data_size = _data_size;
gnutls_srp_client_credentials_t cred;
extension_priv_data_t epriv;
- srp_ext_st * priv;
+ srp_ext_st *priv;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SRP, &epriv);
+ ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_UNKNOWN_SRP_USERNAME;
}
priv = epriv.ptr;
diff --git a/lib/auth_srp.h b/lib/auth_srp.h
index 3b20fe7489..245b6a5b99 100644
--- a/lib/auth_srp.h
+++ b/lib/auth_srp.h
@@ -24,7 +24,7 @@
*/
#ifndef AUTH_SRP_H
-# define AUTH_SRP_H
+#define AUTH_SRP_H
#include <gnutls_auth.h>
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 1b6b5d55cc..517568eb66 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -118,10 +118,10 @@ gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
**/
int
gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen,
- void* ciphertext, size_t ciphertextlen)
+ void *ciphertext, size_t ciphertextlen)
{
- return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen,
- ciphertext, ciphertextlen);
+ return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen,
+ ciphertext, ciphertextlen);
}
/**
@@ -141,10 +141,10 @@ gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen,
**/
int
gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
- size_t ciphertextlen, void* text, size_t textlen)
+ size_t ciphertextlen, void *text, size_t textlen)
{
return _gnutls_cipher_decrypt2 ((cipher_hd_st *) handle, ciphertext,
- ciphertextlen, text, textlen);
+ ciphertextlen, text, textlen);
}
/**
@@ -160,7 +160,7 @@ void
gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
{
_gnutls_cipher_deinit ((cipher_hd_st *) handle);
- gnutls_free(handle);
+ gnutls_free (handle);
}
@@ -245,7 +245,7 @@ void
gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
{
_gnutls_hmac_deinit ((digest_hd_st *) handle, digest);
- gnutls_free(handle);
+ gnutls_free (handle);
}
/**
@@ -366,7 +366,7 @@ void
gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
{
_gnutls_hash_deinit ((digest_hd_st *) handle, digest);
- gnutls_free(handle);
+ gnutls_free (handle);
}
/**
diff --git a/lib/crypto.h b/lib/crypto.h
index 0716b231fd..8202adf23d 100644
--- a/lib/crypto.h
+++ b/lib/crypto.h
@@ -23,7 +23,7 @@
*/
#ifndef CRYPTO_H
-# define CRYPTO_H
+#define CRYPTO_H
const gnutls_crypto_cipher_st
* _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo);
diff --git a/lib/cryptodev.c b/lib/cryptodev.c
index 29f2ee9cca..10a88fcf8e 100644
--- a/lib/cryptodev.c
+++ b/lib/cryptodev.c
@@ -35,11 +35,11 @@
#include <crypto/cryptodev.h>
#ifndef CRYPTO_CIPHER_MAX_KEY_LEN
-# define CRYPTO_CIPHER_MAX_KEY_LEN 64
+#define CRYPTO_CIPHER_MAX_KEY_LEN 64
#endif
#ifndef EALG_MAX_BLOCK_LEN
-# define EALG_MAX_BLOCK_LEN 16
+#define EALG_MAX_BLOCK_LEN 16
#endif
static int cryptodev_fd = -1;
@@ -157,7 +157,7 @@ cryptodev_deinit (void *_ctx)
{
struct cryptodev_ctx *ctx = _ctx;
- ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess);
+ ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess);
gnutls_free (ctx);
}
@@ -179,13 +179,15 @@ register_crypto (int cfd)
memset (&sess, 0, sizeof (sess));
- for (i=0;i<sizeof(gnutls_cipher_map)/sizeof(gnutls_cipher_map[0]);i++)
+ for (i = 0; i < sizeof (gnutls_cipher_map) / sizeof (gnutls_cipher_map[0]);
+ i++)
{
- if (gnutls_cipher_map[i] == 0) continue;
+ if (gnutls_cipher_map[i] == 0)
+ continue;
/* test if a cipher is support it and if yes register it */
sess.cipher = gnutls_cipher_map[i];
- sess.keylen = gnutls_cipher_get_key_size(i);
+ sess.keylen = gnutls_cipher_get_key_size (i);
sess.key = fake_key;
if (ioctl (cfd, CIOCGSESSION, &sess))
@@ -193,11 +195,11 @@ register_crypto (int cfd)
continue;
}
- ioctl(cfd, CIOCFSESSION, &sess);
-
- _gnutls_debug_log("/dev/crypto: registering: %s\n", gnutls_cipher_get_name(i));
- ret =
- gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
+ ioctl (cfd, CIOCFSESSION, &sess);
+
+ _gnutls_debug_log ("/dev/crypto: registering: %s\n",
+ gnutls_cipher_get_name (i));
+ ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
if (ret < 0)
{
gnutls_assert ();
@@ -209,7 +211,8 @@ register_crypto (int cfd)
return 0;
}
-int _gnutls_cryptodev_init (void)
+int
+_gnutls_cryptodev_init (void)
{
int ret;
@@ -227,43 +230,44 @@ int _gnutls_cryptodev_init (void)
/* Clone file descriptor */
if (ioctl (cryptodev_fd, CRIOGET, &cfd))
{
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
}
/* Set close-on-exec (not really neede here) */
if (fcntl (cfd, F_SETFD, 1) == -1)
{
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
}
- close(cryptodev_fd);
+ close (cryptodev_fd);
cryptodev_fd = cfd;
}
#endif
ret = register_crypto (cryptodev_fd);
if (ret < 0)
- gnutls_assert();
+ gnutls_assert ();
if (ret >= 0)
{
ret = register_mac (cryptodev_fd);
if (ret < 0)
- gnutls_assert();
+ gnutls_assert ();
}
if (ret < 0)
{
- gnutls_assert();
- close(cryptodev_fd);
+ gnutls_assert ();
+ close (cryptodev_fd);
}
return ret;
}
-void _gnutls_cryptodev_deinit(void)
+void
+_gnutls_cryptodev_deinit (void)
{
close (cryptodev_fd);
}
@@ -275,14 +279,15 @@ void _gnutls_cryptodev_deinit(void)
#if defined(COP_FLAG_UPDATE)
static const int gnutls_mac_map[] = {
- [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
- [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
- [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
- [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
- [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
+ [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
+ [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
+ [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
+ [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
+ [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
};
-static int cryptodev_mac_init(gnutls_mac_algorithm_t algorithm, void **_ctx)
+static int
+cryptodev_mac_init (gnutls_mac_algorithm_t algorithm, void **_ctx)
{
struct cryptodev_ctx *ctx;
int mac = gnutls_mac_map[algorithm];
@@ -322,7 +327,8 @@ cryptodev_mac_setkey (void *_ctx, const void *key, size_t keysize)
return 0;
}
-static int cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize)
+static int
+cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize)
{
struct cryptodev_ctx *ctx = _ctx;
ctx->cryp.len = textsize;
@@ -338,7 +344,8 @@ static int cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize)
return 0;
}
-static int cryptodev_mac_output (void *_ctx, void *digest, size_t digestsize)
+static int
+cryptodev_mac_output (void *_ctx, void *digest, size_t digestsize)
{
struct cryptodev_ctx *ctx = _ctx;
ctx->cryp.len = 0;
@@ -365,44 +372,47 @@ static const gnutls_crypto_mac_st mac_struct = {
.deinit = cryptodev_mac_deinit
};
-static int register_mac (int cfd)
+static int
+register_mac (int cfd)
{
struct session_op sess;
char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
int i = 0, ret;
memset (&sess, 0, sizeof (sess));
- for (i=0;i<sizeof(gnutls_mac_map)/sizeof(gnutls_mac_map[0]);i++)
+ for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++)
{
- if (gnutls_mac_map[i] == 0) continue;
+ if (gnutls_mac_map[i] == 0)
+ continue;
sess.mac = gnutls_mac_map[i];
sess.keylen = 8;
sess.key = fake_key;
-
+
if (ioctl (cfd, CIOCGSESSION, &sess))
{
continue;
}
- ioctl(cfd, CIOCFSESSION, &sess);
+ ioctl (cfd, CIOCFSESSION, &sess);
- _gnutls_debug_log("/dev/crypto: registering: %s\n", gnutls_mac_get_name(i));
- ret =
- gnutls_crypto_single_mac_register (i, 90, &mac_struct);
+ _gnutls_debug_log ("/dev/crypto: registering: %s\n",
+ gnutls_mac_get_name (i));
+ ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
-
+
}
return 0;
}
#else
-static int register_mac (int cfd)
+static int
+register_mac (int cfd)
{
return 0;
}
diff --git a/lib/debug.c b/lib/debug.c
index 726a3d6923..a791ba3c69 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -30,15 +30,18 @@
#include "debug.h"
#include <gnutls_mpi.h>
-void _gnutls_dump_mpi(const char* prefix, bigint_t a)
+void
+_gnutls_dump_mpi (const char *prefix, bigint_t a)
{
- char buf[400];
- char buf_hex[2*sizeof(buf)];
- size_t n = sizeof buf;
+ char buf[400];
+ char buf_hex[2 * sizeof (buf)];
+ size_t n = sizeof buf;
- if (_gnutls_mpi_print(a, buf, &n))
- strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
- _gnutls_debug_log( "MPI: length: %d\n\t%s%s\n", (int)n, prefix, _gnutls_bin2hex(buf, n, buf_hex, sizeof(buf_hex), NULL));
+ if (_gnutls_mpi_print (a, buf, &n))
+ strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
+ _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex),
+ NULL));
}
diff --git a/lib/debug.h b/lib/debug.h
index b0279215e4..4ee84620f5 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -25,4 +25,4 @@
const char *_gnutls_packet2str (content_type_t packet);
const char *_gnutls_handshake2str (gnutls_handshake_description_t handshake);
-void _gnutls_dump_mpi(const char* prefix, bigint_t a);
+void _gnutls_dump_mpi (const char *prefix, bigint_t a);
diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c
index ea98511704..3fe0c12841 100644
--- a/lib/ext_cert_type.c
+++ b/lib/ext_cert_type.c
@@ -40,20 +40,21 @@
inline static int _gnutls_num2cert_type (int num);
inline static int _gnutls_cert_type2num (int record_size);
static int _gnutls_cert_type_recv_params (gnutls_session_t session,
- const opaque * data, size_t data_size);
-static int _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data,
- size_t);
+ const opaque * data,
+ size_t data_size);
+static int _gnutls_cert_type_send_params (gnutls_session_t session,
+ opaque * data, size_t);
extension_entry_st ext_mod_cert_type = {
- .name = "CERT TYPE",
- .type = GNUTLS_EXTENSION_CERT_TYPE,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_cert_type_recv_params,
- .send_func = _gnutls_cert_type_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
+ .name = "CERT TYPE",
+ .type = GNUTLS_EXTENSION_CERT_TYPE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_cert_type_recv_params,
+ .send_func = _gnutls_cert_type_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
};
/*
diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c
index 98326686b2..ca3fc4e220 100644
--- a/lib/ext_max_record.c
+++ b/lib/ext_max_record.c
@@ -32,12 +32,15 @@
#include <ext_max_record.h>
static int _gnutls_max_record_recv_params (gnutls_session_t session,
- const opaque * data, size_t data_size);
-static int _gnutls_max_record_send_params (gnutls_session_t session, opaque * data,
- size_t);
+ const opaque * data,
+ size_t data_size);
+static int _gnutls_max_record_send_params (gnutls_session_t session,
+ opaque * data, size_t);
-static int _gnutls_max_record_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv);
-static int _gnutls_max_record_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps);
+static int _gnutls_max_record_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_max_record_pack (extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
/* Maps record size to numbers according to the
* extensions draft.
@@ -47,15 +50,15 @@ static int _gnutls_mre_record2num (uint16_t record_size);
extension_entry_st ext_mod_max_record_size = {
- .name = "MAX RECORD SIZE",
- .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_max_record_recv_params,
- .send_func = _gnutls_max_record_send_params,
- .pack_func = _gnutls_max_record_pack,
- .unpack_func = _gnutls_max_record_unpack,
- .deinit_func = NULL
+ .name = "MAX RECORD SIZE",
+ .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_max_record_recv_params,
+ .send_func = _gnutls_max_record_send_params,
+ .pack_func = _gnutls_max_record_pack,
+ .unpack_func = _gnutls_max_record_unpack,
+ .deinit_func = NULL
};
/*
@@ -96,16 +99,17 @@ _gnutls_max_record_recv_params (gnutls_session_t session,
}
}
else
- { /* CLIENT SIDE - we must check if the sent record size is the right one
- */
+ { /* CLIENT SIDE - we must check if the sent record size is the right one
+ */
if (data_size > 0)
{
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
if (data_size != 1)
@@ -123,8 +127,7 @@ _gnutls_max_record_recv_params (gnutls_session_t session,
}
else
{
- session->security_parameters.max_record_recv_size =
- epriv.num;
+ session->security_parameters.max_record_recv_size = epriv.num;
}
}
@@ -143,16 +146,17 @@ _gnutls_max_record_send_params (gnutls_session_t session, opaque * data,
{
uint16_t len;
int ret;
-
+
/* this function sends the client extension data (dnsname) */
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE, &epriv);
- if (ret < 0) /* it is ok not to have it */
- {
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0) /* it is ok not to have it */
+ {
return 0;
}
@@ -165,8 +169,7 @@ _gnutls_max_record_send_params (gnutls_session_t session, opaque * data,
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- data[0] =
- (uint8_t) _gnutls_mre_record2num (epriv.num);
+ data[0] = (uint8_t) _gnutls_mre_record2num (epriv.num);
return len;
}
@@ -198,26 +201,29 @@ _gnutls_max_record_send_params (gnutls_session_t session, opaque * data,
}
-static int _gnutls_max_record_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps)
+static int
+_gnutls_max_record_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
-int ret;
+ int ret;
- BUFFER_APPEND_NUM(ps, epriv.num);
+ BUFFER_APPEND_NUM (ps, epriv.num);
return 0;
-
+
}
-static int _gnutls_max_record_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv)
+static int
+_gnutls_max_record_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
-extension_priv_data_t epriv;
-int ret;
+ extension_priv_data_t epriv;
+ int ret;
+
+ BUFFER_POP_NUM (ps, epriv.num);
- BUFFER_POP_NUM(ps, epriv.num);
-
*_priv = epriv;
-
- ret = 0;
+
+ ret = 0;
error:
return ret;
}
@@ -325,7 +331,8 @@ gnutls_record_set_max_size (gnutls_session_t session, size_t size)
session->security_parameters.max_record_send_size = size;
epriv.num = size;
- _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_MAX_RECORD_SIZE, epriv);
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ epriv);
return 0;
}
diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c
index 24d425eb75..5c9cdb012d 100644
--- a/lib/ext_safe_renegotiation.c
+++ b/lib/ext_safe_renegotiation.c
@@ -28,40 +28,42 @@
static int _gnutls_sr_recv_params (gnutls_session_t state,
- const opaque * data,
- size_t data_size);
+ const opaque * data, size_t data_size);
static int _gnutls_sr_send_params (gnutls_session_t state,
- opaque * data, size_t);
-static void _gnutls_sr_deinit_data(extension_priv_data_t priv);
+ opaque * data, size_t);
+static void _gnutls_sr_deinit_data (extension_priv_data_t priv);
extension_entry_st ext_mod_sr = {
- .name = "SAFE RENEGOTIATION",
- .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- .parse_type = GNUTLS_EXT_MANDATORY,
-
- .recv_func = _gnutls_sr_recv_params,
- .send_func = _gnutls_sr_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = _gnutls_sr_deinit_data,
+ .name = "SAFE RENEGOTIATION",
+ .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ .parse_type = GNUTLS_EXT_MANDATORY,
+
+ .recv_func = _gnutls_sr_recv_params,
+ .send_func = _gnutls_sr_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = _gnutls_sr_deinit_data,
};
-int _gnutls_ext_sr_finished( gnutls_session_t session, void* vdata, size_t vdata_size, int dir)
+int
+_gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir)
{
-int ret;
-sr_ext_st* priv;
-extension_priv_data_t epriv;
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
if (session->internals.priorities.sr == SR_DISABLED)
{
return 0;
}
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
priv = epriv.ptr;
@@ -69,31 +71,32 @@ extension_priv_data_t epriv;
/* Save data for safe renegotiation.
*/
if (vdata_size > MAX_VERIFY_DATA_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
if ((session->security_parameters.entity == GNUTLS_CLIENT && dir == 0) ||
- (session->security_parameters.entity == GNUTLS_SERVER && dir == 1))
+ (session->security_parameters.entity == GNUTLS_SERVER && dir == 1))
{
- priv->client_verify_data_len = vdata_size;
- memcpy (priv->client_verify_data, vdata, vdata_size);
+ priv->client_verify_data_len = vdata_size;
+ memcpy (priv->client_verify_data, vdata, vdata_size);
}
else
{
- priv->server_verify_data_len = vdata_size;
- memcpy (priv->server_verify_data, vdata, vdata_size);
+ priv->server_verify_data_len = vdata_size;
+ memcpy (priv->server_verify_data, vdata, vdata_size);
}
return 0;
}
-int _gnutls_ext_sr_verify(gnutls_session_t session)
+int
+_gnutls_ext_sr_verify (gnutls_session_t session)
{
-int ret;
-sr_ext_st* priv = NULL;
-extension_priv_data_t epriv;
+ int ret;
+ sr_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
if (session->internals.priorities.sr == SR_DISABLED)
{
@@ -101,8 +104,9 @@ extension_priv_data_t epriv;
return 0;
}
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret >= 0)
priv = epriv.ptr;
@@ -113,175 +117,180 @@ extension_priv_data_t epriv;
if ((priv->ri_extension_data_len < priv->client_verify_data_len) ||
(memcmp (priv->ri_extension_data,
priv->client_verify_data, priv->client_verify_data_len)))
- {
- gnutls_assert ();
- _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if ((priv->ri_extension_data_len !=
- priv->client_verify_data_len + priv->server_verify_data_len) ||
- memcmp (priv->ri_extension_data + priv->client_verify_data_len,
- priv->server_verify_data,
- priv->server_verify_data_len) != 0)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [2]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
+ {
+ if ((priv->ri_extension_data_len !=
+ priv->client_verify_data_len + priv->server_verify_data_len) ||
+ memcmp (priv->ri_extension_data + priv->client_verify_data_len,
+ priv->server_verify_data,
+ priv->server_verify_data_len) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [2]\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
else /* Make sure there are 0 extra bytes */
- {
- if (priv->ri_extension_data_len != priv->client_verify_data_len)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [3]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
+ {
+ if (priv->ri_extension_data_len != priv->client_verify_data_len)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [3]\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
_gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n",
session);
}
- else /* safe renegotiation not received... */
+ else /* safe renegotiation not received... */
{
if (priv && priv->connection_using_safe_renegotiation)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Peer previously asked for safe renegotiation\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Peer previously asked for safe renegotiation\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
/* Clients can't tell if it's an initial negotiation */
if (session->internals.initial_negotiation_completed)
- {
- if (session->internals.priorities.sr < SR_PARTIAL)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
- return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
- }
- }
+ {
+ if (session->internals.priorities.sr < SR_PARTIAL)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
+ return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
+ }
+ }
else
- {
- if (session->internals.priorities.sr < SR_SAFE)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe initial negotiation\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
+ {
+ if (session->internals.priorities.sr < SR_SAFE)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe initial negotiation\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
}
-
- return 0;
+
+ return 0;
}
/* if a server received the special ciphersuite.
*/
-int _gnutls_ext_sr_recv_cs(gnutls_session_t session)
+int
+_gnutls_ext_sr_recv_cs (gnutls_session_t session)
{
int ret, set = 0;
- sr_ext_st* priv;
+ sr_ext_st *priv;
extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
set = 1;
}
else if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
if (set != 0)
{
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
}
else
priv = epriv.ptr;
-
+
priv->safe_renegotiation_received = 1;
priv->connection_using_safe_renegotiation = 1;
if (set != 0)
- _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
- return 0;
+ return 0;
}
-int _gnutls_ext_sr_send_cs(gnutls_session_t session)
+int
+_gnutls_ext_sr_send_cs (gnutls_session_t session)
{
int ret, set = 0;
- sr_ext_st* priv;
+ sr_ext_st *priv;
extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
set = 1;
}
else if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
if (set != 0)
{
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
}
else
priv = epriv.ptr;
-
+
if (set != 0)
- _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
- return 0;
+ return 0;
}
static int
_gnutls_sr_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t _data_size)
+ const opaque * data, size_t _data_size)
{
int len = data[0];
ssize_t data_size = _data_size;
- sr_ext_st* priv;
+ sr_ext_st *priv;
extension_priv_data_t epriv;
int set = 0, ret;
@@ -293,26 +302,27 @@ _gnutls_sr_recv_params (gnutls_session_t session,
return 0;
}
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER)
{
set = 1;
}
else if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
if (set != 0)
{
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
}
else
@@ -346,13 +356,14 @@ _gnutls_sr_recv_params (gnutls_session_t session,
priv->connection_using_safe_renegotiation = 1;
if (set != 0)
- _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
return 0;
}
static int
_gnutls_sr_send_params (gnutls_session_t session,
- opaque * data, size_t _data_size)
+ opaque * data, size_t _data_size)
{
/* The format of this extension is a one-byte length of verify data followed
* by the verify data itself. Note that the length byte does not include
@@ -360,7 +371,7 @@ _gnutls_sr_send_params (gnutls_session_t session,
* the minimum extension is one byte: 0x00.
*/
ssize_t data_size = _data_size;
- sr_ext_st* priv;
+ sr_ext_st *priv;
int ret, set = 0;
extension_priv_data_t epriv;
@@ -370,8 +381,9 @@ _gnutls_sr_send_params (gnutls_session_t session,
return 0;
}
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
set = 1;
@@ -379,15 +391,17 @@ _gnutls_sr_send_params (gnutls_session_t session,
if (set != 0)
{
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
-
- _gnutls_ext_set_session_data( session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
}
else
priv = epriv.ptr;
@@ -404,18 +418,19 @@ _gnutls_sr_send_params (gnutls_session_t session,
DECR_LEN (data_size, priv->client_verify_data_len);
if (priv->client_verify_data_len > 0)
- memcpy (&data[1], priv->client_verify_data, priv->client_verify_data_len);
+ memcpy (&data[1], priv->client_verify_data,
+ priv->client_verify_data_len);
if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- data[0] += priv->server_verify_data_len;
+ {
+ data[0] += priv->server_verify_data_len;
- DECR_LEN (data_size, priv->server_verify_data_len);
+ DECR_LEN (data_size, priv->server_verify_data_len);
- if (priv->server_verify_data_len > 0)
- memcpy (&data[1 + priv->client_verify_data_len],
- priv->server_verify_data, priv->server_verify_data_len);
- }
+ if (priv->server_verify_data_len > 0)
+ memcpy (&data[1 + priv->client_verify_data_len],
+ priv->server_verify_data, priv->server_verify_data_len);
+ }
}
else
return 0;
@@ -423,9 +438,10 @@ _gnutls_sr_send_params (gnutls_session_t session,
return 1 + data[0]; /* don't forget the length byte */
}
-static void _gnutls_sr_deinit_data(extension_priv_data_t priv)
+static void
+_gnutls_sr_deinit_data (extension_priv_data_t priv)
{
- gnutls_free(priv.ptr);
+ gnutls_free (priv.ptr);
}
/**
@@ -443,15 +459,16 @@ static void _gnutls_sr_deinit_data(extension_priv_data_t priv)
int
gnutls_safe_renegotiation_status (gnutls_session_t session)
{
-int ret;
-sr_ext_st* priv;
-extension_priv_data_t epriv;
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data( session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, &epriv);
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return 0;
}
priv = epriv.ptr;
diff --git a/lib/ext_safe_renegotiation.h b/lib/ext_safe_renegotiation.h
index bc1635d884..3328bdeb6b 100644
--- a/lib/ext_safe_renegotiation.h
+++ b/lib/ext_safe_renegotiation.h
@@ -23,16 +23,17 @@
*/
#ifndef EXT_SAFE_RENEGOTIATION_H
-# define EXT_SAFE_RENEGOTIATION_H
+#define EXT_SAFE_RENEGOTIATION_H
#include <gnutls_extensions.h>
-typedef struct {
+typedef struct
+{
uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
size_t client_verify_data_len;
uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
size_t server_verify_data_len;
- uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
+ uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
size_t ri_extension_data_len;
int safe_renegotiation_received:1;
@@ -42,10 +43,10 @@ typedef struct {
extern extension_entry_st ext_mod_sr;
-int _gnutls_ext_sr_finished( gnutls_session_t session, void* vdata,
- size_t vdata_size, int dir);
-int _gnutls_ext_sr_recv_cs(gnutls_session_t session);
-int _gnutls_ext_sr_verify(gnutls_session_t session);
-int _gnutls_ext_sr_send_cs(gnutls_session_t);
+int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir);
+int _gnutls_ext_sr_recv_cs (gnutls_session_t session);
+int _gnutls_ext_sr_verify (gnutls_session_t session);
+int _gnutls_ext_sr_send_cs (gnutls_session_t);
#endif /* EXT_SAFE_RENEGOTIATION_H */
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
index acda371c8d..afb6bb33b8 100644
--- a/lib/ext_server_name.c
+++ b/lib/ext_server_name.c
@@ -30,25 +30,28 @@
#include <ext_server_name.h>
static int _gnutls_server_name_recv_params (gnutls_session_t session,
- const opaque * data, size_t data_size);
+ const opaque * data,
+ size_t data_size);
static int _gnutls_server_name_send_params (gnutls_session_t session,
- opaque * data, size_t);
+ opaque * data, size_t);
-static int _gnutls_server_name_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv);
-static int _gnutls_server_name_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps);
-static void _gnutls_server_name_deinit_data(extension_priv_data_t priv);
+static int _gnutls_server_name_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_server_name_pack (extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_server_name_deinit_data (extension_priv_data_t priv);
extension_entry_st ext_mod_server_name = {
- .name = "SERVER NAME",
- .type = GNUTLS_EXTENSION_SERVER_NAME,
- .parse_type = GNUTLS_EXT_APPLICATION,
-
- .recv_func = _gnutls_server_name_recv_params,
- .send_func = _gnutls_server_name_send_params,
- .pack_func = _gnutls_server_name_pack,
- .unpack_func = _gnutls_server_name_unpack,
- .deinit_func = _gnutls_server_name_deinit_data,
+ .name = "SERVER NAME",
+ .type = GNUTLS_EXTENSION_SERVER_NAME,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_server_name_recv_params,
+ .send_func = _gnutls_server_name_send_params,
+ .pack_func = _gnutls_server_name_pack,
+ .unpack_func = _gnutls_server_name_unpack,
+ .deinit_func = _gnutls_server_name_deinit_data,
};
/*
@@ -60,7 +63,8 @@ extension_entry_st ext_mod_server_name = {
* in the session then it sends the extension to the peer.
*
*/
-static int _gnutls_server_name_recv_params (gnutls_session_t session,
+static int
+_gnutls_server_name_recv_params (gnutls_session_t session,
const opaque * data, size_t _data_size)
{
int i;
@@ -68,9 +72,9 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session,
uint16_t len, type;
ssize_t data_size = _data_size;
int server_names = 0;
- server_name_ext_st* priv;
+ server_name_ext_st *priv;
extension_priv_data_t epriv;
-
+
if (session->security_parameters.entity == GNUTLS_SERVER)
{
DECR_LENGTH_RET (data_size, 2, 0);
@@ -123,11 +127,11 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session,
if (server_names == 0)
return 0; /* no names found */
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
priv->server_names_size = server_names;
@@ -143,7 +147,7 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session,
switch (type)
{
- case 0: /* NAME_DNS */
+ case 0: /* NAME_DNS */
if (len <= MAX_SERVER_NAME_SIZE)
{
memcpy (priv->server_names[i].name, p, len);
@@ -158,7 +162,8 @@ static int _gnutls_server_name_recv_params (gnutls_session_t session,
}
epriv.ptr = priv;
- _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SERVER_NAME, epriv);
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
}
@@ -176,10 +181,12 @@ _gnutls_server_name_send_params (gnutls_session_t session,
unsigned i;
ssize_t data_size = _data_size;
int total_size = 0, ret;
- server_name_ext_st* priv;
+ server_name_ext_st *priv;
extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SERVER_NAME, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
if (ret < 0)
return 0;
@@ -196,8 +203,7 @@ _gnutls_server_name_send_params (gnutls_session_t session,
/* uint16_t
*/
total_size = 2;
- for (i = 0;
- i < priv->server_names_size; i++)
+ for (i = 0; i < priv->server_names_size; i++)
{
/* count the total size
*/
@@ -215,8 +221,7 @@ _gnutls_server_name_send_params (gnutls_session_t session,
DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
_gnutls_write_uint16 (total_size - 2, p);
p += 2;
- for (i = 0;
- i < priv->server_names_size; i++)
+ for (i = 0; i < priv->server_names_size; i++)
{
switch (priv->server_names[i].type)
@@ -286,7 +291,7 @@ gnutls_server_name_get (gnutls_session_t session, void *data,
unsigned int *type, unsigned int indx)
{
char *_data = data;
- server_name_ext_st* priv;
+ server_name_ext_st *priv;
int ret;
extension_priv_data_t epriv;
@@ -295,14 +300,16 @@ gnutls_server_name_get (gnutls_session_t session, void *data,
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
-
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SERVER_NAME, &epriv);
+
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
-
+
priv = epriv.ptr;
if (indx + 1 > priv->server_names_size)
@@ -312,12 +319,11 @@ gnutls_server_name_get (gnutls_session_t session, void *data,
*type = priv->server_names[indx].type;
- if (*data_length > /* greater since we need one extra byte for the null */
+ if (*data_length > /* greater since we need one extra byte for the null */
priv->server_names[indx].name_length)
{
*data_length = priv->server_names[indx].name_length;
- memcpy (data, priv->server_names[indx].name,
- *data_length);
+ memcpy (data, priv->server_names[indx].name, *data_length);
if (*type == GNUTLS_NAME_DNS) /* null terminate */
_data[(*data_length)] = 0;
@@ -358,7 +364,7 @@ gnutls_server_name_set (gnutls_session_t session,
const void *name, size_t name_length)
{
int server_names, ret;
- server_name_ext_st* priv;
+ server_name_ext_st *priv;
extension_priv_data_t epriv;
int set = 0;
@@ -371,7 +377,9 @@ gnutls_server_name_set (gnutls_session_t session,
if (name_length > MAX_SERVER_NAME_SIZE)
return GNUTLS_E_SHORT_MEMORY_BUFFER;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SERVER_NAME, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
if (ret < 0)
{
set = 1;
@@ -379,17 +387,17 @@ gnutls_server_name_set (gnutls_session_t session,
if (set != 0)
{
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
epriv.ptr = priv;
}
else
priv = epriv.ptr;
-
+
server_names = priv->server_names_size + 1;
if (server_names > MAX_SERVER_NAME_EXTENSIONS)
@@ -400,65 +408,72 @@ gnutls_server_name_set (gnutls_session_t session,
priv->server_names[server_names - 1].name_length = name_length;
priv->server_names_size++;
-
+
if (set != 0)
- _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SERVER_NAME, epriv);
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
return 0;
}
-static void _gnutls_server_name_deinit_data(extension_priv_data_t priv)
+static void
+_gnutls_server_name_deinit_data (extension_priv_data_t priv)
{
- gnutls_free(priv.ptr);
+ gnutls_free (priv.ptr);
}
-static int _gnutls_server_name_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps)
+static int
+_gnutls_server_name_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
-server_name_ext_st* priv = epriv.ptr;
-int i, ret;
+ server_name_ext_st *priv = epriv.ptr;
+ int i, ret;
- BUFFER_APPEND_NUM(ps, priv->server_names_size);
- for (i = 0; i < priv->server_names_size;i++)
+ BUFFER_APPEND_NUM (ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++)
{
- BUFFER_APPEND_NUM(ps, priv->server_names[i].type);
- BUFFER_APPEND_PFX(ps, priv->server_names[i].name,
- priv->server_names[i].name_length);
+ BUFFER_APPEND_NUM (ps, priv->server_names[i].type);
+ BUFFER_APPEND_PFX (ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
}
return 0;
}
-static int _gnutls_server_name_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv)
+static int
+_gnutls_server_name_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
-server_name_ext_st* priv;
-int i, ret;
-extension_priv_data_t epriv;
+ server_name_ext_st *priv;
+ int i, ret;
+ extension_priv_data_t epriv;
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- BUFFER_POP_NUM(ps, priv->server_names_size);
- for (i = 0; i < priv->server_names_size;i++)
+ BUFFER_POP_NUM (ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++)
{
- BUFFER_POP_NUM(ps, priv->server_names[i].type);
- BUFFER_POP_NUM(ps, priv->server_names[i].name_length);
- if (priv->server_names[i].name_length > sizeof(priv->server_names[i].name))
- {
- gnutls_assert();
+ BUFFER_POP_NUM (ps, priv->server_names[i].type);
+ BUFFER_POP_NUM (ps, priv->server_names[i].name_length);
+ if (priv->server_names[i].name_length >
+ sizeof (priv->server_names[i].name))
+ {
+ gnutls_assert ();
return GNUTLS_E_PARSING_ERROR;
}
- BUFFER_POP(ps, priv->server_names[i].name, priv->server_names[i].name_length);
+ BUFFER_POP (ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
}
epriv.ptr = priv;
*_priv = epriv;
-
+
return 0;
error:
- gnutls_free(priv);
+ gnutls_free (priv);
return ret;
}
diff --git a/lib/ext_server_name.h b/lib/ext_server_name.h
index af36ce849f..38d9ca1c8f 100644
--- a/lib/ext_server_name.h
+++ b/lib/ext_server_name.h
@@ -36,7 +36,8 @@ typedef struct
#define MAX_SERVER_NAME_EXTENSIONS 3
-typedef struct {
+typedef struct
+{
server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
/* limit server_name extensions */
unsigned server_names_size;
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index 2e1abfb26c..29f63af198 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -46,24 +46,25 @@
#define MAC_SIZE 32
static int session_ticket_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data, size_t data_size);
static int session_ticket_send_params (gnutls_session_t session,
- opaque * data, size_t data_size);
-static int session_ticket_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv);
-static int session_ticket_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps);
-static void session_ticket_deinit_data(extension_priv_data_t priv);
+ opaque * data, size_t data_size);
+static int session_ticket_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int session_ticket_pack (extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void session_ticket_deinit_data (extension_priv_data_t priv);
extension_entry_st ext_mod_session_ticket = {
- .name = "SESSION TICKET",
- .type = GNUTLS_EXTENSION_SESSION_TICKET,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = session_ticket_recv_params,
- .send_func = session_ticket_send_params,
- .pack_func = session_ticket_pack,
- .unpack_func = session_ticket_unpack,
- .deinit_func = session_ticket_deinit_data,
+ .name = "SESSION TICKET",
+ .type = GNUTLS_EXTENSION_SESSION_TICKET,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = session_ticket_recv_params,
+ .send_func = session_ticket_send_params,
+ .pack_func = session_ticket_pack,
+ .unpack_func = session_ticket_unpack,
+ .deinit_func = session_ticket_deinit_data,
};
struct gnutls_session_ticket_key_st
@@ -73,15 +74,16 @@ struct gnutls_session_ticket_key_st
opaque mac_secret[SESSION_TICKET_MAC_SECRET_SIZE];
};
-typedef struct {
- int session_ticket_enable;
- int session_ticket_renew;
- opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
+typedef struct
+{
+ int session_ticket_enable;
+ int session_ticket_renew;
+ opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
- opaque* session_ticket;
- int session_ticket_len;
+ opaque *session_ticket;
+ int session_ticket_len;
- struct gnutls_session_ticket_key_st key;
+ struct gnutls_session_ticket_key_st key;
} session_ticket_ext_st;
struct ticket
@@ -120,7 +122,8 @@ digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
}
static int
-decrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ticket *ticket)
+decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
cipher_hd_st cipher_hd;
gnutls_datum_t key, IV, mac_secret, state;
@@ -189,7 +192,8 @@ decrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ti
}
static int
-encrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ticket *ticket)
+encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
cipher_hd_st cipher_hd;
gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
@@ -263,14 +267,16 @@ encrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ti
static int
session_ticket_recv_params (gnutls_session_t session,
- const opaque * data, size_t _data_size)
+ const opaque * data, size_t _data_size)
{
ssize_t data_size = _data_size;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
int ret;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret < 0)
{
return 0;
@@ -338,7 +344,7 @@ session_ticket_recv_params (gnutls_session_t session,
return 0;
}
}
- else /* Client */
+ else /* Client */
{
if (data_size == 0)
{
@@ -355,14 +361,16 @@ session_ticket_recv_params (gnutls_session_t session,
*/
static int
session_ticket_send_params (gnutls_session_t session,
- opaque * data, size_t _data_size)
+ opaque * data, size_t _data_size)
{
ssize_t data_size = _data_size;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
int ret;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret >= 0)
priv = epriv.ptr;
@@ -378,13 +386,16 @@ session_ticket_send_params (gnutls_session_t session,
}
else
{
- ret = _gnutls_ext_get_resumed_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_resumed_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret >= 0)
priv = epriv.ptr;
/* no previous data. Just advertize it */
if (ret < 0)
- return GNUTLS_E_INT_RET_0;
+ return GNUTLS_E_INT_RET_0;
/* previous data had session tickets disabled. Don't advertize. Ignore. */
if (!priv->session_ticket_enable)
@@ -392,7 +403,8 @@ session_ticket_send_params (gnutls_session_t session,
if (priv->session_ticket_len > 0)
{
- DECR_LENGTH_RET (data_size, priv->session_ticket_len, GNUTLS_E_SHORT_MEMORY_BUFFER);
+ DECR_LENGTH_RET (data_size, priv->session_ticket_len,
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
memcpy (data, priv->session_ticket, priv->session_ticket_len);
return priv->session_ticket_len;
@@ -402,51 +414,54 @@ session_ticket_send_params (gnutls_session_t session,
}
-static void session_ticket_deinit_data(extension_priv_data_t epriv)
+static void
+session_ticket_deinit_data (extension_priv_data_t epriv)
{
-session_ticket_ext_st* priv = epriv.ptr;
+ session_ticket_ext_st *priv = epriv.ptr;
- gnutls_free(priv->session_ticket);
- gnutls_free(priv);
+ gnutls_free (priv->session_ticket);
+ gnutls_free (priv);
}
-static int session_ticket_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps)
+static int
+session_ticket_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
-session_ticket_ext_st* priv = epriv.ptr;
-int ret;
+ session_ticket_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX(ps, priv->session_ticket, priv->session_ticket_len);
- BUFFER_APPEND_NUM(ps, priv->session_ticket_enable);
+ BUFFER_APPEND_PFX (ps, priv->session_ticket, priv->session_ticket_len);
+ BUFFER_APPEND_NUM (ps, priv->session_ticket_enable);
return 0;
}
-static int session_ticket_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv)
+static int
+session_ticket_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
-session_ticket_ext_st* priv=NULL;
-int ret;
-extension_priv_data_t epriv;
-gnutls_datum ticket;
+ session_ticket_ext_st *priv = NULL;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum ticket;
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
-
- BUFFER_POP_DATUM(ps, &ticket);
+
+ BUFFER_POP_DATUM (ps, &ticket);
priv->session_ticket = ticket.data;
priv->session_ticket_len = ticket.size;
- BUFFER_POP_NUM(ps, priv->session_ticket_enable);
+ BUFFER_POP_NUM (ps, priv->session_ticket_enable);
epriv.ptr = priv;
*_priv = epriv;
-
+
return 0;
error:
- gnutls_free(priv);
+ gnutls_free (priv);
return ret;
}
@@ -504,7 +519,7 @@ gnutls_session_ticket_key_generate (gnutls_datum_t * key)
int
gnutls_session_ticket_enable_client (gnutls_session_t session)
{
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
if (!session)
@@ -513,18 +528,18 @@ gnutls_session_ticket_enable_client (gnutls_session_t session)
return GNUTLS_E_INVALID_REQUEST;
}
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
priv->session_ticket_enable = 1;
epriv.ptr = priv;
- _gnutls_ext_set_session_data(session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
-
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+
return 0;
}
@@ -547,7 +562,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session,
const gnutls_datum_t * key)
{
int ret;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
if (!session || !key
@@ -557,27 +572,26 @@ gnutls_session_ticket_enable_server (gnutls_session_t session,
return GNUTLS_E_INVALID_REQUEST;
}
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
epriv.ptr = priv;
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM,
- priv->session_ticket_IV, IV_SIZE);
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, priv->session_ticket_IV, IV_SIZE);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- memcpy(&priv->key, key->data, key->size);
+ memcpy (&priv->key, key->data, key->size);
priv->session_ticket_enable = 1;
- _gnutls_ext_set_session_data(session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
return 0;
}
@@ -591,17 +605,20 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
int ret;
struct ticket ticket;
uint16_t ticket_len;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
uint16_t epoch_saved = session->security_parameters.epoch_write;
if (again == 0)
{
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret < 0)
- return 0;
+ return 0;
priv = epriv.ptr;
-
+
if (!priv->session_ticket_renew)
return 0;
@@ -609,14 +626,17 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
_gnutls_write_connection_state_init() does this job, but it also
triggers encryption, while NewSessionTicket should not be
encrypted in the record layer. */
- ret = _gnutls_epoch_set_keys (session, session->security_parameters.epoch_next);
+ ret =
+ _gnutls_epoch_set_keys (session,
+ session->security_parameters.epoch_next);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- session->security_parameters.epoch_write = session->security_parameters.epoch_next;
+ session->security_parameters.epoch_write =
+ session->security_parameters.epoch_next;
ret = encrypt_ticket (session, priv, &ticket);
session->security_parameters.epoch_write = epoch_saved;
@@ -629,7 +649,8 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len
+ MAC_SIZE;
- bufel = _gnutls_handshake_alloc (4 + 2 + ticket_len, 4+2+ticket_len);
+ bufel =
+ _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len);
if (!bufel)
{
gnutls_assert ();
@@ -637,10 +658,10 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
return GNUTLS_E_MEMORY_ERROR;
}
- data = _mbuffer_get_udata_ptr(bufel);
+ data = _mbuffer_get_udata_ptr (bufel);
p = data;
- _gnutls_write_uint32 ( session->internals.expire_time, p);
+ _gnutls_write_uint32 (session->internals.expire_time, p);
p += 4;
_gnutls_write_uint16 (ticket_len, p);
@@ -678,14 +699,16 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session)
uint32_t lifetime_hint;
uint16_t ticket_len;
int ret;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
- return 0;
+ gnutls_assert ();
+ return 0;
}
priv = epriv.ptr;
@@ -724,7 +747,8 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session)
/* Discard the current session ID. (RFC5077 3.4) */
ret = _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->security_parameters.session_id_size);
+ &session->
+ security_parameters.session_id_size);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/ext_session_ticket.h b/lib/ext_session_ticket.h
index e8a531b909..608b7d5ce7 100644
--- a/lib/ext_session_ticket.h
+++ b/lib/ext_session_ticket.h
@@ -23,9 +23,9 @@
*/
#ifndef EXT_SESSION_TICKET_H
-# define EXT_SESSION_TICKET_H
+#define EXT_SESSION_TICKET_H
-# ifdef ENABLE_SESSION_TICKET
+#ifdef ENABLE_SESSION_TICKET
#include <gnutls_extensions.h>
@@ -34,5 +34,5 @@ extern extension_entry_st ext_mod_session_ticket;
int _gnutls_send_new_session_ticket (gnutls_session_t session, int again);
int _gnutls_recv_new_session_ticket (gnutls_session_t session);
-# endif
+#endif
#endif
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index abc2da9088..03b47d12dc 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -36,27 +36,30 @@
#include <gnutls_algorithms.h>
static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data,
+ size_t data_size);
static int _gnutls_signature_algorithm_send_params (gnutls_session_t session,
- opaque * data, size_t);
-static void signature_algorithms_deinit_data(extension_priv_data_t priv);
-static int signature_algorithms_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps);
-static int signature_algorithms_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv);
+ opaque * data, size_t);
+static void signature_algorithms_deinit_data (extension_priv_data_t priv);
+static int signature_algorithms_pack (extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static int signature_algorithms_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
extension_entry_st ext_mod_sig = {
- .name = "SIGNATURE ALGORITHMS",
- .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_signature_algorithm_recv_params,
- .send_func = _gnutls_signature_algorithm_send_params,
- .pack_func = signature_algorithms_pack,
- .unpack_func = signature_algorithms_unpack,
- .deinit_func = signature_algorithms_deinit_data,
+ .name = "SIGNATURE ALGORITHMS",
+ .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_signature_algorithm_recv_params,
+ .send_func = _gnutls_signature_algorithm_send_params,
+ .pack_func = signature_algorithms_pack,
+ .unpack_func = signature_algorithms_unpack,
+ .deinit_func = signature_algorithms_deinit_data,
};
-typedef struct {
+typedef struct
+{
/* TLS 1.2 signature algorithms */
gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS];
uint16_t sign_algorithms_size;
@@ -106,14 +109,14 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
const opaque * data, size_t data_size)
{
int sig, i;
- sig_ext_st * priv;
+ sig_ext_st *priv;
extension_priv_data_t epriv;
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
for (i = 0; i < data_size; i += 2)
@@ -126,15 +129,15 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
sig = _gnutls_tls_aid_to_sign (&aid);
if (sig != GNUTLS_SIGN_UNKNOWN)
{
- priv->sign_algorithms[priv->sign_algorithms_size++]
- = sig;
+ priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS)
break;
}
}
- epriv.ptr = priv;
- _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv);
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv);
return 0;
}
@@ -232,11 +235,13 @@ _gnutls_session_get_sign_algo (gnutls_session_t session,
unsigned i;
int ret;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- sig_ext_st * priv;
+ sig_ext_st *priv;
extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
priv = epriv.ptr;
if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver)
@@ -247,14 +252,11 @@ _gnutls_session_get_sign_algo (gnutls_session_t session,
return _gnutls_x509_pk_to_sign (pk, *hash);
}
- for (i = 0;
- i < priv->sign_algorithms_size; i++)
+ for (i = 0; i < priv->sign_algorithms_size; i++)
{
- if (_gnutls_sign_get_pk_algorithm
- (priv->sign_algorithms[i]) == pk)
+ if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == pk)
{
- *hash =
- _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]);
+ *hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]);
return priv->sign_algorithms[i];
}
}
@@ -274,7 +276,7 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session,
unsigned i;
int ret, hash;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- sig_ext_st * priv;
+ sig_ext_st *priv;
extension_priv_data_t epriv;
if (!_gnutls_version_has_selectable_sighash (ver))
@@ -282,17 +284,19 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session,
return 0;
}
- ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
/* extension not received allow SHA1 and SHA256 */
- hash = _gnutls_sign_get_hash_algorithm(sig);
+ hash = _gnutls_sign_get_hash_algorithm (sig);
if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256)
- return 0;
+ return 0;
else
- return ret;
+ return ret;
}
priv = epriv.ptr;
@@ -302,8 +306,7 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session,
return 0;
}
- for (i = 0;
- i < priv->sign_algorithms_size; i++)
+ for (i = 0; i < priv->sign_algorithms_size; i++)
{
if (priv->sign_algorithms[i] == sig)
{
@@ -325,14 +328,16 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session,
unsigned i;
int ret;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- sig_ext_st * priv;
+ sig_ext_st *priv;
extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return 0;
}
priv = epriv.ptr;
@@ -355,50 +360,54 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session,
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
-static void signature_algorithms_deinit_data(extension_priv_data_t priv)
+static void
+signature_algorithms_deinit_data (extension_priv_data_t priv)
{
- gnutls_free(priv.ptr);
+ gnutls_free (priv.ptr);
}
-static int signature_algorithms_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps)
+static int
+signature_algorithms_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
-sig_ext_st* priv = epriv.ptr;
-int ret, i;
+ sig_ext_st *priv = epriv.ptr;
+ int ret, i;
- BUFFER_APPEND_NUM(ps, priv->sign_algorithms_size);
- for (i = 0; i < priv->sign_algorithms_size;i++)
+ BUFFER_APPEND_NUM (ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++)
{
- BUFFER_APPEND_NUM(ps, priv->sign_algorithms[i]);
+ BUFFER_APPEND_NUM (ps, priv->sign_algorithms[i]);
}
return 0;
}
-static int signature_algorithms_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv)
+static int
+signature_algorithms_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
-sig_ext_st* priv;
-int i, ret;
-extension_priv_data_t epriv;
+ sig_ext_st *priv;
+ int i, ret;
+ extension_priv_data_t epriv;
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- BUFFER_POP_NUM(ps, priv->sign_algorithms_size);
- for (i = 0; i < priv->sign_algorithms_size;i++)
+ BUFFER_POP_NUM (ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++)
{
- BUFFER_POP_NUM(ps, priv->sign_algorithms[i]);
+ BUFFER_POP_NUM (ps, priv->sign_algorithms[i]);
}
epriv.ptr = priv;
*_priv = epriv;
-
+
return 0;
error:
- gnutls_free(priv);
+ gnutls_free (priv);
return ret;
}
@@ -431,15 +440,17 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session,
gnutls_sign_algorithm_t * algo)
{
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- sig_ext_st * priv;
+ sig_ext_st *priv;
extension_priv_data_t epriv;
int ret;
- ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
priv = epriv.ptr;
diff --git a/lib/ext_signature.h b/lib/ext_signature.h
index 2e41b60268..c7c3ab438c 100644
--- a/lib/ext_signature.h
+++ b/lib/ext_signature.h
@@ -26,7 +26,7 @@
/* signature algorithms extension
*/
#ifndef EXT_SIGNATURE_H
-# define EXT_SIGNATURE_H
+#define EXT_SIGNATURE_H
#include <gnutls_extensions.h>
diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index 868714c979..886ebd03ec 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -35,23 +35,26 @@
#include <gnutls_num.h>
#include <gnutls_extensions.h>
-static int _gnutls_srp_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv);
-static int _gnutls_srp_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps);
-static void _gnutls_srp_deinit_data(extension_priv_data_t epriv);
-static int _gnutls_srp_recv_params (gnutls_session_t state, const opaque * data,
- size_t data_size);
-static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data, size_t);
+static int _gnutls_srp_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_srp_pack (extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static void _gnutls_srp_deinit_data (extension_priv_data_t epriv);
+static int _gnutls_srp_recv_params (gnutls_session_t state,
+ const opaque * data, size_t data_size);
+static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data,
+ size_t);
extension_entry_st ext_mod_srp = {
- .name = "SRP",
- .type = GNUTLS_EXTENSION_SRP,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_srp_recv_params,
- .send_func = _gnutls_srp_send_params,
- .pack_func = _gnutls_srp_pack,
- .unpack_func = _gnutls_srp_unpack,
- .deinit_func = _gnutls_srp_deinit_data
+ .name = "SRP",
+ .type = GNUTLS_EXTENSION_SRP,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_srp_recv_params,
+ .send_func = _gnutls_srp_send_params,
+ .pack_func = _gnutls_srp_pack,
+ .unpack_func = _gnutls_srp_unpack,
+ .deinit_func = _gnutls_srp_deinit_data
};
@@ -62,8 +65,8 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data,
uint8_t len;
ssize_t data_size = _data_size;
extension_priv_data_t epriv;
- srp_ext_st * priv;
-
+ srp_ext_st *priv;
+
if (session->security_parameters.entity == GNUTLS_SERVER)
{
if (data_size > 0)
@@ -76,15 +79,15 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data,
gnutls_assert ();
return GNUTLS_E_ILLEGAL_SRP_USERNAME;
}
-
- priv = gnutls_calloc(1, sizeof(*priv));
+
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- priv->username = gnutls_malloc(len+1);
+ priv->username = gnutls_malloc (len + 1);
if (priv->username)
{
memcpy (priv->username, &data[1], len);
@@ -93,7 +96,7 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data,
}
epriv.ptr = priv;
- _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SRP, epriv);
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
}
}
return 0;
@@ -108,7 +111,7 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data,
{
unsigned len;
extension_priv_data_t epriv;
- srp_ext_st * priv;
+ srp_ext_st *priv;
if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
_gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
@@ -165,10 +168,10 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data,
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- priv = gnutls_malloc(sizeof(*priv));
+ priv = gnutls_malloc (sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
@@ -176,7 +179,7 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data,
priv->password = password;
epriv.ptr = priv;
- _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SRP, epriv);
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
data[0] = (uint8_t) len;
memcpy (&data[1], username, len);
@@ -186,61 +189,66 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data,
return 0;
}
-static void _gnutls_srp_deinit_data(extension_priv_data_t epriv)
+static void
+_gnutls_srp_deinit_data (extension_priv_data_t epriv)
{
- srp_ext_st * priv = epriv.ptr;
+ srp_ext_st *priv = epriv.ptr;
- gnutls_free(priv->username);
- gnutls_free(priv->password);
- gnutls_free(priv);
+ gnutls_free (priv->username);
+ gnutls_free (priv->password);
+ gnutls_free (priv);
}
-static int _gnutls_srp_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps)
+static int
+_gnutls_srp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
-srp_ext_st* priv = epriv.ptr;
-int ret;
-int password_len = 0, username_len = 0;
+ srp_ext_st *priv = epriv.ptr;
+ int ret;
+ int password_len = 0, username_len = 0;
if (priv->username)
- username_len = strlen(priv->username);
+ username_len = strlen (priv->username);
if (priv->password)
- password_len = strlen(priv->password);
+ password_len = strlen (priv->password);
- BUFFER_APPEND_PFX(ps, priv->username, username_len);
- BUFFER_APPEND_PFX(ps, priv->password, password_len);
+ BUFFER_APPEND_PFX (ps, priv->username, username_len);
+ BUFFER_APPEND_PFX (ps, priv->password, password_len);
return 0;
}
-static int _gnutls_srp_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv)
+static int
+_gnutls_srp_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
-srp_ext_st* priv;
-int ret;
-extension_priv_data_t epriv;
-gnutls_datum username = { NULL, 0 }, password = {NULL, 0};
+ srp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum username = { NULL, 0 }, password =
+ {
+ NULL, 0};
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- BUFFER_POP_DATUM(ps, &username);
- BUFFER_POP_DATUM(ps, &password);
-
+ BUFFER_POP_DATUM (ps, &username);
+ BUFFER_POP_DATUM (ps, &password);
+
priv->username = username.data;
priv->password = password.data;
-
+
epriv.ptr = priv;
*_priv = epriv;
-
+
return 0;
error:
- _gnutls_free_datum(&username);
- _gnutls_free_datum(&password);
+ _gnutls_free_datum (&username);
+ _gnutls_free_datum (&password);
return ret;
}
diff --git a/lib/ext_srp.h b/lib/ext_srp.h
index a1146b024a..9ebcf23715 100644
--- a/lib/ext_srp.h
+++ b/lib/ext_srp.h
@@ -28,18 +28,19 @@
#include <gnutls_extensions.h>
-# ifdef ENABLE_SRP
+#ifdef ENABLE_SRP
-# define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \
+#define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \
kx == GNUTLS_KX_SRP_DSS)?1:0)
extern extension_entry_st ext_mod_srp;
-typedef struct {
- char* username;
- char* password;
+typedef struct
+{
+ char *username;
+ char *password;
} srp_ext_st;
-# endif
+#endif
#endif
diff --git a/lib/gcrypt/init.c b/lib/gcrypt/init.c
index 4566bc217d..6d530a98a4 100644
--- a/lib/gcrypt/init.c
+++ b/lib/gcrypt/init.c
@@ -43,22 +43,23 @@ static struct gcry_thread_cbs gct = {
.recvmsg = NULL,
};
-int gnutls_crypto_init(void)
+int
+gnutls_crypto_init (void)
{
/* Initialize libgcrypt if it hasn't already been initialized. */
if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
{
const char *p;
- if (gnutls_mutex_init != NULL)
- {
+ if (gnutls_mutex_init != NULL)
+ {
gct.mutex_init = gnutls_mutex_init;
gct.mutex_destroy = gnutls_mutex_deinit;
gct.mutex_lock = gnutls_mutex_lock;
gct.mutex_unlock = gnutls_mutex_unlock;
- gcry_control (GCRYCTL_SET_THREAD_CBS, &gct);
- }
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gct);
+ }
p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION);
@@ -75,9 +76,9 @@ int gnutls_crypto_init(void)
gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
-
+
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
}
- return 0;
+ return 0;
}
diff --git a/lib/gcrypt/mpi.c b/lib/gcrypt/mpi.c
index 30e0d23fc3..fbba1e8f05 100644
--- a/lib/gcrypt/mpi.c
+++ b/lib/gcrypt/mpi.c
@@ -76,18 +76,21 @@ wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
return GNUTLS_E_INVALID_REQUEST;
ret = gcry_mpi_print (format, buffer, *nbytes, nbytes, a);
- if (!ret) {
- if (buffer==NULL || init_bytes < *nbytes) {
-
- /* in STD format we may want to include
- * an extra byte for zero. Sometimes the gcry_
- * function doesn't add it.
- */
- if (format == GNUTLS_MPI_FORMAT_STD) (*nbytes)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ if (!ret)
+ {
+ if (buffer == NULL || init_bytes < *nbytes)
+ {
+
+ /* in STD format we may want to include
+ * an extra byte for zero. Sometimes the gcry_
+ * function doesn't add it.
+ */
+ if (format == GNUTLS_MPI_FORMAT_STD)
+ (*nbytes)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ return 0;
}
- return 0;
- }
return GNUTLS_E_MPI_PRINT_FAILED;
}
diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c
index c0b0005161..95507b17b5 100644
--- a/lib/gcrypt/pk.c
+++ b/lib/gcrypt/pk.c
@@ -631,7 +631,7 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
if (*resarr_len < RSA_PRIVATE_PARAMS)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
@@ -732,30 +732,30 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
/* generate e1 and e2 */
*resarr_len = 6;
-
- tmp = _gnutls_mpi_alloc_like(resarr[0]);
+
+ tmp = _gnutls_mpi_alloc_like (resarr[0]);
if (tmp == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
- ret = _gnutls_calc_rsa_exp(resarr, 2 + *resarr_len);
+ ret = _gnutls_calc_rsa_exp (resarr, 2 + *resarr_len);
if (ret < 0)
{
- gnutls_assert();
- ret= GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
- (*resarr_len)+=2;
+ (*resarr_len) += 2;
return 0;
cleanup:
- for (i=0;i<*resarr_len;i++)
- _gnutls_mpi_release(&resarr[i]);
+ for (i = 0; i < *resarr_len; i++)
+ _gnutls_mpi_release (&resarr[i]);
return ret;
}
@@ -807,7 +807,7 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo,
if (algo != GNUTLS_PK_RSA)
return 0;
- if (params->params[5]==NULL)
+ if (params->params[5] == NULL)
params->params[5] =
_gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0]));
@@ -820,21 +820,22 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo,
ret = 1;
if (direction == GNUTLS_IMPORT)
{
- /* calculate exp1 [6] and exp2 [7] */
- _gnutls_mpi_release(&params->params[6]);
- _gnutls_mpi_release(&params->params[7]);
- result = _gnutls_calc_rsa_exp(params->params, RSA_PRIVATE_PARAMS);
- if (result < 0)
- {
- gnutls_assert();
- return result;
- }
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release (&params->params[6]);
+ _gnutls_mpi_release (&params->params[7]);
+ result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
ret =
- gcry_mpi_invm (params->params[5], params->params[3], params->params[4]);
+ gcry_mpi_invm (params->params[5], params->params[3],
+ params->params[4]);
- params->params_nr = RSA_PRIVATE_PARAMS;
- }
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ }
else if (direction == GNUTLS_EXPORT)
ret =
gcry_mpi_invm (params->params[5], params->params[4], params->params[3]);
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index c376fd5d0d..1560d55879 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -133,7 +133,9 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
_gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0],
data[1], name);
- if ((ret = _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data, 2, MBUFFER_FLUSH)) >= 0)
+ if ((ret =
+ _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data,
+ 2, MBUFFER_FLUSH)) >= 0)
return 0;
else
return ret;
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 2acf1aad9a..be89b34cc3 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -34,13 +34,13 @@ typedef struct
{
const char *name;
gnutls_sec_param_t sec_param;
- int bits; /* security level */
- int pk_bits; /* DH, RSA, SRP */
- int dsa_bits; /* bits for DSA. Handled differently since
- * choice of key size in DSA is political.
- */
- int subgroup_bits; /* subgroup bits */
- int ecc_bits; /* bits for ECC keys */
+ int bits; /* security level */
+ int pk_bits; /* DH, RSA, SRP */
+ int dsa_bits; /* bits for DSA. Handled differently since
+ * choice of key size in DSA is political.
+ */
+ int subgroup_bits; /* subgroup bits */
+ int ecc_bits; /* bits for ECC keys */
} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
@@ -2166,9 +2166,9 @@ static const gnutls_pk_entry pk_algorithms[] = {
/* having duplicate entries is ok, as long as the one
* we want to return OID from is first */
{"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
- {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
- {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
- {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
+ {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
+ {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
{"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
{"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
{"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
@@ -2328,19 +2328,26 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
* Returns: The number of bits, or zero.
*
**/
-unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
- gnutls_sec_param_t param)
+unsigned int
+gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
+ gnutls_sec_param_t param)
{
-unsigned int ret = 0;
+ unsigned int ret = 0;
/* handle DSA differently */
- if (algo == GNUTLS_PK_DSA)
+ if (algo == GNUTLS_PK_DSA)
{
- GNUTLS_SEC_PARAM_LOOP ( if (p->sec_param == param) { ret = p->dsa_bits; break; });
- return ret;
+ GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
+ {
+ ret = p->dsa_bits; break;}
+ );
+ return ret;
}
- GNUTLS_SEC_PARAM_LOOP ( if (p->sec_param == param) { ret = p->pk_bits; break; });
+ GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
+ {
+ ret = p->pk_bits; break;}
+ );
return ret;
}
@@ -2348,11 +2355,15 @@ unsigned int ret = 0;
/* Returns the corresponding size for subgroup bits (q),
* given the group bits (p).
*/
-unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
+unsigned int
+_gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
{
-unsigned int ret = 0;
+ unsigned int ret = 0;
- GNUTLS_SEC_PARAM_LOOP ( if (p->pk_bits >= pk_bits) { ret = p->subgroup_bits; break; });
+ GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits)
+ {
+ ret = p->subgroup_bits; break;}
+ );
return ret;
}
@@ -2370,9 +2381,12 @@ unsigned int ret = 0;
const char *
gnutls_sec_param_get_name (gnutls_sec_param_t param)
{
-const char* ret = "Unknown";
+ const char *ret = "Unknown";
- GNUTLS_SEC_PARAM_LOOP ( if (p->sec_param == param) { ret = p->name; break; });
+ GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
+ {
+ ret = p->name; break;}
+ );
return ret;
}
@@ -2389,16 +2403,15 @@ const char* ret = "Unknown";
* Returns: The security parameter.
*
**/
-gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
- unsigned int bits)
+gnutls_sec_param_t
+gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits)
{
gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK;
- GNUTLS_SEC_PARAM_LOOP (
- if (p->pk_bits > bits)
- { break; }
- ret = p->sec_param;
- );
+ GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits)
+ {
+ break;}
+ ret = p->sec_param;);
return ret;
}
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 0e84a1265a..191a808eb3 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -24,7 +24,7 @@
*/
#ifndef ALGORITHMS_H
-# define ALGORITHMS_H
+#define ALGORITHMS_H
#include "gnutls_auth.h"
diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h
index b54be90e3b..4738c5c9f0 100644
--- a/lib/gnutls_auth.h
+++ b/lib/gnutls_auth.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_AUTH_H
-# define GNUTLS_AUTH_H
+#define GNUTLS_AUTH_H
typedef struct mod_auth_st_int
{
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 1964c72455..c190a3de70 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -59,7 +59,7 @@
#include <errno.h>
#ifndef EAGAIN
-# define EAGAIN EWOULDBLOCK
+#define EAGAIN EWOULDBLOCK
#endif
/* this is the maximum number of messages allowed to queue.
@@ -249,17 +249,20 @@ _gnutls_record_buffer_get (content_type_t type,
return length;
}
-inline static void reset_errno(gnutls_session_t session)
-{
+inline static void
+reset_errno (gnutls_session_t session)
+{
session->internals.errnum = 0;
}
-inline static int get_errno(gnutls_session_t session)
+inline static int
+get_errno (gnutls_session_t session)
{
if (session->internals.errnum != 0)
return session->internals.errnum;
- else
- return session->internals.errno_func(session->internals.transport_recv_ptr);
+ else
+ return session->internals.errno_func (session->
+ internals.transport_recv_ptr);
}
@@ -269,7 +272,7 @@ inline static int get_errno(gnutls_session_t session)
* Flags are only used if the default recv() function is being used.
*/
static ssize_t
-_gnutls_read (gnutls_session_t session, mbuffer_st **bufel,
+_gnutls_read (gnutls_session_t session, mbuffer_st ** bufel,
size_t size, gnutls_pull_func pull_func)
{
size_t left;
@@ -296,13 +299,13 @@ _gnutls_read (gnutls_session_t session, mbuffer_st **bufel,
left = size;
while (left > 0)
{
- reset_errno(session);
+ reset_errno (session);
i = pull_func (fd, &ptr[size - left], left);
if (i < 0)
{
- int err = get_errno(session);
+ int err = get_errno (session);
_gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
(int) i, fd, errno, session->internals.errnum);
@@ -356,50 +359,52 @@ finish:
static ssize_t
-_gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec, int giovec_cnt)
+_gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec,
+ int giovec_cnt)
{
int ret, j = 0;
gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
- void* iptr;
+ void *iptr;
size_t sizeOfPtr;
size_t total = 0;
- for (j=0;j<giovec_cnt;j++)
+ for (j = 0; j < giovec_cnt; j++)
{
sizeOfPtr = giovec[j].iov_len;
iptr = giovec[j].iov_base;
-
+
ret = session->internals.push_func (fd, iptr, sizeOfPtr);
if (ret == -1)
- break;
+ break;
total += ret;
}
if (total > 0)
return total;
-
+
return ret;
}
static ssize_t
-_gnutls_writev (gnutls_session_t session, const giovec_t * giovec, int giovec_cnt)
+_gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
+ int giovec_cnt)
{
int i;
gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
- reset_errno(session);
+ reset_errno (session);
if (session->internals.push_func != NULL)
- i = _gnutls_writev_emu(session, giovec, giovec_cnt);
+ i = _gnutls_writev_emu (session, giovec, giovec_cnt);
else
i = session->internals.vec_push_func (fd, giovec, giovec_cnt);
if (i == -1)
{
- int err = get_errno(session);
-_gnutls_debug_log("errno: %d\n", err);
+ int err = get_errno (session);
+ _gnutls_debug_log ("errno: %d\n", err);
if (err == EAGAIN)
return GNUTLS_E_AGAIN;
else if (err == EINTR)
@@ -431,7 +436,9 @@ _gnutls_io_clear_peeked_data (gnutls_session_t session)
sum = 0;
do
{ /* we need this to finish now */
- ret = _gnutls_read (session, &peekdata, RCVLOWAT - sum, session->internals.pull_func);
+ ret =
+ _gnutls_read (session, &peekdata, RCVLOWAT - sum,
+ session->internals.pull_func);
if (ret > 0)
sum += ret;
_mbuffer_xfree (&peekdata);
@@ -465,7 +472,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
{
ssize_t ret = 0, ret2 = 0;
size_t min;
- mbuffer_st *bufel=NULL;
+ mbuffer_st *bufel = NULL;
size_t recvlowat, recvdata, readsize;
if (total > MAX_RECV_SIZE || total == 0)
@@ -537,14 +544,16 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
*/
if (readsize > 0)
{
- ret = _gnutls_read (session, &bufel, readsize, session->internals.pull_func);
+ ret =
+ _gnutls_read (session, &bufel, readsize,
+ session->internals.pull_func);
/* return immediately if we got an interrupt or eagain
* error.
*/
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
{
- _mbuffer_xfree(&bufel);
+ _mbuffer_xfree (&bufel);
return ret;
}
}
@@ -561,7 +570,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
_mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
}
else
- _mbuffer_xfree(&bufel);
+ _mbuffer_xfree (&bufel);
/* This is hack in order for select to work. Just leave recvlowat data,
@@ -575,7 +584,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0)
{
- _mbuffer_xfree(&bufel);
+ _mbuffer_xfree (&bufel);
return ret2;
}
@@ -585,13 +594,13 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
(int) ret2);
_gnutls_read_log
("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n",
- (int) session->internals.record_recv_buffer.byte_length, (int) ret2,
- (int) total);
+ (int) session->internals.record_recv_buffer.byte_length,
+ (int) ret2, (int) total);
session->internals.have_peeked_data = 1;
_mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
}
else
- _mbuffer_xfree(&bufel);
+ _mbuffer_xfree (&bufel);
}
if (ret < 0 || ret2 < 0)
@@ -644,16 +653,16 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
*/
ssize_t
_gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st *bufel, unsigned int mflag)
+ mbuffer_st * bufel, unsigned int mflag)
{
- mbuffer_head_st * const send_buffer = &session->internals.record_send_buffer;
+ mbuffer_head_st *const send_buffer = &session->internals.record_send_buffer;
_mbuffer_enqueue (send_buffer, bufel);
_gnutls_write_log
("WRITE: enqueued %d bytes for %p. Total %d bytes.\n",
- (int)bufel->msg.size, session->internals.transport_recv_ptr,
- (int)send_buffer->byte_length);
+ (int) bufel->msg.size, session->internals.transport_recv_ptr,
+ (int) send_buffer->byte_length);
if (mflag == MBUFFER_FLUSH)
return _gnutls_io_write_flush (session);
@@ -661,7 +670,7 @@ _gnutls_io_write_buffered (gnutls_session_t session,
return bufel->msg.size;
}
-typedef ssize_t (*send_func)(gnutls_session_t, const giovec_t *, int);
+typedef ssize_t (*send_func) (gnutls_session_t, const giovec_t *, int);
/* This function writes the data that are left in the
* TLS write buffer (ie. because the previous write was
@@ -671,59 +680,58 @@ ssize_t
_gnutls_io_write_flush (gnutls_session_t session)
{
gnutls_datum_t msg;
- mbuffer_head_st * send_buffer = &session->internals.record_send_buffer;
+ mbuffer_head_st *send_buffer = &session->internals.record_send_buffer;
int ret;
ssize_t sent = 0, tosend = 0;
giovec_t iovec[MAX_QUEUE];
int i = 0;
- mbuffer_st* cur;
+ mbuffer_st *cur;
_gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n",
- (int)send_buffer->byte_length);
-
- for (cur=_mbuffer_get_first(send_buffer, &msg);
- cur != NULL;
- cur = _mbuffer_get_next (cur, &msg))
- {
- iovec[i].iov_base = msg.data;
- iovec[i++].iov_len = msg.size;
- tosend += msg.size;
-
- /* we buffer up to MAX_QUEUE messages */
- if (i>=sizeof(iovec)/sizeof(iovec[0]))
- {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
-
+ (int) send_buffer->byte_length);
+
+ for (cur = _mbuffer_get_first (send_buffer, &msg);
+ cur != NULL; cur = _mbuffer_get_next (cur, &msg))
+ {
+ iovec[i].iov_base = msg.data;
+ iovec[i++].iov_len = msg.size;
+ tosend += msg.size;
+
+ /* we buffer up to MAX_QUEUE messages */
+ if (i >= sizeof (iovec) / sizeof (iovec[0]))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
ret = _gnutls_writev (session, iovec, i);
if (ret >= 0)
{
- _mbuffer_remove_bytes (send_buffer, ret);
- _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int)send_buffer->byte_length);
+ _mbuffer_remove_bytes (send_buffer, ret);
+ _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
- sent += ret;
+ sent += ret;
}
else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)
{
- _gnutls_write_log ("WRITE interrupted: %d bytes left.\n",
- (int)send_buffer->byte_length);
- return ret;
+ _gnutls_write_log ("WRITE interrupted: %d bytes left.\n",
+ (int) send_buffer->byte_length);
+ return ret;
}
else
{
- _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n",
- ret, (int)send_buffer->byte_length);
+ _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
- gnutls_assert ();
- return ret;
+ gnutls_assert ();
+ return ret;
}
if (sent < tosend)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_AGAIN;
}
@@ -738,37 +746,37 @@ _gnutls_io_write_flush (gnutls_session_t session)
ssize_t
_gnutls_handshake_io_write_flush (gnutls_session_t session)
{
- mbuffer_head_st * const send_buffer = &session->internals.handshake_send_buffer;
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
gnutls_datum_t msg;
int ret;
ssize_t total = 0;
- mbuffer_st * cur;
+ mbuffer_st *cur;
_gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
- (int)send_buffer->byte_length);
+ (int) send_buffer->byte_length);
for (cur = _mbuffer_get_first (send_buffer, &msg);
- cur != NULL;
- cur = _mbuffer_get_first (send_buffer, &msg))
+ cur != NULL; cur = _mbuffer_get_first (send_buffer, &msg))
{
ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE,
session->internals.handshake_send_buffer_htype,
EPOCH_WRITE_CURRENT,
- msg.data, msg.size, 0/* do not flush */);
+ msg.data, msg.size, 0 /* do not flush */ );
if (ret >= 0)
{
_mbuffer_remove_bytes (send_buffer, ret);
_gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int)send_buffer->byte_length);
+ ret, (int) send_buffer->byte_length);
total += ret;
}
else
{
_gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n",
- ret, (int)send_buffer->byte_length);
+ ret, (int) send_buffer->byte_length);
gnutls_assert ();
return ret;
@@ -786,18 +794,18 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session)
*/
void
_gnutls_handshake_io_cache_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- mbuffer_st *bufel)
+ gnutls_handshake_description_t htype,
+ mbuffer_st * bufel)
{
- mbuffer_head_st * const send_buffer = &session->internals.handshake_send_buffer;
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
_mbuffer_enqueue (send_buffer, bufel);
session->internals.handshake_send_buffer_htype = htype;
_gnutls_write_log
("HWRITE: enqueued %d. Total %d bytes.\n",
- (int)bufel->msg.size,
- (int)send_buffer->byte_length);
+ (int) bufel->msg.size, (int) send_buffer->byte_length);
return;
}
@@ -864,7 +872,7 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session,
gnutls_assert ();
_gnutls_buffer_append_data (&session->internals.
- handshake_recv_buffer, iptr, dsize);
+ handshake_recv_buffer, iptr, dsize);
session->internals.handshake_recv_buffer_htype = htype;
session->internals.handshake_recv_buffer_type = type;
@@ -909,7 +917,7 @@ _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data,
_gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int) length);
if (_gnutls_buffer_append_data (&session->internals.handshake_hash_buffer,
- data, length) < 0)
+ data, length) < 0)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
@@ -1025,7 +1033,7 @@ gnutls_transport_set_push_function (gnutls_session_t session,
**/
void
gnutls_transport_set_push_function2 (gnutls_session_t session,
- gnutls_vec_push_func vec_func)
+ gnutls_vec_push_func vec_func)
{
session->internals.push_func = NULL;
session->internals.vec_push_func = vec_func;
@@ -1045,7 +1053,7 @@ gnutls_transport_set_push_function2 (gnutls_session_t session,
**/
void
gnutls_transport_set_errno_function (gnutls_session_t session,
- gnutls_errno_func errno_func)
+ gnutls_errno_func errno_func)
{
session->internals.errno_func = errno_func;
}
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index bdd40f4a1a..0275b716e6 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -23,7 +23,7 @@
*
*/
#ifndef GNUTLS_BUFFERS_H
-# define GNUTLS_BUFFERS_H
+#define GNUTLS_BUFFERS_H
#define MBUFFER_FLUSH 1
@@ -35,12 +35,11 @@ int _gnutls_record_buffer_get_size (content_type_t type,
int _gnutls_record_buffer_get (content_type_t type,
gnutls_session_t session, opaque * data,
size_t length);
-ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n,
- content_type_t);
+ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, content_type_t);
int _gnutls_io_clear_peeked_data (gnutls_session_t session);
ssize_t _gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st *bufel, unsigned int mflag);
+ mbuffer_st * bufel, unsigned int mflag);
int _gnutls_handshake_buffer_get_size (gnutls_session_t session);
int _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data,
@@ -58,8 +57,8 @@ ssize_t _gnutls_handshake_io_recv_int (gnutls_session_t, content_type_t,
gnutls_handshake_description_t, void *,
size_t);
void _gnutls_handshake_io_cache_int (gnutls_session_t,
- gnutls_handshake_description_t,
- mbuffer_st *bufel);
+ gnutls_handshake_description_t,
+ mbuffer_st * bufel);
ssize_t _gnutls_io_write_flush (gnutls_session_t session);
ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session);
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 0e278c7966..5415fda94d 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -42,7 +42,7 @@
#include <gnutls_x509.h>
#include "x509/x509_int.h"
#ifdef ENABLE_OPENPGP
-# include "openpgp/gnutls_openpgp.h"
+#include "openpgp/gnutls_openpgp.h"
#endif
/**
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index 4217d298e6..0afb78c528 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_CERT_H
-# define GNUTLS_CERT_H
+#define GNUTLS_CERT_H
#include <gnutls_pk.h>
#include "x509/x509_int.h"
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index bf73ab767a..b94055f754 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -77,7 +77,7 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
size_t headers_size, const opaque * data,
size_t data_size, opaque * ciphertext,
size_t ciphertext_size, content_type_t type, int random_pad,
- record_parameters_st *params)
+ record_parameters_st * params)
{
gnutls_datum_t plain;
gnutls_datum_t comp;
@@ -133,7 +133,7 @@ int
_gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
size_t ciphertext_size, uint8_t * data,
size_t max_data_size, content_type_t type,
- record_parameters_st *params)
+ record_parameters_st * params)
{
gnutls_datum_t gtxt;
gnutls_datum_t gcipher;
@@ -342,7 +342,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
opaque * cipher_data, int cipher_size,
gnutls_datum_t compressed,
content_type_t _type, int random_pad,
- record_parameters_st *params)
+ record_parameters_st * params)
{
uint8_t MAC[MAX_HASH_SIZE];
uint16_t c_length;
@@ -351,10 +351,8 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
uint8_t type = _type;
opaque preamble[PREAMBLE_SIZE];
int preamble_size;
- int hash_size =
- _gnutls_hash_get_algo_len (params->mac_algorithm);
- int blocksize =
- gnutls_cipher_get_block_size (params->cipher_algorithm);
+ int hash_size = _gnutls_hash_get_algo_len (params->mac_algorithm);
+ int blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
cipher_type_t block_algo =
_gnutls_cipher_is_block (params->cipher_algorithm);
opaque *data_ptr;
@@ -440,8 +438,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
/* Actual encryption (inplace).
*/
ret =
- _gnutls_cipher_encrypt (&params->write.cipher_state,
- cipher_data, length);
+ _gnutls_cipher_encrypt (&params->write.cipher_state, cipher_data, length);
if (ret < 0)
{
gnutls_assert ();
@@ -460,7 +457,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
opaque * compress_data,
int compress_size,
gnutls_datum_t ciphertext, uint8_t type,
- record_parameters_st *params)
+ record_parameters_st * params)
{
uint8_t MAC[MAX_HASH_SIZE];
uint16_t c_length;
@@ -471,11 +468,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
opaque preamble[PREAMBLE_SIZE];
int preamble_size;
int ver = gnutls_protocol_get_version (session);
- int hash_size =
- _gnutls_hash_get_algo_len (params->mac_algorithm);
+ int hash_size = _gnutls_hash_get_algo_len (params->mac_algorithm);
- blocksize =
- gnutls_cipher_get_block_size (params->cipher_algorithm);
+ blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
/* actual decryption (inplace)
diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h
index 75a5aa48e3..defa697321 100644
--- a/lib/gnutls_cipher.h
+++ b/lib/gnutls_cipher.h
@@ -27,18 +27,18 @@ int _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
size_t headers_size, const opaque * data,
size_t data_size, opaque * ciphertext,
size_t ciphertext_size, content_type_t type,
- int random_pad, record_parameters_st *params);
+ int random_pad, record_parameters_st * params);
int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
size_t ciphertext_size, uint8_t * data, size_t data_size,
- content_type_t type, record_parameters_st *params);
+ content_type_t type, record_parameters_st * params);
int _gnutls_compressed2ciphertext (gnutls_session_t session,
opaque * cipher_data, int cipher_size,
gnutls_datum_t compressed,
content_type_t _type, int random_pad,
- record_parameters_st *params);
+ record_parameters_st * params);
int _gnutls_ciphertext2compressed (gnutls_session_t session,
opaque * compress_data,
int compress_size,
gnutls_datum_t ciphertext, uint8_t type,
- record_parameters_st *params);
+ record_parameters_st * params);
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 023e459007..6db6728a7d 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -93,52 +93,58 @@ cc_cleanup:
return ret;
}
-int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int textlen)
+int
+_gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int textlen)
{
if (handle != NULL && handle->handle != NULL)
{
- return handle->encrypt(handle->handle, text, textlen, text, textlen);
+ return handle->encrypt (handle->handle, text, textlen, text, textlen);
}
return 0;
}
-int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
+int
+_gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
int ciphertextlen)
{
if (handle != NULL && handle->handle != NULL)
{
- return handle->decrypt(handle->handle, ciphertext, ciphertextlen,
- ciphertext, ciphertextlen);
+ return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
+ ciphertext, ciphertextlen);
}
return 0;
}
-int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text, int textlen,
- void* ciphertext, int ciphertextlen)
+int
+_gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
+ int textlen, void *ciphertext, int ciphertextlen)
{
if (handle != NULL && handle->handle != NULL)
{
- return handle->encrypt(handle->handle, text, textlen, ciphertext, ciphertextlen);
+ return handle->encrypt (handle->handle, text, textlen, ciphertext,
+ ciphertextlen);
}
return 0;
}
-int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext,
- int ciphertextlen, void* text, int textlen)
+int
+_gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext,
+ int ciphertextlen, void *text, int textlen)
{
if (handle != NULL && handle->handle != NULL)
{
- return handle->decrypt(handle->handle, ciphertext, ciphertextlen,
- text, textlen);
+ return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
+ text, textlen);
}
return 0;
}
-void _gnutls_cipher_deinit (cipher_hd_st * handle)
+void
+_gnutls_cipher_deinit (cipher_hd_st * handle)
{
if (handle != NULL && handle->handle != NULL)
{
- handle->deinit(handle->handle);
+ handle->deinit (handle->handle);
handle->handle = NULL;
}
}
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index 3131746a12..1936dd3110 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -24,20 +24,22 @@
*/
#ifndef GNUTLS_CIPHER_INT
-# define GNUTLS_CIPHER_INT
+#define GNUTLS_CIPHER_INT
#include <gnutls/crypto.h>
extern int crypto_cipher_prio;
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
-typedef int (*cipher_encrypt_func)(void* hd, const void* plaintext, size_t, void* ciphertext, size_t);
-typedef int (*cipher_decrypt_func)(void* hd, const void* ciphertext, size_t, void* plaintext, size_t);
-typedef void (*cipher_deinit_func)(void* hd);
+typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext, size_t,
+ void *ciphertext, size_t);
+typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext, size_t,
+ void *plaintext, size_t);
+typedef void (*cipher_deinit_func) (void *hd);
typedef struct
{
- void* handle;
+ void *handle;
cipher_encrypt_func encrypt;
cipher_decrypt_func decrypt;
cipher_deinit_func deinit;
@@ -51,9 +53,11 @@ int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text,
int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
int ciphertextlen);
int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
- int textlen, void* ciphertext, int ciphertextlen);
-int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext,
- int ciphertextlen, void* text, int textlen);
+ int textlen, void *ciphertext,
+ int ciphertextlen);
+int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle,
+ const void *ciphertext, int ciphertextlen,
+ void *text, int textlen);
void _gnutls_cipher_deinit (cipher_hd_st * handle);
#endif /* GNUTLS_CIPHER_INT */
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 4efa0f16c0..922819d3fd 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -40,7 +40,7 @@ int
_gnutls_m_plaintext2compressed (gnutls_session_t session,
gnutls_datum_t * compressed,
const gnutls_datum_t * plaintext,
- const record_parameters_st *params)
+ const record_parameters_st * params)
{
int size;
opaque *data;
@@ -64,7 +64,7 @@ int
_gnutls_m_compressed2plaintext (gnutls_session_t session,
gnutls_datum_t * plain,
const gnutls_datum_t * compressed,
- const record_parameters_st *params)
+ const record_parameters_st * params)
{
int size;
opaque *data;
@@ -300,17 +300,17 @@ _gnutls_supported_compression_methods (gnutls_session_t session,
#ifdef USE_LZO
-# ifdef USE_MINILZO
+#ifdef USE_MINILZO
/* Get the prototypes only. Since LZO is a GPLed library, the
* gnutls_global_init_extra() has to be called, before LZO compression
* can be used.
*/
-# include "../libextra/minilzo/minilzo.h"
-# elif HAVE_LZO_LZO1X_H
-# include <lzo/lzo1x.h>
-# elif HAVE_LZO1X_H
-# include <lzo1x.h>
-# endif
+#include "../libextra/minilzo/minilzo.h"
+#elif HAVE_LZO_LZO1X_H
+#include <lzo/lzo1x.h>
+#elif HAVE_LZO1X_H
+#include <lzo1x.h>
+#endif
typedef int (*LZO_FUNC) ();
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h
index 93b2786a11..87c9ca81bd 100644
--- a/lib/gnutls_compress.h
+++ b/lib/gnutls_compress.h
@@ -23,16 +23,16 @@
*
*/
#ifndef GNUTLS_COMPRESS_H
-# define GNUTLS_COMPRESS_H
+#define GNUTLS_COMPRESS_H
int _gnutls_m_plaintext2compressed (gnutls_session_t session,
gnutls_datum_t * compressed,
const gnutls_datum_t * plaintext,
- const record_parameters_st *params);
+ const record_parameters_st * params);
int _gnutls_m_compressed2plaintext (gnutls_session_t session,
gnutls_datum_t * plain,
const gnutls_datum_t * compressed,
- const record_parameters_st *params);
+ const record_parameters_st * params);
/* Algorithm handling. */
int _gnutls_supported_compression_methods (gnutls_session_t session,
@@ -42,7 +42,7 @@ int _gnutls_compression_get_num (gnutls_compression_method_t algorithm);
gnutls_compression_method_t _gnutls_compression_get_id (int num);
#ifdef HAVE_LIBZ
-# include <zlib.h>
+#include <zlib.h>
#endif
#define GNUTLS_COMP_FAILED NULL
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 9fa0665d64..6120d109bc 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -58,8 +58,8 @@ static const int servwrite_length = sizeof (servwrite) - 1;
* (session->cipher_specs)
*/
static int
-_gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int hash_size, int IV_size,
- int key_size, int export_flag)
+_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
+ int hash_size, int IV_size, int key_size, int export_flag)
{
/* FIXME: This function is too long
*/
@@ -73,8 +73,12 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha
2 * MAX_CIPHER_BLOCK_SIZE];
record_state_st *client_write, *server_write;
- client_write = session->security_parameters.entity == GNUTLS_CLIENT ? &params->write : &params->read;
- server_write = session->security_parameters.entity == GNUTLS_SERVER ? &params->write : &params->read;
+ client_write =
+ session->security_parameters.entity ==
+ GNUTLS_CLIENT ? &params->write : &params->read;
+ server_write =
+ session->security_parameters.entity ==
+ GNUTLS_SERVER ? &params->write : &params->read;
block_size = 2 * hash_size + 2 * key_size;
if (export_flag == 0)
@@ -117,15 +121,13 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha
{
if (_gnutls_sset_datum
- (&client_write->mac_secret,
- &key_block[pos], hash_size) < 0)
+ (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
if (_gnutls_sset_datum
- (&server_write->mac_secret,
- &key_block[pos], hash_size) < 0)
+ (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
@@ -209,8 +211,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha
}
if (_gnutls_sset_datum
- (&client_write->key,
- client_write_key, client_write_key_size) < 0)
+ (&client_write->key, client_write_key, client_write_key_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
@@ -220,8 +221,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha
sizeof (buf), NULL));
if (_gnutls_sset_datum
- (&server_write->key,
- server_write_key, server_write_key_size) < 0)
+ (&server_write->key, server_write_key, server_write_key_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
@@ -238,15 +238,13 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha
if (IV_size > 0 && export_flag == 0)
{
if (_gnutls_sset_datum
- (&client_write->IV, &key_block[pos],
- IV_size) < 0)
+ (&client_write->IV, &key_block[pos], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
if (_gnutls_sset_datum
- (&server_write->IV, &key_block[pos],
- IV_size) < 0)
+ (&server_write->IV, &key_block[pos], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
@@ -281,13 +279,11 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha
if (ret < 0)
return gnutls_assert_val (ret);
- if (_gnutls_sset_datum
- (&client_write->IV, iv_block, IV_size) < 0)
+ if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
if (_gnutls_sset_datum
- (&server_write->IV,
- &iv_block[IV_size], IV_size) < 0)
+ (&server_write->IV, &iv_block[IV_size], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
}
@@ -295,16 +291,15 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st *params, int ha
}
static int
-_gnutls_init_record_state (record_parameters_st *params, int read,
- record_state_st *state)
+_gnutls_init_record_state (record_parameters_st * params, int read,
+ record_state_st * state)
{
int ret;
ret = _gnutls_cipher_init (&state->cipher_state,
params->cipher_algorithm,
&state->key, &state->IV);
- if (ret < 0
- && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
+ if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
return gnutls_assert_val (ret);
state->compression_state =
@@ -318,8 +313,7 @@ _gnutls_init_record_state (record_parameters_st *params, int read,
int
_gnutls_epoch_set_cipher_suite (gnutls_session_t session,
- int epoch_rel,
- cipher_suite_st *suite)
+ int epoch_rel, cipher_suite_st * suite)
{
gnutls_cipher_algorithm_t cipher_algo;
gnutls_mac_algorithm_t mac_algo;
@@ -335,7 +329,7 @@ _gnutls_epoch_set_cipher_suite (gnutls_session_t session,
|| params->mac_algorithm != GNUTLS_MAC_UNKNOWN)
return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
- cipher_algo =_gnutls_cipher_suite_get_cipher_algo (suite);
+ cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
if (_gnutls_cipher_is_ok (cipher_algo) != 0
@@ -374,7 +368,7 @@ _gnutls_epoch_set_compression (gnutls_session_t session,
void
_gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st *params)
+ record_parameters_st * params)
{
/* This is only called on startup. We are extra paranoid about this
because it may cause unencrypted application data to go out on
@@ -385,10 +379,10 @@ _gnutls_epoch_set_null_algos (gnutls_session_t session,
return;
}
- params->cipher_algorithm = GNUTLS_CIPHER_NULL;
+ params->cipher_algorithm = GNUTLS_CIPHER_NULL;
params->mac_algorithm = GNUTLS_MAC_NULL;
- params->compression_algorithm = GNUTLS_COMP_NULL;
- params->initialized = 1;
+ params->compression_algorithm = GNUTLS_COMP_NULL;
+ params->initialized = 1;
}
int
@@ -436,14 +430,13 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
ret = _gnutls_init_record_state (params, 1, &params->read);
if (ret < 0)
- return gnutls_assert_val (ret);
+ return gnutls_assert_val (ret);
ret = _gnutls_init_record_state (params, 0, &params->write);
if (ret < 0)
return gnutls_assert_val (ret);
- _gnutls_record_log
- ("REC[%p]: Epoch #%u ready\n", session, params->epoch);
+ _gnutls_record_log ("REC[%p]: Epoch #%u ready\n", session, params->epoch);
params->initialized = 1;
return 0;
@@ -467,7 +460,8 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
static void
_gnutls_set_resumed_parameters (gnutls_session_t session)
{
- security_parameters_st *src = &session->internals.resumed_security_parameters;
+ security_parameters_st *src =
+ &session->internals.resumed_security_parameters;
security_parameters_st *dst = &session->security_parameters;
CPY_COMMON;
@@ -496,7 +490,8 @@ _gnutls_connection_state_init (gnutls_session_t session)
static int
_gnutls_check_algos (gnutls_session_t session,
- cipher_suite_st *suite, gnutls_compression_method_t comp_algo)
+ cipher_suite_st * suite,
+ gnutls_compression_method_t comp_algo)
{
gnutls_cipher_algorithm_t cipher_algo;
gnutls_mac_algorithm_t mac_algo;
@@ -539,7 +534,8 @@ _gnutls_read_connection_state_init (gnutls_session_t session)
if (session->internals.resumed == RESUME_FALSE)
{
ret = _gnutls_check_algos (session,
- &session->security_parameters.current_cipher_suite,
+ &session->
+ security_parameters.current_cipher_suite,
session->internals.compression_method);
if (ret < 0)
return ret;
@@ -587,7 +583,8 @@ _gnutls_write_connection_state_init (gnutls_session_t session)
if (session->internals.resumed == RESUME_FALSE)
{
ret = _gnutls_check_algos (session,
- &session->security_parameters.current_cipher_suite,
+ &session->
+ security_parameters.current_cipher_suite,
session->internals.compression_method);
if (ret < 0)
return ret;
@@ -640,8 +637,8 @@ _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
}
static inline int
-epoch_resolve(gnutls_session_t session,
- unsigned int epoch_rel, uint16_t *epoch_out)
+epoch_resolve (gnutls_session_t session,
+ unsigned int epoch_rel, uint16_t * epoch_out)
{
switch (epoch_rel)
{
@@ -666,11 +663,10 @@ epoch_resolve(gnutls_session_t session,
}
}
-static inline record_parameters_st**
-epoch_get_slot(gnutls_session_t session, uint16_t epoch)
+static inline record_parameters_st **
+epoch_get_slot (gnutls_session_t session, uint16_t epoch)
{
- uint16_t epoch_index =
- epoch - session->security_parameters.epoch_min;
+ uint16_t epoch_index = epoch - session->security_parameters.epoch_min;
if (epoch_index >= MAX_EPOCH_INDEX)
{
@@ -684,7 +680,7 @@ epoch_get_slot(gnutls_session_t session, uint16_t epoch)
int
_gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st **params_out)
+ record_parameters_st ** params_out)
{
uint16_t epoch;
record_parameters_st **params;
@@ -704,21 +700,20 @@ _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
}
int
-_gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
- record_parameters_st **out)
+_gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out)
{
record_parameters_st **slot;
- _gnutls_record_log
- ("REC[%p]: Allocating epoch #%u\n", session, epoch);
+ _gnutls_record_log ("REC[%p]: Allocating epoch #%u\n", session, epoch);
- slot = epoch_get_slot(session, epoch);
+ slot = epoch_get_slot (session, epoch);
/* If slot out of range or not empty. */
if (slot == NULL)
return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
- if(*slot != NULL)
+ if (*slot != NULL)
return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
*slot = gnutls_calloc (1, sizeof (record_parameters_st));
@@ -726,9 +721,9 @@ _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
(*slot)->epoch = epoch;
- (*slot)->cipher_algorithm = GNUTLS_CIPHER_UNKNOWN;
+ (*slot)->cipher_algorithm = GNUTLS_CIPHER_UNKNOWN;
(*slot)->mac_algorithm = GNUTLS_MAC_UNKNOWN;
- (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
+ (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
if (out != NULL)
*out = *slot;
@@ -737,7 +732,7 @@ _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
}
static inline int
-epoch_alive (gnutls_session_t session, record_parameters_st *params)
+epoch_alive (gnutls_session_t session, record_parameters_st * params)
{
const security_parameters_st *sp = &session->security_parameters;
@@ -753,11 +748,10 @@ _gnutls_epoch_gc (gnutls_session_t session)
int i, j;
unsigned int min_index = 0;
- _gnutls_record_log
- ("REC[%p]: Start of epoch cleanup\n", session);
+ _gnutls_record_log ("REC[%p]: Start of epoch cleanup\n", session);
/* Free all dead cipher state */
- for(i=0; i < MAX_EPOCH_INDEX; i++)
+ for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL
&& !epoch_alive (session, session->record_parameters[i]))
{
@@ -766,23 +760,24 @@ _gnutls_epoch_gc (gnutls_session_t session)
}
/* Look for contiguous NULLs at the start of the array */
- for(i=0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL; i++);
+ for (i = 0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL;
+ i++);
min_index = i;
/* Pick up the slack in the epoch window. */
- for(i=0, j=min_index; j < MAX_EPOCH_INDEX; i++, j++)
+ for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++)
session->record_parameters[i] = session->record_parameters[j];
/* Set the new epoch_min */
if (session->record_parameters[0] != NULL)
- session->security_parameters.epoch_min = session->record_parameters[0]->epoch;
+ session->security_parameters.epoch_min =
+ session->record_parameters[0]->epoch;
- _gnutls_record_log
- ("REC[%p]: End of epoch cleanup\n", session);
+ _gnutls_record_log ("REC[%p]: End of epoch cleanup\n", session);
}
static inline void
-free_record_state (record_state_st *state, int read)
+free_record_state (record_state_st * state, int read)
{
_gnutls_free_datum (&state->mac_secret);
_gnutls_free_datum (&state->IV);
@@ -795,10 +790,9 @@ free_record_state (record_state_st *state, int read)
}
void
-_gnutls_epoch_free (gnutls_session_t session, record_parameters_st *params)
+_gnutls_epoch_free (gnutls_session_t session, record_parameters_st * params)
{
- _gnutls_record_log
- ("REC[%p]: Epoch #%u freed\n", session, params->epoch);
+ _gnutls_record_log ("REC[%p]: Epoch #%u freed\n", session, params->epoch);
free_record_state (&params->read, 1);
free_record_state (&params->write, 0);
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index 513ab1cd24..4fad30bd84 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -27,11 +27,11 @@
#define GNUTLS_CONSTATE_H
int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel,
- cipher_suite_st *suite);
+ cipher_suite_st * suite);
int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel,
gnutls_compression_method_t comp_algo);
void _gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st *params);
+ record_parameters_st * params);
int _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch);
int _gnutls_connection_state_init (gnutls_session_t session);
int _gnutls_read_connection_state_init (gnutls_session_t session);
@@ -40,10 +40,11 @@ int _gnutls_write_connection_state_init (gnutls_session_t session);
int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo);
int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st **params_out);
-int _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
- record_parameters_st **out);
+ record_parameters_st ** params_out);
+int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out);
void _gnutls_epoch_gc (gnutls_session_t session);
-void _gnutls_epoch_free (gnutls_session_t session, record_parameters_st *state);
+void _gnutls_epoch_free (gnutls_session_t session,
+ record_parameters_st * state);
#endif
diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h
index 0ccd0fcdc9..eb89bf71e8 100644
--- a/lib/gnutls_datum.h
+++ b/lib/gnutls_datum.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_DATUM_H
-# define GNUTLS_DATUM_H
+#define GNUTLS_DATUM_H
void _gnutls_write_datum16 (opaque * dest, gnutls_datum_t dat);
void _gnutls_write_datum24 (opaque * dest, gnutls_datum_t dat);
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index ad60681c56..c37d343add 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_DH_H
-# define GNUTLS_DH_H
+#define GNUTLS_DH_H
const bigint_t *_gnutls_dh_params_to_mpi (gnutls_dh_params_t);
bigint_t gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime);
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 88c603528d..1a19dd4713 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -27,7 +27,7 @@
#include "gnutls_errors.h"
#include <libtasn1.h>
#ifdef STDC_HEADERS
-# include <stdarg.h>
+#include <stdarg.h>
#endif
/* I18n of error codes. */
@@ -43,9 +43,9 @@ struct gnutls_error_entry
const char *desc;
const char *_name;
int number;
- int fatal; /* whether this error is fatal and the session for handshake
- * should be terminated.
- */
+ int fatal; /* whether this error is fatal and the session for handshake
+ * should be terminated.
+ */
};
typedef struct gnutls_error_entry gnutls_error_entry;
@@ -289,31 +289,31 @@ static const gnutls_error_entry error_algorithms[] = {
ERROR_ENTRY (N_("PKCS #11 PIN should be saved."),
GNUTLS_E_PKCS11_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in slot"),
- GNUTLS_E_PKCS11_SLOT_ERROR, 1),
+ GNUTLS_E_PKCS11_SLOT_ERROR, 1),
ERROR_ENTRY (N_("Thread locking error"),
- GNUTLS_E_LOCKING_ERROR, 1),
+ GNUTLS_E_LOCKING_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in attribute"),
- GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
+ GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in device"),
- GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
+ GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in data"),
- GNUTLS_E_PKCS11_DATA_ERROR, 1),
+ GNUTLS_E_PKCS11_DATA_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 unsupported feature"),
- GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
+ GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in key"),
- GNUTLS_E_PKCS11_KEY_ERROR, 1),
+ GNUTLS_E_PKCS11_KEY_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 PIN expired"),
- GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
+ GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
ERROR_ENTRY (N_("PKCS #11 PIN locked"),
- GNUTLS_E_PKCS11_PIN_LOCKED, 1),
+ GNUTLS_E_PKCS11_PIN_LOCKED, 1),
ERROR_ENTRY (N_("PKCS #11 error in session"),
- GNUTLS_E_PKCS11_SESSION_ERROR, 1),
+ GNUTLS_E_PKCS11_SESSION_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in signature"),
- GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
+ GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in token"),
- GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
+ GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 user error"),
- GNUTLS_E_PKCS11_USER_ERROR, 1),
+ GNUTLS_E_PKCS11_USER_ERROR, 1),
{NULL, NULL, 0, 0}
};
@@ -561,7 +561,7 @@ _gnutls_log (int level, const char *fmt, ...)
}
#ifndef DEBUG
-# ifndef C99_MACROS
+#ifndef C99_MACROS
/* Without C99 macros these functions have to
* be called. This may affect performance.
@@ -572,5 +572,5 @@ _gnutls_null_log (void *x, ...)
return;
}
-# endif /* C99_MACROS */
+#endif /* C99_MACROS */
#endif /* DEBUG */
diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h
index 7ed3da9f45..095a08401f 100644
--- a/lib/gnutls_errors.h
+++ b/lib/gnutls_errors.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_ERRORS_H
-# define GNUTLS_ERRORS_H
+#define GNUTLS_ERRORS_H
#include <gnutls_int.h>
#include <gnutls_global.h>
@@ -32,13 +32,13 @@
#define GNUTLS_E_INT_RET_0 -1251
#ifdef __FILE__
-# ifdef __LINE__
-# define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__);
-# else
-# define gnutls_assert()
-# endif
+#ifdef __LINE__
+#define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__);
+#else
+#define gnutls_assert()
+#endif
#else /* __FILE__ not defined */
-# define gnutls_assert()
+#define gnutls_assert()
#endif
int _gnutls_asn2err (int asn_err);
@@ -59,25 +59,25 @@ _gnutls_log (int, const char *fmt, ...)
#define LEVEL_EQ(l, ...) do { if (_gnutls_log_level == l || _gnutls_log_level > 9) \
_gnutls_log( l, __VA_ARGS__); } while(0)
-# define _gnutls_debug_log(...) LEVEL(2, __VA_ARGS__)
-# define _gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__)
-# define _gnutls_io_log(...) LEVEL_EQ(5, __VA_ARGS__)
-# define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__)
-# define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__)
-# define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__)
-# define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
-# define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
-# define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
+#define _gnutls_debug_log(...) LEVEL(2, __VA_ARGS__)
+#define _gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__)
+#define _gnutls_io_log(...) LEVEL_EQ(5, __VA_ARGS__)
+#define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__)
+#define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__)
+#define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__)
+#define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
+#define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
+#define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
#else
-# define _gnutls_debug_log _gnutls_null_log
-# define _gnutls_handshake_log _gnutls_null_log
-# define _gnutls_io_log _gnutls_null_log
-# define _gnutls_buffers_log _gnutls_null_log
-# define _gnutls_hard_log _gnutls_null_log
-# define _gnutls_record_log _gnutls_null_log
-# define _gnutls_read_log _gnutls_null_log
-# define _gnutls_write_log _gnutls_null_log
-# define _gnutls_x509_log _gnutls_null_log
+#define _gnutls_debug_log _gnutls_null_log
+#define _gnutls_handshake_log _gnutls_null_log
+#define _gnutls_io_log _gnutls_null_log
+#define _gnutls_buffers_log _gnutls_null_log
+#define _gnutls_hard_log _gnutls_null_log
+#define _gnutls_record_log _gnutls_null_log
+#define _gnutls_read_log _gnutls_null_log
+#define _gnutls_write_log _gnutls_null_log
+#define _gnutls_x509_log _gnutls_null_log
void _gnutls_null_log (void *, ...);
@@ -87,14 +87,13 @@ _gnutls_log (int, const char *fmt, ...)
otherwise. Making this a macro has been tried, but it interacts
badly with the do..while in the expansion. Welcome to the dark
side. */
-static inline
+ static inline
#ifdef __GNUC__
- __attribute__ ((always_inline))
+ __attribute__ ((always_inline))
#endif
-int
-gnutls_assert_val_int (int val, const char* file, int line)
+ int gnutls_assert_val_int (int val, const char *file, int line)
{
- _gnutls_debug_log( "ASSERT: %s:%d\n", file, line);
+ _gnutls_debug_log ("ASSERT: %s:%d\n", file, line);
return val;
}
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index cfa5a03725..81152911ad 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -42,13 +42,14 @@
#include <gnutls_num.h>
-static void _gnutls_ext_unset_resumed_session_data(gnutls_session_t session, uint16_t type);
+static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
+ uint16_t type);
static size_t extfunc_size = 0;
static extension_entry_st *extfunc = NULL;
-static gnutls_ext_parse_type_t
+static gnutls_ext_parse_type_t
_gnutls_ext_parse_type (uint16_t type)
{
size_t i;
@@ -56,7 +57,7 @@ _gnutls_ext_parse_type (uint16_t type)
for (i = 0; i < extfunc_size; i++)
{
if (extfunc[i].type == type)
- return extfunc[i].parse_type;
+ return extfunc[i].parse_type;
}
return GNUTLS_EXT_NONE;
@@ -82,7 +83,7 @@ _gnutls_ext_func_deinit (uint16_t type)
for (i = 0; i < extfunc_size; i++)
if (extfunc[i].type == type)
- return extfunc[i].deinit_func;
+ return extfunc[i].deinit_func;
return NULL;
}
@@ -94,7 +95,7 @@ _gnutls_ext_func_unpack (uint16_t type)
for (i = 0; i < extfunc_size; i++)
if (extfunc[i].type == type)
- return extfunc[i].unpack_func;
+ return extfunc[i].unpack_func;
return NULL;
}
@@ -194,8 +195,9 @@ _gnutls_parse_extensions (gnutls_session_t session,
if (ext_recv == NULL)
continue;
- _gnutls_debug_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n", session,
- _gnutls_extension_get_name (type), type, size);
+ _gnutls_debug_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
+ session, _gnutls_extension_get_name (type), type,
+ size);
if ((ret = ext_recv (session, sdata, size)) < 0)
{
@@ -374,7 +376,7 @@ _gnutls_ext_deinit (void)
}
int
-_gnutls_ext_register (extension_entry_st* mod)
+_gnutls_ext_register (extension_entry_st * mod)
{
extension_entry_st *p;
@@ -387,7 +389,7 @@ _gnutls_ext_register (extension_entry_st* mod)
extfunc = p;
- memcpy(&extfunc[extfunc_size], mod, sizeof(*mod));
+ memcpy (&extfunc[extfunc_size], mod, sizeof (*mod));
extfunc_size++;
@@ -415,226 +417,248 @@ gnutls_ext_register (int type,
gnutls_ext_recv_func recv_func,
gnutls_ext_send_func send_func)
{
-extension_entry_st ee;
+ extension_entry_st ee;
+
+ memset (&ee, 0, sizeof (ee));
- memset(&ee, 0, sizeof(ee));
-
ee.type = type;
ee.name = name;
ee.parse_type = parse_type;
ee.recv_func = recv_func;
ee.send_func = send_func;
- /* FIXME: Why is this exported? Should it be removed? */
+ /* FIXME: Why is this exported? Should it be removed? */
return _gnutls_ext_register (&ee);
}
-int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st* packed)
+int
+_gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed)
{
-int i, ret;
-extension_priv_data_t data;
-int cur_size;
-int size_offset;
-int total_exts_pos;
-int exts = 0;
+ int i, ret;
+ extension_priv_data_t data;
+ int cur_size;
+ int size_offset;
+ int total_exts_pos;
+ int exts = 0;
total_exts_pos = packed->length;
- BUFFER_APPEND_NUM(packed, 0);
+ BUFFER_APPEND_NUM (packed, 0);
- for (i = 0; i < extfunc_size; i++)
+ for (i = 0; i < extfunc_size; i++)
{
- ret = _gnutls_ext_get_session_data(session, extfunc[i].type, &data);
- if (ret >= 0 && extfunc[i].pack_func != NULL)
- {
- BUFFER_APPEND_NUM(packed, extfunc[i].type);
-
+ ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data);
+ if (ret >= 0 && extfunc[i].pack_func != NULL)
+ {
+ BUFFER_APPEND_NUM (packed, extfunc[i].type);
+
size_offset = packed->length;
- BUFFER_APPEND_NUM(packed, 0);
-
+ BUFFER_APPEND_NUM (packed, 0);
+
cur_size = packed->length;
-
- ret = extfunc[i].pack_func(data, packed);
- if (ret < 0)
+
+ ret = extfunc[i].pack_func (data, packed);
+ if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
-
+
exts++;
/* write the actual size */
- _gnutls_write_uint32(packed->length-cur_size, packed->data+size_offset);
- }
+ _gnutls_write_uint32 (packed->length - cur_size,
+ packed->data + size_offset);
+ }
}
- _gnutls_write_uint32(exts, packed->data+total_exts_pos);
+ _gnutls_write_uint32 (exts, packed->data + total_exts_pos);
return 0;
-
+
}
-void _gnutls_ext_restore_resumed_session(gnutls_session_t session)
+void
+_gnutls_ext_restore_resumed_session (gnutls_session_t session)
{
-int i;
+ int i;
/* clear everything except MANDATORY extensions */
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
- if (session->internals.extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type(session->internals.extension_int_data[i].type) != GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_unset_session_data(session, session->internals.extension_int_data[i].type);
- }
+ if (session->internals.extension_int_data[i].set != 0 &&
+ _gnutls_ext_parse_type (session->internals.
+ extension_int_data[i].type) !=
+ GNUTLS_EXT_MANDATORY)
+ {
+ _gnutls_ext_unset_session_data (session,
+ session->
+ internals.extension_int_data[i].
+ type);
+ }
}
/* copy resumed to main */
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
- if (session->internals.resumed_extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type(session->internals.resumed_extension_int_data[i].type) != GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_set_session_data(session, session->internals.resumed_extension_int_data[i].type,
- session->internals.resumed_extension_int_data[i].priv);
- session->internals.resumed_extension_int_data[i].set = 0;
- }
+ if (session->internals.resumed_extension_int_data[i].set != 0 &&
+ _gnutls_ext_parse_type (session->
+ internals.resumed_extension_int_data[i].
+ type) != GNUTLS_EXT_MANDATORY)
+ {
+ _gnutls_ext_set_session_data (session,
+ session->
+ internals.resumed_extension_int_data
+ [i].type,
+ session->
+ internals.resumed_extension_int_data
+ [i].priv);
+ session->internals.resumed_extension_int_data[i].set = 0;
+ }
}
}
-static void _gnutls_ext_set_resumed_session_data(gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+static void
+_gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type,
+ extension_priv_data_t data)
{
-int i;
+ int i;
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
- if (session->internals.resumed_extension_int_data[i].type == type || session->internals.resumed_extension_int_data[i].set == 0)
+ if (session->internals.resumed_extension_int_data[i].type == type
+ || session->internals.resumed_extension_int_data[i].set == 0)
{
-
- if (session->internals.resumed_extension_int_data[i].set != 0)
- _gnutls_ext_unset_resumed_session_data(session, type);
-
- session->internals.resumed_extension_int_data[i].type = type;
- session->internals.resumed_extension_int_data[i].priv = data;
- session->internals.resumed_extension_int_data[i].set = 1;
- return;
- }
+
+ if (session->internals.resumed_extension_int_data[i].set != 0)
+ _gnutls_ext_unset_resumed_session_data (session, type);
+
+ session->internals.resumed_extension_int_data[i].type = type;
+ session->internals.resumed_extension_int_data[i].priv = data;
+ session->internals.resumed_extension_int_data[i].set = 1;
+ return;
+ }
}
}
-int _gnutls_ext_unpack(gnutls_session_t session, gnutls_buffer_st* packed)
+int
+_gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed)
{
-int i, ret;
-extension_priv_data_t data;
-gnutls_ext_unpack_func unpack;
-int max_exts = 0;
-uint16_t type;
-int size_for_type, cur_pos;
+ int i, ret;
+ extension_priv_data_t data;
+ gnutls_ext_unpack_func unpack;
+ int max_exts = 0;
+ uint16_t type;
+ int size_for_type, cur_pos;
- BUFFER_POP_NUM(packed, max_exts);
- for (i = 0; i < max_exts; i++)
+ BUFFER_POP_NUM (packed, max_exts);
+ for (i = 0; i < max_exts; i++)
{
- BUFFER_POP_NUM(packed, type);
- BUFFER_POP_NUM(packed, size_for_type);
-
+ BUFFER_POP_NUM (packed, type);
+ BUFFER_POP_NUM (packed, size_for_type);
+
cur_pos = packed->length;
- unpack = _gnutls_ext_func_unpack(type);
+ unpack = _gnutls_ext_func_unpack (type);
if (unpack == NULL)
- {
- gnutls_assert();
+ {
+ gnutls_assert ();
return GNUTLS_E_PARSING_ERROR;
}
- ret = unpack(packed, &data);
- if (ret < 0)
+ ret = unpack (packed, &data);
+ if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
/* verify that unpack read the correct bytes */
cur_pos = cur_pos - packed->length;
- if (cur_pos /* read length */ != size_for_type)
- {
- gnutls_assert();
+ if (cur_pos /* read length */ != size_for_type)
+ {
+ gnutls_assert ();
return GNUTLS_E_PARSING_ERROR;
}
- _gnutls_ext_set_resumed_session_data(session, type, data);
+ _gnutls_ext_set_resumed_session_data (session, type, data);
}
return 0;
error:
- return ret;
+ return ret;
}
-void _gnutls_ext_unset_session_data(gnutls_session_t session, uint16_t type)
+void
+_gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type)
{
-gnutls_ext_deinit_data_func deinit;
-extension_priv_data_t data;
-int ret, i;
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
deinit = _gnutls_ext_func_deinit (type);
- ret = _gnutls_ext_get_session_data(session, type, &data);
+ ret = _gnutls_ext_get_session_data (session, type, &data);
if (ret >= 0 && deinit != NULL)
{
- deinit(data);
+ deinit (data);
}
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.extension_int_data[i].type == type)
{
session->internals.extension_int_data[i].set = 0;
return;
- }
+ }
}
}
-static void _gnutls_ext_unset_resumed_session_data(gnutls_session_t session, uint16_t type)
+static void
+_gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
+ uint16_t type)
{
-gnutls_ext_deinit_data_func deinit;
-extension_priv_data_t data;
-int ret, i;
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
deinit = _gnutls_ext_func_deinit (type);
- ret = _gnutls_ext_get_resumed_session_data(session, type, &data);
+ ret = _gnutls_ext_get_resumed_session_data (session, type, &data);
if (ret >= 0 && deinit != NULL)
{
- deinit(data);
+ deinit (data);
}
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.resumed_extension_int_data[i].type == type)
{
session->internals.resumed_extension_int_data[i].set = 0;
return;
- }
+ }
}
}
/* Deinitializes all data that are associated with TLS extensions.
*/
-void _gnutls_ext_free_session_data(gnutls_session_t session)
+void
+_gnutls_ext_free_session_data (gnutls_session_t session)
{
-int i;
+ int i;
- for (i = 0; i < extfunc_size; i++)
+ for (i = 0; i < extfunc_size; i++)
{
- _gnutls_ext_unset_session_data(session, extfunc[i].type);
+ _gnutls_ext_unset_session_data (session, extfunc[i].type);
}
- for (i = 0; i < extfunc_size; i++)
+ for (i = 0; i < extfunc_size; i++)
{
- _gnutls_ext_unset_resumed_session_data(session, extfunc[i].type);
+ _gnutls_ext_unset_resumed_session_data (session, extfunc[i].type);
}
}
@@ -643,60 +667,66 @@ int i;
* and retrieve them later on. We use functions instead of a pointer to a
* private pointer, to allow API additions by individual extensions.
*/
-void _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+void
+_gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
+ extension_priv_data_t data)
{
-int i;
-gnutls_ext_deinit_data_func deinit;
+ int i;
+ gnutls_ext_deinit_data_func deinit;
deinit = _gnutls_ext_func_deinit (type);
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
- if (session->internals.extension_int_data[i].type == type || session->internals.extension_int_data[i].set == 0)
+ if (session->internals.extension_int_data[i].type == type
+ || session->internals.extension_int_data[i].set == 0)
{
- if (session->internals.extension_int_data[i].set != 0)
- {
- if (deinit) deinit(session->internals.extension_int_data[i].priv);
- }
- session->internals.extension_int_data[i].type = type;
- session->internals.extension_int_data[i].priv = data;
- session->internals.extension_int_data[i].set = 1;
- return;
- }
+ if (session->internals.extension_int_data[i].set != 0)
+ {
+ if (deinit)
+ deinit (session->internals.extension_int_data[i].priv);
+ }
+ session->internals.extension_int_data[i].type = type;
+ session->internals.extension_int_data[i].priv = data;
+ session->internals.extension_int_data[i].set = 1;
+ return;
+ }
}
}
-int _gnutls_ext_get_session_data(gnutls_session_t session,
- uint16_t type, extension_priv_data_t* data)
+int
+_gnutls_ext_get_session_data (gnutls_session_t session,
+ uint16_t type, extension_priv_data_t * data)
{
-int i;
+ int i;
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.extension_int_data[i].set != 0 &&
- session->internals.extension_int_data[i].type == type)
+ session->internals.extension_int_data[i].type == type)
{
- *data = session->internals.extension_int_data[i].priv;
- return 0;
- }
+ *data = session->internals.extension_int_data[i].priv;
+ return 0;
+ }
}
return GNUTLS_E_INVALID_REQUEST;
}
-int _gnutls_ext_get_resumed_session_data(gnutls_session_t session,
- uint16_t type, extension_priv_data_t* data)
+int
+_gnutls_ext_get_resumed_session_data (gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data)
{
-int i;
+ int i;
- for (i=0;i<MAX_EXT_TYPES;i++)
+ for (i = 0; i < MAX_EXT_TYPES; i++)
{
- if (session->internals.resumed_extension_int_data[i].set != 0 &&
- session->internals.resumed_extension_int_data[i].type == type)
+ if (session->internals.resumed_extension_int_data[i].set != 0 &&
+ session->internals.resumed_extension_int_data[i].type == type)
{
- *data = session->internals.resumed_extension_int_data[i].priv;
- return 0;
- }
+ *data = session->internals.resumed_extension_int_data[i].priv;
+ return 0;
+ }
}
return GNUTLS_E_INVALID_REQUEST;
}
diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h
index 3c450e8993..e6f3263da8 100644
--- a/lib/gnutls_extensions.h
+++ b/lib/gnutls_extensions.h
@@ -37,26 +37,29 @@ void _gnutls_ext_deinit (void);
void _gnutls_extension_list_add (gnutls_session_t session, uint16_t type);
typedef void (*gnutls_ext_deinit_data_func) (extension_priv_data_t data);
-typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data, gnutls_buffer_st* packed_data);
-typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st* packed_data, extension_priv_data_t* data);
+typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data,
+ gnutls_buffer_st * packed_data);
+typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data,
+ extension_priv_data_t * data);
-void _gnutls_ext_free_session_data(gnutls_session_t session);
+void _gnutls_ext_free_session_data (gnutls_session_t session);
/* functions to be used by extensions internally
*/
-void _gnutls_ext_unset_session_data(gnutls_session_t session, uint16_t type);
-void _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type,
- extension_priv_data_t);
-int _gnutls_ext_get_session_data(gnutls_session_t session,
- uint16_t type, extension_priv_data_t*);
-int _gnutls_ext_get_resumed_session_data(gnutls_session_t session,
- uint16_t type, extension_priv_data_t* data);
+void _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type);
+void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
+ extension_priv_data_t);
+int _gnutls_ext_get_session_data (gnutls_session_t session,
+ uint16_t type, extension_priv_data_t *);
+int _gnutls_ext_get_resumed_session_data (gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data);
-void _gnutls_ext_restore_resumed_session(gnutls_session_t session);
+void _gnutls_ext_restore_resumed_session (gnutls_session_t session);
/* for session packing */
-int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st* packed);
-int _gnutls_ext_unpack(gnutls_session_t session, gnutls_buffer_st* packed);
+int _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed);
+int _gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed);
typedef struct
{
@@ -76,15 +79,15 @@ typedef struct
* < 0 on other error.
*/
gnutls_ext_send_func send_func;
-
- gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
- * internal data
- */
- gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
- gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
-
+
+ gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
+ * internal data
+ */
+ gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
+ gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
+
} extension_entry_st;
-int _gnutls_ext_register (extension_entry_st*);
+int _gnutls_ext_register (extension_entry_st *);
#endif
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 943d2debd6..ae9bdf6eb0 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -180,10 +180,10 @@ gnutls_global_init (void)
bindtextdomain (PACKAGE, LOCALEDIR);
- res = gnutls_crypto_init();
- if (res != 0)
+ res = gnutls_crypto_init ();
+ if (res != 0)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_CRYPTO_INIT_FAILED;
}
@@ -231,8 +231,8 @@ gnutls_global_init (void)
goto out;
}
- gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
-
+ gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
+
_gnutls_cryptodev_init ();
out:
@@ -260,7 +260,7 @@ gnutls_global_deinit (void)
asn1_delete_structure (&_gnutls_pkix1_asn);
_gnutls_crypto_deregister ();
_gnutls_cryptodev_deinit ();
- gnutls_pkcs11_deinit();
+ gnutls_pkcs11_deinit ();
}
_gnutls_init--;
}
diff --git a/lib/gnutls_global.h b/lib/gnutls_global.h
index 5e6265d39b..db2b1b1c2c 100644
--- a/lib/gnutls_global.h
+++ b/lib/gnutls_global.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_GLOBAL_H
-# define GNUTLS_GLOBAL_H
+#define GNUTLS_GLOBAL_H
#include <libtasn1.h>
#include <gnutls/gnutls.h>
@@ -43,6 +43,6 @@ extern ASN1_TYPE _gnutls_gnutls_asn;
extern gnutls_log_func _gnutls_log_func;
extern int _gnutls_log_level;
-extern int gnutls_crypto_init(void);
+extern int gnutls_crypto_init (void);
#endif
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 3cd0dc4aff..20b06c4c30 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -125,9 +125,11 @@ resume_copy_required_values (gnutls_session_t session)
suite, 2);
_gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- &session->internals.resumed_security_parameters.current_cipher_suite);
+ &session->
+ internals.resumed_security_parameters.current_cipher_suite);
_gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->internals.resumed_compression_method);
+ session->
+ internals.resumed_compression_method);
/* or write_compression_algorithm
* they are the same
@@ -658,13 +660,14 @@ _gnutls_send_finished (gnutls_session_t session, int again)
if (again == 0)
{
- bufel = _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE);
+ bufel =
+ _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE);
if (bufel == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- data = _mbuffer_get_udata_ptr(bufel);
+ data = _mbuffer_get_udata_ptr (bufel);
/* This is needed in order to hash all the required
* messages.
@@ -680,13 +683,13 @@ _gnutls_send_finished (gnutls_session_t session, int again)
ret =
_gnutls_ssl3_finished (session,
session->security_parameters.entity, data);
- _mbuffer_set_udata_size(bufel, 36);
+ _mbuffer_set_udata_size (bufel, 36);
}
else
{ /* TLS 1.0+ */
ret = _gnutls_finished (session,
session->security_parameters.entity, data);
- _mbuffer_set_udata_size(bufel, 12);
+ _mbuffer_set_udata_size (bufel, 12);
}
if (ret < 0)
@@ -694,20 +697,21 @@ _gnutls_send_finished (gnutls_session_t session, int again)
gnutls_assert ();
return ret;
}
-
- vdata_size = _mbuffer_get_udata_size(bufel);
+
+ vdata_size = _mbuffer_get_udata_size (bufel);
if (session->internals.finished_func)
session->internals.finished_func (session, data, vdata_size);
- ret = _gnutls_ext_sr_finished( session, data, vdata_size, 0);
+ ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0);
if (ret < 0)
- {
- gnutls_assert();
+ {
+ gnutls_assert ();
return ret;
}
- ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
+ ret =
+ _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
}
else
{
@@ -784,10 +788,10 @@ _gnutls_recv_finished (gnutls_session_t session)
}
gnutls_free (vrfy);
- ret = _gnutls_ext_sr_finished( session, data, data_size, 1);
+ ret = _gnutls_ext_sr_finished (session, data, data_size, 1);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
@@ -850,26 +854,26 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data,
*/
if (session->internals.priorities.sr != SR_DISABLED)
{
- int offset;
+ int offset;
- for (offset = 0; offset < datalen; offset += 2)
- {
- /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
- if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
- data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Received safe renegotiation CS\n", session);
- retval = _gnutls_ext_sr_recv_cs(session);
- if (retval < 0)
- {
- gnutls_assert();
- return retval;
- }
- break;
- }
- }
- }
+ for (offset = 0; offset < datalen; offset += 2)
+ {
+ /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
+ if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
+ data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Received safe renegotiation CS\n", session);
+ retval = _gnutls_ext_sr_recv_cs (session);
+ if (retval < 0)
+ {
+ gnutls_assert ();
+ return retval;
+ }
+ break;
+ }
+ }
+ }
pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
@@ -935,7 +939,8 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data,
memcpy (session->security_parameters.current_cipher_suite.suite,
ciphers[i].suite, 2);
_gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- &session->security_parameters.current_cipher_suite);
+ &session->
+ security_parameters.current_cipher_suite);
retval = 0;
@@ -1127,7 +1132,7 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
* (until it returns ok), with NULL parameters.
*/
int
-_gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel,
+_gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
gnutls_handshake_description_t type)
{
int ret;
@@ -1146,11 +1151,12 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel,
}
/* first run */
- data = _mbuffer_get_uhead_ptr(bufel);
- datasize = _mbuffer_get_udata_size(bufel) + _mbuffer_get_uhead_size(bufel);
+ data = _mbuffer_get_uhead_ptr (bufel);
+ datasize =
+ _mbuffer_get_udata_size (bufel) + _mbuffer_get_uhead_size (bufel);
data[pos++] = (uint8_t) type;
- _gnutls_write_uint24 ( _mbuffer_get_udata_size(bufel), &data[pos]);
+ _gnutls_write_uint24 (_mbuffer_get_udata_size (bufel), &data[pos]);
pos += 3;
_gnutls_handshake_log ("HSK[%p]: %s was sent [%ld bytes]\n",
@@ -1172,28 +1178,28 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel,
session->internals.last_handshake_out = type;
_gnutls_handshake_io_cache_int (session, type, bufel);
-
- switch (type)
+
+ switch (type)
{
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
- * or ClientKeyExchange always.
- */
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
- case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
+ * or ClientKeyExchange always.
+ */
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
+ case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
/* now for client Certificate, ClientKeyExchange and
* CertificateVerify are always followed by ChangeCipherSpec
*/
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- ret = 0;
- break;
- default:
- /* send cached messages */
- ret = _gnutls_handshake_io_write_flush(session);
- break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ ret = 0;
+ break;
+ default:
+ /* send cached messages */
+ ret = _gnutls_handshake_io_write_flush (session);
+ break;
}
return ret;
@@ -1574,7 +1580,9 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2])
}
memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, &session->security_parameters.current_cipher_suite);
+ _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
+ &session->
+ security_parameters.current_cipher_suite);
_gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session,
_gnutls_cipher_suite_get_name
@@ -1655,7 +1663,8 @@ _gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method)
session->internals.compression_method =
_gnutls_compression_get_id (comp_method);
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, session->internals.compression_method);
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT,
+ session->internals.compression_method);
return 0;
}
@@ -1690,9 +1699,12 @@ _gnutls_client_check_if_resuming (gnutls_session_t session,
session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
_gnutls_epoch_set_cipher_suite
- (session, EPOCH_NEXT, &session->internals.resumed_security_parameters.current_cipher_suite);
- _gnutls_epoch_set_compression
- (session, EPOCH_NEXT, session->internals.resumed_compression_method);
+ (session, EPOCH_NEXT,
+ &session->internals.
+ resumed_security_parameters.current_cipher_suite);
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT,
+ session->
+ internals.resumed_compression_method);
session->internals.resumed = RESUME_TRUE; /* we are resuming */
@@ -1900,13 +1912,13 @@ _gnutls_copy_ciphersuites (gnutls_session_t session,
/* Safe renegotiation signalling CS value is { 0x00, 0xff } */
ret_data[pos++] = 0x00;
ret_data[pos++] = 0xff;
- ret = _gnutls_ext_sr_send_cs(session);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_free (cipher_suites);
- return ret;
- }
+ ret = _gnutls_ext_sr_send_cs (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (cipher_suites);
+ return ret;
+ }
}
gnutls_free (cipher_suites);
@@ -1990,13 +2002,14 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
/* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE)
*/
- bufel = _gnutls_handshake_alloc (datalen, datalen+MAX_EXT_DATA_LENGTH);
+ bufel =
+ _gnutls_handshake_alloc (datalen, datalen + MAX_EXT_DATA_LENGTH);
if (bufel == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- data = _mbuffer_get_udata_ptr(bufel);
+ data = _mbuffer_get_udata_ptr (bufel);
extdatalen = MAX_EXT_DATA_LENGTH;
extdata = gnutls_malloc (extdatalen);
@@ -2026,7 +2039,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
{
gnutls_assert ();
gnutls_free (bufel);
- gnutls_free(extdata);
+ gnutls_free (extdata);
return GNUTLS_E_INTERNAL_ERROR;
}
@@ -2110,7 +2123,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
if (extdatalen == 0)
extdatalen = GNUTLS_E_INTERNAL_ERROR;
gnutls_free (bufel);
- gnutls_free(extdata);
+ gnutls_free (extdata);
gnutls_assert ();
return ret;
}
@@ -2134,7 +2147,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
if (extdatalen == 0)
extdatalen = GNUTLS_E_INTERNAL_ERROR;
gnutls_free (bufel);
- gnutls_free(extdata);
+ gnutls_free (extdata);
gnutls_assert ();
return ret;
}
@@ -2162,19 +2175,20 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
gnutls_free (extdata);
return ret;
}
- }
+ }
else if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (bufel);
- gnutls_free(extdata);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ return ret;
+ }
}
- gnutls_free(extdata);
+ gnutls_free (extdata);
- ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO);
+ ret =
+ _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO);
return ret;
}
@@ -2196,13 +2210,13 @@ _gnutls_send_server_hello (gnutls_session_t session, int again)
if (again == 0)
{
-
- extdata = gnutls_malloc(MAX_EXT_DATA_LENGTH);
+
+ extdata = gnutls_malloc (MAX_EXT_DATA_LENGTH);
if (extdata == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
ret =
@@ -2216,14 +2230,15 @@ _gnutls_send_server_hello (gnutls_session_t session, int again)
}
extdatalen = ret;
- bufel = _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen);
+ bufel =
+ _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen);
if (bufel == NULL)
{
gnutls_assert ();
ret = GNUTLS_E_MEMORY_ERROR;
goto fail;
}
- data = _mbuffer_get_udata_ptr(bufel);
+ data = _mbuffer_get_udata_ptr (bufel);
data[pos++] =
_gnutls_version_get_major (session->security_parameters.version);
@@ -2265,10 +2280,11 @@ _gnutls_send_server_hello (gnutls_session_t session, int again)
}
}
- ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO);
+ ret =
+ _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO);
fail:
- gnutls_free(extdata);
+ gnutls_free (extdata);
return ret;
}
@@ -2319,11 +2335,11 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen)
}
}
- ret = _gnutls_ext_sr_verify(session);
+ ret = _gnutls_ext_sr_verify (session);
if (ret < 0)
{
- gnutls_assert();
- return ret;
+ gnutls_assert ();
+ return ret;
}
return 0;
@@ -2518,7 +2534,8 @@ _gnutls_send_supplemental (gnutls_session_t session, int again)
_gnutls_debug_log ("EXT[%p]: Sending supplemental data\n", session);
if (again)
- ret = _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ ret =
+ _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_SUPPLEMENTAL);
else
{
gnutls_buffer_st buf;
@@ -2531,14 +2548,14 @@ _gnutls_send_supplemental (gnutls_session_t session, int again)
return ret;
}
- bufel = _gnutls_handshake_alloc(buf.length, buf.length);
+ bufel = _gnutls_handshake_alloc (buf.length, buf.length);
if (bufel == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- _mbuffer_set_udata(bufel, buf.data, buf.length);
+ _mbuffer_set_udata (bufel, buf.data, buf.length);
_gnutls_buffer_clear (&buf);
ret = _gnutls_send_handshake (session, bufel,
@@ -2617,7 +2634,9 @@ gnutls_handshake (gnutls_session_t session)
if (ret < 0)
{
/* We assume the epoch is not allocated if _gnutls_epoch_get fails. */
- ret = _gnutls_epoch_alloc (session, session->security_parameters.epoch_next, NULL);
+ ret =
+ _gnutls_epoch_alloc (session, session->security_parameters.epoch_next,
+ NULL);
if (ret < 0)
{
gnutls_assert ();
@@ -2814,12 +2833,12 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
STATE = STATE20;
- ret = _gnutls_handshake_io_write_flush(session);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_handshake_io_write_flush (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
case STATE21:
ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE21));
@@ -3054,9 +3073,9 @@ _gnutls_handshake_common (gnutls_session_t session)
{
case STATE0:
case STATE40:
- ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40));
- STATE = STATE40;
- IMED_RET ("send handshake new session ticket", ret, 0);
+ ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40));
+ STATE = STATE40;
+ IMED_RET ("send handshake new session ticket", ret, 0);
STATE = STATE0;
default:
break;
@@ -3084,7 +3103,7 @@ _gnutls_handshake_common (gnutls_session_t session)
{
case STATE0:
case STATE41:
- ret = _gnutls_recv_new_session_ticket (session);
+ ret = _gnutls_recv_new_session_ticket (session);
STATE = STATE41;
IMED_RET ("recv handshake new session ticket", ret, 1);
STATE = STATE0;
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 9a0ab6fe30..055e6950cd 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -26,7 +26,7 @@
typedef enum Optional
{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
-int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel,
+int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
gnutls_handshake_description_t type);
int _gnutls_recv_hello_request (gnutls_session_t session, void *data,
uint32_t data_size);
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 38883c5acb..77ea874f83 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -72,16 +72,16 @@ _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
if (cc != NULL)
{
if (cc->init (algorithm, &dig->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
dig->hash = cc->hash;
dig->copy = cc->copy;
dig->output = cc->output;
dig->deinit = cc->deinit;
-
+
return 0;
}
@@ -113,7 +113,7 @@ _gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
{
if (textlen > 0)
{
- handle->hash(handle->handle, text, textlen);
+ handle->hash (handle->handle, text, textlen);
}
return 0;
}
@@ -130,7 +130,7 @@ _gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src)
dst->output = src->output;
dst->deinit = src->deinit;
- return src->copy(&dst->handle, src->handle);
+ return src->copy (&dst->handle, src->handle);
}
/* when the current output is needed without calling deinit
@@ -241,17 +241,17 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
if (cc != NULL)
{
if (cc->init (algorithm, &dig->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
if (cc->setkey (dig->handle, key, keylen) < 0)
- {
- gnutls_assert ();
- cc->deinit (dig->handle);
- return GNUTLS_E_HASH_FAILED;
- }
+ {
+ gnutls_assert ();
+ cc->deinit (dig->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
dig->hash = cc->hash;
dig->output = cc->output;
@@ -281,7 +281,7 @@ _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen)
{
if (textlen > 0)
{
- return handle->hash(handle->handle, text, textlen);
+ return handle->hash (handle->handle, text, textlen);
}
return 0;
}
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index f548dfcf16..a98a4d0744 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_HASH_INT_H
-# define GNUTLS_HASH_INT_H
+#define GNUTLS_HASH_INT_H
#include <gnutls_int.h>
#include <gnutls/crypto.h>
@@ -38,23 +38,23 @@ extern gnutls_crypto_mac_st _gnutls_mac_ops;
extern int crypto_digest_prio;
extern gnutls_crypto_digest_st _gnutls_digest_ops;
-typedef int (*hash_func)(void* handle, const void* text, size_t size);
-typedef int (*copy_func)(void **dst_ctx, void *src_ctx);
-typedef int (*output_func)(void *src_ctx, void *digest, size_t digestsize);
-typedef void (*deinit_func)(void* handle);
+typedef int (*hash_func) (void *handle, const void *text, size_t size);
+typedef int (*copy_func) (void **dst_ctx, void *src_ctx);
+typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize);
+typedef void (*deinit_func) (void *handle);
typedef struct
{
gnutls_mac_algorithm_t algorithm;
const void *key;
int keysize;
-
+
hash_func hash;
copy_func copy;
output_func output;
deinit_func deinit;
-
- void * handle;
+
+ void *handle;
} digest_hd_st;
/* basic functions */
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5e8d6dfc1e..87d8f5ca11 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -24,10 +24,10 @@
*/
#ifndef GNUTLS_INT_H
-# define GNUTLS_INT_H
+#define GNUTLS_INT_H
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stddef.h>
@@ -39,7 +39,7 @@
#include <stdint.h>
#ifdef NO_SSIZE_T
-# define HAVE_SSIZE_T
+#define HAVE_SSIZE_T
typedef int ssize_t;
#endif
@@ -168,16 +168,16 @@ typedef enum handshake_state_t
#define MAX_CIPHERSUITES 256
typedef enum extensions_t
- {
- GNUTLS_EXTENSION_SERVER_NAME = 0,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
- GNUTLS_EXTENSION_CERT_TYPE = 9,
- GNUTLS_EXTENSION_SRP = 12,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
- GNUTLS_EXTENSION_SESSION_TICKET = 35,
- GNUTLS_EXTENSION_INNER_APPLICATION = 37703,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
- } extensions_t;
+{
+ GNUTLS_EXTENSION_SERVER_NAME = 0,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
+ GNUTLS_EXTENSION_CERT_TYPE = 9,
+ GNUTLS_EXTENSION_SRP = 12,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
+ GNUTLS_EXTENSION_SESSION_TICKET = 35,
+ GNUTLS_EXTENSION_INNER_APPLICATION = 37703,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
+} extensions_t;
typedef enum
{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
@@ -207,7 +207,7 @@ typedef struct mbuffer_st
message. Mark should only be non-zero when this buffer is the
head of the queue. */
size_t mark;
- unsigned int user_mark; /* only used during fill in */
+ unsigned int user_mark; /* only used during fill in */
size_t maximum_size;
} mbuffer_st;
@@ -222,8 +222,8 @@ typedef struct mbuffer_head_st
typedef enum
{
- HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */
- HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */
+ HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */
+ HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */
} handshake_mac_type_t;
/* Store & Retrieve functions defines:
@@ -341,7 +341,7 @@ typedef struct
{
gnutls_connection_end_t entity;
gnutls_kx_algorithm_t kx_algorithm;
- handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
+ handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
/* The epoch used to read and write */
uint16_t epoch_read;
@@ -389,9 +389,9 @@ struct record_state_st
gnutls_datum_t mac_secret;
gnutls_datum_t IV;
gnutls_datum_t key;
- cipher_hd_st cipher_state;
- comp_hd_t compression_state;
- uint64 sequence_number;
+ cipher_hd_st cipher_state;
+ comp_hd_t compression_state;
+ uint64 sequence_number;
};
/* These are used to resolve relative epochs. These values are just
@@ -407,8 +407,8 @@ struct record_parameters_st
uint16_t epoch;
int initialized;
- gnutls_cipher_algorithm_t cipher_algorithm;
- gnutls_mac_algorithm_t mac_algorithm;
+ gnutls_cipher_algorithm_t cipher_algorithm;
+ gnutls_mac_algorithm_t mac_algorithm;
gnutls_compression_method_t compression_algorithm;
record_state_st read;
@@ -421,7 +421,8 @@ typedef struct
unsigned int algorithms;
} priority_st;
-typedef enum {
+typedef enum
+{
SR_DISABLED,
SR_UNSAFE,
SR_PARTIAL,
@@ -477,9 +478,9 @@ typedef struct
gnutls_handshake_description_t recv_type;
} handshake_header_buffer_st;
-typedef union
+typedef union
{
- void* ptr;
+ void *ptr;
uint32_t num;
} extension_priv_data_t;
@@ -487,7 +488,7 @@ typedef struct
{
gnutls_buffer_st application_data_buffer; /* holds data to be delivered to application layer */
gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
- * message */
+ * message */
union
{
struct
@@ -505,7 +506,7 @@ typedef struct
gnutls_buffer_st handshake_data_buffer; /* this is a buffer that holds the current handshake message */
gnutls_buffer_st ia_data_buffer; /* holds inner application data (TLS/IA) */
- int resumable:1; /* TRUE or FALSE - if we can resume that session */
+ int resumable:1; /* TRUE or FALSE - if we can resume that session */
handshake_state_t handshake_state; /* holds
* a number which indicates where
* the handshake procedure has been
@@ -518,7 +519,7 @@ typedef struct
int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
*/
int may_not_write:1;
- int read_eof:1; /* non-zero if we have received a closure alert. */
+ int read_eof:1; /* non-zero if we have received a closure alert. */
int last_alert; /* last alert received */
@@ -534,7 +535,7 @@ typedef struct
struct gnutls_priority_st priorities;
/* resumed session */
- int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
+ int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
security_parameters_st resumed_security_parameters;
gnutls_compression_method_t resumed_compression_method;
@@ -712,16 +713,18 @@ typedef struct
int initial_negotiation_completed:1;
- struct {
- uint16_t type;
- extension_priv_data_t priv;
- int set:1;
+ struct
+ {
+ uint16_t type;
+ extension_priv_data_t priv;
+ int set:1;
} extension_int_data[MAX_EXT_TYPES];
- struct {
- uint16_t type;
- extension_priv_data_t priv;
- int set:1;
+ struct
+ {
+ uint16_t type;
+ extension_priv_data_t priv;
+ int set:1;
} resumed_extension_int_data[MAX_EXT_TYPES];
/* If you add anything here, check _gnutls_handshake_internal_state_clear().
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 0eb6f3c150..90cbce3432 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -39,19 +39,19 @@
#include <gnutls_datum.h>
#include <gnutls_rsa_export.h>
#include <gnutls_mbuffers.h>
-#include "../libextra/ext_inner_application.h" /* isn't this too much? */
+#include "../libextra/ext_inner_application.h" /* isn't this too much? */
/* This is a temporary function to be used before the generate_*
internal API is changed to use mbuffers. For now we don't avoid the
extra alloc + memcpy. */
static inline int
-send_handshake (gnutls_session_t session, opaque *data, size_t size,
+send_handshake (gnutls_session_t session, opaque * data, size_t size,
gnutls_handshake_description_t type)
{
mbuffer_st *bufel;
- if(data == NULL && size == 0)
- return _gnutls_send_handshake(session, NULL, type);
+ if (data == NULL && size == 0)
+ return _gnutls_send_handshake (session, NULL, type);
if (data == NULL && size > 0)
{
@@ -59,16 +59,16 @@ send_handshake (gnutls_session_t session, opaque *data, size_t size,
return GNUTLS_E_INVALID_REQUEST;
}
- bufel = _gnutls_handshake_alloc(size, size);
+ bufel = _gnutls_handshake_alloc (size, size);
if (bufel == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- _mbuffer_set_udata(bufel, data, size);
+ _mbuffer_set_udata (bufel, data, size);
- return _gnutls_send_handshake(session, bufel, type);
+ return _gnutls_send_handshake (session, bufel, type);
}
@@ -141,7 +141,7 @@ generate_normal_master (gnutls_session_t session, int keep_premaster)
}
/* TLS/IA inner secret is derived from the master secret. */
- _gnutls_ia_derive_inner_secret(session);
+ _gnutls_ia_derive_inner_secret (session);
if (!keep_premaster)
_gnutls_free_datum (&PREMASTER);
@@ -152,7 +152,8 @@ generate_normal_master (gnutls_session_t session, int keep_premaster)
_gnutls_hard_log ("INT: MASTER SECRET: %s\n",
_gnutls_bin2hex (session->
security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, buf, sizeof (buf), NULL));
+ GNUTLS_MASTER_SIZE, buf, sizeof (buf),
+ NULL));
return ret;
}
@@ -280,8 +281,8 @@ _gnutls_send_client_kx_message (gnutls_session_t session, int again)
return data_size;
}
}
- ret = send_handshake (session, data, data_size,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
+ ret = send_handshake (session, data, data_size,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
gnutls_free (data);
if (ret < 0)
diff --git a/lib/gnutls_mbuffers.c b/lib/gnutls_mbuffers.c
index c9af21d9e1..846c1a5e10 100644
--- a/lib/gnutls_mbuffers.c
+++ b/lib/gnutls_mbuffers.c
@@ -54,7 +54,7 @@
* Cost: O(1)
*/
void
-_mbuffer_init (mbuffer_head_st *buf)
+_mbuffer_init (mbuffer_head_st * buf)
{
buf->head = NULL;
buf->tail = &buf->head;
@@ -69,14 +69,14 @@ _mbuffer_init (mbuffer_head_st *buf)
* n: Number of segments currently in the buffer.
*/
void
-_mbuffer_clear (mbuffer_head_st *buf)
+_mbuffer_clear (mbuffer_head_st * buf)
{
mbuffer_st *bufel, *next;
- for(bufel = buf->head; bufel != NULL; bufel = next)
+ for (bufel = buf->head; bufel != NULL; bufel = next)
{
next = bufel->next;
- gnutls_free(bufel);
+ gnutls_free (bufel);
}
_mbuffer_init (buf);
@@ -87,7 +87,7 @@ _mbuffer_clear (mbuffer_head_st *buf)
* Cost: O(1)
*/
void
-_mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel)
+_mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel)
{
bufel->next = NULL;
@@ -104,7 +104,8 @@ _mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel)
*
* Cost: O(1)
*/
-mbuffer_st* _mbuffer_get_first (mbuffer_head_st *buf, gnutls_datum_t *msg)
+mbuffer_st *
+_mbuffer_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg)
{
mbuffer_st *bufel = buf->head;
@@ -127,7 +128,8 @@ mbuffer_st* _mbuffer_get_first (mbuffer_head_st *buf, gnutls_datum_t *msg)
*
* Cost: O(1)
*/
-mbuffer_st* _mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t *msg)
+mbuffer_st *
+_mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t * msg)
{
mbuffer_st *bufel = cur->next;
@@ -152,11 +154,11 @@ mbuffer_st* _mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t *msg)
* Cost: O(1)
*/
static inline void
-remove_front (mbuffer_head_st *buf)
+remove_front (mbuffer_head_st * buf)
{
mbuffer_st *bufel;
- if(!buf->head)
+ if (!buf->head)
return;
bufel = buf->head;
@@ -164,7 +166,7 @@ remove_front (mbuffer_head_st *buf)
buf->byte_length -= (bufel->msg.size - bufel->mark);
buf->length -= 1;
- gnutls_free(bufel);
+ gnutls_free (bufel);
if (!buf->head)
buf->tail = &buf->head;
@@ -180,7 +182,7 @@ remove_front (mbuffer_head_st *buf)
* n: Number of segments needed to remove the specified amount of data.
*/
int
-_mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes)
+_mbuffer_remove_bytes (mbuffer_head_st * buf, size_t bytes)
{
size_t left = bytes;
mbuffer_st *bufel, *next;
@@ -195,10 +197,10 @@ _mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes)
{
next = bufel->next;
- if(left >= (bufel->msg.size - bufel->mark))
+ if (left >= (bufel->msg.size - bufel->mark))
{
left -= (bufel->msg.size - bufel->mark);
- remove_front(buf);
+ remove_front (buf);
}
else
{
@@ -226,9 +228,9 @@ _mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes)
mbuffer_st *
_mbuffer_alloc (size_t payload_size, size_t maximum_size)
{
- mbuffer_st * st;
+ mbuffer_st *st;
- st = gnutls_malloc (maximum_size+sizeof (mbuffer_st));
+ st = gnutls_malloc (maximum_size + sizeof (mbuffer_st));
if (st == NULL)
{
gnutls_assert ();
@@ -236,7 +238,7 @@ _mbuffer_alloc (size_t payload_size, size_t maximum_size)
}
//payload points after the mbuffer_st structure
- st->msg.data = (opaque*)st + sizeof (mbuffer_st);
+ st->msg.data = (opaque *) st + sizeof (mbuffer_st);
st->msg.size = payload_size;
st->mark = 0;
st->user_mark = 0;
@@ -257,16 +259,16 @@ _mbuffer_alloc (size_t payload_size, size_t maximum_size)
* n: number of bytes to copy
*/
int
-_mbuffer_append_data (mbuffer_st *bufel, void* newdata, size_t newdata_size)
+_mbuffer_append_data (mbuffer_st * bufel, void *newdata, size_t newdata_size)
{
- if (bufel->msg.size+newdata_size <= bufel->maximum_size)
+ if (bufel->msg.size + newdata_size <= bufel->maximum_size)
{
- memcpy(&bufel->msg.data[bufel->msg.size], newdata, newdata_size);
- bufel->msg.size+=newdata_size;
+ memcpy (&bufel->msg.data[bufel->msg.size], newdata, newdata_size);
+ bufel->msg.size += newdata_size;
}
else
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
@@ -282,25 +284,25 @@ _mbuffer_append_data (mbuffer_st *bufel, void* newdata, size_t newdata_size)
* n: number of segments initially in the buffer
*/
int
-_mbuffer_linearize (mbuffer_head_st *buf)
+_mbuffer_linearize (mbuffer_head_st * buf)
{
mbuffer_st *bufel, *cur;
gnutls_datum_t msg;
- size_t pos=0;
+ size_t pos = 0;
if (buf->length <= 1)
/* Nothing to do */
return 0;
bufel = _mbuffer_alloc (buf->byte_length, buf->byte_length);
- if (!bufel) {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (cur = _mbuffer_get_first(buf, &msg);
- msg.data != NULL;
- cur = _mbuffer_get_next(cur, &msg))
+ if (!bufel)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (cur = _mbuffer_get_first (buf, &msg);
+ msg.data != NULL; cur = _mbuffer_get_next (cur, &msg))
{
memcpy (&bufel->msg.data[pos], msg.data, cur->msg.size);
pos += cur->msg.size;
diff --git a/lib/gnutls_mbuffers.h b/lib/gnutls_mbuffers.h
index beb1eabdec..9eaf310f6a 100644
--- a/lib/gnutls_mbuffers.h
+++ b/lib/gnutls_mbuffers.h
@@ -23,75 +23,85 @@
*/
#ifndef GNUTLS_MBUFFERS_H
-# define GNUTLS_MBUFFERS_H
+#define GNUTLS_MBUFFERS_H
#include <gnutls_int.h>
#include <gnutls_errors.h>
-void _mbuffer_init (mbuffer_head_st *buf);
-void _mbuffer_clear (mbuffer_head_st *buf);
-void _mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel);
-int _mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes);
-mbuffer_st* _mbuffer_alloc (size_t payload_size, size_t maximum_size);
+void _mbuffer_init (mbuffer_head_st * buf);
+void _mbuffer_clear (mbuffer_head_st * buf);
+void _mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel);
+int _mbuffer_remove_bytes (mbuffer_head_st * buf, size_t bytes);
+mbuffer_st *_mbuffer_alloc (size_t payload_size, size_t maximum_size);
-mbuffer_st* _mbuffer_get_first (mbuffer_head_st *buf, gnutls_datum_t *msg);
-mbuffer_st* _mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t *msg);
+mbuffer_st *_mbuffer_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg);
+mbuffer_st *_mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t * msg);
/* This is dangerous since it will replace bufel with a new
* one.
*/
-int _mbuffer_append_data (mbuffer_st *bufel, void* newdata, size_t newdata_size);
-int _mbuffer_linearize (mbuffer_head_st *buf);
+int _mbuffer_append_data (mbuffer_st * bufel, void *newdata,
+ size_t newdata_size);
+int _mbuffer_linearize (mbuffer_head_st * buf);
/* For "user" use. One can have buffer data and header.
*/
-inline static void _mbuffer_set_udata(mbuffer_st *bufel, void* data, size_t data_size)
+inline static void
+_mbuffer_set_udata (mbuffer_st * bufel, void *data, size_t data_size)
{
- memcpy(bufel->msg.data + bufel->user_mark, data, data_size);
+ memcpy (bufel->msg.data + bufel->user_mark, data, data_size);
}
-inline static void* _mbuffer_get_uhead_ptr(mbuffer_st *bufel)
+inline static void *
+_mbuffer_get_uhead_ptr (mbuffer_st * bufel)
{
return bufel->msg.data;
}
-inline static void* _mbuffer_get_udata_ptr(mbuffer_st *bufel)
+inline static void *
+_mbuffer_get_udata_ptr (mbuffer_st * bufel)
{
return bufel->msg.data + bufel->user_mark;
}
-inline static void _mbuffer_set_udata_size(mbuffer_st *bufel, size_t size)
+inline static void
+_mbuffer_set_udata_size (mbuffer_st * bufel, size_t size)
{
bufel->msg.size = size + bufel->user_mark;
}
-inline static size_t _mbuffer_get_udata_size(mbuffer_st *bufel)
+inline static size_t
+_mbuffer_get_udata_size (mbuffer_st * bufel)
{
return bufel->msg.size - bufel->user_mark;
}
-inline static size_t _mbuffer_get_uhead_size(mbuffer_st *bufel)
+inline static size_t
+_mbuffer_get_uhead_size (mbuffer_st * bufel)
{
return bufel->user_mark;
}
-inline static void _mbuffer_set_uhead_size(mbuffer_st *bufel, size_t size)
+inline static void
+_mbuffer_set_uhead_size (mbuffer_st * bufel, size_t size)
{
bufel->user_mark = size;
}
-inline static mbuffer_st* _gnutls_handshake_alloc(size_t size, size_t maximum)
+inline static mbuffer_st *
+_gnutls_handshake_alloc (size_t size, size_t maximum)
{
- mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size, HANDSHAKE_HEADER_SIZE+maximum);
+ mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size,
+ HANDSHAKE_HEADER_SIZE + maximum);
if (!ret)
return NULL;
- _mbuffer_set_uhead_size(ret, HANDSHAKE_HEADER_SIZE);
+ _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE);
return ret;
}
@@ -102,10 +112,11 @@ inline static mbuffer_st* _gnutls_handshake_alloc(size_t size, size_t maximum)
* pointer case). It also makes sure the pointer has a known value
* after freeing.
*/
-inline static void _mbuffer_xfree(mbuffer_st **bufel)
+inline static void
+_mbuffer_xfree (mbuffer_st ** bufel)
{
- if(*bufel)
- gnutls_free(*bufel);
+ if (*bufel)
+ gnutls_free (*bufel);
*bufel = NULL;
}
diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h
index c49c848db1..46811a34c8 100644
--- a/lib/gnutls_mem.h
+++ b/lib/gnutls_mem.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_MEM_H
-# define GNUTLS_MEM_H
+#define GNUTLS_MEM_H
typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h
index 9b3880c4a1..a9daddd3b8 100644
--- a/lib/gnutls_mpi.h
+++ b/lib/gnutls_mpi.h
@@ -24,11 +24,11 @@
*/
#ifndef GNUTLS_MPI_H
-# define GNUTLS_MPI_H
+#define GNUTLS_MPI_H
-# include <gnutls_int.h>
+#include <gnutls_int.h>
-# include <gnutls/crypto.h>
+#include <gnutls/crypto.h>
extern int crypto_bigint_prio;
extern gnutls_crypto_bigint_st _gnutls_mpi_ops;
diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h
index e35b92f268..e4658e5daf 100644
--- a/lib/gnutls_num.h
+++ b/lib/gnutls_num.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_NUM_H
-# define GNUTLS_NUM_H
+#define GNUTLS_NUM_H
#include <gnutls_int.h>
@@ -43,7 +43,7 @@ void _gnutls_write_uint16 (uint16_t num, opaque * data);
uint32_t _gnutls_uint64touint32 (const uint64 *);
int _gnutls_uint64pp (uint64 *);
-# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
-# define UINT64DATA(x) (x.i)
+#define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
+#define UINT64DATA(x) (x.i)
#endif /* GNUTLS_NUM_H */
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 9739869ad5..73609bf284 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -610,15 +610,16 @@ gnutls_pk_params_release (gnutls_pk_params_st * p)
}
}
-int _gnutls_calc_rsa_exp(bigint_t* params, unsigned int params_size)
+int
+_gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size)
{
-bigint_t tmp = _gnutls_mpi_alloc_like(params[0]);
+ bigint_t tmp = _gnutls_mpi_alloc_like (params[0]);
- if (params_size < RSA_PRIVATE_PARAMS-2)
- {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (params_size < RSA_PRIVATE_PARAMS - 2)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
if (tmp == NULL)
{
@@ -627,35 +628,38 @@ bigint_t tmp = _gnutls_mpi_alloc_like(params[0]);
}
/* [6] = d % p-1, [7] = d % q-1 */
- _gnutls_mpi_sub_ui(tmp, params[3], 1);
- params[6] = _gnutls_mpi_mod(params[2]/*d*/, tmp);
+ _gnutls_mpi_sub_ui (tmp, params[3], 1);
+ params[6] = _gnutls_mpi_mod (params[2] /*d */ , tmp);
- _gnutls_mpi_sub_ui(tmp, params[4], 1);
- params[7] = _gnutls_mpi_mod(params[2]/*d*/, tmp);
+ _gnutls_mpi_sub_ui (tmp, params[4], 1);
+ params[7] = _gnutls_mpi_mod (params[2] /*d */ , tmp);
- _gnutls_mpi_release(&tmp);
+ _gnutls_mpi_release (&tmp);
if (params[7] == NULL || params[6] == NULL)
{
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
return 0;
}
-int _gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk, bigint_t* params, int params_size,
- gnutls_digest_algorithm_t *dig, unsigned int *mand)
+int
+_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, bigint_t * params,
+ int params_size,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand)
{
if (mand)
{
if (pk == GNUTLS_PK_DSA)
- *mand = 1;
+ *mand = 1;
else
- *mand = 0;
+ *mand = 0;
}
return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) dig,
- NULL, pk, params, params_size);
+ NULL, pk, params, params_size);
}
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index 5aa9622c1c..93e2de0afc 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_PK_H
-# define GNUTLS_PK_H
+#define GNUTLS_PK_H
extern int crypto_pk_prio;
extern gnutls_crypto_pk_st _gnutls_pk_ops;
@@ -77,9 +77,11 @@ int
_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
bigint_t * s);
-int _gnutls_calc_rsa_exp(bigint_t* params, unsigned int params_size);
+int _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size);
-int _gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk, bigint_t* params, int params_size,
- gnutls_digest_algorithm_t *dig, unsigned int *mand);
+int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
+ bigint_t * params, int params_size,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand);
#endif /* GNUTLS_PK_H */
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 45b6a08998..3a17527395 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -576,7 +576,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
-
+
/* for now unsafe renegotiation is default on everyone. To be removed
* when we make it the default.
*/
@@ -713,10 +713,12 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
}
else if (broken_list[i][0] == '%')
{
- if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) {
- (*priority_cache)->no_padding = 1;
- (*priority_cache)->allow_large_records = 1;
- } else if (strcasecmp (&broken_list[i][1],
+ if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
+ {
+ (*priority_cache)->no_padding = 1;
+ (*priority_cache)->allow_large_records = 1;
+ }
+ else if (strcasecmp (&broken_list[i][1],
"VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
{
prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
@@ -732,13 +734,13 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
else if (strcasecmp (&broken_list[i][1],
"UNSAFE_RENEGOTIATION") == 0)
- {
+ {
(*priority_cache)->sr = SR_UNSAFE;
- }
+ }
else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
{
(*priority_cache)->sr = SR_SAFE;
- }
+ }
else if (strcasecmp (&broken_list[i][1],
"PARTIAL_RENEGOTIATION") == 0)
{
@@ -746,9 +748,9 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
}
else if (strcasecmp (&broken_list[i][1],
"DISABLE_SAFE_RENEGOTIATION") == 0)
- {
+ {
(*priority_cache)->sr = SR_DISABLED;
- }
+ }
else
goto error;
}
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index f5efe6dcae..99f47e8f5f 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -35,19 +35,21 @@
#include <x509_int.h>
#include <openpgp/openpgp_int.h>
-struct gnutls_privkey_st {
- gnutls_privkey_type_t type;
- gnutls_pk_algorithm_t pk_algorithm;
+struct gnutls_privkey_st
+{
+ gnutls_privkey_type_t type;
+ gnutls_pk_algorithm_t pk_algorithm;
- union {
- gnutls_x509_privkey_t x509;
- gnutls_pkcs11_privkey_t pkcs11;
+ union
+ {
+ gnutls_x509_privkey_t x509;
+ gnutls_pkcs11_privkey_t pkcs11;
#ifdef ENABLE_OPENPGP
- gnutls_openpgp_privkey_t openpgp;
+ gnutls_openpgp_privkey_t openpgp;
#endif
- } key;
+ } key;
- unsigned int flags;
+ unsigned int flags;
};
/**
@@ -60,9 +62,10 @@ struct gnutls_privkey_st {
* Returns: a member of the #gnutls_privkey_type_t enumeration on
* success, or a negative value on error.
**/
-gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key)
+gnutls_privkey_type_t
+gnutls_privkey_get_type (gnutls_privkey_t key)
{
- return key->type;
+ return key->type;
}
/**
@@ -77,30 +80,25 @@ gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key)
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative value on error.
**/
-int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
- unsigned int *bits)
+int
+gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits)
{
- switch (key->type) {
+ switch (key->type)
+ {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_get_pk_algorithm(key->key.
- openpgp,
- bits);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_get_pk_algorithm (key->key.openpgp, bits);
#endif
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.
- pkcs11,
- bits);
- case GNUTLS_PRIVKEY_X509:
- if (bits)
- *bits =
- _gnutls_mpi_get_nbits(key->key.x509->
- params[0]);
- return gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits);
+ case GNUTLS_PRIVKEY_X509:
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]);
+ return gnutls_x509_privkey_get_pk_algorithm (key->key.x509);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
@@ -113,15 +111,17 @@ int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_init(gnutls_privkey_t * key)
+int
+gnutls_privkey_init (gnutls_privkey_t * key)
{
- *key = gnutls_calloc(1, sizeof(struct gnutls_privkey_st));
- if (*key == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *key = gnutls_calloc (1, sizeof (struct gnutls_privkey_st));
+ if (*key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
/**
@@ -130,22 +130,22 @@ int gnutls_privkey_init(gnutls_privkey_t * key)
*
* This function will deinitialize a private key structure.
**/
-void gnutls_privkey_deinit(gnutls_privkey_t key)
+void
+gnutls_privkey_deinit (gnutls_privkey_t key)
{
- if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
- switch (key->type) {
+ if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
+ switch (key->type)
+ {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_deinit(key->key.
- openpgp);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_deinit (key->key.openpgp);
#endif
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_deinit(key->key.
- pkcs11);
- case GNUTLS_PRIVKEY_X509:
- return gnutls_x509_privkey_deinit(key->key.x509);
- }
- gnutls_free(key);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
+ case GNUTLS_PRIVKEY_X509:
+ return gnutls_x509_privkey_deinit (key->key.x509);
+ }
+ gnutls_free (key);
}
/**
@@ -160,17 +160,16 @@ void gnutls_privkey_deinit(gnutls_privkey_t key)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t key,
- unsigned int flags)
+int
+gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key, unsigned int flags)
{
- pkey->key.pkcs11 = key;
- pkey->type = GNUTLS_PRIVKEY_PKCS11;
- pkey->pk_algorithm =
- gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
- pkey->flags = flags;
+ pkey->key.pkcs11 = key;
+ pkey->type = GNUTLS_PRIVKEY_PKCS11;
+ pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
+ pkey->flags = flags;
- return 0;
+ return 0;
}
/**
@@ -185,16 +184,16 @@ int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
- gnutls_x509_privkey_t key,
- unsigned int flags)
+int
+gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key, unsigned int flags)
{
- pkey->key.x509 = key;
- pkey->type = GNUTLS_PRIVKEY_X509;
- pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key);
- pkey->flags = flags;
+ pkey->key.x509 = key;
+ pkey->type = GNUTLS_PRIVKEY_X509;
+ pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
+ pkey->flags = flags;
- return 0;
+ return 0;
}
#ifdef ENABLE_OPENPGP
@@ -210,17 +209,17 @@ int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t key,
- unsigned int flags)
+int
+gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags)
{
- pkey->key.openpgp = key;
- pkey->type = GNUTLS_PRIVKEY_OPENPGP;
- pkey->pk_algorithm =
- gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
- pkey->flags = flags;
+ pkey->key.openpgp = key;
+ pkey->type = GNUTLS_PRIVKEY_OPENPGP;
+ pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+ pkey->flags = flags;
- return 0;
+ return 0;
}
#endif
@@ -241,45 +240,49 @@ int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
* negative error value.
**/
int
-gnutls_privkey_sign_data(gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+gnutls_privkey_sign_data (gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
+ int ret;
+ gnutls_datum_t digest;
- switch (signer->pk_algorithm) {
- case GNUTLS_PK_RSA:
- ret = pk_pkcs1_rsa_hash(hash, data, &digest);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- case GNUTLS_PK_DSA:
- ret = pk_dsa_hash(hash, data, &digest);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ switch (signer->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret = pk_pkcs1_rsa_hash (hash, data, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ ret = pk_dsa_hash (hash, data, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- ret = gnutls_privkey_sign_hash(signer, &digest, signature);
- _gnutls_free_datum(&digest);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = gnutls_privkey_sign_hash (signer, &digest, signature);
+ _gnutls_free_datum (&digest);
- return 0;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -294,26 +297,27 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_sign_hash(gnutls_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+int
+gnutls_privkey_sign_hash (gnutls_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- switch (key->type) {
+ switch (key->type)
+ {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_sign_hash(key->key.openpgp,
- hash, signature);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
+ hash, signature);
#endif
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11,
- hash, signature);
- case GNUTLS_PRIVKEY_X509:
- return gnutls_x509_privkey_sign_hash(key->key.x509, hash,
- signature);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
+ hash, signature);
+ case GNUTLS_PRIVKEY_X509:
+ return gnutls_x509_privkey_sign_hash (key->key.x509, hash, signature);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -329,36 +333,35 @@ int gnutls_privkey_sign_hash(gnutls_privkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_decrypt_data(gnutls_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+int
+gnutls_privkey_decrypt_data (gnutls_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- if (key->pk_algorithm != GNUTLS_PK_RSA) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key->pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- switch (key->type) {
+ switch (key->type)
+ {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_decrypt_data(key->key.
- openpgp, flags,
- ciphertext,
- plaintext);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags,
+ ciphertext, plaintext);
#endif
- case GNUTLS_PRIVKEY_X509:
- return _gnutls_pkcs1_rsa_decrypt(plaintext, ciphertext,
- key->key.x509->params,
- key->key.x509->
- params_size, 2);
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11,
- flags,
- ciphertext,
- plaintext);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext,
+ key->key.x509->params,
+ key->key.x509->params_size, 2);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11,
+ flags,
+ ciphertext, plaintext);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index bd413efaf8..bce1334398 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -42,23 +42,24 @@
#define PK_PEM_HEADER "PUBLIC KEY"
-struct gnutls_pubkey_st {
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int bits; /* an indication of the security parameter */
-
- /* the size of params depends on the public
- * key algorithm
- * RSA: [0] is modulus
- * [1] is public exponent
- * DSA: [0] is p
- * [1] is q
- * [2] is g
- * [3] is public key
- */
- bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size; /* holds the size of MPI params */
-
- unsigned int key_usage; /* bits from GNUTLS_KEY_* */
+struct gnutls_pubkey_st
+{
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int bits; /* an indication of the security parameter */
+
+ /* the size of params depends on the public
+ * key algorithm
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is public key
+ */
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size; /* holds the size of MPI params */
+
+ unsigned int key_usage; /* bits from GNUTLS_KEY_* */
};
/**
@@ -73,12 +74,13 @@ struct gnutls_pubkey_st {
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative value on error.
**/
-int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, unsigned int *bits)
+int
+gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits)
{
- if (bits)
- *bits = key->bits;
+ if (bits)
+ *bits = key->bits;
- return key->pk_algorithm;
+ return key->pk_algorithm;
}
/**
@@ -91,12 +93,13 @@ int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, unsigned int *bits)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage)
+int
+gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage)
{
- if (usage)
- *usage = key->key_usage;
+ if (usage)
+ *usage = key->key_usage;
- return 0;
+ return 0;
}
/**
@@ -108,15 +111,17 @@ int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pubkey_init(gnutls_pubkey_t * key)
+int
+gnutls_pubkey_init (gnutls_pubkey_t * key)
{
- *key = gnutls_calloc(1, sizeof(struct gnutls_pubkey_st));
- if (*key == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc (1, sizeof (struct gnutls_pubkey_st));
+ if (*key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -125,9 +130,10 @@ int gnutls_pubkey_init(gnutls_pubkey_t * key)
*
* This function will deinitialize a public key structure.
**/
-void gnutls_pubkey_deinit(gnutls_pubkey_t key)
+void
+gnutls_pubkey_deinit (gnutls_pubkey_t key)
{
- gnutls_free(key);
+ gnutls_free (key);
}
/**
@@ -142,45 +148,44 @@ void gnutls_pubkey_deinit(gnutls_pubkey_t key)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt,
- unsigned int flags)
+int
+gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
+ unsigned int flags)
{
- int ret;
-
- key->pk_algorithm =
- gnutls_x509_crt_get_pk_algorithm(crt, &key->bits);
-
- ret = gnutls_x509_crt_get_key_usage(crt, &key->key_usage, NULL);
- if (ret < 0)
- key->key_usage = 0;
-
- key->params_size = sizeof(key->params) / sizeof(key->params[0]);
- switch (key->pk_algorithm) {
- case GNUTLS_PK_RSA:
- ret =
- _gnutls_x509_crt_get_mpis(crt, key->params,
- &key->params_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- case GNUTLS_PK_DSA:
- ret =
- _gnutls_x509_crt_get_mpis(crt, key->params,
- &key->params_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ int ret;
+
+ key->pk_algorithm = gnutls_x509_crt_get_pk_algorithm (crt, &key->bits);
+
+ ret = gnutls_x509_crt_get_key_usage (crt, &key->key_usage, NULL);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ key->params_size = sizeof (key->params) / sizeof (key->params[0]);
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
/**
@@ -199,22 +204,23 @@ int gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt,
* Since: 2.11.0
**/
int
-gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
- int ret;
+ int ret;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm,
- key->params, key->params_size,
- hash, mand);
+ ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm,
+ key->params, key->params_size,
+ hash, mand);
- return ret;
+ return ret;
}
@@ -230,42 +236,44 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
- gnutls_pkcs11_obj_t obj,
- unsigned int flags)
+int
+gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
+ gnutls_pkcs11_obj_t obj, unsigned int flags)
{
- int ret;
-
- ret = gnutls_pkcs11_obj_get_type(obj);
- if (ret != GNUTLS_PKCS11_OBJ_PUBKEY) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- key->key_usage = obj->key_usage;
-
- switch (obj->pk_algorithm) {
- case GNUTLS_PK_RSA:
- ret = gnutls_pubkey_import_rsa_raw(key, &obj->pubkey[0],
- &obj->pubkey[1]);
- break;
- case GNUTLS_PK_DSA:
- ret = gnutls_pubkey_import_dsa_raw(key, &obj->pubkey[0],
- &obj->pubkey[1],
- &obj->pubkey[2],
- &obj->pubkey[3]);
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_get_type (obj);
+ if (ret != GNUTLS_PKCS11_OBJ_PUBKEY)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->key_usage = obj->key_usage;
+
+ switch (obj->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0],
+ &obj->pubkey[1]);
+ break;
+ case GNUTLS_PK_DSA:
+ ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0],
+ &obj->pubkey[1],
+ &obj->pubkey[2], &obj->pubkey[3]);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
}
#ifdef ENABLE_OPENPGP
@@ -281,54 +289,58 @@ int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+int
+gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
- int ret;
- uint32_t kid32[2];
-
- ret = gnutls_openpgp_crt_get_preferred_key_id(crt, keyid);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- KEYID_IMPORT(kid32, keyid);
-
- key->pk_algorithm =
- gnutls_openpgp_crt_get_pk_algorithm(crt, &key->bits);
-
- ret = gnutls_openpgp_crt_get_key_usage(crt, &key->key_usage);
- if (ret < 0)
- key->key_usage = 0;
-
- switch (key->pk_algorithm) {
- case GNUTLS_PK_RSA:
- ret =
- _gnutls_openpgp_crt_get_mpis(crt, kid32, key->params,
- &key->params_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- case GNUTLS_PK_DSA:
- ret =
- _gnutls_openpgp_crt_get_mpis(crt, kid32, key->params,
- &key->params_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ int ret;
+ uint32_t kid32[2];
+
+ ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ KEYID_IMPORT (kid32, keyid);
+
+ key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits);
+
+ ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret =
+ _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ ret =
+ _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
#endif
@@ -354,50 +366,52 @@ int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key,
* returned, and 0 on success.
**/
int
-gnutls_pubkey_export(gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_pubkey_export (gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result =
- _gnutls_x509_encode_and_copy_PKI_params(spk, "",
- key->pk_algorithm,
- key->params,
- key->params_size);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ _gnutls_x509_encode_and_copy_PKI_params (spk, "",
+ key->pk_algorithm,
+ key->params, key->params_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
- result = _gnutls_x509_export_int_named(spk, "",
- format, PK_PEM_HEADER,
- output_data,
- output_data_size);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ result = _gnutls_x509_export_int_named (spk, "",
+ format, PK_PEM_HEADER,
+ output_data, output_data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
- result = 0;
+ result = 0;
- cleanup:
- asn1_delete_structure(&spk);
+cleanup:
+ asn1_delete_structure (&spk);
- return result;
+ return result;
}
@@ -422,27 +436,28 @@ gnutls_pubkey_export(gnutls_pubkey_t key,
* returned, and 0 on success.
**/
int
-gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int ret = 0;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_get_key_id(key->pk_algorithm, key->params,
- key->params_size, output_data,
- output_data_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return 0;
+ int ret = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_get_key_id (key->pk_algorithm, key->params,
+ key->params_size, output_data, output_data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -458,35 +473,39 @@ gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
* Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
**/
int
-gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e)
+gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- int ret;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_RSA) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_mpi_dprint(key->params[0], m);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint(key->params[1], e);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(m);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint (key->params[0], m);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint (key->params[1], e);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -504,59 +523,65 @@ gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key,
* Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
**/
int
-gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
- int ret;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_DSA) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint(key->params[0], p);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint(key->params[1], q);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- return ret;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint(key->params[2], g);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(q);
- return ret;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint(key->params[3], y);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(g);
- _gnutls_free_datum(q);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_DSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint (key->params[0], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint (key->params[1], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint (key->params[2], g);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint (key->params[3], y);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -572,81 +597,86 @@ gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pubkey_import(gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+int
+gnutls_pubkey_import (gnutls_pubkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
- ASN1_TYPE spk;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- /* Try the first header */
- result =
- _gnutls_fbase64_decode(PK_PEM_HEADER, data->data,
- data->size, &out);
-
- if (result <= 0) {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_der_decoding(&spk, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- key->params_size = sizeof(key->params) / sizeof(key->params[0]);
- result =
- _gnutls_get_asn_mpis(spk, "", key->params, &key->params_size);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- /* this has already been called by get_asn_mpis() thus it cannot
- * fail.
- */
- key->pk_algorithm = _gnutls_x509_get_pk_algorithm(spk, "", NULL);
-
- result = 0;
-
- cleanup:
- asn1_delete_structure(&spk);
-
- if (need_free)
- _gnutls_free_datum(&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+ ASN1_TYPE spk;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding (&spk, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ key->params_size = sizeof (key->params) / sizeof (key->params[0]);
+ result = _gnutls_get_asn_mpis (spk, "", key->params, &key->params_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* this has already been called by get_asn_mpis() thus it cannot
+ * fail.
+ */
+ key->pk_algorithm = _gnutls_x509_get_pk_algorithm (spk, "", NULL);
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&spk);
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
}
/**
@@ -660,30 +690,33 @@ int gnutls_pubkey_import(gnutls_pubkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key)
+int
+gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key)
{
- int result;
+ int result;
- if (crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- key->pk_algorithm,
- key->params,
- key->params_size);
+ result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
- if (key->key_usage)
- gnutls_x509_crt_set_key_usage(crt, key->key_usage);
+ if (key->key_usage)
+ gnutls_x509_crt_set_key_usage (crt, key->key_usage);
- return 0;
+ return 0;
}
/**
@@ -697,29 +730,32 @@ int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key)
+int
+gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key)
{
- int result;
+ int result;
- if (crq == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- key->pk_algorithm, key->params, key->params_size);
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm, key->params, key->params_size);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
- if (key->key_usage)
- gnutls_x509_crq_set_key_usage(crq, key->key_usage);
+ if (key->key_usage)
+ gnutls_x509_crq_set_key_usage (crq, key->key_usage);
- return 0;
+ return 0;
}
/**
@@ -732,11 +768,12 @@ int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage)
+int
+gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage)
{
- key->key_usage = usage;
+ key->key_usage = usage;
- return 0;
+ return 0;
}
/**
@@ -752,36 +789,40 @@ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage)
* negative error value.
**/
-int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+int
+gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
{
- gnutls_pkcs11_obj_t pcrt;
- int ret;
-
- ret = gnutls_pkcs11_obj_init(&pcrt);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_pkcs11(key, pcrt, 0);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
- cleanup:
-
- gnutls_pkcs11_obj_deinit(pcrt);
-
- return ret;
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init (&pcrt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_pkcs11 (key, pcrt, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
+
+ gnutls_pkcs11_obj_deinit (pcrt);
+
+ return ret;
}
/**
@@ -797,34 +838,37 @@ int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e)
+gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
{
- size_t siz = 0;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- siz = m->size;
- if (_gnutls_mpi_scan_nz(&key->params[0], m->data, siz)) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = e->size;
- if (_gnutls_mpi_scan_nz(&key->params[1], e->data, siz)) {
- gnutls_assert();
- _gnutls_mpi_release(&key->params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- key->params_size = RSA_PUBLIC_PARAMS;
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- return 0;
+ size_t siz = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], m->data, siz))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], e->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params_size = RSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ return 0;
}
/**
@@ -843,53 +887,58 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
* negative error value.
**/
int
-gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y)
+gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y)
{
- size_t siz = 0;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz(&key->params[0], p->data, siz)) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz(&key->params[1], q->data, siz)) {
- gnutls_assert();
- _gnutls_mpi_release(&key->params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = g->size;
- if (_gnutls_mpi_scan_nz(&key->params[2], g->data, siz)) {
- gnutls_assert();
- _gnutls_mpi_release(&key->params[1]);
- _gnutls_mpi_release(&key->params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = y->size;
- if (_gnutls_mpi_scan_nz(&key->params[3], y->data, siz)) {
- gnutls_assert();
- _gnutls_mpi_release(&key->params[2]);
- _gnutls_mpi_release(&key->params[1]);
- _gnutls_mpi_release(&key->params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- key->params_size = DSA_PUBLIC_PARAMS;
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- return 0;
+ size_t siz = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], p->data, siz))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], q->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz (&key->params[2], g->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[1]);
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz (&key->params[3], y->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[2]);
+ _gnutls_mpi_release (&key->params[1]);
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params_size = DSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ return 0;
}
@@ -907,22 +956,23 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
* success.
**/
int
-gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
- int ret;
+ int ret;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret =
- pubkey_verify_sig(NULL, hash, signature, key->pk_algorithm,
- key->params, key->params_size);
+ ret =
+ pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm,
+ key->params, key->params_size);
- return ret;
+ return ret;
}
/**
@@ -938,19 +988,19 @@ gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags,
* returned on error.
**/
int
-gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_verify_algorithm((gnutls_mac_algorithm_t *)
- hash, signature,
- key->pk_algorithm,
- key->params,
- key->params_size);
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *)
+ hash, signature,
+ key->pk_algorithm,
+ key->params, key->params_size);
}
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index afc7e32719..c960a8ed3a 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -335,8 +335,9 @@ copy_record_version (gnutls_session_t session,
*/
ssize_t
_gnutls_send_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype, unsigned int epoch_rel,
- const void *_data, size_t sizeofdata, unsigned int mflags)
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *_data,
+ size_t sizeofdata, unsigned int mflags)
{
mbuffer_st *bufel;
size_t cipher_size;
@@ -427,7 +428,8 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
cipher_size =
_gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
- data2send_size, _mbuffer_get_udata_ptr(bufel), cipher_size, type,
+ data2send_size, _mbuffer_get_udata_ptr (bufel),
+ cipher_size, type,
(session->internals.priorities.no_padding ==
0) ? 1 : 0, record_params);
if (cipher_size <= 0)
@@ -452,7 +454,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
return GNUTLS_E_RECORD_LIMIT_REACHED;
}
- _mbuffer_set_udata_size(bufel, cipher_size);
+ _mbuffer_set_udata_size (bufel, cipher_size);
ret = _gnutls_io_write_buffered (session, bufel, mflags);
}
@@ -485,7 +487,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
(int)
_gnutls_uint64touint32
(&record_state->sequence_number),
- _gnutls_packet2str (type), type, (int)cipher_size);
+ _gnutls_packet2str (type), type, (int) cipher_size);
return retval;
}
@@ -501,7 +503,8 @@ _gnutls_send_change_cipher_spec (gnutls_session_t session, int again)
_gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
if (again == 0)
- return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH);
+ return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
+ EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH);
else
{
return _gnutls_io_write_flush (session);
@@ -760,12 +763,14 @@ record_check_type (gnutls_session_t session,
if (session->security_parameters.entity == GNUTLS_SERVER)
{
gnutls_assert ();
- ret = _gnutls_record_buffer_put (recv_type, session, (void *) data, data_size);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
+ ret =
+ _gnutls_record_buffer_put (recv_type, session, (void *) data,
+ data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
return GNUTLS_E_REHANDSHAKE;
}
@@ -932,8 +937,7 @@ begin:
header_size = RECORD_HEADER_SIZE;
if ((ret =
- _gnutls_io_read_buffered (session, header_size,
- -1)) != header_size)
+ _gnutls_io_read_buffered (session, header_size, -1)) != header_size)
{
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
return ret;
@@ -950,10 +954,11 @@ begin:
}
ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
- if (ret != 0) {
- gnutls_assert ();
- return ret;
- }
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
_mbuffer_get_first (&session->internals.record_recv_buffer, &data_enc);
@@ -990,7 +995,8 @@ begin:
_gnutls_packet2str (type), type, (int) sizeofdata);
_gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n",
session,
- (int) _gnutls_uint64touint32 (&record_state->sequence_number),
+ (int)
+ _gnutls_uint64touint32 (&record_state->sequence_number),
_gnutls_packet2str (recv_type), recv_type, length);
if (length > MAX_RECV_SIZE)
@@ -1025,10 +1031,11 @@ begin:
*/
ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
- if (ret != 0) {
- gnutls_assert ();
- return ret;
- }
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
_mbuffer_get_first (&session->internals.record_recv_buffer, &data_enc);
ciphertext = &data_enc.data[header_size];
@@ -1051,7 +1058,8 @@ begin:
gnutls_assert ();
return ret;
}
- _mbuffer_remove_bytes (&session->internals.record_recv_buffer, header_size + length);
+ _mbuffer_remove_bytes (&session->internals.record_recv_buffer,
+ header_size + length);
decrypted_length = ret;
/* Check if this is a CHANGE_CIPHER_SPEC
@@ -1180,8 +1188,9 @@ ssize_t
gnutls_record_send (gnutls_session_t session, const void *data,
size_t sizeofdata)
{
- return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1, EPOCH_WRITE_CURRENT,
- data, sizeofdata, MBUFFER_FLUSH);
+ return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1,
+ EPOCH_WRITE_CURRENT, data, sizeofdata,
+ MBUFFER_FLUSH);
}
/**
diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
index 76c8520e24..6e920daa70 100644
--- a/lib/gnutls_record.h
+++ b/lib/gnutls_record.h
@@ -24,14 +24,15 @@
*/
#ifndef GNUTLS_RECORD_H
-# define GNUTLS_RECORD_H
+#define GNUTLS_RECORD_H
-# include <gnutls/gnutls.h>
-# include <gnutls_buffers.h>
+#include <gnutls/gnutls.h>
+#include <gnutls_buffers.h>
ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype, unsigned int epoch_rel,
- const void *data, size_t sizeofdata, unsigned int mflags);
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *data,
+ size_t sizeofdata, unsigned int mflags);
ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type,
gnutls_handshake_description_t, opaque * data,
size_t sizeofdata);
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index 542abb3edb..aa6b8e3026 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -29,10 +29,10 @@
#include <gnutls_int.h>
#ifdef ENABLE_SRP
-# include <auth_srp.h>
+#include <auth_srp.h>
#endif
#ifdef ENABLE_PSK
-# include <auth_psk.h>
+#include <auth_psk.h>
#endif
#include <auth_anon.h>
#include <auth_cert.h>
@@ -47,8 +47,7 @@
static int pack_certificate_auth_info (gnutls_session_t,
gnutls_buffer_st * packed_session);
static int unpack_certificate_auth_info (gnutls_session_t,
- gnutls_buffer_st *
- packed_session);
+ gnutls_buffer_st * packed_session);
static int unpack_srp_auth_info (gnutls_session_t session,
gnutls_buffer_st * packed_session);
@@ -93,10 +92,10 @@ _gnutls_session_pack (gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- _gnutls_buffer_init(&sb);
+ _gnutls_buffer_init (&sb);
id = gnutls_auth_get_type (session);
- BUFFER_APPEND(&sb, &id, 1);
+ BUFFER_APPEND (&sb, &id, 1);
switch (id)
{
@@ -150,20 +149,20 @@ _gnutls_session_pack (gnutls_session_t session,
if (ret < 0)
{
gnutls_assert ();
- _gnutls_buffer_clear(&sb);
+ _gnutls_buffer_clear (&sb);
return ret;
}
-
- ret = _gnutls_ext_pack(session, &sb);
+
+ ret = _gnutls_ext_pack (session, &sb);
if (ret < 0)
{
gnutls_assert ();
- _gnutls_buffer_clear(&sb);
+ _gnutls_buffer_clear (&sb);
return ret;
}
-
- ret = _gnutls_buffer_to_datum(&sb, packed_session);
-
+
+ ret = _gnutls_buffer_to_datum (&sb, packed_session);
+
return ret;
}
@@ -177,8 +176,8 @@ _gnutls_session_unpack (gnutls_session_t session,
int ret;
gnutls_buffer_st sb;
opaque id;
-
- _gnutls_buffer_init(&sb);
+
+ _gnutls_buffer_init (&sb);
if (packed_session == NULL || packed_session->size == 0)
{
@@ -186,10 +185,12 @@ _gnutls_session_unpack (gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- ret = _gnutls_buffer_append_data(&sb, packed_session->data, packed_session->size);
- if (ret < 0)
+ ret =
+ _gnutls_buffer_append_data (&sb, packed_session->data,
+ packed_session->size);
+ if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
@@ -198,7 +199,7 @@ _gnutls_session_unpack (gnutls_session_t session,
_gnutls_free_auth_info (session);
}
- BUFFER_POP(&sb, &id, 1);
+ BUFFER_POP (&sb, &id, 1);
switch (id)
{
@@ -256,8 +257,8 @@ _gnutls_session_unpack (gnutls_session_t session,
gnutls_assert ();
goto error;
}
-
- ret = _gnutls_ext_unpack(session, &sb);
+
+ ret = _gnutls_ext_unpack (session, &sb);
if (ret < 0)
{
gnutls_assert ();
@@ -267,8 +268,8 @@ _gnutls_session_unpack (gnutls_session_t session,
ret = 0;
error:
- _gnutls_buffer_clear(&sb);
-
+ _gnutls_buffer_clear (&sb);
+
return ret;
}
@@ -297,8 +298,7 @@ error:
* and so on...
*/
static int
-pack_certificate_auth_info (gnutls_session_t session,
- gnutls_buffer_st * ps)
+pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
{
unsigned int i;
int cur_size, ret;
@@ -306,27 +306,32 @@ pack_certificate_auth_info (gnutls_session_t session,
int size_offset;
size_offset = ps->length;
- BUFFER_APPEND_NUM(ps, 0);
+ BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
if (info)
{
- BUFFER_APPEND_NUM( ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX( ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX( ps, info->dh.generator.data, info->dh.generator.size);
- BUFFER_APPEND_PFX( ps, info->dh.public_key.data, info->dh.public_key.size);
- BUFFER_APPEND_PFX( ps, info->rsa_export.modulus.data, info->rsa_export.modulus.size);
- BUFFER_APPEND_PFX( ps, info->rsa_export.exponent.data, info->rsa_export.exponent.size);
+ BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX (ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+ BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data,
+ info->rsa_export.modulus.size);
+ BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data,
+ info->rsa_export.exponent.size);
- BUFFER_APPEND_NUM( ps, info->ncerts);
+ BUFFER_APPEND_NUM (ps, info->ncerts);
for (i = 0; i < info->ncerts; i++)
- BUFFER_APPEND_PFX( ps, info->raw_certificate_list[i].data, info->raw_certificate_list[i].size);
+ BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data,
+ info->raw_certificate_list[i].size);
}
/* write the real size */
- _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset);
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
return 0;
}
@@ -335,15 +340,14 @@ pack_certificate_auth_info (gnutls_session_t session,
/* Upack certificate info.
*/
static int
-unpack_certificate_auth_info (gnutls_session_t session,
- gnutls_buffer_st * ps)
+unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
{
int ret;
unsigned int i = 0, j = 0;
size_t pack_size;
cert_auth_info_t info = NULL;
- BUFFER_POP_NUM(ps, pack_size);
+ BUFFER_POP_NUM (ps, pack_size);
if (pack_size == 0)
return 0; /* nothing to be done */
@@ -366,30 +370,31 @@ unpack_certificate_auth_info (gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- BUFFER_POP_NUM(ps, info->dh.secret_bits);
+ BUFFER_POP_NUM (ps, info->dh.secret_bits);
- BUFFER_POP_DATUM(ps, &info->dh.prime);
- BUFFER_POP_DATUM(ps, &info->dh.generator);
- BUFFER_POP_DATUM(ps, &info->dh.public_key);
- BUFFER_POP_DATUM(ps, &info->rsa_export.modulus);
- BUFFER_POP_DATUM(ps, &info->rsa_export.exponent);
+ BUFFER_POP_DATUM (ps, &info->dh.prime);
+ BUFFER_POP_DATUM (ps, &info->dh.generator);
+ BUFFER_POP_DATUM (ps, &info->dh.public_key);
+ BUFFER_POP_DATUM (ps, &info->rsa_export.modulus);
+ BUFFER_POP_DATUM (ps, &info->rsa_export.exponent);
- BUFFER_POP_NUM(ps, info->ncerts);
+ BUFFER_POP_NUM (ps, info->ncerts);
if (info->ncerts > 0)
{
- info->raw_certificate_list = gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
+ info->raw_certificate_list =
+ gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
if (info->raw_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
}
for (i = 0; i < info->ncerts; i++)
{
- BUFFER_POP_DATUM(ps, &info->raw_certificate_list[i]);
+ BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]);
}
return 0;
@@ -405,7 +410,7 @@ error:
_gnutls_free_datum (&info->rsa_export.exponent);
for (j = 0; j < i; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
+ _gnutls_free_datum (&info->raw_certificate_list[j]);
gnutls_free (info->raw_certificate_list);
}
@@ -437,33 +442,32 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
len = 0;
size_offset = ps->length;
- BUFFER_APPEND_NUM(ps, 0);
+ BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
- BUFFER_APPEND_PFX(ps, info->username, len);
+ BUFFER_APPEND_PFX (ps, info->username, len);
/* write the real size */
- _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset);
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
return 0;
}
static int
-unpack_srp_auth_info (gnutls_session_t session,
- gnutls_buffer_st * ps)
+unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
{
size_t username_size;
int ret;
srp_server_auth_info_t info;
- BUFFER_POP_NUM(ps, username_size);
- if (username_size > sizeof(info->username))
+ BUFFER_POP_NUM (ps, username_size);
+ if (username_size > sizeof (info->username))
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
-
+
ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
@@ -481,10 +485,10 @@ unpack_srp_auth_info (gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- BUFFER_POP(ps, info->username, username_size);
+ BUFFER_POP (ps, info->username, username_size);
ret = 0;
-
+
error:
return ret;
}
@@ -507,44 +511,44 @@ error:
* x bytes the public key
*/
static int
-pack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * ps)
+pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
{
int cur_size, ret;
anon_auth_info_t info = _gnutls_get_auth_info (session);
int size_offset;
size_offset = ps->length;
- BUFFER_APPEND_NUM(ps, 0);
+ BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
if (info)
{
- BUFFER_APPEND_NUM( ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX( ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX( ps, info->dh.generator.data, info->dh.generator.size);
- BUFFER_APPEND_PFX( ps, info->dh.public_key.data, info->dh.public_key.size);
+ BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX (ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
+ info->dh.public_key.size);
}
/* write the real size */
- _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset);
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
return 0;
}
static int
-unpack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * ps)
+unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
{
int ret;
size_t pack_size;
anon_auth_info_t info = NULL;
- BUFFER_POP_NUM(ps, pack_size);
+ BUFFER_POP_NUM (ps, pack_size);
if (pack_size == 0)
- return 0; /* nothing to be done */
+ return 0; /* nothing to be done */
/* client and server have the same auth_info here
*/
@@ -564,11 +568,11 @@ unpack_anon_auth_info (gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- BUFFER_POP_NUM(ps, info->dh.secret_bits);
+ BUFFER_POP_NUM (ps, info->dh.secret_bits);
- BUFFER_POP_DATUM(ps, &info->dh.prime);
- BUFFER_POP_DATUM(ps, &info->dh.generator);
- BUFFER_POP_DATUM(ps, &info->dh.public_key);
+ BUFFER_POP_DATUM (ps, &info->dh.prime);
+ BUFFER_POP_DATUM (ps, &info->dh.generator);
+ BUFFER_POP_DATUM (ps, &info->dh.public_key);
return 0;
@@ -624,26 +628,25 @@ pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
hint_len = 0;
size_offset = ps->length;
- BUFFER_APPEND_NUM(ps, 0);
+ BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
- BUFFER_APPEND_PFX(ps, info->username, username_len);
- BUFFER_APPEND_PFX(ps, info->hint, hint_len);
+ BUFFER_APPEND_PFX (ps, info->username, username_len);
+ BUFFER_APPEND_PFX (ps, info->hint, hint_len);
- BUFFER_APPEND_NUM( ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX( ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX( ps, info->dh.generator.data, info->dh.generator.size);
- BUFFER_APPEND_PFX( ps, info->dh.public_key.data, info->dh.public_key.size);
+ BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX (ps, info->dh.generator.data, info->dh.generator.size);
+ BUFFER_APPEND_PFX (ps, info->dh.public_key.data, info->dh.public_key.size);
/* write the real size */
- _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset);
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
return 0;
}
static int
-unpack_psk_auth_info (gnutls_session_t session,
- gnutls_buffer_st * ps)
+unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
{
size_t username_size, hint_size;
int ret;
@@ -665,31 +668,31 @@ unpack_psk_auth_info (gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- BUFFER_POP_NUM(ps, username_size);
- if (username_size > sizeof(info->username))
+ BUFFER_POP_NUM (ps, username_size);
+ if (username_size > sizeof (info->username))
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
- BUFFER_POP(ps, info->username, username_size);
+ BUFFER_POP (ps, info->username, username_size);
- BUFFER_POP_NUM(ps, hint_size);
- if (hint_size > sizeof(info->hint))
+ BUFFER_POP_NUM (ps, hint_size);
+ if (hint_size > sizeof (info->hint))
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
- BUFFER_POP(ps, info->hint, hint_size);
+ BUFFER_POP (ps, info->hint, hint_size);
- BUFFER_POP_NUM(ps, info->dh.secret_bits);
+ BUFFER_POP_NUM (ps, info->dh.secret_bits);
- BUFFER_POP_DATUM(ps, &info->dh.prime);
- BUFFER_POP_DATUM(ps, &info->dh.generator);
- BUFFER_POP_DATUM(ps, &info->dh.public_key);
+ BUFFER_POP_DATUM (ps, &info->dh.prime);
+ BUFFER_POP_DATUM (ps, &info->dh.generator);
+ BUFFER_POP_DATUM (ps, &info->dh.public_key);
ret = 0;
-
+
error:
_gnutls_free_datum (&info->dh.prime);
_gnutls_free_datum (&info->dh.generator);
@@ -734,8 +737,7 @@ error:
*
*/
static int
-pack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * ps)
+pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
{
int ret;
@@ -743,8 +745,8 @@ pack_security_parameters (gnutls_session_t session,
size_t cur_size;
record_parameters_st *params;
- if ( session->security_parameters.epoch_read
- != session->security_parameters.epoch_write)
+ if (session->security_parameters.epoch_read
+ != session->security_parameters.epoch_write)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
@@ -760,43 +762,50 @@ pack_security_parameters (gnutls_session_t session,
/* move after the auth info stuff.
*/
size_offset = ps->length;
- BUFFER_APPEND_NUM(ps, 0);
+ BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
- BUFFER_APPEND(ps, &session->security_parameters.entity, 1);
- BUFFER_APPEND(ps, &session->security_parameters.kx_algorithm, 1);
- BUFFER_APPEND(ps, &session->security_parameters.current_cipher_suite.suite[0], 1);
- BUFFER_APPEND(ps, &session->security_parameters.current_cipher_suite.suite[1], 1);
- BUFFER_APPEND(ps, &params->compression_algorithm, 1);
- BUFFER_APPEND(ps, &session->security_parameters.cert_type, 1);
- BUFFER_APPEND(ps, &session->security_parameters.version, 1);
+ BUFFER_APPEND (ps, &session->security_parameters.entity, 1);
+ BUFFER_APPEND (ps, &session->security_parameters.kx_algorithm, 1);
+ BUFFER_APPEND (ps,
+ &session->security_parameters.current_cipher_suite.suite[0],
+ 1);
+ BUFFER_APPEND (ps,
+ &session->security_parameters.current_cipher_suite.suite[1],
+ 1);
+ BUFFER_APPEND (ps, &params->compression_algorithm, 1);
+ BUFFER_APPEND (ps, &session->security_parameters.cert_type, 1);
+ BUFFER_APPEND (ps, &session->security_parameters.version, 1);
- BUFFER_APPEND(ps, session->security_parameters.master_secret, GNUTLS_MASTER_SIZE);
- BUFFER_APPEND(ps, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
- BUFFER_APPEND(ps, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ BUFFER_APPEND (ps, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ BUFFER_APPEND (ps, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_APPEND (ps, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
- BUFFER_APPEND_NUM(ps, session->security_parameters.session_id_size);
- BUFFER_APPEND(ps, session->security_parameters.session_id, session->security_parameters.session_id_size);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size);
+ BUFFER_APPEND (ps, session->security_parameters.session_id,
+ session->security_parameters.session_id_size);
- BUFFER_APPEND_NUM(ps, session->security_parameters.max_record_send_size);
- BUFFER_APPEND_NUM(ps, session->security_parameters.max_record_recv_size);
- BUFFER_APPEND_NUM(ps, session->security_parameters.timestamp);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.timestamp);
- _gnutls_write_uint32(ps->length-cur_size, ps->data+size_offset);
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
return 0;
}
static int
-unpack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * ps)
+unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
{
size_t pack_size;
int ret;
time_t timestamp = time (0);
- BUFFER_POP_NUM(ps, pack_size);
+ BUFFER_POP_NUM (ps, pack_size);
if (pack_size == 0)
return GNUTLS_E_INVALID_REQUEST;
@@ -804,30 +813,46 @@ unpack_security_parameters (gnutls_session_t session,
memset (&session->internals.resumed_security_parameters, 0,
sizeof (session->internals.resumed_security_parameters));
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.entity, 1);
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.kx_algorithm, 1);
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.current_cipher_suite.suite[0], 1);
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.
- current_cipher_suite.suite[1], 1);
- BUFFER_POP(ps, &session->internals.resumed_compression_method, 1);
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.cert_type, 1);
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.version, 1);
-
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
-
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.session_id_size);
-
- BUFFER_POP(ps, &session->internals.resumed_security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id_size);
-
- BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.max_record_send_size);
- BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.max_record_recv_size);
- BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters.timestamp);
+ BUFFER_POP (ps, &session->internals.resumed_security_parameters.entity, 1);
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.kx_algorithm,
+ 1);
+ BUFFER_POP (ps,
+ &session->internals.
+ resumed_security_parameters.current_cipher_suite.suite[0], 1);
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.
+ current_cipher_suite.suite[1], 1);
+ BUFFER_POP (ps, &session->internals.resumed_compression_method, 1);
+ BUFFER_POP (ps, &session->internals.resumed_security_parameters.cert_type,
+ 1);
+ BUFFER_POP (ps, &session->internals.resumed_security_parameters.version, 1);
+
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_POP_NUM (ps,
+ session->internals.
+ resumed_security_parameters.session_id_size);
+
+ BUFFER_POP (ps, &session->internals.resumed_security_parameters.session_id,
+ session->internals.resumed_security_parameters.session_id_size);
+
+ BUFFER_POP_NUM (ps,
+ session->internals.
+ resumed_security_parameters.max_record_send_size);
+ BUFFER_POP_NUM (ps,
+ session->internals.
+ resumed_security_parameters.max_record_recv_size);
+ BUFFER_POP_NUM (ps,
+ session->internals.resumed_security_parameters.timestamp);
if (timestamp - session->internals.resumed_security_parameters.timestamp >
session->internals.expire_time
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index a2628244ae..13ad46aa07 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -203,8 +203,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert,
case GNUTLS_PK_DSA:
_gnutls_hash_deinit (&td_sha, concat);
- if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224) && \
- (hash_algo != GNUTLS_DIG_SHA256))
+ if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224)
+ && (hash_algo != GNUTLS_DIG_SHA256))
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
@@ -234,8 +234,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert,
*/
int
_gnutls_soft_sign (gnutls_pk_algorithm_t algo, bigint_t * params,
- int params_size, const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ int params_size, const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
@@ -303,7 +303,7 @@ _gnutls_tls_sign (gnutls_session_t session,
}
}
- return gnutls_privkey_sign_hash(pkey, hash_concat, signature);
+ return gnutls_privkey_sign_hash (pkey, hash_concat, signature);
}
static int
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index b99210e05d..77a97afa4d 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_SIG_H
-# define GNUTLS_SIG_H
+#define GNUTLS_SIG_H
#include <gnutls/abstract.h>
@@ -35,7 +35,7 @@ int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
int _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
- gnutls_privkey_t pkey,
+ gnutls_privkey_t pkey,
gnutls_datum_t * params,
gnutls_datum_t * signature,
gnutls_sign_algorithm_t * algo);
@@ -52,7 +52,8 @@ int _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_sign_algorithm_t algo);
int _gnutls_soft_sign (gnutls_pk_algorithm_t algo,
- bigint_t * params, int params_size,
- const gnutls_datum_t * data, gnutls_datum_t * signature);
+ bigint_t * params, int params_size,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
#endif
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 8a8a844b9a..82ed6d54f8 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -80,7 +80,7 @@ _gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result,
}
else
{
- gnutls_assert();
+ gnutls_assert ();
ret = GNUTLS_E_MPI_PRINT_FAILED;
}
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 7e21cf035a..f707fca051 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -167,7 +167,8 @@ _gnutls_session_cert_type_supported (gnutls_session_t session,
if (cred == NULL)
return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- if (cred->server_get_cert_callback == NULL && cred->get_cert_callback == NULL)
+ if (cred->server_get_cert_callback == NULL
+ && cred->get_cert_callback == NULL)
{
for (i = 0; i < cred->ncerts; i++)
{
@@ -290,7 +291,7 @@ gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end)
}
/* Set all NULL algos on epoch 0 */
- _gnutls_epoch_set_null_algos(*session, epoch);
+ _gnutls_epoch_set_null_algos (*session, epoch);
(*session)->security_parameters.epoch_next = 1;
@@ -352,12 +353,12 @@ gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end)
(*session)->internals.priorities.sr = SR_PARTIAL;
#ifdef HAVE_WRITEV
- gnutls_transport_set_push_function2(*session, system_writev);
+ gnutls_transport_set_push_function2 (*session, system_writev);
#else
- gnutls_transport_set_push_function(*session, system_write);
+ gnutls_transport_set_push_function (*session, system_write);
#endif
- gnutls_transport_set_pull_function(*session, system_read);
- gnutls_transport_set_errno_function(*session, system_errno);
+ gnutls_transport_set_pull_function (*session, system_read);
+ gnutls_transport_set_errno_function (*session, system_errno);
return 0;
}
@@ -394,7 +395,7 @@ gnutls_deinit (gnutls_session_t session)
_gnutls_handshake_io_buffer_clear (session);
_gnutls_ext_free_session_data (session);
- for(i=0; i < MAX_EPOCH_INDEX; i++)
+ for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL)
{
_gnutls_epoch_free (session, session->record_parameters[i]);
diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h
index b600a2ffee..b62300d451 100644
--- a/lib/gnutls_state.h
+++ b/lib/gnutls_state.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_STATE_H
-# define GNUTLS_STATE_H
+#define GNUTLS_STATE_H
#include <gnutls_int.h>
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index 2893cabb36..c8d2138667 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -255,15 +255,15 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data)
if (str->allocd != str->data)
{
- data->data = gnutls_malloc(str->length);
+ data->data = gnutls_malloc (str->length);
if (data->data == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy(data->data, str->data, str->length);
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy (data->data, str->data, str->length);
data->size = str->length;
- _gnutls_buffer_clear(str);
+ _gnutls_buffer_clear (str);
}
else
{
@@ -277,7 +277,8 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data)
/* returns data from a string in a constant buffer.
*/
void
-_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data, size_t * req_size)
+_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data,
+ size_t * req_size)
{
gnutls_datum_t tdata;
@@ -310,96 +311,108 @@ _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...)
return len;
}
-static int _gnutls_buffer_insert_data(gnutls_buffer_st * dest, int pos, const void* str, size_t str_size)
+static int
+_gnutls_buffer_insert_data (gnutls_buffer_st * dest, int pos, const void *str,
+ size_t str_size)
{
- size_t orig_length = dest->length;
- int ret;
+ size_t orig_length = dest->length;
+ int ret;
- ret = _gnutls_buffer_resize(dest, dest->length+str_size); /* resize to make space */
- if (ret < 0)
- return ret;
+ ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */
+ if (ret < 0)
+ return ret;
- memmove(&dest->data[pos+str_size], &dest->data[pos], orig_length-pos);
+ memmove (&dest->data[pos + str_size], &dest->data[pos], orig_length - pos);
- memcpy(&dest->data[pos], str, str_size);
- dest->length += str_size;
+ memcpy (&dest->data[pos], str, str_size);
+ dest->length += str_size;
- return 0;
+ return 0;
}
-static void _gnutls_buffer_delete_data(gnutls_buffer_st * dest, int pos, size_t str_size)
+static void
+_gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size)
{
- memmove(&dest->data[pos], &dest->data[pos+str_size], dest->length-pos-str_size);
+ memmove (&dest->data[pos], &dest->data[pos + str_size],
+ dest->length - pos - str_size);
- dest->length -= str_size;
+ dest->length -= str_size;
- return;
+ return;
}
-int _gnutls_buffer_escape(gnutls_buffer_st * dest, const char *const invalid_chars)
+int
+_gnutls_buffer_escape (gnutls_buffer_st * dest,
+ const char *const invalid_chars)
{
- static const char *x = "0123456789ABCDEF";
- int rv = -1;
- char t[5];
- int pos = 0;
+ static const char *x = "0123456789ABCDEF";
+ int rv = -1;
+ char t[5];
+ int pos = 0;
- /*_PKCS11H_ASSERT (target!=NULL); Not required*/
+ /*_PKCS11H_ASSERT (target!=NULL); Not required*/
- while (pos < dest->length) {
+ while (pos < dest->length)
+ {
- if (dest->data[pos] == '\\' || strchr(invalid_chars, dest->data[pos])
- || !isgraph(dest->data[pos])) {
+ if (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos])
+ || !isgraph (dest->data[pos]))
+ {
- t[0] = '%';
- t[1] = x[(dest->data[pos] & 0xf0) >> 4];
- t[2] = x[(dest->data[pos] & 0x0f) >> 0];
+ t[0] = '%';
+ t[1] = x[(dest->data[pos] & 0xf0) >> 4];
+ t[2] = x[(dest->data[pos] & 0x0f) >> 0];
- _gnutls_buffer_delete_data(dest, pos, 1);
+ _gnutls_buffer_delete_data (dest, pos, 1);
- if (_gnutls_buffer_insert_data(dest, pos, t, 3) < 0) {
- rv = -1;
- goto cleanup;
- }
+ if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0)
+ {
+ rv = -1;
+ goto cleanup;
+ }
- }
- pos++;
- }
+ }
+ pos++;
+ }
- rv = 0;
+ rv = 0;
- cleanup:
+cleanup:
- return rv;
+ return rv;
}
-int _gnutls_buffer_unescape(gnutls_buffer_st * dest)
+int
+_gnutls_buffer_unescape (gnutls_buffer_st * dest)
{
- int rv = -1;
- int pos = 0;
-
- /*_PKCS11H_ASSERT (target!=NULL); Not required*/
-
- while (pos < dest->length) {
- if (dest->data[pos] == '%') {
- char b[3];
- unsigned u;
- char x;
- b[0] = dest->data[pos+1];
- b[1] = dest->data[pos+2];
- b[2] = '\x0';
-
- sscanf(b, "%08x", &u);
- x = u & 0xff;
- _gnutls_buffer_delete_data(dest, pos, 3);
- _gnutls_buffer_insert_data(dest, pos, &x, 1);
- }
- pos++;
- }
-
- rv = 0;
-
- return rv;
+ int rv = -1;
+ int pos = 0;
+
+ /*_PKCS11H_ASSERT (target!=NULL); Not required*/
+
+ while (pos < dest->length)
+ {
+ if (dest->data[pos] == '%')
+ {
+ char b[3];
+ unsigned u;
+ char x;
+ b[0] = dest->data[pos + 1];
+ b[1] = dest->data[pos + 2];
+ b[2] = '\x0';
+
+ sscanf (b, "%08x", &u);
+ x = u & 0xff;
+ _gnutls_buffer_delete_data (dest, pos, 3);
+ _gnutls_buffer_insert_data (dest, pos, &x, 1);
+ }
+ pos++;
+ }
+
+ rv = 0;
+
+ return rv;
}
@@ -416,7 +429,7 @@ _gnutls_bin2hex (const void *_old, size_t oldlen,
const opaque *old = _old;
int step = 2;
const char empty[] = "";
-
+
if (separator != NULL && separator[0] != 0)
step = 3;
else
@@ -424,7 +437,7 @@ _gnutls_bin2hex (const void *_old, size_t oldlen,
i = j = 0;
sprintf (&buffer[j], "%.2x", old[i]);
- j+=2;
+ j += 2;
i++;
for (; i < oldlen && j + step < buffer_size; j += step)
@@ -470,28 +483,30 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data,
for (i = j = 0; i < hex_size;)
{
- if (!isxdigit(hex_data[i])) /* skip non-hex such as the ':' in 00:FF */
- {
- i++;
- continue;
- }
-
- if (j > *bin_size) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- hex2_data[0] = hex_data[i];
- hex2_data[1] = hex_data[i + 1];
- i+=2;
-
- val = strtoul ((char *) hex2_data, NULL, 16);
- if (val == ULONG_MAX) {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
- bin_data[j] = val;
- j++;
+ if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */
+ {
+ i++;
+ continue;
+ }
+
+ if (j > *bin_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ hex2_data[0] = hex_data[i];
+ hex2_data[1] = hex_data[i + 1];
+ i += 2;
+
+ val = strtoul ((char *) hex2_data, NULL, 16);
+ if (val == ULONG_MAX)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ bin_data[j] = val;
+ j++;
}
*bin_size = j;
@@ -544,88 +559,104 @@ _gnutls_hostname_compare (const char *certname,
return 0;
}
-int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size)
+int
+_gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size)
{
- opaque ss[4];
- _gnutls_write_uint32(data_size, ss);
- return _gnutls_buffer_append_data(buf, ss, 4);
+ opaque ss[4];
+ _gnutls_write_uint32 (data_size, ss);
+ return _gnutls_buffer_append_data (buf, ss, 4);
}
/* Reads an uint32 number from the buffer. If check is non zero it will also check whether
* the number read, is less than the data in the buffer
*/
-int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t *data_size, int check)
+int
+_gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
+ int check)
{
- size_t size;
-
- if (buf->length < 4) {
- gnutls_assert();
- return GNUTLS_E_PARSING_ERROR;
+ size_t size;
+
+ if (buf->length < 4)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
}
-
- size = _gnutls_read_uint32(buf->data);
- if (check && size > buf->length-4) {
- gnutls_assert();
- return GNUTLS_E_PARSING_ERROR;
+
+ size = _gnutls_read_uint32 (buf->data);
+ if (check && size > buf->length - 4)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
}
-
- buf->data+=4;
- buf->length-=4;
-
- *data_size = size;
-
- return 0;
+
+ buf->data += 4;
+ buf->length -= 4;
+
+ *data_size = size;
+
+ return 0;
}
-int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, gnutls_datum_t* data)
+int
+_gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
+ gnutls_datum_t * data)
{
- size_t size;
- int ret;
-
- ret = _gnutls_buffer_pop_prefix(buf, &size, 1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ size_t size;
+ int ret;
+
+ ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- if (size > 0) {
- size_t osize = size;
- _gnutls_buffer_pop_datum(buf, data, size);
- if (osize != data->size) {
- gnutls_assert();
- return GNUTLS_E_PARSING_ERROR;
+ if (size > 0)
+ {
+ size_t osize = size;
+ _gnutls_buffer_pop_datum (buf, data, size);
+ if (osize != data->size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
}
- } else {
- data->size = 0;
- data->data = NULL;
}
-
- return 0;
+ else
+ {
+ data->size = 0;
+ data->data = NULL;
+ }
+
+ return 0;
}
-int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data,
- size_t data_size)
+int
+_gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data,
+ size_t data_size)
{
- _gnutls_buffer_append_prefix(buf, data_size);
- if (data_size > 0)
- return _gnutls_buffer_append_data(buf, data, data_size);
-
- return 0;
+ _gnutls_buffer_append_prefix (buf, data_size);
+ if (data_size > 0)
+ return _gnutls_buffer_append_data (buf, data, data_size);
+
+ return 0;
}
-int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void * data, size_t * data_size)
+int
+_gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
+ size_t * data_size)
{
- size_t size;
- int ret;
-
- ret = _gnutls_buffer_pop_prefix(buf, &size, 1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ size_t size;
+ int ret;
+
+ ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- if (size > 0)
- _gnutls_buffer_pop_data(buf, data, data_size);
-
- return 0;
+ if (size > 0)
+ _gnutls_buffer_pop_data (buf, data, data_size);
+
+ return 0;
}
diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h
index 7d7df473ba..133a7dc667 100644
--- a/lib/gnutls_str.h
+++ b/lib/gnutls_str.h
@@ -24,7 +24,7 @@
*/
#ifndef GNUTLS_STR_H
-# define GNUTLS_STR_H
+#define GNUTLS_STR_H
#include <gnutls_int.h>
#include <gnutls_datum.h>
@@ -54,34 +54,39 @@ int _gnutls_buffer_append_data (gnutls_buffer_st *, const void *data,
int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size);
-int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf,
- const void *data, size_t data_size);
+int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf,
+ const void *data, size_t data_size);
void _gnutls_buffer_pop_data (gnutls_buffer_st *, void *, size_t * size);
void _gnutls_buffer_pop_datum (gnutls_buffer_st *, gnutls_datum_t *,
size_t max_size);
-int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t *data_size, int check);
+int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
+ int check);
-int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void * data, size_t * data_size);
+int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
+ size_t * data_size);
-int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, gnutls_datum_t* data);
+int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
+ gnutls_datum_t * data);
int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data);
-int _gnutls_buffer_escape(gnutls_buffer_st * dest, const char *const invalid_chars);
-int _gnutls_buffer_unescape(gnutls_buffer_st * dest);
+int _gnutls_buffer_escape (gnutls_buffer_st * dest,
+ const char *const invalid_chars);
+int _gnutls_buffer_unescape (gnutls_buffer_st * dest);
#ifndef __attribute__
/* This feature is available in gcc versions 2.5 and later. */
-# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-# define __attribute__(Spec) /* empty */
-# endif
+#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
+#define __attribute__(Spec) /* empty */
+#endif
#endif
-int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...)
+int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt,
+ ...)
__attribute__ ((format (printf, 2, 3)));
char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer,
- size_t buffer_size, const char* separator);
+ size_t buffer_size, const char *separator);
int _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data,
size_t * bin_size);
diff --git a/lib/gnutls_supplemental.c b/lib/gnutls_supplemental.c
index b2a1dca645..b468b63824 100644
--- a/lib/gnutls_supplemental.c
+++ b/lib/gnutls_supplemental.c
@@ -52,7 +52,8 @@
typedef int (*supp_recv_func) (gnutls_session_t session,
const opaque * data, size_t data_size);
-typedef int (*supp_send_func) (gnutls_session_t session, gnutls_buffer_st * buf);
+typedef int (*supp_send_func) (gnutls_session_t session,
+ gnutls_buffer_st * buf);
typedef struct
{
diff --git a/lib/gnutls_supplemental.h b/lib/gnutls_supplemental.h
index bf21c25a1f..e0e2fb4af8 100644
--- a/lib/gnutls_supplemental.h
+++ b/lib/gnutls_supplemental.h
@@ -26,4 +26,5 @@
int _gnutls_parse_supplemental (gnutls_session_t session,
const uint8_t * data, int data_size);
-int _gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer_st * buf);
+int _gnutls_gen_supplemental (gnutls_session_t session,
+ gnutls_buffer_st * buf);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 039de05cda..802a81db1b 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -212,7 +212,8 @@ _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
{
unsigned int pk = res->cert_list[res->ncerts - 1][0].subject_pk_algorithm;
- if (gnutls_privkey_get_pk_algorithm(res->pkey[res->ncerts - 1], NULL) != pk)
+ if (gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL) !=
+ pk)
{
gnutls_assert ();
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
@@ -225,7 +226,7 @@ _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
-parse_der_cert_mem (gnutls_certificate_credentials_t res,
+parse_der_cert_mem (gnutls_certificate_credentials_t res,
const void *input_cert, int input_cert_size)
{
gnutls_datum_t tmp;
@@ -233,10 +234,10 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
gnutls_cert *ccert;
int ret;
- ccert = gnutls_malloc(sizeof(*ccert));
+ ccert = gnutls_malloc (sizeof (*ccert));
if (ccert == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
@@ -244,7 +245,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free(ccert);
+ gnutls_free (ccert);
return ret;
}
@@ -256,25 +257,25 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
{
gnutls_assert ();
gnutls_x509_crt_deinit (crt);
- gnutls_free(ccert);
+ gnutls_free (ccert);
return ret;
}
ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0);
gnutls_x509_crt_deinit (crt);
-
+
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(ccert);
+ gnutls_assert ();
+ gnutls_free (ccert);
return ret;
}
-
- ret = certificate_credential_append_crt_list(res, ccert, 1);
+
+ ret = certificate_credential_append_crt_list (res, ccert, 1);
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(ccert);
+ gnutls_assert ();
+ gnutls_free (ccert);
return ret;
}
@@ -293,7 +294,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
opaque *ptr2;
gnutls_datum_t tmp;
int ret, count;
- gnutls_cert* certs = NULL;
+ gnutls_cert *certs = NULL;
/* move to the certificate
*/
@@ -323,7 +324,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
return GNUTLS_E_BASE64_DECODING_ERROR;
}
- certs = gnutls_realloc_fast (certs, (count+1) * sizeof (gnutls_cert));
+ certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert));
if (certs == NULL)
{
@@ -338,7 +339,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free(certs);
+ gnutls_free (certs);
return ret;
}
@@ -370,11 +371,11 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
}
while (ptr != NULL);
- ret = certificate_credential_append_crt_list(res, certs, count);
+ ret = certificate_credential_append_crt_list (res, certs, count);
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(certs);
+ gnutls_assert ();
+ gnutls_free (certs);
return ret;
}
@@ -392,11 +393,9 @@ read_cert_mem (gnutls_certificate_credentials_t res, const void *cert,
int ret;
if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_cert_mem (res,
- cert, cert_size);
+ ret = parse_der_cert_mem (res, cert, cert_size);
else
- ret = parse_pem_cert_mem (res,
- cert, cert_size);
+ ret = parse_pem_cert_mem (res, cert, cert_size);
if (ret < 0)
{
@@ -408,9 +407,9 @@ read_cert_mem (gnutls_certificate_credentials_t res, const void *cert,
}
static int
-_gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t *privkey,
- const gnutls_datum_t * raw_key,
- gnutls_x509_crt_fmt_t type)
+_gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t * privkey,
+ const gnutls_datum_t * raw_key,
+ gnutls_x509_crt_fmt_t type)
{
gnutls_x509_privkey_t tmpkey;
int ret;
@@ -421,7 +420,7 @@ _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t *privkey,
gnutls_assert ();
return ret;
}
-
+
ret = gnutls_x509_privkey_import (tmpkey, raw_key, type);
if (ret < 0)
{
@@ -430,15 +429,17 @@ _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t *privkey,
return ret;
}
- ret = gnutls_privkey_init(privkey);
- if (ret < 0)
+ ret = gnutls_privkey_init (privkey);
+ if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
gnutls_x509_privkey_deinit (tmpkey);
return ret;
}
- ret = gnutls_privkey_import_x509 (*privkey, tmpkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ ret =
+ gnutls_privkey_import_x509 (*privkey, tmpkey,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
gnutls_assert ();
@@ -467,36 +468,36 @@ read_key_mem (gnutls_certificate_credentials_t res,
tmp.data = (opaque *) key;
tmp.size = key_size;
- ret =
- _gnutls_x509_raw_privkey_to_privkey (&privkey, &tmp, type);
+ ret = _gnutls_x509_raw_privkey_to_privkey (&privkey, &tmp, type);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- ret = certificate_credentials_append_pkey(res, privkey);
+ ret = certificate_credentials_append_pkey (res, privkey);
if (ret < 0)
{
gnutls_assert ();
- gnutls_privkey_deinit(privkey);
+ gnutls_privkey_deinit (privkey);
return ret;
}
-
+
}
else
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
-
+
return 0;
}
/* Reads a private key from a token.
*/
-static int read_key_url (gnutls_certificate_credentials_t res, const char* url)
+static int
+read_key_url (gnutls_certificate_credentials_t res, const char *url)
{
int ret;
gnutls_pkcs11_privkey_t key1 = NULL;
@@ -504,167 +505,185 @@ static int read_key_url (gnutls_certificate_credentials_t res, const char* url)
/* allocate space for the pkey list
*/
-
- ret = gnutls_pkcs11_privkey_init(&key1);
+
+ ret = gnutls_pkcs11_privkey_init (&key1);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
-
- ret = gnutls_pkcs11_privkey_import_url(key1, url, 0);
+
+ ret = gnutls_pkcs11_privkey_import_url (key1, url, 0);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
-
- ret = gnutls_privkey_init(&pkey);
+
+ ret = gnutls_privkey_init (&pkey);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- ret = gnutls_privkey_import_pkcs11(pkey, key1, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ ret =
+ gnutls_privkey_import_pkcs11 (pkey, key1,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
-
- ret = certificate_credentials_append_pkey(res, pkey);
+
+ ret = certificate_credentials_append_pkey (res, pkey);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
- }
+ }
return 0;
cleanup:
if (pkey)
- gnutls_privkey_deinit(pkey);
+ gnutls_privkey_deinit (pkey);
if (key1)
- gnutls_pkcs11_privkey_deinit(key1);
+ gnutls_pkcs11_privkey_deinit (key1);
return ret;
}
/* Reads a private key from a token.
*/
-static int read_cas_url (gnutls_certificate_credentials_t res, const char* url)
+static int
+read_cas_url (gnutls_certificate_credentials_t res, const char *url)
{
-int ret;
-gnutls_x509_crt_t * xcrt_list = NULL;
-gnutls_pkcs11_obj_t *pcrt_list=NULL;
-unsigned int pcrt_list_size = 0;
-
- /* FIXME: should we use login? */
- ret = gnutls_pkcs11_obj_list_import_url( NULL, &pcrt_list_size, url, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
- gnutls_assert();
- return ret;
- }
-
- if (pcrt_list_size == 0) {
- gnutls_assert();
- return 0;
- }
-
- pcrt_list = gnutls_malloc(sizeof(*pcrt_list)*pcrt_list_size);
- if (pcrt_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_pkcs11_obj_list_import_url( pcrt_list, &pcrt_list_size, url, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ int ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0;
- xcrt_list = gnutls_malloc(sizeof(*xcrt_list)*pcrt_list_size);
- if (xcrt_list == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, pcrt_list, 0);
- if (xcrt_list == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ /* FIXME: should we use login? */
+ ret =
+ gnutls_pkcs11_obj_list_import_url (NULL, &pcrt_list_size, url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (pcrt_list_size == 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ pcrt_list = gnutls_malloc (sizeof (*pcrt_list) * pcrt_list_size);
+ if (pcrt_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url (pcrt_list, &pcrt_list_size, url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ xcrt_list = gnutls_malloc (sizeof (*xcrt_list) * pcrt_list_size);
+ if (xcrt_list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list,
+ 0);
+ if (xcrt_list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ res->x509_ca_list = xcrt_list;
+ res->x509_ncas = pcrt_list_size;
+
+ gnutls_free (pcrt_list);
- res->x509_ca_list = xcrt_list;
- res->x509_ncas = pcrt_list_size;
-
- gnutls_free(pcrt_list);
-
- return pcrt_list_size;
+ return pcrt_list_size;
cleanup:
- gnutls_free(xcrt_list);
- gnutls_free(pcrt_list);
+ gnutls_free (xcrt_list);
+ gnutls_free (pcrt_list);
- return ret;
+ return ret;
}
/* Reads a private key from a token.
*/
-static int read_cert_url (gnutls_certificate_credentials_t res, const char* url)
+static int
+read_cert_url (gnutls_certificate_credentials_t res, const char *url)
{
-int ret;
-gnutls_x509_crt_t crt;
-gnutls_cert * ccert;
+ int ret;
+ gnutls_x509_crt_t crt;
+ gnutls_cert *ccert;
- ccert = gnutls_malloc(sizeof(*ccert));
+ ccert = gnutls_malloc (sizeof (*ccert));
if (ccert == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- ret = gnutls_x509_crt_init(&crt);
+ ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(ccert);
+ gnutls_assert ();
+ gnutls_free (ccert);
return ret;
}
-
- ret = gnutls_x509_crt_import_pkcs11_url(crt, url, 0);
+
+ ret = gnutls_x509_crt_import_pkcs11_url (crt, url, 0);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- ret = gnutls_x509_crt_import_pkcs11_url(crt, url, GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+ ret =
+ gnutls_x509_crt_import_pkcs11_url (crt, url,
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(ccert);
- gnutls_x509_crt_deinit(crt);
+ gnutls_assert ();
+ gnutls_free (ccert);
+ gnutls_x509_crt_deinit (crt);
return ret;
}
ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0);
- gnutls_x509_crt_deinit(crt);
+ gnutls_x509_crt_deinit (crt);
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(ccert);
+ gnutls_assert ();
+ gnutls_free (ccert);
return ret;
}
-
- ret = certificate_credential_append_crt_list(res, ccert, 1);
+
+ ret = certificate_credential_append_crt_list (res, ccert, 1);
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(ccert);
+ gnutls_assert ();
+ gnutls_free (ccert);
return ret;
}
@@ -682,9 +701,10 @@ read_cert_file (gnutls_certificate_credentials_t res,
size_t size;
char *data;
- if (strncmp(certfile, "pkcs11:", 7)==0) {
- return read_cert_url(res, certfile);
- }
+ if (strncmp (certfile, "pkcs11:", 7) == 0)
+ {
+ return read_cert_url (res, certfile);
+ }
data = read_binary_file (certfile, &size);
@@ -712,12 +732,13 @@ read_key_file (gnutls_certificate_credentials_t res,
{
int ret;
size_t size;
- char* data;
-
- if (strncmp(keyfile, "pkcs11:", 7)==0) {
- return read_key_url(res, keyfile);
- }
-
+ char *data;
+
+ if (strncmp (keyfile, "pkcs11:", 7) == 0)
+ {
+ return read_key_url (res, keyfile);
+ }
+
data = read_binary_file (keyfile, &size);
if (data == NULL)
@@ -790,7 +811,9 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
return 0;
}
-int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr)
+int
+certificate_credential_append_crt_list (gnutls_certificate_credentials_t res,
+ gnutls_cert * crt, int nr)
{
res->cert_list = gnutls_realloc_fast (res->cert_list,
(1 +
@@ -818,11 +841,13 @@ int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res
}
-int certificate_credentials_append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey)
+int
+certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
+ gnutls_privkey_t pkey)
{
res->pkey = gnutls_realloc_fast (res->pkey,
- (1 + res->ncerts) *
- sizeof (gnutls_privkey_t));
+ (1 + res->ncerts) *
+ sizeof (gnutls_privkey_t));
if (res->pkey == NULL)
{
gnutls_assert ();
@@ -862,25 +887,25 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
{
int ret, i;
gnutls_privkey_t pkey;
- gnutls_cert* pcerts = NULL;
+ gnutls_cert *pcerts = NULL;
/* this should be first
*/
- ret = gnutls_privkey_init(&pkey);
+ ret = gnutls_privkey_init (&pkey);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
-
+
ret = gnutls_privkey_import_x509 (pkey, key, 0);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
-
- ret = certificate_credentials_append_pkey(res, pkey);
+
+ ret = certificate_credentials_append_pkey (res, pkey);
if (ret < 0)
{
gnutls_assert ();
@@ -888,10 +913,10 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
}
/* load certificates */
- pcerts = gnutls_malloc(sizeof(gnutls_cert)*cert_list_size);
+ pcerts = gnutls_malloc (sizeof (gnutls_cert) * cert_list_size);
if (pcerts == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
@@ -904,14 +929,14 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
return ret;
}
}
-
- ret = certificate_credential_append_crt_list(res, pcerts, cert_list_size);
- if (ret < 0)
+
+ ret = certificate_credential_append_crt_list (res, pcerts, cert_list_size);
+ if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
-
+
res->ncerts++;
if ((ret = _gnutls_check_key_cert_match (res)) < 0)
@@ -1359,11 +1384,12 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res,
{
int ret, ret2;
size_t size;
- char* data;
-
- if (strncmp(cafile, "pkcs11:", 7)==0) {
- return read_cas_url(res, cafile);
- }
+ char *data;
+
+ if (strncmp (cafile, "pkcs11:", 7) == 0)
+ {
+ return read_cas_url (res, cafile);
+ }
data = read_binary_file (cafile, &size);
if (data == NULL)
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 6eed91dfce..f80d136359 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -10,114 +10,124 @@
/* Public key operations */
struct gnutls_pubkey_st;
-typedef struct gnutls_pubkey_st* gnutls_pubkey_t;
+typedef struct gnutls_pubkey_st *gnutls_pubkey_t;
int gnutls_pubkey_init (gnutls_pubkey_t * key);
void gnutls_pubkey_deinit (gnutls_pubkey_t key);
-int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int* bits);
+int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits);
-int gnutls_pubkey_import_x509(gnutls_pubkey_t pkey, gnutls_x509_crt_t crt, unsigned int flags);
-int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t pkey, gnutls_pkcs11_obj_t crt, unsigned int flags);
-int gnutls_pubkey_import_openpgp(gnutls_pubkey_t pkey,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flags);
+int gnutls_pubkey_import_x509 (gnutls_pubkey_t pkey, gnutls_x509_crt_t crt,
+ unsigned int flags);
+int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey,
+ gnutls_pkcs11_obj_t crt, unsigned int flags);
+int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey,
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags);
int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t * hash, unsigned int *mand);
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand);
int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e);
+ gnutls_datum_t * m, gnutls_datum_t * e);
int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y);
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y);
int gnutls_pubkey_export (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
+ unsigned char *output_data,
+ size_t * output_data_size);
-int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage);
+int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage);
int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage);
int gnutls_pubkey_import (gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
-int gnutls_pubkey_import_pkcs11_url( gnutls_pubkey_t key, const char* url,
- unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
+int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y);
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y);
int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t pubkey,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e);
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
-int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt,
- gnutls_pubkey_t key);
+int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key);
-int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq,
- gnutls_pubkey_t key);
+int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
int
gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature);
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature);
int
gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash);
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash);
/* Private key operations */
struct gnutls_privkey_st;
-typedef struct gnutls_privkey_st* gnutls_privkey_t;
+typedef struct gnutls_privkey_st *gnutls_privkey_t;
int gnutls_privkey_init (gnutls_privkey_t * key);
void gnutls_privkey_deinit (gnutls_privkey_t key);
-int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int* bits);
+int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
+ unsigned int *bits);
gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1
-int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags);
-int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t key, unsigned int flags);
-int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey_t key, unsigned int flags);
-
-int gnutls_privkey_sign_data(gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
+int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags);
+int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key,
+ unsigned int flags);
+int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags);
+
+int gnutls_privkey_sign_data (gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int gnutls_privkey_sign_hash (gnutls_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
-int gnutls_privkey_decrypt_data(gnutls_privkey_t signer,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+int gnutls_privkey_decrypt_data (gnutls_privkey_t signer,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
-int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
- gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
#endif
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 566f8c599f..ee038c71dc 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -1,7 +1,7 @@
/* Typedefs for more compatibility with older GnuTLS. */
#ifndef _GNUTLS_COMPAT_H
-# define _GNUTLS_COMPAT_H
+#define _GNUTLS_COMPAT_H
#ifdef __GNUC__
@@ -112,63 +112,69 @@
#define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER
#define LIBGNUTLS_EXTRA_VERSION GNUTLS_VERSION
- typedef struct gnutls_retr_st
+typedef struct gnutls_retr_st
+{
+ gnutls_certificate_type_t type;
+ union
{
- gnutls_certificate_type_t type;
- union
- {
- gnutls_x509_crt_t *x509;
- gnutls_openpgp_crt_t pgp;
- } cert;
- unsigned int ncerts; /* one for pgp keys */
-
- union
- {
- gnutls_x509_privkey_t x509;
- gnutls_openpgp_privkey_t pgp;
- } key;
-
- unsigned int deinit_all; /* if non zero all keys will be deinited */
- } gnutls_retr_st;
+ gnutls_x509_crt_t *x509;
+ gnutls_openpgp_crt_t pgp;
+ } cert;
+ unsigned int ncerts; /* one for pgp keys */
+
+ union
+ {
+ gnutls_x509_privkey_t x509;
+ gnutls_openpgp_privkey_t pgp;
+ } key;
+
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
+} gnutls_retr_st;
typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
- const
- gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int
- pk_algos_length,
- gnutls_retr_st *);
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr_st *);
typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
- gnutls_retr_st *);
+ gnutls_retr_st *);
void gnutls_certificate_client_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_client_retrieve_function * func) _GNUTLS_GCC_ATTR_DEPRECATED;
-void gnutls_certificate_server_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_server_retrieve_function * func) _GNUTLS_GCC_ATTR_DEPRECATED;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
+void
+ gnutls_certificate_server_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
/* External signing callback. Experimental. */
- typedef int (*gnutls_sign_func) (gnutls_session_t session,
- void *userdata,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
-
- void gnutls_sign_callback_set (gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata) _GNUTLS_GCC_ATTR_DEPRECATED;
- gnutls_sign_func
- gnutls_sign_callback_get (gnutls_session_t session, void **userdata);
-
- int gnutls_ext_register (int type,
- const char *name,
- gnutls_ext_parse_type_t parse_type,
- gnutls_ext_recv_func recv_func,
- gnutls_ext_send_func send_func) _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef int (*gnutls_sign_func) (gnutls_session_t session,
+ void *userdata,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+void
+gnutls_sign_callback_set (gnutls_session_t session,
+ gnutls_sign_func sign_func, void *userdata)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+gnutls_sign_func
+gnutls_sign_callback_get (gnutls_session_t session, void **userdata);
+
+ int gnutls_ext_register (int type,
+ const char *name,
+ gnutls_ext_parse_type_t parse_type,
+ gnutls_ext_recv_func recv_func,
+ gnutls_ext_send_func send_func)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
#endif /* _GNUTLS_COMPAT_H */
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 61279597dc..072434d352 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -23,7 +23,7 @@
*/
#ifndef GNUTLS_CRYPTO_H
-# define GNUTLS_CRYPTO_H
+#define GNUTLS_CRYPTO_H
typedef struct cipher_hd_st *gnutls_cipher_hd_t;
@@ -36,9 +36,10 @@ int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
void *ciphertext, size_t ciphertextlen);
int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
- size_t ciphertextlen, void* text, size_t textlen);
-int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen,
- void* ciphertext, size_t ciphertextlen);
+ size_t ciphertextlen, void *text, size_t textlen);
+int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text,
+ size_t textlen, void *ciphertext,
+ size_t ciphertextlen);
void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
@@ -306,13 +307,13 @@ typedef struct gnutls_crypto_pk
/* priority: infinity for backend algorithms, 90 for kernel
algorithms, lowest wins
*/
-# define gnutls_crypto_single_cipher_register(algo, prio, st) \
+#define gnutls_crypto_single_cipher_register(algo, prio, st) \
gnutls_crypto_single_cipher_register2 (algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_single_mac_register(algo, prio, st) \
+#define gnutls_crypto_single_mac_register(algo, prio, st) \
gnutls_crypto_single_mac_register2 (algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_single_digest_register(algo, prio, st) \
+#define gnutls_crypto_single_digest_register(algo, prio, st) \
gnutls_crypto_single_digest_register2(algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
@@ -333,11 +334,11 @@ int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t
gnutls_crypto_single_digest_st *
s);
-# define gnutls_crypto_cipher_register(prio, st) \
+#define gnutls_crypto_cipher_register(prio, st) \
gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_mac_register(prio, st) \
+#define gnutls_crypto_mac_register(prio, st) \
gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_digest_register(prio, st) \
+#define gnutls_crypto_digest_register(prio, st) \
gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_cipher_register2 (int priority, int version,
@@ -347,11 +348,11 @@ int gnutls_crypto_mac_register2 (int priority, int version,
int gnutls_crypto_digest_register2 (int priority, int version,
const gnutls_crypto_digest_st * s);
-# define gnutls_crypto_rnd_register(prio, st) \
+#define gnutls_crypto_rnd_register(prio, st) \
gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_pk_register(prio, st) \
+#define gnutls_crypto_pk_register(prio, st) \
gnutls_crypto_pk_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_bigint_register(prio, st) \
+#define gnutls_crypto_bigint_register(prio, st) \
gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_rnd_register2 (int priority, int version,
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 79bc595b3b..a5b7d35bc0 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -35,13 +35,13 @@
#ifndef GNUTLS_H
-# define GNUTLS_H
+#define GNUTLS_H
/* Get size_t. */
#include <stddef.h>
/* Get ssize_t. */
#ifndef HAVE_SSIZE_T
-# define HAVE_SSIZE_T
+#define HAVE_SSIZE_T
/* *INDENT-OFF* */
@DEFINE_SSIZE_T@
/* *INDENT-ON* */
@@ -245,8 +245,8 @@ extern "C"
GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
- /* If you add anything here, make sure you align with
- gnutls_mac_algorithm_t. */
+ /* If you add anything here, make sure you align with
+ gnutls_mac_algorithm_t. */
} gnutls_digest_algorithm_t;
/* exported for other gnutls headers. This is the maximum number of
@@ -585,21 +585,21 @@ extern "C"
* Enumeration of different digital signature algorithms.
*/
typedef enum
- {
- GNUTLS_SIGN_UNKNOWN = 0,
- GNUTLS_SIGN_RSA_SHA1 = 1,
- GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
- GNUTLS_SIGN_DSA_SHA1 = 2,
- GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
- GNUTLS_SIGN_RSA_MD5 = 3,
- GNUTLS_SIGN_RSA_MD2 = 4,
- GNUTLS_SIGN_RSA_RMD160 = 5,
- GNUTLS_SIGN_RSA_SHA256 = 6,
- GNUTLS_SIGN_RSA_SHA384 = 7,
- GNUTLS_SIGN_RSA_SHA512 = 8,
- GNUTLS_SIGN_RSA_SHA224 = 9,
- GNUTLS_SIGN_DSA_SHA224 = 10,
- GNUTLS_SIGN_DSA_SHA256 = 11
+ {
+ GNUTLS_SIGN_UNKNOWN = 0,
+ GNUTLS_SIGN_RSA_SHA1 = 1,
+ GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_SIGN_DSA_SHA1 = 2,
+ GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
+ GNUTLS_SIGN_RSA_MD5 = 3,
+ GNUTLS_SIGN_RSA_MD2 = 4,
+ GNUTLS_SIGN_RSA_RMD160 = 5,
+ GNUTLS_SIGN_RSA_SHA256 = 6,
+ GNUTLS_SIGN_RSA_SHA384 = 7,
+ GNUTLS_SIGN_RSA_SHA512 = 8,
+ GNUTLS_SIGN_RSA_SHA224 = 9,
+ GNUTLS_SIGN_DSA_SHA224 = 10,
+ GNUTLS_SIGN_DSA_SHA256 = 11
} gnutls_sign_algorithm_t;
const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign);
@@ -616,14 +616,14 @@ extern "C"
* Enumeration of security parameters for passive attacks
*/
typedef enum
- {
- GNUTLS_SEC_PARAM_UNKNOWN,
- GNUTLS_SEC_PARAM_WEAK,
- GNUTLS_SEC_PARAM_LOW,
- GNUTLS_SEC_PARAM_NORMAL,
- GNUTLS_SEC_PARAM_HIGH,
- GNUTLS_SEC_PARAM_ULTRA
- } gnutls_sec_param_t;
+ {
+ GNUTLS_SEC_PARAM_UNKNOWN,
+ GNUTLS_SEC_PARAM_WEAK,
+ GNUTLS_SEC_PARAM_LOW,
+ GNUTLS_SEC_PARAM_NORMAL,
+ GNUTLS_SEC_PARAM_HIGH,
+ GNUTLS_SEC_PARAM_ULTRA
+ } gnutls_sec_param_t;
/* If you want to change this, then also change the define in
@@ -685,10 +685,10 @@ extern "C"
const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
- unsigned int bits);
- const char * gnutls_sec_param_get_name (gnutls_sec_param_t param);
+ unsigned int bits);
+ const char *gnutls_sec_param_get_name (gnutls_sec_param_t param);
unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
- gnutls_sec_param_t param);
+ gnutls_sec_param_t param);
/* get information on the current session */
gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
@@ -1124,13 +1124,13 @@ extern "C"
int gnutls_global_init (void);
void gnutls_global_deinit (void);
- typedef int (*mutex_init_func)(void** mutex);
- typedef int (*mutex_lock_func)(void** mutex);
- typedef int (*mutex_unlock_func)(void** mutex);
- typedef int (*mutex_deinit_func)(void** mutex);
-
- void gnutls_global_set_mutex(mutex_init_func init, mutex_deinit_func,
- mutex_lock_func, mutex_unlock_func);
+ typedef int (*mutex_init_func) (void **mutex);
+ typedef int (*mutex_lock_func) (void **mutex);
+ typedef int (*mutex_unlock_func) (void **mutex);
+ typedef int (*mutex_deinit_func) (void **mutex);
+
+ void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func,
+ mutex_lock_func, mutex_unlock_func);
typedef void *(*gnutls_alloc_function) (size_t);
typedef void *(*gnutls_calloc_function) (size_t, size_t);
@@ -1211,16 +1211,19 @@ extern "C"
/* Session stuff
*/
- typedef struct {
- void *iov_base; /* Starting address */
- size_t iov_len; /* Number of bytes to transfer */
+ typedef struct
+ {
+ void *iov_base; /* Starting address */
+ size_t iov_len; /* Number of bytes to transfer */
} giovec_t;
typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
size_t);
- typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *, size_t);
+ typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
+ size_t);
- typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, const giovec_t *iov, int iovcnt);
+ typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t,
+ const giovec_t * iov, int iovcnt);
typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
@@ -1239,14 +1242,14 @@ extern "C"
void gnutls_transport_set_push_function2 (gnutls_session_t session,
- gnutls_vec_push_func vec_func);
+ gnutls_vec_push_func vec_func);
void gnutls_transport_set_push_function (gnutls_session_t session,
gnutls_push_func push_func);
void gnutls_transport_set_pull_function (gnutls_session_t session,
gnutls_pull_func pull_func);
void gnutls_transport_set_errno_function (gnutls_session_t session,
- gnutls_errno_func errno_func);
+ gnutls_errno_func errno_func);
void gnutls_transport_set_errno (gnutls_session_t session, int err);
void gnutls_transport_set_global_errno (int err);
@@ -1460,19 +1463,20 @@ extern "C"
typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
struct gnutls_pkcs11_privkey_st;
- typedef struct gnutls_pkcs11_privkey_st* gnutls_pkcs11_privkey_t;
+ typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
- typedef enum {
- GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */
- GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */
- GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */
+ typedef enum
+ {
+ GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */
+ GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */
+ GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */
} gnutls_privkey_type_t;
typedef struct gnutls_retr2_st
{
gnutls_certificate_type_t cert_type;
gnutls_privkey_type_t key_type;
-
+
union
{
gnutls_x509_crt_t *x509;
@@ -1525,16 +1529,16 @@ extern "C"
*/
typedef int gnutls_certificate_retrieve_function (gnutls_session_t,
- const
- gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int
- pk_algos_length,
- gnutls_retr2_st *);
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr2_st *);
void gnutls_certificate_set_retrieve_function
diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h
index 9f88fe87b6..462c7a5ffb 100644
--- a/lib/includes/gnutls/gnutlsxx.h
+++ b/lib/includes/gnutls/gnutlsxx.h
@@ -1,5 +1,5 @@
#ifndef GNUTLSXX_H
-# define GNUTLSXX_H
+#define GNUTLSXX_H
#include <exception>
#include <vector>
@@ -310,8 +310,7 @@ namespace gnutls
gnutls_x509_crt_fmt_t type,
const char *password);
- void set_retrieve_function (gnutls_certificate_retrieve_function *
- func);
+ void set_retrieve_function (gnutls_certificate_retrieve_function * func);
protected:
gnutls_certificate_credentials_t cred;
diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h
index 81b73b7c94..cad2235f1b 100644
--- a/lib/includes/gnutls/openpgp.h
+++ b/lib/includes/gnutls/openpgp.h
@@ -28,14 +28,14 @@
*/
#ifndef GNUTLS_OPENPGP_H
-# define GNUTLS_OPENPGP_H
+#define GNUTLS_OPENPGP_H
-# include <gnutls/gnutls.h>
+#include <gnutls/gnutls.h>
-# ifdef __cplusplus
+#ifdef __cplusplus
extern "C"
{
-# endif
+#endif
/* Openpgp certificate stuff
*/
@@ -161,7 +161,8 @@ extern "C"
gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
unsigned int *bits);
- gnutls_sec_param_t gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key);
+ gnutls_sec_param_t
+ gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key);
int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format,
@@ -169,18 +170,18 @@ extern "C"
unsigned int flags);
int gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags, const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature);
int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
void *fpr, size_t * fprlen);
- int
- gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
- key, unsigned int idx,
- void *fpr,
- size_t * fprlen);
+ int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
+ key, unsigned int idx,
+ void *fpr,
+ size_t * fprlen);
int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
@@ -363,8 +364,8 @@ extern "C"
(gnutls_certificate_credentials_t c, const char *file,
gnutls_openpgp_crt_fmt_t format);
-# ifdef __cplusplus
+#ifdef __cplusplus
}
-# endif
+#endif
#endif /* GNUTLS_OPENPGP_H */
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index 477c9ad22c..95c74d62d0 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -15,68 +15,76 @@
* multiple times if the token is not detected and the retry counter
* will be increased.
*/
-typedef int (*gnutls_pkcs11_token_callback_t)(
- void * const global_data,
- const char * const label,
- const unsigned retry
-);
+typedef int (*gnutls_pkcs11_token_callback_t) (void *const global_data,
+ const char *const label,
+ const unsigned retry);
/* flags */
#define GNUTLS_PKCS11_PIN_FINAL_TRY (1<<0)
#define GNUTLS_PKCS11_PIN_COUNT_LOW (1<<1)
-typedef int (*gnutls_pkcs11_pin_callback_t)(void *userdata, int attempt,
- const char *token_url, const char *token_label,
- unsigned int flags, char *pin, size_t pin_max);
+typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt,
+ const char *token_url,
+ const char *token_label,
+ unsigned int flags, char *pin,
+ size_t pin_max);
struct gnutls_pkcs11_obj_st;
-typedef struct gnutls_pkcs11_obj_st* gnutls_pkcs11_obj_t;
+typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
-#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
-#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
+#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
+#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
/* pkcs11.conf format:
* load = /lib/xxx-pkcs11.so
* load = /lib/yyy-pkcs11.so
*/
-int gnutls_pkcs11_init (unsigned int flags, const char* configfile);
+int gnutls_pkcs11_init (unsigned int flags, const char *configfile);
void gnutls_pkcs11_deinit (void);
-void gnutls_pkcs11_set_token_function(gnutls_pkcs11_token_callback_t fn, void *userdata);
-void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t callback, void * data);
-int gnutls_pkcs11_add_provider (const char * name, const char * params);
-int gnutls_pkcs11_obj_init ( gnutls_pkcs11_obj_t *certificate);
-
-#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
-
-typedef enum {
- GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
- GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
- GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
+void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
+ void *userdata);
+void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t callback,
+ void *data);
+int gnutls_pkcs11_add_provider (const char *name, const char *params);
+int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * certificate);
+
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
+
+typedef enum
+{
+ GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
+ GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
+ GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
} gnutls_pkcs11_url_type_t;
-int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char * url,
- unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
-int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t, gnutls_pkcs11_url_type_t detailed, char** url);
-void gnutls_pkcs11_obj_deinit ( gnutls_pkcs11_obj_t);
-
-int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size);
-
-
-int gnutls_pkcs11_copy_x509_crt(const char* token_url, gnutls_x509_crt_t crt,
- const char* label, unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */);
-int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
- gnutls_x509_privkey_t crt, const char* label, unsigned int key_usage /*GNUTLS_KEY_* */,
- unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */);
-int gnutls_pkcs11_delete_url(const char* object_url,
- unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
-
-typedef enum {
- GNUTLS_PKCS11_OBJ_ID_HEX=1,
+int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t);
+
+int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
+ void *output_data, size_t * output_data_size);
+
+
+int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt,
+ const char *label, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t crt, const char *label, unsigned int key_usage /*GNUTLS_KEY_* */
+ , unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+typedef enum
+{
+ GNUTLS_PKCS11_OBJ_ID_HEX = 1,
GNUTLS_PKCS11_OBJ_LABEL,
GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
@@ -89,26 +97,31 @@ typedef enum {
GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
} gnutls_pkcs11_obj_info_t;
-int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt, gnutls_pkcs11_obj_info_t itype, void* output, size_t* output_size);
-
-typedef enum {
- GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL=1, /* all certificates */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
- GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
- GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
- GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */
+int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+
+typedef enum
+{
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
+ GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
+ GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
+ GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */
} gnutls_pkcs11_obj_attr_t;
/* token info */
-typedef enum {
+typedef enum
+{
GNUTLS_PKCS11_TOKEN_LABEL,
GNUTLS_PKCS11_TOKEN_SERIAL,
GNUTLS_PKCS11_TOKEN_MANUFACTURER,
GNUTLS_PKCS11_TOKEN_MODEL
} gnutls_pkcs11_token_info_t;
-typedef enum {
+typedef enum
+{
GNUTLS_PKCS11_OBJ_UNKNOWN,
GNUTLS_PKCS11_OBJ_X509_CRT,
GNUTLS_PKCS11_OBJ_PUBKEY,
@@ -117,52 +130,64 @@ typedef enum {
GNUTLS_PKCS11_OBJ_DATA
} gnutls_pkcs11_obj_type_t;
-int gnutls_pkcs11_token_get_url (unsigned int seq, gnutls_pkcs11_url_type_t detailed, char** url);
-int gnutls_pkcs11_token_get_info(const char* url, gnutls_pkcs11_token_info_t, void* output, size_t *output_size);
+int gnutls_pkcs11_token_get_url (unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+int gnutls_pkcs11_token_get_info (const char *url, gnutls_pkcs11_token_info_t,
+ void *output, size_t * output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1
-int gnutls_pkcs11_token_get_flags(const char* url, unsigned int *flags);
+int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags);
-int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
- unsigned int *const n_list, const char* url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
+int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
+ unsigned int *const n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_x509_crt_import_pkcs11( gnutls_x509_crt_t crt, gnutls_pkcs11_obj_t pkcs11_crt);
-int gnutls_x509_crt_import_pkcs11_url( gnutls_x509_crt_t crt, const char* url,
- unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
+int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt);
+int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t certificate);
-const char* gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t);
+gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t
+ certificate);
+const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t);
-int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
- unsigned int cert_max,
- gnutls_pkcs11_obj_t * const pkcs11_certs,
- unsigned int flags/* must be zero */);
+int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /* must be zero */
+ );
/* private key functions...*/
int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key);
void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key);
-int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, unsigned int* bits);
-int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t crt, gnutls_pkcs11_obj_info_t itype, void* output, size_t* output_size);
+int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
+ unsigned int *bits);
+int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t crt,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size);
int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t key,
- const char* url, unsigned int flags);
+ const char *url, unsigned int flags);
-int gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
+int gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
int
-gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
- unsigned int flags, const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
-int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, gnutls_pkcs11_url_type_t detailed, char ** url);
+gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
+int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
/** @} */
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index 8c132fe9ad..6b146218d2 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -24,14 +24,14 @@
*/
#ifndef GNUTLS_PKCS12_H
-# define GNUTLS_PKCS12_H
+#define GNUTLS_PKCS12_H
-# include <gnutls/x509.h>
+#include <gnutls/x509.h>
-# ifdef __cplusplus
+#ifdef __cplusplus
extern "C"
{
-# endif
+#endif
/* PKCS12 structures handling
*/
@@ -116,8 +116,8 @@ extern "C"
int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
const char *name);
-# ifdef __cplusplus
+#ifdef __cplusplus
}
-# endif
+#endif
#endif /* GNUTLS_PKCS12_H */
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 11f8ec9ba8..d9a7e61f6a 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -28,14 +28,14 @@
*/
#ifndef GNUTLS_X509_H
-# define GNUTLS_X509_H
+#define GNUTLS_X509_H
-# include <gnutls/gnutls.h>
+#include <gnutls/gnutls.h>
-# ifdef __cplusplus
+#ifdef __cplusplus
extern "C"
{
-# endif
+#endif
/* Some OIDs usually found in Distinguished names, or
* in Subject Directory Attribute extensions.
@@ -141,7 +141,9 @@ extern "C"
unsigned char *output_data,
size_t * output_data_size);
int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t * hash, unsigned int *mand);
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int *mand);
int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
const void *id, size_t id_size);
@@ -625,7 +627,8 @@ extern "C"
int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
- gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key);
+ gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t
+ key);
int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
gnutls_x509_privkey_t src);
int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
@@ -644,14 +647,14 @@ extern "C"
const gnutls_datum_t * q,
const gnutls_datum_t * u);
int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t *exp1,
- const gnutls_datum_t *exp2);
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * exp1,
+ const gnutls_datum_t * exp2);
int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
@@ -688,10 +691,14 @@ extern "C"
void *output_data,
size_t * output_data_size);
int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t* e1, gnutls_datum_t* e2);
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u,
+ gnutls_datum_t * e1,
+ gnutls_datum_t * e2);
int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
gnutls_datum_t * m,
gnutls_datum_t * e,
@@ -709,10 +716,10 @@ extern "C"
void *signature,
size_t * signature_size);
int gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t *signature);
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
unsigned int flags,
const gnutls_datum_t * data,
@@ -750,7 +757,9 @@ extern "C"
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq,
- gnutls_digest_algorithm_t * hash, unsigned int* mand);
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int *mand);
int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
size_t * sizeof_buf);
@@ -858,8 +867,8 @@ extern "C"
void *buf, size_t * sizeof_buf,
unsigned int *critical);
-# ifdef __cplusplus
+#ifdef __cplusplus
}
-# endif
+#endif
#endif /* GNUTLS_X509_H */
diff --git a/lib/locks.c b/lib/locks.c
index e1ddfc6d79..d3bc2e1fea 100644
--- a/lib/locks.c
+++ b/lib/locks.c
@@ -48,10 +48,11 @@
* This function must be called before gnutls_global_init().
*
**/
-void gnutls_global_set_mutex(mutex_init_func init, mutex_deinit_func deinit,
- mutex_lock_func lock, mutex_unlock_func unlock)
+void
+gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
+ mutex_lock_func lock, mutex_unlock_func unlock)
{
- if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL)
+ if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL)
return;
gnutls_mutex_init = init;
diff --git a/lib/locks.h b/lib/locks.h
index 0a91d2ffec..e3d3825649 100644
--- a/lib/locks.h
+++ b/lib/locks.h
@@ -1,5 +1,5 @@
#ifndef GNUTLS_LOCKS_H
-# define GNUTLS_LOCKS_H
+#define GNUTLS_LOCKS_H
#include <gnutls/gnutls.h>
#include <gnutls_int.h>
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 66bfee29d0..c0d0b13afa 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -41,80 +41,95 @@
#define MAX_BLOCK_SIZE 32
-typedef void (*encrypt_func)(void*, nettle_crypt_func, unsigned, uint8_t*, unsigned, uint8_t *, const uint8_t *);
-typedef void (*decrypt_func)(void*, nettle_crypt_func, unsigned, uint8_t*, unsigned, uint8_t *, const uint8_t *);
-typedef void (*setkey_func)(void*, unsigned, const uint8_t*);
+typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
+ unsigned, uint8_t *, const uint8_t *);
+typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
+ unsigned, uint8_t *, const uint8_t *);
+typedef void (*setkey_func) (void *, unsigned, const uint8_t *);
-static void stream_encrypt (void* ctx, nettle_crypt_func func, unsigned block_size, uint8_t* iv, unsigned length, uint8_t * dst, const uint8_t * src)
+static void
+stream_encrypt (void *ctx, nettle_crypt_func func, unsigned block_size,
+ uint8_t * iv, unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- func(ctx, length, dst, src);
+ func (ctx, length, dst, src);
}
struct aes_bidi_ctx
{
- struct aes_ctx encrypt;
- struct aes_ctx decrypt;
+ struct aes_ctx encrypt;
+ struct aes_ctx decrypt;
};
-static void aes_bidi_setkey (struct aes_bidi_ctx* ctx, unsigned length, const uint8_t *key)
+static void
+aes_bidi_setkey (struct aes_bidi_ctx *ctx, unsigned length,
+ const uint8_t * key)
{
- aes_set_encrypt_key (&ctx->encrypt, length, key);
- aes_invert_key (&ctx->decrypt, &ctx->encrypt);
+ aes_set_encrypt_key (&ctx->encrypt, length, key);
+ aes_invert_key (&ctx->decrypt, &ctx->encrypt);
}
-static void aes_bidi_encrypt(struct aes_bidi_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+static void
+aes_bidi_encrypt (struct aes_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- aes_encrypt(&ctx->encrypt, length, dst, src);
+ aes_encrypt (&ctx->encrypt, length, dst, src);
}
-static void aes_bidi_decrypt(struct aes_bidi_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+static void
+aes_bidi_decrypt (struct aes_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- aes_decrypt(&ctx->decrypt, length, dst, src);
+ aes_decrypt (&ctx->decrypt, length, dst, src);
}
struct camellia_bidi_ctx
{
- struct camellia_ctx encrypt;
- struct camellia_ctx decrypt;
+ struct camellia_ctx encrypt;
+ struct camellia_ctx decrypt;
};
-static void camellia_bidi_setkey (struct camellia_bidi_ctx* ctx, unsigned length, const uint8_t *key)
+static void
+camellia_bidi_setkey (struct camellia_bidi_ctx *ctx, unsigned length,
+ const uint8_t * key)
{
- camellia_set_encrypt_key (&ctx->encrypt, length, key);
- camellia_invert_key (&ctx->decrypt, &ctx->encrypt);
+ camellia_set_encrypt_key (&ctx->encrypt, length, key);
+ camellia_invert_key (&ctx->decrypt, &ctx->encrypt);
}
-static void camellia_bidi_encrypt(struct camellia_bidi_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+static void
+camellia_bidi_encrypt (struct camellia_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- camellia_crypt(&ctx->encrypt, length, dst, src);
+ camellia_crypt (&ctx->encrypt, length, dst, src);
}
-static void camellia_bidi_decrypt(struct camellia_bidi_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+static void
+camellia_bidi_decrypt (struct camellia_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- camellia_crypt(&ctx->decrypt, length, dst, src);
+ camellia_crypt (&ctx->decrypt, length, dst, src);
}
-struct nettle_cipher_ctx {
- union {
- struct aes_bidi_ctx aes_bidi;
- struct camellia_bidi_ctx camellia_bidi;
- struct arcfour_ctx arcfour;
- struct arctwo_ctx arctwo;
- struct des3_ctx des3;
- struct des_ctx des;
- } ctx;
- void *ctx_ptr;
- uint8_t iv[MAX_BLOCK_SIZE];
- gnutls_cipher_algorithm_t algo;
- size_t block_size;
- nettle_crypt_func* i_encrypt;
- nettle_crypt_func* i_decrypt;
- encrypt_func encrypt;
- decrypt_func decrypt;
+struct nettle_cipher_ctx
+{
+ union
+ {
+ struct aes_bidi_ctx aes_bidi;
+ struct camellia_bidi_ctx camellia_bidi;
+ struct arcfour_ctx arcfour;
+ struct arctwo_ctx arctwo;
+ struct des3_ctx des3;
+ struct des_ctx des;
+ } ctx;
+ void *ctx_ptr;
+ uint8_t iv[MAX_BLOCK_SIZE];
+ gnutls_cipher_algorithm_t algo;
+ size_t block_size;
+ nettle_crypt_func *i_encrypt;
+ nettle_crypt_func *i_decrypt;
+ encrypt_func encrypt;
+ decrypt_func decrypt;
};
@@ -122,178 +137,187 @@ struct nettle_cipher_ctx {
static int
wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx)
{
- struct nettle_cipher_ctx* ctx;
+ struct nettle_cipher_ctx *ctx;
- ctx = gnutls_calloc(1, sizeof(*ctx));
- if (ctx == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ ctx = gnutls_calloc (1, sizeof (*ctx));
+ if (ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
- ctx->algo = algo;
+ ctx->algo = algo;
- switch (algo) {
+ switch (algo)
+ {
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)camellia_bidi_encrypt;
- ctx->i_decrypt = (nettle_crypt_func*)camellia_bidi_decrypt;
- ctx->ctx_ptr = &ctx->ctx.camellia_bidi;
- ctx->block_size = CAMELLIA_BLOCK_SIZE;
- break;
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) camellia_bidi_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) camellia_bidi_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.camellia_bidi;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)aes_bidi_encrypt;
- ctx->i_decrypt = (nettle_crypt_func*)aes_bidi_decrypt;
- ctx->ctx_ptr = &ctx->ctx.aes_bidi;
- ctx->block_size = AES_BLOCK_SIZE;
- break;
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) aes_bidi_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) aes_bidi_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.aes_bidi;
+ ctx->block_size = AES_BLOCK_SIZE;
+ break;
case GNUTLS_CIPHER_3DES_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)des3_encrypt;
- ctx->i_decrypt = (nettle_crypt_func*)des3_decrypt;
- ctx->ctx_ptr = &ctx->ctx.des3;
- ctx->block_size = DES3_BLOCK_SIZE;
- break;
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des3;
+ ctx->block_size = DES3_BLOCK_SIZE;
+ break;
case GNUTLS_CIPHER_DES_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)des_encrypt;
- ctx->i_decrypt = (nettle_crypt_func*)des_decrypt;
- ctx->ctx_ptr = &ctx->ctx.des;
- ctx->block_size = DES_BLOCK_SIZE;
- break;
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des;
+ ctx->block_size = DES_BLOCK_SIZE;
+ break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
- ctx->encrypt = stream_encrypt;
- ctx->decrypt = stream_encrypt;
- ctx->i_encrypt = (nettle_crypt_func*)arcfour_crypt;
- ctx->i_decrypt = (nettle_crypt_func*)arcfour_crypt;
- ctx->ctx_ptr = &ctx->ctx.arcfour;
- ctx->block_size = 1;
- break;
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->ctx_ptr = &ctx->ctx.arcfour;
+ ctx->block_size = 1;
+ break;
case GNUTLS_CIPHER_RC2_40_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)arctwo_encrypt;
- ctx->i_decrypt = (nettle_crypt_func*)arctwo_decrypt;
- ctx->ctx_ptr = &ctx->ctx.arctwo;
- ctx->block_size = ARCTWO_BLOCK_SIZE;
- break;
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.arctwo;
+ ctx->block_size = ARCTWO_BLOCK_SIZE;
+ break;
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
-
- *_ctx = ctx;
- return 0;
+ *_ctx = ctx;
+
+ return 0;
}
static int
wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
{
- struct nettle_cipher_ctx* ctx = _ctx;
- opaque des_key[DES3_KEY_SIZE];
-
- switch (ctx->algo) {
+ struct nettle_cipher_ctx *ctx = _ctx;
+ opaque des_key[DES3_KEY_SIZE];
+
+ switch (ctx->algo)
+ {
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
- aes_bidi_setkey(ctx->ctx_ptr, keysize, key);
- break;
+ aes_bidi_setkey (ctx->ctx_ptr, keysize, key);
+ break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- camellia_bidi_setkey(ctx->ctx_ptr, keysize, key);
- break;
+ camellia_bidi_setkey (ctx->ctx_ptr, keysize, key);
+ break;
case GNUTLS_CIPHER_3DES_CBC:
- if (keysize != DES3_KEY_SIZE) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- des_fix_parity(keysize, des_key, key);
-
- /* this fails on weak keys */
- if (des3_set_key(ctx->ctx_ptr, des_key)!=1) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- break;
+ if (keysize != DES3_KEY_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity (keysize, des_key, key);
+
+ /* this fails on weak keys */
+ if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
case GNUTLS_CIPHER_DES_CBC:
- if (keysize != DES_KEY_SIZE)
- {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- des_fix_parity(keysize, des_key, key);
-
- if (des_set_key(ctx->ctx_ptr, des_key)!=1) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- break;
+ if (keysize != DES_KEY_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity (keysize, des_key, key);
+
+ if (des_set_key (ctx->ctx_ptr, des_key) != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
- arcfour_set_key(ctx->ctx_ptr, keysize, key);
- break;
+ arcfour_set_key (ctx->ctx_ptr, keysize, key);
+ break;
case GNUTLS_CIPHER_RC2_40_CBC:
- arctwo_set_key(ctx->ctx_ptr, keysize, key);
- break;
+ arctwo_set_key (ctx->ctx_ptr, keysize, key);
+ break;
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
-
- return 0;
+
+ return 0;
}
static int
wrap_nettle_cipher_setiv (void *_ctx, const void *iv, size_t ivsize)
{
- struct nettle_cipher_ctx* ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- if (ivsize > ctx->block_size) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- memcpy(ctx->iv, iv, ivsize);
+ if (ivsize > ctx->block_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ memcpy (ctx->iv, iv, ivsize);
- return 0;
+ return 0;
}
static int
wrap_nettle_cipher_decrypt (void *_ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize)
+ void *plain, size_t plainsize)
{
- struct nettle_cipher_ctx* ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
+
+ ctx->decrypt (ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv,
+ encrsize, plain, encr);
- ctx->decrypt(ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv, encrsize, plain, encr);
-
- return 0;
+ return 0;
}
static int
wrap_nettle_cipher_encrypt (void *_ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize)
+ void *encr, size_t encrsize)
{
- struct nettle_cipher_ctx* ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
+
+ ctx->encrypt (ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv,
+ plainsize, encr, plain);
- ctx->encrypt(ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv, plainsize, encr, plain);
-
- return 0;
+ return 0;
}
static void
wrap_nettle_cipher_close (void *h)
{
- gnutls_free(h);
+ gnutls_free (h);
}
gnutls_crypto_cipher_st _gnutls_cipher_ops = {
diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c
index 09c5ad8906..4e720e4921 100644
--- a/lib/nettle/egd.c
+++ b/lib/nettle/egd.c
@@ -40,80 +40,86 @@
static int egd_socket = -1;
static int
-do_write( int fd, void *buf, size_t nbytes )
+do_write (int fd, void *buf, size_t nbytes)
{
size_t nleft = nbytes;
int nwritten;
-
- while( nleft > 0 )
+
+ while (nleft > 0)
{
- nwritten = write( fd, buf, nleft);
- if( nwritten < 0 )
- {
- if( errno == EINTR )
- continue;
- return -1;
+ nwritten = write (fd, buf, nleft);
+ if (nwritten < 0)
+ {
+ if (errno == EINTR)
+ continue;
+ return -1;
}
nleft -= nwritten;
- buf = (char*)buf + nwritten;
+ buf = (char *) buf + nwritten;
}
return 0;
}
static int
-do_read( int fd, void *buf, size_t nbytes )
+do_read (int fd, void *buf, size_t nbytes)
{
int n, nread = 0;
do
{
do
- {
- n = read(fd, (char*)buf + nread, nbytes );
- }
- while( n == -1 && errno == EINTR );
- if( n == -1)
- return nread? nread:-1;
- if( n == 0)
- return -1;
+ {
+ n = read (fd, (char *) buf + nread, nbytes);
+ }
+ while (n == -1 && errno == EINTR);
+ if (n == -1)
+ return nread ? nread : -1;
+ if (n == 0)
+ return -1;
nread += n;
nbytes -= n;
- }
- while( nread < nbytes );
+ }
+ while (nread < nbytes);
return nread;
}
-static const char* egd_names[] = {
- "/var/run/egd-pool",
- "/dev/egd-pool",
- "/etc/egd-pool",
- "/etc/entropy",
- "/var/run/entropy",
+static const char *egd_names[] = {
+ "/var/run/egd-pool",
+ "/dev/egd-pool",
+ "/etc/egd-pool",
+ "/etc/entropy",
+ "/var/run/entropy",
"/dev/entropy",
- NULL
+ NULL
};
-static const char* find_egd_name(void)
+static const char *
+find_egd_name (void)
{
-int i = 0;
-struct stat st;
-
- do {
- if (stat(egd_names[i], &st) != 0) continue;
-
- if (st.st_mode & S_IFSOCK) { /* found */
- return egd_names[i];
+ int i = 0;
+ struct stat st;
+
+ do
+ {
+ if (stat (egd_names[i], &st) != 0)
+ continue;
+
+ if (st.st_mode & S_IFSOCK)
+ { /* found */
+ return egd_names[i];
+ }
+
}
-
- } while(egd_names[++i] != NULL);
-
+ while (egd_names[++i] != NULL);
+
return NULL;
}
/* Connect to the EGD and return the file descriptor. Return -1 on
error. With NOFAIL set to true, silently fail and return the
error, otherwise print an error message and die. */
-int _rndegd_connect_socket (void)
+int
+_rndegd_connect_socket (void)
{
int fd;
const char *name;
@@ -126,30 +132,31 @@ int _rndegd_connect_socket (void)
egd_socket = -1;
}
- name = find_egd_name();
+ name = find_egd_name ();
- if (strlen(name)+1 >= sizeof addr.sun_path)
+ if (strlen (name) + 1 >= sizeof addr.sun_path)
{
_gnutls_debug_log ("EGD socketname is too long\n");
return -1;
}
-
- memset( &addr, 0, sizeof addr );
+
+ memset (&addr, 0, sizeof addr);
addr.sun_family = AF_LOCAL;
- strcpy( addr.sun_path, name );
- addr_len = (offsetof( struct sockaddr_un, sun_path )
- + strlen( addr.sun_path ));
-
- fd = socket(AF_LOCAL, SOCK_STREAM, 0);
+ strcpy (addr.sun_path, name);
+ addr_len = (offsetof (struct sockaddr_un, sun_path)
+ + strlen (addr.sun_path));
+
+ fd = socket (AF_LOCAL, SOCK_STREAM, 0);
if (fd == -1)
{
- _gnutls_debug_log("can't create unix domain socket: %s\n", strerror(errno) );
+ _gnutls_debug_log ("can't create unix domain socket: %s\n",
+ strerror (errno));
return -1;
}
- else if (connect (fd, (struct sockaddr*)&addr, addr_len) == -1)
+ else if (connect (fd, (struct sockaddr *) &addr, addr_len) == -1)
{
- _gnutls_debug_log("can't connect to EGD socket `%s': %s\n",
- name, strerror(errno) );
+ _gnutls_debug_log ("can't connect to EGD socket `%s': %s\n",
+ name, strerror (errno));
close (fd);
fd = -1;
}
@@ -167,20 +174,21 @@ int _rndegd_connect_socket (void)
* Using a level of 0 should never block and better add nothing
* to the pool. So this is just a dummy for EGD.
*/
-int _rndegd_read (int * fd, void* _output, size_t _length)
+int
+_rndegd_read (int *fd, void *_output, size_t _length)
{
int n;
- uint8_t buffer[256+2];
+ uint8_t buffer[256 + 2];
int nbytes;
int do_restart = 0;
- unsigned char* output = _output;
+ unsigned char *output = _output;
size_t length = _length;
- if( !length )
+ if (!length)
return 0;
- restart:
+restart:
if (*fd == -1 || do_restart)
*fd = _rndegd_connect_socket ();
@@ -188,68 +196,68 @@ int _rndegd_read (int * fd, void* _output, size_t _length)
nbytes = length < 255 ? length : 255;
/* First time we do it with a non blocking request */
- buffer[0] = 1; /* non blocking */
+ buffer[0] = 1; /* non blocking */
buffer[1] = nbytes;
- if( do_write( *fd, buffer, 2 ) == -1 )
- _gnutls_debug_log("can't write to the EGD: %s\n", strerror(errno) );
+ if (do_write (*fd, buffer, 2) == -1)
+ _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
- n = do_read( *fd, buffer, 1 );
- if( n == -1 )
+ n = do_read (*fd, buffer, 1);
+ if (n == -1)
{
- _gnutls_debug_log("read error on EGD: %s\n", strerror(errno));
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
do_restart = 1;
goto restart;
}
n = buffer[0];
- if( n )
+ if (n)
{
- n = do_read( *fd, buffer, n );
- if( n == -1 )
- {
- _gnutls_debug_log("read error on EGD: %s\n", strerror(errno));
- do_restart = 1;
- goto restart;
+ n = do_read (*fd, buffer, n);
+ if (n == -1)
+ {
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
+ do_restart = 1;
+ goto restart;
}
if (n > length)
- {
- _gnutls_debug_log("read error on EGD: returned more bytes!\n");
- n = length;
- }
+ {
+ _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
- memcpy(output, buffer, n);
+ memcpy (output, buffer, n);
output += n;
length -= n;
}
- while( length )
+ while (length)
{
- nbytes = length < 255? length : 255;
+ nbytes = length < 255 ? length : 255;
- buffer[0] = 2; /* blocking */
+ buffer[0] = 2; /* blocking */
buffer[1] = nbytes;
- if( do_write( *fd, buffer, 2 ) == -1 )
- _gnutls_debug_log("can't write to the EGD: %s\n", strerror(errno) );
- n = do_read( *fd, buffer, nbytes );
- if( n == -1 )
- {
- _gnutls_debug_log("read error on EGD: %s\n", strerror(errno));
- do_restart = 1;
- goto restart;
+ if (do_write (*fd, buffer, 2) == -1)
+ _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
+ n = do_read (*fd, buffer, nbytes);
+ if (n == -1)
+ {
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
+ do_restart = 1;
+ goto restart;
}
if (n > length)
- {
- _gnutls_debug_log("read error on EGD: returned more bytes!\n");
- n = length;
- }
-
- memcpy(output, buffer, n);
+ {
+ _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
+
+ memcpy (output, buffer, n);
output += n;
length -= n;
}
- return _length; /* success */
+ return _length; /* success */
}
diff --git a/lib/nettle/egd.h b/lib/nettle/egd.h
index 74f3ed968b..88f605b835 100644
--- a/lib/nettle/egd.h
+++ b/lib/nettle/egd.h
@@ -1,2 +1,2 @@
-int _rndegd_read (int * fd, void* output, size_t length);
+int _rndegd_read (int *fd, void *output, size_t length);
int _rndegd_connect_socket (void);
diff --git a/lib/nettle/init.c b/lib/nettle/init.c
index 868ddc6898..446083c14d 100644
--- a/lib/nettle/init.c
+++ b/lib/nettle/init.c
@@ -31,7 +31,8 @@
/* Functions that refer to the initialization of the libgcrypt library.
*/
-int gnutls_crypto_init(void)
+int
+gnutls_crypto_init (void)
{
- return 0;
+ return 0;
}
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 71b9d012cb..a0b3ee098f 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -37,276 +37,292 @@ typedef void (*update_func) (void *, unsigned, const uint8_t *);
typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
-static int wrap_nettle_hash_init(gnutls_mac_algorithm_t algo, void **_ctx);
-
-struct nettle_hash_ctx {
- union {
- struct md5_ctx md5;
- struct md2_ctx md2;
- struct sha224_ctx sha224;
- struct sha256_ctx sha256;
- struct sha384_ctx sha384;
- struct sha512_ctx sha512;
- struct sha1_ctx sha1;
- } ctx;
- void *ctx_ptr;
- gnutls_mac_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
+static int wrap_nettle_hash_init (gnutls_mac_algorithm_t algo, void **_ctx);
+
+struct nettle_hash_ctx
+{
+ union
+ {
+ struct md5_ctx md5;
+ struct md2_ctx md2;
+ struct sha224_ctx sha224;
+ struct sha256_ctx sha256;
+ struct sha384_ctx sha384;
+ struct sha512_ctx sha512;
+ struct sha1_ctx sha1;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
};
-struct nettle_hmac_ctx {
- union {
- struct hmac_md5_ctx md5;
- struct hmac_sha224_ctx sha224;
- struct hmac_sha256_ctx sha256;
- struct hmac_sha384_ctx sha384;
- struct hmac_sha512_ctx sha512;
- struct hmac_sha1_ctx sha1;
- } ctx;
- void *ctx_ptr;
- gnutls_mac_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
- set_key_func setkey;
+struct nettle_hmac_ctx
+{
+ union
+ {
+ struct hmac_md5_ctx md5;
+ struct hmac_sha224_ctx sha224;
+ struct hmac_sha256_ctx sha256;
+ struct hmac_sha384_ctx sha384;
+ struct hmac_sha512_ctx sha512;
+ struct hmac_sha1_ctx sha1;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ set_key_func setkey;
};
-static int wrap_nettle_hmac_init(gnutls_mac_algorithm_t algo, void **_ctx)
+static int
+wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
{
- struct nettle_hmac_ctx* ctx;
+ struct nettle_hmac_ctx *ctx;
- ctx = gnutls_malloc(sizeof(struct nettle_hmac_ctx));
- if (ctx == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ ctx = gnutls_malloc (sizeof (struct nettle_hmac_ctx));
+ if (ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
- ctx->algo = algo;
+ ctx->algo = algo;
- switch (algo) {
+ switch (algo)
+ {
case GNUTLS_MAC_MD5:
- ctx->update = (update_func)hmac_md5_update;
- ctx->digest = (digest_func)hmac_md5_digest;
- ctx->setkey = (set_key_func)hmac_md5_set_key;
- ctx->ctx_ptr = &ctx->ctx.md5;
- ctx->length = MD5_DIGEST_SIZE;
- break;
+ ctx->update = (update_func) hmac_md5_update;
+ ctx->digest = (digest_func) hmac_md5_digest;
+ ctx->setkey = (set_key_func) hmac_md5_set_key;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
case GNUTLS_MAC_SHA1:
- ctx->update = (update_func)hmac_sha1_update;
- ctx->digest = (digest_func)hmac_sha1_digest;
- ctx->setkey = (set_key_func)hmac_sha1_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
+ ctx->update = (update_func) hmac_sha1_update;
+ ctx->digest = (digest_func) hmac_sha1_digest;
+ ctx->setkey = (set_key_func) hmac_sha1_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
case GNUTLS_MAC_SHA224:
- ctx->update = (update_func)hmac_sha224_update;
- ctx->digest = (digest_func)hmac_sha224_digest;
- ctx->setkey = (set_key_func)hmac_sha224_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
+ ctx->update = (update_func) hmac_sha224_update;
+ ctx->digest = (digest_func) hmac_sha224_digest;
+ ctx->setkey = (set_key_func) hmac_sha224_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
case GNUTLS_MAC_SHA256:
- ctx->update = (update_func)hmac_sha256_update;
- ctx->digest = (digest_func)hmac_sha256_digest;
- ctx->setkey = (set_key_func)hmac_sha256_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
+ ctx->update = (update_func) hmac_sha256_update;
+ ctx->digest = (digest_func) hmac_sha256_digest;
+ ctx->setkey = (set_key_func) hmac_sha256_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
case GNUTLS_MAC_SHA384:
- ctx->update = (update_func)hmac_sha384_update;
- ctx->digest = (digest_func)hmac_sha384_digest;
- ctx->setkey = (set_key_func)hmac_sha384_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
+ ctx->update = (update_func) hmac_sha384_update;
+ ctx->digest = (digest_func) hmac_sha384_digest;
+ ctx->setkey = (set_key_func) hmac_sha384_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
case GNUTLS_MAC_SHA512:
- ctx->update = (update_func)hmac_sha512_update;
- ctx->digest = (digest_func)hmac_sha512_digest;
- ctx->setkey = (set_key_func)hmac_sha512_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
+ ctx->update = (update_func) hmac_sha512_update;
+ ctx->digest = (digest_func) hmac_sha512_digest;
+ ctx->setkey = (set_key_func) hmac_sha512_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
-static int wrap_nettle_hmac_setkey(void *_ctx, const void *key, size_t keylen)
+static int
+wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen)
{
- struct nettle_hmac_ctx *ctx = _ctx;
-
- ctx->setkey(ctx->ctx_ptr, keylen, key);
+ struct nettle_hmac_ctx *ctx = _ctx;
+
+ ctx->setkey (ctx->ctx_ptr, keylen, key);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_nettle_hmac_update(void *_ctx, const void *text, size_t textsize)
+wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize)
{
- struct nettle_hmac_ctx *ctx = _ctx;
+ struct nettle_hmac_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ ctx->update (ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize)
+wrap_nettle_hash_update (void *_ctx, const void *text, size_t textsize)
{
- struct nettle_hash_ctx *ctx = _ctx;
+ struct nettle_hash_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ ctx->update (ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-static int wrap_nettle_hash_copy(void **bhd, void *ahd)
+static int
+wrap_nettle_hash_copy (void **bhd, void *ahd)
{
- struct nettle_hash_ctx *ctx = ahd;
- struct nettle_hash_ctx *dst_ctx;
- int ret;
-
- ret = wrap_nettle_hash_init(ctx->algo, bhd);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- dst_ctx = *bhd;
-
- memcpy(&dst_ctx->ctx, &ctx->ctx, sizeof(ctx->ctx));
-
- return 0;
+ struct nettle_hash_ctx *ctx = ahd;
+ struct nettle_hash_ctx *dst_ctx;
+ int ret;
+
+ ret = wrap_nettle_hash_init (ctx->algo, bhd);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ dst_ctx = *bhd;
+
+ memcpy (&dst_ctx->ctx, &ctx->ctx, sizeof (ctx->ctx));
+
+ return 0;
}
-static void wrap_nettle_md_close(void *hd)
+static void
+wrap_nettle_md_close (void *hd)
{
- gnutls_free(hd);
+ gnutls_free (hd);
}
-static int wrap_nettle_hash_init(gnutls_mac_algorithm_t algo, void **_ctx)
+static int
+wrap_nettle_hash_init (gnutls_mac_algorithm_t algo, void **_ctx)
{
- struct nettle_hash_ctx* ctx;
+ struct nettle_hash_ctx *ctx;
- ctx = gnutls_malloc(sizeof(struct nettle_hash_ctx));
- if (ctx == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ ctx = gnutls_malloc (sizeof (struct nettle_hash_ctx));
+ if (ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
- ctx->algo = algo;
+ ctx->algo = algo;
- switch (algo) {
+ switch (algo)
+ {
case GNUTLS_DIG_MD5:
- md5_init(&ctx->ctx.md5);
- ctx->update = (update_func)md5_update;
- ctx->digest = (digest_func)md5_digest;
- ctx->ctx_ptr = &ctx->ctx.md5;
- ctx->length = MD5_DIGEST_SIZE;
- break;
+ md5_init (&ctx->ctx.md5);
+ ctx->update = (update_func) md5_update;
+ ctx->digest = (digest_func) md5_digest;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
case GNUTLS_DIG_SHA1:
- sha1_init(&ctx->ctx.sha1);
- ctx->update = (update_func)sha1_update;
- ctx->digest = (digest_func)sha1_digest;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
+ sha1_init (&ctx->ctx.sha1);
+ ctx->update = (update_func) sha1_update;
+ ctx->digest = (digest_func) sha1_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
case GNUTLS_DIG_MD2:
- md2_init(&ctx->ctx.md2);
- ctx->update = (update_func)md2_update;
- ctx->digest = (digest_func)md2_digest;
- ctx->ctx_ptr = &ctx->ctx.md2;
- ctx->length = MD2_DIGEST_SIZE;
- break;
+ md2_init (&ctx->ctx.md2);
+ ctx->update = (update_func) md2_update;
+ ctx->digest = (digest_func) md2_digest;
+ ctx->ctx_ptr = &ctx->ctx.md2;
+ ctx->length = MD2_DIGEST_SIZE;
+ break;
case GNUTLS_DIG_SHA224:
- sha224_init(&ctx->ctx.sha224);
- ctx->update = (update_func)sha224_update;
- ctx->digest = (digest_func)sha224_digest;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
+ sha224_init (&ctx->ctx.sha224);
+ ctx->update = (update_func) sha224_update;
+ ctx->digest = (digest_func) sha224_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
case GNUTLS_DIG_SHA256:
- sha256_init(&ctx->ctx.sha256);
- ctx->update = (update_func)sha256_update;
- ctx->digest = (digest_func)sha256_digest;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
+ sha256_init (&ctx->ctx.sha256);
+ ctx->update = (update_func) sha256_update;
+ ctx->digest = (digest_func) sha256_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
case GNUTLS_DIG_SHA384:
- sha384_init(&ctx->ctx.sha384);
- ctx->update = (update_func)sha384_update;
- ctx->digest = (digest_func)sha384_digest;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
+ sha384_init (&ctx->ctx.sha384);
+ ctx->update = (update_func) sha384_update;
+ ctx->digest = (digest_func) sha384_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
case GNUTLS_DIG_SHA512:
- sha512_init(&ctx->ctx.sha512);
- ctx->update = (update_func)sha512_update;
- ctx->digest = (digest_func)sha512_digest;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
+ sha512_init (&ctx->ctx.sha512);
+ ctx->update = (update_func) sha512_update;
+ ctx->digest = (digest_func) sha512_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
-
- *_ctx = ctx;
- return 0;
+ *_ctx = ctx;
+
+ return 0;
}
static int
-wrap_nettle_hash_output(void *src_ctx, void *digest, size_t digestsize)
+wrap_nettle_hash_output (void *src_ctx, void *digest, size_t digestsize)
{
- struct nettle_hash_ctx *ctx;
- ctx = src_ctx;
+ struct nettle_hash_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ if (digestsize < ctx->length)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- ctx->digest(ctx->ctx_ptr, digestsize, digest);
+ ctx->digest (ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
static int
-wrap_nettle_hmac_output(void *src_ctx, void *digest, size_t digestsize)
+wrap_nettle_hmac_output (void *src_ctx, void *digest, size_t digestsize)
{
- struct nettle_hmac_ctx *ctx;
- ctx = src_ctx;
+ struct nettle_hmac_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ if (digestsize < ctx->length)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- ctx->digest(ctx->ctx_ptr, digestsize, digest);
+ ctx->digest (ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
gnutls_crypto_mac_st _gnutls_mac_ops = {
- .init = wrap_nettle_hmac_init,
- .setkey = wrap_nettle_hmac_setkey,
- .hash = wrap_nettle_hmac_update,
- .output = wrap_nettle_hmac_output,
- .deinit = wrap_nettle_md_close,
+ .init = wrap_nettle_hmac_init,
+ .setkey = wrap_nettle_hmac_setkey,
+ .hash = wrap_nettle_hmac_update,
+ .output = wrap_nettle_hmac_output,
+ .deinit = wrap_nettle_md_close,
};
gnutls_crypto_digest_st _gnutls_digest_ops = {
- .init = wrap_nettle_hash_init,
- .hash = wrap_nettle_hash_update,
- .copy = wrap_nettle_hash_copy,
- .output = wrap_nettle_hash_output,
- .deinit = wrap_nettle_md_close,
+ .init = wrap_nettle_hash_init,
+ .hash = wrap_nettle_hash_update,
+ .copy = wrap_nettle_hash_copy,
+ .output = wrap_nettle_hash_output,
+ .deinit = wrap_nettle_md_close,
};
diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
index 3c9b7901c2..2f374028dd 100644
--- a/lib/nettle/mpi.c
+++ b/lib/nettle/mpi.c
@@ -38,340 +38,371 @@
#define TOMPZ(x) (*((mpz_t*)(x)))
static int
-wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes,
- gnutls_bigint_format_t format)
+wrap_nettle_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
+ gnutls_bigint_format_t format)
{
- unsigned int size;
- mpz_t *p = (void*)a;
-
- if (format == GNUTLS_MPI_FORMAT_USG) {
- size = nettle_mpz_sizeinbase_256_u(*p);
- } else if (format == GNUTLS_MPI_FORMAT_STD) {
- size = nettle_mpz_sizeinbase_256_s(*p);
- } else if (format == GNUTLS_MPI_FORMAT_PGP) {
- size = nettle_mpz_sizeinbase_256_u(*p) + 2;
- } else {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (buffer==NULL || size > *nbytes) {
- *nbytes=size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (format == GNUTLS_MPI_FORMAT_PGP) {
- opaque *buf = buffer;
- unsigned int nbits = _gnutls_mpi_get_nbits(a);
- buf[0] = (nbits >> 8) & 0xff;
- buf[1] = (nbits) & 0xff;
- nettle_mpz_get_str_256(size-2, buf+2, *p);
- } else {
- nettle_mpz_get_str_256(size, buffer, *p);
- }
- *nbytes=size;
-
- return 0;
+ unsigned int size;
+ mpz_t *p = (void *) a;
+
+ if (format == GNUTLS_MPI_FORMAT_USG)
+ {
+ size = nettle_mpz_sizeinbase_256_u (*p);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_STD)
+ {
+ size = nettle_mpz_sizeinbase_256_s (*p);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_PGP)
+ {
+ size = nettle_mpz_sizeinbase_256_u (*p) + 2;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (buffer == NULL || size > *nbytes)
+ {
+ *nbytes = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_PGP)
+ {
+ opaque *buf = buffer;
+ unsigned int nbits = _gnutls_mpi_get_nbits (a);
+ buf[0] = (nbits >> 8) & 0xff;
+ buf[1] = (nbits) & 0xff;
+ nettle_mpz_get_str_256 (size - 2, buf + 2, *p);
+ }
+ else
+ {
+ nettle_mpz_get_str_256 (size, buffer, *p);
+ }
+ *nbytes = size;
+
+ return 0;
}
-static bigint_t wrap_nettle_mpi_new(int nbits)
+static bigint_t
+wrap_nettle_mpi_new (int nbits)
{
- mpz_t *p;
+ mpz_t *p;
- p = gnutls_malloc(sizeof(*p));
- if (p == NULL) {
- gnutls_assert();
- return NULL;
- }
- mpz_init2(*p, nbits);
+ p = gnutls_malloc (sizeof (*p));
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+ mpz_init2 (*p, nbits);
- return p;
+ return p;
}
static bigint_t
-wrap_nettle_mpi_scan(const void *buffer, size_t nbytes,
- gnutls_bigint_format_t format)
+wrap_nettle_mpi_scan (const void *buffer, size_t nbytes,
+ gnutls_bigint_format_t format)
{
- bigint_t r = wrap_nettle_mpi_new(nbytes*8);
-
- if (r==NULL) {
- gnutls_assert();
- return r;
+ bigint_t r = wrap_nettle_mpi_new (nbytes * 8);
+
+ if (r == NULL)
+ {
+ gnutls_assert ();
+ return r;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_USG)
+ {
+ nettle_mpz_set_str_256_u (TOMPZ (r), nbytes, buffer);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_STD)
+ {
+ nettle_mpz_set_str_256_s (TOMPZ (r), nbytes, buffer);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_PGP)
+ {
+ const opaque *buf = buffer;
+ size_t size;
+
+ if (nbytes < 3)
+ {
+ gnutls_assert ();
+ goto fail;
}
- if (format == GNUTLS_MPI_FORMAT_USG) {
- nettle_mpz_set_str_256_u(TOMPZ(r), nbytes, buffer);
- } else if (format == GNUTLS_MPI_FORMAT_STD) {
- nettle_mpz_set_str_256_s(TOMPZ(r), nbytes, buffer);
- } else if (format == GNUTLS_MPI_FORMAT_PGP) {
- const opaque *buf = buffer;
- size_t size;
-
- if (nbytes < 3) {
- gnutls_assert();
- goto fail;
- }
-
- size = (buf[0] << 8) | buf[1];
- size = (size+7) / 8;
-
- if (size > nbytes-2) {
- gnutls_assert();
- goto fail;
- }
- nettle_mpz_set_str_256_u(TOMPZ(r), size, buf+2);
- } else {
- gnutls_assert();
- goto fail;
+ size = (buf[0] << 8) | buf[1];
+ size = (size + 7) / 8;
+
+ if (size > nbytes - 2)
+ {
+ gnutls_assert ();
+ goto fail;
}
-
- return r;
+ nettle_mpz_set_str_256_u (TOMPZ (r), size, buf + 2);
+ }
+ else
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ return r;
fail:
- _gnutls_mpi_release(&r);
- return NULL;
+ _gnutls_mpi_release (&r);
+ return NULL;
}
-static int wrap_nettle_mpi_cmp(const bigint_t u, const bigint_t v)
+static int
+wrap_nettle_mpi_cmp (const bigint_t u, const bigint_t v)
{
- mpz_t *i1 = u, *i2 = v;
+ mpz_t *i1 = u, *i2 = v;
- return mpz_cmp(*i1, *i2);
+ return mpz_cmp (*i1, *i2);
}
-static int wrap_nettle_mpi_cmp_ui(const bigint_t u, unsigned long v)
+static int
+wrap_nettle_mpi_cmp_ui (const bigint_t u, unsigned long v)
{
- mpz_t *i1 = u;
+ mpz_t *i1 = u;
- return mpz_cmp_ui(*i1, v);
+ return mpz_cmp_ui (*i1, v);
}
-static bigint_t wrap_nettle_mpi_set(bigint_t w, const bigint_t u)
+static bigint_t
+wrap_nettle_mpi_set (bigint_t w, const bigint_t u)
{
- mpz_t *i1, *i2 = u;
+ mpz_t *i1, *i2 = u;
+
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (u);
+ i1 = w;
- if (w == NULL)
- w = _gnutls_mpi_alloc_like(u);
- i1 = w;
+ mpz_set (*i1, *i2);
- mpz_set(*i1, *i2);
-
- return i1;
+ return i1;
}
-static bigint_t wrap_nettle_mpi_set_ui(bigint_t w, unsigned long u)
+static bigint_t
+wrap_nettle_mpi_set_ui (bigint_t w, unsigned long u)
{
- mpz_t *i1;
+ mpz_t *i1;
- if (w == NULL)
- w = wrap_nettle_mpi_new(32);
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (32);
- i1 = w;
+ i1 = w;
- mpz_set_ui(*i1, u);
-
- return i1;
+ mpz_set_ui (*i1, u);
+
+ return i1;
}
-static unsigned int wrap_nettle_mpi_get_nbits(bigint_t a)
+static unsigned int
+wrap_nettle_mpi_get_nbits (bigint_t a)
{
- return mpz_sizeinbase(*((mpz_t *) a), 2);
+ return mpz_sizeinbase (*((mpz_t *) a), 2);
}
-static void wrap_nettle_mpi_release(bigint_t a)
+static void
+wrap_nettle_mpi_release (bigint_t a)
{
- mpz_clear(*((mpz_t *) a));
- gnutls_free(a);
+ mpz_clear (*((mpz_t *) a));
+ gnutls_free (a);
}
-static bigint_t wrap_nettle_mpi_mod(const bigint_t a, const bigint_t b)
+static bigint_t
+wrap_nettle_mpi_mod (const bigint_t a, const bigint_t b)
{
- bigint_t r = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b));
+ bigint_t r = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
- if (r == NULL)
- return NULL;
+ if (r == NULL)
+ return NULL;
- mpz_mod(*((mpz_t *) r), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_mod (*((mpz_t *) r), *((mpz_t *) a), *((mpz_t *) b));
- return r;
+ return r;
}
static bigint_t
-wrap_nettle_mpi_powm(bigint_t w, const bigint_t b, const bigint_t e,
- const bigint_t m)
+wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_powm(*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) e),
- *((mpz_t *) m));
+ mpz_powm (*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) e), *((mpz_t *) m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_addm(bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add(*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) a));
- mpz_fdiv_r(*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
+ mpz_add (*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) a));
+ mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_subm(bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
- mpz_fdiv_r(*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
+ mpz_sub (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mulm(bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
- mpz_fdiv_r(*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
+ mpz_mul (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_add(bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_add (bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_add (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_sub(bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_sub (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mul(bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul(*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_mul (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
- return w;
+ return w;
}
/* q = a / b */
static bigint_t
-wrap_nettle_mpi_div(bigint_t q, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_div (bigint_t q, const bigint_t a, const bigint_t b)
{
- if (q == NULL)
- q = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (q == NULL)
+ q = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (q == NULL)
- return NULL;
+ if (q == NULL)
+ return NULL;
- mpz_cdiv_q(*((mpz_t *) q), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_cdiv_q (*((mpz_t *) q), *((mpz_t *) a), *((mpz_t *) b));
- return q;
+ return q;
}
static bigint_t
-wrap_nettle_mpi_add_ui(bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add_ui(*((mpz_t *) w), *((mpz_t *) a), b);
+ mpz_add_ui (*((mpz_t *) w), *((mpz_t *) a), b);
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_sub_ui(bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub_ui(*((mpz_t *) w), *((mpz_t *) a), b);
+ mpz_sub_ui (*((mpz_t *) w), *((mpz_t *) a), b);
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mul_ui(bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul_ui(*((mpz_t *) w), *((mpz_t *) a), b);
+ mpz_mul_ui (*((mpz_t *) w), *((mpz_t *) a), b);
- return w;
+ return w;
}
#define PRIME_CHECK_PARAM 18
-static int wrap_nettle_prime_check(bigint_t pp)
+static int
+wrap_nettle_prime_check (bigint_t pp)
{
- int ret;
- ret = mpz_probab_prime_p(*((mpz_t *) pp), PRIME_CHECK_PARAM);
+ int ret;
+ ret = mpz_probab_prime_p (*((mpz_t *) pp), PRIME_CHECK_PARAM);
- if (ret > 0) {
- return 0;
- }
+ if (ret > 0)
+ {
+ return 0;
+ }
- return GNUTLS_E_INTERNAL_ERROR; /* ignored */
+ return GNUTLS_E_INTERNAL_ERROR; /* ignored */
}
@@ -383,211 +414,234 @@ static int wrap_nettle_prime_check(bigint_t pp)
* Algorithm based on the algorithm in "A Computational Introduction to Number
* Theory and Algebra" by V. Shoup, sec 11.1 Finding a generator for Z^{*}_p
*/
-inline static int gen_group (mpz_t *prime, mpz_t* generator, unsigned int nbits)
+inline static int
+gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits)
{
- mpz_t q, w;
- unsigned int p_bytes = nbits/8;
- opaque *buffer= NULL;
- unsigned int q_bytes, w_bytes, r_bytes, w_bits;
- int ret;
-
- mpz_init(*prime);
- mpz_init(*generator);
-
- /* security level enforcement.
- * Values for q are selected according to ECRYPT II recommendations.
- */
- q_bytes = _gnutls_pk_bits_to_subgroup_bits (nbits);
- q_bytes/=8;
-
- if (q_bytes == 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ mpz_t q, w;
+ unsigned int p_bytes = nbits / 8;
+ opaque *buffer = NULL;
+ unsigned int q_bytes, w_bytes, r_bytes, w_bits;
+ int ret;
+
+ mpz_init (*prime);
+ mpz_init (*generator);
+
+ /* security level enforcement.
+ * Values for q are selected according to ECRYPT II recommendations.
+ */
+ q_bytes = _gnutls_pk_bits_to_subgroup_bits (nbits);
+ q_bytes /= 8;
+
+ if (q_bytes == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (nbits % 8 != 0)
+ p_bytes++;
+
+ _gnutls_debug_log
+ ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n",
+ nbits, q_bytes * 8);
+ buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */
+ if (buffer == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ mpz_init2 (*prime, nbits);
+ mpz_init (*generator);
+ mpz_init (q);
+ mpz_init (w);
+
+ /* search for a prime. We are not that unlucky so search
+ * forever.
+ */
+ for (;;)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
}
-
- if (nbits%8 != 0)
- p_bytes++;
-
- _gnutls_debug_log("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n", nbits, q_bytes*8);
- buffer = gnutls_malloc(p_bytes); /* p_bytes > q_bytes */
- if (buffer == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+
+ nettle_mpz_set_str_256_u (q, q_bytes, buffer);
+ /* always odd */
+ mpz_setbit (q, 0);
+
+ ret = mpz_probab_prime_p (q, PRIME_CHECK_PARAM);
+ if (ret > 0)
+ {
+ break;
}
+ }
+
+ /* now generate w of size p_bytes - q_bytes */
- mpz_init2(*prime, nbits);
- mpz_init(*generator);
- mpz_init(q);
- mpz_init(w);
-
- /* search for a prime. We are not that unlucky so search
- * forever.
- */
- for (;;) {
- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, q_bytes);
- if (ret < 0) {
- gnutls_assert();
- goto fail;
- }
-
- nettle_mpz_set_str_256_u(q, q_bytes, buffer);
- /* always odd */
- mpz_setbit(q, 0);
-
- ret = mpz_probab_prime_p(q, PRIME_CHECK_PARAM);
- if (ret > 0) {
- break;
- }
+ w_bits = nbits - wrap_nettle_mpi_get_nbits (&q);
+
+ _gnutls_debug_log
+ ("Found prime q of %u bits. Will look for w of %u bits...\n",
+ wrap_nettle_mpi_get_nbits (&q), w_bits);
+
+ w_bytes = w_bits / 8;
+ if (w_bits % 8 != 0)
+ w_bytes++;
+
+ for (;;)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ nettle_mpz_set_str_256_u (w, w_bytes, buffer);
+ /* always odd */
+ mpz_setbit (w, 0);
+
+ ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);
+ if (ret == 0)
+ {
+ continue;
}
-
- /* now generate w of size p_bytes - q_bytes */
-
- w_bits = nbits - wrap_nettle_mpi_get_nbits(&q);
-
- _gnutls_debug_log("Found prime q of %u bits. Will look for w of %u bits...\n", wrap_nettle_mpi_get_nbits(&q), w_bits);
-
- w_bytes = w_bits/8;
- if (w_bits % 8 != 0)
- w_bytes++;
-
- for (;;) {
- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, w_bytes);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- nettle_mpz_set_str_256_u(w, w_bytes, buffer);
- /* always odd */
- mpz_setbit(w, 0);
-
- ret = mpz_probab_prime_p(w, PRIME_CHECK_PARAM);
- if (ret == 0) {
- continue;
- }
-
- /* check if 2wq+1 is prime */
- mpz_mul_ui(*prime, w, 2);
- mpz_mul(*prime, *prime, q);
- mpz_add_ui(*prime, *prime, 1);
-
- ret = mpz_probab_prime_p(*prime, PRIME_CHECK_PARAM);
- if (ret > 0) {
- break;
- }
+
+ /* check if 2wq+1 is prime */
+ mpz_mul_ui (*prime, w, 2);
+ mpz_mul (*prime, *prime, q);
+ mpz_add_ui (*prime, *prime, 1);
+
+ ret = mpz_probab_prime_p (*prime, PRIME_CHECK_PARAM);
+ if (ret > 0)
+ {
+ break;
}
-
- _gnutls_debug_log("Found prime w of %u bits. Looking for generator...\n", wrap_nettle_mpi_get_nbits(&w));
-
- /* finally a prime! Let calculate generator
- */
-
- /* c = r^((p-1)/q), r == random
- * c = r^(2w)
- * if c!=1 c is the generator for the subgroup of order q-1
- *
- * (here we reuse q as r)
- */
- r_bytes = p_bytes;
-
- mpz_mul_ui(w, w, 2); /* w = w*2 */
- mpz_fdiv_r(w, w, *prime);
-
- for (;;) {
- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, r_bytes);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- nettle_mpz_set_str_256_u(q, r_bytes, buffer);
- mpz_fdiv_r(q, q, *prime);
-
- /* check if r^w mod n != 1 mod n */
- mpz_powm(*generator, q, w, *prime);
-
- if (mpz_cmp_ui(*generator,1)==0)
- continue;
- else break;
+ }
+
+ _gnutls_debug_log ("Found prime w of %u bits. Looking for generator...\n",
+ wrap_nettle_mpi_get_nbits (&w));
+
+ /* finally a prime! Let calculate generator
+ */
+
+ /* c = r^((p-1)/q), r == random
+ * c = r^(2w)
+ * if c!=1 c is the generator for the subgroup of order q-1
+ *
+ * (here we reuse q as r)
+ */
+ r_bytes = p_bytes;
+
+ mpz_mul_ui (w, w, 2); /* w = w*2 */
+ mpz_fdiv_r (w, w, *prime);
+
+ for (;;)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, r_bytes);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
-
- _gnutls_debug_log("Found generator g of %u bits\n", wrap_nettle_mpi_get_nbits(generator));
- _gnutls_debug_log("Prime n is of %u bits\n", wrap_nettle_mpi_get_nbits(prime));
- mpz_clear(q);
- mpz_clear(w);
- gnutls_free(buffer);
-
- return 0;
+ nettle_mpz_set_str_256_u (q, r_bytes, buffer);
+ mpz_fdiv_r (q, q, *prime);
+
+ /* check if r^w mod n != 1 mod n */
+ mpz_powm (*generator, q, w, *prime);
+
+ if (mpz_cmp_ui (*generator, 1) == 0)
+ continue;
+ else
+ break;
+ }
+
+ _gnutls_debug_log ("Found generator g of %u bits\n",
+ wrap_nettle_mpi_get_nbits (generator));
+ _gnutls_debug_log ("Prime n is of %u bits\n",
+ wrap_nettle_mpi_get_nbits (prime));
+
+ mpz_clear (q);
+ mpz_clear (w);
+ gnutls_free (buffer);
+
+ return 0;
fail:
- mpz_clear(q);
- mpz_clear(w);
- mpz_clear(*prime);
- mpz_clear(*generator);
- gnutls_free(buffer);
-
- return ret;
+ mpz_clear (q);
+ mpz_clear (w);
+ mpz_clear (*prime);
+ mpz_clear (*generator);
+ gnutls_free (buffer);
+
+ return ret;
}
static int
-wrap_nettle_generate_group(gnutls_group_st * group, unsigned int bits)
+wrap_nettle_generate_group (gnutls_group_st * group, unsigned int bits)
{
-int ret;
-bigint_t p = wrap_nettle_mpi_new(bits);
-bigint_t g;
-
- if (p == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- g = wrap_nettle_mpi_new(bits);
- if (g == NULL) {
- gnutls_assert();
- _gnutls_mpi_release(&p);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gen_group(p, g, bits);
- if (ret < 0) {
- _gnutls_mpi_release(&g);
- _gnutls_mpi_release(&p);
- gnutls_assert();
- return ret;
- }
-
- group->p = p;
- group->g = g;
-
- return 0;
+ int ret;
+ bigint_t p = wrap_nettle_mpi_new (bits);
+ bigint_t g;
+
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ g = wrap_nettle_mpi_new (bits);
+ if (g == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&p);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gen_group (p, g, bits);
+ if (ret < 0)
+ {
+ _gnutls_mpi_release (&g);
+ _gnutls_mpi_release (&p);
+ gnutls_assert ();
+ return ret;
+ }
+
+ group->p = p;
+ group->g = g;
+
+ return 0;
}
int crypto_bigint_prio = INT_MAX;
gnutls_crypto_bigint_st _gnutls_mpi_ops = {
- .bigint_new = wrap_nettle_mpi_new,
- .bigint_cmp = wrap_nettle_mpi_cmp,
- .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui,
- .bigint_mod = wrap_nettle_mpi_mod,
- .bigint_set = wrap_nettle_mpi_set,
- .bigint_set_ui = wrap_nettle_mpi_set_ui,
- .bigint_get_nbits = wrap_nettle_mpi_get_nbits,
- .bigint_powm = wrap_nettle_mpi_powm,
- .bigint_addm = wrap_nettle_mpi_addm,
- .bigint_subm = wrap_nettle_mpi_subm,
- .bigint_add = wrap_nettle_mpi_add,
- .bigint_sub = wrap_nettle_mpi_sub,
- .bigint_add_ui = wrap_nettle_mpi_add_ui,
- .bigint_sub_ui = wrap_nettle_mpi_sub_ui,
- .bigint_mul = wrap_nettle_mpi_mul,
- .bigint_mulm = wrap_nettle_mpi_mulm,
- .bigint_mul_ui = wrap_nettle_mpi_mul_ui,
- .bigint_div = wrap_nettle_mpi_div,
- .bigint_prime_check = wrap_nettle_prime_check,
- .bigint_release = wrap_nettle_mpi_release,
- .bigint_print = wrap_nettle_mpi_print,
- .bigint_scan = wrap_nettle_mpi_scan,
- .bigint_generate_group = wrap_nettle_generate_group
+ .bigint_new = wrap_nettle_mpi_new,
+ .bigint_cmp = wrap_nettle_mpi_cmp,
+ .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui,
+ .bigint_mod = wrap_nettle_mpi_mod,
+ .bigint_set = wrap_nettle_mpi_set,
+ .bigint_set_ui = wrap_nettle_mpi_set_ui,
+ .bigint_get_nbits = wrap_nettle_mpi_get_nbits,
+ .bigint_powm = wrap_nettle_mpi_powm,
+ .bigint_addm = wrap_nettle_mpi_addm,
+ .bigint_subm = wrap_nettle_mpi_subm,
+ .bigint_add = wrap_nettle_mpi_add,
+ .bigint_sub = wrap_nettle_mpi_sub,
+ .bigint_add_ui = wrap_nettle_mpi_add_ui,
+ .bigint_sub_ui = wrap_nettle_mpi_sub_ui,
+ .bigint_mul = wrap_nettle_mpi_mul,
+ .bigint_mulm = wrap_nettle_mpi_mulm,
+ .bigint_mul_ui = wrap_nettle_mpi_mul_ui,
+ .bigint_div = wrap_nettle_mpi_div,
+ .bigint_prime_check = wrap_nettle_prime_check,
+ .bigint_release = wrap_nettle_mpi_release,
+ .bigint_print = wrap_nettle_mpi_print,
+ .bigint_scan = wrap_nettle_mpi_scan,
+ .bigint_generate_group = wrap_nettle_generate_group
};
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 56b88677d3..d4c8806d0d 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -45,579 +45,601 @@
#define TOMPZ(x) (*((mpz_t*)(x)))
-static void rnd_func(void *_ctx, unsigned length, uint8_t * data)
+static void
+rnd_func (void *_ctx, unsigned length, uint8_t * data)
{
- _gnutls_rnd(GNUTLS_RND_RANDOM, data, length);
+ _gnutls_rnd (GNUTLS_RND_RANDOM, data, length);
}
-static void _dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
- struct dsa_public_key *pub)
+static void
+_dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
+ struct dsa_public_key *pub)
{
- memcpy(&pub->p, pk_params->params[0], sizeof(mpz_t));
- memcpy(&pub->q, pk_params->params[1], sizeof(mpz_t));
- memcpy(&pub->g, pk_params->params[2], sizeof(mpz_t));
- memcpy(&pub->y, pk_params->params[3], sizeof(mpz_t));
+ memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t));
+ memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t));
+ memcpy (&pub->g, pk_params->params[2], sizeof (mpz_t));
+ memcpy (&pub->y, pk_params->params[3], sizeof (mpz_t));
}
-static void _dsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
- struct dsa_private_key *pub)
+static void
+_dsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
+ struct dsa_private_key *pub)
{
- memcpy(&pub->x, pk_params->params[4], sizeof(mpz_t));
+ memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t));
}
-static void _rsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
- struct rsa_private_key *priv)
+static void
+_rsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
+ struct rsa_private_key *priv)
{
- memcpy(&priv->d, pk_params->params[2], sizeof(mpz_t));
- memcpy(&priv->p, pk_params->params[3], sizeof(mpz_t));
- memcpy(&priv->q, pk_params->params[4], sizeof(mpz_t));
- memcpy(&priv->c, pk_params->params[5], sizeof(mpz_t));
- memcpy(&priv->a, pk_params->params[6], sizeof(mpz_t));
- memcpy(&priv->b, pk_params->params[7], sizeof(mpz_t));
+ memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t));
+ memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t));
+ memcpy (&priv->q, pk_params->params[4], sizeof (mpz_t));
+ memcpy (&priv->c, pk_params->params[5], sizeof (mpz_t));
+ memcpy (&priv->a, pk_params->params[6], sizeof (mpz_t));
+ memcpy (&priv->b, pk_params->params[7], sizeof (mpz_t));
}
static int
-_wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
- gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
-
- /* make a sexp from pkey */
- switch (algo) {
- case GNUTLS_PK_RSA:{
- bigint_t p;
-
- if (_gnutls_mpi_scan_nz
- (&p, plaintext->data, plaintext->size) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- mpz_powm(p, p, TOMPZ(pk_params->params[1]) /*e */ ,
- TOMPZ(pk_params->params[0] /*m */ ));
-
- ret =
- _gnutls_mpi_dprint_size(p, ciphertext,
- plaintext->size);
- _gnutls_mpi_release(&p);
-
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
- cleanup:
-
- return ret;
+ int ret;
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ bigint_t p;
+
+ if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ ,
+ TOMPZ (pk_params->params[0] /*m */ ));
+
+ ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size);
+ _gnutls_mpi_release (&p);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+
+ return ret;
}
/* returns the blinded c and the inverse of a random
* number r;
*/
-static bigint_t rsa_blind(bigint_t c, bigint_t e, bigint_t n,
- bigint_t * _ri)
+static bigint_t
+rsa_blind (bigint_t c, bigint_t e, bigint_t n, bigint_t * _ri)
{
- bigint_t nc = NULL, r = NULL, ri = NULL;
-
- /* nc = c*(r^e)
- * ri = r^(-1)
- */
- nc = _gnutls_mpi_alloc_like(n);
- if (nc == NULL) {
- gnutls_assert();
- return NULL;
- }
-
- ri = _gnutls_mpi_alloc_like(n);
- if (nc == NULL) {
- gnutls_assert();
- goto fail;
- }
-
- r = _gnutls_mpi_randomize(NULL, _gnutls_mpi_get_nbits(n),
- GNUTLS_RND_NONCE);
- if (r == NULL) {
- gnutls_assert();
- goto fail;
- }
-
- /* invert r */
- if (mpz_invert(ri, r, n) == 0) {
- gnutls_assert();
- goto fail;
- }
-
- /* r = r^e */
-
- _gnutls_mpi_powm(r, r, e, n);
-
- _gnutls_mpi_mulm(nc, c, r, n);
-
- *_ri = ri;
-
- _gnutls_mpi_release(&r);
-
- return nc;
- fail:
- _gnutls_mpi_release(&nc);
- _gnutls_mpi_release(&r);
- return NULL;
+ bigint_t nc = NULL, r = NULL, ri = NULL;
+
+ /* nc = c*(r^e)
+ * ri = r^(-1)
+ */
+ nc = _gnutls_mpi_alloc_like (n);
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ri = _gnutls_mpi_alloc_like (n);
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ r = _gnutls_mpi_randomize (NULL, _gnutls_mpi_get_nbits (n),
+ GNUTLS_RND_NONCE);
+ if (r == NULL)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ /* invert r */
+ if (mpz_invert (ri, r, n) == 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ /* r = r^e */
+
+ _gnutls_mpi_powm (r, r, e, n);
+
+ _gnutls_mpi_mulm (nc, c, r, n);
+
+ *_ri = ri;
+
+ _gnutls_mpi_release (&r);
+
+ return nc;
+fail:
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&r);
+ return NULL;
}
/* c = c*ri mod n
*/
-static inline void rsa_unblind(bigint_t c, bigint_t ri, bigint_t n)
+static inline void
+rsa_unblind (bigint_t c, bigint_t ri, bigint_t n)
{
- _gnutls_mpi_mulm(c, c, ri, n);
+ _gnutls_mpi_mulm (c, c, ri, n);
}
static int
-_wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
- gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
-
- /* make a sexp from pkey */
- switch (algo) {
- case GNUTLS_PK_RSA:{
- struct rsa_private_key priv;
- bigint_t c, ri, nc;
-
- if (_gnutls_mpi_scan_nz
- (&c, ciphertext->data,
- ciphertext->size) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- nc = rsa_blind(c, pk_params->params[1] /*e */ ,
- pk_params->params[0] /*m */ , &ri);
- _gnutls_mpi_release(&c);
- if (nc == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- rsa_private_key_init(&priv);
- _rsa_params_to_privkey(pk_params, &priv);
-
- rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc));
-
- rsa_unblind(nc, ri, pk_params->params[0] /*m */ );
-
- ret =
- _gnutls_mpi_dprint_size(nc, plaintext,
- ciphertext->size);
-
- _gnutls_mpi_release(&nc);
- _gnutls_mpi_release(&ri);
-
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
- cleanup:
-
- return ret;
+ int ret;
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ bigint_t c, ri, nc;
+
+ if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ nc = rsa_blind (c, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
+ _gnutls_mpi_release (&c);
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ rsa_private_key_init (&priv);
+ _rsa_params_to_privkey (pk_params, &priv);
+
+ rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
+
+ rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
+
+ ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size);
+
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&ri);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+
+ return ret;
}
/* in case of DSA puts into data, r,s
*/
static int
-_wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
- gnutls_datum_t * signature,
- const gnutls_datum_t * vdata,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * signature,
+ const gnutls_datum_t * vdata,
+ const gnutls_pk_params_st * pk_params)
{
- int ret, hash;
-
- switch (algo) {
-
- case GNUTLS_PK_DSA:{
- struct dsa_public_key pub;
- struct dsa_private_key priv;
- struct dsa_signature sig;
-
- dsa_public_key_init(&pub);
- dsa_private_key_init(&priv);
- _dsa_params_to_pubkey(pk_params, &pub);
- _dsa_params_to_privkey(pk_params, &priv);
-
- dsa_signature_init(&sig);
-
- hash = _gnutls_dsa_q_to_hash(pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len(hash)) {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret =
- _dsa_sign(&pub, &priv, NULL, rnd_func,
- vdata->size, vdata->data, &sig);
- if (ret == 0) {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret =
- _gnutls_encode_ber_rs(signature, &sig.r,
- &sig.s);
-
- dsa_fail:
- dsa_signature_clear(&sig);
-
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- break;
- }
- case GNUTLS_PK_RSA:{
- struct rsa_private_key priv;
- bigint_t hash, nc, ri;
-
- if (_gnutls_mpi_scan_nz
- (&hash, vdata->data, vdata->size) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- rsa_private_key_init(&priv);
- _rsa_params_to_privkey(pk_params, &priv);
-
- nc = rsa_blind(hash, pk_params->params[1] /*e */ ,
- pk_params->params[0] /*m */ , &ri);
-
- _gnutls_mpi_release(&hash);
-
- if (nc == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc));
-
- rsa_unblind(nc, ri, pk_params->params[0] /*m */ );
-
- ret = _gnutls_mpi_dprint(nc, signature);
- _gnutls_mpi_release(&nc);
- _gnutls_mpi_release(&ri);
-
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
- cleanup:
-
- return ret;
+ int ret, hash;
+
+ switch (algo)
+ {
+
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+ struct dsa_signature sig;
+
+ dsa_public_key_init (&pub);
+ dsa_private_key_init (&priv);
+ _dsa_params_to_pubkey (pk_params, &pub);
+ _dsa_params_to_privkey (pk_params, &priv);
+
+ dsa_signature_init (&sig);
+
+ hash = _gnutls_dsa_q_to_hash (pub.q);
+ if (vdata->size != _gnutls_hash_get_algo_len (hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret =
+ _dsa_sign (&pub, &priv, NULL, rnd_func,
+ vdata->size, vdata->data, &sig);
+ if (ret == 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
+
+ dsa_fail:
+ dsa_signature_clear (&sig);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ bigint_t hash, nc, ri;
+
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ rsa_private_key_init (&priv);
+ _rsa_params_to_privkey (pk_params, &priv);
+
+ nc = rsa_blind (hash, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
+
+ _gnutls_mpi_release (&hash);
+
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
+
+ rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
+
+ ret = _gnutls_mpi_dprint (nc, signature);
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&ri);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+
+ return ret;
}
static int
-_int_rsa_verify(const gnutls_pk_params_st * pk_params,
- bigint_t m, bigint_t s)
+_int_rsa_verify (const gnutls_pk_params_st * pk_params,
+ bigint_t m, bigint_t s)
{
- int res;
+ int res;
- mpz_t m1;
+ mpz_t m1;
- if ((mpz_sgn(TOMPZ(s)) <= 0)
- || (mpz_cmp(TOMPZ(s), TOMPZ(pk_params->params[0])) >= 0))
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ if ((mpz_sgn (TOMPZ (s)) <= 0)
+ || (mpz_cmp (TOMPZ (s), TOMPZ (pk_params->params[0])) >= 0))
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- mpz_init(m1);
+ mpz_init (m1);
- mpz_powm(m1, TOMPZ(s), TOMPZ(pk_params->params[1]),
- TOMPZ(pk_params->params[0]));
+ mpz_powm (m1, TOMPZ (s), TOMPZ (pk_params->params[1]),
+ TOMPZ (pk_params->params[0]));
- res = !mpz_cmp(TOMPZ(m), m1);
+ res = !mpz_cmp (TOMPZ (m), m1);
- mpz_clear(m1);
+ mpz_clear (m1);
- if (res == 0)
- res = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- else
- res = 0;
+ if (res == 0)
+ res = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ else
+ res = 0;
- return res;
+ return res;
}
static int
-_wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
- const gnutls_datum_t * vdata,
- const gnutls_datum_t * signature,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
+ const gnutls_datum_t * vdata,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pk_params)
{
- int ret, hash;
- bigint_t tmp[2] = { NULL, NULL };
-
- switch (algo) {
- case GNUTLS_PK_DSA:{
- struct dsa_public_key pub;
- struct dsa_signature sig;
-
- ret =
- _gnutls_decode_ber_rs(signature, &tmp[0],
- &tmp[1]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- dsa_public_key_init(&pub);
- _dsa_params_to_pubkey(pk_params, &pub);
- memcpy(&sig.r, tmp[0], sizeof(sig.r));
- memcpy(&sig.s, tmp[1], sizeof(sig.s));
-
- hash = _gnutls_dsa_q_to_hash(pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len(hash)) {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- goto dsa_fail;
- }
-
- ret =
- _dsa_verify(&pub, vdata->size, vdata->data,
- &sig);
- if (ret == 0)
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- else
- ret = 0;
-
- dsa_fail:
- _gnutls_mpi_release(&tmp[0]);
- _gnutls_mpi_release(&tmp[1]);
- break;
- }
- case GNUTLS_PK_RSA:{
- bigint_t hash;
-
- if (_gnutls_mpi_scan_nz
- (&hash, vdata->data, vdata->size) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- ret =
- _gnutls_mpi_scan_nz(&tmp[0], signature->data,
- signature->size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _int_rsa_verify(pk_params, hash, tmp[0]);
- _gnutls_mpi_release(&tmp[0]);
- _gnutls_mpi_release(&hash);
- break;
- }
- default:
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- cleanup:
-
- return ret;
+ int ret, hash;
+ bigint_t tmp[2] = { NULL, NULL };
+
+ switch (algo)
+ {
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_signature sig;
+
+ ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ dsa_public_key_init (&pub);
+ _dsa_params_to_pubkey (pk_params, &pub);
+ memcpy (&sig.r, tmp[0], sizeof (sig.r));
+ memcpy (&sig.s, tmp[1], sizeof (sig.s));
+
+ hash = _gnutls_dsa_q_to_hash (pub.q);
+ if (vdata->size != _gnutls_hash_get_algo_len (hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ goto dsa_fail;
+ }
+
+ ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig);
+ if (ret == 0)
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ else
+ ret = 0;
+
+ dsa_fail:
+ _gnutls_mpi_release (&tmp[0]);
+ _gnutls_mpi_release (&tmp[1]);
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ bigint_t hash;
+
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _int_rsa_verify (pk_params, hash, tmp[0]);
+ _gnutls_mpi_release (&tmp[0]);
+ _gnutls_mpi_release (&hash);
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+cleanup:
+
+ return ret;
}
static int
-wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
- unsigned int level /*bits */ ,
- gnutls_pk_params_st * params)
+wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
+ unsigned int level /*bits */ ,
+ gnutls_pk_params_st * params)
{
- int ret, i;
- int q_bits;
-
- switch (algo) {
-
- case GNUTLS_PK_DSA:{
- struct dsa_public_key pub;
- struct dsa_private_key priv;
-
- dsa_public_key_init(&pub);
- dsa_private_key_init(&priv);
-
- /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
- * but we do NIST DSA here */
- if (level <= 1024)
- q_bits = 160;
- else
- q_bits = 256;
-
- ret =
- dsa_generate_keypair(&pub, &priv, NULL,
- rnd_func, NULL, NULL,
- level, q_bits);
- if (ret != 1) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- params->params_nr = 0;
- for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
- params->params[i] =
- _gnutls_mpi_alloc_like(&pub.p);
- if (params->params[i] == NULL) {
- ret = GNUTLS_E_MEMORY_ERROR;
- dsa_private_key_clear(&priv);
- dsa_public_key_clear(&pub);
- goto fail;
- }
- params->params_nr++;
- }
- _gnutls_mpi_set(params->params[0], pub.p);
- _gnutls_mpi_set(params->params[1], pub.q);
- _gnutls_mpi_set(params->params[2], pub.g);
- _gnutls_mpi_set(params->params[3], pub.y);
- _gnutls_mpi_set(params->params[4], priv.x);
-
- dsa_private_key_clear(&priv);
- dsa_public_key_clear(&pub);
-
- break;
- }
- case GNUTLS_PK_RSA:{
- struct rsa_public_key pub;
- struct rsa_private_key priv;
-
- rsa_public_key_init(&pub);
- rsa_private_key_init(&priv);
-
- _gnutls_mpi_set_ui(&pub.e, 65537);
-
- ret =
- rsa_generate_keypair(&pub, &priv, NULL,
- rnd_func, NULL, NULL,
- level, 0);
- if (ret != 1) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- params->params_nr = 0;
- for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
- params->params[i] =
- _gnutls_mpi_alloc_like(&pub.n);
- if (params->params[i] == NULL) {
- ret = GNUTLS_E_MEMORY_ERROR;
- rsa_private_key_clear(&priv);
- rsa_public_key_clear(&pub);
- goto fail;
- }
- params->params_nr++;
-
- }
- _gnutls_mpi_set(params->params[0], pub.n);
- _gnutls_mpi_set(params->params[1], pub.e);
- _gnutls_mpi_set(params->params[2], priv.d);
- _gnutls_mpi_set(params->params[3], priv.p);
- _gnutls_mpi_set(params->params[4], priv.q);
- _gnutls_mpi_set(params->params[5], priv.c);
- _gnutls_mpi_set(params->params[6], priv.a);
- _gnutls_mpi_set(params->params[7], priv.b);
- rsa_private_key_clear(&priv);
- rsa_public_key_clear(&pub);
-
- break;
- }
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int ret, i;
+ int q_bits;
- return 0;
+ switch (algo)
+ {
- fail:
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+
+ dsa_public_key_init (&pub);
+ dsa_private_key_init (&priv);
+
+ /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
+ * but we do NIST DSA here */
+ if (level <= 1024)
+ q_bits = 160;
+ else
+ q_bits = 256;
+
+ ret =
+ dsa_generate_keypair (&pub, &priv, NULL,
+ rnd_func, NULL, NULL, level, q_bits);
+ if (ret != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- for (i = 0; i < params->params_nr; i++) {
- _gnutls_mpi_release(&params->params[i]);
- }
params->params_nr = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
+ {
+ params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
+ if (params->params[i] == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ dsa_private_key_clear (&priv);
+ dsa_public_key_clear (&pub);
+ goto fail;
+ }
+ params->params_nr++;
+ }
+ _gnutls_mpi_set (params->params[0], pub.p);
+ _gnutls_mpi_set (params->params[1], pub.q);
+ _gnutls_mpi_set (params->params[2], pub.g);
+ _gnutls_mpi_set (params->params[3], pub.y);
+ _gnutls_mpi_set (params->params[4], priv.x);
+
+ dsa_private_key_clear (&priv);
+ dsa_public_key_clear (&pub);
+
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+ struct rsa_private_key priv;
+
+ rsa_public_key_init (&pub);
+ rsa_private_key_init (&priv);
+
+ _gnutls_mpi_set_ui (&pub.e, 65537);
+
+ ret =
+ rsa_generate_keypair (&pub, &priv, NULL,
+ rnd_func, NULL, NULL, level, 0);
+ if (ret != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- return ret;
+ params->params_nr = 0;
+ for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
+ {
+ params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
+ if (params->params[i] == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ rsa_private_key_clear (&priv);
+ rsa_public_key_clear (&pub);
+ goto fail;
+ }
+ params->params_nr++;
+
+ }
+ _gnutls_mpi_set (params->params[0], pub.n);
+ _gnutls_mpi_set (params->params[1], pub.e);
+ _gnutls_mpi_set (params->params[2], priv.d);
+ _gnutls_mpi_set (params->params[3], priv.p);
+ _gnutls_mpi_set (params->params[4], priv.q);
+ _gnutls_mpi_set (params->params[5], priv.c);
+ _gnutls_mpi_set (params->params[6], priv.a);
+ _gnutls_mpi_set (params->params[7], priv.b);
+ rsa_private_key_clear (&priv);
+ rsa_public_key_clear (&pub);
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+fail:
+
+ for (i = 0; i < params->params_nr; i++)
+ {
+ _gnutls_mpi_release (&params->params[i]);
+ }
+ params->params_nr = 0;
+
+ return ret;
}
static int
-wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
- gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo,
+ gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
{
- int result;
-
- if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA) {
- /* do not trust the generated values. Some old private keys
- * generated by us have mess on the values. Those were very
- * old but it seemed some of the shipped example private
- * keys were as old.
- */
- mpz_invert(TOMPZ(params->params[5]),
- TOMPZ(params->params[4]),
- TOMPZ(params->params[3]));
-
- /* calculate exp1 [6] and exp2 [7] */
- _gnutls_mpi_release(&params->params[6]);
- _gnutls_mpi_release(&params->params[7]);
-
- result =
- _gnutls_calc_rsa_exp(params->params,
- RSA_PRIVATE_PARAMS - 2);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
- params->params_nr = RSA_PRIVATE_PARAMS;
+ int result;
+
+ if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA)
+ {
+ /* do not trust the generated values. Some old private keys
+ * generated by us have mess on the values. Those were very
+ * old but it seemed some of the shipped example private
+ * keys were as old.
+ */
+ mpz_invert (TOMPZ (params->params[5]),
+ TOMPZ (params->params[4]), TOMPZ (params->params[3]));
+
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release (&params->params[6]);
+ _gnutls_mpi_release (&params->params[7]);
+
+ result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS - 2);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
}
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ }
- return 0;
+ return 0;
}
int crypto_pk_prio = INT_MAX;
gnutls_crypto_pk_st _gnutls_pk_ops = {
- .encrypt = _wrap_nettle_pk_encrypt,
- .decrypt = _wrap_nettle_pk_decrypt,
- .sign = _wrap_nettle_pk_sign,
- .verify = _wrap_nettle_pk_verify,
- .generate = wrap_nettle_pk_generate_params,
- .pk_fixup_private_params = wrap_nettle_pk_fixup,
+ .encrypt = _wrap_nettle_pk_encrypt,
+ .decrypt = _wrap_nettle_pk_decrypt,
+ .sign = _wrap_nettle_pk_sign,
+ .verify = _wrap_nettle_pk_verify,
+ .generate = wrap_nettle_pk_generate_params,
+ .pk_fixup_private_params = wrap_nettle_pk_fixup,
};
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index d130edabb9..d2fe9105a0 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -35,9 +35,10 @@
#define RND_LOCK if (gnutls_mutex_lock(&rnd_mutex)!=0) abort()
#define RND_UNLOCK if (gnutls_mutex_unlock(&rnd_mutex)!=0) abort()
-enum {
- RANDOM_SOURCE_TRIVIA=0,
- RANDOM_SOURCE_DEVICE,
+enum
+{
+ RANDOM_SOURCE_TRIVIA = 0,
+ RANDOM_SOURCE_DEVICE,
};
static struct yarrow256_ctx yctx;
@@ -45,355 +46,409 @@ static struct yarrow_source ysources[SOURCES];
static time_t device_last_read = 0;
static time_t trivia_time_count = 0;
-static void* rnd_mutex;
+static void *rnd_mutex;
#define DEVICE_READ_INTERVAL 1200
#ifdef _WIN32
-# include <windows.h>
+#include <windows.h>
-# define DEVICE_READ_SIZE 16
-# define DEVICE_READ_SIZE_MAX 32
+#define DEVICE_READ_SIZE 16
+#define DEVICE_READ_SIZE_MAX 32
static HCRYPTPROV device_fd = NULL;
-static int do_trivia_source(int init)
+static int
+do_trivia_source (int init)
{
- struct {
- FILETIME now;
- unsigned count;
- } event;
+ struct
+ {
+ FILETIME now;
+ unsigned count;
+ } event;
- unsigned entropy = 0;
+ unsigned entropy = 0;
- GetSystemTimeAsFileTime(&event.now);
- event.count = 0;
+ GetSystemTimeAsFileTime (&event.now);
+ event.count = 0;
- if (init) {
- trivia_time_count = 0;
- } else {
- event.count = trivia_time_count++;
- entropy = 1;
+ if (init)
+ {
+ trivia_time_count = 0;
+ }
+ else
+ {
+ event.count = trivia_time_count++;
+ entropy = 1;
}
- return yarrow256_update(&yctx, RANDOM_SOURCE_TRIVIA, entropy,
- sizeof(event), (const uint8_t *) &event);
+ return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
+ sizeof (event), (const uint8_t *) &event);
}
-static int do_device_source(int init)
+static int
+do_device_source (int init)
{
- time_t now = time(NULL);
- int read_size = DEVICE_READ_SIZE;
-
- if (init) {
- int old;
-
- if(!CryptAcquireContext(&device_fd, NULL, NULL, PROV_RSA_FULL, CRYPT_SILENT|CRYPT_VERIFYCONTEXT)) {
- _gnutls_debug_log("error in CryptAcquireContext!\n");
- return GNUTLS_E_INTERNAL_ERROR;
- }
- device_last_read = now;
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ time_t now = time (NULL);
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init)
+ {
+ int old;
+
+ if (!CryptAcquireContext
+ (&device_fd, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
+ {
+ _gnutls_debug_log ("error in CryptAcquireContext!\n");
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ device_last_read = now;
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
}
- if ((device_fd != NULL)
- && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) {
+ if ((device_fd != NULL)
+ && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
+ {
- /* More than a minute since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
+ /* More than a minute since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
- if(!CryptGenRandom(device_fd, (DWORD)read_size, buf)) {
- _gnutls_debug_log("Error in CryptGenRandom: %s\n", GetLastError());
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (!CryptGenRandom (device_fd, (DWORD) read_size, buf))
+ {
+ _gnutls_debug_log ("Error in CryptGenRandom: %s\n",
+ GetLastError ());
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- device_last_read = now;
- return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE, read_size*8/2 /* we trust the system RNG */,
- read_size, buf);
+ device_last_read = now;
+ return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 /
+ 2 /* we trust the system RNG */ ,
+ read_size, buf);
}
- return 0;
+ return 0;
}
-static void wrap_nettle_rnd_deinit(void* ctx)
+static void
+wrap_nettle_rnd_deinit (void *ctx)
{
- RND_LOCK;
- CryptReleaseContext(device_fd, 0);
- RND_UNLOCK;
+ RND_LOCK;
+ CryptReleaseContext (device_fd, 0);
+ RND_UNLOCK;
- gnutls_mutex_deinit(&rnd_mutex);
- rnd_mutex = NULL;
+ gnutls_mutex_deinit (&rnd_mutex);
+ rnd_mutex = NULL;
}
#else /* POSIX */
-# include <time.h>
-# include <errno.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include <sys/time.h>
-# include <fcntl.h>
-# include <locks.h>
-# include "egd.h"
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <fcntl.h>
+#include <locks.h>
+#include "egd.h"
-# define DEVICE_READ_SIZE 16
-# define DEVICE_READ_SIZE_MAX 32
+#define DEVICE_READ_SIZE 16
+#define DEVICE_READ_SIZE_MAX 32
static int device_fd;
static time_t trivia_previous_time = 0;
-static int do_trivia_source(int init)
+static int
+do_trivia_source (int init)
{
- struct {
- struct timeval now;
+ struct
+ {
+ struct timeval now;
#ifdef HAVE_GETRUSAGE
- struct rusage rusage;
+ struct rusage rusage;
#endif
- unsigned count;
- pid_t pid;
- } event;
+ unsigned count;
+ pid_t pid;
+ } event;
- unsigned entropy = 0;
+ unsigned entropy = 0;
- if (gettimeofday(&event.now, NULL) < 0) {
- _gnutls_debug_log("gettimeofday failed: %s\n", strerror(errno));
- abort();
- }
+ if (gettimeofday (&event.now, NULL) < 0)
+ {
+ _gnutls_debug_log ("gettimeofday failed: %s\n", strerror (errno));
+ abort ();
+ }
#ifdef HAVE_GETRUSAGE
- if (getrusage(RUSAGE_SELF, &event.rusage) < 0) {
- _gnutls_debug_log("getrusage failed: %s\n", strerror(errno));
- abort();
- }
+ if (getrusage (RUSAGE_SELF, &event.rusage) < 0)
+ {
+ _gnutls_debug_log ("getrusage failed: %s\n", strerror (errno));
+ abort ();
+ }
#endif
- event.count = 0;
- if (init) {
- trivia_time_count = 0;
- } else {
- event.count = trivia_time_count++;
-
- if (event.now.tv_sec != trivia_previous_time) {
- /* Count one bit of entropy if we either have more than two
- * invocations in one second, or more than two seconds
- * between invocations. */
- if ((trivia_time_count > 2)
- || ((event.now.tv_sec - trivia_previous_time) > 2))
- entropy++;
-
- trivia_time_count = 0;
- }
+ event.count = 0;
+ if (init)
+ {
+ trivia_time_count = 0;
}
- trivia_previous_time = event.now.tv_sec;
- event.pid = getpid();
+ else
+ {
+ event.count = trivia_time_count++;
+
+ if (event.now.tv_sec != trivia_previous_time)
+ {
+ /* Count one bit of entropy if we either have more than two
+ * invocations in one second, or more than two seconds
+ * between invocations. */
+ if ((trivia_time_count > 2)
+ || ((event.now.tv_sec - trivia_previous_time) > 2))
+ entropy++;
+
+ trivia_time_count = 0;
+ }
+ }
+ trivia_previous_time = event.now.tv_sec;
+ event.pid = getpid ();
- return yarrow256_update(&yctx, RANDOM_SOURCE_TRIVIA, entropy,
- sizeof(event), (const uint8_t *) &event);
+ return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
+ sizeof (event), (const uint8_t *) &event);
}
-static int do_device_source_urandom(int init)
+static int
+do_device_source_urandom (int init)
{
- time_t now = time(NULL);
- int read_size = DEVICE_READ_SIZE;
-
- if (init) {
- int old;
-
- device_fd = open("/dev/urandom", O_RDONLY);
- if (device_fd < 0) {
- _gnutls_debug_log("Cannot open urandom!\n");
- return GNUTLS_E_FILE_ERROR;
- }
+ time_t now = time (NULL);
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init)
+ {
+ int old;
+
+ device_fd = open ("/dev/urandom", O_RDONLY);
+ if (device_fd < 0)
+ {
+ _gnutls_debug_log ("Cannot open urandom!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ old = fcntl (device_fd, F_GETFD);
+ fcntl (device_fd, F_SETFD, old | 1);
+ device_last_read = now;
- old = fcntl(device_fd, F_GETFD);
- fcntl(device_fd, F_SETFD, old | 1);
- device_last_read = now;
-
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
}
- if ((device_fd > 0)
- && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) {
-
- /* More than a minute since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
- uint32_t done;
-
- for (done = 0; done < read_size;) {
- int res;
- do
- res =
- read(device_fd, buf + done, sizeof(buf) - done);
- while (res < 0 && errno == EINTR);
-
- if (res <= 0) {
- if (res < 0) {
- _gnutls_debug_log("Failed to read /dev/urandom: %s\n",
- strerror(errno));
- } else {
- _gnutls_debug_log
- ("Failed to read /dev/urandom: end of file\n");
- }
-
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- done += res;
+ if ((device_fd > 0)
+ && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
+ {
+
+ /* More than a minute since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;)
+ {
+ int res;
+ do
+ res = read (device_fd, buf + done, sizeof (buf) - done);
+ while (res < 0 && errno == EINTR);
+
+ if (res <= 0)
+ {
+ if (res < 0)
+ {
+ _gnutls_debug_log ("Failed to read /dev/urandom: %s\n",
+ strerror (errno));
+ }
+ else
+ {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: end of file\n");
}
- device_last_read = now;
- return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE, read_size*8/2 /* we trust the RNG */,
- read_size, buf);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ done += res;
+ }
+
+ device_last_read = now;
+ return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 / 2 /* we trust the RNG */ ,
+ read_size, buf);
}
- return 0;
+ return 0;
}
-static int do_device_source_egd(int init)
+static int
+do_device_source_egd (int init)
{
- time_t now = time(NULL);
- int read_size = DEVICE_READ_SIZE;
-
- if (init) {
- device_fd = _rndegd_connect_socket();
- if (device_fd < 0) {
- _gnutls_debug_log("Cannot open egd socket!\n");
- return GNUTLS_E_FILE_ERROR;
- }
+ time_t now = time (NULL);
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init)
+ {
+ device_fd = _rndegd_connect_socket ();
+ if (device_fd < 0)
+ {
+ _gnutls_debug_log ("Cannot open egd socket!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ device_last_read = now;
- device_last_read = now;
-
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
}
- if ((device_fd > 0)
- && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) {
-
- /* More than a minute since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
- uint32_t done;
-
- for (done = 0; done < read_size;) {
- int res;
- res = _rndegd_read(&device_fd, buf + done, sizeof(buf) - done);
- if (res <= 0) {
- if (res < 0) {
- _gnutls_debug_log("Failed to read egd.\n");
- } else {
- _gnutls_debug_log("Failed to read egd: end of file\n");
- }
-
- return GNUTLS_E_INTERNAL_ERROR;
- }
- done += res;
+ if ((device_fd > 0)
+ && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
+ {
+
+ /* More than a minute since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;)
+ {
+ int res;
+ res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done);
+ if (res <= 0)
+ {
+ if (res < 0)
+ {
+ _gnutls_debug_log ("Failed to read egd.\n");
}
+ else
+ {
+ _gnutls_debug_log ("Failed to read egd: end of file\n");
+ }
+
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ done += res;
+ }
- device_last_read = now;
- return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE, read_size*8/2,
- read_size, buf);
+ device_last_read = now;
+ return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, read_size * 8 / 2,
+ read_size, buf);
}
- return 0;
+ return 0;
}
-static int do_device_source(int init)
+static int
+do_device_source (int init)
{
-int ret;
-static int (*do_source)(int init) = NULL;
+ int ret;
+ static int (*do_source) (int init) = NULL;
/* using static var here is ok since we are
* always called with mutexes down
*/
- if (init == 1) {
- do_source = do_device_source_urandom;
- ret = do_source(init);
- if (ret < 0) {
- do_source = do_device_source_egd;
- ret = do_source(init);
- }
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return ret;
- } else {
- return do_source(init);
+ if (init == 1)
+ {
+ do_source = do_device_source_urandom;
+ ret = do_source (init);
+ if (ret < 0)
+ {
+ do_source = do_device_source_egd;
+ ret = do_source (init);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+ }
+ else
+ {
+ return do_source (init);
}
}
-static void wrap_nettle_rnd_deinit(void* ctx)
+static void
+wrap_nettle_rnd_deinit (void *ctx)
{
- RND_LOCK;
- close(device_fd);
- RND_UNLOCK;
+ RND_LOCK;
+ close (device_fd);
+ RND_UNLOCK;
- gnutls_mutex_deinit(&rnd_mutex);
- rnd_mutex = NULL;
+ gnutls_mutex_deinit (&rnd_mutex);
+ rnd_mutex = NULL;
}
#endif
-static int wrap_nettle_rnd_init(void **ctx)
+static int
+wrap_nettle_rnd_init (void **ctx)
{
-int ret;
+ int ret;
- ret = gnutls_mutex_init(&rnd_mutex);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
+ ret = gnutls_mutex_init (&rnd_mutex);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- yarrow256_init(&yctx, SOURCES, ysources);
+ yarrow256_init (&yctx, SOURCES, ysources);
- ret = do_device_source(1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = do_device_source (1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- ret = do_trivia_source(1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = do_trivia_source (1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- yarrow256_slow_reseed(&yctx);
+ yarrow256_slow_reseed (&yctx);
- return 0;
+ return 0;
}
static int
-wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
+wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize)
{
-int ret;
-
- RND_LOCK;
-
- ret = do_trivia_source( 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
- ret = do_device_source( 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ RND_LOCK;
+
+ ret = do_trivia_source (0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = do_device_source (0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- yarrow256_random(&yctx, datasize, data);
- RND_UNLOCK;
- return 0;
+ yarrow256_random (&yctx, datasize, data);
+ RND_UNLOCK;
+ return 0;
}
int crypto_rnd_prio = INT_MAX;
gnutls_crypto_rnd_st _gnutls_rnd_ops = {
- .init = wrap_nettle_rnd_init,
- .deinit = wrap_nettle_rnd_deinit,
- .rnd = wrap_nettle_rnd,
+ .init = wrap_nettle_rnd_init,
+ .deinit = wrap_nettle_rnd_deinit,
+ .rnd = wrap_nettle_rnd,
};
diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c
index 07d24b914b..da14a74874 100644
--- a/lib/opencdk/armor.c
+++ b/lib/opencdk/armor.c
@@ -28,7 +28,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <string.h>
@@ -39,9 +39,9 @@
#include "filters.h"
#ifdef __MINGW32__
-# define LF "\r\n"
+#define LF "\r\n"
#else
-# define LF "\n"
+#define LF "\n"
#endif
#define CRCINIT 0xB704CE
@@ -283,7 +283,8 @@ compress_get_algo (cdk_stream_t inp, int *r_zipalgo)
pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf);
if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo)
{
- _gnutls_buffers_log ("armor compressed (algo=%d)\n", *(plain + 1));
+ _gnutls_buffers_log ("armor compressed (algo=%d)\n",
+ *(plain + 1));
*r_zipalgo = *(plain + 1);
}
break;
@@ -596,8 +597,8 @@ armor_decode (void *data, FILE * in, FILE * out)
afx->crc_okay = (afx->crc == crc2) ? 1 : 0;
if (!afx->crc_okay && !rc)
{
- _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n", (unsigned int) crc2,
- (unsigned int) afx->crc);
+ _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n",
+ (unsigned int) crc2, (unsigned int) afx->crc);
rc = CDK_Armor_CRC_Error;
}
diff --git a/lib/opencdk/hash.c b/lib/opencdk/hash.c
index 039e6d4c9e..9ac9d9c682 100644
--- a/lib/opencdk/hash.c
+++ b/lib/opencdk/hash.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <sys/stat.h>
diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c
index 7464dfbd3f..b93c5c9a8e 100644
--- a/lib/opencdk/kbnode.c
+++ b/lib/opencdk/kbnode.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index 7b798520e3..ab7e65d0ba 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <sys/stat.h>
#include <stdio.h>
diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c
index d654cd4e9c..769f117e74 100644
--- a/lib/opencdk/literal.c
+++ b/lib/opencdk/literal.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <time.h>
diff --git a/lib/opencdk/main.c b/lib/opencdk/main.c
index 1803643cbb..3052bf1387 100644
--- a/lib/opencdk/main.c
+++ b/lib/opencdk/main.c
@@ -23,12 +23,12 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <errno.h>
#ifdef HAVE_UNISTD_H
-# include <unistd.h>
+#include <unistd.h>
#endif
#ifdef _WIN32
#include <windows.h>
diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
index 26c159037d..a6f69187b3 100644
--- a/lib/opencdk/misc.c
+++ b/lib/opencdk/misc.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <string.h>
diff --git a/lib/opencdk/new-packet.c b/lib/opencdk/new-packet.c
index 70048edc71..55b0cfd1a3 100644
--- a/lib/opencdk/new-packet.c
+++ b/lib/opencdk/new-packet.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <string.h>
#include <stdio.h>
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index 99779e4855..dc2e2ea788 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -193,7 +193,7 @@ cdk_pk_get_nskey (int algo)
int ret;
if (is_RSA (algo))
- ret = RSA_PRIVATE_PARAMS-2; /* we don't have exp1 and exp2 */
+ ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
else if (is_DSA (algo))
ret = DSA_PRIVATE_PARAMS;
else if (is_ELG (algo))
@@ -438,7 +438,7 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
err = _gnutls_hash_init (&hd, md_algo);
if (err < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return map_gnutls_error (err);
}
_cdk_hash_pubkey (pk, &hd, 1);
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index 21067c1c24..6e7fcefd56 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -137,7 +137,7 @@ read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure)
if (!rc && nread != ((nbits + 7) / 8))
{
_gnutls_write_log ("read_mpi: too short %d < %d\n", (int) nread,
- (int) ((nbits + 7) / 8));
+ (int) ((nbits + 7) / 8));
return CDK_MPI_Error;
}
@@ -301,7 +301,8 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
if (!npkey)
{
gnutls_assert ();
- _gnutls_write_log ("invalid public key algorithm %d\n", pk->pubkey_algo);
+ _gnutls_write_log ("invalid public key algorithm %d\n",
+ pk->pubkey_algo);
return CDK_Inv_Algo;
}
for (i = 0; i < npkey; i++)
diff --git a/lib/opencdk/seskey.c b/lib/opencdk/seskey.c
index e3e4d40a3d..8830905098 100644
--- a/lib/opencdk/seskey.c
+++ b/lib/opencdk/seskey.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c
index 003ae5ac29..cf007d4e34 100644
--- a/lib/opencdk/sig-check.c
+++ b/lib/opencdk/sig-check.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <time.h>
@@ -53,10 +53,10 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes);
if (err < 0)
- {
- gnutls_assert();
+ {
+ gnutls_assert ();
return map_gnutls_error (err);
- }
+ }
if (!usefpr || pk->version == 4)
_gnutls_hash (md, buf, nbytes);
diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
index 23931a8432..01fd8855f1 100644
--- a/lib/opencdk/stream.c
+++ b/lib/opencdk/stream.c
@@ -32,7 +32,7 @@
#include <stdlib.h>
#include <errno.h>
#ifdef HAVE_UNISTD_H
-# include <unistd.h>
+#include <unistd.h>
#endif
#include "opencdk.h"
@@ -460,7 +460,7 @@ cdk_stream_close (cdk_stream_t s)
}
_gnutls_read_log ("close stream ref=%d `%s'\n",
- s->fp_ref, s->fname ? s->fname : "[temp]");
+ s->fp_ref, s->fname ? s->fname : "[temp]");
/* In the user callback mode, we call the release cb if possible
and just free the stream. */
@@ -757,7 +757,7 @@ stream_fp_replace (cdk_stream_t s, FILE ** tmp)
assert (s);
_gnutls_read_log ("replace stream fd=%d with fd=%d\n",
- fileno (s->fp), fileno (*tmp));
+ fileno (s->fp), fileno (*tmp));
rc = fclose (s->fp);
if (rc)
{
@@ -793,7 +793,7 @@ stream_filter_write (cdk_stream_t s)
continue;
/* if there is no next filter, create the final output file */
_gnutls_read_log ("filter [write]: last filter=%d fname=%s\n",
- f->next ? 1 : 0, s->fname);
+ f->next ? 1 : 0, s->fname);
if (!f->next && s->fname)
f->tmp = fopen (s->fname, "w+b");
else
@@ -852,7 +852,7 @@ stream_filter_read (cdk_stream_t s)
if (f->flags.error)
{
_gnutls_read_log ("filter %s [read]: has the error flag; skipped\n",
- s->fname ? s->fname : "[temp]");
+ s->fname ? s->fname : "[temp]");
continue;
}
@@ -864,7 +864,7 @@ stream_filter_read (cdk_stream_t s)
}
rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp);
_gnutls_read_log ("filter %s [read]: type=%d rc=%d\n",
- s->fname ? s->fname : "[temp]", f->type, rc);
+ s->fname ? s->fname : "[temp]", f->type, rc);
if (rc)
{
f->flags.error = 1;
@@ -1060,7 +1060,7 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count)
memcpy (s->cache.buf, old, s->cache.size);
cdk_free (old);
_gnutls_read_log ("stream: enlarge cache to %d octets\n",
- (int) s->cache.alloced);
+ (int) s->cache.alloced);
}
memcpy (s->cache.buf + s->cache.size, buf, count);
s->cache.size += count;
@@ -1350,7 +1350,7 @@ cdk_stream_enable_cache (cdk_stream_t s, int val)
s->cache.buf = cdk_calloc (1, STREAM_BUFSIZE);
s->cache.alloced = STREAM_BUFSIZE;
_gnutls_read_log ("stream: allocate cache of %d octets\n",
- STREAM_BUFSIZE);
+ STREAM_BUFSIZE);
}
return 0;
}
@@ -1580,7 +1580,7 @@ _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes)
assert (s);
_gnutls_read_log ("stream: activate block mode with blocksize %d\n",
- (int) nbytes);
+ (int) nbytes);
s->blkmode = nbytes;
return 0;
}
diff --git a/lib/opencdk/types.h b/lib/opencdk/types.h
index 88dc0e2378..d98ce0643b 100644
--- a/lib/opencdk/types.h
+++ b/lib/opencdk/types.h
@@ -26,26 +26,26 @@
#define CDK_TYPES_H
#ifndef HAVE_BYTE_TYPEDEF
-# undef byte
+#undef byte
typedef unsigned char byte;
-# define HAVE_BYTE_TYPEDEF
+#define HAVE_BYTE_TYPEDEF
#endif
#ifndef HAVE_U16_TYPEDEF
-# undef u16
+#undef u16
typedef unsigned short u16;
-# define HAVE_U16_TYPEDEF
+#define HAVE_U16_TYPEDEF
#endif
#ifndef HAVE_U32_TYPEDEF
-# undef u32
+#undef u32
typedef unsigned int u32;
-# define HAVE_U32_TYPEDEF
+#define HAVE_U32_TYPEDEF
#endif
#ifndef DIM
-# define DIM(v) (sizeof (v)/sizeof ((v)[0]))
-# define DIMof(type, member) DIM(((type *)0)->member)
+#define DIM(v) (sizeof (v)/sizeof ((v)[0]))
+#define DIMof(type, member) DIM(((type *)0)->member)
#endif
#endif /* CDK_TYPES_H */
diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c
index 7826114ef2..ee5fb2be66 100644
--- a/lib/opencdk/verify.c
+++ b/lib/opencdk/verify.c
@@ -23,7 +23,7 @@
*
*/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
#include <string.h>
@@ -245,7 +245,7 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
err = _gnutls_hash_init (&md, digest_algo);
if (err < 0)
{
- gnutls_assert();
+ gnutls_assert ();
rc = map_gnutls_error (err);
goto leave;
}
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 7c1dc01f3f..2223c98068 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -141,17 +141,19 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
gnutls_cert *ccert;
/* this should be first */
- ret = gnutls_privkey_init(&privkey);
- if (ret < 0)
+ ret = gnutls_privkey_init (&privkey);
+ if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
- ret = gnutls_privkey_import_openpgp (privkey, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ ret =
+ gnutls_privkey_import_openpgp (privkey, pkey,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
- gnutls_privkey_deinit(privkey);
+ gnutls_privkey_deinit (privkey);
gnutls_assert ();
return ret;
}
@@ -161,7 +163,7 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
if (ccert == NULL)
{
gnutls_assert ();
- gnutls_privkey_deinit(privkey);
+ gnutls_privkey_deinit (privkey);
return GNUTLS_E_MEMORY_ERROR;
}
@@ -169,19 +171,20 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free(ccert);
- gnutls_privkey_deinit(privkey);
+ gnutls_free (ccert);
+ gnutls_privkey_deinit (privkey);
return ret;
}
- ret = certificate_credentials_append_pkey(res, privkey);
- if (ret >=0) ret = certificate_credential_append_crt_list(res, ccert, 1);
+ ret = certificate_credentials_append_pkey (res, privkey);
+ if (ret >= 0)
+ ret = certificate_credential_append_crt_list (res, ccert, 1);
if (ret < 0)
{
- gnutls_assert();
- gnutls_free(ccert);
- gnutls_privkey_deinit(privkey);
+ gnutls_assert ();
+ gnutls_free (ccert);
+ gnutls_privkey_deinit (privkey);
return ret;
}
@@ -402,27 +405,27 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
if (subkey_id != NULL)
{
if (strcasecmp (subkey_id, "auto") == 0)
- ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
+ ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
else
- ret = get_keyid (keyid, subkey_id);
+ ret = get_keyid (keyid, subkey_id);
if (ret < 0)
- gnutls_assert();
+ gnutls_assert ();
if (ret >= 0)
- {
- ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
- if (ret >= 0)
- ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
- }
+ {
+ ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
+ if (ret >= 0)
+ ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
+ }
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- gnutls_openpgp_crt_deinit (crt);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_openpgp_privkey_deinit (pkey);
+ gnutls_openpgp_crt_deinit (crt);
+ return ret;
+ }
}
ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
@@ -740,7 +743,8 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)
_gnutls_debug_log
("Importing Openpgp cert and using openpgp sub key: %s\n",
- _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf), NULL));
+ _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf),
+ NULL));
KEYID_IMPORT (kid32, keyid);
@@ -874,10 +878,11 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
KEYID_IMPORT (kid, keyid);
- idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
- pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
- result = _gnutls_openpgp_privkey_get_mpis (key, kid,
- params, &params_size);
+ idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
+ result =
+ _gnutls_openpgp_privkey_get_mpis (key, kid, params, &params_size);
}
else
{
@@ -893,7 +898,8 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
}
- result = _gnutls_soft_sign (pk_algorithm, params, params_size, hash, signature);
+ result =
+ _gnutls_soft_sign (pk_algorithm, params, params_size, hash, signature);
for (i = 0; i < params_size; i++)
_gnutls_mpi_release (&params[i]);
@@ -923,8 +929,9 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
**/
int
gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags, const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
int result, i;
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
@@ -937,7 +944,7 @@ gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
-
+
result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
if (result == 0)
{
@@ -963,11 +970,12 @@ gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
if (pk_algorithm != GNUTLS_PK_RSA)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
- result = _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, params, params_size, 2);
+ result =
+ _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, params, params_size, 2);
for (i = 0; i < params_size; i++)
_gnutls_mpi_release (&params[i]);
diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h
index 8071aa0098..235bcfd482 100644
--- a/lib/openpgp/openpgp_int.h
+++ b/lib/openpgp/openpgp_int.h
@@ -1,8 +1,8 @@
#ifndef OPENPGP_LOCAL_H
-# define OPENPGP_LOCAL_H
+#define OPENPGP_LOCAL_H
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#ifdef ENABLE_OPENPGP
diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c
index 0413668c8a..eaa1902d68 100644
--- a/lib/openpgp/output.c
+++ b/lib/openpgp/output.c
@@ -37,7 +37,8 @@
#define adds _gnutls_buffer_append_str
static void
-hexdump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc)
+hexdump (gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
{
size_t j;
@@ -237,7 +238,9 @@ print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
name = _("unknown");
addf (str, _("\tPublic Key Algorithm: %s\n"), name);
- addf (str, _("\tKey Security Level: %s\n"), gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param(err, bits)));
+ addf (str, _("\tKey Security Level: %s\n"),
+ gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
+ (err, bits)));
switch (err)
{
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 2dede0e083..e2a5230be3 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -773,7 +773,7 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
int i = 0;
uint32_t local_keyid[2];
- _gnutls_hard_log("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
+ _gnutls_hard_log ("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
ctx = NULL;
while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
@@ -788,7 +788,8 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
else
cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
- _gnutls_hard_log("Found keyid: %x.%x\n", local_keyid[0], local_keyid[1]);
+ _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0],
+ local_keyid[1]);
if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
{
return i;
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 9450e33cb4..a3cdf12751 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -87,13 +87,13 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key)
gnutls_sec_param_t
gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key)
{
-gnutls_pk_algorithm_t algo;
-unsigned int bits;
+ gnutls_pk_algorithm_t algo;
+ unsigned int bits;
algo = gnutls_openpgp_privkey_get_pk_algorithm (key, &bits);
- if (algo == GNUTLS_PK_UNKNOWN)
+ if (algo == GNUTLS_PK_UNKNOWN)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_SEC_PARAM_UNKNOWN;
}
@@ -718,7 +718,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
gnutls_pk_params_st pk_params;
cdk_packet_t pkt;
- memset(&pk_params, 0, sizeof(pk_params));
+ memset (&pk_params, 0, sizeof (pk_params));
if (keyid == NULL)
pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY);
@@ -739,7 +739,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
case GNUTLS_PK_RSA:
/* openpgp does not hold all parameters as in PKCS #1
*/
- pk_params.params_nr = RSA_PRIVATE_PARAMS-2;
+ pk_params.params_nr = RSA_PRIVATE_PARAMS - 2;
break;
case GNUTLS_PK_DSA:
pk_params.params_nr = DSA_PRIVATE_PARAMS;
@@ -758,9 +758,9 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
goto error;
}
}
- /* fixup will generate exp1 and exp2 that are not
- * available here.
- */
+ /* fixup will generate exp1 and exp2 that are not
+ * available here.
+ */
result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, &pk_params);
if (result < 0)
{
@@ -775,7 +775,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
}
*params_size = pk_params.params_nr;
- for(i=0;i<pk_params.params_nr;i++)
+ for (i = 0; i < pk_params.params_nr; i++)
params[i] = pk_params.params[i];
return 0;
diff --git a/lib/pakchois/dlopen.c b/lib/pakchois/dlopen.c
index c7fab3a76a..624f302722 100644
--- a/lib/pakchois/dlopen.c
+++ b/lib/pakchois/dlopen.c
@@ -27,22 +27,25 @@
#ifdef _WIN32
-# include <windows.h>
+#include <windows.h>
-void *dlopen(const char *filename, int flag)
+void *
+dlopen (const char *filename, int flag)
{
- return LoadLibrary(filename);
+ return LoadLibrary (filename);
}
-void *dlsym(void *handle, const char *symbol)
+void *
+dlsym (void *handle, const char *symbol)
{
- return GetProcAddress((HINSTANCE)handle, symbol);
+ return GetProcAddress ((HINSTANCE) handle, symbol);
}
-int dlclose(void *handle)
+int
+dlclose (void *handle)
{
- FreeLibrary((HINSTANCE)handle);
+ FreeLibrary ((HINSTANCE) handle);
}
#endif
diff --git a/lib/pakchois/dlopen.h b/lib/pakchois/dlopen.h
index a8a5fab000..47362cb035 100644
--- a/lib/pakchois/dlopen.h
+++ b/lib/pakchois/dlopen.h
@@ -1,5 +1,5 @@
#ifndef DLOPEN_H
-# define DLOPEN_H
+#define DLOPEN_H
#include "config.h"
@@ -8,13 +8,13 @@
#define RTLD_LOCAL 0
#define RTLD_NOW 1
-void *dlopen(const char *filename, int flag);
-void *dlsym(void *handle, const char *symbol);
-int dlclose(void *handle);
+void *dlopen (const char *filename, int flag);
+void *dlsym (void *handle, const char *symbol);
+int dlclose (void *handle);
#else
-# include <dlfcn.h>
+#include <dlfcn.h>
#endif
diff --git a/lib/pakchois/errors.c b/lib/pakchois/errors.c
index de09b92d53..d223239d8f 100644
--- a/lib/pakchois/errors.c
+++ b/lib/pakchois/errors.c
@@ -46,101 +46,189 @@
#define _(x) x
#endif
-const char *pakchois_error(ck_rv_t rv)
+const char *
+pakchois_error (ck_rv_t rv)
{
- if (rv >= CKR_VENDOR_DEFINED) {
- return _("Vendor defined error");
+ if (rv >= CKR_VENDOR_DEFINED)
+ {
+ return _("Vendor defined error");
}
- switch (rv) {
- case CKR_OK: return _("OK");
- case CKR_CANCEL: return _("Cancel");
- case CKR_HOST_MEMORY: return _("Host memory");
- case CKR_SLOT_ID_INVALID: return _("Slot id invalid");
- case CKR_GENERAL_ERROR: return _("General error");
- case CKR_FUNCTION_FAILED: return _("Function failed");
- case CKR_ARGUMENTS_BAD: return _("Arguments bad");
- case CKR_NO_EVENT: return _("No event");
- case CKR_NEED_TO_CREATE_THREADS: return _("Need to create threads");
- case CKR_CANT_LOCK: return _("Can't lock");
- case CKR_ATTRIBUTE_READ_ONLY: return _("Attribute read only");
- case CKR_ATTRIBUTE_SENSITIVE: return _("Attribute sensitive");
- case CKR_ATTRIBUTE_TYPE_INVALID: return _("Attribute type invalid");
- case CKR_ATTRIBUTE_VALUE_INVALID: return _("Attribute value invalid");
- case CKR_DATA_INVALID: return _("Data invalid");
- case CKR_DATA_LEN_RANGE: return _("Data len range");
- case CKR_DEVICE_ERROR: return _("Device error");
- case CKR_DEVICE_MEMORY: return _("Device memory");
- case CKR_DEVICE_REMOVED: return _("Device removed");
- case CKR_ENCRYPTED_DATA_INVALID: return _("Encrypted data invalid");
- case CKR_ENCRYPTED_DATA_LEN_RANGE: return _("Encrypted data len range");
- case CKR_FUNCTION_CANCELED: return _("Function canceled");
- case CKR_FUNCTION_NOT_PARALLEL: return _("Function not parallel");
- case CKR_FUNCTION_NOT_SUPPORTED: return _("Function not supported");
- case CKR_KEY_HANDLE_INVALID: return _("Key handle invalid");
- case CKR_KEY_SIZE_RANGE: return _("Key size range");
- case CKR_KEY_TYPE_INCONSISTENT: return _("Key type inconsistent");
- case CKR_KEY_NOT_NEEDED: return _("Key not needed");
- case CKR_KEY_CHANGED: return _("Key changed");
- case CKR_KEY_NEEDED: return _("Key needed");
- case CKR_KEY_INDIGESTIBLE: return _("Key indigestible");
- case CKR_KEY_FUNCTION_NOT_PERMITTED: return _("Key function not permitted");
- case CKR_KEY_NOT_WRAPPABLE: return _("Key not wrappable");
- case CKR_KEY_UNEXTRACTABLE: return _("Key unextractable");
- case CKR_MECHANISM_INVALID: return _("Mechanism invalid");
- case CKR_MECHANISM_PARAM_INVALID: return _("Mechanism param invalid");
- case CKR_OBJECT_HANDLE_INVALID: return _("Object handle invalid");
- case CKR_OPERATION_ACTIVE: return _("Operation active");
- case CKR_OPERATION_NOT_INITIALIZED: return _("Operation not initialized");
- case CKR_PIN_INCORRECT: return _("PIN incorrect");
- case CKR_PIN_INVALID: return _("PIN invalid");
- case CKR_PIN_LEN_RANGE: return _("PIN len range");
- case CKR_PIN_EXPIRED: return _("PIN expired");
- case CKR_PIN_LOCKED: return _("PIN locked");
- case CKR_SESSION_CLOSED: return _("Session closed");
- case CKR_SESSION_COUNT: return _("Session count");
- case CKR_SESSION_HANDLE_INVALID: return _("Session handle invalid");
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED: return _("Session parallel not supported");
- case CKR_SESSION_READ_ONLY: return _("Session read only");
- case CKR_SESSION_EXISTS: return _("Session exists");
- case CKR_SESSION_READ_ONLY_EXISTS: return _("Session read only exists");
- case CKR_SESSION_READ_WRITE_SO_EXISTS: return _("Session read write so exists");
- case CKR_SIGNATURE_INVALID: return _("Signature invalid");
- case CKR_SIGNATURE_LEN_RANGE: return _("Signature length range");
- case CKR_TEMPLATE_INCOMPLETE: return _("Template incomplete");
- case CKR_TEMPLATE_INCONSISTENT: return _("Template inconsistent");
- case CKR_TOKEN_NOT_PRESENT: return _("Token not present");
- case CKR_TOKEN_NOT_RECOGNIZED: return _("Token not recognized");
- case CKR_TOKEN_WRITE_PROTECTED: return _("Token write protected");
- case CKR_UNWRAPPING_KEY_HANDLE_INVALID: return _("Unwrapping key handle invalid");
- case CKR_UNWRAPPING_KEY_SIZE_RANGE: return _("Unwrapping key size range");
- case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: return _("Unwrapping key type inconsistent");
- case CKR_USER_ALREADY_LOGGED_IN: return _("User already logged in");
- case CKR_USER_NOT_LOGGED_IN: return _("User not logged in");
- case CKR_USER_PIN_NOT_INITIALIZED: return _("User PIN not initialized");
- case CKR_USER_TYPE_INVALID: return _("User type invalid");
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: return _("Another user already logged in");
- case CKR_USER_TOO_MANY_TYPES: return _("User too many types");
- case CKR_WRAPPED_KEY_INVALID: return _("Wrapped key invalid");
- case CKR_WRAPPED_KEY_LEN_RANGE: return _("Wrapped key length range");
- case CKR_WRAPPING_KEY_HANDLE_INVALID: return _("Wrapping key handle invalid");
- case CKR_WRAPPING_KEY_SIZE_RANGE: return _("Wrapping key size range");
- case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: return _("Wrapping key type inconsistent");
- case CKR_RANDOM_SEED_NOT_SUPPORTED: return _("Random seed not supported");
- case CKR_RANDOM_NO_RNG: return _("Random no rng");
- case CKR_DOMAIN_PARAMS_INVALID: return _("Domain params invalid");
- case CKR_BUFFER_TOO_SMALL: return _("Buffer too small");
- case CKR_SAVED_STATE_INVALID: return _("Saved state invalid");
- case CKR_INFORMATION_SENSITIVE: return _("Information sensitive");
- case CKR_STATE_UNSAVEABLE: return _("State unsaveable");
- case CKR_CRYPTOKI_NOT_INITIALIZED: return _("Cryptoki not initialized");
- case CKR_CRYPTOKI_ALREADY_INITIALIZED: return _("Cryptoki already initialized");
- case CKR_MUTEX_BAD: return _("Mutex bad");
- case CKR_MUTEX_NOT_LOCKED: return _("Mutex not locked");
- case CKR_FUNCTION_REJECTED: return _("Function rejected");
+ switch (rv)
+ {
+ case CKR_OK:
+ return _("OK");
+ case CKR_CANCEL:
+ return _("Cancel");
+ case CKR_HOST_MEMORY:
+ return _("Host memory");
+ case CKR_SLOT_ID_INVALID:
+ return _("Slot id invalid");
+ case CKR_GENERAL_ERROR:
+ return _("General error");
+ case CKR_FUNCTION_FAILED:
+ return _("Function failed");
+ case CKR_ARGUMENTS_BAD:
+ return _("Arguments bad");
+ case CKR_NO_EVENT:
+ return _("No event");
+ case CKR_NEED_TO_CREATE_THREADS:
+ return _("Need to create threads");
+ case CKR_CANT_LOCK:
+ return _("Can't lock");
+ case CKR_ATTRIBUTE_READ_ONLY:
+ return _("Attribute read only");
+ case CKR_ATTRIBUTE_SENSITIVE:
+ return _("Attribute sensitive");
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ return _("Attribute type invalid");
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return _("Attribute value invalid");
+ case CKR_DATA_INVALID:
+ return _("Data invalid");
+ case CKR_DATA_LEN_RANGE:
+ return _("Data len range");
+ case CKR_DEVICE_ERROR:
+ return _("Device error");
+ case CKR_DEVICE_MEMORY:
+ return _("Device memory");
+ case CKR_DEVICE_REMOVED:
+ return _("Device removed");
+ case CKR_ENCRYPTED_DATA_INVALID:
+ return _("Encrypted data invalid");
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ return _("Encrypted data len range");
+ case CKR_FUNCTION_CANCELED:
+ return _("Function canceled");
+ case CKR_FUNCTION_NOT_PARALLEL:
+ return _("Function not parallel");
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ return _("Function not supported");
+ case CKR_KEY_HANDLE_INVALID:
+ return _("Key handle invalid");
+ case CKR_KEY_SIZE_RANGE:
+ return _("Key size range");
+ case CKR_KEY_TYPE_INCONSISTENT:
+ return _("Key type inconsistent");
+ case CKR_KEY_NOT_NEEDED:
+ return _("Key not needed");
+ case CKR_KEY_CHANGED:
+ return _("Key changed");
+ case CKR_KEY_NEEDED:
+ return _("Key needed");
+ case CKR_KEY_INDIGESTIBLE:
+ return _("Key indigestible");
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ return _("Key function not permitted");
+ case CKR_KEY_NOT_WRAPPABLE:
+ return _("Key not wrappable");
+ case CKR_KEY_UNEXTRACTABLE:
+ return _("Key unextractable");
+ case CKR_MECHANISM_INVALID:
+ return _("Mechanism invalid");
+ case CKR_MECHANISM_PARAM_INVALID:
+ return _("Mechanism param invalid");
+ case CKR_OBJECT_HANDLE_INVALID:
+ return _("Object handle invalid");
+ case CKR_OPERATION_ACTIVE:
+ return _("Operation active");
+ case CKR_OPERATION_NOT_INITIALIZED:
+ return _("Operation not initialized");
+ case CKR_PIN_INCORRECT:
+ return _("PIN incorrect");
+ case CKR_PIN_INVALID:
+ return _("PIN invalid");
+ case CKR_PIN_LEN_RANGE:
+ return _("PIN len range");
+ case CKR_PIN_EXPIRED:
+ return _("PIN expired");
+ case CKR_PIN_LOCKED:
+ return _("PIN locked");
+ case CKR_SESSION_CLOSED:
+ return _("Session closed");
+ case CKR_SESSION_COUNT:
+ return _("Session count");
+ case CKR_SESSION_HANDLE_INVALID:
+ return _("Session handle invalid");
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ return _("Session parallel not supported");
+ case CKR_SESSION_READ_ONLY:
+ return _("Session read only");
+ case CKR_SESSION_EXISTS:
+ return _("Session exists");
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ return _("Session read only exists");
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return _("Session read write so exists");
+ case CKR_SIGNATURE_INVALID:
+ return _("Signature invalid");
+ case CKR_SIGNATURE_LEN_RANGE:
+ return _("Signature length range");
+ case CKR_TEMPLATE_INCOMPLETE:
+ return _("Template incomplete");
+ case CKR_TEMPLATE_INCONSISTENT:
+ return _("Template inconsistent");
+ case CKR_TOKEN_NOT_PRESENT:
+ return _("Token not present");
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ return _("Token not recognized");
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return _("Token write protected");
+ case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
+ return _("Unwrapping key handle invalid");
+ case CKR_UNWRAPPING_KEY_SIZE_RANGE:
+ return _("Unwrapping key size range");
+ case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
+ return _("Unwrapping key type inconsistent");
+ case CKR_USER_ALREADY_LOGGED_IN:
+ return _("User already logged in");
+ case CKR_USER_NOT_LOGGED_IN:
+ return _("User not logged in");
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ return _("User PIN not initialized");
+ case CKR_USER_TYPE_INVALID:
+ return _("User type invalid");
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ return _("Another user already logged in");
+ case CKR_USER_TOO_MANY_TYPES:
+ return _("User too many types");
+ case CKR_WRAPPED_KEY_INVALID:
+ return _("Wrapped key invalid");
+ case CKR_WRAPPED_KEY_LEN_RANGE:
+ return _("Wrapped key length range");
+ case CKR_WRAPPING_KEY_HANDLE_INVALID:
+ return _("Wrapping key handle invalid");
+ case CKR_WRAPPING_KEY_SIZE_RANGE:
+ return _("Wrapping key size range");
+ case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
+ return _("Wrapping key type inconsistent");
+ case CKR_RANDOM_SEED_NOT_SUPPORTED:
+ return _("Random seed not supported");
+ case CKR_RANDOM_NO_RNG:
+ return _("Random no rng");
+ case CKR_DOMAIN_PARAMS_INVALID:
+ return _("Domain params invalid");
+ case CKR_BUFFER_TOO_SMALL:
+ return _("Buffer too small");
+ case CKR_SAVED_STATE_INVALID:
+ return _("Saved state invalid");
+ case CKR_INFORMATION_SENSITIVE:
+ return _("Information sensitive");
+ case CKR_STATE_UNSAVEABLE:
+ return _("State unsaveable");
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ return _("Cryptoki not initialized");
+ case CKR_CRYPTOKI_ALREADY_INITIALIZED:
+ return _("Cryptoki already initialized");
+ case CKR_MUTEX_BAD:
+ return _("Mutex bad");
+ case CKR_MUTEX_NOT_LOCKED:
+ return _("Mutex not locked");
+ case CKR_FUNCTION_REJECTED:
+ return _("Function rejected");
default:
- break;
+ break;
}
- return _("Unknown error");
+ return _("Unknown error");
}
diff --git a/lib/pakchois/pakchois.c b/lib/pakchois/pakchois.c
index 6785416efa..0665cb3425 100644
--- a/lib/pakchois/pakchois.c
+++ b/lib/pakchois/pakchois.c
@@ -50,25 +50,27 @@
#include "dlopen.h"
#ifdef HAVE_WORDEXP
-# include <wordexp.h>
+#include <wordexp.h>
#endif
#include "pakchois.h"
-struct provider {
- dev_t dev;
- ino_t ino;
- char *name;
- void *handle;
- void *mutex;
- const struct ck_function_list *fns;
- unsigned int refcount;
- struct provider *next, **prevref;
- void *reserved;
+struct provider
+{
+ dev_t dev;
+ ino_t ino;
+ char *name;
+ void *handle;
+ void *mutex;
+ const struct ck_function_list *fns;
+ unsigned int refcount;
+ struct provider *next, **prevref;
+ void *reserved;
};
-struct pakchois_module_s {
- struct slot *slots;
- struct provider *provider;
+struct pakchois_module_s
+{
+ struct slot *slots;
+ struct provider *provider;
};
static void *provider_mutex = NULL;
@@ -77,77 +79,88 @@ static void *provider_mutex = NULL;
* individual module must performed whilst holding this mutex. */
static struct provider *provider_list;
-struct pakchois_session_s {
- pakchois_module_t *module;
- ck_session_handle_t id;
- pakchois_notify_t notify;
- void *notify_data;
- /* Doubly-linked list. Either prevref = &previous->next or else
- * prevref = &slot->sessions for the list head. */
- pakchois_session_t **prevref;
- pakchois_session_t *next;
+struct pakchois_session_s
+{
+ pakchois_module_t *module;
+ ck_session_handle_t id;
+ pakchois_notify_t notify;
+ void *notify_data;
+ /* Doubly-linked list. Either prevref = &previous->next or else
+ * prevref = &slot->sessions for the list head. */
+ pakchois_session_t **prevref;
+ pakchois_session_t *next;
};
-struct slot {
- ck_slot_id_t id;
- pakchois_session_t *sessions;
- struct slot *next;
+struct slot
+{
+ ck_slot_id_t id;
+ pakchois_session_t *sessions;
+ struct slot *next;
};
#define DIR_DELIMITER '/'
-static char *pkcs11ize(const char *name)
-{
- int len;
- char *oname;
- char *base;
- char *suffix;
-
- oname = strdup(name);
- if (oname == NULL) {
- return NULL;
- }
-
- /* basename has too many ifs to use */
- base = strrchr(oname, DIR_DELIMITER);
- if (base == NULL) {
- base = oname;
- } else {
- base++;
- }
-
- suffix = strchr(base, '.');
- if (suffix != NULL) {
- if (strncmp(suffix, ".so", 3) == 0) {
- suffix[0] = 0; /* null terminate before . */
- }
+static char *
+pkcs11ize (const char *name)
+{
+ int len;
+ char *oname;
+ char *base;
+ char *suffix;
+
+ oname = strdup (name);
+ if (oname == NULL)
+ {
+ return NULL;
+ }
+
+ /* basename has too many ifs to use */
+ base = strrchr (oname, DIR_DELIMITER);
+ if (base == NULL)
+ {
+ base = oname;
+ }
+ else
+ {
+ base++;
+ }
+
+ suffix = strchr (base, '.');
+ if (suffix != NULL)
+ {
+ if (strncmp (suffix, ".so", 3) == 0)
+ {
+ suffix[0] = 0; /* null terminate before . */
}
-
- /* check and remove for -p11 or -pkcs11 */
- suffix = base;
- while ((suffix = strchr(suffix, '-')) != NULL) {
- if (strncasecmp(suffix, "-p11", 4) == 0 ||
- strncasecmp(suffix, "-pkcs11", 7) == 0) {
- suffix[0] = 0;
- break;
- }
- suffix++;
+ }
+
+ /* check and remove for -p11 or -pkcs11 */
+ suffix = base;
+ while ((suffix = strchr (suffix, '-')) != NULL)
+ {
+ if (strncasecmp (suffix, "-p11", 4) == 0 ||
+ strncasecmp (suffix, "-pkcs11", 7) == 0)
+ {
+ suffix[0] = 0;
+ break;
}
+ suffix++;
+ }
- len = strlen(base);
+ len = strlen (base);
- memmove(oname, base, len);
- oname[len] = 0;
+ memmove (oname, base, len);
+ oname[len] = 0;
- return oname;
+ return oname;
}
static const char *suffix_prefixes[][2] = {
- {"lib", "pk11.so"},
- {"", "-pkcs11.so"},
- {"", ".so"},
- {"lib", ".so"},
- {NULL, NULL}
+ {"lib", "pk11.so"},
+ {"", "-pkcs11.so"},
+ {"", ".so"},
+ {"lib", ".so"},
+ {NULL, NULL}
};
#define CALL(name, args) (mod->provider->fns->C_ ## name) args
@@ -160,979 +173,1063 @@ static const char *suffix_prefixes[][2] = {
#define CALLS7(n, a, b, c, d, e, f, g) CALLS(n, (sess->id, a, b, c, d, e, f, g))
#ifndef PAKCHOIS_MODPATH
-# define PAKCHOIS_MODPATH "/lib:/usr/lib"
+#define PAKCHOIS_MODPATH "/lib:/usr/lib"
#endif
/* Returns an allocated name of the real module as well
* as it's inode and device numbers.
*/
-static char *find_pkcs11_module_name(const char *hint, dev_t * dev,
- ino_t * ino)
-{
- char module_path[] = PAKCHOIS_MODPATH;
- char *next = module_path;
- struct stat st;
-
- while (next) {
- char *dir = next, *sep = strchr(next, ':');
- unsigned i;
-
- if (sep) {
- *sep++ = '\0';
- next = sep;
- } else {
- next = NULL;
- }
+static char *
+find_pkcs11_module_name (const char *hint, dev_t * dev, ino_t * ino)
+{
+ char module_path[] = PAKCHOIS_MODPATH;
+ char *next = module_path;
+ struct stat st;
+
+ while (next)
+ {
+ char *dir = next, *sep = strchr (next, ':');
+ unsigned i;
+
+ if (sep)
+ {
+ *sep++ = '\0';
+ next = sep;
+ }
+ else
+ {
+ next = NULL;
+ }
- for (i = 0; suffix_prefixes[i][0]; i++) {
- char path[PATH_MAX];
+ for (i = 0; suffix_prefixes[i][0]; i++)
+ {
+ char path[PATH_MAX];
- snprintf(path, sizeof path, "%s/%s%s%s", dir,
- suffix_prefixes[i][0], hint,
- suffix_prefixes[i][1]);
+ snprintf (path, sizeof path, "%s/%s%s%s", dir,
+ suffix_prefixes[i][0], hint, suffix_prefixes[i][1]);
- if (stat(path, &st) < 0)
- continue;
+ if (stat (path, &st) < 0)
+ continue;
- *dev = st.st_dev;
- *ino = st.st_ino;
+ *dev = st.st_dev;
+ *ino = st.st_ino;
- return strdup(path);
- }
+ return strdup (path);
}
+ }
- return NULL;
+ return NULL;
}
/* Expands the given filename and returns an allocated
* string, if the expanded file exists. In that case
* dev and ino are filled in as well.
*/
-static char *find_real_module_name(const char *name, dev_t * dev,
- ino_t * ino)
+static char *
+find_real_module_name (const char *name, dev_t * dev, ino_t * ino)
{
- char *exname = NULL;
- struct stat st;
+ char *exname = NULL;
+ struct stat st;
#ifdef HAVE_WORDEXP
- int len;
- wordexp_t we;
-
- len = wordexp(name, &we, 0);
- if (len == 0) { /* success */
- if (we.we_wordc > 0) { /* we care about the 1st */
- exname = strdup(we.we_wordv[0]);
- }
- wordfree(&we);
+ int len;
+ wordexp_t we;
+
+ len = wordexp (name, &we, 0);
+ if (len == 0)
+ { /* success */
+ if (we.we_wordc > 0)
+ { /* we care about the 1st */
+ exname = strdup (we.we_wordv[0]);
}
+ wordfree (&we);
+ }
#endif
- if (exname == NULL)
- exname = strdup(name);
-
- /* find file information */
- if (exname != NULL) {
- if (stat(exname, &st) >= 0) {
- *dev = st.st_dev;
- *ino = st.st_ino;
- } else {
- free(exname);
- return NULL;
- }
+ if (exname == NULL)
+ exname = strdup (name);
+
+ /* find file information */
+ if (exname != NULL)
+ {
+ if (stat (exname, &st) >= 0)
+ {
+ *dev = st.st_dev;
+ *ino = st.st_ino;
+ }
+ else
+ {
+ free (exname);
+ return NULL;
}
+ }
- return exname;
+ return exname;
}
-static struct provider *find_provider(dev_t dev, ino_t ino)
+static struct provider *
+find_provider (dev_t dev, ino_t ino)
{
- struct provider *p;
+ struct provider *p;
- for (p = provider_list; p; p = p->next) {
- if (dev == p->dev && ino == p->ino) {
- return p;
- }
+ for (p = provider_list; p; p = p->next)
+ {
+ if (dev == p->dev && ino == p->ino)
+ {
+ return p;
}
+ }
- return NULL;
+ return NULL;
}
/* The provider list must be locked when calling it
*/
-static ck_rv_t load_pkcs11_module(struct provider **provider,
- const char *name, dev_t dev, ino_t ino,
- void *reserved)
-{
- struct provider *prov;
- CK_C_GetFunctionList gfl;
- struct ck_c_initialize_args args;
- struct ck_function_list *fns;
- void *h;
- ck_rv_t rv;
-
- /* try the plain name first */
- h = dlopen(name, RTLD_LOCAL | RTLD_NOW);
- if (h == NULL) {
- return CKR_GENERAL_ERROR;
- }
-
- gfl = dlsym(h, "C_GetFunctionList");
- if (!gfl) {
- rv = CKR_GENERAL_ERROR;
- goto fail_dso;
- }
-
- prov = malloc(sizeof *prov);
- if (prov == NULL) {
- rv = CKR_HOST_MEMORY;
- goto fail_dso;
- }
-
- if (gnutls_mutex_init(&prov->mutex)) {
- rv = CKR_CANT_LOCK;
- goto fail_ctx;
- }
-
- rv = gfl(&fns);
- if (rv != CKR_OK) {
- goto fail_ctx;
- }
-
- prov->dev = dev;
- prov->ino = ino;
- prov->name = pkcs11ize(name);
- prov->handle = h;
- prov->fns = fns;
- prov->refcount = 1;
- prov->reserved = reserved;
-
- /* Require OS locking, the only sane option. */
- memset(&args, 0, sizeof args);
- args.flags = CKF_OS_LOCKING_OK;
- args.reserved = reserved;
-
- rv = fns->C_Initialize(&args);
- if (rv != CKR_OK) {
- goto fail_ctx;
- }
-
- prov->next = provider_list;
- prov->prevref = &provider_list;
- if (prov->next) {
- prov->next->prevref = &prov->next;
- }
- provider_list = prov;
-
- *provider = prov;
- return CKR_OK;
-
- fail_ctx:
- free(prov);
- fail_dso:
- dlclose(h);
-
- return rv;
+static ck_rv_t
+load_pkcs11_module (struct provider **provider,
+ const char *name, dev_t dev, ino_t ino, void *reserved)
+{
+ struct provider *prov;
+ CK_C_GetFunctionList gfl;
+ struct ck_c_initialize_args args;
+ struct ck_function_list *fns;
+ void *h;
+ ck_rv_t rv;
+
+ /* try the plain name first */
+ h = dlopen (name, RTLD_LOCAL | RTLD_NOW);
+ if (h == NULL)
+ {
+ return CKR_GENERAL_ERROR;
+ }
+
+ gfl = dlsym (h, "C_GetFunctionList");
+ if (!gfl)
+ {
+ rv = CKR_GENERAL_ERROR;
+ goto fail_dso;
+ }
+
+ prov = malloc (sizeof *prov);
+ if (prov == NULL)
+ {
+ rv = CKR_HOST_MEMORY;
+ goto fail_dso;
+ }
+
+ if (gnutls_mutex_init (&prov->mutex))
+ {
+ rv = CKR_CANT_LOCK;
+ goto fail_ctx;
+ }
+
+ rv = gfl (&fns);
+ if (rv != CKR_OK)
+ {
+ goto fail_ctx;
+ }
+
+ prov->dev = dev;
+ prov->ino = ino;
+ prov->name = pkcs11ize (name);
+ prov->handle = h;
+ prov->fns = fns;
+ prov->refcount = 1;
+ prov->reserved = reserved;
+
+ /* Require OS locking, the only sane option. */
+ memset (&args, 0, sizeof args);
+ args.flags = CKF_OS_LOCKING_OK;
+ args.reserved = reserved;
+
+ rv = fns->C_Initialize (&args);
+ if (rv != CKR_OK)
+ {
+ goto fail_ctx;
+ }
+
+ prov->next = provider_list;
+ prov->prevref = &provider_list;
+ if (prov->next)
+ {
+ prov->next->prevref = &prov->next;
+ }
+ provider_list = prov;
+
+ *provider = prov;
+ return CKR_OK;
+
+fail_ctx:
+ free (prov);
+fail_dso:
+ dlclose (h);
+
+ return rv;
}
/* Will load a provider using the given name. If real_name is zero
* name is used as a hint to find library otherwise it is used as
* absolute name.
*/
-static ck_rv_t load_provider(struct provider **provider, const char *name,
- void *reserved, int real_name)
-{
- ck_rv_t rv;
- char *cname = NULL;
- dev_t dev;
- ino_t ino;
+static ck_rv_t
+load_provider (struct provider **provider, const char *name,
+ void *reserved, int real_name)
+{
+ ck_rv_t rv;
+ char *cname = NULL;
+ dev_t dev;
+ ino_t ino;
+
+ if (gnutls_mutex_lock (&provider_mutex) != 0)
+ {
+ return CKR_CANT_LOCK;
+ }
+
+ if (real_name)
+ {
+ cname = find_real_module_name (name, &dev, &ino);
+ }
+ else
+ {
+ cname = find_pkcs11_module_name (name, &dev, &ino);
+ }
- if (gnutls_mutex_lock(&provider_mutex) != 0) {
- return CKR_CANT_LOCK;
- }
-
- if (real_name) {
- cname = find_real_module_name(name, &dev, &ino);
- } else {
- cname = find_pkcs11_module_name(name, &dev, &ino);
- }
+ if (cname == NULL)
+ {
+ rv = CKR_ARGUMENTS_BAD;
+ goto fail_locked;
+ }
- if (cname == NULL) {
- rv = CKR_ARGUMENTS_BAD;
- goto fail_locked;
- }
+ *provider = find_provider (dev, ino);
+ if (*provider)
+ {
+ (*provider)->refcount++;
+ free (cname);
+ gnutls_mutex_unlock (&provider_mutex);
+ return CKR_OK;
+ }
- *provider = find_provider(dev, ino);
- if (*provider) {
- (*provider)->refcount++;
- free(cname);
- gnutls_mutex_unlock(&provider_mutex);
- return CKR_OK;
- }
+ rv = load_pkcs11_module (provider, cname, dev, ino, reserved);
+ if (rv != CKR_OK)
+ {
+ goto fail_ndup;
+ }
- rv = load_pkcs11_module(provider, cname, dev, ino, reserved);
- if (rv != CKR_OK) {
- goto fail_ndup;
- }
+ rv = CKR_OK;
- rv = CKR_OK;
-
- fail_ndup:
- free(cname);
- fail_locked:
- gnutls_mutex_unlock(&provider_mutex);
- return rv;
+fail_ndup:
+ free (cname);
+fail_locked:
+ gnutls_mutex_unlock (&provider_mutex);
+ return rv;
}
-static void providers_reinit(void)
+static void
+providers_reinit (void)
{
- struct ck_c_initialize_args args;
- ck_rv_t rv;
- struct provider *p;
+ struct ck_c_initialize_args args;
+ ck_rv_t rv;
+ struct provider *p;
- assert(gnutls_mutex_lock(&provider_mutex) == 0);
+ assert (gnutls_mutex_lock (&provider_mutex) == 0);
- memset(&args, 0, sizeof args);
- args.flags = CKF_OS_LOCKING_OK;
+ memset (&args, 0, sizeof args);
+ args.flags = CKF_OS_LOCKING_OK;
- for (p = provider_list; p; p = p->next) {
- args.reserved = p->reserved;
- rv = p->fns->C_Initialize(&args);
- assert(rv == CKR_OK); /* what can we do? */
- }
+ for (p = provider_list; p; p = p->next)
+ {
+ args.reserved = p->reserved;
+ rv = p->fns->C_Initialize (&args);
+ assert (rv == CKR_OK); /* what can we do? */
+ }
- gnutls_mutex_unlock(&provider_mutex);
+ gnutls_mutex_unlock (&provider_mutex);
}
-static ck_rv_t load_module(pakchois_module_t ** module, const char *name,
- void *reserved, unsigned int real_name)
+static ck_rv_t
+load_module (pakchois_module_t ** module, const char *name,
+ void *reserved, unsigned int real_name)
{
- ck_rv_t rv;
- pakchois_module_t *pm = malloc(sizeof *pm);
- static int forkinit = 0;
+ ck_rv_t rv;
+ pakchois_module_t *pm = malloc (sizeof *pm);
+ static int forkinit = 0;
- if (!pm) {
- return CKR_HOST_MEMORY;
- }
+ if (!pm)
+ {
+ return CKR_HOST_MEMORY;
+ }
- if (provider_mutex == NULL) {
- gnutls_mutex_init(&provider_mutex);
- }
+ if (provider_mutex == NULL)
+ {
+ gnutls_mutex_init (&provider_mutex);
+ }
- assert(gnutls_mutex_lock(&provider_mutex) == 0);
+ assert (gnutls_mutex_lock (&provider_mutex) == 0);
- if (forkinit == 0) {
- _gnutls_atfork(NULL, NULL, providers_reinit);
- forkinit++;
- }
+ if (forkinit == 0)
+ {
+ _gnutls_atfork (NULL, NULL, providers_reinit);
+ forkinit++;
+ }
- gnutls_mutex_unlock(&provider_mutex);
+ gnutls_mutex_unlock (&provider_mutex);
- rv = load_provider(&pm->provider, name, reserved, real_name);
- if (rv) {
- return rv;
- }
+ rv = load_provider (&pm->provider, name, reserved, real_name);
+ if (rv)
+ {
+ return rv;
+ }
- *module = pm;
- pm->slots = NULL;
+ *module = pm;
+ pm->slots = NULL;
- return CKR_OK;
+ return CKR_OK;
}
-ck_rv_t pakchois_module_load(pakchois_module_t ** module, const char *name)
+ck_rv_t
+pakchois_module_load (pakchois_module_t ** module, const char *name)
{
- return load_module(module, name, NULL, 0);
+ return load_module (module, name, NULL, 0);
}
-ck_rv_t pakchois_module_load_abs(pakchois_module_t ** module,
- const char *name)
+ck_rv_t
+pakchois_module_load_abs (pakchois_module_t ** module, const char *name)
{
- return load_module(module, name, NULL, 1);
+ return load_module (module, name, NULL, 1);
}
-ck_rv_t pakchois_module_nssload(pakchois_module_t ** module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix,
- const char *secmod_db)
+ck_rv_t
+pakchois_module_nssload (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix, const char *secmod_db)
{
- char buf[256];
+ char buf[256];
- snprintf(buf, sizeof buf,
- "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
- directory, cert_prefix ? cert_prefix : "",
- key_prefix ? key_prefix : "",
- secmod_db ? secmod_db : "secmod.db");
+ snprintf (buf, sizeof buf,
+ "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
+ directory, cert_prefix ? cert_prefix : "",
+ key_prefix ? key_prefix : "",
+ secmod_db ? secmod_db : "secmod.db");
- return load_module(module, name, buf, 0);
+ return load_module (module, name, buf, 0);
}
-ck_rv_t pakchois_module_nssload_abs(pakchois_module_t ** module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix,
- const char *secmod_db)
+ck_rv_t
+pakchois_module_nssload_abs (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix, const char *secmod_db)
{
- char buf[256];
+ char buf[256];
- snprintf(buf, sizeof buf,
- "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
- directory, cert_prefix ? cert_prefix : "",
- key_prefix ? key_prefix : "",
- secmod_db ? secmod_db : "secmod.db");
+ snprintf (buf, sizeof buf,
+ "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
+ directory, cert_prefix ? cert_prefix : "",
+ key_prefix ? key_prefix : "",
+ secmod_db ? secmod_db : "secmod.db");
- return load_module(module, name, buf, 1);
+ return load_module (module, name, buf, 1);
}
/* Unreference a provider structure and destoy if, if necessary. Must
* be called WIHTOUT the provider mutex held. */
-static void provider_unref(struct provider *prov)
-{
- assert(gnutls_mutex_lock(&provider_mutex) == 0);
-
- if (--prov->refcount == 0) {
- prov->fns->C_Finalize(NULL);
- dlclose(prov->handle);
- *prov->prevref = prov->next;
- if (prov->next) {
- prov->next->prevref = prov->prevref;
- }
- free(prov->name);
- free(prov);
+static void
+provider_unref (struct provider *prov)
+{
+ assert (gnutls_mutex_lock (&provider_mutex) == 0);
+
+ if (--prov->refcount == 0)
+ {
+ prov->fns->C_Finalize (NULL);
+ dlclose (prov->handle);
+ *prov->prevref = prov->next;
+ if (prov->next)
+ {
+ prov->next->prevref = prov->prevref;
}
- gnutls_mutex_unlock(&provider_mutex);
+ free (prov->name);
+ free (prov);
+ }
+ gnutls_mutex_unlock (&provider_mutex);
}
-void pakchois_module_destroy(pakchois_module_t * mod)
+void
+pakchois_module_destroy (pakchois_module_t * mod)
{
- provider_unref(mod->provider);
+ provider_unref (mod->provider);
- while (mod->slots) {
- struct slot *slot = mod->slots;
- pakchois_close_all_sessions(mod, slot->id);
- mod->slots = slot->next;
- free(slot);
- }
+ while (mod->slots)
+ {
+ struct slot *slot = mod->slots;
+ pakchois_close_all_sessions (mod, slot->id);
+ mod->slots = slot->next;
+ free (slot);
+ }
- free(mod);
+ free (mod);
}
#ifdef __GNUC__
-static void pakchois_destructor(void)
- __attribute__ ((destructor));
+static void pakchois_destructor (void) __attribute__ ((destructor));
-static void pakchois_destructor(void)
+static void
+pakchois_destructor (void)
{
- if (provider_mutex != NULL)
- gnutls_mutex_deinit(&provider_mutex);
+ if (provider_mutex != NULL)
+ gnutls_mutex_deinit (&provider_mutex);
}
#else
#warning need destructor support
#endif
-ck_rv_t pakchois_get_info(pakchois_module_t * mod, struct ck_info *info)
+ck_rv_t
+pakchois_get_info (pakchois_module_t * mod, struct ck_info *info)
{
- return CALL(GetInfo, (info));
+ return CALL (GetInfo, (info));
}
-ck_rv_t pakchois_get_slot_list(pakchois_module_t * mod,
- unsigned char token_present,
- ck_slot_id_t * slot_list,
- unsigned long *count)
+ck_rv_t
+pakchois_get_slot_list (pakchois_module_t * mod,
+ unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count)
{
- return CALL(GetSlotList, (token_present, slot_list, count));
+ return CALL (GetSlotList, (token_present, slot_list, count));
}
-ck_rv_t pakchois_get_slot_info(pakchois_module_t * mod,
- ck_slot_id_t slot_id,
- struct ck_slot_info * info)
+ck_rv_t
+pakchois_get_slot_info (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, struct ck_slot_info * info)
{
- return CALL(GetSlotInfo, (slot_id, info));
+ return CALL (GetSlotInfo, (slot_id, info));
}
-ck_rv_t pakchois_get_token_info(pakchois_module_t * mod,
- ck_slot_id_t slot_id,
- struct ck_token_info * info)
+ck_rv_t
+pakchois_get_token_info (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, struct ck_token_info * info)
{
- return CALL(GetTokenInfo, (slot_id, info));
+ return CALL (GetTokenInfo, (slot_id, info));
}
-ck_rv_t pakchois_wait_for_slot_event(pakchois_module_t * mod,
- ck_flags_t flags, ck_slot_id_t * slot,
- void *reserved)
+ck_rv_t
+pakchois_wait_for_slot_event (pakchois_module_t * mod,
+ ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved)
{
- ck_rv_t rv;
+ ck_rv_t rv;
- if (gnutls_mutex_lock(&mod->provider->mutex)) {
- return CKR_CANT_LOCK;
- }
+ if (gnutls_mutex_lock (&mod->provider->mutex))
+ {
+ return CKR_CANT_LOCK;
+ }
- rv = CALL(WaitForSlotEvent, (flags, slot, reserved));
- gnutls_mutex_unlock(&mod->provider->mutex);
- return rv;
+ rv = CALL (WaitForSlotEvent, (flags, slot, reserved));
+ gnutls_mutex_unlock (&mod->provider->mutex);
+ return rv;
}
-ck_rv_t pakchois_get_mechanism_list(pakchois_module_t * mod,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t * mechanism_list,
- unsigned long *count)
+ck_rv_t
+pakchois_get_mechanism_list (pakchois_module_t * mod,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count)
{
- return CALL(GetMechanismList, (slot_id, mechanism_list, count));
+ return CALL (GetMechanismList, (slot_id, mechanism_list, count));
}
-ck_rv_t pakchois_get_mechanism_info(pakchois_module_t * mod,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t type,
- struct ck_mechanism_info * info)
+ck_rv_t
+pakchois_get_mechanism_info (pakchois_module_t * mod,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t type,
+ struct ck_mechanism_info * info)
{
- return CALL(GetMechanismInfo, (slot_id, type, info));
+ return CALL (GetMechanismInfo, (slot_id, type, info));
}
-ck_rv_t pakchois_init_token(pakchois_module_t * mod,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label)
+ck_rv_t
+pakchois_init_token (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label)
{
- return CALL(InitToken, (slot_id, pin, pin_len, label));
+ return CALL (InitToken, (slot_id, pin, pin_len, label));
}
-ck_rv_t pakchois_init_pin(pakchois_session_t * sess, unsigned char *pin,
- unsigned long pin_len)
+ck_rv_t
+pakchois_init_pin (pakchois_session_t * sess, unsigned char *pin,
+ unsigned long pin_len)
{
- return CALLS2(InitPIN, pin, pin_len);
+ return CALLS2 (InitPIN, pin, pin_len);
}
-ck_rv_t pakchois_set_pin(pakchois_session_t * sess, unsigned char *old_pin,
- unsigned long old_len, unsigned char *new_pin,
- unsigned long new_len)
+ck_rv_t
+pakchois_set_pin (pakchois_session_t * sess, unsigned char *old_pin,
+ unsigned long old_len, unsigned char *new_pin,
+ unsigned long new_len)
{
- return CALLS4(SetPIN, old_pin, old_len, new_pin, new_len);
+ return CALLS4 (SetPIN, old_pin, old_len, new_pin, new_len);
}
-static ck_rv_t notify_thunk(ck_session_handle_t session,
- ck_notification_t event, void *application)
+static ck_rv_t
+notify_thunk (ck_session_handle_t session,
+ ck_notification_t event, void *application)
{
- pakchois_session_t *sess = application;
+ pakchois_session_t *sess = application;
- return sess->notify(sess, event, sess->notify_data);
+ return sess->notify (sess, event, sess->notify_data);
}
-static struct slot *find_slot(pakchois_module_t * mod, ck_slot_id_t id)
+static struct slot *
+find_slot (pakchois_module_t * mod, ck_slot_id_t id)
{
- struct slot *slot;
+ struct slot *slot;
- for (slot = mod->slots; slot; slot = slot->next)
- if (slot->id == id)
- return slot;
+ for (slot = mod->slots; slot; slot = slot->next)
+ if (slot->id == id)
+ return slot;
- return NULL;
+ return NULL;
}
-static struct slot *find_or_create_slot(pakchois_module_t * mod,
- ck_slot_id_t id)
+static struct slot *
+find_or_create_slot (pakchois_module_t * mod, ck_slot_id_t id)
{
- struct slot *slot = find_slot(mod, id);
+ struct slot *slot = find_slot (mod, id);
- if (slot) {
- return slot;
- }
+ if (slot)
+ {
+ return slot;
+ }
- slot = malloc(sizeof *slot);
- if (!slot) {
- return NULL;
- }
+ slot = malloc (sizeof *slot);
+ if (!slot)
+ {
+ return NULL;
+ }
- slot->id = id;
- slot->sessions = NULL;
- slot->next = mod->slots;
- mod->slots = slot;
+ slot->id = id;
+ slot->sessions = NULL;
+ slot->next = mod->slots;
+ mod->slots = slot;
- return slot;
+ return slot;
}
-static ck_rv_t insert_session(pakchois_module_t * mod,
- pakchois_session_t * session,
- ck_slot_id_t id)
+static ck_rv_t
+insert_session (pakchois_module_t * mod,
+ pakchois_session_t * session, ck_slot_id_t id)
{
- struct slot *slot = find_or_create_slot(mod, id);
+ struct slot *slot = find_or_create_slot (mod, id);
- if (!slot) {
- return CKR_HOST_MEMORY;
- }
+ if (!slot)
+ {
+ return CKR_HOST_MEMORY;
+ }
- session->prevref = &slot->sessions;
- session->next = slot->sessions;
- if (session->next) {
- session->next->prevref = session->prevref;
- }
- slot->sessions = session;
+ session->prevref = &slot->sessions;
+ session->next = slot->sessions;
+ if (session->next)
+ {
+ session->next->prevref = session->prevref;
+ }
+ slot->sessions = session;
- return CKR_OK;
+ return CKR_OK;
}
-ck_rv_t pakchois_open_session(pakchois_module_t * mod,
- ck_slot_id_t slot_id, ck_flags_t flags,
- void *application, pakchois_notify_t notify,
- pakchois_session_t ** session)
+ck_rv_t
+pakchois_open_session (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, pakchois_notify_t notify,
+ pakchois_session_t ** session)
{
- ck_session_handle_t sh;
- pakchois_session_t *sess;
- ck_rv_t rv;
+ ck_session_handle_t sh;
+ pakchois_session_t *sess;
+ ck_rv_t rv;
- sess = calloc(1, sizeof *sess);
- if (sess == NULL) {
- return CKR_HOST_MEMORY;
- }
+ sess = calloc (1, sizeof *sess);
+ if (sess == NULL)
+ {
+ return CKR_HOST_MEMORY;
+ }
- rv = CALL(OpenSession, (slot_id, flags, sess, notify_thunk, &sh));
- if (rv != CKR_OK) {
- free(sess);
- return rv;
- }
+ rv = CALL (OpenSession, (slot_id, flags, sess, notify_thunk, &sh));
+ if (rv != CKR_OK)
+ {
+ free (sess);
+ return rv;
+ }
- *session = sess;
- sess->module = mod;
- sess->id = sh;
+ *session = sess;
+ sess->module = mod;
+ sess->id = sh;
- return insert_session(mod, sess, slot_id);
+ return insert_session (mod, sess, slot_id);
}
-ck_rv_t pakchois_close_session(pakchois_session_t * sess)
+ck_rv_t
+pakchois_close_session (pakchois_session_t * sess)
{
- /* PKCS#11 says that all bets are off on failure, so destroy the
- * session object and just return the error code. */
- ck_rv_t rv = CALLS(CloseSession, (sess->id));
- *sess->prevref = sess->next;
- if (sess->next) {
- sess->next->prevref = sess->prevref;
- }
- free(sess);
- return rv;
+ /* PKCS#11 says that all bets are off on failure, so destroy the
+ * session object and just return the error code. */
+ ck_rv_t rv = CALLS (CloseSession, (sess->id));
+ *sess->prevref = sess->next;
+ if (sess->next)
+ {
+ sess->next->prevref = sess->prevref;
+ }
+ free (sess);
+ return rv;
}
-ck_rv_t pakchois_close_all_sessions(pakchois_module_t * mod,
- ck_slot_id_t slot_id)
+ck_rv_t
+pakchois_close_all_sessions (pakchois_module_t * mod, ck_slot_id_t slot_id)
{
- struct slot *slot;
- ck_rv_t rv, frv = CKR_OK;
+ struct slot *slot;
+ ck_rv_t rv, frv = CKR_OK;
- slot = find_slot(mod, slot_id);
+ slot = find_slot (mod, slot_id);
- if (!slot) {
- return CKR_SLOT_ID_INVALID;
- }
+ if (!slot)
+ {
+ return CKR_SLOT_ID_INVALID;
+ }
- while (slot->sessions) {
- rv = pakchois_close_session(slot->sessions);
- if (rv != CKR_OK) {
- frv = rv;
- }
+ while (slot->sessions)
+ {
+ rv = pakchois_close_session (slot->sessions);
+ if (rv != CKR_OK)
+ {
+ frv = rv;
}
+ }
- return frv;
+ return frv;
}
-ck_rv_t pakchois_get_session_info(pakchois_session_t * sess,
- struct ck_session_info * info)
+ck_rv_t
+pakchois_get_session_info (pakchois_session_t * sess,
+ struct ck_session_info * info)
{
- return CALLS1(GetSessionInfo, info);
+ return CALLS1 (GetSessionInfo, info);
}
-ck_rv_t pakchois_get_operation_state(pakchois_session_t * sess,
- unsigned char *operation_state,
- unsigned long *operation_state_len)
+ck_rv_t
+pakchois_get_operation_state (pakchois_session_t * sess,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len)
{
- return CALLS2(GetOperationState, operation_state,
- operation_state_len);
+ return CALLS2 (GetOperationState, operation_state, operation_state_len);
}
-ck_rv_t pakchois_set_operation_state(pakchois_session_t * sess,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
- ck_object_handle_t authentiation_key)
+ck_rv_t
+pakchois_set_operation_state (pakchois_session_t * sess,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key)
{
- return CALLS4(SetOperationState, operation_state,
- operation_state_len, encryption_key,
- authentiation_key);
+ return CALLS4 (SetOperationState, operation_state,
+ operation_state_len, encryption_key, authentiation_key);
}
-ck_rv_t pakchois_login(pakchois_session_t * sess, ck_user_type_t user_type,
- unsigned char *pin, unsigned long pin_len)
+ck_rv_t
+pakchois_login (pakchois_session_t * sess, ck_user_type_t user_type,
+ unsigned char *pin, unsigned long pin_len)
{
- return CALLS3(Login, user_type, pin, pin_len);
+ return CALLS3 (Login, user_type, pin, pin_len);
}
-ck_rv_t pakchois_logout(pakchois_session_t * sess)
+ck_rv_t
+pakchois_logout (pakchois_session_t * sess)
{
- return CALLS(Logout, (sess->id));
+ return CALLS (Logout, (sess->id));
}
-ck_rv_t pakchois_create_object(pakchois_session_t * sess,
- struct ck_attribute * templ,
- unsigned long count,
- ck_object_handle_t * object)
+ck_rv_t
+pakchois_create_object (pakchois_session_t * sess,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object)
{
- return CALLS3(CreateObject, templ, count, object);
+ return CALLS3 (CreateObject, templ, count, object);
}
-ck_rv_t pakchois_copy_object(pakchois_session_t * sess,
- ck_object_handle_t object,
- struct ck_attribute * templ,
- unsigned long count,
- ck_object_handle_t * new_object)
+ck_rv_t
+pakchois_copy_object (pakchois_session_t * sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * new_object)
{
- return CALLS4(CopyObject, object, templ, count, new_object);
+ return CALLS4 (CopyObject, object, templ, count, new_object);
}
-ck_rv_t pakchois_destroy_object(pakchois_session_t * sess,
- ck_object_handle_t object)
+ck_rv_t
+pakchois_destroy_object (pakchois_session_t * sess, ck_object_handle_t object)
{
- return CALLS1(DestroyObject, object);
+ return CALLS1 (DestroyObject, object);
}
-ck_rv_t pakchois_get_object_size(pakchois_session_t * sess,
- ck_object_handle_t object,
- unsigned long *size)
+ck_rv_t
+pakchois_get_object_size (pakchois_session_t * sess,
+ ck_object_handle_t object, unsigned long *size)
{
- return CALLS2(GetObjectSize, object, size);
+ return CALLS2 (GetObjectSize, object, size);
}
-ck_rv_t pakchois_get_attribute_value(pakchois_session_t * sess,
- ck_object_handle_t object,
- struct ck_attribute * templ,
- unsigned long count)
+ck_rv_t
+pakchois_get_attribute_value (pakchois_session_t * sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
{
- return CALLS3(GetAttributeValue, object, templ, count);
+ return CALLS3 (GetAttributeValue, object, templ, count);
}
-ck_rv_t pakchois_set_attribute_value(pakchois_session_t * sess,
- ck_object_handle_t object,
- struct ck_attribute * templ,
- unsigned long count)
+ck_rv_t
+pakchois_set_attribute_value (pakchois_session_t * sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
{
- return CALLS3(SetAttributeValue, object, templ, count);
+ return CALLS3 (SetAttributeValue, object, templ, count);
}
-ck_rv_t pakchois_find_objects_init(pakchois_session_t * sess,
- struct ck_attribute * templ,
- unsigned long count)
+ck_rv_t
+pakchois_find_objects_init (pakchois_session_t * sess,
+ struct ck_attribute * templ, unsigned long count)
{
- return CALLS2(FindObjectsInit, templ, count);
+ return CALLS2 (FindObjectsInit, templ, count);
}
-ck_rv_t pakchois_find_objects(pakchois_session_t * sess,
- ck_object_handle_t * object,
- unsigned long max_object_count,
- unsigned long *object_count)
+ck_rv_t
+pakchois_find_objects (pakchois_session_t * sess,
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count)
{
- return CALLS3(FindObjects, object, max_object_count, object_count);
+ return CALLS3 (FindObjects, object, max_object_count, object_count);
}
-ck_rv_t pakchois_find_objects_final(pakchois_session_t * sess)
+ck_rv_t
+pakchois_find_objects_final (pakchois_session_t * sess)
{
- return CALLS(FindObjectsFinal, (sess->id));
+ return CALLS (FindObjectsFinal, (sess->id));
}
-ck_rv_t pakchois_encrypt_init(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ck_rv_t
+pakchois_encrypt_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
- return CALLS2(EncryptInit, mechanism, key);
+ return CALLS2 (EncryptInit, mechanism, key);
}
-ck_rv_t pakchois_encrypt(pakchois_session_t * sess,
- unsigned char *data, unsigned long data_len,
- unsigned char *encrypted_data,
- unsigned long *encrypted_data_len)
+ck_rv_t
+pakchois_encrypt (pakchois_session_t * sess,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len)
{
- return CALLS4(Encrypt, data, data_len,
- encrypted_data, encrypted_data_len);
+ return CALLS4 (Encrypt, data, data_len, encrypted_data, encrypted_data_len);
}
-ck_rv_t pakchois_encrypt_update(pakchois_session_t * sess,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len)
+ck_rv_t
+pakchois_encrypt_update (pakchois_session_t * sess,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
{
- return CALLS4(EncryptUpdate, part, part_len,
- encrypted_part, encrypted_part_len);
+ return CALLS4 (EncryptUpdate, part, part_len,
+ encrypted_part, encrypted_part_len);
}
-ck_rv_t pakchois_encrypt_final(pakchois_session_t * sess,
- unsigned char *last_encrypted_part,
- unsigned long *last_encrypted_part_len)
+ck_rv_t
+pakchois_encrypt_final (pakchois_session_t * sess,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len)
{
- return CALLS2(EncryptFinal, last_encrypted_part,
- last_encrypted_part_len);
+ return CALLS2 (EncryptFinal, last_encrypted_part, last_encrypted_part_len);
}
-ck_rv_t pakchois_decrypt_init(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ck_rv_t
+pakchois_decrypt_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
- return CALLS2(DecryptInit, mechanism, key);
+ return CALLS2 (DecryptInit, mechanism, key);
}
-ck_rv_t pakchois_decrypt(pakchois_session_t * sess,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len)
+ck_rv_t
+pakchois_decrypt (pakchois_session_t * sess,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len)
{
- return CALLS4(Decrypt, encrypted_data, encrypted_data_len, data,
- data_len);
+ return CALLS4 (Decrypt, encrypted_data, encrypted_data_len, data, data_len);
}
-ck_rv_t pakchois_decrypt_update(pakchois_session_t * sess,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len)
+ck_rv_t
+pakchois_decrypt_update (pakchois_session_t * sess,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
{
- return CALLS4(DecryptUpdate, encrypted_part, encrypted_part_len,
- part, part_len);
+ return CALLS4 (DecryptUpdate, encrypted_part, encrypted_part_len,
+ part, part_len);
}
-ck_rv_t pakchois_decrypt_final(pakchois_session_t * sess,
- unsigned char *last_part,
- unsigned long *last_part_len)
+ck_rv_t
+pakchois_decrypt_final (pakchois_session_t * sess,
+ unsigned char *last_part,
+ unsigned long *last_part_len)
{
- return CALLS2(DecryptFinal, last_part, last_part_len);
+ return CALLS2 (DecryptFinal, last_part, last_part_len);
}
-ck_rv_t pakchois_digest_init(pakchois_session_t * sess,
- struct ck_mechanism * mechanism)
+ck_rv_t
+pakchois_digest_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism)
{
- return CALLS1(DigestInit, mechanism);
+ return CALLS1 (DigestInit, mechanism);
}
-ck_rv_t pakchois_digest(pakchois_session_t * sess, unsigned char *data,
- unsigned long data_len, unsigned char *digest,
- unsigned long *digest_len)
+ck_rv_t
+pakchois_digest (pakchois_session_t * sess, unsigned char *data,
+ unsigned long data_len, unsigned char *digest,
+ unsigned long *digest_len)
{
- return CALLS4(Digest, data, data_len, digest, digest_len);
+ return CALLS4 (Digest, data, data_len, digest, digest_len);
}
-ck_rv_t pakchois_digest_update(pakchois_session_t * sess,
- unsigned char *part, unsigned long part_len)
+ck_rv_t
+pakchois_digest_update (pakchois_session_t * sess,
+ unsigned char *part, unsigned long part_len)
{
- return CALLS2(DigestUpdate, part, part_len);
+ return CALLS2 (DigestUpdate, part, part_len);
}
-ck_rv_t pakchois_digest_key(pakchois_session_t * sess,
- ck_object_handle_t key)
+ck_rv_t
+pakchois_digest_key (pakchois_session_t * sess, ck_object_handle_t key)
{
- return CALLS1(DigestKey, key);
+ return CALLS1 (DigestKey, key);
}
-ck_rv_t pakchois_digest_final(pakchois_session_t * sess,
- unsigned char *digest,
- unsigned long *digest_len)
+ck_rv_t
+pakchois_digest_final (pakchois_session_t * sess,
+ unsigned char *digest, unsigned long *digest_len)
{
- return CALLS2(DigestFinal, digest, digest_len);
+ return CALLS2 (DigestFinal, digest, digest_len);
}
-ck_rv_t pakchois_sign_init(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ck_rv_t
+pakchois_sign_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
{
- return CALLS2(SignInit, mechanism, key);
+ return CALLS2 (SignInit, mechanism, key);
}
-ck_rv_t pakchois_sign(pakchois_session_t * sess, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long *signature_len)
+ck_rv_t
+pakchois_sign (pakchois_session_t * sess, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long *signature_len)
{
- return CALLS4(Sign, data, data_len, signature, signature_len);
+ return CALLS4 (Sign, data, data_len, signature, signature_len);
}
-ck_rv_t pakchois_sign_update(pakchois_session_t * sess,
- unsigned char *part, unsigned long part_len)
+ck_rv_t
+pakchois_sign_update (pakchois_session_t * sess,
+ unsigned char *part, unsigned long part_len)
{
- return CALLS2(SignUpdate, part, part_len);
+ return CALLS2 (SignUpdate, part, part_len);
}
-ck_rv_t pakchois_sign_final(pakchois_session_t * sess,
- unsigned char *signature,
- unsigned long *signature_len)
+ck_rv_t
+pakchois_sign_final (pakchois_session_t * sess,
+ unsigned char *signature, unsigned long *signature_len)
{
- return CALLS2(SignFinal, signature, signature_len);
+ return CALLS2 (SignFinal, signature, signature_len);
}
-ck_rv_t pakchois_sign_recover_init(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ck_rv_t
+pakchois_sign_recover_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
- return CALLS2(SignRecoverInit, mechanism, key);
+ return CALLS2 (SignRecoverInit, mechanism, key);
}
-ck_rv_t pakchois_sign_recover(pakchois_session_t * sess,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len)
+ck_rv_t
+pakchois_sign_recover (pakchois_session_t * sess,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature, unsigned long *signature_len)
{
- return CALLS4(SignRecover, data, data_len, signature,
- signature_len);
+ return CALLS4 (SignRecover, data, data_len, signature, signature_len);
}
-ck_rv_t pakchois_verify_init(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ck_rv_t
+pakchois_verify_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
{
- return CALLS2(VerifyInit, mechanism, key);
+ return CALLS2 (VerifyInit, mechanism, key);
}
-ck_rv_t pakchois_verify(pakchois_session_t * sess, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long signature_len)
+ck_rv_t
+pakchois_verify (pakchois_session_t * sess, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long signature_len)
{
- return CALLS4(Verify, data, data_len, signature, signature_len);
+ return CALLS4 (Verify, data, data_len, signature, signature_len);
}
-ck_rv_t pakchois_verify_update(pakchois_session_t * sess,
- unsigned char *part, unsigned long part_len)
+ck_rv_t
+pakchois_verify_update (pakchois_session_t * sess,
+ unsigned char *part, unsigned long part_len)
{
- return CALLS2(VerifyUpdate, part, part_len);
+ return CALLS2 (VerifyUpdate, part, part_len);
}
-ck_rv_t pakchois_verify_final(pakchois_session_t * sess,
- unsigned char *signature,
- unsigned long signature_len)
+ck_rv_t
+pakchois_verify_final (pakchois_session_t * sess,
+ unsigned char *signature, unsigned long signature_len)
{
- return CALLS2(VerifyFinal, signature, signature_len);
+ return CALLS2 (VerifyFinal, signature, signature_len);
}
-ck_rv_t pakchois_verify_recover_init(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ck_rv_t
+pakchois_verify_recover_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
- return CALLS2(VerifyRecoverInit, mechanism, key);
+ return CALLS2 (VerifyRecoverInit, mechanism, key);
}
-ck_rv_t pakchois_verify_recover(pakchois_session_t * sess,
- unsigned char *signature,
- unsigned long signature_len,
- unsigned char *data,
- unsigned long *data_len)
+ck_rv_t
+pakchois_verify_recover (pakchois_session_t * sess,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data, unsigned long *data_len)
{
- return CALLS4(VerifyRecover, signature, signature_len, data,
- data_len);
+ return CALLS4 (VerifyRecover, signature, signature_len, data, data_len);
}
-ck_rv_t pakchois_digest_encrypt_update(pakchois_session_t * sess,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len)
+ck_rv_t
+pakchois_digest_encrypt_update (pakchois_session_t * sess,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
{
- return CALLS4(DigestEncryptUpdate, part, part_len,
- encrypted_part, encrypted_part_len);
+ return CALLS4 (DigestEncryptUpdate, part, part_len,
+ encrypted_part, encrypted_part_len);
}
-ck_rv_t pakchois_decrypt_digest_update(pakchois_session_t * sess,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len)
+ck_rv_t
+pakchois_decrypt_digest_update (pakchois_session_t * sess,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
{
- return CALLS4(DecryptDigestUpdate, encrypted_part,
- encrypted_part_len, part, part_len);
+ return CALLS4 (DecryptDigestUpdate, encrypted_part,
+ encrypted_part_len, part, part_len);
}
-ck_rv_t pakchois_sign_encrypt_update(pakchois_session_t * sess,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len)
+ck_rv_t
+pakchois_sign_encrypt_update (pakchois_session_t * sess,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
{
- return CALLS4(SignEncryptUpdate, part, part_len,
- encrypted_part, encrypted_part_len);
+ return CALLS4 (SignEncryptUpdate, part, part_len,
+ encrypted_part, encrypted_part_len);
}
-ck_rv_t pakchois_decrypt_verify_update(pakchois_session_t * sess,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len)
+ck_rv_t
+pakchois_decrypt_verify_update (pakchois_session_t * sess,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
{
- return CALLS4(DecryptVerifyUpdate, encrypted_part,
- encrypted_part_len, part, part_len);
+ return CALLS4 (DecryptVerifyUpdate, encrypted_part,
+ encrypted_part_len, part, part_len);
}
-ck_rv_t pakchois_generate_key(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- struct ck_attribute * templ,
- unsigned long count,
- ck_object_handle_t * key)
+ck_rv_t
+pakchois_generate_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * key)
{
- return CALLS4(GenerateKey, mechanism, templ, count, key);
+ return CALLS4 (GenerateKey, mechanism, templ, count, key);
}
-ck_rv_t pakchois_generate_key_pair(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- struct ck_attribute *
- public_key_template,
- unsigned long
- public_key_attribute_count,
- struct ck_attribute *
- private_key_template,
- unsigned long
- private_key_attribute_count,
- ck_object_handle_t * public_key,
- ck_object_handle_t * private_key)
+ck_rv_t
+pakchois_generate_key_pair (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute *
+ public_key_template,
+ unsigned long
+ public_key_attribute_count,
+ struct ck_attribute *
+ private_key_template,
+ unsigned long
+ private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key)
{
- return CALLS7(GenerateKeyPair, mechanism,
- public_key_template, public_key_attribute_count,
- private_key_template, private_key_attribute_count,
- public_key, private_key);
+ return CALLS7 (GenerateKeyPair, mechanism,
+ public_key_template, public_key_attribute_count,
+ private_key_template, private_key_attribute_count,
+ public_key, private_key);
}
-ck_rv_t pakchois_wrap_key(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t wrapping_key,
- ck_object_handle_t key,
- unsigned char *wrapped_key,
- unsigned long *wrapped_key_len)
+ck_rv_t
+pakchois_wrap_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key, unsigned long *wrapped_key_len)
{
- return CALLS5(WrapKey, mechanism, wrapping_key,
- key, wrapped_key, wrapped_key_len);
+ return CALLS5 (WrapKey, mechanism, wrapping_key,
+ key, wrapped_key, wrapped_key_len);
}
-ck_rv_t pakchois_unwrap_key(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t unwrapping_key,
- unsigned char *wrapped_key,
- unsigned long wrapped_key_len,
- struct ck_attribute * templ,
- unsigned long attribute_count,
- ck_object_handle_t * key)
+ck_rv_t
+pakchois_unwrap_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute * templ,
+ unsigned long attribute_count, ck_object_handle_t * key)
{
- return CALLS7(UnwrapKey, mechanism, unwrapping_key,
- wrapped_key, wrapped_key_len, templ, attribute_count,
- key);
+ return CALLS7 (UnwrapKey, mechanism, unwrapping_key,
+ wrapped_key, wrapped_key_len, templ, attribute_count, key);
}
-ck_rv_t pakchois_derive_key(pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t base_key,
- struct ck_attribute * templ,
- unsigned long attribute_count,
- ck_object_handle_t * key)
+ck_rv_t
+pakchois_derive_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute * templ,
+ unsigned long attribute_count, ck_object_handle_t * key)
{
- return CALLS5(DeriveKey, mechanism, base_key, templ,
- attribute_count, key);
+ return CALLS5 (DeriveKey, mechanism, base_key, templ, attribute_count, key);
}
-ck_rv_t pakchois_seed_random(pakchois_session_t * sess,
- unsigned char *seed, unsigned long seed_len)
+ck_rv_t
+pakchois_seed_random (pakchois_session_t * sess,
+ unsigned char *seed, unsigned long seed_len)
{
- return CALLS2(SeedRandom, seed, seed_len);
+ return CALLS2 (SeedRandom, seed, seed_len);
}
-ck_rv_t pakchois_generate_random(pakchois_session_t * sess,
- unsigned char *random_data,
- unsigned long random_len)
+ck_rv_t
+pakchois_generate_random (pakchois_session_t * sess,
+ unsigned char *random_data,
+ unsigned long random_len)
{
- return CALLS2(GenerateRandom, random_data, random_len);
+ return CALLS2 (GenerateRandom, random_data, random_len);
}
diff --git a/lib/pakchois/pakchois.h b/lib/pakchois/pakchois.h
index eaee4bd524..e4b67b2577 100644
--- a/lib/pakchois/pakchois.h
+++ b/lib/pakchois/pakchois.h
@@ -65,39 +65,40 @@ typedef struct pakchois_session_s pakchois_session_t;
* "gnome-keyring"). Returns CKR_OK on success. Any module of given
* name may be safely loaded multiple times within an application; the
* underlying PKCS#11 provider will be loaded only once. */
-ck_rv_t pakchois_module_load(pakchois_module_t **module, const char *name);
+ck_rv_t pakchois_module_load (pakchois_module_t ** module, const char *name);
/* Load a PKCS#11 module by absolute file name (for example "/lib/opensc-pkcs.so"
* Returns CKR_OK on success. Any module of given name may be safely loaded
* multiple times within an application; the underlying PKCS#11 provider will
* be loaded only once. */
-ck_rv_t pakchois_module_load_abs(pakchois_module_t **module, const char *name);
+ck_rv_t pakchois_module_load_abs (pakchois_module_t ** module,
+ const char *name);
/* Load an NSS "softokn" which violates the PKCS#11 standard in
* initialization, with given name (e.g. "softokn3"). The directory
* in which the NSS database resides must be specified; the other
* arguments may be NULL to use defaults. Returns CKR_OK on
* success. */
-ck_rv_t pakchois_module_nssload(pakchois_module_t **module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix,
- const char *secmod_db);
-
-ck_rv_t pakchois_module_nssload_abs(pakchois_module_t **module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix,
- const char *secmod_db);
+ck_rv_t pakchois_module_nssload (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix,
+ const char *secmod_db);
+
+ck_rv_t pakchois_module_nssload_abs (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix,
+ const char *secmod_db);
/* Destroy a PKCS#11 module. */
-void pakchois_module_destroy(pakchois_module_t *module);
+void pakchois_module_destroy (pakchois_module_t * module);
/* Return the error string corresponding to the given return value.
* Never returns NULL. */
-const char *pakchois_error(ck_rv_t rv);
+const char *pakchois_error (ck_rv_t rv);
/* All following interfaces model the PKCS#11 equivalents, without the
camel-cased naming convention. The PKCS#11 specification has
@@ -131,244 +132,247 @@ const char *pakchois_error(ck_rv_t rv);
concurrently from separate threads, undefined behavioure results.
*/
-ck_rv_t pakchois_get_info(pakchois_module_t *module, struct ck_info *info);
+ck_rv_t pakchois_get_info (pakchois_module_t * module, struct ck_info *info);
-ck_rv_t pakchois_get_slot_list(pakchois_module_t *module,
- unsigned char token_present,
- ck_slot_id_t *slot_list,
- unsigned long *count);
+ck_rv_t pakchois_get_slot_list (pakchois_module_t * module,
+ unsigned char token_present,
+ ck_slot_id_t * slot_list,
+ unsigned long *count);
-ck_rv_t pakchois_get_slot_info(pakchois_module_t *module,
- ck_slot_id_t slot_id,
- struct ck_slot_info *info);
-
-ck_rv_t pakchois_get_token_info(pakchois_module_t *module,
+ck_rv_t pakchois_get_slot_info (pakchois_module_t * module,
ck_slot_id_t slot_id,
- struct ck_token_info *info);
-
-ck_rv_t pakchois_wait_for_slot_event(pakchois_module_t *module,
- ck_flags_t flags, ck_slot_id_t *slot,
- void *reserved);
-
-ck_rv_t pakchois_get_mechanism_list(pakchois_module_t *module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t *mechanism_list,
- unsigned long *count);
-
-ck_rv_t pakchois_get_mechanism_info(pakchois_module_t *module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t type,
- struct ck_mechanism_info *info);
-
-ck_rv_t pakchois_init_token(pakchois_module_t *module,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label);
-
-ck_rv_t pakchois_init_pin(pakchois_session_t *session, unsigned char *pin,
- unsigned long pin_len);
-
-ck_rv_t pakchois_set_pin(pakchois_session_t *session, unsigned char *old_pin,
- unsigned long old_len, unsigned char *new_pin,
- unsigned long new_len);
-
-typedef ck_rv_t (*pakchois_notify_t) (pakchois_session_t *sess,
- ck_notification_t event,
- void *application);
-
-ck_rv_t pakchois_open_session(pakchois_module_t *module,
- ck_slot_id_t slot_id, ck_flags_t flags,
- void *application, pakchois_notify_t notify,
- pakchois_session_t **session);
-
-ck_rv_t pakchois_close_session(pakchois_session_t *session);
-
-ck_rv_t pakchois_close_all_sessions(pakchois_module_t *module,
- ck_slot_id_t slot_id);
-
-ck_rv_t pakchois_get_session_info(pakchois_session_t *session,
- struct ck_session_info *info);
-ck_rv_t pakchois_get_operation_state(pakchois_session_t *session,
- unsigned char *operation_state,
- unsigned long *operation_state_len);
-ck_rv_t pakchois_set_operation_state(pakchois_session_t *session,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
- ck_object_handle_t authentiation_key);
-
-ck_rv_t pakchois_login(pakchois_session_t *session, ck_user_type_t user_type,
- unsigned char *pin, unsigned long pin_len);
-ck_rv_t pakchois_logout(pakchois_session_t *session);
-
-ck_rv_t pakchois_create_object(pakchois_session_t *session,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t *object);
-ck_rv_t pakchois_copy_object(pakchois_session_t *session,
- ck_object_handle_t object,
- struct ck_attribute *templ, unsigned long count,
- ck_object_handle_t *new_object);
-ck_rv_t pakchois_destroy_object(pakchois_session_t *session,
- ck_object_handle_t object);
-ck_rv_t pakchois_get_object_size(pakchois_session_t *session,
- ck_object_handle_t object,
- unsigned long *size);
-
-ck_rv_t pakchois_get_attribute_value(pakchois_session_t *session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count);
-ck_rv_t pakchois_set_attribute_value(pakchois_session_t *session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count);
-ck_rv_t pakchois_find_objects_init(pakchois_session_t *session,
- struct ck_attribute *templ,
- unsigned long count);
-ck_rv_t pakchois_find_objects(pakchois_session_t *session,
- ck_object_handle_t *object,
- unsigned long max_object_count,
- unsigned long *object_count);
-ck_rv_t pakchois_find_objects_final(pakchois_session_t *session);
-
-ck_rv_t pakchois_encrypt_init(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
-ck_rv_t pakchois_encrypt(pakchois_session_t *session,
- unsigned char *data, unsigned long data_len,
- unsigned char *encrypted_data,
- unsigned long *encrypted_data_len);
-ck_rv_t pakchois_encrypt_update(pakchois_session_t *session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len);
-ck_rv_t pakchois_encrypt_final(pakchois_session_t *session,
- unsigned char *last_encrypted_part,
- unsigned long *last_encrypted_part_len);
-
-ck_rv_t pakchois_decrypt_init(pakchois_session_t *session,
+ struct ck_slot_info *info);
+
+ck_rv_t pakchois_get_token_info (pakchois_module_t * module,
+ ck_slot_id_t slot_id,
+ struct ck_token_info *info);
+
+ck_rv_t pakchois_wait_for_slot_event (pakchois_module_t * module,
+ ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved);
+
+ck_rv_t pakchois_get_mechanism_list (pakchois_module_t * module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count);
+
+ck_rv_t pakchois_get_mechanism_info (pakchois_module_t * module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t type,
+ struct ck_mechanism_info *info);
+
+ck_rv_t pakchois_init_token (pakchois_module_t * module,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label);
+
+ck_rv_t pakchois_init_pin (pakchois_session_t * session, unsigned char *pin,
+ unsigned long pin_len);
+
+ck_rv_t pakchois_set_pin (pakchois_session_t * session,
+ unsigned char *old_pin, unsigned long old_len,
+ unsigned char *new_pin, unsigned long new_len);
+
+typedef ck_rv_t (*pakchois_notify_t) (pakchois_session_t * sess,
+ ck_notification_t event,
+ void *application);
+
+ck_rv_t pakchois_open_session (pakchois_module_t * module,
+ ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, pakchois_notify_t notify,
+ pakchois_session_t ** session);
+
+ck_rv_t pakchois_close_session (pakchois_session_t * session);
+
+ck_rv_t pakchois_close_all_sessions (pakchois_module_t * module,
+ ck_slot_id_t slot_id);
+
+ck_rv_t pakchois_get_session_info (pakchois_session_t * session,
+ struct ck_session_info *info);
+ck_rv_t pakchois_get_operation_state (pakchois_session_t * session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len);
+ck_rv_t pakchois_set_operation_state (pakchois_session_t * session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key);
+
+ck_rv_t pakchois_login (pakchois_session_t * session,
+ ck_user_type_t user_type, unsigned char *pin,
+ unsigned long pin_len);
+ck_rv_t pakchois_logout (pakchois_session_t * session);
+
+ck_rv_t pakchois_create_object (pakchois_session_t * session,
+ struct ck_attribute *templ,
+ unsigned long count,
+ ck_object_handle_t * object);
+ck_rv_t pakchois_copy_object (pakchois_session_t * session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ, unsigned long count,
+ ck_object_handle_t * new_object);
+ck_rv_t pakchois_destroy_object (pakchois_session_t * session,
+ ck_object_handle_t object);
+ck_rv_t pakchois_get_object_size (pakchois_session_t * session,
+ ck_object_handle_t object,
+ unsigned long *size);
+
+ck_rv_t pakchois_get_attribute_value (pakchois_session_t * session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
+ck_rv_t pakchois_set_attribute_value (pakchois_session_t * session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
+ck_rv_t pakchois_find_objects_init (pakchois_session_t * session,
+ struct ck_attribute *templ,
+ unsigned long count);
+ck_rv_t pakchois_find_objects (pakchois_session_t * session,
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count);
+ck_rv_t pakchois_find_objects_final (pakchois_session_t * session);
+
+ck_rv_t pakchois_encrypt_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_encrypt (pakchois_session_t * session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len);
+ck_rv_t pakchois_encrypt_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
+ck_rv_t pakchois_encrypt_final (pakchois_session_t * session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len);
+
+ck_rv_t pakchois_decrypt_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_decrypt (pakchois_session_t * session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len);
+ck_rv_t pakchois_decrypt_update (pakchois_session_t * session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
+ck_rv_t pakchois_decrypt_final (pakchois_session_t * session,
+ unsigned char *last_part,
+ unsigned long *last_part_len);
+ck_rv_t pakchois_digest_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism);
+ck_rv_t pakchois_digest (pakchois_session_t * session, unsigned char *data,
+ unsigned long data_len, unsigned char *digest,
+ unsigned long *digest_len);
+ck_rv_t pakchois_digest_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len);
+ck_rv_t pakchois_digest_key (pakchois_session_t * session,
+ ck_object_handle_t key);
+ck_rv_t pakchois_digest_final (pakchois_session_t * session,
+ unsigned char *digest,
+ unsigned long *digest_len);
+
+ck_rv_t pakchois_sign_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_sign (pakchois_session_t * session, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long *signature_len);
+ck_rv_t pakchois_sign_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len);
+ck_rv_t pakchois_sign_final (pakchois_session_t * session,
+ unsigned char *signature,
+ unsigned long *signature_len);
+ck_rv_t pakchois_sign_recover_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_sign_recover (pakchois_session_t * session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len);
+
+ck_rv_t pakchois_verify_init (pakchois_session_t * session,
struct ck_mechanism *mechanism,
ck_object_handle_t key);
-ck_rv_t pakchois_decrypt(pakchois_session_t *session,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len);
-ck_rv_t pakchois_decrypt_update(pakchois_session_t *session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len);
-ck_rv_t pakchois_decrypt_final(pakchois_session_t *session,
- unsigned char *last_part,
- unsigned long *last_part_len);
-ck_rv_t pakchois_digest_init(pakchois_session_t *session,
- struct ck_mechanism *mechanism);
-ck_rv_t pakchois_digest(pakchois_session_t *session, unsigned char *data,
- unsigned long data_len, unsigned char *digest,
- unsigned long *digest_len);
-ck_rv_t pakchois_digest_update(pakchois_session_t *session,
- unsigned char *part, unsigned long part_len);
-ck_rv_t pakchois_digest_key(pakchois_session_t *session,
- ck_object_handle_t key);
-ck_rv_t pakchois_digest_final(pakchois_session_t *session,
- unsigned char *digest,
- unsigned long *digest_len);
-
-ck_rv_t pakchois_sign_init(pakchois_session_t *session,
+ck_rv_t pakchois_verify (pakchois_session_t * session, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long signature_len);
+ck_rv_t pakchois_verify_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len);
+ck_rv_t pakchois_verify_final (pakchois_session_t * session,
+ unsigned char *signature,
+ unsigned long signature_len);
+ck_rv_t pakchois_verify_recover_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_verify_recover (pakchois_session_t * session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data,
+ unsigned long *data_len);
+
+ck_rv_t pakchois_digest_encrypt_update (pakchois_session_t * session,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
+ck_rv_t pakchois_decrypt_digest_update (pakchois_session_t * session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
+ck_rv_t pakchois_sign_encrypt_update (pakchois_session_t * session,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
+ck_rv_t pakchois_decrypt_verify_update (pakchois_session_t * session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
+
+ck_rv_t pakchois_generate_key (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t * key);
+ck_rv_t pakchois_generate_key_pair (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute *private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key);
+
+ck_rv_t pakchois_wrap_key (pakchois_session_t * session,
struct ck_mechanism *mechanism,
- ck_object_handle_t key);
-ck_rv_t pakchois_sign(pakchois_session_t *session, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long *signature_len);
-ck_rv_t pakchois_sign_update(pakchois_session_t *session,
- unsigned char *part, unsigned long part_len);
-ck_rv_t pakchois_sign_final(pakchois_session_t *session,
- unsigned char *signature,
- unsigned long *signature_len);
-ck_rv_t pakchois_sign_recover_init(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
-ck_rv_t pakchois_sign_recover(pakchois_session_t *session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len);
-
-ck_rv_t pakchois_verify_init(pakchois_session_t *session,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key, unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len);
+ck_rv_t pakchois_unwrap_key (pakchois_session_t * session,
struct ck_mechanism *mechanism,
- ck_object_handle_t key);
-ck_rv_t pakchois_verify(pakchois_session_t *session, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long signature_len);
-ck_rv_t pakchois_verify_update(pakchois_session_t *session,
- unsigned char *part, unsigned long part_len);
-ck_rv_t pakchois_verify_final(pakchois_session_t *session,
- unsigned char *signature,
- unsigned long signature_len);
-ck_rv_t pakchois_verify_recover_init(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
-ck_rv_t pakchois_verify_recover(pakchois_session_t *session,
- unsigned char *signature,
- unsigned long signature_len,
- unsigned char *data, unsigned long *data_len);
-
-ck_rv_t pakchois_digest_encrypt_update(pakchois_session_t *session,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len);
-ck_rv_t pakchois_decrypt_digest_update(pakchois_session_t *session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len);
-ck_rv_t pakchois_sign_encrypt_update(pakchois_session_t *session,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len);
-ck_rv_t pakchois_decrypt_verify_update(pakchois_session_t *session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len);
-
-ck_rv_t pakchois_generate_key(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *templ,
- unsigned long count, ck_object_handle_t *key);
-ck_rv_t pakchois_generate_key_pair(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *public_key_template,
- unsigned long public_key_attribute_count,
- struct ck_attribute *private_key_template,
- unsigned long private_key_attribute_count,
- ck_object_handle_t *public_key,
- ck_object_handle_t *private_key);
-
-ck_rv_t pakchois_wrap_key(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t wrapping_key,
- ck_object_handle_t key, unsigned char *wrapped_key,
- unsigned long *wrapped_key_len);
-ck_rv_t pakchois_unwrap_key(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t unwrapping_key,
- unsigned char *wrapped_key,
- unsigned long wrapped_key_len,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t *key);
-ck_rv_t pakchois_derive_key(pakchois_session_t *session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t base_key,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t *key);
-
-ck_rv_t pakchois_seed_random(pakchois_session_t *session,
- unsigned char *seed, unsigned long seed_len);
-ck_rv_t pakchois_generate_random(pakchois_session_t *session,
- unsigned char *random_data,
- unsigned long random_len);
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key);
+ck_rv_t pakchois_derive_key (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key);
+
+ck_rv_t pakchois_seed_random (pakchois_session_t * session,
+ unsigned char *seed, unsigned long seed_len);
+ck_rv_t pakchois_generate_random (pakchois_session_t * session,
+ unsigned char *random_data,
+ unsigned long random_len);
#endif /* PAKCHOIS_H */
diff --git a/lib/pakchois/pakchois11.h b/lib/pakchois/pakchois11.h
index 2e6a1e3ed3..e5056ce2d5 100644
--- a/lib/pakchois/pakchois11.h
+++ b/lib/pakchois/pakchois11.h
@@ -54,7 +54,8 @@
#define PKCS11_H 1
#if defined(__cplusplus)
-extern "C" {
+extern "C"
+{
#endif
@@ -94,8 +95,8 @@ extern "C" {
#define CK_SPEC
#endif
-
+
#ifdef CRYPTOKI_COMPAT
/* If we are in compatibility mode, switch all exposed names to the
PKCS #11 variant. There are corresponding #undefs below. */
@@ -179,45 +180,45 @@ extern "C" {
#define unlock_mutex UnlockMutex
#define reserved pReserved
-#endif /* CRYPTOKI_COMPAT */
-
+#endif /* CRYPTOKI_COMPAT */
-typedef unsigned long ck_flags_t;
-struct ck_version
-{
- unsigned char major;
- unsigned char minor;
-};
+ typedef unsigned long ck_flags_t;
+ struct ck_version
+ {
+ unsigned char major;
+ unsigned char minor;
+ };
-struct ck_info
-{
- struct ck_version cryptoki_version;
- unsigned char manufacturer_id[32];
- ck_flags_t flags;
- unsigned char library_description[32];
- struct ck_version library_version;
-};
+
+ struct ck_info
+ {
+ struct ck_version cryptoki_version;
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ unsigned char library_description[32];
+ struct ck_version library_version;
+ };
-typedef unsigned long ck_notification_t;
+ typedef unsigned long ck_notification_t;
#define CKN_SURRENDER (0)
-typedef unsigned long ck_slot_id_t;
+ typedef unsigned long ck_slot_id_t;
-struct ck_slot_info
-{
- unsigned char slot_description[64];
- unsigned char manufacturer_id[32];
- ck_flags_t flags;
- struct ck_version hardware_version;
- struct ck_version firmware_version;
-};
+ struct ck_slot_info
+ {
+ unsigned char slot_description[64];
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ };
#define CKF_TOKEN_PRESENT (1 << 0)
@@ -226,27 +227,27 @@ struct ck_slot_info
#define CKF_ARRAY_ATTRIBUTE (1 << 30)
-struct ck_token_info
-{
- unsigned char label[32];
- unsigned char manufacturer_id[32];
- unsigned char model[16];
- unsigned char serial_number[16];
- ck_flags_t flags;
- unsigned long max_session_count;
- unsigned long session_count;
- unsigned long max_rw_session_count;
- unsigned long rw_session_count;
- unsigned long max_pin_len;
- unsigned long min_pin_len;
- unsigned long total_public_memory;
- unsigned long free_public_memory;
- unsigned long total_private_memory;
- unsigned long free_private_memory;
- struct ck_version hardware_version;
- struct ck_version firmware_version;
- unsigned char utc_time[16];
-};
+ struct ck_token_info
+ {
+ unsigned char label[32];
+ unsigned char manufacturer_id[32];
+ unsigned char model[16];
+ unsigned char serial_number[16];
+ ck_flags_t flags;
+ unsigned long max_session_count;
+ unsigned long session_count;
+ unsigned long max_rw_session_count;
+ unsigned long rw_session_count;
+ unsigned long max_pin_len;
+ unsigned long min_pin_len;
+ unsigned long total_public_memory;
+ unsigned long free_public_memory;
+ unsigned long total_private_memory;
+ unsigned long free_private_memory;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ unsigned char utc_time[16];
+ };
#define CKF_RNG (1 << 0)
@@ -272,19 +273,19 @@ struct ck_token_info
#define CK_EFFECTIVELY_INFINITE (0)
-typedef unsigned long ck_session_handle_t;
+ typedef unsigned long ck_session_handle_t;
#define CK_INVALID_HANDLE (0)
-typedef unsigned long ck_user_type_t;
+ typedef unsigned long ck_user_type_t;
#define CKU_SO (0)
#define CKU_USER (1)
#define CKU_CONTEXT_SPECIFIC (2)
-typedef unsigned long ck_state_t;
+ typedef unsigned long ck_state_t;
#define CKS_RO_PUBLIC_SESSION (0)
#define CKS_RO_USER_FUNCTIONS (1)
@@ -293,22 +294,22 @@ typedef unsigned long ck_state_t;
#define CKS_RW_SO_FUNCTIONS (4)
-struct ck_session_info
-{
- ck_slot_id_t slot_id;
- ck_state_t state;
- ck_flags_t flags;
- unsigned long device_error;
-};
+ struct ck_session_info
+ {
+ ck_slot_id_t slot_id;
+ ck_state_t state;
+ ck_flags_t flags;
+ unsigned long device_error;
+ };
#define CKF_RW_SESSION (1 << 1)
#define CKF_SERIAL_SESSION (1 << 2)
-typedef unsigned long ck_object_handle_t;
+ typedef unsigned long ck_object_handle_t;
-typedef unsigned long ck_object_class_t;
+ typedef unsigned long ck_object_class_t;
#define CKO_DATA (0)
#define CKO_CERTIFICATE (1)
@@ -321,7 +322,7 @@ typedef unsigned long ck_object_class_t;
#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
-typedef unsigned long ck_hw_feature_type_t;
+ typedef unsigned long ck_hw_feature_type_t;
#define CKH_MONOTONIC_COUNTER (1)
#define CKH_CLOCK (2)
@@ -329,7 +330,7 @@ typedef unsigned long ck_hw_feature_type_t;
#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
-typedef unsigned long ck_key_type_t;
+ typedef unsigned long ck_key_type_t;
#define CKK_RSA (0)
#define CKK_DSA (1)
@@ -359,7 +360,7 @@ typedef unsigned long ck_key_type_t;
#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
-typedef unsigned long ck_certificate_type_t;
+ typedef unsigned long ck_certificate_type_t;
#define CKC_X_509 (0)
#define CKC_X_509_ATTR_CERT (1)
@@ -367,7 +368,7 @@ typedef unsigned long ck_certificate_type_t;
#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
-typedef unsigned long ck_attribute_type_t;
+ typedef unsigned long ck_attribute_type_t;
#define CKA_CLASS (0)
#define CKA_TOKEN (1)
@@ -456,23 +457,23 @@ typedef unsigned long ck_attribute_type_t;
#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
-struct ck_attribute
-{
- ck_attribute_type_t type;
- void *value;
- unsigned long value_len;
-};
+ struct ck_attribute
+ {
+ ck_attribute_type_t type;
+ void *value;
+ unsigned long value_len;
+ };
-struct ck_date
-{
- unsigned char year[4];
- unsigned char month[2];
- unsigned char day[2];
-};
+ struct ck_date
+ {
+ unsigned char year[4];
+ unsigned char month[2];
+ unsigned char day[2];
+ };
-typedef unsigned long ck_mechanism_type_t;
+ typedef unsigned long ck_mechanism_type_t;
#define CKM_RSA_PKCS_KEY_PAIR_GEN (0)
#define CKM_RSA_PKCS (1)
@@ -675,20 +676,20 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
-struct ck_mechanism
-{
- ck_mechanism_type_t mechanism;
- void *parameter;
- unsigned long parameter_len;
-};
+ struct ck_mechanism
+ {
+ ck_mechanism_type_t mechanism;
+ void *parameter;
+ unsigned long parameter_len;
+ };
-struct ck_mechanism_info
-{
- unsigned long min_key_size;
- unsigned long max_key_size;
- ck_flags_t flags;
-};
+ struct ck_mechanism_info
+ {
+ unsigned long min_key_size;
+ unsigned long max_key_size;
+ ck_flags_t flags;
+ };
#define CKF_HW (1 << 0)
#define CKF_ENCRYPT (1 << 8)
@@ -710,385 +711,379 @@ struct ck_mechanism_info
#define CKF_DONT_BLOCK (1)
-typedef unsigned long ck_rv_t;
+ typedef unsigned long ck_rv_t;
-typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
- ck_notification_t event, void *application);
+ typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+ ck_notification_t event, void *application);
/* Forward reference. */
-struct ck_function_list;
+ struct ck_function_list;
#define _CK_DECLARE_FUNCTION(name, args) \
typedef ck_rv_t (*CK_ ## name) args; \
ck_rv_t CK_SPEC name args
-_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
-_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
-_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
-_CK_DECLARE_FUNCTION (C_GetFunctionList,
- (struct ck_function_list **function_list));
-
-_CK_DECLARE_FUNCTION (C_GetSlotList,
- (unsigned char token_present, ck_slot_id_t *slot_list,
- unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetSlotInfo,
- (ck_slot_id_t slot_id, struct ck_slot_info *info));
-_CK_DECLARE_FUNCTION (C_GetTokenInfo,
- (ck_slot_id_t slot_id, struct ck_token_info *info));
-_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
- (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
-_CK_DECLARE_FUNCTION (C_GetMechanismList,
- (ck_slot_id_t slot_id,
- ck_mechanism_type_t *mechanism_list,
- unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
- (ck_slot_id_t slot_id, ck_mechanism_type_t type,
- struct ck_mechanism_info *info));
-_CK_DECLARE_FUNCTION (C_InitToken,
- (ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label));
-_CK_DECLARE_FUNCTION (C_InitPIN,
- (ck_session_handle_t session, unsigned char *pin,
- unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_SetPIN,
- (ck_session_handle_t session, unsigned char *old_pin,
- unsigned long old_len, unsigned char *new_pin,
- unsigned long new_len));
-
-_CK_DECLARE_FUNCTION (C_OpenSession,
- (ck_slot_id_t slot_id, ck_flags_t flags,
- void *application, ck_notify_t notify,
- ck_session_handle_t *session));
-_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
-_CK_DECLARE_FUNCTION (C_GetSessionInfo,
- (ck_session_handle_t session,
- struct ck_session_info *info));
-_CK_DECLARE_FUNCTION (C_GetOperationState,
- (ck_session_handle_t session,
- unsigned char *operation_state,
- unsigned long *operation_state_len));
-_CK_DECLARE_FUNCTION (C_SetOperationState,
- (ck_session_handle_t session,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
- ck_object_handle_t authentiation_key));
-_CK_DECLARE_FUNCTION (C_Login,
- (ck_session_handle_t session, ck_user_type_t user_type,
- unsigned char *pin, unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_CreateObject,
- (ck_session_handle_t session,
- struct ck_attribute *templ,
- unsigned long count, ck_object_handle_t *object));
-_CK_DECLARE_FUNCTION (C_CopyObject,
- (ck_session_handle_t session, ck_object_handle_t object,
- struct ck_attribute *templ, unsigned long count,
- ck_object_handle_t *new_object));
-_CK_DECLARE_FUNCTION (C_DestroyObject,
- (ck_session_handle_t session,
- ck_object_handle_t object));
-_CK_DECLARE_FUNCTION (C_GetObjectSize,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- unsigned long *size));
-_CK_DECLARE_FUNCTION (C_GetAttributeValue,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count));
-_CK_DECLARE_FUNCTION (C_SetAttributeValue,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjectsInit,
- (ck_session_handle_t session,
- struct ck_attribute *templ,
- unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjects,
- (ck_session_handle_t session,
- ck_object_handle_t *object,
- unsigned long max_object_count,
- unsigned long *object_count));
-_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
- (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_EncryptInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Encrypt,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *encrypted_data,
- unsigned long *encrypted_data_len));
-_CK_DECLARE_FUNCTION (C_EncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_EncryptFinal,
- (ck_session_handle_t session,
- unsigned char *last_encrypted_part,
- unsigned long *last_encrypted_part_len));
-
-_CK_DECLARE_FUNCTION (C_DecryptInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Decrypt,
- (ck_session_handle_t session,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len));
-_CK_DECLARE_FUNCTION (C_DecryptUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_DecryptFinal,
- (ck_session_handle_t session,
- unsigned char *last_part,
- unsigned long *last_part_len));
-
-_CK_DECLARE_FUNCTION (C_DigestInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism));
-_CK_DECLARE_FUNCTION (C_Digest,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *digest,
- unsigned long *digest_len));
-_CK_DECLARE_FUNCTION (C_DigestUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_DigestKey,
- (ck_session_handle_t session, ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_DigestFinal,
- (ck_session_handle_t session,
- unsigned char *digest,
- unsigned long *digest_len));
-
-_CK_DECLARE_FUNCTION (C_SignInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Sign,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_SignFinal,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignRecoverInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_SignRecover,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len));
-
-_CK_DECLARE_FUNCTION (C_VerifyInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Verify,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_VerifyFinal,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_VerifyRecover,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long signature_len,
- unsigned char *data,
- unsigned long *data_len));
-
-_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len));
-
-_CK_DECLARE_FUNCTION (C_GenerateKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *public_key_template,
- unsigned long public_key_attribute_count,
- struct ck_attribute *private_key_template,
- unsigned long private_key_attribute_count,
- ck_object_handle_t *public_key,
- ck_object_handle_t *private_key));
-_CK_DECLARE_FUNCTION (C_WrapKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t wrapping_key,
- ck_object_handle_t key,
- unsigned char *wrapped_key,
- unsigned long *wrapped_key_len));
-_CK_DECLARE_FUNCTION (C_UnwrapKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t unwrapping_key,
- unsigned char *wrapped_key,
- unsigned long wrapped_key_len,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_DeriveKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t base_key,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t *key));
-
-_CK_DECLARE_FUNCTION (C_SeedRandom,
- (ck_session_handle_t session, unsigned char *seed,
- unsigned long seed_len));
-_CK_DECLARE_FUNCTION (C_GenerateRandom,
- (ck_session_handle_t session,
- unsigned char *random_data,
- unsigned long random_len));
-
-_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
-
-
-struct ck_function_list
-{
- struct ck_version version;
- CK_C_Initialize C_Initialize;
- CK_C_Finalize C_Finalize;
- CK_C_GetInfo C_GetInfo;
- CK_C_GetFunctionList C_GetFunctionList;
- CK_C_GetSlotList C_GetSlotList;
- CK_C_GetSlotInfo C_GetSlotInfo;
- CK_C_GetTokenInfo C_GetTokenInfo;
- CK_C_GetMechanismList C_GetMechanismList;
- CK_C_GetMechanismInfo C_GetMechanismInfo;
- CK_C_InitToken C_InitToken;
- CK_C_InitPIN C_InitPIN;
- CK_C_SetPIN C_SetPIN;
- CK_C_OpenSession C_OpenSession;
- CK_C_CloseSession C_CloseSession;
- CK_C_CloseAllSessions C_CloseAllSessions;
- CK_C_GetSessionInfo C_GetSessionInfo;
- CK_C_GetOperationState C_GetOperationState;
- CK_C_SetOperationState C_SetOperationState;
- CK_C_Login C_Login;
- CK_C_Logout C_Logout;
- CK_C_CreateObject C_CreateObject;
- CK_C_CopyObject C_CopyObject;
- CK_C_DestroyObject C_DestroyObject;
- CK_C_GetObjectSize C_GetObjectSize;
- CK_C_GetAttributeValue C_GetAttributeValue;
- CK_C_SetAttributeValue C_SetAttributeValue;
- CK_C_FindObjectsInit C_FindObjectsInit;
- CK_C_FindObjects C_FindObjects;
- CK_C_FindObjectsFinal C_FindObjectsFinal;
- CK_C_EncryptInit C_EncryptInit;
- CK_C_Encrypt C_Encrypt;
- CK_C_EncryptUpdate C_EncryptUpdate;
- CK_C_EncryptFinal C_EncryptFinal;
- CK_C_DecryptInit C_DecryptInit;
- CK_C_Decrypt C_Decrypt;
- CK_C_DecryptUpdate C_DecryptUpdate;
- CK_C_DecryptFinal C_DecryptFinal;
- CK_C_DigestInit C_DigestInit;
- CK_C_Digest C_Digest;
- CK_C_DigestUpdate C_DigestUpdate;
- CK_C_DigestKey C_DigestKey;
- CK_C_DigestFinal C_DigestFinal;
- CK_C_SignInit C_SignInit;
- CK_C_Sign C_Sign;
- CK_C_SignUpdate C_SignUpdate;
- CK_C_SignFinal C_SignFinal;
- CK_C_SignRecoverInit C_SignRecoverInit;
- CK_C_SignRecover C_SignRecover;
- CK_C_VerifyInit C_VerifyInit;
- CK_C_Verify C_Verify;
- CK_C_VerifyUpdate C_VerifyUpdate;
- CK_C_VerifyFinal C_VerifyFinal;
- CK_C_VerifyRecoverInit C_VerifyRecoverInit;
- CK_C_VerifyRecover C_VerifyRecover;
- CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
- CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
- CK_C_SignEncryptUpdate C_SignEncryptUpdate;
- CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
- CK_C_GenerateKey C_GenerateKey;
- CK_C_GenerateKeyPair C_GenerateKeyPair;
- CK_C_WrapKey C_WrapKey;
- CK_C_UnwrapKey C_UnwrapKey;
- CK_C_DeriveKey C_DeriveKey;
- CK_C_SeedRandom C_SeedRandom;
- CK_C_GenerateRandom C_GenerateRandom;
- CK_C_GetFunctionStatus C_GetFunctionStatus;
- CK_C_CancelFunction C_CancelFunction;
- CK_C_WaitForSlotEvent C_WaitForSlotEvent;
-};
-
-
-typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
-typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
-typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
-typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
-
-
-struct ck_c_initialize_args
-{
- ck_createmutex_t create_mutex;
- ck_destroymutex_t destroy_mutex;
- ck_lockmutex_t lock_mutex;
- ck_unlockmutex_t unlock_mutex;
- ck_flags_t flags;
- void *reserved;
-};
+ _CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
+ _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
+ _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info * info));
+ _CK_DECLARE_FUNCTION (C_GetFunctionList,
+ (struct ck_function_list ** function_list));
+
+ _CK_DECLARE_FUNCTION (C_GetSlotList,
+ (unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count));
+ _CK_DECLARE_FUNCTION (C_GetSlotInfo,
+ (ck_slot_id_t slot_id, struct ck_slot_info * info));
+ _CK_DECLARE_FUNCTION (C_GetTokenInfo,
+ (ck_slot_id_t slot_id,
+ struct ck_token_info * info));
+ _CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
+ (ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved));
+ _CK_DECLARE_FUNCTION (C_GetMechanismList,
+ (ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count));
+ _CK_DECLARE_FUNCTION (C_GetMechanismInfo,
+ (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+ struct ck_mechanism_info * info));
+ _CK_DECLARE_FUNCTION (C_InitToken,
+ (ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label));
+ _CK_DECLARE_FUNCTION (C_InitPIN,
+ (ck_session_handle_t session, unsigned char *pin,
+ unsigned long pin_len));
+ _CK_DECLARE_FUNCTION (C_SetPIN,
+ (ck_session_handle_t session,
+ unsigned char *old_pin, unsigned long old_len,
+ unsigned char *new_pin, unsigned long new_len));
+
+ _CK_DECLARE_FUNCTION (C_OpenSession,
+ (ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, ck_notify_t notify,
+ ck_session_handle_t * session));
+ _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
+ _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
+ _CK_DECLARE_FUNCTION (C_GetSessionInfo,
+ (ck_session_handle_t session,
+ struct ck_session_info * info));
+ _CK_DECLARE_FUNCTION (C_GetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len));
+ _CK_DECLARE_FUNCTION (C_SetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key));
+ _CK_DECLARE_FUNCTION (C_Login,
+ (ck_session_handle_t session,
+ ck_user_type_t user_type, unsigned char *pin,
+ unsigned long pin_len));
+ _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
+
+ _CK_DECLARE_FUNCTION (C_CreateObject,
+ (ck_session_handle_t session,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object));
+ _CK_DECLARE_FUNCTION (C_CopyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count,
+ ck_object_handle_t * new_object));
+ _CK_DECLARE_FUNCTION (C_DestroyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object));
+ _CK_DECLARE_FUNCTION (C_GetObjectSize,
+ (ck_session_handle_t session,
+ ck_object_handle_t object, unsigned long *size));
+ _CK_DECLARE_FUNCTION (C_GetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count));
+ _CK_DECLARE_FUNCTION (C_SetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count));
+ _CK_DECLARE_FUNCTION (C_FindObjectsInit,
+ (ck_session_handle_t session,
+ struct ck_attribute * templ, unsigned long count));
+ _CK_DECLARE_FUNCTION (C_FindObjects,
+ (ck_session_handle_t session,
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count));
+ _CK_DECLARE_FUNCTION (C_FindObjectsFinal, (ck_session_handle_t session));
+
+ _CK_DECLARE_FUNCTION (C_EncryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Encrypt,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len));
+ _CK_DECLARE_FUNCTION (C_EncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+ _CK_DECLARE_FUNCTION (C_EncryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len));
+
+ _CK_DECLARE_FUNCTION (C_DecryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Decrypt,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len));
+ _CK_DECLARE_FUNCTION (C_DecryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+ _CK_DECLARE_FUNCTION (C_DecryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_part,
+ unsigned long *last_part_len));
+
+ _CK_DECLARE_FUNCTION (C_DigestInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism));
+ _CK_DECLARE_FUNCTION (C_Digest,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *digest, unsigned long *digest_len));
+ _CK_DECLARE_FUNCTION (C_DigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+ _CK_DECLARE_FUNCTION (C_DigestKey,
+ (ck_session_handle_t session,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_DigestFinal,
+ (ck_session_handle_t session, unsigned char *digest,
+ unsigned long *digest_len));
+
+ _CK_DECLARE_FUNCTION (C_SignInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Sign,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+ _CK_DECLARE_FUNCTION (C_SignUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+ _CK_DECLARE_FUNCTION (C_SignFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long *signature_len));
+ _CK_DECLARE_FUNCTION (C_SignRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_SignRecover,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+
+ _CK_DECLARE_FUNCTION (C_VerifyInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Verify,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long signature_len));
+ _CK_DECLARE_FUNCTION (C_VerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+ _CK_DECLARE_FUNCTION (C_VerifyFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len));
+ _CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_VerifyRecover,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data, unsigned long *data_len));
+
+ _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+ _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+ _CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+ _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+
+ _CK_DECLARE_FUNCTION (C_GenerateKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * key));
+ _CK_DECLARE_FUNCTION (C_GenerateKeyPair,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute * private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key));
+ _CK_DECLARE_FUNCTION (C_WrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len));
+ _CK_DECLARE_FUNCTION (C_UnwrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute * templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key));
+ _CK_DECLARE_FUNCTION (C_DeriveKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute * templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key));
+
+ _CK_DECLARE_FUNCTION (C_SeedRandom,
+ (ck_session_handle_t session, unsigned char *seed,
+ unsigned long seed_len));
+ _CK_DECLARE_FUNCTION (C_GenerateRandom,
+ (ck_session_handle_t session,
+ unsigned char *random_data,
+ unsigned long random_len));
+
+ _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+ _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
+
+ struct ck_function_list
+ {
+ struct ck_version version;
+ CK_C_Initialize C_Initialize;
+ CK_C_Finalize C_Finalize;
+ CK_C_GetInfo C_GetInfo;
+ CK_C_GetFunctionList C_GetFunctionList;
+ CK_C_GetSlotList C_GetSlotList;
+ CK_C_GetSlotInfo C_GetSlotInfo;
+ CK_C_GetTokenInfo C_GetTokenInfo;
+ CK_C_GetMechanismList C_GetMechanismList;
+ CK_C_GetMechanismInfo C_GetMechanismInfo;
+ CK_C_InitToken C_InitToken;
+ CK_C_InitPIN C_InitPIN;
+ CK_C_SetPIN C_SetPIN;
+ CK_C_OpenSession C_OpenSession;
+ CK_C_CloseSession C_CloseSession;
+ CK_C_CloseAllSessions C_CloseAllSessions;
+ CK_C_GetSessionInfo C_GetSessionInfo;
+ CK_C_GetOperationState C_GetOperationState;
+ CK_C_SetOperationState C_SetOperationState;
+ CK_C_Login C_Login;
+ CK_C_Logout C_Logout;
+ CK_C_CreateObject C_CreateObject;
+ CK_C_CopyObject C_CopyObject;
+ CK_C_DestroyObject C_DestroyObject;
+ CK_C_GetObjectSize C_GetObjectSize;
+ CK_C_GetAttributeValue C_GetAttributeValue;
+ CK_C_SetAttributeValue C_SetAttributeValue;
+ CK_C_FindObjectsInit C_FindObjectsInit;
+ CK_C_FindObjects C_FindObjects;
+ CK_C_FindObjectsFinal C_FindObjectsFinal;
+ CK_C_EncryptInit C_EncryptInit;
+ CK_C_Encrypt C_Encrypt;
+ CK_C_EncryptUpdate C_EncryptUpdate;
+ CK_C_EncryptFinal C_EncryptFinal;
+ CK_C_DecryptInit C_DecryptInit;
+ CK_C_Decrypt C_Decrypt;
+ CK_C_DecryptUpdate C_DecryptUpdate;
+ CK_C_DecryptFinal C_DecryptFinal;
+ CK_C_DigestInit C_DigestInit;
+ CK_C_Digest C_Digest;
+ CK_C_DigestUpdate C_DigestUpdate;
+ CK_C_DigestKey C_DigestKey;
+ CK_C_DigestFinal C_DigestFinal;
+ CK_C_SignInit C_SignInit;
+ CK_C_Sign C_Sign;
+ CK_C_SignUpdate C_SignUpdate;
+ CK_C_SignFinal C_SignFinal;
+ CK_C_SignRecoverInit C_SignRecoverInit;
+ CK_C_SignRecover C_SignRecover;
+ CK_C_VerifyInit C_VerifyInit;
+ CK_C_Verify C_Verify;
+ CK_C_VerifyUpdate C_VerifyUpdate;
+ CK_C_VerifyFinal C_VerifyFinal;
+ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
+ CK_C_VerifyRecover C_VerifyRecover;
+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
+ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+ CK_C_GenerateKey C_GenerateKey;
+ CK_C_GenerateKeyPair C_GenerateKeyPair;
+ CK_C_WrapKey C_WrapKey;
+ CK_C_UnwrapKey C_UnwrapKey;
+ CK_C_DeriveKey C_DeriveKey;
+ CK_C_SeedRandom C_SeedRandom;
+ CK_C_GenerateRandom C_GenerateRandom;
+ CK_C_GetFunctionStatus C_GetFunctionStatus;
+ CK_C_CancelFunction C_CancelFunction;
+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+ };
+
+
+ typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+ typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+ typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
+ typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
+
+
+ struct ck_c_initialize_args
+ {
+ ck_createmutex_t create_mutex;
+ ck_destroymutex_t destroy_mutex;
+ ck_lockmutex_t lock_mutex;
+ ck_unlockmutex_t unlock_mutex;
+ ck_flags_t flags;
+ void *reserved;
+ };
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
@@ -1180,9 +1175,9 @@ struct ck_c_initialize_args
#define CKR_MUTEX_NOT_LOCKED (0x1a1)
#define CKR_FUNCTION_REJECTED (0x200)
#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
-
/* Compatibility layer. */
#ifdef CRYPTOKI_COMPAT
@@ -1193,18 +1188,18 @@ struct ck_c_initialize_args
/* For NULL. */
#include <stddef.h>
-typedef unsigned char CK_BYTE;
-typedef unsigned char CK_CHAR;
-typedef unsigned char CK_UTF8CHAR;
-typedef unsigned char CK_BBOOL;
-typedef unsigned long int CK_ULONG;
-typedef long int CK_LONG;
-typedef CK_BYTE *CK_BYTE_PTR;
-typedef CK_CHAR *CK_CHAR_PTR;
-typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
-typedef CK_ULONG *CK_ULONG_PTR;
-typedef void *CK_VOID_PTR;
-typedef void **CK_VOID_PTR_PTR;
+ typedef unsigned char CK_BYTE;
+ typedef unsigned char CK_CHAR;
+ typedef unsigned char CK_UTF8CHAR;
+ typedef unsigned char CK_BBOOL;
+ typedef unsigned long int CK_ULONG;
+ typedef long int CK_LONG;
+ typedef CK_BYTE *CK_BYTE_PTR;
+ typedef CK_CHAR *CK_CHAR_PTR;
+ typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
+ typedef CK_ULONG *CK_ULONG_PTR;
+ typedef void *CK_VOID_PTR;
+ typedef void **CK_VOID_PTR_PTR;
#define CK_FALSE 0
#define CK_TRUE 1
#ifndef CK_DISABLE_TRUE_FALSE
@@ -1216,49 +1211,49 @@ typedef void **CK_VOID_PTR_PTR;
#endif
#endif
-typedef struct ck_version CK_VERSION;
-typedef struct ck_version *CK_VERSION_PTR;
+ typedef struct ck_version CK_VERSION;
+ typedef struct ck_version *CK_VERSION_PTR;
-typedef struct ck_info CK_INFO;
-typedef struct ck_info *CK_INFO_PTR;
+ typedef struct ck_info CK_INFO;
+ typedef struct ck_info *CK_INFO_PTR;
-typedef ck_slot_id_t *CK_SLOT_ID_PTR;
+ typedef ck_slot_id_t *CK_SLOT_ID_PTR;
-typedef struct ck_slot_info CK_SLOT_INFO;
-typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
+ typedef struct ck_slot_info CK_SLOT_INFO;
+ typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
-typedef struct ck_token_info CK_TOKEN_INFO;
-typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
+ typedef struct ck_token_info CK_TOKEN_INFO;
+ typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
-typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
+ typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
-typedef struct ck_session_info CK_SESSION_INFO;
-typedef struct ck_session_info *CK_SESSION_INFO_PTR;
+ typedef struct ck_session_info CK_SESSION_INFO;
+ typedef struct ck_session_info *CK_SESSION_INFO_PTR;
-typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
+ typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
-typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
+ typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
-typedef struct ck_attribute CK_ATTRIBUTE;
-typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
+ typedef struct ck_attribute CK_ATTRIBUTE;
+ typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
-typedef struct ck_date CK_DATE;
-typedef struct ck_date *CK_DATE_PTR;
+ typedef struct ck_date CK_DATE;
+ typedef struct ck_date *CK_DATE_PTR;
-typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+ typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
-typedef struct ck_mechanism CK_MECHANISM;
-typedef struct ck_mechanism *CK_MECHANISM_PTR;
+ typedef struct ck_mechanism CK_MECHANISM;
+ typedef struct ck_mechanism *CK_MECHANISM_PTR;
-typedef struct ck_mechanism_info CK_MECHANISM_INFO;
-typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+ typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+ typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
-typedef struct ck_function_list CK_FUNCTION_LIST;
-typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
-typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+ typedef struct ck_function_list CK_FUNCTION_LIST;
+ typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+ typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
-typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
-typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+ typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
#define NULL_PTR NULL
@@ -1342,9 +1337,9 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
#undef unlock_mutex
#undef reserved
-#endif /* CRYPTOKI_COMPAT */
-
+#endif /* CRYPTOKI_COMPAT */
+
/* System dependencies. */
#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
#pragma pack(pop, cryptoki)
@@ -1354,4 +1349,4 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
}
#endif
-#endif /* PKCS11_H */
+#endif /* PKCS11_H */
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 066793b163..c825fb42a5 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -33,33 +33,37 @@
#define MAX_PROVIDERS 16
-static void terminate_string(unsigned char *str, size_t len);
+static void terminate_string (unsigned char *str, size_t len);
/* XXX: try to eliminate this */
#define MAX_CERT_SIZE 8*1024
-struct gnutls_pkcs11_provider_s {
- pakchois_module_t *module;
- unsigned long nslots;
- ck_slot_id_t *slots;
- struct ck_info info;
+struct gnutls_pkcs11_provider_s
+{
+ pakchois_module_t *module;
+ unsigned long nslots;
+ ck_slot_id_t *slots;
+ struct ck_info info;
};
-struct flags_find_data_st {
- struct pkcs11_url_info info;
- unsigned int slot_flags;
+struct flags_find_data_st
+{
+ struct pkcs11_url_info info;
+ unsigned int slot_flags;
};
-struct url_find_data_st {
- gnutls_pkcs11_obj_t crt;
+struct url_find_data_st
+{
+ gnutls_pkcs11_obj_t crt;
};
-struct crt_find_data_st {
- gnutls_pkcs11_obj_t *p_list;
- unsigned int *n_list;
- unsigned int current;
- gnutls_pkcs11_obj_attr_t flags;
- struct pkcs11_url_info info;
+struct crt_find_data_st
+{
+ gnutls_pkcs11_obj_t *p_list;
+ unsigned int *n_list;
+ unsigned int current;
+ gnutls_pkcs11_obj_attr_t flags;
+ struct pkcs11_url_info info;
};
@@ -72,98 +76,101 @@ static void *pin_data;
gnutls_pkcs11_token_callback_t token_func;
void *token_data;
-int pkcs11_rv_to_err(ck_rv_t rv)
+int
+pkcs11_rv_to_err (ck_rv_t rv)
{
- switch (rv) {
- case CKR_OK:
- return 0;
- case CKR_HOST_MEMORY:
- return GNUTLS_E_MEMORY_ERROR;
- case CKR_SLOT_ID_INVALID:
- return GNUTLS_E_PKCS11_SLOT_ERROR;
- case CKR_ARGUMENTS_BAD:
- case CKR_MECHANISM_PARAM_INVALID:
- return GNUTLS_E_INVALID_REQUEST;
- case CKR_NEED_TO_CREATE_THREADS:
- case CKR_CANT_LOCK:
- case CKR_FUNCTION_NOT_PARALLEL:
- case CKR_MUTEX_BAD:
- case CKR_MUTEX_NOT_LOCKED:
- return GNUTLS_E_LOCKING_ERROR;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- return GNUTLS_E_PKCS11_DEVICE_ERROR;
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_OBJECT_HANDLE_INVALID:
- return GNUTLS_E_PKCS11_DATA_ERROR;
- case CKR_FUNCTION_NOT_SUPPORTED:
- case CKR_MECHANISM_INVALID:
- return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_KEY_NOT_NEEDED:
- case CKR_KEY_CHANGED:
- case CKR_KEY_NEEDED:
- case CKR_KEY_INDIGESTIBLE:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_NOT_WRAPPABLE:
- case CKR_KEY_UNEXTRACTABLE:
- return GNUTLS_E_PKCS11_KEY_ERROR;
- case CKR_PIN_INCORRECT:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- return GNUTLS_E_PKCS11_PIN_ERROR;
- case CKR_PIN_EXPIRED:
- return GNUTLS_E_PKCS11_PIN_EXPIRED;
- case CKR_PIN_LOCKED:
- return GNUTLS_E_PKCS11_PIN_LOCKED;
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_COUNT:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
- case CKR_SESSION_READ_ONLY:
- case CKR_SESSION_EXISTS:
- case CKR_SESSION_READ_ONLY_EXISTS:
- case CKR_SESSION_READ_WRITE_SO_EXISTS:
- return GNUTLS_E_PKCS11_SESSION_ERROR;
- case CKR_SIGNATURE_INVALID:
- case CKR_SIGNATURE_LEN_RANGE:
- return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
- case CKR_TOKEN_NOT_PRESENT:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- return GNUTLS_E_PKCS11_TOKEN_ERROR;
- case CKR_USER_ALREADY_LOGGED_IN:
- case CKR_USER_NOT_LOGGED_IN:
- case CKR_USER_PIN_NOT_INITIALIZED:
- case CKR_USER_TYPE_INVALID:
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
- case CKR_USER_TOO_MANY_TYPES:
- return GNUTLS_E_PKCS11_USER_ERROR;
- case CKR_BUFFER_TOO_SMALL:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- default:
- return GNUTLS_E_PKCS11_ERROR;
- }
+ switch (rv)
+ {
+ case CKR_OK:
+ return 0;
+ case CKR_HOST_MEMORY:
+ return GNUTLS_E_MEMORY_ERROR;
+ case CKR_SLOT_ID_INVALID:
+ return GNUTLS_E_PKCS11_SLOT_ERROR;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_MECHANISM_PARAM_INVALID:
+ return GNUTLS_E_INVALID_REQUEST;
+ case CKR_NEED_TO_CREATE_THREADS:
+ case CKR_CANT_LOCK:
+ case CKR_FUNCTION_NOT_PARALLEL:
+ case CKR_MUTEX_BAD:
+ case CKR_MUTEX_NOT_LOCKED:
+ return GNUTLS_E_LOCKING_ERROR;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_DEVICE_REMOVED:
+ return GNUTLS_E_PKCS11_DEVICE_ERROR;
+ case CKR_DATA_INVALID:
+ case CKR_DATA_LEN_RANGE:
+ case CKR_ENCRYPTED_DATA_INVALID:
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ case CKR_OBJECT_HANDLE_INVALID:
+ return GNUTLS_E_PKCS11_DATA_ERROR;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_MECHANISM_INVALID:
+ return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
+ case CKR_KEY_HANDLE_INVALID:
+ case CKR_KEY_SIZE_RANGE:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ case CKR_KEY_NOT_NEEDED:
+ case CKR_KEY_CHANGED:
+ case CKR_KEY_NEEDED:
+ case CKR_KEY_INDIGESTIBLE:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_NOT_WRAPPABLE:
+ case CKR_KEY_UNEXTRACTABLE:
+ return GNUTLS_E_PKCS11_KEY_ERROR;
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_INVALID:
+ case CKR_PIN_LEN_RANGE:
+ return GNUTLS_E_PKCS11_PIN_ERROR;
+ case CKR_PIN_EXPIRED:
+ return GNUTLS_E_PKCS11_PIN_EXPIRED;
+ case CKR_PIN_LOCKED:
+ return GNUTLS_E_PKCS11_PIN_LOCKED;
+ case CKR_SESSION_CLOSED:
+ case CKR_SESSION_COUNT:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_SESSION_EXISTS:
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return GNUTLS_E_PKCS11_SESSION_ERROR;
+ case CKR_SIGNATURE_INVALID:
+ case CKR_SIGNATURE_LEN_RANGE:
+ return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
+ case CKR_TOKEN_NOT_PRESENT:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return GNUTLS_E_PKCS11_TOKEN_ERROR;
+ case CKR_USER_ALREADY_LOGGED_IN:
+ case CKR_USER_NOT_LOGGED_IN:
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ case CKR_USER_TYPE_INVALID:
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ case CKR_USER_TOO_MANY_TYPES:
+ return GNUTLS_E_PKCS11_USER_ERROR;
+ case CKR_BUFFER_TOO_SMALL:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ default:
+ return GNUTLS_E_PKCS11_ERROR;
+ }
}
/* Fake scan */
-void pkcs11_rescan_slots(void)
+void
+pkcs11_rescan_slots (void)
{
- unsigned long slots;
+ unsigned long slots;
- pakchois_get_slot_list(providers[active_providers - 1].module, 0,
- NULL, &slots);
+ pakchois_get_slot_list (providers[active_providers - 1].module, 0,
+ NULL, &slots);
}
/**
@@ -178,66 +185,75 @@ void pkcs11_rescan_slots(void)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_add_provider(const char *name, const char *params)
+int
+gnutls_pkcs11_add_provider (const char *name, const char *params)
{
- if (active_providers >= MAX_PROVIDERS) {
- gnutls_assert();
- return GNUTLS_E_CONSTRAINT_ERROR;
- }
-
- active_providers++;
- if (pakchois_module_load_abs
- (&providers[active_providers - 1].module, name) != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("p11: Cannot load provider %s\n", name);
- active_providers--;
- return GNUTLS_E_PKCS11_LOAD_ERROR;
- }
-
- /* cache the number of slots in this module */
- if (pakchois_get_slot_list
- (providers[active_providers - 1].module, 0, NULL,
- &providers[active_providers - 1].nslots) != CKR_OK) {
- gnutls_assert();
- goto fail;
- }
-
- providers[active_providers - 1].slots =
- gnutls_malloc(sizeof(*providers[active_providers - 1].slots) *
- providers[active_providers - 1].nslots);
- if (providers[active_providers - 1].slots == NULL) {
- gnutls_assert();
- goto fail;
- }
-
- if (pakchois_get_slot_list
- (providers[active_providers - 1].module, 0,
- providers[active_providers - 1].slots,
- &providers[active_providers - 1].nslots) != CKR_OK) {
- gnutls_assert();
- gnutls_free(providers[active_providers - 1].slots);
- goto fail;
- }
-
- memset( &providers[active_providers-1].info, 0, sizeof(providers[active_providers-1].info));
- pakchois_get_info(providers[active_providers - 1].module, &providers[active_providers-1].info);
-
- terminate_string(providers[active_providers-1].info.manufacturer_id,
- sizeof(providers[active_providers-1].info.manufacturer_id));
- terminate_string(providers[active_providers-1].info.library_description,
- sizeof(providers[active_providers-1].info.library_description));
-
- _gnutls_debug_log("p11: loaded provider '%s' with %d slots\n",
- name,
- (int) providers[active_providers - 1].nslots);
-
- return 0;
-
- fail:
- pakchois_module_destroy(providers[active_providers - 1].module);
- active_providers--;
- return GNUTLS_E_PKCS11_LOAD_ERROR;
+ if (active_providers >= MAX_PROVIDERS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ active_providers++;
+ if (pakchois_module_load_abs
+ (&providers[active_providers - 1].module, name) != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("p11: Cannot load provider %s\n", name);
+ active_providers--;
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
+
+ /* cache the number of slots in this module */
+ if (pakchois_get_slot_list
+ (providers[active_providers - 1].module, 0, NULL,
+ &providers[active_providers - 1].nslots) != CKR_OK)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ providers[active_providers - 1].slots =
+ gnutls_malloc (sizeof (*providers[active_providers - 1].slots) *
+ providers[active_providers - 1].nslots);
+ if (providers[active_providers - 1].slots == NULL)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ if (pakchois_get_slot_list
+ (providers[active_providers - 1].module, 0,
+ providers[active_providers - 1].slots,
+ &providers[active_providers - 1].nslots) != CKR_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (providers[active_providers - 1].slots);
+ goto fail;
+ }
+
+ memset (&providers[active_providers - 1].info, 0,
+ sizeof (providers[active_providers - 1].info));
+ pakchois_get_info (providers[active_providers - 1].module,
+ &providers[active_providers - 1].info);
+
+ terminate_string (providers[active_providers - 1].info.manufacturer_id,
+ sizeof (providers[active_providers - 1].
+ info.manufacturer_id));
+ terminate_string (providers[active_providers - 1].info.library_description,
+ sizeof (providers[active_providers - 1].
+ info.library_description));
+
+ _gnutls_debug_log ("p11: loaded provider '%s' with %d slots\n",
+ name, (int) providers[active_providers - 1].nslots);
+
+ return 0;
+
+fail:
+ pakchois_module_destroy (providers[active_providers - 1].module);
+ active_providers--;
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
}
@@ -256,76 +272,80 @@ int gnutls_pkcs11_add_provider(const char *name, const char *params)
*
* Returns: zero on success or a negative value on error.
**/
-int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+int
+gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
- return pkcs11_get_info(&crt->info, itype, output, output_size);
+ return pkcs11_get_info (&crt->info, itype, output, output_size);
}
-int pkcs11_get_info(struct pkcs11_url_info *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size)
+int
+pkcs11_get_info (struct pkcs11_url_info *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size)
{
- const char *str = NULL;
- size_t len;
-
- switch (itype) {
- case GNUTLS_PKCS11_OBJ_ID:
- if (*output_size < info->certid_raw_size) {
- *output_size = info->certid_raw_size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- if (output)
- memcpy(output, info->certid_raw,
- info->certid_raw_size);
- *output_size = info->certid_raw_size;
-
- return 0;
- case GNUTLS_PKCS11_OBJ_ID_HEX:
- str = info->id;
- break;
- case GNUTLS_PKCS11_OBJ_LABEL:
- str = info->label;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_LABEL:
- str = info->token;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL:
- str = info->serial;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER:
- str = info->manufacturer;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
- str = info->model;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
- str = info->lib_desc;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
- str = info->lib_version;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
- str = info->lib_manufacturer;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = strlen(str);
-
- if (len + 1 > *output_size) {
- *output_size = len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- strcpy(output, str);
-
- *output_size = len;
-
- return 0;
+ const char *str = NULL;
+ size_t len;
+
+ switch (itype)
+ {
+ case GNUTLS_PKCS11_OBJ_ID:
+ if (*output_size < info->certid_raw_size)
+ {
+ *output_size = info->certid_raw_size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ if (output)
+ memcpy (output, info->certid_raw, info->certid_raw_size);
+ *output_size = info->certid_raw_size;
+
+ return 0;
+ case GNUTLS_PKCS11_OBJ_ID_HEX:
+ str = info->id;
+ break;
+ case GNUTLS_PKCS11_OBJ_LABEL:
+ str = info->label;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_LABEL:
+ str = info->token;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL:
+ str = info->serial;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER:
+ str = info->manufacturer;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
+ str = info->model;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
+ str = info->lib_desc;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
+ str = info->lib_version;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
+ str = info->lib_manufacturer;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = strlen (str);
+
+ if (len + 1 > *output_size)
+ {
+ *output_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ strcpy (output, str);
+
+ *output_size = len;
+
+ return 0;
}
static int init = 0;
@@ -347,62 +367,66 @@ static int init = 0;
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_init(unsigned int flags, const char *configfile)
+int
+gnutls_pkcs11_init (unsigned int flags, const char *configfile)
{
- int ret;
-
- if (init != 0) {
- init++;
- return 0;
- }
- init++;
-
- if (flags == GNUTLS_PKCS11_FLAG_MANUAL)
- return 0;
- else {
- FILE *fp;
- char line[512];
- const char *library;
-
- if (configfile == NULL)
- configfile = "/etc/gnutls/pkcs11.conf";
-
- fp = fopen(configfile, "r");
- if (fp == NULL) {
- gnutls_assert();
- _gnutls_debug_log("Cannot load %s\n", configfile);
- return GNUTLS_E_FILE_ERROR;
+ int ret;
+
+ if (init != 0)
+ {
+ init++;
+ return 0;
+ }
+ init++;
+
+ if (flags == GNUTLS_PKCS11_FLAG_MANUAL)
+ return 0;
+ else
+ {
+ FILE *fp;
+ char line[512];
+ const char *library;
+
+ if (configfile == NULL)
+ configfile = "/etc/gnutls/pkcs11.conf";
+
+ fp = fopen (configfile, "r");
+ if (fp == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot load %s\n", configfile);
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ while (fgets (line, sizeof (line), fp) != NULL)
+ {
+ if (strncmp (line, "load", sizeof ("load") - 1) == 0)
+ {
+ char *p;
+ p = strchr (line, '=');
+ if (p == NULL)
+ continue;
+
+ library = ++p;
+
+ p = strchr (line, '\n');
+ if (p != NULL)
+ {
+ *p = 0;
}
- while (fgets(line, sizeof(line), fp) != NULL) {
- if (strncmp(line, "load", sizeof("load") - 1) == 0) {
- char *p;
- p = strchr(line, '=');
- if (p == NULL)
- continue;
-
- library = ++p;
-
- p = strchr(line, '\n');
- if (p != NULL) {
- *p = 0;
- }
-
- ret =
- gnutls_pkcs11_add_provider(library,
- NULL);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_debug_log
- ("Cannot load provider: %s\n",
- library);
- continue;
- }
- }
+ ret = gnutls_pkcs11_add_provider (library, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot load provider: %s\n", library);
+ continue;
}
+ }
}
+ }
- return 0;
+ return 0;
}
/**
@@ -411,22 +435,25 @@ int gnutls_pkcs11_init(unsigned int flags, const char *configfile)
* This function will deinitialize the PKCS 11 subsystem in gnutls.
*
**/
-void gnutls_pkcs11_deinit(void)
+void
+gnutls_pkcs11_deinit (void)
{
- int i;
-
- init--;
- if (init > 0)
- return;
- if (init < 0) {
- init = 0;
- return;
- }
-
- for (i = 0; i < active_providers; i++) {
- pakchois_module_destroy(providers[i].module);
- }
- active_providers = 0;
+ int i;
+
+ init--;
+ if (init > 0)
+ return;
+ if (init < 0)
+ {
+ init = 0;
+ return;
+ }
+
+ for (i = 0; i < active_providers; i++)
+ {
+ pakchois_module_destroy (providers[i].module);
+ }
+ active_providers = 0;
}
/**
@@ -457,11 +484,12 @@ void gnutls_pkcs11_deinit(void)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-void gnutls_pkcs11_set_pin_function(gnutls_pkcs11_pin_callback_t fn,
- void *userdata)
+void
+gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn,
+ void *userdata)
{
- pin_func = fn;
- pin_data = userdata;
+ pin_func = fn;
+ pin_data = userdata;
}
/**
@@ -475,356 +503,415 @@ void gnutls_pkcs11_set_pin_function(gnutls_pkcs11_pin_callback_t fn,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-void gnutls_pkcs11_set_token_function(gnutls_pkcs11_token_callback_t fn,
- void *userdata)
+void
+gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
+ void *userdata)
{
- token_func = fn;
- token_data = userdata;
+ token_func = fn;
+ token_data = userdata;
}
-static int unescape_string(char *output, const char *input, size_t * size,
- char terminator)
+static int
+unescape_string (char *output, const char *input, size_t * size,
+ char terminator)
{
- gnutls_buffer_st str;
- int ret = 0;
- char *p;
- int len;
-
- _gnutls_buffer_init(&str);
-
- /* find terminator */
- p = strchr(input, terminator);
- if (p != NULL)
- len = p - input;
- else
- len = strlen(input);
-
- ret = _gnutls_buffer_append_data(&str, input, len);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _gnutls_buffer_unescape(&str);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _gnutls_buffer_append_data(&str, "", 1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- _gnutls_buffer_pop_data(&str, output, size);
-
- _gnutls_buffer_clear(&str);
-
- return ret;
+ gnutls_buffer_st str;
+ int ret = 0;
+ char *p;
+ int len;
+
+ _gnutls_buffer_init (&str);
+
+ /* find terminator */
+ p = strchr (input, terminator);
+ if (p != NULL)
+ len = p - input;
+ else
+ len = strlen (input);
+
+ ret = _gnutls_buffer_append_data (&str, input, len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_unescape (&str);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_data (&str, "", 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_buffer_pop_data (&str, output, size);
+
+ _gnutls_buffer_clear (&str);
+
+ return ret;
}
-int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info)
+int
+pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info)
{
- int ret;
- char *p1, *p2;
- size_t l;
+ int ret;
+ char *p1, *p2;
+ size_t l;
- memset(info, 0, sizeof(*info));
+ memset (info, 0, sizeof (*info));
- if (strstr(url, "pkcs11:") == NULL) {
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
+ if (strstr (url, "pkcs11:") == NULL)
+ {
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
- if ((p1 = strstr(url, "library-manufacturer=")) != NULL) {
- p1 += sizeof("library-manufacturer=") - 1;
- l = sizeof(info->lib_manufacturer);
+ if ((p1 = strstr (url, "library-manufacturer=")) != NULL)
+ {
+ p1 += sizeof ("library-manufacturer=") - 1;
+ l = sizeof (info->lib_manufacturer);
- ret = unescape_string(info->lib_manufacturer, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->lib_manufacturer, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, "library-description=")) != NULL) {
- p1 += sizeof("library-description=") - 1;
- l = sizeof(info->lib_desc);
+ if ((p1 = strstr (url, "library-description=")) != NULL)
+ {
+ p1 += sizeof ("library-description=") - 1;
+ l = sizeof (info->lib_desc);
- ret = unescape_string(info->lib_desc, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->lib_desc, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, "library-version=")) != NULL) {
- p1 += sizeof("library-version=") - 1;
- l = sizeof(info->lib_version);
+ if ((p1 = strstr (url, "library-version=")) != NULL)
+ {
+ p1 += sizeof ("library-version=") - 1;
+ l = sizeof (info->lib_version);
- ret = unescape_string(info->lib_version, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->lib_version, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, ";manufacturer=")) != NULL ||
- (p1 = strstr(url, ":manufacturer=")) != NULL) {
+ if ((p1 = strstr (url, ";manufacturer=")) != NULL ||
+ (p1 = strstr (url, ":manufacturer=")) != NULL)
+ {
- p1 += sizeof(";manufacturer=") - 1;
- l = sizeof(info->manufacturer);
+ p1 += sizeof (";manufacturer=") - 1;
+ l = sizeof (info->manufacturer);
- ret = unescape_string(info->manufacturer, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->manufacturer, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, "token=")) != NULL) {
- p1 += sizeof("token=") - 1;
- l = sizeof(info->token);
+ if ((p1 = strstr (url, "token=")) != NULL)
+ {
+ p1 += sizeof ("token=") - 1;
+ l = sizeof (info->token);
- ret = unescape_string(info->token, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->token, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, "object=")) != NULL) {
- p1 += sizeof("object=") - 1;
- l = sizeof(info->label);
+ if ((p1 = strstr (url, "object=")) != NULL)
+ {
+ p1 += sizeof ("object=") - 1;
+ l = sizeof (info->label);
- ret = unescape_string(info->label, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->label, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, "serial=")) != NULL) {
- p1 += sizeof("serial=") - 1;
- l = sizeof(info->serial);
+ if ((p1 = strstr (url, "serial=")) != NULL)
+ {
+ p1 += sizeof ("serial=") - 1;
+ l = sizeof (info->serial);
- ret = unescape_string(info->serial, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->serial, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, "model=")) != NULL) {
- p1 += sizeof("model=") - 1;
- l = sizeof(info->model);
+ if ((p1 = strstr (url, "model=")) != NULL)
+ {
+ p1 += sizeof ("model=") - 1;
+ l = sizeof (info->model);
- ret = unescape_string(info->model, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->model, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if ((p1 = strstr(url, "objecttype=")) != NULL) {
- p1 += sizeof("objecttype=") - 1;
- l = sizeof(info->model);
+ if ((p1 = strstr (url, "objecttype=")) != NULL)
+ {
+ p1 += sizeof ("objecttype=") - 1;
+ l = sizeof (info->model);
- ret = unescape_string(info->type, p1, &l, ';');
- if (ret < 0) {
- goto cleanup;
- }
+ ret = unescape_string (info->type, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
}
+ }
- if (((p1 = strstr(url, ";id=")) != NULL)
- || ((p1 = strstr(url, ":id=")) != NULL)) {
- p1 += sizeof(";id=") - 1;
-
- if ((p2 = strchr(p1, ';')) == NULL) {
- l = strlen(p1);
- } else {
- l = p2 - p1;
- }
-
- if (l > sizeof(info->id) - 1) {
- gnutls_assert();
- ret = GNUTLS_E_PARSING_ERROR;
- }
+ if (((p1 = strstr (url, ";id=")) != NULL)
+ || ((p1 = strstr (url, ":id=")) != NULL))
+ {
+ p1 += sizeof (";id=") - 1;
- memcpy(info->id, p1, l);
- info->id[l] = 0;
-
- /* convert to raw */
- info->certid_raw_size = sizeof(info->certid_raw);
- ret =
- _gnutls_hex2bin(info->id, strlen(info->id),
- info->certid_raw,
- &info->certid_raw_size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ if ((p2 = strchr (p1, ';')) == NULL)
+ {
+ l = strlen (p1);
}
-
- ret = 0;
-
- cleanup:
-
- return ret;
-
-}
-
-#define INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|:;,.+-"
-
-static int append(gnutls_buffer_st * dest, const char *tname,
- const char *p11name, int init)
-{
- gnutls_buffer_st tmpstr;
- int ret;
-
- _gnutls_buffer_init(&tmpstr);
- if ((ret = _gnutls_buffer_append_str(&tmpstr, tname)) < 0) {
- gnutls_assert();
- goto cleanup;
+ else
+ {
+ l = p2 - p1;
}
- ret = _gnutls_buffer_escape(&tmpstr, INVALID_CHARS);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
+ if (l > sizeof (info->id) - 1)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PARSING_ERROR;
}
- if ((ret = _gnutls_buffer_append_data(&tmpstr, "", 1)) < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ memcpy (info->id, p1, l);
+ info->id[l] = 0;
- if ((ret =
- _gnutls_buffer_append_printf(dest, "%s%s=%s",
- (init != 0) ? ";" : "", p11name,
- tmpstr.data)) < 0) {
- gnutls_assert();
- goto cleanup;
+ /* convert to raw */
+ info->certid_raw_size = sizeof (info->certid_raw);
+ ret =
+ _gnutls_hex2bin (info->id, strlen (info->id),
+ info->certid_raw, &info->certid_raw_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
}
+ }
- ret = 0;
+ ret = 0;
- cleanup:
- _gnutls_buffer_clear(&tmpstr);
+cleanup:
- return ret;
+ return ret;
}
+#define INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|:;,.+-"
-int pkcs11_info_to_url(const struct pkcs11_url_info *info, gnutls_pkcs11_url_type_t detailed, char **url)
+static int
+append (gnutls_buffer_st * dest, const char *tname,
+ const char *p11name, int init)
{
- gnutls_buffer_st str;
- int init = 0;
- int ret;
-
- _gnutls_buffer_init(&str);
-
- _gnutls_buffer_append_str(&str, "pkcs11:");
-
- if (info->token[0]) {
- ret = append(&str, info->token, "token", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
-
- if (info->serial[0]) {
- ret = append(&str, info->serial, "serial", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
-
- if (info->model[0]) {
- ret = append(&str, info->model, "model", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
-
-
- if (info->manufacturer[0]) {
- ret =
- append(&str, info->manufacturer, "manufacturer", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
-
- if (info->label[0]) {
- ret = append(&str, info->label, "object", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
+ gnutls_buffer_st tmpstr;
+ int ret;
+
+ _gnutls_buffer_init (&tmpstr);
+ if ((ret = _gnutls_buffer_append_str (&tmpstr, tname)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_escape (&tmpstr, INVALID_CHARS);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((ret = _gnutls_buffer_append_data (&tmpstr, "", 1)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_buffer_append_printf (dest, "%s%s=%s",
+ (init != 0) ? ";" : "", p11name,
+ tmpstr.data)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
- if (info->type[0]) {
- ret = append(&str, info->type, "objecttype", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
-
- if (detailed > GNUTLS_PKCS11_URL_GENERIC) {
- if (info->lib_manufacturer[0]) {
- ret = append(&str, info->lib_manufacturer, "library-manufacturer", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
-
- if (info->lib_desc[0]) {
- ret = append(&str, info->lib_desc, "library-description", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
- }
-
- if (detailed > GNUTLS_PKCS11_URL_LIB) {
- if (info->lib_version[0]) {
- ret = append(&str, info->lib_version, "library-version", init);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- init = 1;
- }
- }
+cleanup:
+ _gnutls_buffer_clear (&tmpstr);
- if (info->id[0] != 0) {
- ret =
- _gnutls_buffer_append_printf(&str, ";id=%s", info->id);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
+ return ret;
- _gnutls_buffer_append_data(&str, "", 1);
+}
- *url = str.data;
- return 0;
+int
+pkcs11_info_to_url (const struct pkcs11_url_info *info,
+ gnutls_pkcs11_url_type_t detailed, char **url)
+{
+ gnutls_buffer_st str;
+ int init = 0;
+ int ret;
+
+ _gnutls_buffer_init (&str);
+
+ _gnutls_buffer_append_str (&str, "pkcs11:");
+
+ if (info->token[0])
+ {
+ ret = append (&str, info->token, "token", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->serial[0])
+ {
+ ret = append (&str, info->serial, "serial", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->model[0])
+ {
+ ret = append (&str, info->model, "model", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+
+ if (info->manufacturer[0])
+ {
+ ret = append (&str, info->manufacturer, "manufacturer", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->label[0])
+ {
+ ret = append (&str, info->label, "object", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->type[0])
+ {
+ ret = append (&str, info->type, "objecttype", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (detailed > GNUTLS_PKCS11_URL_GENERIC)
+ {
+ if (info->lib_manufacturer[0])
+ {
+ ret =
+ append (&str, info->lib_manufacturer, "library-manufacturer",
+ init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->lib_desc[0])
+ {
+ ret = append (&str, info->lib_desc, "library-description", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+ }
+
+ if (detailed > GNUTLS_PKCS11_URL_LIB)
+ {
+ if (info->lib_version[0])
+ {
+ ret = append (&str, info->lib_version, "library-version", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+ }
+
+ if (info->id[0] != 0)
+ {
+ ret = _gnutls_buffer_append_printf (&str, ";id=%s", info->id);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ _gnutls_buffer_append_data (&str, "", 1);
+
+ *url = str.data;
+
+ return 0;
- cleanup:
- _gnutls_buffer_clear(&str);
- return ret;
+cleanup:
+ _gnutls_buffer_clear (&str);
+ return ret;
}
/**
@@ -836,15 +923,17 @@ int pkcs11_info_to_url(const struct pkcs11_url_info *info, gnutls_pkcs11_url_typ
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * crt)
+int
+gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * crt)
{
- *crt = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_obj_st));
- if (*crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *crt = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_obj_st));
+ if (*crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -853,10 +942,11 @@ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * crt)
*
* This function will deinitialize a certificate structure.
**/
-void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t crt)
+void
+gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t crt)
{
- _gnutls_free_datum(&crt->raw);
- free(crt);
+ _gnutls_free_datum (&crt->raw);
+ free (crt);
}
/**
@@ -881,737 +971,798 @@ void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t crt)
* returned, and 0 on success.
**/
int
-gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size)
+gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
+ void *output_data, size_t * output_data_size)
{
- if (obj == NULL || obj->raw.data == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (output_data == NULL || *output_data_size < obj->raw.size) {
- *output_data_size = obj->raw.size;
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *output_data_size = obj->raw.size;
-
- memcpy(output_data, obj->raw.data, obj->raw.size);
- return 0;
+ if (obj == NULL || obj->raw.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (output_data == NULL || *output_data_size < obj->raw.size)
+ {
+ *output_data_size = obj->raw.size;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *output_data_size = obj->raw.size;
+
+ memcpy (output_data, obj->raw.data, obj->raw.size);
+ return 0;
}
-static void terminate_string(unsigned char *str, size_t len)
+static void
+terminate_string (unsigned char *str, size_t len)
{
- unsigned char *ptr = str + len - 1;
+ unsigned char *ptr = str + len - 1;
- while ((*ptr == ' ' || *ptr == '\t' || *ptr == '\0') && ptr >= str)
- ptr--;
+ while ((*ptr == ' ' || *ptr == '\t' || *ptr == '\0') && ptr >= str)
+ ptr--;
- if (ptr == str - 1)
- str[0] = '\0';
- else if (ptr == str + len - 1)
- str[len - 1] = '\0';
- else
- ptr[1] = '\0';
+ if (ptr == str - 1)
+ str[0] = '\0';
+ else if (ptr == str + len - 1)
+ str[len - 1] = '\0';
+ else
+ ptr[1] = '\0';
}
-int pkcs11_find_object(pakchois_session_t ** _pks,
- ck_object_handle_t * _obj,
- struct pkcs11_url_info *info, unsigned int flags)
+int
+pkcs11_find_object (pakchois_session_t ** _pks,
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, unsigned int flags)
{
- int ret;
- pakchois_session_t *pks;
- ck_object_handle_t obj;
- ck_object_class_t class;
- struct ck_attribute a[4];
- int a_vals = 0;
- unsigned long count;
- ck_rv_t rv;
-
- class = pkcs11_strtype_to_class(info->type);
- if (class == -1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = pkcs11_open_session(&pks, info, flags & SESSION_LOGIN);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- a[a_vals].type = CKA_CLASS;
- a[a_vals].value = &class;
- a[a_vals].value_len = sizeof class;
- a_vals++;
-
- if (info->certid_raw_size > 0) {
- a[a_vals].type = CKA_ID;
- a[a_vals].value = info->certid_raw;
- a[a_vals].value_len = info->certid_raw_size;
- a_vals++;
- }
-
- rv = pakchois_find_objects_init(pks, a, a_vals);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err(rv);
- goto fail;
- }
-
- if (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
- *_obj = obj;
- *_pks = pks;
- pakchois_find_objects_final(pks);
- return 0;
-
- }
-
- pakchois_find_objects_final(pks);
- fail:
- pakchois_close_session(pks);
-
- return ret;
+ int ret;
+ pakchois_session_t *pks;
+ ck_object_handle_t obj;
+ ck_object_class_t class;
+ struct ck_attribute a[4];
+ int a_vals = 0;
+ unsigned long count;
+ ck_rv_t rv;
+
+ class = pkcs11_strtype_to_class (info->type);
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = pkcs11_open_session (&pks, info, flags & SESSION_LOGIN);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof class;
+ a_vals++;
+
+ if (info->certid_raw_size > 0)
+ {
+ a[a_vals].type = CKA_ID;
+ a[a_vals].value = info->certid_raw;
+ a[a_vals].value_len = info->certid_raw_size;
+ a_vals++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, a_vals);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err (rv);
+ goto fail;
+ }
+
+ if (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ *_obj = obj;
+ *_pks = pks;
+ pakchois_find_objects_final (pks);
+ return 0;
+
+ }
+
+ pakchois_find_objects_final (pks);
+fail:
+ pakchois_close_session (pks);
+
+ return ret;
}
-static void fix_strings(struct token_info *info)
+static void
+fix_strings (struct token_info *info)
{
- terminate_string(info->tinfo.manufacturer_id,
- sizeof info->
- tinfo.manufacturer_id);
- terminate_string(info->tinfo.label,
- sizeof info->tinfo.label);
- terminate_string(info->tinfo.model,
- sizeof info->tinfo.model);
- terminate_string(info->tinfo.serial_number,
- sizeof info->tinfo.serial_number);
- terminate_string(info->sinfo.slot_description,
- sizeof info->sinfo.slot_description);
+ terminate_string (info->tinfo.manufacturer_id,
+ sizeof info->tinfo.manufacturer_id);
+ terminate_string (info->tinfo.label, sizeof info->tinfo.label);
+ terminate_string (info->tinfo.model, sizeof info->tinfo.model);
+ terminate_string (info->tinfo.serial_number,
+ sizeof info->tinfo.serial_number);
+ terminate_string (info->sinfo.slot_description,
+ sizeof info->sinfo.slot_description);
}
-int pkcs11_open_session(pakchois_session_t ** _pks,
- struct pkcs11_url_info *info, unsigned int flags)
+int
+pkcs11_open_session (pakchois_session_t ** _pks,
+ struct pkcs11_url_info *info, unsigned int flags)
{
- ck_rv_t rv;
- int x, z, ret;
- pakchois_session_t *pks = NULL;
-
- for (x = 0; x < active_providers; x++) {
- for (z = 0; z < providers[x].nslots; z++) {
- struct token_info tinfo;
-
- rv = pakchois_open_session(providers[x].module,
- providers[x].slots[z],
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION,
- NULL, NULL, &pks);
- if (rv != CKR_OK) {
- continue;
- }
-
- if (pakchois_get_token_info
- (providers[x].module, providers[x].slots[z],
- &tinfo.tinfo) != CKR_OK) {
- goto next;
- }
- tinfo.sid = providers[x].slots[z];
- tinfo.prov = &providers[x];
-
- if (pakchois_get_slot_info
- (providers[x].module, providers[x].slots[z],
- &tinfo.sinfo) != CKR_OK) {
- goto next;
- }
-
- /* XXX make wrapper for token_info? */
- fix_strings(&tinfo);
-
- if (pkcs11_token_matches_info(info, &tinfo.tinfo,
- &providers[x].info) <
- 0) {
- goto next;
- }
-
- if (flags & SESSION_LOGIN) {
- ret = pkcs11_login(pks, &tinfo);
- if (ret < 0) {
- gnutls_assert();
- pakchois_close_session(pks);
- return ret;
- }
- }
-
- /* ok found */
- *_pks = pks;
- return 0;
-
- next:
- pakchois_close_session(pks);
+ ck_rv_t rv;
+ int x, z, ret;
+ pakchois_session_t *pks = NULL;
+
+ for (x = 0; x < active_providers; x++)
+ {
+ for (z = 0; z < providers[x].nslots; z++)
+ {
+ struct token_info tinfo;
+
+ rv = pakchois_open_session (providers[x].module,
+ providers[x].slots[z],
+ ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ if (rv != CKR_OK)
+ {
+ continue;
+ }
+
+ if (pakchois_get_token_info
+ (providers[x].module, providers[x].slots[z],
+ &tinfo.tinfo) != CKR_OK)
+ {
+ goto next;
+ }
+ tinfo.sid = providers[x].slots[z];
+ tinfo.prov = &providers[x];
+
+ if (pakchois_get_slot_info
+ (providers[x].module, providers[x].slots[z],
+ &tinfo.sinfo) != CKR_OK)
+ {
+ goto next;
+ }
+
+ /* XXX make wrapper for token_info? */
+ fix_strings (&tinfo);
+
+ if (pkcs11_token_matches_info (info, &tinfo.tinfo,
+ &providers[x].info) < 0)
+ {
+ goto next;
+ }
+
+ if (flags & SESSION_LOGIN)
+ {
+ ret = pkcs11_login (pks, &tinfo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ pakchois_close_session (pks);
+ return ret;
}
+ }
+
+ /* ok found */
+ *_pks = pks;
+ return 0;
+
+ next:
+ pakchois_close_session (pks);
}
+ }
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
-int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
- unsigned int flags)
+int
+_pkcs11_traverse_tokens (find_func_t find_func, void *input,
+ unsigned int flags)
{
- ck_rv_t rv;
- int found = 0, x, z, ret;
- pakchois_session_t *pks = NULL;
-
- for (x = 0; x < active_providers; x++) {
- for (z = 0; z < providers[x].nslots; z++) {
- struct token_info info;
-
- ret = GNUTLS_E_PKCS11_ERROR;
-
- rv = pakchois_open_session(providers[x].module,
- providers[x].slots[z],
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION,
- NULL, NULL, &pks);
- if (rv != CKR_OK) {
- continue;
- }
-
- if (pakchois_get_token_info
- (providers[x].module, providers[x].slots[z],
- &info.tinfo) != CKR_OK) {
- goto next;
- }
- info.sid = providers[x].slots[z];
- info.prov = &providers[x];
-
- if (pakchois_get_slot_info
- (providers[x].module, providers[x].slots[z],
- &info.sinfo) != CKR_OK) {
- goto next;
- }
-
- /* XXX make wrapper for token_info? */
- fix_strings(&info);
-
- if (flags & SESSION_LOGIN) {
- ret = pkcs11_login(pks, &info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
-
- ret = find_func(pks, &info, &providers[x].info, input);
-
- next:
-
- if (ret == 0) {
- found = 1;
- goto finish;
- } else {
- pakchois_close_session(pks);
- pks = NULL;
- }
+ ck_rv_t rv;
+ int found = 0, x, z, ret;
+ pakchois_session_t *pks = NULL;
+
+ for (x = 0; x < active_providers; x++)
+ {
+ for (z = 0; z < providers[x].nslots; z++)
+ {
+ struct token_info info;
+
+ ret = GNUTLS_E_PKCS11_ERROR;
+
+ rv = pakchois_open_session (providers[x].module,
+ providers[x].slots[z],
+ ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ if (rv != CKR_OK)
+ {
+ continue;
+ }
+
+ if (pakchois_get_token_info
+ (providers[x].module, providers[x].slots[z],
+ &info.tinfo) != CKR_OK)
+ {
+ goto next;
+ }
+ info.sid = providers[x].slots[z];
+ info.prov = &providers[x];
+
+ if (pakchois_get_slot_info
+ (providers[x].module, providers[x].slots[z],
+ &info.sinfo) != CKR_OK)
+ {
+ goto next;
+ }
+
+ /* XXX make wrapper for token_info? */
+ fix_strings (&info);
+
+ if (flags & SESSION_LOGIN)
+ {
+ ret = pkcs11_login (pks, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- }
-
- finish:
- /* final call */
-
- if (found == 0) {
- ret = find_func(pks, NULL, NULL, input);
- } else {
- ret = 0;
- }
-
- if (pks != NULL) {
- pakchois_close_session(pks);
- }
-
- return ret;
+ }
+
+ ret = find_func (pks, &info, &providers[x].info, input);
+
+ next:
+
+ if (ret == 0)
+ {
+ found = 1;
+ goto finish;
+ }
+ else
+ {
+ pakchois_close_session (pks);
+ pks = NULL;
+ }
+ }
+ }
+
+finish:
+ /* final call */
+
+ if (found == 0)
+ {
+ ret = find_func (pks, NULL, NULL, input);
+ }
+ else
+ {
+ ret = 0;
+ }
+
+ if (pks != NULL)
+ {
+ pakchois_close_session (pks);
+ }
+
+ return ret;
}
-static const char *pkcs11_obj_type_to_str(gnutls_pkcs11_obj_type_t type)
+static const char *
+pkcs11_obj_type_to_str (gnutls_pkcs11_obj_type_t type)
{
- switch (type) {
- case GNUTLS_PKCS11_OBJ_X509_CRT:
- return "cert";
- case GNUTLS_PKCS11_OBJ_PUBKEY:
- return "public";
- case GNUTLS_PKCS11_OBJ_PRIVKEY:
- return "private";
- case GNUTLS_PKCS11_OBJ_SECRET_KEY:
- return "secretkey";
- case GNUTLS_PKCS11_OBJ_DATA:
- return "data";
- case GNUTLS_PKCS11_OBJ_UNKNOWN:
- default:
- return "unknown";
- }
+ switch (type)
+ {
+ case GNUTLS_PKCS11_OBJ_X509_CRT:
+ return "cert";
+ case GNUTLS_PKCS11_OBJ_PUBKEY:
+ return "public";
+ case GNUTLS_PKCS11_OBJ_PRIVKEY:
+ return "private";
+ case GNUTLS_PKCS11_OBJ_SECRET_KEY:
+ return "secretkey";
+ case GNUTLS_PKCS11_OBJ_DATA:
+ return "data";
+ case GNUTLS_PKCS11_OBJ_UNKNOWN:
+ default:
+ return "unknown";
+ }
}
/* imports a raw certificate from a token to a pkcs11_obj_t structure.
*/
-static int pkcs11_obj_import(unsigned int class, gnutls_pkcs11_obj_t obj,
- const gnutls_datum_t * data,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info)
+static int
+pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo, struct ck_info *lib_info)
{
- char *s;
- int ret;
-
- switch (class) {
- case CKO_CERTIFICATE:
- obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
- break;
- case CKO_PUBLIC_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
- break;
- case CKO_PRIVATE_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
- break;
- case CKO_SECRET_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
- break;
- case CKO_DATA:
- obj->type = GNUTLS_PKCS11_OBJ_DATA;
- break;
- default:
- obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
- }
-
- if (obj->type != GNUTLS_PKCS11_OBJ_UNKNOWN)
- strcpy(obj->info.type, pkcs11_obj_type_to_str(obj->type));
-
- if (data && data->data) {
- ret = _gnutls_set_datum(&obj->raw, data->data, data->size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
-
- terminate_string(tinfo->manufacturer_id,
- sizeof tinfo->manufacturer_id);
- terminate_string(tinfo->label, sizeof tinfo->label);
- terminate_string(tinfo->model, sizeof tinfo->model);
- terminate_string(tinfo->serial_number,
- sizeof tinfo->serial_number);
-
- /* write data */
- snprintf(obj->info.manufacturer, sizeof(obj->info.manufacturer),
- "%s", tinfo->manufacturer_id);
- snprintf(obj->info.token, sizeof(obj->info.token), "%s",
- tinfo->label);
- snprintf(obj->info.model, sizeof(obj->info.model), "%s",
- tinfo->model);
- snprintf(obj->info.serial, sizeof(obj->info.serial), "%s",
- tinfo->serial_number);
-
- snprintf(obj->info.lib_manufacturer, sizeof(obj->info.lib_manufacturer), "%s",
- lib_info->manufacturer_id);
- snprintf(obj->info.lib_desc, sizeof(obj->info.lib_desc), "%s",
- lib_info->library_description);
- snprintf(obj->info.lib_version, sizeof(obj->info.lib_version),
- "%u.%u", (unsigned int)lib_info->library_version.major,
- (unsigned int)lib_info->library_version.minor);
-
-
-
- if (label && label->data) {
- memcpy(obj->info.label, label->data, label->size);
- obj->info.label[label->size] = 0;
- }
-
- if (id && id->data) {
- s = _gnutls_bin2hex(id->data, id->size, obj->info.id,
- sizeof(obj->info.id), ":");
- if (s == NULL) {
- gnutls_assert();
- return GNUTLS_E_PKCS11_ERROR;
- }
-
- memmove(obj->info.certid_raw, id->data, id->size);
- obj->info.certid_raw_size = id->size;
- }
-
- return 0;
+ char *s;
+ int ret;
+
+ switch (class)
+ {
+ case CKO_CERTIFICATE:
+ obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
+ break;
+ case CKO_PUBLIC_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
+ break;
+ case CKO_PRIVATE_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
+ break;
+ case CKO_SECRET_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
+ break;
+ case CKO_DATA:
+ obj->type = GNUTLS_PKCS11_OBJ_DATA;
+ break;
+ default:
+ obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
+ }
+
+ if (obj->type != GNUTLS_PKCS11_OBJ_UNKNOWN)
+ strcpy (obj->info.type, pkcs11_obj_type_to_str (obj->type));
+
+ if (data && data->data)
+ {
+ ret = _gnutls_set_datum (&obj->raw, data->data, data->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ terminate_string (tinfo->manufacturer_id, sizeof tinfo->manufacturer_id);
+ terminate_string (tinfo->label, sizeof tinfo->label);
+ terminate_string (tinfo->model, sizeof tinfo->model);
+ terminate_string (tinfo->serial_number, sizeof tinfo->serial_number);
+
+ /* write data */
+ snprintf (obj->info.manufacturer, sizeof (obj->info.manufacturer),
+ "%s", tinfo->manufacturer_id);
+ snprintf (obj->info.token, sizeof (obj->info.token), "%s", tinfo->label);
+ snprintf (obj->info.model, sizeof (obj->info.model), "%s", tinfo->model);
+ snprintf (obj->info.serial, sizeof (obj->info.serial), "%s",
+ tinfo->serial_number);
+
+ snprintf (obj->info.lib_manufacturer, sizeof (obj->info.lib_manufacturer),
+ "%s", lib_info->manufacturer_id);
+ snprintf (obj->info.lib_desc, sizeof (obj->info.lib_desc), "%s",
+ lib_info->library_description);
+ snprintf (obj->info.lib_version, sizeof (obj->info.lib_version), "%u.%u",
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
+
+
+
+ if (label && label->data)
+ {
+ memcpy (obj->info.label, label->data, label->size);
+ obj->info.label[label->size] = 0;
+ }
+
+ if (id && id->data)
+ {
+ s = _gnutls_bin2hex (id->data, id->size, obj->info.id,
+ sizeof (obj->info.id), ":");
+ if (s == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ memmove (obj->info.certid_raw, id->data, id->size);
+ obj->info.certid_raw_size = id->size;
+ }
+
+ return 0;
}
-static int pkcs11_obj_import_pubkey(pakchois_session_t * pks,
- ck_object_handle_t obj,
- gnutls_pkcs11_obj_t crt,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo,
- struct ck_info* lib_info)
+static int
+pkcs11_obj_import_pubkey (pakchois_session_t * pks,
+ ck_object_handle_t obj,
+ gnutls_pkcs11_obj_t crt,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
{
- struct ck_attribute a[4];
- ck_key_type_t key_type;
- opaque tmp1[2048];
- opaque tmp2[2048];
- int ret;
- unsigned int tval;
-
- a[0].type = CKA_KEY_TYPE;
- a[0].value = &key_type;
- a[0].value_len = sizeof(key_type);
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- switch (key_type) {
- case CKK_RSA:
- a[0].type = CKA_MODULUS;
- a[0].value = tmp1;
- a[0].value_len = sizeof(tmp1);
- a[1].type = CKA_PUBLIC_EXPONENT;
- a[1].value = tmp2;
- a[1].value_len = sizeof(tmp2);
-
- if (pakchois_get_attribute_value(pks, obj, a, 2) ==
- CKR_OK) {
-
- ret =
- _gnutls_set_datum(&crt->pubkey[0],
- a[0].value,
- a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum(&crt->pubkey
- [1],
- a[1].value,
- a
- [1].value_len);
-
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(&crt->pubkey
- [1]);
- _gnutls_free_datum(&crt->pubkey
- [0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- } else {
- gnutls_assert();
- return GNUTLS_E_PKCS11_ERROR;
- }
- crt->pk_algorithm = GNUTLS_PK_RSA;
- break;
- case CKK_DSA:
- a[0].type = CKA_PRIME;
- a[0].value = tmp1;
- a[0].value_len = sizeof(tmp1);
- a[1].type = CKA_SUBPRIME;
- a[1].value = tmp2;
- a[1].value_len = sizeof(tmp2);
-
- if (pakchois_get_attribute_value(pks, obj, a, 2) ==
- CKR_OK) {
- ret =
- _gnutls_set_datum(&crt->pubkey[0],
- a[0].value,
- a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum(&crt->pubkey
- [1],
- a[1].value,
- a
- [1].value_len);
-
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(&crt->pubkey
- [1]);
- _gnutls_free_datum(&crt->pubkey
- [0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- } else {
- gnutls_assert();
- return GNUTLS_E_PKCS11_ERROR;
- }
-
- a[0].type = CKA_BASE;
- a[0].value = tmp1;
- a[0].value_len = sizeof(tmp1);
- a[1].type = CKA_VALUE;
- a[1].value = tmp2;
- a[1].value_len = sizeof(tmp2);
-
- if (pakchois_get_attribute_value(pks, obj, a, 2) ==
- CKR_OK) {
- ret =
- _gnutls_set_datum(&crt->pubkey[2],
- a[0].value,
- a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum(&crt->pubkey
- [3],
- a[1].value,
- a
- [1].value_len);
-
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(&crt->pubkey
- [0]);
- _gnutls_free_datum(&crt->pubkey
- [1]);
- _gnutls_free_datum(&crt->pubkey
- [2]);
- _gnutls_free_datum(&crt->pubkey
- [3]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- } else {
- gnutls_assert();
- return GNUTLS_E_PKCS11_ERROR;
- }
- crt->pk_algorithm = GNUTLS_PK_RSA;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
- }
-
- /* read key usage flags */
- a[0].type = CKA_ENCRYPT;
- a[0].value = &tval;
- a[0].value_len = sizeof(tval);
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- if (tval != 0) {
- crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
- }
- }
-
- a[0].type = CKA_VERIFY;
- a[0].value = &tval;
- a[0].value_len = sizeof(tval);
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- if (tval != 0) {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
- }
- }
-
- a[0].type = CKA_VERIFY_RECOVER;
- a[0].value = &tval;
- a[0].value_len = sizeof(tval);
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- if (tval != 0) {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
+ struct ck_attribute a[4];
+ ck_key_type_t key_type;
+ opaque tmp1[2048];
+ opaque tmp2[2048];
+ int ret;
+ unsigned int tval;
+
+ a[0].type = CKA_KEY_TYPE;
+ a[0].value = &key_type;
+ a[0].value_len = sizeof (key_type);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ switch (key_type)
+ {
+ case CKK_RSA:
+ a[0].type = CKA_MODULUS;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_PUBLIC_EXPONENT;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+
+ ret =
+ _gnutls_set_datum (&crt->pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [1], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
}
- }
-
- a[0].type = CKA_DERIVE;
- a[0].value = &tval;
- a[0].value_len = sizeof(tval);
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- if (tval != 0) {
- crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ crt->pk_algorithm = GNUTLS_PK_RSA;
+ break;
+ case CKK_DSA:
+ a[0].type = CKA_PRIME;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_SUBPRIME;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ ret =
+ _gnutls_set_datum (&crt->pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [1], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
}
- }
-
- a[0].type = CKA_WRAP;
- a[0].value = &tval;
- a[0].value_len = sizeof(tval);
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- if (tval != 0) {
- crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ a[0].type = CKA_BASE;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_VALUE;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ ret =
+ _gnutls_set_datum (&crt->pubkey[2],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [3], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[0]);
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[2]);
+ _gnutls_free_datum (&crt->pubkey[3]);
+ return GNUTLS_E_MEMORY_ERROR;
}
- }
-
- return pkcs11_obj_import(CKO_PUBLIC_KEY, crt, NULL, id, label,
- tinfo, lib_info);
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ crt->pk_algorithm = GNUTLS_PK_RSA;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+ }
+
+ /* read key usage flags */
+ a[0].type = CKA_ENCRYPT;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ }
+ }
+
+ a[0].type = CKA_VERIFY;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_VERIFY_RECOVER;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_DERIVE;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
+ }
+ }
+
+ a[0].type = CKA_WRAP;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ }
+ }
+
+ return pkcs11_obj_import (CKO_PUBLIC_KEY, crt, NULL, id, label,
+ tinfo, lib_info);
}
-ck_object_class_t pkcs11_strtype_to_class(const char *type)
+ck_object_class_t
+pkcs11_strtype_to_class (const char *type)
{
- ck_object_class_t class;
-
- if (strcmp(type, "cert") == 0) {
- class = CKO_CERTIFICATE;
- } else if (strcmp(type, "public") == 0) {
- class = CKO_PUBLIC_KEY;
- } else if (strcmp(type, "private") == 0) {
- class = CKO_PRIVATE_KEY;
- } else if (strcmp(type, "secretkey") == 0) {
- class = CKO_SECRET_KEY;
- } else if (strcmp(type, "data") == 0) {
- class = CKO_DATA;
- } else {
- class = -1;
- }
-
- return class;
+ ck_object_class_t class;
+
+ if (strcmp (type, "cert") == 0)
+ {
+ class = CKO_CERTIFICATE;
+ }
+ else if (strcmp (type, "public") == 0)
+ {
+ class = CKO_PUBLIC_KEY;
+ }
+ else if (strcmp (type, "private") == 0)
+ {
+ class = CKO_PRIVATE_KEY;
+ }
+ else if (strcmp (type, "secretkey") == 0)
+ {
+ class = CKO_SECRET_KEY;
+ }
+ else if (strcmp (type, "data") == 0)
+ {
+ class = CKO_DATA;
+ }
+ else
+ {
+ class = -1;
+ }
+
+ return class;
}
-static int find_obj_url(pakchois_session_t * pks, struct token_info *info,
- struct ck_info* lib_info, void *input)
+static int
+find_obj_url (pakchois_session_t * pks, struct token_info *info,
+ struct ck_info *lib_info, void *input)
{
- struct url_find_data_st *find_data = input;
- struct ck_attribute a[4];
- ck_object_class_t class = -1;
- ck_certificate_type_t type = -1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
- opaque *cert_data = NULL;
- char label_tmp[PKCS11_LABEL_SIZE];
-
- if (info == NULL) { /* we don't support multiple calls */
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (pkcs11_token_matches_info(&find_data->crt->info, &info->tinfo, lib_info)
- < 0) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ struct url_find_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class = -1;
+ ck_certificate_type_t type = -1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+ opaque *cert_data = NULL;
+ char label_tmp[PKCS11_LABEL_SIZE];
+
+ if (info == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info
+ (&find_data->crt->info, &info->tinfo, lib_info) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (find_data->crt->info.type[0] != 0)
+ {
+ class = pkcs11_strtype_to_class (find_data->crt->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ /* search the token for the id */
+
+ cert_data = gnutls_malloc (MAX_CERT_SIZE);
+ if (cert_data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with given class and type */
+
+ a[0].type = CKA_ID;
+ a[0].value = find_data->crt->info.certid_raw;
+ a[0].value_len = find_data->crt->info.certid_raw_size;
+
+ a_vals = 1;
+
+ if (class != -1)
+ {
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof class;
+ a_vals++;
+ }
+
+ if (type != -1)
+ {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, a_vals);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ a[1].type = CKA_LABEL;
+ a[1].value = label_tmp;
+ a[1].value_len = sizeof (label_tmp);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ gnutls_datum_t id = { find_data->crt->info.certid_raw,
+ find_data->crt->info.certid_raw_size
+ };
+ gnutls_datum_t data = { a[0].value, a[0].value_len };
+ gnutls_datum_t label = { a[1].value, a[1].value_len };
+
+ if (class == CKO_PUBLIC_KEY)
+ {
+ ret =
+ pkcs11_obj_import_pubkey (pks, obj,
+ find_data->crt,
+ &id, &label,
+ &info->tinfo, lib_info);
+ }
+ else
+ {
+ ret =
+ pkcs11_obj_import (class,
+ find_data->crt,
+ &data, &id, &label,
+ &info->tinfo, lib_info);
+ }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ found = 1;
+ break;
+ }
+ else
+ {
+ _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n");
+ }
+ }
+
+ if (found == 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ else
+ {
+ ret = 0;
+ }
- if (find_data->crt->info.type[0] != 0) {
- class = pkcs11_strtype_to_class(find_data->crt->info.type);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
-
- if (class == -1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
-
- /* search the token for the id */
-
- cert_data = gnutls_malloc(MAX_CERT_SIZE);
- if (cert_data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Find objects with given class and type */
-
- a[0].type = CKA_ID;
- a[0].value = find_data->crt->info.certid_raw;
- a[0].value_len = find_data->crt->info.certid_raw_size;
-
- a_vals = 1;
-
- if (class != -1) {
- a[a_vals].type = CKA_CLASS;
- a[a_vals].value = &class;
- a[a_vals].value_len = sizeof class;
- a_vals++;
- }
-
- if (type != -1) {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
-
- rv = pakchois_find_objects_init(pks, a, a_vals);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
-
- a[0].type = CKA_VALUE;
- a[0].value = cert_data;
- a[0].value_len = MAX_CERT_SIZE;
- a[1].type = CKA_LABEL;
- a[1].value = label_tmp;
- a[1].value_len = sizeof(label_tmp);
-
- if (pakchois_get_attribute_value(pks, obj, a, 2) == CKR_OK) {
- gnutls_datum_t id =
- { find_data->crt->info.certid_raw,
- find_data->crt->info.certid_raw_size
- };
- gnutls_datum_t data =
- { a[0].value, a[0].value_len };
- gnutls_datum_t label =
- { a[1].value, a[1].value_len };
-
- if (class == CKO_PUBLIC_KEY) {
- ret =
- pkcs11_obj_import_pubkey(pks, obj,
- find_data->crt,
- &id, &label,
- &info->tinfo,
- lib_info);
- } else {
- ret =
- pkcs11_obj_import(class,
- find_data->crt,
- &data, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- found = 1;
- break;
- } else {
- _gnutls_debug_log
- ("pk11: Skipped cert, missing attrs.\n");
- }
- }
-
- if (found == 0) {
- gnutls_assert();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- } else {
- ret = 0;
- }
-
- cleanup:
- gnutls_free(cert_data);
- pakchois_find_objects_final(pks);
+cleanup:
+ gnutls_free (cert_data);
+ pakchois_find_objects_final (pks);
- return ret;
+ return ret;
}
-unsigned int pkcs11_obj_flags_to_int(unsigned int flags)
+unsigned int
+pkcs11_obj_flags_to_int (unsigned int flags)
{
- switch (flags) {
- case GNUTLS_PKCS11_OBJ_FLAG_LOGIN:
- return SESSION_LOGIN;
- default:
- return 0;
- }
+ switch (flags)
+ {
+ case GNUTLS_PKCS11_OBJ_FLAG_LOGIN:
+ return SESSION_LOGIN;
+ default:
+ return 0;
+ }
}
/**
@@ -1628,72 +1779,78 @@ unsigned int pkcs11_obj_flags_to_int(unsigned int flags)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t cert, const char *url,
- unsigned int flags)
+int
+gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url,
+ unsigned int flags)
{
- int ret;
- struct url_find_data_st find_data;
-
- /* fill in the find data structure */
- find_data.crt = cert;
-
- ret = pkcs11_url_to_info(url, &cert->info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret =
- _pkcs11_traverse_tokens(find_obj_url, &find_data,
- pkcs11_obj_flags_to_int(flags));
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return 0;
+ int ret;
+ struct url_find_data_st find_data;
+
+ /* fill in the find data structure */
+ find_data.crt = cert;
+
+ ret = pkcs11_url_to_info (url, &cert->info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens (find_obj_url, &find_data,
+ pkcs11_obj_flags_to_int (flags));
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
}
-struct token_num {
- struct pkcs11_url_info info;
- unsigned int seq; /* which one we are looking for */
- unsigned int current; /* which one are we now */
+struct token_num
+{
+ struct pkcs11_url_info info;
+ unsigned int seq; /* which one we are looking for */
+ unsigned int current; /* which one are we now */
};
-static int find_token_num(pakchois_session_t * pks,
- struct token_info *tinfo,
- struct ck_info* lib_info,
- void *input)
+static int
+find_token_num (pakchois_session_t * pks,
+ struct token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
- struct token_num *find_data = input;
+ struct token_num *find_data = input;
- if (tinfo == NULL) { /* we don't support multiple calls */
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (tinfo == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (find_data->current == find_data->seq) {
- strcpy(find_data->info.manufacturer,
- tinfo->tinfo.manufacturer_id);
- strcpy(find_data->info.token, tinfo->tinfo.label);
- strcpy(find_data->info.model, tinfo->tinfo.model);
- strcpy(find_data->info.serial, tinfo->tinfo.serial_number);
+ if (find_data->current == find_data->seq)
+ {
+ strcpy (find_data->info.manufacturer, tinfo->tinfo.manufacturer_id);
+ strcpy (find_data->info.token, tinfo->tinfo.label);
+ strcpy (find_data->info.model, tinfo->tinfo.model);
+ strcpy (find_data->info.serial, tinfo->tinfo.serial_number);
- strcpy(find_data->info.lib_manufacturer, lib_info->manufacturer_id);
- strcpy(find_data->info.lib_desc, lib_info->library_description);
- snprintf(find_data->info.lib_version, sizeof(find_data->info.lib_version),
- "%u.%u", (unsigned int)lib_info->library_version.major,
- (unsigned int)lib_info->library_version.minor);
+ strcpy (find_data->info.lib_manufacturer, lib_info->manufacturer_id);
+ strcpy (find_data->info.lib_desc, lib_info->library_description);
+ snprintf (find_data->info.lib_version,
+ sizeof (find_data->info.lib_version), "%u.%u",
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
- return 0;
- }
+ return 0;
+ }
- find_data->current++;
- /* search the token for the id */
+ find_data->current++;
+ /* search the token for the id */
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
}
/**
@@ -1709,27 +1866,31 @@ static int find_token_num(pakchois_session_t * pks,
* if the sequence number exceeds the available tokens, otherwise a negative error value.
**/
-int gnutls_pkcs11_token_get_url(unsigned int seq, gnutls_pkcs11_url_type_t detailed, char **url)
+int
+gnutls_pkcs11_token_get_url (unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
- int ret;
- struct token_num tn;
+ int ret;
+ struct token_num tn;
- memset(&tn, 0, sizeof(tn));
- tn.seq = seq;
+ memset (&tn, 0, sizeof (tn));
+ tn.seq = seq;
- ret = _pkcs11_traverse_tokens(find_token_num, &tn, 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _pkcs11_traverse_tokens (find_token_num, &tn, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- ret = pkcs11_info_to_url(&tn.info, detailed, url);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = pkcs11_info_to_url (&tn.info, detailed, url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -1745,51 +1906,55 @@ int gnutls_pkcs11_token_get_url(unsigned int seq, gnutls_pkcs11_url_type_t detai
*
* Returns: zero on success or a negative value on error.
**/
-int gnutls_pkcs11_token_get_info(const char *url,
- gnutls_pkcs11_token_info_t ttype,
- void *output, size_t * output_size)
+int
+gnutls_pkcs11_token_get_info (const char *url,
+ gnutls_pkcs11_token_info_t ttype,
+ void *output, size_t * output_size)
{
- const char *str;
- size_t len;
- struct pkcs11_url_info info;
- int ret;
-
- ret = pkcs11_url_to_info(url, &info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- switch (ttype) {
- case GNUTLS_PKCS11_TOKEN_LABEL:
- str = info.token;
- break;
- case GNUTLS_PKCS11_TOKEN_SERIAL:
- str = info.serial;
- break;
- case GNUTLS_PKCS11_TOKEN_MANUFACTURER:
- str = info.manufacturer;
- break;
- case GNUTLS_PKCS11_TOKEN_MODEL:
- str = info.model;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = strlen(str);
-
- if (len + 1 > *output_size) {
- *output_size = len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- strcpy(output, str);
-
- *output_size = len;
-
- return 0;
+ const char *str;
+ size_t len;
+ struct pkcs11_url_info info;
+ int ret;
+
+ ret = pkcs11_url_to_info (url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ switch (ttype)
+ {
+ case GNUTLS_PKCS11_TOKEN_LABEL:
+ str = info.token;
+ break;
+ case GNUTLS_PKCS11_TOKEN_SERIAL:
+ str = info.serial;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MANUFACTURER:
+ str = info.manufacturer;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MODEL:
+ str = info.model;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = strlen (str);
+
+ if (len + 1 > *output_size)
+ {
+ *output_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ strcpy (output, str);
+
+ *output_size = len;
+
+ return 0;
}
/**
@@ -1803,17 +1968,20 @@ int gnutls_pkcs11_token_get_info(const char *url,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t cert, gnutls_pkcs11_url_type_t detailed, char **url)
+int
+gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t cert,
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
- int ret;
+ int ret;
- ret = pkcs11_info_to_url(&cert->info, detailed, url);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = pkcs11_info_to_url (&cert->info, detailed, url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -1825,481 +1993,535 @@ int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t cert, gnutls_pkcs11_url_typ
*
* Returns: The type of the certificate.
**/
-gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t
- obj)
+gnutls_pkcs11_obj_type_t
+gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj)
{
- return obj->type;
+ return obj->type;
}
-struct pkey_list {
- gnutls_buffer_st *key_ids;
- size_t key_ids_size;
+struct pkey_list
+{
+ gnutls_buffer_st *key_ids;
+ size_t key_ids_size;
};
-int pkcs11_login(pakchois_session_t * pks, const struct token_info *info)
+int
+pkcs11_login (pakchois_session_t * pks, const struct token_info *info)
{
- int attempt = 0, ret;
- ck_rv_t rv;
- char* token_url;
- int pin_len;
- struct pkcs11_url_info uinfo;
-
-
- if ((info->tinfo.flags & CKF_LOGIN_REQUIRED) == 0) {
- gnutls_assert();
- _gnutls_debug_log("pk11: No login required.\n");
- return 0;
- }
-
- memset(&uinfo, 0, sizeof(uinfo));
- strcpy(uinfo.manufacturer, info->tinfo.manufacturer_id);
- strcpy(uinfo.token, info->tinfo.label);
- strcpy(uinfo.model, info->tinfo.model);
- strcpy(uinfo.serial, info->tinfo.serial_number);
- ret = pkcs11_info_to_url(&uinfo, 1, &token_url);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* For a token with a "protected" (out-of-band) authentication
- * path, calling login with a NULL username is all that is
- * required. */
- if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
- if (pakchois_login(pks, CKU_USER, NULL, 0) == CKR_OK) {
- return 0;
- } else {
- gnutls_assert();
- _gnutls_debug_log
- ("pk11: Protected login failed.\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
- }
-
- /* Otherwise, PIN entry is necessary for login, so fail if there's
- * no callback. */
- if (!pin_func) {
- gnutls_assert();
- _gnutls_debug_log
- ("pk11: No pin callback but login required.\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
-
- do {
- struct ck_token_info tinfo;
- char pin[GNUTLS_PKCS11_MAX_PIN_LEN];
- unsigned int flags;
-
- /* If login has been attempted once already, check the token
- * status again, the flags might change. */
- if (attempt) {
- if (pakchois_get_token_info
- (info->prov->module, info->sid,
- &tinfo) != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log
- ("pk11: GetTokenInfo failed\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
- }
-
- flags = 0;
- if (tinfo.flags & CKF_USER_PIN_COUNT_LOW)
- flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
- if (tinfo.flags & CKF_USER_PIN_FINAL_TRY)
- flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
-
- ret = pin_func(pin_data, attempt++,
- (char *) token_url,
- (char *) info->tinfo.label, flags,
- pin, sizeof(pin));
- if (ret < 0) {
- gnutls_assert();
- ret = GNUTLS_E_PKCS11_PIN_ERROR;
- goto cleanup;
- }
- pin_len = strlen(pin);
-
- rv = pakchois_login(pks, CKU_USER, (unsigned char *) pin,
- pin_len);
-
- /* Try to scrub the pin off the stack. Clever compilers will
- * probably optimize this away, oh well. */
- memset(pin, 0, sizeof pin);
- } while (rv == CKR_PIN_INCORRECT);
-
- _gnutls_debug_log("pk11: Login result = %lu\n", rv);
-
-
- ret = (rv == CKR_OK
- || rv ==
- CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err(rv);
+ int attempt = 0, ret;
+ ck_rv_t rv;
+ char *token_url;
+ int pin_len;
+ struct pkcs11_url_info uinfo;
+
+
+ if ((info->tinfo.flags & CKF_LOGIN_REQUIRED) == 0)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: No login required.\n");
+ return 0;
+ }
+
+ memset (&uinfo, 0, sizeof (uinfo));
+ strcpy (uinfo.manufacturer, info->tinfo.manufacturer_id);
+ strcpy (uinfo.token, info->tinfo.label);
+ strcpy (uinfo.model, info->tinfo.model);
+ strcpy (uinfo.serial, info->tinfo.serial_number);
+ ret = pkcs11_info_to_url (&uinfo, 1, &token_url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* For a token with a "protected" (out-of-band) authentication
+ * path, calling login with a NULL username is all that is
+ * required. */
+ if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+ {
+ if (pakchois_login (pks, CKU_USER, NULL, 0) == CKR_OK)
+ {
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: Protected login failed.\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ /* Otherwise, PIN entry is necessary for login, so fail if there's
+ * no callback. */
+ if (!pin_func)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: No pin callback but login required.\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+
+ do
+ {
+ struct ck_token_info tinfo;
+ char pin[GNUTLS_PKCS11_MAX_PIN_LEN];
+ unsigned int flags;
+
+ /* If login has been attempted once already, check the token
+ * status again, the flags might change. */
+ if (attempt)
+ {
+ if (pakchois_get_token_info
+ (info->prov->module, info->sid, &tinfo) != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: GetTokenInfo failed\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ flags = 0;
+ if (tinfo.flags & CKF_USER_PIN_COUNT_LOW)
+ flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
+ if (tinfo.flags & CKF_USER_PIN_FINAL_TRY)
+ flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
+
+ ret = pin_func (pin_data, attempt++,
+ (char *) token_url,
+ (char *) info->tinfo.label, flags, pin, sizeof (pin));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PKCS11_PIN_ERROR;
+ goto cleanup;
+ }
+ pin_len = strlen (pin);
+
+ rv = pakchois_login (pks, CKU_USER, (unsigned char *) pin, pin_len);
+
+ /* Try to scrub the pin off the stack. Clever compilers will
+ * probably optimize this away, oh well. */
+ memset (pin, 0, sizeof pin);
+ }
+ while (rv == CKR_PIN_INCORRECT);
+
+ _gnutls_debug_log ("pk11: Login result = %lu\n", rv);
+
+
+ ret = (rv == CKR_OK
+ || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv);
cleanup:
- gnutls_free(token_url);
- return ret;
+ gnutls_free (token_url);
+ return ret;
}
-static int find_privkeys(pakchois_session_t * pks, struct token_info *info,
- struct pkey_list *list)
+static int
+find_privkeys (pakchois_session_t * pks, struct token_info *info,
+ struct pkey_list *list)
{
- struct ck_attribute a[3];
- ck_object_class_t class;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, current;
- char certid_tmp[PKCS11_ID_SIZE];
-
- class = CKO_PRIVATE_KEY;
-
- /* Find an object with private key class and a certificate ID
- * which matches the certificate. */
- /* FIXME: also match the cert subject. */
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- rv = pakchois_find_objects_init(pks, a, 1);
- if (rv != CKR_OK) {
- gnutls_assert();
- return pkcs11_rv_to_err(rv);
- }
-
- list->key_ids_size = 0;
- while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
- list->key_ids_size++;
- }
-
- pakchois_find_objects_final(pks);
-
- if (list->key_ids_size == 0) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- list->key_ids =
- gnutls_malloc(sizeof(gnutls_buffer_st) * list->key_ids_size);
- if (list->key_ids == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* actual search */
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- rv = pakchois_find_objects_init(pks, a, 1);
- if (rv != CKR_OK) {
- gnutls_assert();
- return pkcs11_rv_to_err(rv);
- }
-
- current = 0;
- while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
-
- a[0].type = CKA_ID;
- a[0].value = certid_tmp;
- a[0].value_len = sizeof(certid_tmp);
-
- _gnutls_buffer_init(&list->key_ids[current]);
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- _gnutls_buffer_append_data(&list->key_ids[current],
- a[0].value,
- a[0].value_len);
- current++;
- }
-
- if (current > list->key_ids_size)
- break;
- }
-
- pakchois_find_objects_final(pks);
-
- list->key_ids_size = current - 1;
-
- return 0;
+ struct ck_attribute a[3];
+ ck_object_class_t class;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, current;
+ char certid_tmp[PKCS11_ID_SIZE];
+
+ class = CKO_PRIVATE_KEY;
+
+ /* Find an object with private key class and a certificate ID
+ * which matches the certificate. */
+ /* FIXME: also match the cert subject. */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pakchois_find_objects_init (pks, a, 1);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ return pkcs11_rv_to_err (rv);
+ }
+
+ list->key_ids_size = 0;
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ list->key_ids_size++;
+ }
+
+ pakchois_find_objects_final (pks);
+
+ if (list->key_ids_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ list->key_ids =
+ gnutls_malloc (sizeof (gnutls_buffer_st) * list->key_ids_size);
+ if (list->key_ids == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* actual search */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pakchois_find_objects_init (pks, a, 1);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ return pkcs11_rv_to_err (rv);
+ }
+
+ current = 0;
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof (certid_tmp);
+
+ _gnutls_buffer_init (&list->key_ids[current]);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ _gnutls_buffer_append_data (&list->key_ids[current],
+ a[0].value, a[0].value_len);
+ current++;
+ }
+
+ if (current > list->key_ids_size)
+ break;
+ }
+
+ pakchois_find_objects_final (pks);
+
+ list->key_ids_size = current - 1;
+
+ return 0;
}
/* Recover certificate list from tokens */
-static int find_objs(pakchois_session_t * pks, struct token_info *info,
- struct ck_info* lib_info, void *input)
+static int
+find_objs (pakchois_session_t * pks, struct token_info *info,
+ struct ck_info *lib_info, void *input)
{
- struct crt_find_data_st *find_data = input;
- struct ck_attribute a[4];
- ck_object_class_t class = -1;
- ck_certificate_type_t type = -1;
- unsigned int trusted;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count;
- opaque *cert_data;
- char certid_tmp[PKCS11_ID_SIZE];
- char label_tmp[PKCS11_LABEL_SIZE];
- int ret, i;
- struct pkey_list plist; /* private key holder */
- int tot_values = 0;
-
- if (info == NULL) { /* final call */
- if (find_data->current <= *find_data->n_list)
- ret = 0;
- else
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- *find_data->n_list = find_data->current;
-
- return ret;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (find_data->info.type[0] != 0) {
- class = pkcs11_strtype_to_class(find_data->info.type);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
- else
- type = -1;
-
- if (class == -1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
-
-
- memset(&plist, 0, sizeof(plist));
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
- ret = find_privkeys(pks, info, &plist);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- if (plist.key_ids_size == 0) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- }
-
- cert_data = gnutls_malloc(MAX_CERT_SIZE);
- if (cert_data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Find objects with cert class and X.509 cert type. */
-
- tot_values = 0;
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
- || find_data->flags ==
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_CERTIFICATE_TYPE;
- a[tot_values].value = &type;
- a[tot_values].value_len = sizeof type;
- tot_values++;
-
- } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED) {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_TRUSTED;
- a[tot_values].value = &trusted;
- a[tot_values].value_len = sizeof trusted;
- tot_values++;
-
- } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY) {
- class = CKO_PUBLIC_KEY;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
- class = CKO_PRIVATE_KEY;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) {
- if (class != -1) {
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
- if (type != -1) {
- a[tot_values].type = CKA_CERTIFICATE_TYPE;
- a[tot_values].value = &type;
- a[tot_values].value_len = sizeof type;
- tot_values++;
- }
- } else {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto fail;
- }
-
- if (find_data->info.certid_raw_size != 0) {
- a[tot_values].type = CKA_ID;
- a[tot_values].value = find_data->info.certid_raw;
- a[tot_values].value_len = find_data->info.certid_raw_size;
- tot_values++;
- }
-
- rv = pakchois_find_objects_init(pks, a, tot_values);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- return pkcs11_rv_to_err(rv);
- }
-
- while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
- gnutls_datum_t label, id, value;
-
- a[0].type = CKA_LABEL;
- a[0].value = label_tmp;
- a[0].value_len = sizeof label_tmp;
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- label.data = a[0].value;
- label.size = a[0].value_len;
- } else {
- label.data = NULL;
- label.size = 0;
- }
-
- a[0].type = CKA_ID;
- a[0].value = certid_tmp;
- a[0].value_len = sizeof certid_tmp;
-
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- id.data = a[0].value;
- id.size = a[0].value_len;
- } else {
- id.data = NULL;
- id.size = 0;
- }
-
- a[0].type = CKA_VALUE;
- a[0].value = cert_data;
- a[0].value_len = MAX_CERT_SIZE;
- if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK) {
- value.data = a[0].value;
- value.size = a[0].value_len;
- } else {
- value.data = NULL;
- value.size = 0;
- }
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) {
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- pakchois_get_attribute_value(pks, obj, a, 1);
- }
-
- if (find_data->flags ==
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
- for (i = 0; i < plist.key_ids_size; i++) {
- if (plist.key_ids[i].length !=
- a[1].value_len
- || memcmp(plist.key_ids[i].data,
- a[1].value,
- a[1].value_len) != 0) {
- /* not found */
- continue;
- }
- }
- }
-
- if (find_data->current < *find_data->n_list) {
- ret =
- gnutls_pkcs11_obj_init(&find_data->p_list
- [find_data->current]);
- if (ret < 0) {
- gnutls_assert();
- goto fail;
- }
-
- if (class == CKO_PUBLIC_KEY) {
- ret =
- pkcs11_obj_import_pubkey(pks, obj,
- find_data->p_list
- [find_data->current],
- &id, &label,
- &info->tinfo,
- lib_info);
- } else {
- ret =
- pkcs11_obj_import(class,
- find_data->p_list
- [find_data->current],
- &value, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0) {
- gnutls_assert();
- goto fail;
- }
- }
-
- find_data->current++;
-
- }
-
- gnutls_free(cert_data);
- pakchois_find_objects_final(pks);
-
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
-
- fail:
- gnutls_free(cert_data);
- pakchois_find_objects_final(pks);
- if (plist.key_ids != NULL) {
- for (i = 0; i < plist.key_ids_size; i++) {
- _gnutls_buffer_clear(&plist.key_ids[i]);
+ struct crt_find_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class = -1;
+ ck_certificate_type_t type = -1;
+ unsigned int trusted;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count;
+ opaque *cert_data;
+ char certid_tmp[PKCS11_ID_SIZE];
+ char label_tmp[PKCS11_LABEL_SIZE];
+ int ret, i;
+ struct pkey_list plist; /* private key holder */
+ int tot_values = 0;
+
+ if (info == NULL)
+ { /* final call */
+ if (find_data->current <= *find_data->n_list)
+ ret = 0;
+ else
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ *find_data->n_list = find_data->current;
+
+ return ret;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) <
+ 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (find_data->info.type[0] != 0)
+ {
+ class = pkcs11_strtype_to_class (find_data->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ else
+ type = -1;
+
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+
+ memset (&plist, 0, sizeof (plist));
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ ret = find_privkeys (pks, info, &plist);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (plist.key_ids_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ }
+
+ cert_data = gnutls_malloc (MAX_CERT_SIZE);
+ if (cert_data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with cert class and X.509 cert type. */
+
+ tot_values = 0;
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
+ || find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED)
+ {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_TRUSTED;
+ a[tot_values].value = &trusted;
+ a[tot_values].value_len = sizeof trusted;
+ tot_values++;
+
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY)
+ {
+ class = CKO_PUBLIC_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
+ {
+ class = CKO_PRIVATE_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
+ {
+ if (class != -1)
+ {
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ if (type != -1)
+ {
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto fail;
+ }
+
+ if (find_data->info.certid_raw_size != 0)
+ {
+ a[tot_values].type = CKA_ID;
+ a[tot_values].value = find_data->info.certid_raw;
+ a[tot_values].value_len = find_data->info.certid_raw_size;
+ tot_values++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, tot_values);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ return pkcs11_rv_to_err (rv);
+ }
+
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ gnutls_datum_t label, id, value;
+
+ a[0].type = CKA_LABEL;
+ a[0].value = label_tmp;
+ a[0].value_len = sizeof label_tmp;
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ label.data = a[0].value;
+ label.size = a[0].value_len;
+ }
+ else
+ {
+ label.data = NULL;
+ label.size = 0;
+ }
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof certid_tmp;
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ id.data = a[0].value;
+ id.size = a[0].value_len;
+ }
+ else
+ {
+ id.data = NULL;
+ id.size = 0;
+ }
+
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ value.data = a[0].value;
+ value.size = a[0].value_len;
+ }
+ else
+ {
+ value.data = NULL;
+ value.size = 0;
+ }
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
+ {
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ pakchois_get_attribute_value (pks, obj, a, 1);
+ }
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ for (i = 0; i < plist.key_ids_size; i++)
+ {
+ if (plist.key_ids[i].length !=
+ a[1].value_len
+ || memcmp (plist.key_ids[i].data,
+ a[1].value, a[1].value_len) != 0)
+ {
+ /* not found */
+ continue;
}
- gnutls_free(plist.key_ids);
- }
- for (i = 0; i < find_data->current; i++) {
- gnutls_pkcs11_obj_deinit(find_data->p_list[i]);
- }
- find_data->current = 0;
-
- return ret;
+ }
+ }
+
+ if (find_data->current < *find_data->n_list)
+ {
+ ret =
+ gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ if (class == CKO_PUBLIC_KEY)
+ {
+ ret =
+ pkcs11_obj_import_pubkey (pks, obj,
+ find_data->p_list
+ [find_data->current],
+ &id, &label,
+ &info->tinfo, lib_info);
+ }
+ else
+ {
+ ret =
+ pkcs11_obj_import (class,
+ find_data->p_list
+ [find_data->current],
+ &value, &id, &label,
+ &info->tinfo, lib_info);
+ }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+ }
+
+ find_data->current++;
+
+ }
+
+ gnutls_free (cert_data);
+ pakchois_find_objects_final (pks);
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
+
+fail:
+ gnutls_free (cert_data);
+ pakchois_find_objects_final (pks);
+ if (plist.key_ids != NULL)
+ {
+ for (i = 0; i < plist.key_ids_size; i++)
+ {
+ _gnutls_buffer_clear (&plist.key_ids[i]);
+ }
+ gnutls_free (plist.key_ids);
+ }
+ for (i = 0; i < find_data->current; i++)
+ {
+ gnutls_pkcs11_obj_deinit (find_data->p_list[i]);
+ }
+ find_data->current = 0;
+
+ return ret;
}
/**
@@ -2316,40 +2538,44 @@ static int find_objs(pakchois_session_t * pks, struct token_info *info,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags)
+int
+gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags)
{
- int ret;
- struct crt_find_data_st find_data;
-
- /* fill in the find data structure */
- find_data.p_list = p_list;
- find_data.n_list = n_list;
- find_data.flags = attrs;
- find_data.current = 0;
-
- if (url == NULL || url[0] == 0) {
- url = "pkcs11:";
- }
-
- ret = pkcs11_url_to_info(url, &find_data.info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret =
- _pkcs11_traverse_tokens(find_objs, &find_data,
- pkcs11_obj_flags_to_int(flags));
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return 0;
+ int ret;
+ struct crt_find_data_st find_data;
+
+ /* fill in the find data structure */
+ find_data.p_list = p_list;
+ find_data.n_list = n_list;
+ find_data.flags = attrs;
+ find_data.current = 0;
+
+ if (url == NULL || url[0] == 0)
+ {
+ url = "pkcs11:";
+ }
+
+ ret = pkcs11_url_to_info (url, &find_data.info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens (find_objs, &find_data,
+ pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -2365,36 +2591,40 @@ int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
- const char *url, unsigned int flags)
+int
+gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt,
+ const char *url, unsigned int flags)
{
- gnutls_pkcs11_obj_t pcrt;
- int ret;
-
- ret = gnutls_pkcs11_obj_init(&pcrt);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import(crt, &pcrt->raw, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
- cleanup:
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init (&pcrt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import (crt, &pcrt->raw, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
- gnutls_pkcs11_obj_deinit(pcrt);
+ gnutls_pkcs11_obj_deinit (pcrt);
- return ret;
+ return ret;
}
@@ -2409,11 +2639,11 @@ int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
- gnutls_pkcs11_obj_t pkcs11_crt)
+int
+gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt)
{
- return gnutls_x509_crt_import(crt, &pkcs11_crt->raw,
- GNUTLS_X509_FMT_DER);
+ return gnutls_x509_crt_import (crt, &pkcs11_crt->raw, GNUTLS_X509_FMT_DER);
}
/**
@@ -2429,60 +2659,69 @@ int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs,
- unsigned int cert_max,
- gnutls_pkcs11_obj_t * const objs,
- unsigned int flags)
+int
+gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
+ unsigned int cert_max,
+ gnutls_pkcs11_obj_t * const objs,
+ unsigned int flags)
{
- int i, j;
- int ret;
-
- for (i = 0; i < cert_max; i++) {
- ret = gnutls_x509_crt_init(&certs[i]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ int i, j;
+ int ret;
- ret = gnutls_x509_crt_import_pkcs11(certs[i], objs[i]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ for (i = 0; i < cert_max; i++)
+ {
+ ret = gnutls_x509_crt_init (&certs[i]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
}
- return 0;
-
- cleanup:
- for (j = 0; j < i; j++) {
- gnutls_x509_crt_deinit(certs[j]);
+ ret = gnutls_x509_crt_import_pkcs11 (certs[i], objs[i]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
}
+ }
+
+ return 0;
+
+cleanup:
+ for (j = 0; j < i; j++)
+ {
+ gnutls_x509_crt_deinit (certs[j]);
+ }
- return ret;
+ return ret;
}
-static int find_flags(pakchois_session_t * pks, struct token_info *info,
- struct ck_info* lib_info, void *input)
+static int
+find_flags (pakchois_session_t * pks, struct token_info *info,
+ struct ck_info *lib_info, void *input)
{
- struct flags_find_data_st *find_data = input;
+ struct flags_find_data_st *find_data = input;
- if (info == NULL) { /* we don't support multiple calls */
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- /* do not bother reading the token if basic fields do not match
- */
- if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) <
+ 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- /* found token! */
+ /* found token! */
- find_data->slot_flags = info->sinfo.flags;
+ find_data->slot_flags = info->sinfo.flags;
- return 0;
+ return 0;
}
/**
@@ -2494,94 +2733,107 @@ static int find_flags(pakchois_session_t * pks, struct token_info *info,
*
* Returns: zero on success or a negative value on error.
**/
-int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags)
+int
+gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags)
{
- struct flags_find_data_st find_data;
- int ret;
+ struct flags_find_data_st find_data;
+ int ret;
- ret = pkcs11_url_to_info(url, &find_data.info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = pkcs11_url_to_info (url, &find_data.info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- ret = _pkcs11_traverse_tokens(find_flags, &find_data, 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _pkcs11_traverse_tokens (find_flags, &find_data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- *flags = 0;
- if (find_data.slot_flags & CKF_HW_SLOT)
- *flags |= GNUTLS_PKCS11_TOKEN_HW;
+ *flags = 0;
+ if (find_data.slot_flags & CKF_HW_SLOT)
+ *flags |= GNUTLS_PKCS11_TOKEN_HW;
- return 0;
+ return 0;
}
-const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t type)
+const char *
+gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type)
{
- switch (type) {
- case GNUTLS_PKCS11_OBJ_X509_CRT:
- return "X.509 Certificate";
- case GNUTLS_PKCS11_OBJ_PUBKEY:
- return "Public key";
- case GNUTLS_PKCS11_OBJ_PRIVKEY:
- return "Private key";
- case GNUTLS_PKCS11_OBJ_SECRET_KEY:
- return "Secret key";
- case GNUTLS_PKCS11_OBJ_DATA:
- return "Data";
- case GNUTLS_PKCS11_OBJ_UNKNOWN:
- default:
- return "Unknown";
- }
+ switch (type)
+ {
+ case GNUTLS_PKCS11_OBJ_X509_CRT:
+ return "X.509 Certificate";
+ case GNUTLS_PKCS11_OBJ_PUBKEY:
+ return "Public key";
+ case GNUTLS_PKCS11_OBJ_PRIVKEY:
+ return "Private key";
+ case GNUTLS_PKCS11_OBJ_SECRET_KEY:
+ return "Secret key";
+ case GNUTLS_PKCS11_OBJ_DATA:
+ return "Data";
+ case GNUTLS_PKCS11_OBJ_UNKNOWN:
+ default:
+ return "Unknown";
+ }
}
-int pkcs11_token_matches_info(struct pkcs11_url_info *info,
- struct ck_token_info *tinfo, struct ck_info *lib_info)
+int
+pkcs11_token_matches_info (struct pkcs11_url_info *info,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
{
- if (info->manufacturer[0] != 0) {
- if (strcmp(info->manufacturer, tinfo->manufacturer_id) !=
- 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info->manufacturer[0] != 0)
+ {
+ if (strcmp (info->manufacturer, tinfo->manufacturer_id) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (info->token[0] != 0) {
- if (strcmp(info->token, tinfo->label) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info->token[0] != 0)
+ {
+ if (strcmp (info->token, tinfo->label) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (info->model[0] != 0) {
- if (strcmp(info->model, tinfo->model) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info->model[0] != 0)
+ {
+ if (strcmp (info->model, tinfo->model) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (info->serial[0] != 0) {
- if (strcmp(info->serial, tinfo->serial_number) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info->serial[0] != 0)
+ {
+ if (strcmp (info->serial, tinfo->serial_number) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (info->lib_manufacturer[0] != 0) {
- if (strcmp(info->lib_manufacturer, lib_info->manufacturer_id) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info->lib_manufacturer[0] != 0)
+ {
+ if (strcmp (info->lib_manufacturer, lib_info->manufacturer_id) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (info->lib_desc[0] != 0) {
- if (strcmp(info->lib_desc, lib_info->library_description) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info->lib_desc[0] != 0)
+ {
+ if (strcmp (info->lib_desc, lib_info->library_description) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (info->lib_version[0] != 0) {
- char version[16];
-
- snprintf(version, sizeof(version), "%u.%u",
- (unsigned int)lib_info->library_version.major,
- (unsigned int)lib_info->library_version.minor);
- if (strcmp(info->lib_version, version) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info->lib_version[0] != 0)
+ {
+ char version[16];
+
+ snprintf (version, sizeof (version), "%u.%u",
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
+ if (strcmp (info->lib_version, version) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- return 0;
+ return 0;
}
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 46ad5cacb7..354bba3be7 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -1,5 +1,5 @@
#ifndef PKCS11_INT_H
-# define PKCS11_INT_H
+#define PKCS11_INT_H
#include <pakchois/pakchois.h>
#include <gnutls/pkcs11.h>
@@ -7,48 +7,47 @@
#define PKCS11_ID_SIZE 128
#define PKCS11_LABEL_SIZE 128
-struct token_info {
- struct ck_token_info tinfo;
- struct ck_slot_info sinfo;
- ck_slot_id_t sid;
- struct gnutls_pkcs11_provider_s *prov;
+struct token_info
+{
+ struct ck_token_info tinfo;
+ struct ck_slot_info sinfo;
+ ck_slot_id_t sid;
+ struct gnutls_pkcs11_provider_s *prov;
};
-struct pkcs11_url_info {
- /* everything here is null terminated strings */
- opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
- opaque type[16]; /* cert/key etc. */
-
- opaque lib_manufacturer[sizeof
- (((struct ck_info *) NULL)->
- manufacturer_id) + 1];
- opaque lib_desc[sizeof
- (((struct ck_info *) NULL)->
- library_description) + 1];
- opaque lib_version[12];
-
- opaque manufacturer[sizeof
- (((struct ck_token_info *) NULL)->
- manufacturer_id) + 1];
- opaque token[sizeof(((struct ck_token_info *) NULL)->label) + 1];
- opaque serial[sizeof(((struct ck_token_info *) NULL)->
- serial_number) + 1];
- opaque model[sizeof(((struct ck_token_info *) NULL)->model) + 1];
- opaque label[PKCS11_LABEL_SIZE + 1];
-
- opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
- size_t certid_raw_size;
+struct pkcs11_url_info
+{
+ /* everything here is null terminated strings */
+ opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
+ opaque type[16]; /* cert/key etc. */
+
+ opaque lib_manufacturer[sizeof
+ (((struct ck_info *) NULL)->manufacturer_id) + 1];
+ opaque lib_desc[sizeof
+ (((struct ck_info *) NULL)->library_description) + 1];
+ opaque lib_version[12];
+
+ opaque manufacturer[sizeof
+ (((struct ck_token_info *) NULL)->manufacturer_id) + 1];
+ opaque token[sizeof (((struct ck_token_info *) NULL)->label) + 1];
+ opaque serial[sizeof (((struct ck_token_info *) NULL)->serial_number) + 1];
+ opaque model[sizeof (((struct ck_token_info *) NULL)->model) + 1];
+ opaque label[PKCS11_LABEL_SIZE + 1];
+
+ opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
+ size_t certid_raw_size;
};
-struct gnutls_pkcs11_obj_st {
- gnutls_datum_t raw;
- gnutls_pkcs11_obj_type_t type;
- struct pkcs11_url_info info;
+struct gnutls_pkcs11_obj_st
+{
+ gnutls_datum_t raw;
+ gnutls_pkcs11_obj_type_t type;
+ struct pkcs11_url_info info;
- /* only when pubkey */
- gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
- gnutls_pk_algorithm pk_algorithm;
- unsigned int key_usage;
+ /* only when pubkey */
+ gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
+ gnutls_pk_algorithm pk_algorithm;
+ unsigned int key_usage;
};
/* thus function is called for every token in the traverse_tokens
@@ -56,40 +55,41 @@ struct gnutls_pkcs11_obj_st {
* It should return 0 if found what it was looking for.
*/
typedef int (*find_func_t) (pakchois_session_t * pks,
- struct token_info * tinfo, struct ck_info*, void *input);
+ struct token_info * tinfo, struct ck_info *,
+ void *input);
-int pkcs11_rv_to_err(ck_rv_t rv);
-int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info);
+int pkcs11_rv_to_err (ck_rv_t rv);
+int pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info);
-int pkcs11_get_info(struct pkcs11_url_info *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size);
-int pkcs11_login(pakchois_session_t * pks, const struct token_info *info);
+int pkcs11_get_info (struct pkcs11_url_info *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+int pkcs11_login (pakchois_session_t * pks, const struct token_info *info);
extern gnutls_pkcs11_token_callback_t token_func;
extern void *token_data;
-void pkcs11_rescan_slots(void);
-int pkcs11_info_to_url(const struct pkcs11_url_info *info, gnutls_pkcs11_url_type_t detailed, char **url);
+void pkcs11_rescan_slots (void);
+int pkcs11_info_to_url (const struct pkcs11_url_info *info,
+ gnutls_pkcs11_url_type_t detailed, char **url);
#define SESSION_WRITE 1
#define SESSION_LOGIN 2
-int pkcs11_open_session(pakchois_session_t ** _pks,
- struct pkcs11_url_info *info,
- unsigned int flags);
-int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
- unsigned int flags);
-ck_object_class_t pkcs11_strtype_to_class(const char *type);
+int pkcs11_open_session (pakchois_session_t ** _pks,
+ struct pkcs11_url_info *info, unsigned int flags);
+int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
+ unsigned int flags);
+ck_object_class_t pkcs11_strtype_to_class (const char *type);
-int pkcs11_token_matches_info(struct pkcs11_url_info *info,
- struct ck_token_info *tinfo, struct ck_info *lib_info);
+int pkcs11_token_matches_info (struct pkcs11_url_info *info,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info);
/* flags are SESSION_* */
-int pkcs11_find_object(pakchois_session_t ** _pks,
- ck_object_handle_t * _obj,
- struct pkcs11_url_info *info,
- unsigned int flags);
+int pkcs11_find_object (pakchois_session_t ** _pks,
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, unsigned int flags);
-unsigned int pkcs11_obj_flags_to_int(unsigned int flags);
+unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
#endif
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index dc738d3ce2..5d5cf48250 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -31,10 +31,11 @@
#include <pkcs11_int.h>
#include <sign.h>
-struct gnutls_pkcs11_privkey_st {
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int flags;
- struct pkcs11_url_info info;
+struct gnutls_pkcs11_privkey_st
+{
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int flags;
+ struct pkcs11_url_info info;
};
/**
@@ -46,15 +47,17 @@ struct gnutls_pkcs11_privkey_st {
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
+int
+gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key)
{
- *key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st));
- if (*key == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_privkey_st));
+ if (*key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -63,9 +66,10 @@ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
*
* This function will deinitialize a private key structure.
**/
-void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key)
+void
+gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
{
- gnutls_free(key);
+ gnutls_free (key);
}
/**
@@ -78,12 +82,13 @@ void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key)
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative value on error.
**/
-int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
- unsigned int *bits)
+int
+gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
+ unsigned int *bits)
{
- if (bits)
- *bits = 0; /* FIXME */
- return key->pk_algorithm;
+ if (bits)
+ *bits = 0; /* FIXME */
+ return key->pk_algorithm;
}
/**
@@ -100,11 +105,12 @@ int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
*
* Returns: zero on success or a negative value on error.
**/
-int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+int
+gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
- return pkcs11_get_info(&pkey->info, itype, output, output_size);
+ return pkcs11_get_info (&pkey->info, itype, output, output_size);
}
@@ -125,45 +131,49 @@ int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
* negative error value.
**/
int
-gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
-
- switch (signer->pk_algorithm) {
- case GNUTLS_PK_RSA:
- ret = pk_pkcs1_rsa_hash(hash, data, &digest);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- case GNUTLS_PK_DSA:
- ret = pk_dsa_hash(hash, data, &digest);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ int ret;
+ gnutls_datum_t digest;
+
+ switch (signer->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret = pk_pkcs1_rsa_hash (hash, data, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ ret = pk_dsa_hash (hash, data, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- ret = gnutls_pkcs11_privkey_sign_hash(signer, &digest, signature);
- _gnutls_free_datum(&digest);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature);
+ _gnutls_free_datum (&digest);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -194,61 +204,64 @@ gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t signer,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+int
+gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- ck_rv_t rv;
- int ret;
- struct ck_mechanism mech;
- unsigned long siglen;
- pakchois_session_t *pks;
- ck_object_handle_t obj;
-
- FIND_OBJECT(pks, obj, key);
-
- mech.mechanism =
- key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
- mech.parameter = NULL;
- mech.parameter_len = 0;
-
- /* Initialize signing operation; using the private key discovered
- * earlier. */
- rv = pakchois_sign_init(pks, &mech, obj);
- if (rv != CKR_OK) {
- gnutls_assert();
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- /* Work out how long the signature must be: */
- rv = pakchois_sign(pks, hash->data, hash->size, NULL, &siglen);
- if (rv != CKR_OK) {
- gnutls_assert();
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- signature->data = gnutls_malloc(siglen);
- signature->size = siglen;
-
- rv = pakchois_sign(pks, hash->data, hash->size,
- signature->data, &siglen);
- if (rv != CKR_OK) {
- gnutls_free(signature->data);
- gnutls_assert();
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- signature->size = siglen;
-
- ret = 0;
-
- cleanup:
- pakchois_close_session(pks);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ unsigned long siglen;
+ pakchois_session_t *pks;
+ ck_object_handle_t obj;
+
+ FIND_OBJECT (pks, obj, key);
+
+ mech.mechanism =
+ key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pakchois_sign_init (pks, &mech, obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the signature must be: */
+ rv = pakchois_sign (pks, hash->data, hash->size, NULL, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ signature->data = gnutls_malloc (siglen);
+ signature->size = siglen;
+
+ rv = pakchois_sign (pks, hash->data, hash->size, signature->data, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_free (signature->data);
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ signature->size = siglen;
+
+ ret = 0;
+
+cleanup:
+ pakchois_close_session (pks);
+
+ return ret;
}
@@ -266,31 +279,34 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
- const char *url, unsigned int flags)
+int
+gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
+ const char *url, unsigned int flags)
{
- int ret;
-
- ret = pkcs11_url_to_info(url, &pkey->info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- pkey->flags = flags;
-
- if (pkey->info.type[0] != 0
- && strcmp(pkey->info.type, "private") != 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (pkey->info.id[0] == 0) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- return 0;
+ int ret;
+
+ ret = pkcs11_url_to_info (url, &pkey->info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ pkey->flags = flags;
+
+ if (pkey->info.type[0] != 0 && strcmp (pkey->info.type, "private") != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (pkey->info.id[0] == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ return 0;
}
/**
@@ -307,63 +323,66 @@ int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
* negative error value.
**/
int
-gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- ck_rv_t rv;
- int ret;
- struct ck_mechanism mech;
- unsigned long siglen;
- pakchois_session_t *pks;
- ck_object_handle_t obj;
-
- FIND_OBJECT(pks, obj, key);
-
- mech.mechanism =
- key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
- mech.parameter = NULL;
- mech.parameter_len = 0;
-
- /* Initialize signing operation; using the private key discovered
- * earlier. */
- rv = pakchois_decrypt_init(pks, &mech, obj);
- if (rv != CKR_OK) {
- gnutls_assert();
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- /* Work out how long the plaintext must be: */
- rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size,
- NULL, &siglen);
- if (rv != CKR_OK) {
- gnutls_assert();
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- plaintext->data = gnutls_malloc(siglen);
- plaintext->size = siglen;
-
- rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size,
- plaintext->data, &siglen);
- if (rv != CKR_OK) {
- gnutls_free(plaintext->data);
- gnutls_assert();
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- plaintext->size = siglen;
-
- ret = 0;
-
- cleanup:
- pakchois_close_session(pks);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ unsigned long siglen;
+ pakchois_session_t *pks;
+ ck_object_handle_t obj;
+
+ FIND_OBJECT (pks, obj, key);
+
+ mech.mechanism =
+ key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pakchois_decrypt_init (pks, &mech, obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the plaintext must be: */
+ rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size,
+ NULL, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ plaintext->data = gnutls_malloc (siglen);
+ plaintext->size = siglen;
+
+ rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size,
+ plaintext->data, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_free (plaintext->data);
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ plaintext->size = siglen;
+
+ ret = 0;
+
+cleanup:
+ pakchois_close_session (pks);
+
+ return ret;
}
/**
@@ -377,16 +396,19 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
- gnutls_pkcs11_url_type_t detailed, char **url)
+int
+gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url)
{
- int ret;
+ int ret;
- ret = pkcs11_info_to_url(&key->info, detailed, url);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = pkcs11_info_to_url (&key->info, detailed, url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- return 0;
+ return 0;
}
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index fac39de9c2..15fd10c599 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -41,118 +41,126 @@
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_copy_x509_crt(const char *token_url,
- gnutls_x509_crt_t crt, const char *label,
- unsigned int flags)
+int
+gnutls_pkcs11_copy_x509_crt (const char *token_url,
+ gnutls_x509_crt_t crt, const char *label,
+ unsigned int flags)
{
- int ret;
- pakchois_session_t *pks;
- struct pkcs11_url_info info;
- ck_rv_t rv;
- size_t der_size, id_size;
- opaque *der = NULL;
- opaque id[20];
- struct ck_attribute a[8];
- ck_object_class_t class = CKO_CERTIFICATE;
- ck_certificate_type_t type = CKC_X_509;
- ck_object_handle_t obj;
- unsigned int tval = 1;
- int a_val;
-
- ret = pkcs11_url_to_info(token_url, &info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret =
- pkcs11_open_session(&pks, &info,
- SESSION_WRITE | pkcs11_obj_flags_to_int(flags));
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_crt_export(crt,
- GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
- gnutls_assert();
- goto cleanup;
- }
-
- der = gnutls_malloc(der_size);
- if (der == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_export(crt,
- GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- id_size = sizeof(id);
- ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof(class);
- a[1].type = CKA_ID;
- a[1].value = id;
- a[1].value_len = id_size;
- a[2].type = CKA_VALUE;
- a[2].value = der;
- a[2].value_len = der_size;
- a[3].type = CKA_TOKEN;
- a[3].value = &tval;
- a[3].value_len = sizeof(tval);
- a[4].type = CKA_CERTIFICATE_TYPE;
- a[4].value = &type;
- a[4].value_len = sizeof(type);
-
- a_val = 5;
-
- if (label) {
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void *) label;
- a[a_val].value_len = strlen(label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
- a[a_val].type = CKA_TRUSTED;
- a[a_val].value = &tval;
- a[a_val].value_len = sizeof(tval);
- a_val++;
- }
-
- rv = pakchois_create_object(pks, a, a_val, &obj);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- /* generated!
- */
-
- ret = 0;
-
- cleanup:
- gnutls_free(der);
- pakchois_close_session(pks);
-
- return ret;
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t der_size, id_size;
+ opaque *der = NULL;
+ opaque id[20];
+ struct ck_attribute a[8];
+ ck_object_class_t class = CKO_CERTIFICATE;
+ ck_certificate_type_t type = CKC_X_509;
+ ck_object_handle_t obj;
+ unsigned int tval = 1;
+ int a_val;
+
+ ret = pkcs11_url_to_info (token_url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session (&pks, &info,
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, NULL, &der_size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ der = gnutls_malloc (der_size);
+ if (der == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, der, &der_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ id_size = sizeof (id);
+ ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof (class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_VALUE;
+ a[2].value = der;
+ a[2].value_len = der_size;
+ a[3].type = CKA_TOKEN;
+ a[3].value = &tval;
+ a[3].value_len = sizeof (tval);
+ a[4].type = CKA_CERTIFICATE_TYPE;
+ a[4].value = &type;
+ a[4].value_len = sizeof (type);
+
+ a_val = 5;
+
+ if (label)
+ {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen (label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
+ {
+ a[a_val].type = CKA_TRUSTED;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+ }
+
+ rv = pakchois_create_object (pks, a, a_val, &obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ ret = 0;
+
+cleanup:
+ gnutls_free (der);
+ pakchois_close_session (pks);
+
+ return ret;
}
@@ -171,330 +179,354 @@ int gnutls_pkcs11_copy_x509_crt(const char *token_url,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
- gnutls_x509_privkey_t key,
- const char *label,
- unsigned int key_usage,
- unsigned int flags)
+int
+gnutls_pkcs11_copy_x509_privkey (const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags)
{
- int ret;
- pakchois_session_t *pks;
- struct pkcs11_url_info info;
- ck_rv_t rv;
- size_t id_size;
- opaque id[20];
- struct ck_attribute a[16];
- ck_object_class_t class = CKO_PRIVATE_KEY;
- ck_object_handle_t obj;
- ck_key_type_t type;
- unsigned int tval = 1;
- int a_val;
- gnutls_pk_algorithm_t pk;
- gnutls_datum_t p, q, g, y, x;
- gnutls_datum_t m, e, d, u, exp1, exp2;
-
-
- ret = pkcs11_url_to_info(token_url, &info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- id_size = sizeof(id);
- ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t id_size;
+ opaque id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_PRIVATE_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t type;
+ unsigned int tval = 1;
+ int a_val;
+ gnutls_pk_algorithm_t pk;
+ gnutls_datum_t p, q, g, y, x;
+ gnutls_datum_t m, e, d, u, exp1, exp2;
+
+
+ ret = pkcs11_url_to_info (token_url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ id_size = sizeof (id);
+ ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret =
+ pkcs11_open_session (&pks, &info,
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* FIXME: copy key usage flags */
+ a_val = 0;
+ a[a_val].type = CKA_CLASS;
+ a[a_val].value = &class;
+ a[a_val].value_len = sizeof (class);
+ a_val++;
+
+ a[a_val].type = CKA_ID;
+ a[a_val].value = id;
+ a[a_val].value_len = id_size;
+ a_val++;
+
+ a[a_val].type = CKA_KEY_TYPE;
+ a[a_val].value = &type;
+ a[a_val].value_len = sizeof (type);
+ a_val++;
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
+ tval = 1;
+ else
+ tval = 0;
+
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+
+ pk = gnutls_x509_privkey_get_pk_algorithm (key);
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ {
ret =
- pkcs11_open_session(&pks, &info,
- SESSION_WRITE | pkcs11_obj_flags_to_int(flags));
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ gnutls_x509_privkey_export_rsa_raw2 (key, &m,
+ &e, &d, &p,
+ &q, &u, &exp1, &exp2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ type = CKK_RSA;
+
+ a[a_val].type = CKA_MODULUS;
+ a[a_val].value = m.data;
+ a[a_val].value_len = m.size;
+ a_val++;
- /* FIXME: copy key usage flags */
- a_val = 0;
- a[a_val].type = CKA_CLASS;
- a[a_val].value = &class;
- a[a_val].value_len = sizeof(class);
+ a[a_val].type = CKA_PUBLIC_EXPONENT;
+ a[a_val].value = e.data;
+ a[a_val].value_len = e.size;
a_val++;
-
- a[a_val].type = CKA_ID;
- a[a_val].value = id;
- a[a_val].value_len = id_size;
+
+ a[a_val].type = CKA_PRIVATE_EXPONENT;
+ a[a_val].value = d.data;
+ a[a_val].value_len = d.size;
a_val++;
-
- a[a_val].type = CKA_KEY_TYPE;
- a[a_val].value = &type;
- a[a_val].value_len = sizeof(type);
+
+ a[a_val].type = CKA_PRIME_1;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
a_val++;
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- tval = 1;
- else
- tval = 0;
-
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = &tval;
- a[a_val].value_len = sizeof(tval);
+
+ a[a_val].type = CKA_PRIME_2;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
a_val++;
- pk = gnutls_x509_privkey_get_pk_algorithm(key);
- switch (pk) {
- case GNUTLS_PK_RSA:{
-
- ret =
- gnutls_x509_privkey_export_rsa_raw2(key, &m,
- &e, &d, &p,
- &q, &u,
- &exp1,
- &exp2);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- type = CKK_RSA;
-
- a[a_val].type = CKA_MODULUS;
- a[a_val].value = m.data;
- a[a_val].value_len = m.size;
- a_val++;
-
- a[a_val].type = CKA_PUBLIC_EXPONENT;
- a[a_val].value = e.data;
- a[a_val].value_len = e.size;
- a_val++;
-
- a[a_val].type = CKA_PRIVATE_EXPONENT;
- a[a_val].value = d.data;
- a[a_val].value_len = d.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_1;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_2;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_COEFFICIENT;
- a[a_val].value = u.data;
- a[a_val].value_len = u.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_1;
- a[a_val].value = exp1.data;
- a[a_val].value_len = exp1.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_2;
- a[a_val].value = exp2.data;
- a[a_val].value_len = exp2.size;
- a_val++;
-
- break;
- }
- case GNUTLS_PK_DSA:{
- ret =
- gnutls_x509_privkey_export_dsa_raw(key, &p, &q,
- &g, &y, &x);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- type = CKK_DSA;
-
- a[a_val].type = CKA_PRIME;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_SUBPRIME;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_BASE;
- a[a_val].value = g.data;
- a[a_val].value_len = g.size;
- a_val++;
-
- a[a_val].type = CKA_VALUE;
- a[a_val].value = x.data;
- a[a_val].value_len = x.size;
- a_val++;
-
- break;
- }
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
+ a[a_val].type = CKA_COEFFICIENT;
+ a[a_val].value = u.data;
+ a[a_val].value_len = u.size;
+ a_val++;
- rv = pakchois_create_object(pks, a, a_val, &obj);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
+ a[a_val].type = CKA_EXPONENT_1;
+ a[a_val].value = exp1.data;
+ a[a_val].value_len = exp1.size;
+ a_val++;
- /* generated!
- */
-
- switch (pk) {
- case GNUTLS_PK_RSA:{
- gnutls_free(m.data);
- gnutls_free(e.data);
- gnutls_free(d.data);
- gnutls_free(p.data);
- gnutls_free(q.data);
- gnutls_free(u.data);
- gnutls_free(exp1.data);
- gnutls_free(exp2.data);
- break;
- }
- case GNUTLS_PK_DSA:{
- gnutls_free(p.data);
- gnutls_free(q.data);
- gnutls_free(g.data);
- gnutls_free(y.data);
- gnutls_free(x.data);
- break;
- }
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
+ a[a_val].type = CKA_EXPONENT_2;
+ a[a_val].value = exp2.data;
+ a[a_val].value_len = exp2.size;
+ a_val++;
- ret = 0;
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ type = CKK_DSA;
+
+ a[a_val].type = CKA_PRIME;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
- cleanup:
- pakchois_close_session(pks);
+ a[a_val].type = CKA_SUBPRIME;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
- return ret;
+ a[a_val].type = CKA_BASE;
+ a[a_val].value = g.data;
+ a[a_val].value_len = g.size;
+ a_val++;
+
+ a[a_val].type = CKA_VALUE;
+ a[a_val].value = x.data;
+ a[a_val].value_len = x.size;
+ a_val++;
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ rv = pakchois_create_object (pks, a, a_val, &obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ gnutls_free (d.data);
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (u.data);
+ gnutls_free (exp1.data);
+ gnutls_free (exp2.data);
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+ gnutls_free (x.data);
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ pakchois_close_session (pks);
+
+ return ret;
}
-struct delete_data_st {
- struct pkcs11_url_info info;
- unsigned int deleted; /* how many */
+struct delete_data_st
+{
+ struct pkcs11_url_info info;
+ unsigned int deleted; /* how many */
};
-static int delete_obj_url(pakchois_session_t * pks,
- struct token_info *info,
- struct ck_info * lib_info,
- void *input)
+static int
+delete_obj_url (pakchois_session_t * pks,
+ struct token_info *info,
+ struct ck_info *lib_info, void *input)
{
- struct delete_data_st *find_data = input;
- struct ck_attribute a[4];
- ck_object_class_t class;
- ck_certificate_type_t type = -1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
-
-
- if (info == NULL) { /* we don't support multiple calls */
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ struct delete_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class;
+ ck_certificate_type_t type = -1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+
+
+ if (info == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) <
+ 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ class = CKO_CERTIFICATE; /* default */
+
+ if (find_data->info.type[0] != 0)
+ {
+ class = pkcs11_strtype_to_class (find_data->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
-
- /* do not bother reading the token if basic fields do not match
- */
- if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ a_vals = 0;
+
+ /* Find objects with given class and type */
+ if (find_data->info.certid_raw_size > 0)
+ {
+ a[a_vals].type = CKA_ID;
+ a[a_vals].value = find_data->info.certid_raw;
+ a[a_vals].value_len = find_data->info.certid_raw_size;
+ a_vals++;
+ }
+
+ if (class != -1)
+ {
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof class;
+ a_vals++;
+ }
+
+ if (type != -1)
+ {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ if (find_data->info.label[0] != 0)
+ {
+ a[a_vals].type = CKA_LABEL;
+ a[a_vals].value = find_data->info.label;
+ a[a_vals].value_len = strlen (find_data->info.label);
+ a_vals++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, a_vals);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ rv = pakchois_destroy_object (pks, obj);
+ if (rv != CKR_OK)
+ {
+ _gnutls_debug_log
+ ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv));
}
-
- class = CKO_CERTIFICATE; /* default */
-
- if (find_data->info.type[0] != 0) {
- class = pkcs11_strtype_to_class(find_data->info.type);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
-
- if (class == -1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ else
+ {
+ find_data->deleted++;
}
- a_vals = 0;
+ found = 1;
+ }
- /* Find objects with given class and type */
- if (find_data->info.certid_raw_size > 0) {
- a[a_vals].type = CKA_ID;
- a[a_vals].value = find_data->info.certid_raw;
- a[a_vals].value_len = find_data->info.certid_raw_size;
- a_vals++;
- }
-
- if (class != -1) {
- a[a_vals].type = CKA_CLASS;
- a[a_vals].value = &class;
- a[a_vals].value_len = sizeof class;
- a_vals++;
- }
+ if (found == 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ else
+ {
+ ret = 0;
+ }
- if (type != -1) {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
+cleanup:
+ pakchois_find_objects_final (pks);
- if (find_data->info.label[0] != 0) {
- a[a_vals].type = CKA_LABEL;
- a[a_vals].value = find_data->info.label;
- a[a_vals].value_len = strlen(find_data->info.label);
- a_vals++;
- }
-
- rv = pakchois_find_objects_init(pks, a, a_vals);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
- rv = pakchois_destroy_object(pks, obj);
- if (rv != CKR_OK) {
- _gnutls_debug_log
- ("pkcs11: Cannot destroy object: %s\n",
- pakchois_error(rv));
- } else {
- find_data->deleted++;
- }
-
- found = 1;
- }
-
- if (found == 0) {
- gnutls_assert();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- } else {
- ret = 0;
- }
-
- cleanup:
- pakchois_find_objects_final(pks);
-
- return ret;
+ return ret;
}
@@ -508,27 +540,30 @@ static int delete_obj_url(pakchois_session_t * pks,
* Returns: On success, the number of objects deleted is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags)
+int
+gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags)
{
- int ret;
- struct delete_data_st find_data;
-
- memset(&find_data, 0, sizeof(find_data));
-
- ret = pkcs11_url_to_info(object_url, &find_data.info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret =
- _pkcs11_traverse_tokens(delete_obj_url, &find_data,
- SESSION_WRITE|pkcs11_obj_flags_to_int(flags));
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return find_data.deleted;
+ int ret;
+ struct delete_data_st find_data;
+
+ memset (&find_data, 0, sizeof (find_data));
+
+ ret = pkcs11_url_to_info (object_url, &find_data.info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens (delete_obj_url, &find_data,
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return find_data.deleted;
}
diff --git a/lib/random.c b/lib/random.c
index 9acbe1f408..d3f363949c 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -70,7 +70,8 @@ _gnutls_rnd_deinit (void)
*
**/
-int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
+int
+gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
{
if (len > 0)
{
diff --git a/lib/random.h b/lib/random.h
index 8859f8a329..8475d9a98b 100644
--- a/lib/random.h
+++ b/lib/random.h
@@ -23,7 +23,7 @@
*/
#ifndef RANDOM_H
-# define RANDOM_H
+#define RANDOM_H
#include <gnutls/crypto.h>
diff --git a/lib/system.c b/lib/system.c
index ec05590992..0f393c311c 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -29,12 +29,12 @@
#include <errno.h>
#ifdef _WIN32
-# include <windows.h>
+#include <windows.h>
#else
-# ifdef HAVE_PTHREAD_LOCKS
-# include <pthread.h>
-# endif
+#ifdef HAVE_PTHREAD_LOCKS
+#include <pthread.h>
+#endif
#endif
/* We need to disable gnulib's replacement wrappers to get native
@@ -49,52 +49,60 @@
*/
#ifdef _WIN32
-int system_errno(gnutls_transport_ptr)
+int
+system_errno (gnutls_transport_ptr)
{
int tmperr = WSAGetLastError ();
int ret = 0;
switch (tmperr)
{
- case WSAEWOULDBLOCK:
- ret = EAGAIN;
- break;
- case WSAEINTR:
- ret = EINTR;
- break;
- default:
- ret = EIO;
- break;
- }
- WSASetLastError (tmperr);
+ case WSAEWOULDBLOCK:
+ ret = EAGAIN;
+ break;
+ case WSAEINTR:
+ ret = EINTR;
+ break;
+ default:
+ ret = EIO;
+ break;
+ }
+ WSASetLastError (tmperr);
return ret;
}
-ssize_t system_write(gnutls_transport_ptr ptr, const void* data, size_t data_size)
+ssize_t
+system_write (gnutls_transport_ptr ptr, const void *data, size_t data_size)
{
- return send( GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
+ return send (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
}
#else /* POSIX */
-int system_errno(gnutls_transport_ptr ptr)
+int
+system_errno (gnutls_transport_ptr ptr)
{
return errno;
}
-ssize_t system_writev(gnutls_transport_ptr ptr, const giovec_t * iovec, int iovec_cnt)
+ssize_t
+system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
+ int iovec_cnt)
{
- return writev(GNUTLS_POINTER_TO_INT(ptr), (struct iovec*) iovec, iovec_cnt);
+ return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec,
+ iovec_cnt);
}
#endif
-ssize_t system_read(gnutls_transport_ptr ptr, void* data, size_t data_size)
+ssize_t
+system_read (gnutls_transport_ptr ptr, void *data, size_t data_size)
{
- return recv( GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
+ return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
}
-ssize_t system_read_peek(gnutls_transport_ptr ptr, void* data, size_t data_size)
+ssize_t
+system_read_peek (gnutls_transport_ptr ptr, void *data, size_t data_size)
{
- return recv( GNUTLS_POINTER_TO_INT(ptr), data, data_size, MSG_PEEK);
+ return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, MSG_PEEK);
}
/* Thread stuff */
@@ -103,42 +111,48 @@ ssize_t system_read_peek(gnutls_transport_ptr ptr, void* data, size_t data_size)
/* FIXME: win32 locks are untested */
-static int gnutls_system_mutex_init (void **priv)
+static int
+gnutls_system_mutex_init (void **priv)
{
CRITICAL_SECTION *lock = malloc (sizeof (CRITICAL_SECTION));
int ret;
- if (lock==NULL)
+ if (lock == NULL)
return GNUTLS_E_MEMORY_ERROR;
- InitializeCriticalSection(lock);
-
+ InitializeCriticalSection (lock);
+
*priv = lock;
-
+
return 0;
}
-static int gnutls_system_mutex_deinit (void **priv)
+static int
+gnutls_system_mutex_deinit (void **priv)
{
- DeleteCriticalSection((CRITICAL_SECTION*)*priv);
- free(*priv);
-
+ DeleteCriticalSection ((CRITICAL_SECTION *) * priv);
+ free (*priv);
+
return 0;
}
-static int gnutls_system_mutex_lock (void **priv)
+static int
+gnutls_system_mutex_lock (void **priv)
{
- EnterCriticalSection((CRITICAL_SECTION*)*priv);
+ EnterCriticalSection ((CRITICAL_SECTION *) * priv);
return 0;
}
-static int gnutls_system_mutex_unlock (void **priv)
+static int
+gnutls_system_mutex_unlock (void **priv)
{
- LeaveCriticalSection((CRITICAL_SECTION*)*priv);
+ LeaveCriticalSection ((CRITICAL_SECTION *) * priv);
return 0;
}
-int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void))
+int
+_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void))
{
return 0;
}
@@ -148,86 +162,98 @@ int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(vo
#ifdef HAVE_PTHREAD_LOCKS
-static int gnutls_system_mutex_init (void **priv)
+static int
+gnutls_system_mutex_init (void **priv)
{
pthread_mutex_t *lock = malloc (sizeof (pthread_mutex_t));
int ret;
- if (lock==NULL)
+ if (lock == NULL)
return GNUTLS_E_MEMORY_ERROR;
- ret = pthread_mutex_init (lock, NULL);
- if (ret)
- {
- free(lock);
- gnutls_assert();
- return GNUTLS_E_LOCKING_ERROR;
- }
-
+ ret = pthread_mutex_init (lock, NULL);
+ if (ret)
+ {
+ free (lock);
+ gnutls_assert ();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
+
*priv = lock;
-
+
return 0;
}
-static int gnutls_system_mutex_deinit (void **priv)
+static int
+gnutls_system_mutex_deinit (void **priv)
{
- pthread_mutex_destroy((pthread_mutex_t*)*priv);
- free(*priv);
+ pthread_mutex_destroy ((pthread_mutex_t *) * priv);
+ free (*priv);
return 0;
}
-static int gnutls_system_mutex_lock (void **priv)
+static int
+gnutls_system_mutex_lock (void **priv)
{
- if (pthread_mutex_lock((pthread_mutex_t*)*priv))
+ if (pthread_mutex_lock ((pthread_mutex_t *) * priv))
{
- gnutls_assert();
- return GNUTLS_E_LOCKING_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_LOCKING_ERROR;
}
return 0;
}
-static int gnutls_system_mutex_unlock (void **priv)
+static int
+gnutls_system_mutex_unlock (void **priv)
{
- if (pthread_mutex_unlock((pthread_mutex_t*)*priv))
+ if (pthread_mutex_unlock ((pthread_mutex_t *) * priv))
{
- gnutls_assert();
- return GNUTLS_E_LOCKING_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_LOCKING_ERROR;
}
return 0;
}
-int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void))
+int
+_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void))
{
- return pthread_atfork(prepare, parent, child);
+ return pthread_atfork (prepare, parent, child);
}
#endif /* PTHREAD_LOCKS */
#ifdef HAVE_NO_LOCKS
-static int gnutls_system_mutex_init (void **priv)
+static int
+gnutls_system_mutex_init (void **priv)
{
return 0;
}
-static int gnutls_system_mutex_deinit (void **priv)
+static int
+gnutls_system_mutex_deinit (void **priv)
{
return 0;
}
-static int gnutls_system_mutex_lock (void **priv)
+static int
+gnutls_system_mutex_lock (void **priv)
{
return 0;
}
-static int gnutls_system_mutex_unlock (void **priv)
+static int
+gnutls_system_mutex_unlock (void **priv)
{
return 0;
}
-int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void))
+int
+_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void))
{
return 0;
}
diff --git a/lib/system.h b/lib/system.h
index a8257d4382..773915c9df 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -1,33 +1,37 @@
#ifndef SYSTEM_H
-# define SYSTEM_H
+#define SYSTEM_H
#include <gnutls_int.h>
#ifndef _WIN32
-# include <sys/uio.h> /* for writev */
+#include <sys/uio.h> /* for writev */
#endif
-int system_errno(gnutls_transport_ptr);
+int system_errno (gnutls_transport_ptr);
#ifdef _WIN32
-ssize_t system_write(gnutls_transport_ptr ptr, const void* data, size_t data_size);
+ssize_t system_write (gnutls_transport_ptr ptr, const void *data,
+ size_t data_size);
#else
-# define HAVE_WRITEV
-ssize_t system_writev(gnutls_transport_ptr ptr, const giovec_t * iovec, int iovec_cnt);
+#define HAVE_WRITEV
+ssize_t system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
+ int iovec_cnt);
#endif
-ssize_t system_read(gnutls_transport_ptr ptr, void* data, size_t data_size);
-ssize_t system_read_peek(gnutls_transport_ptr ptr, void* data, size_t data_size);
+ssize_t system_read (gnutls_transport_ptr ptr, void *data, size_t data_size);
+ssize_t system_read_peek (gnutls_transport_ptr ptr, void *data,
+ size_t data_size);
#ifdef _WIN32
-# define HAVE_WIN32_LOCKS
+#define HAVE_WIN32_LOCKS
#else
-# ifdef HAVE_LIBPTHREAD
-# define HAVE_PTHREAD_LOCKS
-# else
-# define HAVE_NO_LOCKS
-# endif
+#ifdef HAVE_LIBPTHREAD
+#define HAVE_PTHREAD_LOCKS
+#else
+#define HAVE_NO_LOCKS
+#endif
#endif
-int _gnutls_atfork(void (*prepare)(void), void (*parent)(void), void (*child)(void));
+int _gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void));
#endif /* SYSTEM_H */
diff --git a/lib/x509/common.c b/lib/x509/common.c
index e0b137e828..44b852827c 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -42,7 +42,7 @@ struct oid2string
const char *ldap_desc;
int choice; /* of type DirectoryString */
int printable;
- const char* asn_desc; /* description in the pkix file */
+ const char *asn_desc; /* description in the pkix file */
};
/* This list contains all the OIDs that may be
@@ -54,7 +54,8 @@ static const struct oid2string _oid2str[] = {
{"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1, "PKIX1.GeneralizedTime"},
{"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1, "PKIX1.DirectoryString"},
{"1.3.6.1.5.5.7.9.3", "gender", 0, 1, "PKIX1.PrintableString"},
- {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1, "PKIX1.PrintableString"},
+ {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1,
+ "PKIX1.PrintableString"},
{"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1, "PKIX1.PrintableString"},
{"2.5.4.6", "C", 0, 1, "PKIX1.PrintableString"},
@@ -83,9 +84,13 @@ static const struct oid2string _oid2str[] = {
/* Extended validation
*/
- {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName", 1, 1, "PKIX1.DirectoryString"},
- {"1.3.6.1.4.1.311.60.2.1.2", "jurisdictionOfIncorporationStateOrProvinceName", 1, 1, "PKIX1.DirectoryString"},
- {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName", 0, 1, "PKIX1.PrintableString"},
+ {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName", 1,
+ 1, "PKIX1.DirectoryString"},
+ {"1.3.6.1.4.1.311.60.2.1.2",
+ "jurisdictionOfIncorporationStateOrProvinceName", 1, 1,
+ "PKIX1.DirectoryString"},
+ {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName", 0, 1,
+ "PKIX1.PrintableString"},
/* PKCS #9
*/
@@ -231,7 +236,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value,
return GNUTLS_E_INTERNAL_ERROR;
}
- ANAME = _gnutls_x509_oid2asn_string(oid);
+ ANAME = _gnutls_x509_oid2asn_string (oid);
CHOICE = _gnutls_x509_oid_data_choice (oid);
if (ANAME == NULL)
@@ -1166,15 +1171,17 @@ cleanup:
return result;
}
-void _asnstr_append_name(char* name, size_t name_size, const char* part1, const char* part2)
+void
+_asnstr_append_name (char *name, size_t name_size, const char *part1,
+ const char *part2)
{
- if (part1[0] != 0)
+ if (part1[0] != 0)
{
- _gnutls_str_cpy (name, name_size, part1);
- _gnutls_str_cat (name, name_size, part2);
+ _gnutls_str_cpy (name, name_size, part1);
+ _gnutls_str_cat (name, name_size, part2);
}
else
- _gnutls_str_cpy (name, name_size, part2+1 /* remove initial dot */);
+ _gnutls_str_cpy (name, name_size, part2 + 1 /* remove initial dot */ );
}
@@ -1203,7 +1210,7 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
/* write the OID
*/
- _asnstr_append_name(name, sizeof(name), dst_name, ".algorithm.algorithm");
+ _asnstr_append_name (name, sizeof (name), dst_name, ".algorithm.algorithm");
result = asn1_write_value (dst, name, pk, 1);
if (result != ASN1_SUCCESS)
@@ -1216,7 +1223,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
{
/* disable parameters, which are not used in RSA.
*/
- _asnstr_append_name(name, sizeof(name), dst_name, ".algorithm.parameters");
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".algorithm.parameters");
result = asn1_write_value (dst, name, NULL, 0);
if (result != ASN1_SUCCESS)
@@ -1234,7 +1242,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
/* Write the DER parameters. (in bits)
*/
- _asnstr_append_name(name, sizeof(name), dst_name, ".subjectPublicKey");
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".subjectPublicKey");
result = asn1_write_value (dst, name, der.data, der.size * 8);
_gnutls_free_datum (&der);
@@ -1257,7 +1266,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
/* Write the DER parameters.
*/
- _asnstr_append_name(name, sizeof(name), dst_name, ".algorithm.parameters");
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".algorithm.parameters");
result = asn1_write_value (dst, name, der.data, der.size);
_gnutls_free_datum (&der);
@@ -1275,7 +1285,8 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
return result;
}
- _asnstr_append_name(name, sizeof(name), dst_name, ".subjectPublicKey");
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".subjectPublicKey");
result = asn1_write_value (dst, name, der.data, der.size * 8);
_gnutls_free_datum (&der);
@@ -1309,7 +1320,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
char name[128];
- _asnstr_append_name(name, sizeof(name), src_name, ".algorithm.algorithm");
+ _asnstr_append_name (name, sizeof (name), src_name, ".algorithm.algorithm");
len = sizeof (oid);
result = asn1_read_value (src, name, oid, &len);
@@ -1333,7 +1344,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
/* Now read the parameters' bits
*/
- _asnstr_append_name(name, sizeof(name), src_name, ".subjectPublicKey");
+ _asnstr_append_name (name, sizeof (name), src_name, ".subjectPublicKey");
len = 0;
result = asn1_read_value (src, name, NULL, &len);
@@ -1358,7 +1369,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
return GNUTLS_E_MEMORY_ERROR;
}
- _asnstr_append_name(name, sizeof(name), src_name, ".subjectPublicKey");
+ _asnstr_append_name (name, sizeof (name), src_name, ".subjectPublicKey");
result = asn1_read_value (src, name, str, &len);
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 34981bd936..c6c2406c56 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -24,7 +24,7 @@
*/
#ifndef COMMON_H
-# define COMMON_H
+#define COMMON_H
#include <gnutls_algorithms.h>
@@ -75,7 +75,7 @@ int _gnutls_x509_oid_data2string (const char *OID, void *value,
int _gnutls_x509_data2hex (const opaque * data, size_t data_size,
opaque * out, size_t * sizeof_out);
-const char * _gnutls_x509_oid2asn_string (const char *oid);
+const char *_gnutls_x509_oid2asn_string (const char *oid);
const char *_gnutls_x509_oid2ldap_string (const char *OID);
@@ -136,20 +136,22 @@ int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
gnutls_datum_t * signature);
-gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash(bigint_t q);
+gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash (bigint_t q);
int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- bigint_t * params, int *params_size);
+ bigint_t * params, int *params_size);
-int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t* params, int params_size,
- unsigned char *output_data, size_t * output_data_size);
+int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params,
+ int params_size, unsigned char *output_data,
+ size_t * output_data_size);
-void _asnstr_append_name(char* name, size_t name_size, const char* part1, const char* part2);
+void _asnstr_append_name (char *name, size_t name_size, const char *part1,
+ const char *part2);
int pubkey_verify_sig (const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
- int issuer_params_size);
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
+ int issuer_params_size);
#endif
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index c9c784d0aa..a374cf676a 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -109,14 +109,14 @@ gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
return GNUTLS_E_INVALID_REQUEST;
}
- result = gnutls_privkey_init(&privkey);
+ result = gnutls_privkey_init (&privkey);
if (result < 0)
{
gnutls_assert ();
return result;
}
- result = gnutls_privkey_import_x509(privkey, issuer_key, 0);
+ result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
if (result < 0)
{
gnutls_assert ();
@@ -133,7 +133,7 @@ gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
result = 0;
fail:
- gnutls_privkey_deinit(privkey);
+ gnutls_privkey_deinit (privkey);
return result;
}
@@ -475,8 +475,9 @@ gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
**/
int
gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
int result;
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index f80c280c26..6e13661f3a 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -1022,14 +1022,14 @@ gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
- result = gnutls_privkey_init(&privkey);
+ result = gnutls_privkey_init (&privkey);
if (result < 0)
{
gnutls_assert ();
return result;
}
- result = gnutls_privkey_import_x509(privkey, key, 0);
+ result = gnutls_privkey_import_x509 (privkey, key, 0);
if (result < 0)
{
gnutls_assert ();
@@ -1046,7 +1046,7 @@ gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
result = 0;
fail:
- gnutls_privkey_deinit(privkey);
+ gnutls_privkey_deinit (privkey);
return result;
}
@@ -1065,12 +1065,12 @@ fail:
int
gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
{
-gnutls_digest_algorithm_t dig;
-int ret = gnutls_x509_crq_get_preferred_hash_algorithm (crq, &dig, NULL);
+ gnutls_digest_algorithm_t dig;
+ int ret = gnutls_x509_crq_get_preferred_hash_algorithm (crq, &dig, NULL);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
@@ -2294,7 +2294,8 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
**/
int
gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq,
- gnutls_digest_algorithm_t * hash, unsigned int *mand)
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
int params_size;
@@ -2314,8 +2315,10 @@ gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq,
return ret;
}
- ret = _gnutls_pk_get_hash_algorithm(gnutls_x509_crq_get_pk_algorithm (crq, NULL),
- params, params_size, hash, mand);
+ ret =
+ _gnutls_pk_get_hash_algorithm (gnutls_x509_crq_get_pk_algorithm
+ (crq, NULL), params, params_size, hash,
+ mand);
/* release allocated mpis */
for (i = 0; i < params_size; i++)
@@ -2509,7 +2512,8 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
**/
int
gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
int result;
gnutls_datum_t signature;
@@ -2534,9 +2538,7 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
/* Step 1. Self sign the request.
*/
- result =
- _gnutls_x509_get_tbs (crq->crq, "certificationRequestInfo",
- &tbs);
+ result = _gnutls_x509_get_tbs (crq->crq, "certificationRequestInfo", &tbs);
if (result < 0)
{
@@ -2545,7 +2547,7 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
}
result = gnutls_privkey_sign_data (key, dig, 0, &tbs, &signature);
- gnutls_free(tbs.data);
+ gnutls_free (tbs.data);
if (result < 0)
{
@@ -2570,7 +2572,8 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
/* Step 3. Write the signatureAlgorithm field.
*/
result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm(key, NULL), dig);
+ gnutls_privkey_get_pk_algorithm
+ (key, NULL), dig);
if (result < 0)
{
gnutls_assert ();
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 4288470081..81b8890375 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -281,7 +281,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
gnutls_assert ();
_gnutls_x509_log
("Found OID: '%s' with value '%s'\n",
- oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped, NULL));
+ oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped,
+ NULL));
goto cleanup;
}
STR_APPEND (str_escape (string, escaped, sizeof_escaped));
@@ -655,7 +656,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
/* Find how to encode the data.
*/
- val_name = _gnutls_x509_oid2asn_string(given_oid);
+ val_name = _gnutls_x509_oid2asn_string (given_oid);
if (val_name == NULL)
{
gnutls_assert ();
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 0190480f27..9673d0b9dd 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -208,25 +208,25 @@ _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, bigint_t * params)
*/
int
_gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- bigint_t * params, int *params_size)
+ bigint_t * params, int *params_size)
{
int result;
char name[256];
gnutls_datum_t tmp = { NULL, 0 };
gnutls_pk_algorithm pk_algorithm;
- result = _gnutls_x509_get_pk_algorithm(asn, root, NULL);
+ result = _gnutls_x509_get_pk_algorithm (asn, root, NULL);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return result;
}
-
+
pk_algorithm = result;
/* Read the algorithm's parameters
*/
- _asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey");
+ _asnstr_append_name (name, sizeof (name), root, ".subjectPublicKey");
result = _gnutls_x509_read_value (asn, name, &tmp, 2);
if (result < 0)
@@ -284,7 +284,8 @@ _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
*/
_gnutls_free_datum (&tmp);
- _asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters");
+ _asnstr_append_name (name, sizeof (name), root,
+ ".algorithm.parameters");
result = _gnutls_x509_read_value (asn, name, &tmp, 0);
/* FIXME: If the parameters are not included in the certificate
@@ -333,8 +334,8 @@ _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
/* Read the algorithm's OID
*/
return _gnutls_get_asn_mpis (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo", params,
- params_size);
+ "tbsCertificate.subjectPublicKeyInfo", params,
+ params_size);
}
#ifdef ENABLE_PKI
@@ -348,8 +349,8 @@ _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
/* Read the algorithm's OID
*/
return _gnutls_get_asn_mpis (cert->crq,
- "certificationRequestInfo.subjectPKInfo", params,
- params_size);
+ "certificationRequestInfo.subjectPKInfo",
+ params, params_size);
}
#endif
@@ -436,7 +437,9 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
if (pk == NULL)
{
gnutls_assert ();
- _gnutls_debug_log("Cannot find OID for sign algorithm pk: %d dig: %d\n", (int)pk_algorithm, (int)dig);
+ _gnutls_debug_log
+ ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
+ (int) pk_algorithm, (int) dig);
return GNUTLS_E_INVALID_REQUEST;
}
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 56154cb0e5..b8336803c9 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -43,7 +43,8 @@
#define ERROR_STR (char*) "(error)"
static void
-hexdump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc)
+hexdump (gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
{
size_t j;
@@ -707,7 +708,8 @@ print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type,
}
static void
-guiddump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc)
+guiddump (gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
{
size_t j;
@@ -739,7 +741,7 @@ static void
print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
{
int result;
- char buf[256]; /* if its longer, we won't bother to print it */
+ char buf[256]; /* if its longer, we won't bother to print it */
ssize_t buf_size = 256;
result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
@@ -747,9 +749,10 @@ print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
{
addf (str, ("\t\tIssuer Unique ID:\n"));
hexdump (str, buf, buf_size, "\t\t\t");
- if (buf_size == 16) { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
+ if (buf_size == 16)
+ { /* this could be a GUID */
+ guiddump (str, buf, buf_size, "\t\t\t");
+ }
}
buf_size = 256;
@@ -758,9 +761,10 @@ print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
{
addf (str, ("\t\tSubject Unique ID:\n"));
hexdump (str, buf, buf_size, "\t\t\t");
- if (buf_size == 16) { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
+ if (buf_size == 16)
+ { /* this could be a GUID */
+ guiddump (str, buf, buf_size, "\t\t\t");
+ }
}
}
@@ -1156,7 +1160,9 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
name = _("unknown");
addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
- addf (str, _("\tCertificate Security Level: %s\n"), gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param(err, bits)));
+ addf (str, _("\tCertificate Security Level: %s\n"),
+ gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
+ (err, bits)));
#ifdef ENABLE_PKI
switch (err)
@@ -1218,8 +1224,8 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
}
}
- print_unique_ids(str, cert);
-
+ print_unique_ids (str, cert);
+
/* Extensions. */
if (gnutls_x509_crt_get_version (cert) >= 3)
{
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 7929f94d1b..367f901bb2 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -376,7 +376,8 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
result =
_gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
- if (result >= 0) key->pk_algorithm = GNUTLS_PK_RSA;
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_RSA;
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
@@ -389,7 +390,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
if (result == 0)
result = GNUTLS_E_INTERNAL_ERROR;
gnutls_assert ();
-
+
goto failover;
}
@@ -451,9 +452,9 @@ failover:
#ifdef ENABLE_PKI
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- _gnutls_debug_log("Falling back to PKCS #8 key decoding\n");
- result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
- NULL, GNUTLS_PKCS_PLAIN);
+ _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n");
+ result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
+ NULL, GNUTLS_PKCS_PLAIN);
}
#endif
@@ -494,7 +495,8 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
const gnutls_datum_t * q,
const gnutls_datum_t * u)
{
- return gnutls_x509_privkey_import_rsa_raw2( key, m, e, d, p, q, u, NULL, NULL);
+ return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL,
+ NULL);
}
/**
@@ -516,20 +518,20 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
**/
int
gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t * e1,
- const gnutls_datum_t * e2)
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2)
{
int i = 0, ret;
size_t siz = 0;
gnutls_pk_params_st pk_params;
- memset(&pk_params, 0, sizeof(pk_params));
+ memset (&pk_params, 0, sizeof (pk_params));
if (key == NULL)
{
@@ -597,24 +599,24 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
{
siz = e1->size;
if (_gnutls_mpi_scan_nz (&key->params[6], e1->data, siz))
- {
- gnutls_assert ();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
key->params_size++;
siz = e2->size;
if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz))
- {
- gnutls_assert ();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
- key->params_size++;
- }
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+ }
- for(i=0;i<key->params_size;i++)
+ for (i = 0; i < key->params_size; i++)
{
pk_params.params[i] = key->params[i];
}
@@ -629,7 +631,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
return ret;
}
- for(i=0;i<pk_params.params_nr;i++)
+ for (i = 0; i < pk_params.params_nr; i++)
{
key->params[i] = pk_params.params[i];
}
@@ -639,11 +641,11 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
{
ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
if (ret < 0)
- {
- gnutls_assert ();
- FREE_RSA_PRIVATE_PARAMS;
- return ret;
- }
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return ret;
+ }
}
key->params_size = RSA_PRIVATE_PARAMS;
@@ -854,20 +856,22 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
gnutls_sec_param_t
gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
{
-int ret;
+ int ret;
switch (key->pk_algorithm)
{
- case GNUTLS_PK_RSA:
- ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits(key->params[0]/*m*/));
- break;
- case GNUTLS_PK_DSA:
- ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits(key->params[0] /*p*/));
- break;
- default:
- ret = GNUTLS_SEC_PARAM_UNKNOWN;
+ case GNUTLS_PK_RSA:
+ ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */
+ ));
+ break;
+ case GNUTLS_PK_DSA:
+ ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */
+ ));
+ break;
+ default:
+ ret = GNUTLS_SEC_PARAM_UNKNOWN;
}
-
+
return ret;
}
@@ -895,7 +899,8 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
gnutls_datum_t * q, gnutls_datum_t * u)
{
- return gnutls_x509_privkey_export_rsa_raw2(key, m, e, d, p, q, u, NULL, NULL);
+ return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL,
+ NULL);
}
/**
@@ -919,10 +924,10 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
**/
int
gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t* e1, gnutls_datum_t* e2)
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * e1, gnutls_datum_t * e2)
{
int ret;
gnutls_pk_params_st pk_params;
@@ -1004,10 +1009,10 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
{
ret = _gnutls_mpi_dprint (key->params[6], e1);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
/* E2 */
@@ -1015,10 +1020,10 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
{
ret = _gnutls_mpi_dprint (key->params[7], e2);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
gnutls_pk_params_release (&pk_params);
@@ -1134,14 +1139,14 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params)
memset (&pk_params, 0, sizeof (pk_params));
- memset(&m, 0, sizeof(m));
- memset(&p, 0, sizeof(e));
- memset(&q, 0, sizeof(d));
- memset(&p, 0, sizeof(p));
- memset(&q, 0, sizeof(q));
- memset(&u, 0, sizeof(u));
- memset(&exp1, 0, sizeof(exp1));
- memset(&exp2, 0, sizeof(exp2));
+ memset (&m, 0, sizeof (m));
+ memset (&p, 0, sizeof (e));
+ memset (&q, 0, sizeof (d));
+ memset (&p, 0, sizeof (p));
+ memset (&q, 0, sizeof (q));
+ memset (&u, 0, sizeof (u));
+ memset (&exp1, 0, sizeof (exp1));
+ memset (&exp2, 0, sizeof (exp2));
result = _gnutls_pk_params_copy (&pk_params, params, RSA_PRIVATE_PARAMS);
if (result < 0)
@@ -1159,59 +1164,59 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params)
/* retrieve as data */
- result = _gnutls_mpi_dprint_lz( pk_params.params[0], &m);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[0], &m);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- result = _gnutls_mpi_dprint_lz( pk_params.params[1], &e);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[1], &e);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- result = _gnutls_mpi_dprint_lz( pk_params.params[2], &d);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[2], &d);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- result = _gnutls_mpi_dprint_lz( pk_params.params[3], &p);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[3], &p);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- result = _gnutls_mpi_dprint_lz( pk_params.params[4], &q);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[4], &q);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- result = _gnutls_mpi_dprint_lz( pk_params.params[5], &u);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[5], &u);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- result = _gnutls_mpi_dprint_lz( pk_params.params[6], &exp1);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[6], &exp1);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
- result = _gnutls_mpi_dprint_lz( pk_params.params[7], &exp2);
+ result = _gnutls_mpi_dprint_lz (pk_params.params[7], &exp2);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
@@ -1324,14 +1329,14 @@ cleanup:
gnutls_pk_params_release (&pk_params);
- _gnutls_free_datum(&m);
- _gnutls_free_datum(&d);
- _gnutls_free_datum(&e);
- _gnutls_free_datum(&p);
- _gnutls_free_datum(&q);
- _gnutls_free_datum(&u);
- _gnutls_free_datum(&exp1);
- _gnutls_free_datum(&exp2);
+ _gnutls_free_datum (&m);
+ _gnutls_free_datum (&d);
+ _gnutls_free_datum (&e);
+ _gnutls_free_datum (&p);
+ _gnutls_free_datum (&q);
+ _gnutls_free_datum (&u);
+ _gnutls_free_datum (&exp1);
+ _gnutls_free_datum (&exp2);
return result;
}
@@ -1493,11 +1498,11 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
{
case GNUTLS_PK_DSA:
ret = _gnutls_dsa_generate_params (key->params, &params_len, bits);
- if (params_len != DSA_PRIVATE_PARAMS)
- {
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
+ if (params_len != DSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
if (ret < 0)
{
@@ -1520,11 +1525,11 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
break;
case GNUTLS_PK_RSA:
ret = _gnutls_rsa_generate_params (key->params, &params_len, bits);
- if (params_len != RSA_PRIVATE_PARAMS)
- {
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
+ if (params_len != RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
if (ret < 0)
{
gnutls_assert ();
@@ -1674,19 +1679,18 @@ cleanup:
**/
int
gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
-
+
switch (signer->pk_algorithm)
{
case GNUTLS_PK_RSA:
- ret =
- pk_pkcs1_rsa_hash (hash, data, &digest);
+ ret = pk_pkcs1_rsa_hash (hash, data, &digest);
if (ret < 0)
{
gnutls_assert ();
@@ -1695,7 +1699,9 @@ gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer,
break;
case GNUTLS_PK_DSA:
/* override hash for DSA */
- ret = pk_dsa_hash (_gnutls_dsa_q_to_hash(signer->params[1]), data, &digest);
+ ret =
+ pk_dsa_hash (_gnutls_dsa_q_to_hash (signer->params[1]), data,
+ &digest);
if (ret < 0)
{
gnutls_assert ();
@@ -1707,10 +1713,10 @@ gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer,
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
-
- ret = gnutls_x509_privkey_sign_hash(signer, &digest, signature);
+
+ ret = gnutls_x509_privkey_sign_hash (signer, &digest, signature);
_gnutls_free_datum (&digest);
-
+
if (ret < 0)
{
gnutls_assert ();
@@ -1749,7 +1755,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
}
result = _gnutls_soft_sign (key->pk_algorithm, key->params,
- key->params_size, hash, signature);
+ key->params_size, hash, signature);
if (result < 0)
{
gnutls_assert ();
@@ -1801,7 +1807,7 @@ gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
- result = gnutls_x509_privkey_sign_data2(key, digest, flags, data, &sig);
+ result = gnutls_x509_privkey_sign_data2 (key, digest, flags, data, &sig);
if (result < 0)
{
gnutls_assert ();
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index ca0f768f09..cab6c046d2 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -49,7 +49,8 @@
*/
static int
encode_ber_digest_info (gnutls_digest_algorithm_t hash,
- const gnutls_datum_t * digest, gnutls_datum_t * output)
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output)
{
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
int result;
@@ -131,7 +132,8 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash,
* params[1] is public key
*/
int
-pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * output)
+pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
+ const gnutls_datum_t * text, gnutls_datum_t * output)
{
int ret;
opaque _digest[MAX_HASH_SIZE];
@@ -163,23 +165,24 @@ pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text,
}
int
-pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * digest)
+pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text,
+ gnutls_datum_t * digest)
{
int ret;
digest_hd_st hd;
if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 &&
- hash != GNUTLS_DIG_SHA256)
+ hash != GNUTLS_DIG_SHA256)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
- digest->size = _gnutls_hash_get_algo_len(hash);
- digest->data = gnutls_malloc( digest->size);
+ digest->size = _gnutls_hash_get_algo_len (hash);
+ digest->data = gnutls_malloc (digest->size);
if (digest->data == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
@@ -197,7 +200,7 @@ pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls
return 0;
fail:
- gnutls_free(digest->data);
+ gnutls_free (digest->data);
return ret;
}
@@ -208,7 +211,7 @@ fail:
*/
int
_gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs)
+ gnutls_datum_t * tbs)
{
int result;
opaque *buf;
@@ -254,8 +257,7 @@ _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
int
_gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
gnutls_digest_algorithm_t dig,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key)
+ gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key)
{
int result;
gnutls_datum_t signature;
@@ -280,7 +282,8 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
_gnutls_str_cat (name, sizeof (name), ".signature");
result = _gnutls_x509_write_sig_params (src, name,
- gnutls_privkey_get_pk_algorithm(issuer_key, NULL), dig);
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
if (result < 0)
{
gnutls_assert ();
@@ -298,7 +301,7 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
}
result = gnutls_privkey_sign_data (issuer_key, dig, 0, &tbs, &signature);
- gnutls_free(tbs.data);
+ gnutls_free (tbs.data);
if (result < 0)
{
@@ -324,7 +327,8 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
*/
result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm(issuer_key, NULL), dig);
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
if (result < 0)
{
gnutls_assert ();
diff --git a/lib/x509/sign.h b/lib/x509/sign.h
index cce2ca8786..190e4c363b 100644
--- a/lib/x509/sign.h
+++ b/lib/x509/sign.h
@@ -1,7 +1,9 @@
#ifndef GNUTLS_SIGN_H
-# define GNUTLS_SIGN_H
+#define GNUTLS_SIGN_H
-int pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * output);
-int pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, gnutls_datum_t * output);
+int pk_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
+ const gnutls_datum_t * text, gnutls_datum_t * output);
+int pk_dsa_hash (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text,
+ gnutls_datum_t * output);
#endif
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 9c047ccecd..c9ac8b1fd7 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -58,7 +58,8 @@ static int
check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
{
gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin =
- {NULL, 0};
+ {
+ NULL, 0};
int result;
opaque serial1[128], serial2[128];
size_t serial1_size, serial2_size;
@@ -79,7 +80,8 @@ check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
goto cmp;
}
- if (serial2_size != serial1_size || memcmp(serial1, serial2, serial1_size) != 0)
+ if (serial2_size != serial1_size
+ || memcmp (serial1, serial2, serial1_size) != 0)
{
return 1;
}
@@ -496,36 +498,35 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
* self-signed E but already removed above), and we trust B, remove
* B, C and D. */
if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- i = 0; /* also replace the first one */
+ i = 0; /* also replace the first one */
else
- i = 1; /* do not replace the first one */
-
+ i = 1; /* do not replace the first one */
+
for (; i < clist_size; i++)
{
int j;
for (j = 0; j < tcas_size; j++)
- {
- if (check_if_same_cert (certificate_list[i],
- trusted_cas[j]) == 0)
+ {
+ if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0)
{
/* explicity time check for trusted CA that we remove from
* list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
*/
if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
- && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
- {
- status |= check_time (trusted_cas[j], now);
- if (status != 0)
- {
- return status;
- }
+ && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
+ {
+ status |= check_time (trusted_cas[j], now);
+ if (status != 0)
+ {
+ return status;
+ }
}
- clist_size = i;
+ clist_size = i;
break;
}
- }
- /* clist_size may have been changed which gets out of loop */
+ }
+ /* clist_size may have been changed which gets out of loop */
}
if (clist_size == 0)
@@ -827,10 +828,10 @@ dsa_verify_sig (const gnutls_datum_t * text,
*/
int
pubkey_verify_sig (const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
- int issuer_params_size)
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
+ int issuer_params_size)
{
switch (pk)
@@ -864,17 +865,23 @@ pubkey_verify_sig (const gnutls_datum_t * tbs,
}
}
-gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash(bigint_t q)
+gnutls_digest_algorithm_t
+_gnutls_dsa_q_to_hash (bigint_t q)
{
- int bits = _gnutls_mpi_get_nbits(q);
-
- if (bits <= 160) {
- return GNUTLS_DIG_SHA1;
- } else if (bits <= 224) {
- return GNUTLS_DIG_SHA224;
- } else {
- return GNUTLS_DIG_SHA256;
- }
+ int bits = _gnutls_mpi_get_nbits (q);
+
+ if (bits <= 160)
+ {
+ return GNUTLS_DIG_SHA1;
+ }
+ else if (bits <= 224)
+ {
+ return GNUTLS_DIG_SHA224;
+ }
+ else
+ {
+ return GNUTLS_DIG_SHA256;
+ }
}
/* This will return the appropriate hash to verify the given signature.
@@ -885,28 +892,30 @@ int
_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
const gnutls_datum_t * signature,
gnutls_pk_algorithm pk,
- bigint_t* issuer_params, unsigned int issuer_params_size)
+ bigint_t * issuer_params,
+ unsigned int issuer_params_size)
{
opaque digest[MAX_HASH_SIZE];
gnutls_datum_t decrypted;
int digest_size;
int ret;
- switch(pk)
+ switch (pk)
{
case GNUTLS_PK_DSA:
-
+
if (hash)
- *hash = _gnutls_dsa_q_to_hash(issuer_params[1]);
+ *hash = _gnutls_dsa_q_to_hash (issuer_params[1]);
ret = 0;
break;
case GNUTLS_PK_RSA:
- if (signature == NULL) {/* return a sensible algorithm */
- if (hash)
- *hash = GNUTLS_DIG_SHA256;
- return 0;
- }
+ if (signature == NULL)
+ { /* return a sensible algorithm */
+ if (hash)
+ *hash = GNUTLS_DIG_SHA256;
+ return 0;
+ }
ret =
_gnutls_pkcs1_rsa_decrypt (&decrypted, signature,
@@ -979,8 +988,8 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
ret =
pubkey_verify_sig (tbs, hash, signature,
- gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
- issuer_params, issuer_params_size);
+ gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
+ issuer_params, issuer_params_size);
if (ret < 0)
{
gnutls_assert ();
@@ -1010,7 +1019,7 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
int ret;
ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
- issuer->params, issuer->params_size);
+ issuer->params, issuer->params_size);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 7f95c32b26..c9b756a6f6 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2186,16 +2186,17 @@ gnutls_x509_crt_export (gnutls_x509_crt_t cert,
}
int
-_gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t* params, int params_size,
- unsigned char *output_data, size_t * output_data_size)
+_gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params,
+ int params_size, unsigned char *output_data,
+ size_t * output_data_size)
{
int result = 0;
gnutls_datum_t der = { NULL, 0 };
digest_hd_st hd;
- if (output_data==NULL || *output_data_size < 20)
+ if (output_data == NULL || *output_data_size < 20)
{
- gnutls_assert();
+ gnutls_assert ();
*output_data_size = 20;
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
@@ -2257,7 +2258,9 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
return result;
}
- result = _gnutls_get_key_id(pk, params, params_size, output_data, output_data_size);
+ result =
+ _gnutls_get_key_id (pk, params, params_size, output_data,
+ output_data_size);
if (result < 0)
{
gnutls_assert ();
@@ -2511,9 +2514,7 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
}
issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
- ret =
- _gnutls_x509_crt_get_mpis (crt, issuer_params,
- &issuer_params_size);
+ ret = _gnutls_x509_crt_get_mpis (crt, issuer_params, &issuer_params_size);
if (ret < 0)
{
gnutls_assert ();
@@ -2521,8 +2522,10 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
}
ret = _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash,
- signature, gnutls_x509_crt_get_pk_algorithm (crt, NULL),
- issuer_params, issuer_params_size);
+ signature,
+ gnutls_x509_crt_get_pk_algorithm (crt,
+ NULL),
+ issuer_params, issuer_params_size);
/* release allocated mpis */
for (i = 0; i < issuer_params_size; i++)
@@ -2552,7 +2555,8 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
**/
int
gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t * hash, unsigned int *mand)
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
int issuer_params_size;
@@ -2565,17 +2569,17 @@ gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
}
issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
- ret =
- _gnutls_x509_crt_get_mpis (crt, issuer_params,
- &issuer_params_size);
+ ret = _gnutls_x509_crt_get_mpis (crt, issuer_params, &issuer_params_size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- ret = _gnutls_pk_get_hash_algorithm(gnutls_x509_crt_get_pk_algorithm (crt, NULL),
- issuer_params, issuer_params_size, hash, mand);
+ ret =
+ _gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), issuer_params,
+ issuer_params_size, hash, mand);
/* release allocated mpis */
for (i = 0; i < issuer_params_size; i++)
@@ -3216,21 +3220,25 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
{
int result;
gnutls_datum_t datum = { NULL, 0 };
-
+
result =
- _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID", &datum, 2);
-
- if (datum.size > *sizeof_buf) { /* then we're not going to fit */
- *sizeof_buf = datum.size;
- buf[0] = '\0';
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- } else {
- *sizeof_buf = datum.size;
- memcpy(buf, datum.data, datum.size);
- }
-
- _gnutls_free_datum(&datum);
-
+ _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID",
+ &datum, 2);
+
+ if (datum.size > *sizeof_buf)
+ { /* then we're not going to fit */
+ *sizeof_buf = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ *sizeof_buf = datum.size;
+ memcpy (buf, datum.data, datum.size);
+ }
+
+ _gnutls_free_datum (&datum);
+
return result;
}
@@ -3252,24 +3260,28 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
**/
int
gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * sizeof_buf)
+ size_t * sizeof_buf)
{
int result;
gnutls_datum_t datum = { NULL, 0 };
-
+
result =
- _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID", &datum, 2);
-
- if (datum.size > *sizeof_buf) { /* then we're not going to fit */
- *sizeof_buf = datum.size;
- buf[0] = '\0';
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- } else {
- *sizeof_buf = datum.size;
- memcpy(buf, datum.data, datum.size);
- }
-
- _gnutls_free_datum(&datum);
-
+ _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID",
+ &datum, 2);
+
+ if (datum.size > *sizeof_buf)
+ { /* then we're not going to fit */
+ *sizeof_buf = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ *sizeof_buf = datum.size;
+ memcpy (buf, datum.data, datum.size);
+ }
+
+ _gnutls_free_datum (&datum);
+
return result;
}
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index b29b732546..924dee341c 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -24,7 +24,7 @@
*/
#ifndef X509_H
-# define X509_H
+#define X509_H
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
@@ -33,10 +33,10 @@
/* Remove these when we require libtasn1 v1.6 or later. */
#ifndef ASN1_MAX_NAME_SIZE
-# define ASN1_MAX_NAME_SIZE MAX_NAME_SIZE
+#define ASN1_MAX_NAME_SIZE MAX_NAME_SIZE
#endif
#ifndef ASN1_MAX_ERROR_DESCRIPTION_SIZE
-# define ASN1_MAX_ERROR_DESCRIPTION_SIZE MAX_ERROR_DESCRIPTION_SIZE
+#define ASN1_MAX_ERROR_DESCRIPTION_SIZE MAX_ERROR_DESCRIPTION_SIZE
#endif
#define MAX_CRQ_EXTENSIONS_SIZE 8*1024
@@ -72,7 +72,7 @@ typedef struct gnutls_pkcs7_int
ASN1_TYPE pkcs7;
} gnutls_pkcs7_int;
-#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
+#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
@@ -81,11 +81,11 @@ typedef struct gnutls_pkcs7_int
#define RSA_PUBLIC_PARAMS 2
#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
-# error INCREASE MAX_PRIV_PARAMS
+#error INCREASE MAX_PRIV_PARAMS
#endif
#if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
-# error INCREASE MAX_PRIV_PARAMS
+#error INCREASE MAX_PRIV_PARAMS
#endif
typedef struct gnutls_x509_privkey_int
@@ -107,8 +107,8 @@ typedef struct gnutls_x509_privkey_int
* using fixup.
* The following two are also not always available thus fixup
* will generate them.
- * [6] e1 == d mod (p-1)
- * [7] e2 == d mod (q-1)
+ * [6] e1 == d mod (p-1)
+ * [7] e2 == d mod (q-1)
* DSA: [0] is p
* [1] is q
* [2] is g
@@ -141,7 +141,7 @@ int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
/* sign.c */
int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs);
+ gnutls_datum_t * tbs);
int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
gnutls_digest_algorithm_t,
gnutls_x509_crt_t issuer,
@@ -190,7 +190,8 @@ int
_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
const gnutls_datum_t * signature,
gnutls_pk_algorithm pk,
- bigint_t* issuer_params, unsigned int issuer_params_size);
+ bigint_t * issuer_params,
+ unsigned int issuer_params_size);
int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
const gnutls_datum_t * hash,
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index dc47af20c3..e848f1d750 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -760,14 +760,14 @@ gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
return GNUTLS_E_INVALID_REQUEST;
}
- result = gnutls_privkey_init(&privkey);
+ result = gnutls_privkey_init (&privkey);
if (result < 0)
{
gnutls_assert ();
return result;
}
- result = gnutls_privkey_import_x509(privkey, issuer_key, 0);
+ result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
if (result < 0)
{
gnutls_assert ();
@@ -784,7 +784,7 @@ gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
result = 0;
fail:
- gnutls_privkey_deinit(privkey);
+ gnutls_privkey_deinit (privkey);
return result;
}
@@ -1313,8 +1313,9 @@ gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
**/
int
gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
int result;
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index c9bea304db..a07e8e2b4f 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -414,7 +414,8 @@ cpydata (const uint8_t * data, int data_size, uint8_t ** result)
for (j = i = 0; i < data_size; i++)
{
- if (data[i] == '\n' || data[i] == '\r' || data[i] == ' ' || data[i] == '\t')
+ if (data[i] == '\n' || data[i] == '\r' || data[i] == ' '
+ || data[i] == '\t')
continue;
(*result)[j] = data[i];
j++;
@@ -462,7 +463,7 @@ _gnutls_fbase64_decode (const char *header, const opaque * data,
return GNUTLS_E_BASE64_DECODING_ERROR;
}
- kdata = memmem (rdata+1, data_size-1, ENDSTR, sizeof (ENDSTR) - 1);
+ kdata = memmem (rdata + 1, data_size - 1, ENDSTR, sizeof (ENDSTR) - 1);
/* allow CR as well.
*/
if (kdata == NULL)