diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-11 12:21:59 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-11 13:21:04 +0200 |
| commit | aa2cc04b9ef04404b719db5d693e6f146dbe026a (patch) | |
| tree | 469b7b176428d24e797ae39105705eea45ef1901 /lib | |
| parent | 09f1d96b662d34c55de9903a8a890ad887bcd699 (diff) | |
| download | gnutls-aa2cc04b9ef04404b719db5d693e6f146dbe026a.tar.gz | |
several spacing fixes to keep syntax-check happy
Diffstat (limited to 'lib')
96 files changed, 1546 insertions, 1381 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 7341f80c7f..5db029e01c 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -68,14 +68,14 @@ PSK_COBJECTS = psk.c COBJECTS = range.c record.c compress.c debug.c cipher.c \ mbuffers.c buffers.c handshake.c num.c errors.c dh.c kx.c \ - priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \ + priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \ extensions.c auth.c sslv2_compat.c datum.c session_pack.c mpi.c \ pk.c cert.c global.c constate.c anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \ - mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \ - system/certs.c system/threads.c system/fastopen.c system/sockets.c \ + mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \ + system/certs.c system/threads.c system/fastopen.c system/sockets.c \ system/inet_ntop.c system/iconv.c system/vasprintf.c vasprintf.h system.c \ - str.c state.c x509.c file.c supplemental.c \ - random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \ + str.c state.c x509.c file.c supplemental.c \ + random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \ system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \ safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \ system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \ diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 7b358bbc8a..95f37561d4 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -176,7 +176,7 @@ static const cipher_entry_st algorithms[] = { .explicit_iv = 8, .cipher_iv = 12, .tagsize = 16}, - { .name = "3DES-CBC", + { .name = "3DES-CBC", .id = GNUTLS_CIPHER_3DES_CBC, .blocksize = 8, .keysize = 24, @@ -212,11 +212,11 @@ static const cipher_entry_st algorithms[] = { }; #define GNUTLS_CIPHER_LOOP(b) \ - const cipher_entry_st *p; \ - for(p = algorithms; p->name != NULL; p++) { b ; } + const cipher_entry_st *p; \ + for(p = algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_ALG_LOOP(a) \ - GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } ) + GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } ) /* CIPHER functions */ diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 76964ae81c..3fb417dc70 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -85,8 +85,8 @@ #define GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x9A } #define GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x9B } -#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A } -#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B } +#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A } +#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B } #define GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x7C } #define GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7D } #define GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 { 0xC0,0x80 } @@ -97,8 +97,8 @@ #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x87 } #define GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8A } #define GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8B } -#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E } -#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F } +#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E } +#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F } #define GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x90 } #define GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x91 } #define GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x92 } @@ -252,21 +252,21 @@ #define GNUTLS_DHE_PSK_AES_256_GCM_SHA384 { 0x00, 0xAB } #define GNUTLS_PSK_AES_256_CBC_SHA384 { 0x00,0xAF } -#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 } +#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 } #define GNUTLS_DHE_PSK_AES_256_CBC_SHA384 { 0x00,0xB3 } -#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 } +#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 } -#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C } -#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D } -#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E } -#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 } +#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C } +#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D } +#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E } +#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 } #define GNUTLS_RSA_PSK_AES_128_GCM_SHA256 { 0x00,0xAC } #define GNUTLS_RSA_PSK_AES_256_GCM_SHA384 { 0x00,0xAD } #define GNUTLS_RSA_PSK_AES_128_CBC_SHA256 { 0x00,0xB6 } #define GNUTLS_RSA_PSK_AES_256_CBC_SHA384 { 0x00,0xB7 } -#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 } -#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 } +#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 } +#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 } /* PSK - SHA256 HMAC */ @@ -291,7 +291,7 @@ #define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 } /* ECC-ECDSA */ -#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 } +#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 } #define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 } #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 } #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A } @@ -1139,11 +1139,11 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { }; #define CIPHER_SUITE_LOOP(b) { \ - const gnutls_cipher_suite_entry_st *p; \ - for(p = cs_algorithms; p->name != NULL; p++) { b ; } } + const gnutls_cipher_suite_entry_st *p; \ + for(p = cs_algorithms; p->name != NULL; p++) { b ; } } #define CIPHER_SUITE_ALG_LOOP(a, suite) \ - CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } ) + CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } ) /* Cipher Suite's functions */ diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index 9d0c584b0a..ac1c3e2187 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -82,7 +82,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { #define GNUTLS_ECC_CURVE_LOOP(b) \ { const gnutls_ecc_curve_entry_st *p; \ - for(p = ecc_curves; p->name != NULL; p++) { b ; } } + for(p = ecc_curves; p->name != NULL; p++) { b ; } } /* Returns the TLS id of the given curve diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c index 09eab0d8c2..2d5ad81bc5 100644 --- a/lib/algorithms/kx.c +++ b/lib/algorithms/kx.c @@ -76,11 +76,11 @@ static const gnutls_cred_map cred_mappings[] = { }; #define GNUTLS_KX_MAP_LOOP(b) \ - const gnutls_cred_map *p; \ - for(p = cred_mappings; p->algorithm != 0; p++) { b ; } + const gnutls_cred_map *p; \ + for(p = cred_mappings; p->algorithm != 0; p++) { b ; } #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \ - GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) + GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) struct gnutls_kx_algo_entry { const char *name; @@ -134,11 +134,11 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { }; #define GNUTLS_KX_LOOP(b) \ - const gnutls_kx_algo_entry *p; \ - for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; } + const gnutls_kx_algo_entry *p; \ + for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_KX_ALG_LOOP(a) \ - GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } ) + GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } ) /* Key EXCHANGE functions */ diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index f0882549c9..0198e4a205 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -62,11 +62,11 @@ static const mac_entry_st hash_algorithms[] = { #define GNUTLS_HASH_LOOP(b) \ - const mac_entry_st *p; \ - for(p = hash_algorithms; p->name != NULL; p++) { b ; } + const mac_entry_st *p; \ + for(p = hash_algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_HASH_ALG_LOOP(a) \ - GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) + GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) const mac_entry_st *_gnutls_mac_to_entry(gnutls_mac_algorithm_t c) { @@ -172,7 +172,7 @@ gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name) GNUTLS_HASH_LOOP( if (strcasecmp(p->name, name) == 0) { if (p->placeholder != 0 || _gnutls_mac_exists(p->id)) - ret = p->id; + ret = p->id; break; } ); diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 8ef69a5e70..b2bd675f5f 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -129,8 +129,8 @@ static const version_entry_st sup_versions[] = { }; #define GNUTLS_VERSION_LOOP(b) \ - const version_entry_st *p; \ - for(p = sup_versions; p->name != NULL; p++) { b ; } + const version_entry_st *p; \ + for(p = sup_versions; p->name != NULL; p++) { b ; } #define GNUTLS_VERSION_ALG_LOOP(a) \ GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; }) diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c index c70187736f..b7b1169fbb 100644 --- a/lib/algorithms/publickey.c +++ b/lib/algorithms/publickey.c @@ -57,11 +57,11 @@ static const gnutls_pk_map pk_mappings[] = { }; #define GNUTLS_PK_MAP_LOOP(b) \ - const gnutls_pk_map *p; \ - for(p = pk_mappings; p->kx_algorithm != 0; p++) { b } + const gnutls_pk_map *p; \ + for(p = pk_mappings; p->kx_algorithm != 0; p++) { b } #define GNUTLS_PK_MAP_ALG_LOOP(a) \ - GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) + GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) /* returns the gnutls_pk_algorithm_t which is compatible with @@ -104,7 +104,7 @@ static const gnutls_pk_entry pk_algorithms[] = { #define GNUTLS_PK_LOOP(b) \ { const gnutls_pk_entry *p; \ - for(p = pk_algorithms; p->name != NULL; p++) { b ; } } + for(p = pk_algorithms; p->name != NULL; p++) { b ; } } /** diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index 081a6bf4cf..ee65fc7a90 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -60,7 +60,7 @@ static const gnutls_sec_params_entry sec_params[] = { #define GNUTLS_SEC_PARAM_LOOP(b) \ { const gnutls_sec_params_entry *p; \ - for(p = sec_params; p->name != NULL; p++) { b ; } } + for(p = sec_params; p->name != NULL; p++) { b ; } } /** * gnutls_sec_param_to_pk_bits: diff --git a/lib/auth/cert.c b/lib/auth/cert.c index e52acd636b..15601725dc 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -714,7 +714,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) /* if no certificates were found then send: * 0B 00 00 03 00 00 00 // Certificate with no certs * instead of: - * 0B 00 00 00 // empty certificate handshake + * 0B 00 00 00 // empty certificate handshake * * ( the above is the whole handshake message, not * the one produced here ) diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index d5b953ed27..f9e2b36649 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -107,9 +107,9 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, } ret = 0; -error: + error: _gnutls_mpi_release(&session->key.client_Y); - gnutls_pk_params_clear(&session->key.dh_params); + gnutls_pk_params_clear(&session->key.dh_params); return ret; } @@ -173,8 +173,8 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, ret = data->length; - error: - gnutls_pk_params_clear(&session->key.dh_params); + error: + gnutls_pk_params_clear(&session->key.dh_params); return ret; } diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index e445c2f0fe..909e472dc0 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -191,8 +191,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, goto cleanup; } -cleanup: - gnutls_pk_params_clear(&session->key.ecdh_params); + cleanup: + gnutls_pk_params_clear(&session->key.ecdh_params); return ret; } @@ -271,8 +271,8 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, } else if (pk == GNUTLS_PK_ECDHX) { ret = _gnutls_buffer_append_data_prefix(data, 8, - session->key.ecdh_params.raw_pub.data, - session->key.ecdh_params.raw_pub.size); + session->key.ecdh_params.raw_pub.data, + session->key.ecdh_params.raw_pub.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -287,8 +287,8 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, } ret = data->length; -cleanup: - gnutls_pk_params_clear(&session->key.ecdh_params); + cleanup: + gnutls_pk_params_clear(&session->key.ecdh_params); return ret; } @@ -451,9 +451,9 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, } else if (pk == GNUTLS_PK_ECDHX) { ret = - _gnutls_buffer_append_data_prefix(data, 8, - session->key.ecdh_params.raw_pub.data, - session->key.ecdh_params.raw_pub.size); + _gnutls_buffer_append_data_prefix(data, 8, + session->key.ecdh_params.raw_pub.data, + session->key.ecdh_params.raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); } diff --git a/lib/auth/psk.c b/lib/auth/psk.c index 2b3ac41dc0..ea1417b662 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -292,9 +292,9 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, * * struct { * select (KeyExchangeAlgorithm) { - * // other cases for rsa, diffie_hellman, etc. - * case psk: // NEW - * uint8_t psk_identity_hint<0..2^16-1>; + * // other cases for rsa, diffie_hellman, etc. + * case psk: // NEW + * uint8_t psk_identity_hint<0..2^16-1>; * }; * } ServerKeyExchange; * diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 2ef2c9c901..72aadb83f8 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -194,8 +194,8 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, char *username, cleanup: if (fd != NULL) fclose(fd); - - zeroize_key(line, line_size); + + zeroize_key(line, line_size); free(line); return ret; diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index 4e00f88b4f..b911282567 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -213,7 +213,7 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != ':') - && (line[i] != '\0')) { + && (line[i] != '\0')) { i++; } diff --git a/lib/auto-verify.c b/lib/auto-verify.c index 4780843c00..8c618b612b 100644 --- a/lib/auto-verify.c +++ b/lib/auto-verify.c @@ -31,26 +31,26 @@ /* The actual verification callback. */ static int auto_verify_cb(gnutls_session_t session) { - unsigned int status; - int ret; + unsigned int status; + int ret; - if (session->internals.vc_elements == 0) { - ret = gnutls_certificate_verify_peers2(session, &status); + if (session->internals.vc_elements == 0) { + ret = gnutls_certificate_verify_peers2(session, &status); } else { - ret = gnutls_certificate_verify_peers(session, session->internals.vc_data, + ret = gnutls_certificate_verify_peers(session, session->internals.vc_data, session->internals.vc_elements, &status); - } - if (ret < 0) { - return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); - } + } + if (ret < 0) { + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + } - session->internals.vc_status = status; + session->internals.vc_status = status; - if (status != 0) /* Certificate is not trusted */ - return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR); + if (status != 0) /* Certificate is not trusted */ + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR); - /* notify gnutls to continue handshake normally */ - return 0; + /* notify gnutls to continue handshake normally */ + return 0; } /** diff --git a/lib/buffers.c b/lib/buffers.c index 72c48e7e04..0371ae849a 100644 --- a/lib/buffers.c +++ b/lib/buffers.c @@ -266,7 +266,7 @@ _gnutls_dgram_read(gnutls_session_t session, mbuffer_st ** bufel, int err = get_errno(session); _gnutls_read_log("READ: %d returned from %p, errno=%d\n", - (int) i, fd, err); + (int) i, fd, err); ret = errno_to_gerr(err, 1); goto cleanup; @@ -459,9 +459,9 @@ _gnutls_writev_emu(gnutls_session_t session, gnutls_transport_ptr_t fd, } if (ret == -1) { - gnutls_assert(); + gnutls_assert(); break; - } + } total += ret; diff --git a/lib/buffers.h b/lib/buffers.h index e4dabf1b5f..a8f2c5c779 100644 --- a/lib/buffers.h +++ b/lib/buffers.h @@ -119,7 +119,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, unsigned int ms); #define _gnutls_handshake_io_buffer_clear( session) \ - _mbuffer_head_clear( &session->internals.handshake_send_buffer); \ - _gnutls_handshake_recv_buffer_clear( session); + _mbuffer_head_clear( &session->internals.handshake_send_buffer); \ + _gnutls_handshake_recv_buffer_clear( session); #endif diff --git a/lib/cipher.c b/lib/cipher.c index 50096df6c4..b25ba90997 100644 --- a/lib/cipher.c +++ b/lib/cipher.c @@ -400,10 +400,9 @@ compressed_to_ciphertext(gnutls_session_t session, memset(nonce, 0, 4); memcpy(&nonce[4], - UINT64DATA(params->write.sequence_number), - 8); + UINT64DATA(params->write.sequence_number), 8); - memxor(nonce, params->write.IV.data, 12); + memxor(nonce, params->write.IV.data, 12); } } @@ -602,7 +601,7 @@ ciphertext_to_compressed(gnutls_session_t session, memset(nonce, 0, 4); memcpy(&nonce[4], UINT64DATA(*sequence), 8); - memxor(nonce, params->read.IV.data, 12); + memxor(nonce, params->read.IV.data, 12); } length = diff --git a/lib/cipher_int.c b/lib/cipher_int.c index 6482e00bc5..46ce30b6c8 100644 --- a/lib/cipher_int.c +++ b/lib/cipher_int.c @@ -85,7 +85,7 @@ _gnutls_cipher_init(cipher_hd_st *handle, const cipher_entry_st *e, if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - FAIL_IF_LIB_ERROR; + FAIL_IF_LIB_ERROR; handle->e = e; handle->handle = NULL; @@ -183,7 +183,7 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle, if (unlikely(e == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - FAIL_IF_LIB_ERROR; + FAIL_IF_LIB_ERROR; memset(handle, 0, sizeof(*handle)); handle->etm = etm; @@ -308,9 +308,9 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle, l = (textlen / blocksize) * blocksize; if (l > 0) { ret = - _gnutls_cipher_encrypt2(&handle->cipher, text, - l, ciphertext, - ciphertextlen); + _gnutls_cipher_encrypt2(&handle->cipher, text, + l, ciphertext, + ciphertextlen); if (ret < 0) return gnutls_assert_val(ret); @@ -353,9 +353,9 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle, MAC(handle, ciphertext, textlen); ret = - _gnutls_auth_cipher_tag(handle, - ciphertext + textlen, - handle->tag_size); + _gnutls_auth_cipher_tag(handle, + ciphertext + textlen, + handle->tag_size); if (ret < 0) return gnutls_assert_val(ret); } diff --git a/lib/compress.c b/lib/compress.c index 2e7197fb63..8008bf60d8 100644 --- a/lib/compress.c +++ b/lib/compress.c @@ -205,9 +205,9 @@ _gnutls_supported_compression_methods(gnutls_session_t session, for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) { if (IS_DTLS(session) && session->internals.priorities.compression.priority[i] != GNUTLS_COMP_NULL) { - gnutls_assert(); - continue; - } + gnutls_assert(); + continue; + } tmp = _gnutls_compression_get_num(session-> diff --git a/lib/crypto-api.c b/lib/crypto-api.c index e8fc7b9404..9b2bafa66a 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -763,11 +763,11 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle, return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); ret = _gnutls_aead_cipher_encrypt(&h->ctx_enc, - nonce, nonce_len, - auth, auth_len, - tag_size, - ptext, ptext_len, - ctext, *ctext_len); + nonce, nonce_len, + auth, auth_len, + tag_size, + ptext, ptext_len, + ctext, *ctext_len); if (unlikely(ret < 0)) return gnutls_assert_val(ret); diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c index 9130e894ed..bac3035c44 100644 --- a/lib/crypto-backend.c +++ b/lib/crypto-backend.c @@ -98,8 +98,8 @@ _algo_register(algo_list * al, int algorithm, int priority, void *s, int free_s) return 0; cleanup: - if (free_s) gnutls_free(s); - return ret; + if (free_s) gnutls_free(s); + return ret; } static const void *_get_algo(algo_list * al, int algo) diff --git a/lib/datum.h b/lib/datum.h index 6b4ff48b8f..9b2d82925b 100644 --- a/lib/datum.h +++ b/lib/datum.h @@ -29,7 +29,7 @@ int _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size); int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data, - size_t data_size); + size_t data_size); int _gnutls_datum_append(gnutls_datum_t * dat, const void *data, size_t data_size); @@ -54,7 +54,7 @@ void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) if (dat->data != NULL) { zeroize_temp_key(dat->data, dat->size); gnutls_free(dat->data); - } + } dat->data = NULL; dat->size = 0; @@ -66,7 +66,7 @@ void _gnutls_free_key_datum(gnutls_datum_t * dat) if (dat->data != NULL) { zeroize_key(dat->data, dat->size); gnutls_free(dat->data); - } + } dat->data = NULL; dat->size = 0; diff --git a/lib/dtls-sw.c b/lib/dtls-sw.c index 36630abb07..7e9d701d12 100644 --- a/lib/dtls-sw.c +++ b/lib/dtls-sw.c @@ -2,7 +2,7 @@ * Copyright (C) 2016 Red Hat, Inc. * * Authors: Fridolin Pokorny - * Nikos Mavrogiannopoulos + * Nikos Mavrogiannopoulos * * This file is part of GNUTLS. * diff --git a/lib/dtls.c b/lib/dtls.c index 50d5dcefc4..e78665fd81 100644 --- a/lib/dtls.c +++ b/lib/dtls.c @@ -3,7 +3,7 @@ * Copyright (C) 2013 Nikos Mavrogiannopoulos * * Authors: Jonathan Bastien-Filiatrault - * Nikos Mavrogiannopoulos + * Nikos Mavrogiannopoulos * * This file is part of GNUTLS. * diff --git a/lib/dtls.h b/lib/dtls.h index e49a8a1344..5603241fb4 100644 --- a/lib/dtls.h +++ b/lib/dtls.h @@ -54,7 +54,7 @@ void _dtls_reset_window(struct record_parameters_st *rp); if (r != GNUTLS_E_INTERRUPTED) _rr = GNUTLS_E_AGAIN; \ else _rr = r; \ if (!(session->internals.flags & GNUTLS_NONBLOCK)) \ - millisleep(50); \ + millisleep(50); \ return gnutls_assert_val(_rr); \ } \ } @@ -86,8 +86,8 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, /* pad and store y */ return 0; cleanup: - _gnutls_free_datum(out); - return ret; + _gnutls_free_datum(out); + return ret; } diff --git a/lib/errors.c b/lib/errors.c index 21bcdddd62..05ef2e3171 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -74,8 +74,8 @@ static const gnutls_error_entry error_entries[] = { ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR), ERROR_ENTRY(N_( - "A connection with inappropriate fallback was attempted."), - GNUTLS_E_INAPPROPRIATE_FALLBACK), + "A connection with inappropriate fallback was attempted."), + GNUTLS_E_INAPPROPRIATE_FALLBACK), ERROR_ENTRY(N_("An illegal TLS extension was received."), GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION), ERROR_ENTRY(N_("A TLS fatal alert has been received."), diff --git a/lib/ext/dumbfw.c b/lib/ext/dumbfw.c index d48f28ecc1..b623f2a396 100644 --- a/lib/ext/dumbfw.c +++ b/lib/ext/dumbfw.c @@ -63,7 +63,7 @@ _gnutls_dumbfw_send_params(gnutls_session_t session, } else { /* 256 <= extdata->length < 512 */ pad_size = 512 - extdata->length; - memset(pad, 0, pad_size); + memset(pad, 0, pad_size); ret = gnutls_buffer_append_data(extdata, pad, diff --git a/lib/ext/srp.h b/lib/ext/srp.h index c3a316a500..00b8e2ba0e 100644 --- a/lib/ext/srp.h +++ b/lib/ext/srp.h @@ -28,7 +28,7 @@ #ifdef ENABLE_SRP #define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \ - kx == GNUTLS_KX_SRP_DSS)?1:0) + kx == GNUTLS_KX_SRP_DSS)?1:0) extern const extension_entry_st ext_mod_srp; diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index c95224a834..637a4403d2 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -50,17 +50,17 @@ typedef struct { From RFC 6066. Client sends: struct { - CertificateStatusType status_type; - select (status_type) { - case ocsp: OCSPStatusRequest; - } request; + CertificateStatusType status_type; + select (status_type) { + case ocsp: OCSPStatusRequest; + } request; } CertificateStatusRequest; enum { ocsp(1), (255) } CertificateStatusType; struct { - ResponderID responder_id_list<0..2^16-1>; - Extensions request_extensions; + ResponderID responder_id_list<0..2^16-1>; + Extensions request_extensions; } OCSPStatusRequest; opaque ResponderID<1..2^16-1>; diff --git a/lib/extras/hex.c b/lib/extras/hex.c index 3a89a014bb..55b64ca309 100644 --- a/lib/extras/hex.c +++ b/lib/extras/hex.c @@ -10,11 +10,11 @@ static bool char_to_hex(unsigned char *val, char c) *val = c - '0'; return true; } - if (c >= 'a' && c <= 'f') { + if (c >= 'a' && c <= 'f') { *val = c - 'a' + 10; return true; } - if (c >= 'A' && c <= 'F') { + if (c >= 'A' && c <= 'F') { *val = c - 'A' + 10; return true; } diff --git a/lib/fips.c b/lib/fips.c index 992a918d8d..8a0ada34bc 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -350,7 +350,7 @@ int _gnutls_fips_perform_self_checks2(void) gnutls_assert(); goto error; } - + ret = _gnutls_rnd_ops.self_test(); if (ret < 0) { gnutls_assert(); diff --git a/lib/gnutls.asn b/lib/gnutls.asn index 76bad6fbb6..744403403a 100644 --- a/lib/gnutls.asn +++ b/lib/gnutls.asn @@ -26,7 +26,7 @@ RSAPrivateKey ::= SEQUENCE { exponent1 INTEGER, -- (Usually large) d mod (p-1) exponent2 INTEGER, -- (Usually large) d mod (q-1) coefficient INTEGER, -- (Usually large) (inverse of q) mod p - otherInfo RSAOtherInfo OPTIONAL + otherInfo RSAOtherInfo OPTIONAL } ProvableSeed ::= SEQUENCE { @@ -35,8 +35,8 @@ ProvableSeed ::= SEQUENCE { } RSAOtherInfo ::= CHOICE { - otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation - seed [1] ProvableSeed + otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation + seed [1] ProvableSeed } OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 25d4b3a814..2435c5c1e1 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -609,7 +609,7 @@ struct record_state_st { 0x0000-0xffff. */ #define EPOCH_READ_CURRENT 70000 #define EPOCH_WRITE_CURRENT 70001 -#define EPOCH_NEXT 70002 +#define EPOCH_NEXT 70002 struct record_parameters_st { uint16_t epoch; @@ -694,12 +694,12 @@ struct gnutls_priority_st { #define DEFAULT_MAX_EMPTY_RECORDS 200 #define ENABLE_COMPAT(x) \ - (x)->allow_large_records = 1; \ - (x)->no_etm = 1; \ - (x)->no_ext_master_secret = 1; \ - (x)->allow_key_usage_violation = 1; \ - (x)->allow_wrong_pms = 1; \ - (x)->dumbfw = 1 + (x)->allow_large_records = 1; \ + (x)->no_etm = 1; \ + (x)->no_ext_master_secret = 1; \ + (x)->allow_key_usage_violation = 1; \ + (x)->allow_wrong_pms = 1; \ + (x)->dumbfw = 1 /* DH and RSA parameters types. */ diff --git a/lib/handshake.c b/lib/handshake.c index 7dccae6030..9a8c9acc3f 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1264,7 +1264,7 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, } ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0, - _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); + _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); if (ret < 0) { gnutls_assert(); _mbuffer_xfree(&bufel); @@ -1281,7 +1281,7 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, } ret = call_hook_func(session, type, GNUTLS_HOOK_POST, 0, - _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); + _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); if (ret < 0) { gnutls_assert(); return ret; @@ -1707,8 +1707,8 @@ client_check_if_resuming(gnutls_session_t session, memcpy(session->security_parameters.cipher_suite, session->internals.resumed_security_parameters.cipher_suite, 2); - session->security_parameters.compression_method = - session->internals.resumed_security_parameters.compression_method; + session->security_parameters.compression_method = + session->internals.resumed_security_parameters.compression_method; _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, @@ -2344,37 +2344,37 @@ recv_hello_verify_request(gnutls_session_t session, /* The packets in gnutls_handshake (it's more broad than original TLS handshake) * - * Client Server + * Client Server * - * ClientHello --------> - * <-------- ServerHello + * ClientHello --------> + * <-------- ServerHello * - * Certificate* - * ServerKeyExchange* - * <-------- CertificateRequest* + * Certificate* + * ServerKeyExchange* + * <-------- CertificateRequest* * - * <-------- ServerHelloDone + * <-------- ServerHelloDone * Certificate* * ClientKeyExchange * CertificateVerify* * [ChangeCipherSpec] - * Finished --------> - * NewSessionTicket - * [ChangeCipherSpec] - * <-------- Finished + * Finished --------> + * NewSessionTicket + * [ChangeCipherSpec] + * <-------- Finished * * (*): means optional packet. */ /* Handshake when resumming session: - * Client Server + * Client Server * - * ClientHello --------> - * ServerHello - * [ChangeCipherSpec] - * <-------- Finished + * ClientHello --------> + * ServerHello + * [ChangeCipherSpec] + * <-------- Finished * [ChangeCipherSpec] - * Finished --------> + * Finished --------> * */ @@ -2570,7 +2570,7 @@ int gnutls_handshake(gnutls_session_t session) if (session->internals.handshake_timeout_ms && session->internals.handshake_endtime == 0) session->internals.handshake_endtime = session->internals.handshake_start_time.tv_sec + - session->internals.handshake_timeout_ms / 1000; + session->internals.handshake_timeout_ms / 1000; } if (session->internals.recv_state == RECV_STATE_FALSE_START) { @@ -2677,7 +2677,7 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms) session->internals.handshake_large_loops++; \ return ret; \ } \ - /* a warning alert might interrupt handshake */ \ + /* a warning alert might interrupt handshake */ \ if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \ gnutls_assert(); \ ERR( str, ret); \ diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 772bd36255..e4c3efd42c 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -476,8 +476,8 @@ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, gnutls_x509_crt_t crt, unsigned int flags); int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert, - gnutls_x509_crt_t *crt, unsigned *ncrt, - unsigned int flags); + gnutls_x509_crt_t *crt, unsigned *ncrt, + unsigned int flags); int gnutls_pcert_export_x509(gnutls_pcert_st * pcert, gnutls_x509_crt_t * crt); diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 3abc77e658..7cd92a2000 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -153,17 +153,17 @@ typedef int (*gnutls_cipher_auth_func) (void *ctx, const void *data, size_t data typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsize); typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx, - const void *nonce, size_t noncesize, - const void *auth, size_t authsize, - size_t tag_size, - const void *plain, size_t plainsize, - void *encr, size_t encrsize); + const void *nonce, size_t noncesize, + const void *auth, size_t authsize, + size_t tag_size, + const void *plain, size_t plainsize, + void *encr, size_t encrsize); typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx, - const void *nonce, size_t noncesize, - const void *auth, size_t authsize, - size_t tag_size, - const void *encr, size_t encrsize, - void *plain, size_t plainsize); + const void *nonce, size_t noncesize, + const void *auth, size_t authsize, + size_t tag_size, + const void *encr, size_t encrsize, + void *plain, size_t plainsize); typedef void (*gnutls_cipher_deinit_func) (void *ctx); int diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 20a13c9aca..c04e1597d0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1126,7 +1126,7 @@ typedef struct mbuffer_st *gnutls_packet_t; ssize_t gnutls_record_recv_packet(gnutls_session_t session, - gnutls_packet_t *packet); + gnutls_packet_t *packet); void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence); void gnutls_packet_deinit(gnutls_packet_t packet); diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 08f41890d2..7e95b0fd76 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -188,7 +188,7 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, unsigned gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, const char *hostname); unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, - const char *hostname, unsigned int flags); + const char *hostname, unsigned int flags); int gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, const char *email, unsigned int flags); @@ -39,15 +39,15 @@ unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size); inline static int safe_memcmp(const void *s1, const void *s2, size_t n) { - if (n == 0) - return 0; - return memcmp(s1, s2, n); + if (n == 0) + return 0; + return memcmp(s1, s2, n); } #define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \ - _gnutls_mpi_clear(*mpi); \ - _gnutls_mpi_release(mpi); \ - } + _gnutls_mpi_clear(*mpi); \ + _gnutls_mpi_release(mpi); \ + } #define zeroize_key(x, size) gnutls_memset(x, 0, size) diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c index 2cd9ac359a..9ac1131f5c 100644 --- a/lib/minitasn1/decoding.c +++ b/lib/minitasn1/decoding.c @@ -1141,8 +1141,8 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, if (result != ASN1_SUCCESS) { warn(); - goto cleanup; - } + goto cleanup; + } DECR_LEN(ider_len, len2); @@ -1186,15 +1186,15 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, dflags |= DECODE_FLAG_INDEFINITE; result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags); - if (result != ASN1_SUCCESS) + if (result != ASN1_SUCCESS) { warn(); goto cleanup; } - DECR_LEN(ider_len, ber_len); + DECR_LEN(ider_len, ber_len); - _asn1_set_value_lv (p, ptmp, vlen); + _asn1_set_value_lv (p, ptmp, vlen); counter += ber_len; free(ptmp); @@ -1434,8 +1434,8 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, if (result != ASN1_SUCCESS) { warn(); - goto cleanup; - } + goto cleanup; + } DECR_LEN(ider_len, len2); _asn1_set_value_lv (p, der + counter, len2); @@ -1470,7 +1470,7 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, if (p) { - p->end = counter - 1; + p->end = counter - 1; } if (p == node && move != DOWN) @@ -2250,8 +2250,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, if (p[0] == 0 && p[1] == 0) /* EOC */ { if (ber_len) *ber_len += 2; - break; - } + break; + } /* no EOC */ der_len += 2; diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c index b7a0905efb..3ae7740d1a 100644 --- a/lib/minitasn1/element.c +++ b/lib/minitasn1/element.c @@ -932,7 +932,7 @@ asn1_read_value_type (asn1_node root, const char *name, void *ivalue, { *len = 0; if (value) - value[0] = 0; + value[0] = 0; p = node->down; while (p) { diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h index 5c4340f133..9a41780204 100644 --- a/lib/minitasn1/libtasn1.h +++ b/lib/minitasn1/libtasn1.h @@ -377,7 +377,7 @@ extern "C" extern ASN1_API int asn1_get_object_id_der (const unsigned char *der, int der_len, int *ret_len, - char *str, int str_size); + char *str, int str_size); /* Compatibility types */ @@ -306,7 +306,7 @@ __gnutls_x509_read_int(ASN1_TYPE node, const char *value, result = _gnutls_mpi_init_scan(ret_mpi, tmpstr, tmpstr_size); if (overwrite) - zeroize_key(tmpstr, tmpstr_size); + zeroize_key(tmpstr, tmpstr_size); gnutls_free(tmpstr); if (result < 0) { diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index bf99985338..569047f1d3 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -100,21 +100,21 @@ struct nettle_cipher_ctx { static void _stream_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { ctx->cipher->encrypt_block(ctx->ctx_ptr, length, dst, src); } static void _stream_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { ctx->cipher->decrypt_block(ctx->ctx_ptr, length, dst, src); } static void _cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { cbc_encrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block, ctx->iv_size, ctx->iv, @@ -123,7 +123,7 @@ _cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, static void _cbc_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { cbc_decrypt(ctx->ctx_ptr, ctx->cipher->decrypt_block, ctx->iv_size, ctx->iv, @@ -160,11 +160,11 @@ _ccm_decrypt(struct nettle_cipher_ctx *ctx, static void _chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx, - size_t length, const uint8_t *nonce) + size_t length, const uint8_t *nonce) { chacha_poly1305_set_nonce(ctx, nonce); } - + struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1]; }; #define GCM_CTX_GET_KEY(ptr) (&((struct gcm_cast_st*)ptr)->key) #define GCM_CTX_GET_CTX(ptr) (&((struct gcm_cast_st*)ptr)->gcm) @@ -172,7 +172,7 @@ struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1] static void _gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { gcm_encrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr), GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block, @@ -181,7 +181,7 @@ _gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, static void _gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { gcm_decrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr), GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block, @@ -620,7 +620,7 @@ wrap_nettle_cipher_aead_encrypt(void *_ctx, const void *auth, size_t auth_size, size_t tag_size, const void *plain, size_t plain_size, - void *encr, size_t encr_size) + void *encr, size_t encr_size) { struct nettle_cipher_ctx *ctx = _ctx; @@ -652,7 +652,7 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx, const void *nonce, size_t nonce_size, const void *auth, size_t auth_size, size_t tag_size, - const void *encr, size_t encr_size, + const void *encr, size_t encr_size, void *plain, size_t plain_size) { struct nettle_cipher_ctx *ctx = _ctx; diff --git a/lib/nettle/int/drbg-aes-self-test.c b/lib/nettle/int/drbg-aes-self-test.c index c4547a6665..a36aceba47 100644 --- a/lib/nettle/int/drbg-aes-self-test.c +++ b/lib/nettle/int/drbg-aes-self-test.c @@ -235,6 +235,6 @@ int drbg_aes_self_test(void) free(tmp); return 1; fail: - free(tmp); - return 0; + free(tmp); + return 0; } diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index b41ebfba8d..c50e7efc8d 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -22,7 +22,7 @@ */ /* This file contains the functions needed for RSA/DSA public key - * encryption and signatures. + * encryption and signatures. */ #include "gnutls_int.h" @@ -66,17 +66,17 @@ static void rnd_func(void *_ctx, size_t length, uint8_t * data) static void ecc_scalar_zclear (struct ecc_scalar *s) { - zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t)); - ecc_scalar_clear(s); + zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t)); + ecc_scalar_clear(s); } -static void +static void ecc_point_zclear (struct ecc_point *p) { - zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t)); - ecc_point_clear(p); + zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t)); + ecc_point_clear(p); } - + static void _dsa_params_get(const gnutls_pk_params_st * pk_params, struct dsa_params *pub) @@ -175,7 +175,7 @@ ecc_shared_secret(struct ecc_scalar *private_key, #define DH_EXPONENT_SIZE(p_size) (2*_gnutls_pk_bits_to_subgroup_bits(p_size)) /* This is used for DH or ECDH key derivation. In DH for example - * it is given the peers Y and our x, and calculates Y^x + * it is given the peers Y and our x, and calculates Y^x */ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * out, @@ -204,7 +204,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, goto dh_cleanup; } - /* check if f==0,1, or f >= p-1. + /* check if f==0,1, or f >= p-1. * or (ff=f+1) equivalently ff==1,2, ff >= p */ if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) || (_gnutls_mpi_cmp_ui(ff, 1) == 0) @@ -852,18 +852,14 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, if (params->seed_size) { ret = - _dsa_generate_dss_pqg(&pub, &cert, - index, - params->seed_size, params->seed, - NULL, NULL, - level, q_bits); + _dsa_generate_dss_pqg(&pub, &cert, + index, params->seed_size, params->seed, + NULL, NULL, level, q_bits); } else { ret = - dsa_generate_dss_pqg(&pub, &cert, - index, - NULL, rnd_func, - NULL, NULL, - level, q_bits); + dsa_generate_dss_pqg(&pub, &cert, + index, NULL, rnd_func, + NULL, NULL, level, q_bits); } if (ret != 1) { gnutls_assert(); @@ -1000,11 +996,11 @@ int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, ret = 0; goto cleanup; fail: - gnutls_free(pub_key->data); - gnutls_free(priv_key->data); + gnutls_free(pub_key->data); + gnutls_free(priv_key->data); cleanup: - gnutls_pk_params_clear(¶ms); - return ret; + gnutls_pk_params_clear(¶ms); + return ret; } /* Note that the value of Z will have the leading bytes stripped if they are zero - @@ -1052,9 +1048,9 @@ int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params, ret = 0; cleanup: - gnutls_pk_params_clear(&pub); - gnutls_pk_params_clear(&priv); - return ret; + gnutls_pk_params_clear(&pub); + gnutls_pk_params_clear(&priv); + return ret; } int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, @@ -1101,12 +1097,12 @@ int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, ret = 0; goto cleanup; fail: - gnutls_free(y->data); - gnutls_free(x->data); - gnutls_free(k->data); + gnutls_free(y->data); + gnutls_free(x->data); + gnutls_free(k->data); cleanup: - gnutls_pk_params_clear(¶ms); - return ret; + gnutls_pk_params_clear(¶ms); + return ret; } int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, @@ -1181,9 +1177,9 @@ int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, ret = 0; cleanup: - gnutls_pk_params_clear(&pub); - gnutls_pk_params_clear(&priv); - return ret; + gnutls_pk_params_clear(&pub); + gnutls_pk_params_clear(&priv); + return ret; } #endif @@ -1216,7 +1212,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, ret = dsa_generate_dss_keypair(&pub, y, x, - NULL, rnd_func, + NULL, rnd_func, NULL, NULL); if (ret != 1) { gnutls_assert(); @@ -1410,7 +1406,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, ecdsa_generate_keypair(&pub, &key, NULL, rnd_func); - ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y], + ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y], ¶ms->params[ECC_K], NULL); if (ret < 0) { gnutls_assert(); diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c index bfe93c5fbc..e2c945b5f1 100644 --- a/lib/opencdk/armor.c +++ b/lib/opencdk/armor.c @@ -304,7 +304,7 @@ static cdk_error_t armor_decode(void *data, FILE * in, FILE * out) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); ret = base64_decode_update(&ctx, &crcbuf_size, crcbuf, - len-1, (uint8_t*)buf+1); + len-1, (uint8_t*)buf+1); if (ret == 0) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); @@ -323,7 +323,7 @@ static cdk_error_t armor_decode(void *data, FILE * in, FILE * out) if ((ssize_t)raw_size < BASE64_DECODE_LENGTH(len)) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); ret = base64_decode_update(&ctx, &raw_size, raw, - len, (uint8_t*)buf); + len, (uint8_t*)buf); if (ret == 0) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index d272886b68..a4e54926c7 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -50,9 +50,9 @@ struct stream_filter_s *filter_add(cdk_stream_t s, filter_fnct_t fnc, /* FIXME: The read/write/putc/getc function cannot directly - return an error code. It is stored in an error variable - inside the string. Right now there is no code to - return the error code or to reset it. */ + return an error code. It is stored in an error variable + inside the string. Right now there is no code to + return the error code or to reset it. */ /** * cdk_stream_open: diff --git a/lib/openpgp/openpgp.c b/lib/openpgp/openpgp.c index 68cf932d26..783f77af12 100644 --- a/lib/openpgp/openpgp.c +++ b/lib/openpgp/openpgp.c @@ -191,8 +191,8 @@ gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_openpgp_privkey_t *key) + unsigned index, + gnutls_openpgp_privkey_t *key) { if (index >= res->ncerts) { gnutls_assert(); @@ -230,9 +230,9 @@ gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_openpgp_crt(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_openpgp_crt_t **crt_list, - unsigned *crt_list_size) + unsigned index, + gnutls_openpgp_crt_t **crt_list, + unsigned *crt_list_size) { int ret; unsigned i; diff --git a/lib/pcert.c b/lib/pcert.c index 6127f182d5..3fdce92017 100644 --- a/lib/pcert.c +++ b/lib/pcert.c @@ -107,8 +107,8 @@ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, * Since: 3.4.0 **/ int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert, - gnutls_x509_crt_t *crt, unsigned *ncrt, - unsigned int flags) + gnutls_x509_crt_t *crt, unsigned *ncrt, + unsigned int flags) { int ret; unsigned i; @@ -145,10 +145,10 @@ int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert, return 0; cleanup: - for (i=0;i<current;i++) { - gnutls_pcert_deinit(&pcert[i]); - } - return ret; + for (i=0;i<current;i++) { + gnutls_pcert_deinit(&pcert[i]); + } + return ret; } @@ -422,7 +422,7 @@ int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert, * Since: 3.4.0 */ int gnutls_pcert_export_x509(gnutls_pcert_st * pcert, - gnutls_x509_crt_t * crt) + gnutls_x509_crt_t * crt) { int ret; @@ -464,7 +464,7 @@ int gnutls_pcert_export_x509(gnutls_pcert_st * pcert, * Since: 3.4.0 */ int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert, - gnutls_openpgp_crt_t * crt) + gnutls_openpgp_crt_t * crt) { int ret; @@ -101,7 +101,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, ret = 0; cleanup: - gnutls_free(tmp); + gnutls_free(tmp); asn1_delete_structure(&sig); return ret; } @@ -321,8 +321,8 @@ void gnutls_pk_params_clear(gnutls_pk_params_st * p) */ int encode_ber_digest_info(const mac_entry_st * e, - const gnutls_datum_t * digest, - gnutls_datum_t * output) + const gnutls_datum_t * digest, + gnutls_datum_t * output) { ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; int result; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index b54f532a8f..e1ea59ce33 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -52,7 +52,7 @@ struct gnutls_pkcs11_provider_st { struct ck_function_list *module; unsigned active; unsigned trusted; /* in the sense of p11-kit trusted: - * it can be used for verification */ + * it can be used for verification */ struct ck_info info; }; @@ -511,8 +511,8 @@ gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t obj, ret = 0; cleanup: - pkcs11_close_session(&sinfo); - return ret; + pkcs11_close_session(&sinfo); + return ret; } /** @@ -1341,14 +1341,12 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input, } if (info != NULL) { - if (!p11_kit_uri_match_token_info - (info, &l_tinfo) - || !p11_kit_uri_match_module_info(info, - &providers + if (!p11_kit_uri_match_token_info(info, &l_tinfo) || + !p11_kit_uri_match_module_info(info, &providers [x].info)) { continue; - } - } + } + } rv = (module)->C_OpenSession(slots[z], ((flags & SESSION_WRITE) ? CKF_RW_SESSION : 0) @@ -1772,7 +1770,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; a[0].type = CKA_UNWRAP; a[0].value = &b; @@ -1780,7 +1778,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; a[0].type = CKA_PRIVATE; a[0].value = &b; @@ -1788,7 +1786,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; a[0].type = CKA_TRUSTED; a[0].value = &b; @@ -1796,7 +1794,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; a[0].type = CKA_SENSITIVE; a[0].value = &b; @@ -1804,7 +1802,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE; a[0].type = CKA_EXTRACTABLE; a[0].value = &b; @@ -1812,7 +1810,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE; a[0].type = CKA_NEVER_EXTRACTABLE; a[0].value = &b; @@ -1820,7 +1818,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE; a[0].type = CKA_CERTIFICATE_CATEGORY; a[0].value = &category; @@ -1828,7 +1826,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && category == 2) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA; a[0].type = CKA_ALWAYS_AUTHENTICATE; a[0].value = &b; @@ -1836,7 +1834,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH; /* now recover the object label/id */ a[0].type = CKA_LABEL; @@ -1902,8 +1900,8 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, ret = 0; cleanup: - gnutls_free(data.data); - return ret; + gnutls_free(data.data); + return ret; } static int @@ -2059,8 +2057,8 @@ gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj, const char *url, static int find_token_num_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, - struct ck_token_info *tinfo, - struct ck_info *lib_info, void *input) + struct ck_token_info *tinfo, + struct ck_info *lib_info, void *input) { struct find_token_num *find_data = input; @@ -2860,8 +2858,8 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, while (pkcs11_find_objects (sinfo->module, sinfo->pks, ctx, OBJECTS_A_TIME, &count) == CKR_OK && count > 0) { - unsigned j; - gnutls_datum_t id; + unsigned j; + gnutls_datum_t id; find_data->p_list = gnutls_realloc_fast(find_data->p_list, (find_data->current+count)*sizeof(find_data->p_list[0])); if (find_data->p_list == NULL) { @@ -2869,7 +2867,7 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, goto fail; } - for (j=0;j<count;j++) { + for (j=0;j<count;j++) { a[0].type = CKA_ID; a[0].value = certid_tmp; a[0].value_len = sizeof certid_tmp; @@ -2905,8 +2903,8 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, /* not found */ continue; } - } - } + } + } ret = gnutls_pkcs11_obj_init(&find_data->p_list @@ -2926,7 +2924,7 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, } find_data->current++; - } + } } pkcs11_find_objects_final(sinfo); diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 5acba77f58..bb9b286b1c 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -47,18 +47,18 @@ int retries = 0; \ int rret; \ ret = find_object (&key->sinfo, &key->pin, &key->ref, key->uinfo, \ - SESSION_LOGIN); \ + SESSION_LOGIN); \ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { \ if (_gnutls_token_func) \ { \ rret = pkcs11_call_token_func (key->uinfo, retries++); \ if (rret == 0) continue; \ - } \ + } \ return gnutls_assert_val(ret); \ } else if (ret < 0) { \ - return gnutls_assert_val(ret); \ - } \ - break; \ + return gnutls_assert_val(ret); \ + } \ + break; \ } while (1); struct gnutls_pkcs11_privkey_st { @@ -85,7 +85,7 @@ struct gnutls_pkcs11_privkey_st { **/ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key) { - FAIL_IF_LIB_ERROR; + FAIL_IF_LIB_ERROR; *key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st)); if (*key == NULL) { @@ -273,7 +273,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, if (key->reauth) { ret = pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0, 1); + key->uinfo, 0, 1); if (ret < 0) { gnutls_assert(); _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); @@ -480,8 +480,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, p11_kit_uri_free(pkey->uinfo); pkey->uinfo = NULL; } - gnutls_free(pkey->url); - pkey->url = NULL; + gnutls_free(pkey->url); + pkey->url = NULL; return ret; } @@ -531,7 +531,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, if (key->reauth) { ret = pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0, 1); + key->uinfo, 0, 1); if (ret < 0) { gnutls_assert(); _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); @@ -1081,7 +1081,7 @@ static int load_pubkey_obj(gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t pub) ret = gnutls_pubkey_import_x509(pub, crt, 0); cleanup: - gnutls_x509_crt_deinit(crt); + gnutls_x509_crt_deinit(crt); return ret; } @@ -1173,8 +1173,8 @@ _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, **/ int gnutls_pkcs11_privkey_export_pubkey(gnutls_pkcs11_privkey_t pkey, - gnutls_x509_crt_fmt_t fmt, - gnutls_datum_t * data, + gnutls_x509_crt_fmt_t fmt, + gnutls_datum_t * data, unsigned int flags) { int ret; diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 5732a8e373..79c1f93c9e 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -162,12 +162,12 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, id_size = sizeof(id); ret = gnutls_x509_crt_get_subject_key_id(crt, id, &id_size, NULL); if (ret < 0) { - id_size = sizeof(id); + id_size = sizeof(id); ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size); if (ret < 0) { gnutls_assert(); goto cleanup; - } + } } a[1].value = id; @@ -494,7 +494,7 @@ gnutls_pkcs11_copy_pubkey(const char *token_url, ret = 0; cleanup: - clean_pubkey(a, a_val); + clean_pubkey(a, a_val); pkcs11_close_session(&sinfo); return ret; @@ -980,8 +980,8 @@ struct delete_data_st { static int delete_obj_url_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, - struct ck_token_info *tinfo, - struct ck_info *lib_info, void *input) + struct ck_token_info *tinfo, + struct ck_info *lib_info, void *input) { struct delete_data_st *find_data = input; struct ck_attribute a[4]; diff --git a/lib/pkcs11x.c b/lib/pkcs11x.c index eb7b9a0595..b12918a47a 100644 --- a/lib/pkcs11x.c +++ b/lib/pkcs11x.c @@ -149,12 +149,12 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t ret = 0; cleanup: - if (crt != NULL) - gnutls_x509_crt_deinit(crt); + if (crt != NULL) + gnutls_x509_crt_deinit(crt); if (finalize != 0) pkcs11_find_objects_final(sinfo); - gnutls_free(ext_data); - return ret; + gnutls_free(ext_data); + return ret; } @@ -225,7 +225,7 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, ret = 0; cleanup: - pkcs11_find_objects_final(sinfo); + pkcs11_find_objects_final(sinfo); return ret; } @@ -292,8 +292,8 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, ret = 0; cleanup: - if (deinit_spki) - gnutls_free(spki.data); + if (deinit_spki) + gnutls_free(spki.data); return ret; } @@ -127,9 +127,9 @@ P_hash(gnutls_mac_algorithm_t algorithm, */ static int _gnutls_PRF_raw(gnutls_mac_algorithm_t mac, - const uint8_t * secret, unsigned int secret_size, - const char *label, int label_size, const uint8_t * seed, - int seed_size, int total_bytes, void *ret) + const uint8_t * secret, unsigned int secret_size, + const char *label, int label_size, const uint8_t * seed, + int seed_size, int total_bytes, void *ret) { int l_s, s_seed_size; const uint8_t *s1, *s2; @@ -155,7 +155,7 @@ _gnutls_PRF_raw(gnutls_mac_algorithm_t mac, if (mac != GNUTLS_MAC_UNKNOWN) { result = P_hash(mac, secret, secret_size, - s_seed, s_seed_size, + s_seed, s_seed_size, total_bytes, ret); if (result < 0) { gnutls_assert(); @@ -230,10 +230,10 @@ _gnutls_PRF(gnutls_session_t session, #ifdef ENABLE_FIPS140 int _gnutls_prf_raw(gnutls_mac_algorithm_t mac, - size_t master_size, const void *master, - size_t label_size, const char *label, - size_t seed_size, const char *seed, size_t outsize, - char *out); + size_t master_size, const void *master, + size_t label_size, const char *label, + size_t seed_size, const char *seed, size_t outsize, + char *out); /*- * _gnutls_prf_raw: @@ -254,10 +254,10 @@ _gnutls_prf_raw(gnutls_mac_algorithm_t mac, -*/ int _gnutls_prf_raw(gnutls_mac_algorithm_t mac, - size_t master_size, const void *master, - size_t label_size, const char *label, - size_t seed_size, const char *seed, size_t outsize, - char *out) + size_t master_size, const void *master, + size_t label_size, const char *label, + size_t seed_size, const char *seed, size_t outsize, + char *out) { return _gnutls_PRF_raw(mac, master, master_size, diff --git a/lib/privkey.c b/lib/privkey.c index 4782454d07..030d72cb0c 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -495,7 +495,7 @@ int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, uns */ int gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey, - gnutls_pkcs11_privkey_t *key) + gnutls_pkcs11_privkey_t *key) { int ret; @@ -756,7 +756,7 @@ gnutls_privkey_import_x509(gnutls_privkey_t pkey, */ int gnutls_privkey_export_x509(gnutls_privkey_t pkey, - gnutls_x509_privkey_t *key) + gnutls_x509_privkey_t *key) { int ret; @@ -1011,7 +1011,7 @@ int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey, */ int gnutls_privkey_export_openpgp(gnutls_privkey_t pkey, - gnutls_openpgp_privkey_t *key) + gnutls_openpgp_privkey_t *key) { int ret; @@ -1383,7 +1383,7 @@ gnutls_privkey_import_url(gnutls_privkey_t key, const char *url, ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); cleanup: - return ret; + return ret; } /** diff --git a/lib/record.c b/lib/record.c index 746e7c2b8b..69cd6c2871 100644 --- a/lib/record.c +++ b/lib/record.c @@ -626,8 +626,7 @@ get_packet_from_buffers(gnutls_session_t session, content_type_t type, if (_gnutls_record_buffer_get_size(session) > 0) { int ret; ret = - _gnutls_record_buffer_get_packet(type, session, - packet); + _gnutls_record_buffer_get_packet(type, session, packet); if (ret < 0) { if (IS_DTLS(session)) { if (ret == GNUTLS_E_UNEXPECTED_PACKET) { @@ -1404,7 +1403,7 @@ check_session_status(gnutls_session_t session) * prior to anything else. */ if (session->security_parameters.entity == GNUTLS_CLIENT && (session->internals.flags & GNUTLS_ENABLE_FALSE_START)) { - /* Attempt to complete handshake */ + /* Attempt to complete handshake */ session->internals.recv_state = RECV_STATE_FALSE_START_HANDLING; ret = gnutls_handshake(session); @@ -1558,7 +1557,7 @@ gnutls_record_discard_queued(gnutls_session_t session) **/ ssize_t gnutls_record_recv_packet(gnutls_session_t session, - gnutls_packet_t *packet) + gnutls_packet_t *packet) { int ret; @@ -1574,7 +1573,7 @@ gnutls_record_recv_packet(gnutls_session_t session, return ret; ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, - session->internals.record_timeout_ms); + session->internals.record_timeout_ms); if (ret < 0 && ret != GNUTLS_E_SESSION_EOF) return gnutls_assert_val(ret); diff --git a/lib/session_pack.c b/lib/session_pack.c index 5833eb0eaf..39f0737042 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -274,7 +274,7 @@ _gnutls_session_unpack(gnutls_session_t session, /* Format: * 1 byte the credentials type * 4 bytes the size of the whole structure - * DH stuff + * DH stuff * 2 bytes the size of secret key in bits * 4 bytes the size of the prime * x bytes the prime @@ -282,12 +282,12 @@ _gnutls_session_unpack(gnutls_session_t session, * x bytes the generator * 4 bytes the size of the public key * x bytes the public key - * RSA stuff + * RSA stuff * 4 bytes the size of the modulus * x bytes the modulus * 4 bytes the size of the exponent * x bytes the exponent - * CERTIFICATES + * CERTIFICATES * 4 bytes the length of the certificate list * 4 bytes the size of first certificate * x bytes the certificate @@ -712,8 +712,8 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) * * 4 bytes the new record padding flag * 4 bytes the ECC curve - * ------------------- - * MAX: 169 bytes + * ------------------- + * MAX: 169 bytes * */ static int @@ -475,7 +475,7 @@ char *_gnutls_bin2hex(const void *_old, size_t oldlen, * @hex_size: size of hex data * @bin_data: output array with binary data * @bin_size: when calling should hold maximum size of @bin_data, - * on return will hold actual length of @bin_data. + * on return will hold actual length of @bin_data. * * Convert a buffer with hex data to binary data. This function * unlike gnutls_hex_decode() can parse hex data with separators @@ -129,93 +129,93 @@ int _gnutls_hostname_compare(const char *certname, size_t certnamesize, #define MAX_DN 1024 #define BUFFER_APPEND(b, x, s) { \ - ret = _gnutls_buffer_append_data(b, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data(b, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } /* append data prefixed with 4-bytes length field*/ #define BUFFER_APPEND_PFX4(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_PFX3(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_PFX2(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_PFX1(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_NUM(b, s) { \ - ret = _gnutls_buffer_append_prefix(b, 32, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_prefix(b, 32, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_POP(b, x, s) { \ - size_t is = s; \ - _gnutls_buffer_pop_data(b, x, &is); \ - if (is != s) { \ - ret = GNUTLS_E_PARSING_ERROR; \ - gnutls_assert(); \ - goto error; \ - } \ + size_t is = s; \ + _gnutls_buffer_pop_data(b, x, &is); \ + if (is != s) { \ + ret = GNUTLS_E_PARSING_ERROR; \ + gnutls_assert(); \ + goto error; \ + } \ } #define BUFFER_POP_DATUM(b, o) { \ - gnutls_datum_t d; \ - ret = _gnutls_buffer_pop_datum_prefix(b, &d); \ - if (ret >= 0) \ - ret = _gnutls_set_datum (o, d.data, d.size); \ - if (ret < 0) { \ - gnutls_assert(); \ - goto error; \ - } \ + gnutls_datum_t d; \ + ret = _gnutls_buffer_pop_datum_prefix(b, &d); \ + if (ret >= 0) \ + ret = _gnutls_set_datum (o, d.data, d.size); \ + if (ret < 0) { \ + gnutls_assert(); \ + goto error; \ + } \ } #define BUFFER_POP_NUM(b, o) { \ - size_t s; \ - ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ - if (ret < 0) { \ - gnutls_assert(); \ - goto error; \ - } \ - o = s; \ + size_t s; \ + ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ + if (ret < 0) { \ + gnutls_assert(); \ + goto error; \ + } \ + o = s; \ } #define BUFFER_POP_CAST_NUM(b, o) { \ - size_t s; \ - ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ - if (ret < 0) { \ - gnutls_assert(); \ - goto error; \ - } \ - o = (void *) (intptr_t)(s); \ + size_t s; \ + ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ + if (ret < 0) { \ + gnutls_assert(); \ + goto error; \ + } \ + o = (void *) (intptr_t)(s); \ } #endif diff --git a/lib/supplemental.c b/lib/supplemental.c index 4e2df85abd..6ab5b42978 100644 --- a/lib/supplemental.c +++ b/lib/supplemental.c @@ -267,7 +267,7 @@ _gnutls_supplemental_register(gnutls_supplemental_entry *entry) **/ int gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_type_t type, - gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func) + gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func) { gnutls_supplemental_entry tmp_entry; int ret; diff --git a/lib/system-keys.h b/lib/system-keys.h index b5969c3b51..bc755e4c5b 100644 --- a/lib/system-keys.h +++ b/lib/system-keys.h @@ -32,7 +32,7 @@ _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url); int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, - const char *url); + const char *url); void _gnutls_system_key_deinit(void); int _gnutls_system_key_init(void); diff --git a/lib/system/inet_ntop.c b/lib/system/inet_ntop.c index 69920cd772..87760ebf11 100644 --- a/lib/system/inet_ntop.c +++ b/lib/system/inet_ntop.c @@ -79,7 +79,7 @@ static const char *inet_ntop6 (const unsigned char *src, char *dst, unsigned siz */ const char * inet_ntop (int af, const void *restrict src, - char *restrict dst, unsigned cnt) + char *restrict dst, unsigned cnt) { switch (af) { @@ -171,26 +171,26 @@ inet_ntop6 (const unsigned char *src, char *dst, unsigned size) for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) { if (words[i] == 0) - { - if (cur.base == -1) - cur.base = i, cur.len = 1; - else - cur.len++; - } + { + if (cur.base == -1) + cur.base = i, cur.len = 1; + else + cur.len++; + } else - { - if (cur.base != -1) - { - if (best.base == -1 || cur.len > best.len) - best = cur; - cur.base = -1; - } - } + { + if (cur.base != -1) + { + if (best.base == -1 || cur.len > best.len) + best = cur; + cur.base = -1; + } + } } if (cur.base != -1) { if (best.base == -1 || cur.len > best.len) - best = cur; + best = cur; } if (best.base != -1 && best.len < 2) best.base = -1; @@ -203,28 +203,28 @@ inet_ntop6 (const unsigned char *src, char *dst, unsigned size) { /* Are we inside the best run of 0x00's? */ if (best.base != -1 && i >= best.base && i < (best.base + best.len)) - { - if (i == best.base) - *tp++ = ':'; - continue; - } + { + if (i == best.base) + *tp++ = ':'; + continue; + } /* Are we following an initial run of 0x00s or any real hex? */ if (i != 0) - *tp++ = ':'; + *tp++ = ':'; /* Is this address an encapsulated IPv4? */ if (i == 6 && best.base == 0 && - (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) - { - if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp))) - return (NULL); - tp += strlen (tp); - break; - } + (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) + { + if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp))) + return (NULL); + tp += strlen (tp); + break; + } { - int len = sprintf (tp, "%x", words[i]); - if (len < 0) - return NULL; - tp += len; + int len = sprintf (tp, "%x", words[i]); + if (len < 0) + return NULL; + tp += len; } } /* Was it a trailing run of 0x00's? */ diff --git a/lib/system/keys-dummy.c b/lib/system/keys-dummy.c index 269af8038c..31acb4eccf 100644 --- a/lib/system/keys-dummy.c +++ b/lib/system/keys-dummy.c @@ -35,12 +35,12 @@ void gnutls_system_key_iter_deinit(gnutls_system_key_iter_t iter) int gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter, - unsigned cert_type, - char **cert_url, - char **key_url, - char **label, - gnutls_datum_t *der, - unsigned int flags) + unsigned cert_type, + char **cert_url, + char **key_url, + char **label, + gnutls_datum_t *der, + unsigned int flags) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } @@ -58,7 +58,7 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, - const char *url) + const char *url) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c index 1f5ffad4a2..0df8540aa5 100644 --- a/lib/system/keys-win.c +++ b/lib/system/keys-win.c @@ -26,7 +26,6 @@ #define _WIN32_WINNT 0x600 #endif - #include "gnutls_int.h" #include "errors.h" #include <gnutls/gnutls.h> @@ -39,7 +38,7 @@ #include <urls.h> #if !defined(_WIN32) -# error should not be included +#error should not be included #endif #include <wincrypt.h> @@ -51,22 +50,22 @@ // MinGW headers may not have these defines #ifndef NCRYPT_SHA1_ALGORITHM -#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM +#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM #endif #ifndef NCRYPT_SHA256_ALGORITHM -#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM +#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM #endif #ifndef NCRYPT_SHA384_ALGORITHM -#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM +#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM #endif #ifndef NCRYPT_SHA512_ALGORITHM -#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM +#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM #endif #ifndef NCRYPT_PAD_PKCS1_FLAG #define NCRYPT_PAD_PKCS1_FLAG 2 #endif #ifndef NCRYPT_ALGORITHM_PROPERTY -#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name" +#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name" #endif #ifndef CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID #define CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID 99 @@ -83,49 +82,62 @@ struct system_key_iter_st { }; typedef struct priv_st { - DWORD dwKeySpec; /* CAPI key */ - HCRYPTPROV hCryptProv; /* CAPI keystore*/ - NCRYPT_KEY_HANDLE nc; /* CNG Keystore*/ + DWORD dwKeySpec; /* CAPI key */ + HCRYPTPROV hCryptProv; /* CAPI keystore */ + NCRYPT_KEY_HANDLE nc; /* CNG Keystore */ gnutls_pk_algorithm_t pk; gnutls_sign_algorithm_t sign_algo; } priv_st; - -typedef SECURITY_STATUS (WINAPI *NCryptDeleteKeyFunc)( - NCRYPT_KEY_HANDLE hKey,DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptOpenStorageProviderFunc)( - NCRYPT_PROV_HANDLE *phProvider, LPCWSTR pszProviderName, - DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptOpenKeyFunc)( - NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey, - LPCWSTR pszKeyName, DWORD dwLegacyKeySpec, - DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptGetPropertyFunc)( - NCRYPT_HANDLE hObject, LPCWSTR pszProperty, - PBYTE pbOutput, DWORD cbOutput, - DWORD *pcbResult, DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptFreeObjectFunc)( - NCRYPT_HANDLE hObject); - -typedef SECURITY_STATUS (WINAPI *NCryptDecryptFunc)( - NCRYPT_KEY_HANDLE hKey, PBYTE pbInput, - DWORD cbInput, VOID *pPaddingInfo, - PBYTE pbOutput, DWORD cbOutput, - DWORD *pcbResult, DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptSignHashFunc)( - NCRYPT_KEY_HANDLE hKey, VOID* pPaddingInfo, - PBYTE pbHashValue, DWORD cbHashValue, - PBYTE pbSignature, DWORD cbSignature, - DWORD* pcbResult, DWORD dwFlags); - -static int StrCmpW(const WCHAR *str1, const WCHAR *str2 ) +typedef SECURITY_STATUS(WINAPI * NCryptDeleteKeyFunc) (NCRYPT_KEY_HANDLE hKey, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * + NCryptOpenStorageProviderFunc) (NCRYPT_PROV_HANDLE * + phProvider, + LPCWSTR pszProviderName, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * + NCryptOpenKeyFunc) (NCRYPT_PROV_HANDLE hProvider, + NCRYPT_KEY_HANDLE * phKey, + LPCWSTR pszKeyName, + DWORD dwLegacyKeySpec, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * NCryptGetPropertyFunc) (NCRYPT_HANDLE hObject, + LPCWSTR pszProperty, + PBYTE pbOutput, + DWORD cbOutput, + DWORD * pcbResult, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * NCryptFreeObjectFunc) (NCRYPT_HANDLE hObject); + +typedef SECURITY_STATUS(WINAPI * NCryptDecryptFunc) (NCRYPT_KEY_HANDLE hKey, + PBYTE pbInput, + DWORD cbInput, + VOID * pPaddingInfo, + PBYTE pbOutput, + DWORD cbOutput, + DWORD * pcbResult, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * NCryptSignHashFunc) (NCRYPT_KEY_HANDLE hKey, + VOID * pPaddingInfo, + PBYTE pbHashValue, + DWORD cbHashValue, + PBYTE pbSignature, + DWORD cbSignature, + DWORD * pcbResult, + DWORD dwFlags); + +static int StrCmpW(const WCHAR * str1, const WCHAR * str2) { - while (*str1 && (*str1 == *str2)) { str1++; str2++; } + while (*str1 && (*str1 == *str2)) { + str1++; + str2++; + } return *str1 - *str2; } @@ -154,7 +166,7 @@ static HMODULE ncrypt_lib; #define WIN_URL_SIZE 11 static int -get_id(const char *url, uint8_t *bin, size_t *bin_size, unsigned cert) +get_id(const char *url, uint8_t * bin, size_t * bin_size, unsigned cert) { int ret; unsigned url_size = strlen(url); @@ -162,10 +174,12 @@ get_id(const char *url, uint8_t *bin, size_t *bin_size, unsigned cert) gnutls_datum_t tmp; if (cert != 0) { - if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) + if (url_size < sizeof(WIN_URL) + || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } else { - if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) + if (url_size < sizeof(WIN_URL) + || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } @@ -198,7 +212,7 @@ void *memrev(unsigned char *pvData, DWORD cbData) char t; DWORD i; - for (i = 0; i < cbData / 2; i++){ + for (i = 0; i < cbData / 2; i++) { t = pvData[i]; pvData[i] = pvData[cbData - 1 - i]; pvData[cbData - 1 - i] = t; @@ -208,17 +222,16 @@ void *memrev(unsigned char *pvData, DWORD cbData) static int capi_sign(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *raw_data, - gnutls_datum_t *signature) + const gnutls_datum_t * raw_data, gnutls_datum_t * signature) { - priv_st *priv = (priv_st*)userdata; - ALG_ID Algid; + priv_st *priv = (priv_st *) userdata; + ALG_ID Algid; HCRYPTHASH hHash = NULL; uint8_t digest[MAX_HASH_SIZE]; unsigned int digest_size; gnutls_digest_algorithm_t algo; DWORD size1 = 0, sizesize = sizeof(DWORD); - DWORD ret_sig = 0; + DWORD ret_sig = 0; int ret; signature->data = NULL; @@ -226,51 +239,78 @@ int capi_sign(gnutls_privkey_t key, void *userdata, digest_size = raw_data->size; - switch (digest_size) { - case 16: Algid = CALG_MD5; break; - //case 35: size=20; // DigestInfo SHA1 - case 20: Algid = CALG_SHA1; break; - //case 51: size=32; // DigestInto SHA-256 - case 32: Algid = CALG_SHA_256; break; - case 36: Algid = CALG_SSL3_SHAMD5; break; - case 48: Algid = CALG_SHA_384; break; - case 64: Algid = CALG_SHA_512; break; - default: - digest_size = sizeof(digest); - ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size); - if (ret < 0) - return gnutls_assert_val(ret); + switch (digest_size) { + case 16: + Algid = CALG_MD5; + break; + //case 35: size=20; // DigestInfo SHA1 + case 20: + Algid = CALG_SHA1; + break; + //case 51: size=32; // DigestInto SHA-256 + case 32: + Algid = CALG_SHA_256; + break; + case 36: + Algid = CALG_SSL3_SHAMD5; + break; + case 48: + Algid = CALG_SHA_384; + break; + case 64: + Algid = CALG_SHA_512; + break; + default: + digest_size = sizeof(digest); + ret = + decode_ber_digest_info(raw_data, &algo, digest, + &digest_size); + if (ret < 0) + return gnutls_assert_val(ret); - switch (algo) { - case GNUTLS_DIG_SHA1: Algid = CALG_SHA1; break; + switch (algo) { + case GNUTLS_DIG_SHA1: + Algid = CALG_SHA1; + break; #ifdef NCRYPT_SHA224_ALGORITHM - case GNUTLS_DIG_SHA224: Algid = CALG_SHA_224; break; + case GNUTLS_DIG_SHA224: + Algid = CALG_SHA_224; + break; #endif - case GNUTLS_DIG_SHA256: Algid = CALG_SHA_256; break; - case GNUTLS_DIG_SHA384: Algid = CALG_SHA_384; break; - case GNUTLS_DIG_SHA512: Algid = CALG_SHA_512; break; - default: - return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); - } + case GNUTLS_DIG_SHA256: + Algid = CALG_SHA_256; + break; + case GNUTLS_DIG_SHA384: + Algid = CALG_SHA_384; + break; + case GNUTLS_DIG_SHA512: + Algid = CALG_SHA_512; + break; + default: + return + gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); + } } if (!CryptCreateHash(priv->hCryptProv, Algid, 0, 0, &hHash)) { gnutls_assert(); - _gnutls_debug_log("error in create hash: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in create hash: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } if (!CryptSetHashParam(hHash, HP_HASHVAL, digest, 0)) { gnutls_assert(); - _gnutls_debug_log("error in set hash val: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in set hash val: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } - - if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&size1, &sizesize, 0) || - digest_size != size1) { + if (!CryptGetHashParam + (hHash, HP_HASHSIZE, (BYTE *) & size1, &sizesize, 0) + || digest_size != size1) { gnutls_assert(); _gnutls_debug_log("error in hash size: %d\n", (int)size1); ret = GNUTLS_E_PK_SIGN_FAILED; @@ -279,20 +319,23 @@ int capi_sign(gnutls_privkey_t key, void *userdata, if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, NULL, &ret_sig)) { gnutls_assert(); - _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in pre-signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } signature->size = ret_sig; - signature->data = (unsigned char*)gnutls_malloc(signature->size); + signature->data = (unsigned char *)gnutls_malloc(signature->size); if (signature->data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) { + if (!CryptSignHash + (hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) { gnutls_assert(); - _gnutls_debug_log("error in signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } @@ -303,7 +346,7 @@ int capi_sign(gnutls_privkey_t key, void *userdata, signature->size = ret_sig; return 0; -fail: + fail: if (hHash != 0) CryptDestroyHash(hHash); gnutls_free(signature->data); @@ -312,10 +355,9 @@ fail: static int capi_decrypt(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *ciphertext, - gnutls_datum_t *plaintext) + const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext) { - priv_st *priv = (priv_st*)userdata; + priv_st *priv = (priv_st *) userdata; DWORD size = 0; int ret; @@ -327,22 +369,23 @@ int capi_decrypt(gnutls_privkey_t key, void *userdata, } plaintext->size = size = ciphertext->size; - plaintext->data = (unsigned char*)gnutls_malloc(plaintext->size); + plaintext->data = (unsigned char *)gnutls_malloc(plaintext->size); if (plaintext->data == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } memcpy(plaintext->data, ciphertext->data, size); - if (0 == CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data, &size)) - { + if (0 == + CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data, + &size)) { gnutls_assert(); ret = GNUTLS_E_PK_DECRYPTION_FAILED; goto fail; } return 0; -fail: + fail: gnutls_free(plaintext->data); return ret; } @@ -350,14 +393,14 @@ fail: static void capi_deinit(gnutls_privkey_t key, void *userdata) { - priv_st *priv = (priv_st*)userdata; + priv_st *priv = (priv_st *) userdata; CryptReleaseContext(priv->hCryptProv, 0); gnutls_free(priv); } static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata) { - priv_st *priv = (priv_st*)userdata; + priv_st *priv = (priv_st *) userdata; if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO) return priv->pk; @@ -368,8 +411,7 @@ static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata) static int cng_sign(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *raw_data, - gnutls_datum_t *signature) + const gnutls_datum_t * raw_data, gnutls_datum_t * signature) { priv_st *priv = userdata; BCRYPT_PKCS1_PADDING_INFO _info; @@ -377,7 +419,7 @@ int cng_sign(gnutls_privkey_t key, void *userdata, DWORD ret_sig = 0; int ret; DWORD flags = 0; - gnutls_datum_t data = {raw_data->data, raw_data->size}; + gnutls_datum_t data = { raw_data->data, raw_data->size }; uint8_t digest[MAX_HASH_SIZE]; unsigned int digest_size; gnutls_digest_algorithm_t algo; @@ -391,34 +433,38 @@ int cng_sign(gnutls_privkey_t key, void *userdata, flags = BCRYPT_PAD_PKCS1; info = &_info; - if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */ + if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */ _info.pszAlgId = NULL; } else { digest_size = sizeof(digest); - ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size); + ret = + decode_ber_digest_info(raw_data, &algo, digest, + &digest_size); if (ret < 0) return gnutls_assert_val(ret); - switch(algo) { - case GNUTLS_DIG_SHA1: - _info.pszAlgId = NCRYPT_SHA1_ALGORITHM; - break; + switch (algo) { + case GNUTLS_DIG_SHA1: + _info.pszAlgId = NCRYPT_SHA1_ALGORITHM; + break; #ifdef NCRYPT_SHA224_ALGORITHM - case GNUTLS_DIG_SHA224: - _info.pszAlgId = NCRYPT_SHA224_ALGORITHM; - break; + case GNUTLS_DIG_SHA224: + _info.pszAlgId = NCRYPT_SHA224_ALGORITHM; + break; #endif - case GNUTLS_DIG_SHA256: - _info.pszAlgId = NCRYPT_SHA256_ALGORITHM; - break; - case GNUTLS_DIG_SHA384: - _info.pszAlgId = NCRYPT_SHA384_ALGORITHM; - break; - case GNUTLS_DIG_SHA512: - _info.pszAlgId = NCRYPT_SHA512_ALGORITHM; - break; - default: - return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); + case GNUTLS_DIG_SHA256: + _info.pszAlgId = NCRYPT_SHA256_ALGORITHM; + break; + case GNUTLS_DIG_SHA384: + _info.pszAlgId = NCRYPT_SHA384_ALGORITHM; + break; + case GNUTLS_DIG_SHA512: + _info.pszAlgId = NCRYPT_SHA512_ALGORITHM; + break; + default: + return + gnutls_assert_val + (GNUTLS_E_UNKNOWN_HASH_ALGORITHM); } data.data = digest; data.size = digest_size; @@ -429,7 +475,8 @@ int cng_sign(gnutls_privkey_t key, void *userdata, NULL, 0, &ret_sig, flags); if (FAILED(r)) { gnutls_assert(); - _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in pre-signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } @@ -440,11 +487,11 @@ int cng_sign(gnutls_privkey_t key, void *userdata, return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); r = pNCryptSignHash(priv->nc, info, data.data, data.size, - signature->data, signature->size, - &ret_sig, flags); + signature->data, signature->size, &ret_sig, flags); if (FAILED(r)) { gnutls_assert(); - _gnutls_debug_log("error in signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } @@ -459,8 +506,7 @@ int cng_sign(gnutls_privkey_t key, void *userdata, static int cng_decrypt(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *ciphertext, - gnutls_datum_t *plaintext) + const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext) { priv_st *priv = userdata; SECURITY_STATUS r; @@ -475,7 +521,7 @@ int cng_decrypt(gnutls_privkey_t key, void *userdata, } r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size, - NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG); + NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG); if (FAILED(r)) { gnutls_assert(); return GNUTLS_E_PK_DECRYPTION_FAILED; @@ -489,8 +535,8 @@ int cng_decrypt(gnutls_privkey_t key, void *userdata, } r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size, - NULL, plaintext->data, plaintext->size, - &ret_dec, NCRYPT_PAD_PKCS1_FLAG); + NULL, plaintext->data, plaintext->size, + &ret_dec, NCRYPT_PAD_PKCS1_FLAG); if (FAILED(r)) { gnutls_assert(); ret = GNUTLS_E_PK_DECRYPTION_FAILED; @@ -537,9 +583,7 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata) * Since: 3.4.0 * -*/ -int -_gnutls_privkey_import_system_url(gnutls_privkey_t pkey, - const char *url) +int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) { uint8_t id[MAX_WID_SIZE]; HCERTSTORE store = NULL; @@ -556,8 +600,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, WCHAR algo_str[64]; DWORD algo_str_size = 0; priv_st *priv; - DWORD i,dwErrCode = 0; - + DWORD i, dwErrCode = 0; if (ncrypt_init == 0) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -585,17 +628,16 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, } cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_KEY_IDENTIFIER, - &blob, - NULL); + X509_ASN_ENCODING, + 0, + CERT_FIND_KEY_IDENTIFIER, + &blob, NULL); if (cert == NULL) { char buf[64]; _gnutls_debug_log("cannot find ID: %s from %s\n", - _gnutls_bin2hex(id, id_size, - buf, sizeof(buf), NULL), url); + _gnutls_bin2hex(id, id_size, + buf, sizeof(buf), NULL), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -605,7 +647,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, NULL, &kpi_size); if (r == 0) { _gnutls_debug_log("error in getting context: %d from %s\n", - (int)GetLastError(), url); + (int)GetLastError(), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -621,26 +663,29 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, kpi, &kpi_size); if (r == 0) { _gnutls_debug_log("error in getting context: %d from %s\n", - (int)GetLastError(), url); + (int)GetLastError(), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0); - if (!FAILED(r)) /* if this works carry on with CNG*/ - { + if (!FAILED(r)) { /* if this works carry on with CNG */ r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0); if (FAILED(r)) { - ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY, - (BYTE*)algo_str, sizeof(algo_str), - &algo_str_size, 0); + (BYTE *) algo_str, sizeof(algo_str), + &algo_str_size, 0); if (FAILED(r)) { - ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -661,36 +706,39 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, priv->pk = GNUTLS_PK_EC; priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512; } else { - _gnutls_debug_log("unknown key algorithm: %ls\n", algo_str); + _gnutls_debug_log("unknown key algorithm: %ls\n", + algo_str); ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); goto cleanup; } priv->nc = nc; ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign, - (enc_too!=0)?cng_decrypt:NULL, - cng_deinit, - cng_info, 0); + (enc_too != + 0) ? cng_decrypt : NULL, + cng_deinit, cng_info, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { - /* this should be CAPI*/ - _gnutls_debug_log("error in opening CNG keystore: %x from %ls\n", - (int) r, kpi->pwszProvName); + /* this should be CAPI */ + _gnutls_debug_log + ("error in opening CNG keystore: %x from %ls\n", (int)r, + kpi->pwszProvName); if (CryptAcquireContextW(&hCryptProv, - kpi->pwszContainerName, - kpi->pwszProvName, - kpi->dwProvType, - kpi->dwFlags)) { + kpi->pwszContainerName, + kpi->pwszProvName, + kpi->dwProvType, kpi->dwFlags)) { for (i = 0; i < kpi->cProvParam; i++) if (!CryptSetProvParam(hCryptProv, - kpi->rgProvParam[i].dwParam, - kpi->rgProvParam[i].pbData, - kpi->rgProvParam[i].dwFlags)) - { + kpi->rgProvParam[i]. + dwParam, + kpi->rgProvParam[i]. + pbData, + kpi->rgProvParam[i]. + dwFlags)) { dwErrCode = GetLastError(); break; }; @@ -699,45 +747,59 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, } if (ERROR_SUCCESS != dwErrCode) { - _gnutls_debug_log("error in getting cryptprov: %d from %s\n", - (int)GetLastError(), url); - ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + _gnutls_debug_log + ("error in getting cryptprov: %d from %s\n", + (int)GetLastError(), url); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } { BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2]; - PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *)buf; + PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf; DWORD len = sizeof(buf); - if (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_FIRST)) { + if (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_FIRST)) { DWORD hash = 0; do { switch (pAlgo->aiAlgid) { - case CALG_RSA_SIGN: - priv->pk = GNUTLS_PK_RSA; - enc_too = 1; - break; - case CALG_DSS_SIGN: - priv->pk = priv->pk == GNUTLS_PK_RSA ? GNUTLS_PK_RSA : GNUTLS_PK_DSA; - break; - case CALG_SHA1: - hash = 1; - break; - case CALG_SHA_256: - hash = 256; - break; - default: - break; + case CALG_RSA_SIGN: + priv->pk = GNUTLS_PK_RSA; + enc_too = 1; + break; + case CALG_DSS_SIGN: + priv->pk = + priv->pk == + GNUTLS_PK_RSA ? + GNUTLS_PK_RSA : + GNUTLS_PK_DSA; + break; + case CALG_SHA1: + hash = 1; + break; + case CALG_SHA_256: + hash = 256; + break; + default: + break; } - len = sizeof(buf); // reset the buffer size - } while (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_NEXT)); + len = sizeof(buf); // reset the buffer size + } while (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_NEXT)); if (priv->pk == GNUTLS_PK_DSA) priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; else - priv->sign_algo = (hash > 1) ? GNUTLS_SIGN_RSA_SHA256 : GNUTLS_SIGN_RSA_SHA1; + priv->sign_algo = + (hash > + 1) ? GNUTLS_SIGN_RSA_SHA256 : + GNUTLS_SIGN_RSA_SHA1; } } @@ -745,9 +807,9 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, priv->dwKeySpec = kpi->dwKeySpec; ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign, - (enc_too != 0) ? capi_decrypt : NULL, - capi_deinit, - capi_info, 0); + (enc_too != + 0) ? capi_decrypt : NULL, + capi_deinit, capi_info, 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -774,8 +836,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, return ret; } -int -_gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) +int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) { uint8_t id[MAX_WID_SIZE]; HCERTSTORE store = NULL; @@ -804,18 +865,16 @@ _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) } cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_KEY_IDENTIFIER, - &blob, - NULL); + X509_ASN_ENCODING, + 0, + CERT_FIND_KEY_IDENTIFIER, + &blob, NULL); if (cert == NULL) { char buf[64]; _gnutls_debug_log("cannot find ID: %s from %s\n", - _gnutls_bin2hex(id, id_size, - buf, sizeof(buf), NULL), - url); + _gnutls_bin2hex(id, id_size, + buf, sizeof(buf), NULL), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -856,15 +915,15 @@ void gnutls_system_key_iter_deinit(gnutls_system_key_iter_t iter) } static -int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, - char **label, gnutls_datum_t *der) +int get_win_urls(const CERT_CONTEXT * cert, char **cert_url, char **key_url, + char **label, gnutls_datum_t * der) { BOOL r; int ret; DWORD tl_size; - gnutls_datum_t tmp_label = {NULL, 0}; - char name[MAX_CN*2]; - char hex[MAX_WID_SIZE*2+1]; + gnutls_datum_t tmp_label = { NULL, 0 }; + char name[MAX_CN * 2]; + char hex[MAX_WID_SIZE * 2 + 1]; gnutls_buffer_st str; #ifdef WORDS_BIGENDIAN const unsigned bigendian = 1; @@ -892,18 +951,18 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, if (cert_url) *cert_url = NULL; - tl_size = sizeof(name); r = CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, name, &tl_size); - if (r != 0) { /* optional */ - ret = _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian); + if (r != 0) { /* optional */ + ret = + _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian); if (ret < 0) { gnutls_assert(); goto fail; } if (label) - *label = (char*)tmp_label.data; + *label = (char *)tmp_label.data; } tl_size = sizeof(name); @@ -920,7 +979,8 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, goto fail; } - ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=cert", hex); + ret = + _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=cert", hex); if (ret < 0) { gnutls_assert(); goto fail; @@ -933,7 +993,9 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, goto fail; } - ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " "); + ret = + _gnutls_buffer_append_escape(&str, tmp_label.data, + tmp_label.size, " "); if (ret < 0) { gnutls_assert(); goto fail; @@ -947,10 +1009,12 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, } if (cert_url) - *cert_url = (char*)str.data; + *cert_url = (char *)str.data; _gnutls_buffer_init(&str); - ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=privkey", hex); + ret = + _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=privkey", + hex); if (ret < 0) { gnutls_assert(); goto fail; @@ -963,7 +1027,9 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, goto fail; } - ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " "); + ret = + _gnutls_buffer_append_escape(&str, tmp_label.data, + tmp_label.size, " "); if (ret < 0) { gnutls_assert(); goto fail; @@ -977,24 +1043,24 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, } if (key_url) - *key_url = (char*)str.data; + *key_url = (char *)str.data; _gnutls_buffer_init(&str); ret = 0; goto cleanup; fail: - if (der) - gnutls_free(der->data); - if (cert_url) - gnutls_free(*cert_url); - if (key_url) - gnutls_free(*key_url); - if (label) - gnutls_free(*label); + if (der) + gnutls_free(der->data); + if (cert_url) + gnutls_free(*cert_url); + if (key_url) + gnutls_free(*key_url); + if (label) + gnutls_free(*label); cleanup: - _gnutls_buffer_clear(&str); - return ret; + _gnutls_buffer_clear(&str); + return ret; } /** @@ -1022,13 +1088,12 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, * Since: 3.4.0 **/ int -gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter, - unsigned cert_type, - char **cert_url, - char **key_url, - char **label, - gnutls_datum_t *der, - unsigned int flags) +gnutls_system_key_iter_get_info(gnutls_system_key_iter_t * iter, + unsigned cert_type, + char **cert_url, + char **key_url, + char **label, + gnutls_datum_t * der, unsigned int flags) { if (ncrypt_init == 0) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -1044,18 +1109,26 @@ gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter, if ((*iter)->store == NULL) { gnutls_free(*iter); *iter = NULL; - return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); } - (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, NULL); + (*iter)->cert = + CertEnumCertificatesInStore((*iter)->store, NULL); - return get_win_urls((*iter)->cert, cert_url, key_url, label, der); + return get_win_urls((*iter)->cert, cert_url, key_url, label, + der); } else { if ((*iter)->cert == NULL) - return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, (*iter)->cert); - return get_win_urls((*iter)->cert, cert_url, key_url, label, der); + (*iter)->cert = + CertEnumCertificatesInStore((*iter)->store, (*iter)->cert); + return get_win_urls((*iter)->cert, cert_url, key_url, label, + der); } } @@ -1109,16 +1182,17 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url) if (store != NULL) { do { cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_KEY_IDENTIFIER, - &blob, - cert); + X509_ASN_ENCODING, + 0, + CERT_FIND_KEY_IDENTIFIER, + &blob, cert); if (cert && key_url) { nc_size = sizeof(nc); - r = CertGetCertificateContextProperty(cert, CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID, - &nc, &nc_size); + r = CertGetCertificateContextProperty(cert, + CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID, + &nc, + &nc_size); if (r != 0) { pNCryptDeleteKey(nc, 0); pNCryptFreeObject(nc); @@ -1129,7 +1203,7 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url) if (cert && cert_url) CertDeleteCertificateFromStore(cert); - } while(cert != NULL); + } while (cert != NULL); CertCloseStore(store, 0); } @@ -1152,12 +1226,13 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url) * * Since: 3.4.0 **/ -int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t privkey, - const char *label, char **cert_url, char **key_url) +int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, + gnutls_x509_privkey_t privkey, const char *label, + char **cert_url, char **key_url) { HCERTSTORE store = NULL; CRYPT_DATA_BLOB pfx; - gnutls_datum_t _pfx = {NULL, 0}; + gnutls_datum_t _pfx = { NULL, 0 }; gnutls_pkcs12_t p12 = NULL; gnutls_pkcs12_bag_t bag1 = NULL, bag2 = NULL; uint8_t id[MAX_WID_SIZE]; @@ -1273,7 +1348,9 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv goto cleanup; } - ret = gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size, sha); + ret = + gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size, + sha); gnutls_free(data.data); if (ret < 0) { gnutls_assert(); @@ -1284,11 +1361,10 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv blob.pbData = sha; cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_SHA1_HASH, - &blob, - NULL); + X509_ASN_ENCODING, + 0, + CERT_FIND_SHA1_HASH, + &blob, NULL); if (cert == NULL) { gnutls_assert(); @@ -1306,13 +1382,13 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv ret = 0; cleanup: - if (p12 != NULL) - gnutls_pkcs12_deinit(p12); - if (bag1 != NULL) - gnutls_pkcs12_bag_deinit(bag1); - if (bag2 != NULL) - gnutls_pkcs12_bag_deinit(bag2); - if (store != NULL) + if (p12 != NULL) + gnutls_pkcs12_deinit(p12); + if (bag1 != NULL) + gnutls_pkcs12_bag_deinit(bag1); + if (bag2 != NULL) + gnutls_pkcs12_bag_deinit(bag2); + if (store != NULL) CertCloseStore(store, 0); gnutls_free(_pfx.data); return ret; @@ -1328,43 +1404,53 @@ int _gnutls_system_key_init(void) return gnutls_assert_val(GNUTLS_E_CRYPTO_INIT_FAILED); } - pNCryptDeleteKey = (NCryptDeleteKeyFunc)GetProcAddress(ncrypt_lib, "NCryptDeleteKey"); + pNCryptDeleteKey = + (NCryptDeleteKeyFunc) GetProcAddress(ncrypt_lib, "NCryptDeleteKey"); if (pNCryptDeleteKey == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptOpenStorageProvider = (NCryptOpenStorageProviderFunc)GetProcAddress(ncrypt_lib, "NCryptOpenStorageProvider"); + pNCryptOpenStorageProvider = + (NCryptOpenStorageProviderFunc) GetProcAddress(ncrypt_lib, + "NCryptOpenStorageProvider"); if (pNCryptOpenStorageProvider == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptOpenKey = (NCryptOpenKeyFunc)GetProcAddress(ncrypt_lib, "NCryptOpenKey"); + pNCryptOpenKey = + (NCryptOpenKeyFunc) GetProcAddress(ncrypt_lib, "NCryptOpenKey"); if (pNCryptOpenKey == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptGetProperty = (NCryptGetPropertyFunc)GetProcAddress(ncrypt_lib, "NCryptGetProperty"); + pNCryptGetProperty = + (NCryptGetPropertyFunc) GetProcAddress(ncrypt_lib, + "NCryptGetProperty"); if (pNCryptGetProperty == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptFreeObject = (NCryptFreeObjectFunc)GetProcAddress(ncrypt_lib, "NCryptFreeObject"); + pNCryptFreeObject = + (NCryptFreeObjectFunc) GetProcAddress(ncrypt_lib, + "NCryptFreeObject"); if (pNCryptFreeObject == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptDecrypt = (NCryptDecryptFunc)GetProcAddress(ncrypt_lib, "NCryptDecrypt"); + pNCryptDecrypt = + (NCryptDecryptFunc) GetProcAddress(ncrypt_lib, "NCryptDecrypt"); if (pNCryptDecrypt == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptSignHash = (NCryptSignHashFunc)GetProcAddress(ncrypt_lib, "NCryptSignHash"); + pNCryptSignHash = + (NCryptSignHashFunc) GetProcAddress(ncrypt_lib, "NCryptSignHash"); if (pNCryptSignHash == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index b81d255183..788ca9ac80 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -211,7 +211,7 @@ static int parse_commitment_line(char *line, /* hash and hex encode */ ret = _gnutls_hash_fast((gnutls_digest_algorithm_t)hash_algo->id, - skey->data, skey->size, phash); + skey->data, skey->size, phash); if (ret < 0) return gnutls_assert_val(ret); @@ -728,8 +728,8 @@ int gnutls_tdb_init(gnutls_tdb_t * tdb) * trust storage structure. The function is of the following form. * * int gnutls_tdb_store_func(const char* db_name, const char* host, - * const char* service, time_t expiration, - * const gnutls_datum_t* pubkey); + * const char* service, time_t expiration, + * const gnutls_datum_t* pubkey); * * The @db_name should be used to pass any private data to this function. * @@ -749,8 +749,8 @@ void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, * trust storage structure. The function is of the following form. * * int gnutls_tdb_store_commitment_func(const char* db_name, const char* host, - * const char* service, time_t expiration, - * gnutls_digest_algorithm_t, const gnutls_datum_t* hash); + * const char* service, time_t expiration, + * gnutls_digest_algorithm_t, const gnutls_datum_t* hash); * * The @db_name should be used to pass any private data to this function. * @@ -771,7 +771,7 @@ void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb, * trust storage structure. The function is of the following form. * * int gnutls_tdb_verify_func(const char* db_name, const char* host, - * const char* service, const gnutls_datum_t* pubkey); + * const char* service, const gnutls_datum_t* pubkey); * * The verify function should return zero on a match, %GNUTLS_E_CERTIFICATE_KEY_MISMATCH * if there is a mismatch and any other negative error code otherwise. diff --git a/lib/x509.c b/lib/x509.c index e6d58de15b..07508258de 100644 --- a/lib/x509.c +++ b/lib/x509.c @@ -364,8 +364,8 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, } ret = - check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers, - cand_issuers_size, &resp, &ocsp_status); + check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers, + cand_issuers_size, &resp, &ocsp_status); if (ret < 0) { CLEAR_CERTS; @@ -820,11 +820,11 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url) /* Try to load the whole certificate chain from the PKCS #11 token */ for (i=0;i<MAX_PKCS11_CERT_CHAIN;i++) { - ret = gnutls_x509_crt_check_issuer(crt, crt); - if (i > 0 && ret != 0) { - /* self signed */ - break; - } + ret = gnutls_x509_crt_check_issuer(crt, crt); + if (i > 0 && ret != 0) { + /* self signed */ + break; + } ret = gnutls_pcert_import_x509(&ccert[i], crt, 0); if (ret < 0) { @@ -1149,8 +1149,8 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, } ret = - gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size, - GNUTLS_X509_CRT_LIST_SORT); + gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size, + GNUTLS_X509_CRT_LIST_SORT); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1174,7 +1174,7 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, return 0; cleanup: - gnutls_free(pcerts); + gnutls_free(pcerts); _gnutls_str_array_clear(&names); return ret; } @@ -1203,8 +1203,8 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_x509_privkey_t *key) + unsigned index, + gnutls_x509_privkey_t *key) { if (index >= res->ncerts) { gnutls_assert(); @@ -1242,9 +1242,9 @@ gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_x509_crt_t **crt_list, - unsigned *crt_list_size) + unsigned index, + gnutls_x509_crt_t **crt_list, + unsigned *crt_list_size) { int ret; unsigned i; @@ -1433,7 +1433,7 @@ gnutls_certificate_set_trust_list(gnutls_certificate_credentials_t res, **/ void gnutls_certificate_get_trust_list(gnutls_certificate_credentials_t res, - gnutls_x509_trust_list_t *tlist) + gnutls_x509_trust_list_t *tlist) { *tlist = res->tlist; } diff --git a/lib/x509.h b/lib/x509.h index bc11f7b93f..8048416691 100644 --- a/lib/x509.h +++ b/lib/x509.h @@ -25,7 +25,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session, gnutls_typed_vdata_st * data, - unsigned int elements, + unsigned int elements, unsigned int *status); #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" diff --git a/lib/x509/common.c b/lib/x509/common.c index dab7fbb582..6d72338d42 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1624,7 +1624,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, unsigned _gnutls_check_valid_key_id(gnutls_datum_t *key_id, - gnutls_x509_crt_t cert, time_t now) + gnutls_x509_crt_t cert, time_t now) { uint8_t id[MAX_KEY_ID_SIZE]; size_t id_size; diff --git a/lib/x509/common.h b/lib/x509/common.h index b2413c4511..6716939255 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -241,7 +241,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t * rpubkey); int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, - gnutls_datum_t * rpubkey); + gnutls_datum_t * rpubkey); typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t); diff --git a/lib/x509/crl.c b/lib/x509/crl.c index ebda949fde..5f0abe301e 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -651,8 +651,8 @@ void gnutls_x509_crl_iter_deinit(gnutls_x509_crl_iter_t iter) int gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, gnutls_x509_crl_iter_t *iter, - unsigned char *serial, - size_t * serial_size, time_t * t) + unsigned char *serial, + size_t * serial_size, time_t * t) { int result, _serial_size; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 51c0e17969..6a9cccaa5e 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -1690,7 +1690,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, ret = 0; cleanup: asn1_delete_structure(&c2); - gnutls_free(extensions); + gnutls_free(extensions); return ret; } diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c index 1b0da2e3df..e6a3b1773c 100644 --- a/lib/x509/email-verify.c +++ b/lib/x509/email-verify.c @@ -159,8 +159,8 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, */ ret = 0; cleanup: - if (a_email != email) { - idn_free(a_email); + if (a_email != email) { + idn_free(a_email); } - return ret; + return ret; } diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 8a92849db9..751c2986e6 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -904,6 +904,6 @@ _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, ret = 0; cleanup: - gnutls_x509_aki_deinit(aki); - return ret; + gnutls_x509_aki_deinit(aki); + return ret; } diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c index 06a8d42c05..fcbb987e64 100644 --- a/lib/x509/hostname-verify.c +++ b/lib/x509/hostname-verify.c @@ -118,7 +118,7 @@ static int has_embedded_null(const char *str, unsigned size) **/ unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, - const char *hostname, unsigned int flags) + const char *hostname, unsigned int flags) { char dnsname[MAX_CN]; size_t dnsnamesize; @@ -262,8 +262,8 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, */ ret = 0; cleanup: - if (a_hostname != hostname) { - idn_free(a_hostname); + if (a_hostname != hostname) { + idn_free(a_hostname); } - return ret; + return ret; } diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c index 1021a37914..dc8351f6fe 100644 --- a/lib/x509/krb5.c +++ b/lib/x509/krb5.c @@ -41,19 +41,19 @@ typedef struct krb5_principal_data { extern const asn1_static_node krb5_asn1_tab[]; -static void cleanup_principal(krb5_principal_data *princ) +static void cleanup_principal(krb5_principal_data * princ) { - unsigned i; - if (princ) { - gnutls_free(princ->realm); - for (i=0;i<princ->length;i++) - gnutls_free(princ->data[i]); + unsigned i; + if (princ) { + gnutls_free(princ->realm); + for (i = 0; i < princ->length; i++) + gnutls_free(princ->data[i]); memset(princ, 0, sizeof(*princ)); gnutls_free(princ); - } + } } -static krb5_principal_data* name_to_principal(const char *_name) +static krb5_principal_data *name_to_principal(const char *_name) { krb5_principal_data *princ; char *p, *p2, *sp; @@ -78,7 +78,7 @@ static krb5_principal_data* name_to_principal(const char *_name) goto fail; } - princ->realm = gnutls_strdup(p+1); + princ->realm = gnutls_strdup(p + 1); if (princ->realm == NULL) { gnutls_assert(); goto fail; @@ -87,9 +87,11 @@ static krb5_principal_data* name_to_principal(const char *_name) if (p == p2) { p = strtok_r(name, "/", &sp); - while(p) { + while (p) { if (pos == MAX_COMPONENTS) { - _gnutls_debug_log("%s: Cannot parse names with more than %d components\n", __func__, MAX_COMPONENTS); + _gnutls_debug_log + ("%s: Cannot parse names with more than %d components\n", + __func__, MAX_COMPONENTS); goto fail; } @@ -105,12 +107,13 @@ static krb5_principal_data* name_to_principal(const char *_name) p = strtok_r(NULL, "/", &sp); } - if ((princ->length == 2) && (strcmp (princ->data[0], "krbtgt") == 0)) { - princ->type = 2; /* KRB_NT_SRV_INST */ + if ((princ->length == 2) + && (strcmp(princ->data[0], "krbtgt") == 0)) { + princ->type = 2; /* KRB_NT_SRV_INST */ } else { - princ->type = 1; /* KRB_NT_PRINCIPAL */ + princ->type = 1; /* KRB_NT_PRINCIPAL */ } - } else { /* enterprise */ + } else { /* enterprise */ princ->data[0] = gnutls_strdup(name); if (princ->data[0] == NULL) { gnutls_assert(); @@ -118,13 +121,13 @@ static krb5_principal_data* name_to_principal(const char *_name) } princ->length++; - princ->type = 10; /* KRB_NT_ENTERPRISE */ + princ->type = 10; /* KRB_NT_ENTERPRISE */ } goto cleanup; fail: - cleanup_principal(princ); - princ = NULL; + cleanup_principal(princ); + princ = NULL; cleanup: gnutls_free(name); @@ -135,7 +138,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) { int ret, result; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - krb5_principal_data * princ; + krb5_principal_data *princ; unsigned i; princ = name_to_principal(name); @@ -145,7 +148,9 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) goto cleanup; } - result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2); + result = + asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.KRB5PrincipalName", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -161,8 +166,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) } result = - asn1_write_value(c2, "principalName.name-type", &princ->type, - 1); + asn1_write_value(c2, "principalName.name-type", &princ->type, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -171,8 +175,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) for (i = 0; i < princ->length; i++) { result = - asn1_write_value(c2, "principalName.name-string", - "NEW", 1); + asn1_write_value(c2, "principalName.name-string", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -203,10 +206,10 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) return ret; } -static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) +static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st * str) { - gnutls_datum_t realm = {NULL, 0}; - gnutls_datum_t component = {NULL, 0}; + gnutls_datum_t realm = { NULL, 0 }; + gnutls_datum_t component = { NULL, 0 }; unsigned char name_type[2]; int ret, result, len; unsigned i; @@ -219,29 +222,33 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) } len = sizeof(name_type); - result = asn1_read_value(c2, "principalName.name-type", name_type, &len); + result = + asn1_read_value(c2, "principalName.name-type", name_type, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - if (len != 1 || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) { + if (len != 1 + || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) { ret = GNUTLS_E_INVALID_REQUEST; goto cleanup; } - for (i=0;;i++) { - snprintf(val, sizeof(val), "principalName.name-string.?%u", i+1); + for (i = 0;; i++) { + snprintf(val, sizeof(val), "principalName.name-string.?%u", + i + 1); ret = _gnutls_x509_read_value(c2, val, &component); - if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) + if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND + || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) break; if (ret < 0) { gnutls_assert(); goto cleanup; } - if (i>0) { + if (i > 0) { ret = _gnutls_buffer_append_data(str, "/", 1); if (ret < 0) { gnutls_assert(); @@ -249,7 +256,9 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) } } - ret = _gnutls_buffer_append_data(str, component.data, component.size); + ret = + _gnutls_buffer_append_data(str, component.data, + component.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -273,11 +282,12 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) ret = 0; cleanup: _gnutls_free_datum(&component); - gnutls_free(realm.data); - return ret; + gnutls_free(realm.data); + return ret; } -int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *name) +int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, + gnutls_datum_t * name) { int ret, result; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -285,7 +295,9 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na _gnutls_buffer_init(&str); - result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2); + result = + asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.KRB5PrincipalName", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -318,7 +330,7 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na return _gnutls_buffer_to_datum(&str, name, 1); cleanup: - _gnutls_buffer_clear(&str); + _gnutls_buffer_clear(&str); asn1_delete_structure(&c2); return ret; } diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index 776e209825..98c0f0297d 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -40,8 +40,8 @@ // for documentation see the implementation static int name_constraints_intersect_nodes(name_constraints_node_st * nc1, - name_constraints_node_st * nc2, - name_constraints_node_st ** intersection); + name_constraints_node_st * nc2, + name_constraints_node_st ** intersection); /*- * is_nc_empty: @@ -92,7 +92,7 @@ static unsigned is_nc_empty(struct gnutls_name_constraints_st* nc, unsigned type * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. -*/ static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t* name) + const gnutls_datum_t* name) { if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME && type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI && @@ -209,8 +209,8 @@ void _gnutls_name_constraints_node_free(name_constraints_node_st *node) * Returns: Pointer to newly allocated node or NULL in case of memory error. -*/ static name_constraints_node_st* name_constraints_node_new(unsigned type, - unsigned char *data, - unsigned int size) + unsigned char *data, + unsigned int size) { name_constraints_node_st *tmp = gnutls_malloc(sizeof(struct name_constraints_node_st)); if (tmp == NULL) @@ -250,8 +250,8 @@ static name_constraints_node_st* name_constraints_node_new(unsigned type, -*/ static int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, - name_constraints_node_st * _nc2, - name_constraints_node_st ** _nc_excluded) + name_constraints_node_st * _nc2, + name_constraints_node_st ** _nc_excluded) { name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL, *prev = NULL; int ret, type, used; @@ -335,7 +335,7 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, } // if the node from nc2 was not used for intersection, copy it to DEST // Beware: also copies nodes other than DNS, email, IP, - // since their counterpart may have been moved in phase 1. + // since their counterpart may have been moved in phase 1. if (!used) { tmp = name_constraints_node_new(nc2->type, nc2->name.data, nc2->name.size); if (tmp == NULL) { @@ -451,9 +451,9 @@ static int _gnutls_name_constraints_append(name_constraints_node_st **_nc, * Since: 3.3.0 **/ int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt, - gnutls_x509_name_constraints_t nc, - unsigned int flags, - unsigned int *critical) + gnutls_x509_name_constraints_t nc, + unsigned int flags, + unsigned int *critical) { int ret; gnutls_datum_t der = { NULL, 0 }; @@ -526,9 +526,9 @@ int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc) static int name_constraints_add(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name, - unsigned permitted) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name, + unsigned permitted) { struct name_constraints_node_st * tmp, *prev = NULL; int ret; @@ -581,7 +581,7 @@ int name_constraints_add(gnutls_x509_name_constraints_t nc, * Since: 3.5.0 -*/ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc, - gnutls_x509_name_constraints_t nc2) + gnutls_x509_name_constraints_t nc2) { int ret; @@ -621,8 +621,8 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc, * Since: 3.3.0 **/ int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name) { return name_constraints_add(nc, type, name, 1); } @@ -645,8 +645,8 @@ int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc * Since: 3.3.0 **/ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name) { return name_constraints_add(nc, type, name, 0); } @@ -666,8 +666,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc, * Since: 3.3.0 **/ int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt, - gnutls_x509_name_constraints_t nc, - unsigned int critical) + gnutls_x509_name_constraints_t nc, + unsigned int critical) { int ret; gnutls_datum_t der; @@ -760,7 +760,7 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t * * @nc1: name constraints node 1 * @nc2: name constraints node 2 * @_intersection: newly allocated node with intersected constraints, - * NULL if the intersection is empty + * NULL if the intersection is empty * * Inspect 2 name constraints nodes (of possibly different types) and allocate * a new node with intersection of given constraints. @@ -769,8 +769,8 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t * -*/ static int name_constraints_intersect_nodes(name_constraints_node_st * nc1, - name_constraints_node_st * nc2, - name_constraints_node_st ** _intersection) + name_constraints_node_st * nc2, + name_constraints_node_st ** _intersection) { // presume empty intersection name_constraints_node_st *intersection = NULL; @@ -1029,8 +1029,8 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, * Since: 3.3.0 **/ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name) { if (type == GNUTLS_SAN_DNSNAME) return check_dns_constraints(nc, name); @@ -1049,8 +1049,8 @@ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc, * is present in the CA, _and_ the name in the end certificate contains * the constrained element. */ static int check_unsupported_constraint2(gnutls_x509_crt_t cert, - gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type) + gnutls_x509_name_constraints_t nc, + gnutls_x509_subject_alt_name_t type) { unsigned idx, found_one; char name[MAX_CN]; @@ -1102,8 +1102,8 @@ static int check_unsupported_constraint2(gnutls_x509_crt_t cert, * Since: 3.3.0 **/ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - gnutls_x509_crt_t cert) + gnutls_x509_subject_alt_name_t type, + gnutls_x509_crt_t cert) { char name[MAX_CN]; size_t name_size; @@ -1212,7 +1212,7 @@ unsigned found_one; /* ensure there is only a single CN, according to rfc6125 */ name_size = sizeof(name); ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, - 1, 0, name, &name_size); + 1, 0, name, &name_size); if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) return gnutls_assert_val(0); @@ -1300,8 +1300,8 @@ unsigned found_one; * Since: 3.3.0 **/ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc, - unsigned idx, - unsigned *type, gnutls_datum_t * name) + unsigned idx, + unsigned *type, gnutls_datum_t * name) { unsigned int i; struct name_constraints_node_st * tmp = nc->permitted; @@ -1344,8 +1344,8 @@ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc * Since: 3.3.0 **/ int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc, - unsigned idx, - unsigned *type, gnutls_datum_t * name) + unsigned idx, + unsigned *type, gnutls_datum_t * name) { unsigned int i; struct name_constraints_node_st * tmp = nc->excluded; diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 597827a58e..eb41fcb295 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -406,11 +406,11 @@ int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req) * corresponds to the CertID structure: * * <informalexample><programlisting> - * CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key - * serialNumber CertificateSerialNumber } + * CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key + * serialNumber CertificateSerialNumber } * </programlisting></informalexample> * * Each of the pointers to output variables may be NULL to indicate @@ -522,11 +522,11 @@ gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req, * The information needed corresponds to the CertID structure: * * <informalexample><programlisting> - * CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key - * serialNumber CertificateSerialNumber } + * CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key + * serialNumber CertificateSerialNumber } * </programlisting></informalexample> * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a diff --git a/lib/x509/output.c b/lib/x509/output.c index 917cad0e5b..8f8521285b 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -580,7 +580,7 @@ static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t *der) print_name(str, "\t\t\t", type, &dist, 0); } cleanup: - gnutls_x509_crl_dist_points_deinit(dp); + gnutls_x509_crl_dist_points_deinit(dp); } static void diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 765d982440..9b280ba857 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1403,9 +1403,9 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, * @chain: the corresponding to key certificate chain (may be %NULL) * @chain_len: will be updated with the number of additional (may be %NULL) * @extra_certs: optional pointer to receive an array of additional - * certificates found in the PKCS12 structure (may be %NULL). + * certificates found in the PKCS12 structure (may be %NULL). * @extra_certs_len: will be updated with the number of additional - * certs (may be %NULL). + * certs (may be %NULL). * @crl: an optional structure to store the parsed CRL (may be %NULL). * @flags: should be zero or one of GNUTLS_PKCS12_SP_* * diff --git a/lib/x509/pkcs7-attrs.c b/lib/x509/pkcs7-attrs.c index 9bfbe2f329..c948bca224 100644 --- a/lib/x509/pkcs7-attrs.c +++ b/lib/x509/pkcs7-attrs.c @@ -51,7 +51,8 @@ * Since: 3.4.2 **/ int -gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_t *data, unsigned flags) +gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid, + gnutls_datum_t * data, unsigned flags) { int ret; gnutls_pkcs7_attrs_st *r; @@ -62,7 +63,8 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_ if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) { ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, - data->data, data->size, &r->data); + data->data, data->size, + &r->data); } else { ret = _gnutls_set_datum(&r->data, data->data, data->size); } @@ -78,12 +80,12 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_ return 0; fail: - if (r) { - gnutls_free(r->data.data); - gnutls_free(r); + if (r) { + gnutls_free(r->data.data); + gnutls_free(r); } - gnutls_pkcs7_attrs_deinit(*list); - return GNUTLS_E_MEMORY_ERROR; + gnutls_pkcs7_attrs_deinit(*list); + return GNUTLS_E_MEMORY_ERROR; } @@ -106,13 +108,14 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_ * Since: 3.4.2 **/ int -gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutls_datum_t *data, unsigned flags) +gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, + gnutls_datum_t * data, unsigned flags) { unsigned i; gnutls_pkcs7_attrs_st *p = list; int ret; - for (i=0;i<idx;i++) { + for (i = 0; i < idx; i++) { p = p->next; if (p == NULL) break; @@ -125,7 +128,8 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) { ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - p->data.data, p->data.size, data, 1); + p->data.data, p->data.size, + data, 1); } else { ret = _gnutls_set_datum(data, p->data.data, p->data.size); } @@ -143,12 +147,11 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl * * Since: 3.4.2 **/ -void -gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list) +void gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list) { gnutls_pkcs7_attrs_st *r = list, *next; - while(r) { + while (r) { next = r->next; gnutls_free(r->data.data); diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index a4bb551662..7f67376ce0 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -53,107 +53,97 @@ #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1" #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6" -static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = -{ +static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = { { - .schema = PBES1_DES_MD5, - .name = "PBES1-DES-CBC-MD5", - .flag = GNUTLS_PKCS_PBES1_DES_MD5, - .cipher = GNUTLS_CIPHER_DES_CBC, - .pbes2 = 0, - .cipher_oid = PBES1_DES_MD5_OID, - .write_oid = PBES1_DES_MD5_OID, - .desc = NULL, - .decrypt_only = 1 - }, + .schema = PBES1_DES_MD5, + .name = "PBES1-DES-CBC-MD5", + .flag = GNUTLS_PKCS_PBES1_DES_MD5, + .cipher = GNUTLS_CIPHER_DES_CBC, + .pbes2 = 0, + .cipher_oid = PBES1_DES_MD5_OID, + .write_oid = PBES1_DES_MD5_OID, + .desc = NULL, + .decrypt_only = 1}, { - .schema = PBES2_3DES, - .name = "PBES2-3DES-CBC", - .flag = GNUTLS_PKCS_PBES2_3DES, - .cipher = GNUTLS_CIPHER_3DES_CBC, - .pbes2 = 1, - .cipher_oid = DES_EDE3_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_3DES, + .name = "PBES2-3DES-CBC", + .flag = GNUTLS_PKCS_PBES2_3DES, + .cipher = GNUTLS_CIPHER_3DES_CBC, + .pbes2 = 1, + .cipher_oid = DES_EDE3_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_DES, - .name = "PBES2-DES-CBC", - .flag = GNUTLS_PKCS_PBES2_DES, - .cipher = GNUTLS_CIPHER_DES_CBC, - .pbes2 = 1, - .cipher_oid = DES_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-des-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_DES, + .name = "PBES2-DES-CBC", + .flag = GNUTLS_PKCS_PBES2_DES, + .cipher = GNUTLS_CIPHER_DES_CBC, + .pbes2 = 1, + .cipher_oid = DES_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-des-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_AES_128, - .name = "PBES2-AES128-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_128, - .cipher = GNUTLS_CIPHER_AES_128_CBC, - .pbes2 = 1, - .cipher_oid = AES_128_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes128-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_AES_128, + .name = "PBES2-AES128-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_128, + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .pbes2 = 1, + .cipher_oid = AES_128_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes128-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_AES_192, - .name = "PBES2-AES192-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_192, - .cipher = GNUTLS_CIPHER_AES_192_CBC, - .pbes2 = 1, - .cipher_oid = AES_192_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes192-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_AES_192, + .name = "PBES2-AES192-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_192, + .cipher = GNUTLS_CIPHER_AES_192_CBC, + .pbes2 = 1, + .cipher_oid = AES_192_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes192-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_AES_256, - .name = "PBES2-AES256-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_256, - .cipher = GNUTLS_CIPHER_AES_256_CBC, - .pbes2 = 1, - .cipher_oid = AES_256_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes256-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_AES_256, + .name = "PBES2-AES256-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_256, + .cipher = GNUTLS_CIPHER_AES_256_CBC, + .pbes2 = 1, + .cipher_oid = AES_256_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes256-CBC-params", + .decrypt_only = 0}, { - .schema = PKCS12_ARCFOUR_SHA1, - .name = "PKCS12-ARCFOUR-SHA1", - .flag = GNUTLS_PKCS_PKCS12_ARCFOUR, - .cipher = GNUTLS_CIPHER_ARCFOUR, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, - .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, - .desc = NULL, - .decrypt_only = 0 - }, + .schema = PKCS12_ARCFOUR_SHA1, + .name = "PKCS12-ARCFOUR-SHA1", + .flag = GNUTLS_PKCS_PKCS12_ARCFOUR, + .cipher = GNUTLS_CIPHER_ARCFOUR, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, + .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, + .desc = NULL, + .decrypt_only = 0}, { - .schema = PKCS12_RC2_40_SHA1, - .name = "PKCS12-RC2-40-SHA1", - .flag = GNUTLS_PKCS_PKCS12_RC2_40, - .cipher = GNUTLS_CIPHER_RC2_40_CBC, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID, - .write_oid = PKCS12_PBE_RC2_40_SHA1_OID, - .desc = NULL, - .decrypt_only = 0 - }, + .schema = PKCS12_RC2_40_SHA1, + .name = "PKCS12-RC2-40-SHA1", + .flag = GNUTLS_PKCS_PKCS12_RC2_40, + .cipher = GNUTLS_CIPHER_RC2_40_CBC, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID, + .write_oid = PKCS12_PBE_RC2_40_SHA1_OID, + .desc = NULL, + .decrypt_only = 0}, { - .schema = PKCS12_3DES_SHA1, - .name = "PKCS12-3DES-SHA1", - .flag = GNUTLS_PKCS_PKCS12_3DES, - .cipher = GNUTLS_CIPHER_3DES_CBC, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_3DES_SHA1_OID, - .write_oid = PKCS12_PBE_3DES_SHA1_OID, - .desc = NULL, - .decrypt_only = 0 - }, + .schema = PKCS12_3DES_SHA1, + .name = "PKCS12-3DES-SHA1", + .flag = GNUTLS_PKCS_PKCS12_3DES, + .cipher = GNUTLS_CIPHER_3DES_CBC, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_3DES_SHA1_OID, + .write_oid = PKCS12_PBE_3DES_SHA1_OID, + .desc = NULL, + .decrypt_only = 0}, {0, 0, 0, 0, 0} }; @@ -167,12 +157,13 @@ static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = int _gnutls_pkcs_flags_to_schema(unsigned int flags) { - PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;); + PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema; + ); gnutls_assert(); _gnutls_debug_log ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", - flags); + flags); return PKCS12_3DES_SHA1; } @@ -189,11 +180,11 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags) */ const char *gnutls_pkcs_schema_get_name(unsigned int schema) { - PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;); + PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name; + ); return NULL; } - /** * gnutls_pkcs_schema_get_oid: * @schema: Holds the PKCS #12 or PBES2 schema (%gnutls_pkcs_encrypt_flags_t) @@ -207,16 +198,17 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema) */ const char *gnutls_pkcs_schema_get_oid(unsigned int schema) { - PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;); + PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid; + ); return NULL; } -static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned cipher) +static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned + cipher) { - PBES2_SCHEMA_LOOP( - if (_p->cipher == cipher && _p->pbes2 != 0) { - return _p; - }); + PBES2_SCHEMA_LOOP(if (_p->cipher == cipher && _p->pbes2 != 0) { + return _p;} + ) ; gnutls_assert(); return NULL; @@ -227,9 +219,11 @@ static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned int _gnutls_check_pkcs_cipher_schema(const char *oid) { if (strcmp(oid, PBES2_OID) == 0) - return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */ + return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */ - PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {return _p->schema;}); + PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) { + return _p->schema;} + ) ; _gnutls_debug_log ("PKCS #12 encryption schema OID '%s' is unsupported.\n", oid); @@ -238,7 +232,7 @@ int _gnutls_check_pkcs_cipher_schema(const char *oid) const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema) { - PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;); + PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;) ; gnutls_assert(); return NULL; @@ -247,22 +241,19 @@ const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema) /* Converts an OID to a gnutls cipher type. */ static int -pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t *algo) +pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t * algo) { *algo = 0; - PBES2_SCHEMA_LOOP(if (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) { - *algo = _p->cipher; - return 0; - } - ); + PBES2_SCHEMA_LOOP(if + (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) { + *algo = _p->cipher; return 0;} + ) ; - _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", - oid); + _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid); return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } - /* Decrypts a PKCS #7 encryptedData. The output is allocated * and stored in dec. */ @@ -288,8 +279,7 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, goto error; } - result = - asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); + result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -330,8 +320,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, result = _gnutls_read_pkcs_schema_params(&schema, password, - &data->data[params_start], - params_len, &kdf_params, &enc_params); + &data->data[params_start], + params_len, &kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -343,8 +334,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, result = _gnutls_pkcs_raw_decrypt_data(schema, pkcs7_asn, - "encryptedContentInfo.encryptedContent", password, - &kdf_params, &enc_params, &tmp); + "encryptedContentInfo.encryptedContent", + password, &kdf_params, &enc_params, + &tmp); if (result < 0) { gnutls_assert(); goto error; @@ -356,15 +348,16 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, return 0; - error: + error: asn1_delete_structure(&pasn); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; } int -_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_cipher_schema_st **p, - struct pbkdf2_params *kdf_params, char **oid) +_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, + const struct pkcs_cipher_schema_st **p, + struct pbkdf2_params *kdf_params, char **oid) { int result, len; char enc_oid[MAX_OID_SIZE]; @@ -382,8 +375,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe goto error; } - result = - asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); + result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -428,8 +420,9 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe result = _gnutls_read_pkcs_schema_params(&schema, NULL, - &data->data[params_start], - params_len, kdf_params, &enc_params); + &data->data[params_start], + params_len, kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -446,7 +439,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe return 0; - error: + error: asn1_delete_structure(&pasn); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; @@ -497,15 +490,16 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, */ result = - _gnutls_pkcs_generate_key(schema, password, &kdf_params, &enc_params, &key); + _gnutls_pkcs_generate_key(schema, password, &kdf_params, + &enc_params, &key); if (result < 0) { gnutls_assert(); goto error; } result = _gnutls_pkcs_write_schema_params(schema, pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - &kdf_params, &enc_params); + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + &kdf_params, &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -571,8 +565,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, goto error; } - - error: + error: _gnutls_free_key_datum(&key); _gnutls_free_datum(&tmp); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); @@ -583,8 +576,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, */ static int read_pbkdf2_params(ASN1_TYPE pasn, - const gnutls_datum_t * der, - struct pbkdf2_params *params) + const gnutls_datum_t * der, struct pbkdf2_params *params) { int params_start, params_end; int params_len, len, result; @@ -599,8 +591,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, */ len = sizeof(oid); result = - asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, - &len); + asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -610,8 +601,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, if (strcmp(oid, PBKDF2_OID) != 0) { gnutls_assert(); _gnutls_debug_log - ("PKCS #8 key derivation OID '%s' is unsupported.\n", - oid); + ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); return _gnutls_asn2err(result); } @@ -638,7 +628,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, result = _asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start], - params_len, NULL); + params_len, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -671,17 +661,14 @@ read_pbkdf2_params(ASN1_TYPE pasn, /* read the keylength, if it is set. */ result = - _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", - ¶ms->key_size); + _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", ¶ms->key_size); if (result < 0) { params->key_size = 0; } _gnutls_hard_log("keyLength: %d\n", params->key_size); len = sizeof(oid); - result = - asn1_read_value(pbkdf2_asn, "prf.algorithm", - oid, &len); + result = asn1_read_value(pbkdf2_asn, "prf.algorithm", oid, &len); if (result != ASN1_SUCCESS) { /* use the default MAC */ result = 0; @@ -698,7 +685,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbkdf2_asn); return result; @@ -706,8 +693,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA). */ -static int -read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) +static int read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) { int result; @@ -716,8 +702,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) /* read the salt */ params->salt_size = sizeof(params->salt); result = - asn1_read_value(pasn, "salt", params->salt, - ¶ms->salt_size); + asn1_read_value(pasn, "salt", params->salt, ¶ms->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -728,8 +713,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) /* read the iteration count */ result = - _gnutls_x509_read_uint(pasn, "iterations", - ¶ms->iter_count); + _gnutls_x509_read_uint(pasn, "iterations", ¶ms->iter_count); if (result < 0) { gnutls_assert(); goto error; @@ -740,7 +724,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) return 0; - error: + error: return result; } @@ -748,8 +732,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) /* Writes the PBE parameters for PKCS-12 schemas. */ static int -write_pkcs12_kdf_params(ASN1_TYPE pasn, - const struct pbkdf2_params *kdf_params) +write_pkcs12_kdf_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params) { int result; @@ -778,15 +761,14 @@ write_pkcs12_kdf_params(ASN1_TYPE pasn, return 0; - error: + error: return result; } static int read_pbes2_enc_params(ASN1_TYPE pasn, - const gnutls_datum_t * der, - struct pbe_enc_params *params) + const gnutls_datum_t * der, struct pbe_enc_params *params) { int params_start, params_end; int params_len, len, result; @@ -799,9 +781,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, /* Check the encryption algorithm */ len = sizeof(oid); - result = - asn1_read_value(pasn, "encryptionScheme.algorithm", oid, - &len); + result = asn1_read_value(pasn, "encryptionScheme.algorithm", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -840,7 +820,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, result = _asn1_strict_der_decode(&pbe_asn, &der->data[params_start], - params_len, NULL); + params_len, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -849,8 +829,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, /* read the IV */ params->iv_size = sizeof(params->iv); - result = - asn1_read_value(pbe_asn, "", params->iv, ¶ms->iv_size); + result = asn1_read_value(pbe_asn, "", params->iv, ¶ms->iv_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -860,7 +839,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbe_asn); return result; } @@ -871,9 +850,9 @@ read_pbes2_enc_params(ASN1_TYPE pasn, */ int _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, - const uint8_t * data, int data_size, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params) + const uint8_t * data, int data_size, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params) { ASN1_TYPE pasn = ASN1_TYPE_EMPTY; int result; @@ -895,8 +874,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, /* Decode the parameters. */ - result = - _asn1_strict_der_decode(&pasn, data, data_size, NULL); + result = _asn1_strict_der_decode(&pasn, data, data_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -930,8 +908,9 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, *schema = p->schema; return 0; } else if (*schema == PBES1_DES_MD5) { - return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, enc_params); - } else { /* PKCS #12 schema */ + return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, + enc_params); + } else { /* PKCS #12 schema */ memset(enc_params, 0, sizeof(*enc_params)); p = _gnutls_pkcs_schema_get(*schema); @@ -954,8 +933,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, /* Decode the parameters. */ - result = - _asn1_strict_der_decode(&pasn, data, data_size, NULL); + result = _asn1_strict_der_decode(&pasn, data, data_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -970,16 +948,14 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, if (enc_params->iv_size) { result = - _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 2 /*IV*/, + _gnutls_pkcs12_string_to_key(mac_to_entry + (GNUTLS_MAC_SHA1), + 2 /*IV*/, kdf_params->salt, - kdf_params-> - salt_size, - kdf_params-> - iter_count, + kdf_params->salt_size, + kdf_params->iter_count, password, - enc_params-> - iv_size, + enc_params->iv_size, enc_params->iv); if (result < 0) { gnutls_assert(); @@ -1000,13 +976,13 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, int _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, - const char *root, const char *password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t *decrypted_data) + const char *root, const char *password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * decrypted_data) { int result; - gnutls_datum_t enc = {NULL, 0}; + gnutls_datum_t enc = { NULL, 0 }; uint8_t *key = NULL; gnutls_datum_t dkey, d_iv; cipher_hd_st ch; @@ -1026,8 +1002,9 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, if (schema == PBES1_DES_MD5) { return _gnutls_decrypt_pbes1_des_md5_data(password, pass_len, - kdf_params, enc_params, - &enc, decrypted_data); + kdf_params, + enc_params, &enc, + decrypted_data); } if (kdf_params->key_size == 0) { @@ -1045,22 +1022,24 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, /* generate the key */ p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ if (kdf_params->mac == GNUTLS_MAC_SHA1) - pbkdf2_hmac_sha1(pass_len, (uint8_t*)password, + pbkdf2_hmac_sha1(pass_len, (uint8_t *) password, kdf_params->iter_count, - kdf_params->salt_size, kdf_params->salt, - key_size, key); + kdf_params->salt_size, + kdf_params->salt, key_size, key); else if (kdf_params->mac == GNUTLS_MAC_SHA256) - pbkdf2_hmac_sha256(pass_len, (uint8_t*)password, - kdf_params->iter_count, - kdf_params->salt_size, kdf_params->salt, - key_size, key); - else return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); - } else if (p != NULL) { /* PKCS 12 schema */ + pbkdf2_hmac_sha256(pass_len, (uint8_t *) password, + kdf_params->iter_count, + kdf_params->salt_size, + kdf_params->salt, key_size, key); + else + return + gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); + } else if (p != NULL) { /* PKCS 12 schema */ result = _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 1 /*KEY*/, + 1 /*KEY*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, @@ -1114,7 +1093,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, return 0; - error: + error: gnutls_free(enc.data); gnutls_free(key); if (ch_init != 0) @@ -1122,12 +1101,10 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, return result; } - /* Writes the PBKDF2 parameters. */ static int -write_pbkdf2_params(ASN1_TYPE pasn, - const struct pbkdf2_params *kdf_params) +write_pbkdf2_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params) { int result; ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; @@ -1171,8 +1148,7 @@ write_pbkdf2_params(ASN1_TYPE pasn, result = _gnutls_asn2err(result); goto error; } - _gnutls_hard_log("salt.specified.size: %d\n", - kdf_params->salt_size); + _gnutls_hard_log("salt.specified.size: %d\n", kdf_params->salt_size); /* write the iteration count */ @@ -1218,16 +1194,14 @@ write_pbkdf2_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbkdf2_asn); return result; } - static int -write_pbes2_enc_params(ASN1_TYPE pasn, - const struct pbe_enc_params *params) +write_pbes2_enc_params(ASN1_TYPE pasn, const struct pbe_enc_params *params) { int result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; @@ -1260,8 +1234,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn, } /* read the salt */ - result = - asn1_write_value(pbe_asn, "", params->iv, params->iv_size); + result = asn1_write_value(pbe_asn, "", params->iv, params->iv_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1283,7 +1256,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbe_asn); return result; @@ -1293,9 +1266,10 @@ write_pbes2_enc_params(ASN1_TYPE pasn, */ int _gnutls_pkcs_generate_key(schema_id schema, - const char *password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, gnutls_datum_t * key) + const char *password, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, + gnutls_datum_t * key) { unsigned char rnd[2]; unsigned int pass_len = 0; @@ -1313,10 +1287,10 @@ _gnutls_pkcs_generate_key(schema_id schema, /* generate salt */ kdf_params->salt_size = - MIN(sizeof(kdf_params->salt), (unsigned) (12 + (rnd[1] % 10))); + MIN(sizeof(kdf_params->salt), (unsigned)(12 + (rnd[1] % 10))); p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ enc_params->cipher = p->cipher; } else if (p != NULL) { /* non PBES2 algorithms */ @@ -1334,12 +1308,11 @@ _gnutls_pkcs_generate_key(schema_id schema, return GNUTLS_E_RANDOM_FAILED; } - kdf_params->iter_count = 5*1024 + rnd[0]; + kdf_params->iter_count = 5 * 1024 + rnd[0]; key->size = kdf_params->key_size = gnutls_cipher_get_key_size(enc_params->cipher); - enc_params->iv_size = - gnutls_cipher_get_iv_size(enc_params->cipher); + enc_params->iv_size = gnutls_cipher_get_iv_size(enc_params->cipher); key->data = gnutls_malloc(key->size); if (key->data == NULL) { gnutls_assert(); @@ -1349,25 +1322,24 @@ _gnutls_pkcs_generate_key(schema_id schema, /* now generate the key. */ - if (p->pbes2 != 0) { - pbkdf2_hmac_sha1(pass_len, (uint8_t*)password, + if (p->pbes2 != 0) { + pbkdf2_hmac_sha1(pass_len, (uint8_t *) password, kdf_params->iter_count, kdf_params->salt_size, kdf_params->salt, kdf_params->key_size, key->data); if (enc_params->iv_size) { ret = _gnutls_rnd(GNUTLS_RND_NONCE, - enc_params->iv, - enc_params->iv_size); + enc_params->iv, enc_params->iv_size); if (ret < 0) { gnutls_assert(); return ret; } } - } else { /* PKCS 12 schema */ + } else { /* PKCS 12 schema */ ret = _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 1 /*KEY*/, + 1 /*KEY*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, @@ -1383,16 +1355,14 @@ _gnutls_pkcs_generate_key(schema_id schema, */ if (enc_params->iv_size) { ret = - _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), + _gnutls_pkcs12_string_to_key(mac_to_entry + (GNUTLS_MAC_SHA1), 2 /*IV*/, kdf_params->salt, - kdf_params-> - salt_size, - kdf_params-> - iter_count, + kdf_params->salt_size, + kdf_params->iter_count, password, - enc_params-> - iv_size, + enc_params->iv_size, enc_params->iv); if (ret < 0) { gnutls_assert(); @@ -1401,19 +1371,17 @@ _gnutls_pkcs_generate_key(schema_id schema, } } - return 0; } - /* Encodes the parameters to be written in the encryptionAlgorithm.parameters * part. */ int _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params) + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params) { int result; ASN1_TYPE pasn = ASN1_TYPE_EMPTY; @@ -1421,7 +1389,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-5-PBES2-params", @@ -1443,8 +1411,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, } result = _gnutls_x509_der_encode_and_copy(pasn, "", - pkcs8_asn, where, - 0); + pkcs8_asn, where, 0); if (result < 0) { gnutls_assert(); goto error; @@ -1452,7 +1419,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, asn1_delete_structure(&pasn); - } else if (p != NULL) { /* PKCS #12 */ + } else if (p != NULL) { /* PKCS #12 */ if ((result = asn1_create_element(_gnutls_get_pkix(), @@ -1470,8 +1437,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, } result = _gnutls_x509_der_encode_and_copy(pasn, "", - pkcs8_asn, where, - 0); + pkcs8_asn, where, 0); if (result < 0) { gnutls_assert(); goto error; @@ -1482,7 +1448,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, return 0; - error: + error: asn1_delete_structure(&pasn); return result; @@ -1490,8 +1456,8 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, int _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * key, gnutls_datum_t * encrypted) + const struct pbe_enc_params *enc_params, + gnutls_datum_t * key, gnutls_datum_t * encrypted) { int result; int data_size; @@ -1550,10 +1516,9 @@ _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, return 0; - error: + error: gnutls_free(data); if (ch_init != 0) _gnutls_cipher_deinit(&ch); return result; } - diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 15a1e17c25..997b51763a 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -49,12 +49,11 @@ static const uint8_t one = 1; * which holds them. If raw is non null then the raw decoded * data are copied (they are locally allocated) there. */ -static int -_decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) +static int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) { char oid[MAX_OID_SIZE]; ASN1_TYPE c2; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; int len, result; len = sizeof(oid) - 1; @@ -102,16 +101,20 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) /* read the encapsulated content */ len = sizeof(oid) - 1; - result = asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len); + result = + asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if (strcmp(oid, PLAIN_DATA_OID) != 0 && strcmp(oid, DIGESTED_DATA_OID) != 0) { + if (strcmp(oid, PLAIN_DATA_OID) != 0 + && strcmp(oid, DIGESTED_DATA_OID) != 0) { gnutls_assert(); - _gnutls_debug_log("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", oid); + _gnutls_debug_log + ("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", + oid); result = GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; goto cleanup; } @@ -121,7 +124,7 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) gnutls_free(tmp.data); return 0; - cleanup: + cleanup: if (c2) asn1_delete_structure(&c2); gnutls_free(tmp.data); @@ -135,8 +138,7 @@ static int pkcs7_reinit(gnutls_pkcs7_t pkcs7) asn1_delete_structure(&pkcs7->pkcs7); result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-ContentInfo", - &pkcs7->pkcs7); + "PKIX1.pkcs-7-ContentInfo", &pkcs7->pkcs7); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -245,8 +247,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, } pkcs7->expanded = 1; - result = - asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL); + result = asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -263,7 +264,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, result = 0; - cleanup: + cleanup: if (need_free) _gnutls_free_datum(&_data); return result; @@ -290,7 +291,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, **/ int gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, - unsigned indx, gnutls_datum_t *cert) + unsigned indx, gnutls_datum_t * cert) { int result, len; char root2[ASN1_MAX_NAME_SIZE]; @@ -330,8 +331,9 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, goto cleanup; } - result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size, - root2, &start, &end); + result = + asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, + tmp.size, root2, &start, &end); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -346,7 +348,7 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } - cleanup: + cleanup: _gnutls_free_datum(&tmp); return result; } @@ -376,13 +378,13 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, size_t * certificate_size) { int ret; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; ret = gnutls_pkcs7_get_crt_raw2(pkcs7, indx, &tmp); if (ret < 0) return gnutls_assert_val(ret); - if ((unsigned) tmp.size > *certificate_size) { + if ((unsigned)tmp.size > *certificate_size) { *certificate_size = tmp.size; ret = GNUTLS_E_SHORT_MEMORY_BUFFER; goto cleanup; @@ -392,12 +394,11 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, if (certificate) memcpy(certificate, tmp.data, tmp.size); - cleanup: + cleanup: _gnutls_free_datum(&tmp); return ret; } - /** * gnutls_pkcs7_get_crt_count: * @pkcs7: should contain a #gnutls_pkcs7_t type @@ -417,7 +418,8 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) /* Step 2. Count the CertificateSet */ - result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); + result = + asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); if (result != ASN1_SUCCESS) { gnutls_assert(); return 0; /* no certificates */ @@ -435,7 +437,7 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) * * Since: 3.4.2 **/ -void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info) +void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st * info) { gnutls_free(info->sig.data); gnutls_free(info->issuer_dn.data); @@ -478,8 +480,8 @@ static time_t parse_time(gnutls_pkcs7_t pkcs7, const char *root) ret = _gnutls_x509_get_time(c2, "", 0); cleanup: - asn1_delete_structure(&c2); - return ret; + asn1_delete_structure(&c2); + return ret; } /** @@ -501,7 +503,8 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7) if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); if (ret != ASN1_SUCCESS) { gnutls_assert(); return 0; @@ -525,14 +528,15 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7) * * Since: 3.4.2 **/ -int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_pkcs7_signature_info_st *info) +int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, + gnutls_pkcs7_signature_info_st * info) { int ret, count, len; char root[256]; char oid[MAX_OID_SIZE]; gnutls_pk_algorithm_t pk; gnutls_sign_algorithm_t sig; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; unsigned i; if (pkcs7 == NULL) @@ -541,14 +545,16 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p memset(info, 0, sizeof(*info)); info->signing_time = -1; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - snprintf(root, sizeof(root), "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1); - len = sizeof(oid)-1; + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { gnutls_assert(); @@ -565,9 +571,10 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* use the digests algorithm */ - snprintf(root, sizeof(root), "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1); - len = sizeof(oid)-1; + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { gnutls_assert(); @@ -598,21 +605,32 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* read the issuer info */ - snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", + idx + 1); /* read the signature */ - ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, root, &info->issuer_dn); + ret = + _gnutls_x509_get_raw_field(pkcs7->signed_data, root, + &info->issuer_dn); if (ret >= 0) { - snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", + idx + 1); /* read the signature */ - ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->signer_serial); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, root, + &info->signer_serial); if (ret < 0) { gnutls_assert(); goto fail; } - } else { /* keyid */ - snprintf(root, sizeof(root), "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1); + } else { /* keyid */ + snprintf(root, sizeof(root), + "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1); /* read the signature */ - ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->issuer_keyid); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, root, + &info->issuer_keyid); if (ret < 0) { gnutls_assert(); } @@ -624,15 +642,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* read the signing time */ - for (i=0;;i++) { - snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.type", idx+1, i+1); - len = sizeof(oid)-1; + for (i = 0;; i++) { + snprintf(root, sizeof(root), + "signerInfos.?%u.signedAttrs.?%u.type", idx + 1, + i + 1); + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { break; } - snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.values.?1", idx+1, i+1); + snprintf(root, sizeof(root), + "signerInfos.?%u.signedAttrs.?%u.values.?1", idx + 1, + i + 1); ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp); if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { tmp.data = NULL; @@ -657,15 +679,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* read the unsigned attrs */ - for (i=0;;i++) { - snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.type", idx+1, i+1); - len = sizeof(oid)-1; + for (i = 0;; i++) { + snprintf(root, sizeof(root), + "signerInfos.?%u.unsignedAttrs.?%u.type", idx + 1, + i + 1); + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { break; } - snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx+1, i+1); + snprintf(root, sizeof(root), + "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx + 1, + i + 1); ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp); if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { tmp.data = NULL; @@ -675,7 +701,8 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p goto fail; } - ret = gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0); + ret = + gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0); gnutls_free(tmp.data); tmp.data = NULL; @@ -685,11 +712,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } } - return 0; + return 0; fail: gnutls_free(tmp.data); gnutls_pkcs7_signature_info_deinit(info); - return ret; + return ret; unsupp_algo: return GNUTLS_E_UNKNOWN_ALGORITHM; } @@ -698,11 +725,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p * and matches our calculated hash */ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, gnutls_sign_algorithm_t algo, - const gnutls_datum_t *data) + const gnutls_datum_t * data) { unsigned hash; - gnutls_datum_t tmp = {NULL, 0}; - gnutls_datum_t tmp2 = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; + gnutls_datum_t tmp2 = { NULL, 0 }; uint8_t hash_output[MAX_HASH_SIZE]; unsigned hash_size, i; char oid[MAX_OID_SIZE]; @@ -720,7 +747,9 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, hash_size = gnutls_hash_get_len(hash); if (data == NULL || data->data == NULL) { - ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", &tmp); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, + "encapContentInfo.eContent", &tmp); if (ret < 0) { if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -739,11 +768,13 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, return gnutls_assert_val(ret); /* now verify that hash matches */ - for (i=0;;i++) { - snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i+1); + for (i = 0;; i++) { + snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i + 1); ret = _gnutls_x509_decode_and_read_attribute(pkcs7->signed_data, - name, oid, sizeof(oid), &tmp, 1, 0); + name, oid, + sizeof(oid), &tmp, + 1, 0); if (ret < 0) { if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) break; @@ -751,14 +782,17 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, } if (strcmp(oid, ATTR_MESSAGE_DIGEST) == 0) { - ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - tmp.data, tmp.size, &tmp2, 0); + ret = + _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, + tmp.data, tmp.size, + &tmp2, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - if (tmp2.size == hash_size && memcmp(hash_output, tmp2.data, tmp2.size) == 0) { + if (tmp2.size == hash_size + && memcmp(hash_output, tmp2.data, tmp2.size) == 0) { msg_digest_ok = 1; } } else if (strcmp(oid, ATTR_CONTENT_TYPE) == 0) { @@ -771,22 +805,26 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, num_cont_types++; /* check if it matches */ - ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, "encapContentInfo.eContentType", &tmp2); + ret = + _gnutls_x509_get_raw_field(pkcs7->signed_data, + "encapContentInfo.eContentType", + &tmp2); if (ret < 0) { gnutls_assert(); goto cleanup; } - if (tmp2.size != tmp.size || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) { + if (tmp2.size != tmp.size + || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) { gnutls_assert(); ret = GNUTLS_E_PARSING_ERROR; goto cleanup; } } - gnutls_free(tmp.data); - tmp.data = NULL; - gnutls_free(tmp2.data); - tmp2.data = NULL; + gnutls_free(tmp.data); + tmp.data = NULL; + gnutls_free(tmp2.data); + tmp2.data = NULL; } if (msg_digest_ok) @@ -795,19 +833,18 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR); cleanup: - gnutls_free(tmp.data); - gnutls_free(tmp2.data); - return ret; + gnutls_free(tmp.data); + gnutls_free(tmp2.data); + return ret; } - /* Returns the data to be used for signature verification. PKCS #7 * decided that this should not be an easy task. */ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, - const gnutls_datum_t *data, + const gnutls_datum_t * data, gnutls_sign_algorithm_t algo, - gnutls_datum_t *sigdata) + gnutls_datum_t * sigdata) { int ret; char name[256]; @@ -829,7 +866,10 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, /* We have no signedAttrs. Use the provided data, or the encapsulated */ if (data == NULL || data->data == NULL) { - ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", sigdata); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, + "encapContentInfo.eContent", + sigdata); if (ret < 0) { gnutls_assert(); return gnutls_assert_val(ret); @@ -860,10 +900,11 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, * Since: 3.4.8 **/ int -gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_t *data) +gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, + gnutls_datum_t * data) { int count, ret; - gnutls_datum_t tmpdata = {NULL, 0}; + gnutls_datum_t tmpdata = { NULL, 0 }; gnutls_pkcs7_signature_info_st info; char root[128]; @@ -872,8 +913,9 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_ if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -921,15 +963,14 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_ * Since: 3.4.2 **/ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_t signer, - unsigned idx, - const gnutls_datum_t *data, - unsigned flags) + gnutls_x509_crt_t signer, + unsigned idx, + const gnutls_datum_t * data, unsigned flags) { int count, ret; - gnutls_datum_t tmpdata = {NULL, 0}; + gnutls_datum_t tmpdata = { NULL, 0 }; gnutls_pkcs7_signature_info_st info; - gnutls_datum_t sigdata = {NULL, 0}; + gnutls_datum_t sigdata = { NULL, 0 }; char root[128]; memset(&info, 0, sizeof(info)); @@ -937,8 +978,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -956,7 +998,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, goto cleanup; } - ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig); + ret = + gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, + &info.sig); if (ret < 0) { gnutls_assert(); } @@ -971,18 +1015,22 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, static gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, - gnutls_typed_vdata_st *vdata, unsigned vdata_size, - gnutls_pkcs7_signature_info_st *info) + gnutls_typed_vdata_st * vdata, + unsigned vdata_size, + gnutls_pkcs7_signature_info_st * info) { gnutls_x509_crt_t issuer = NULL, crt = NULL; int ret, count; uint8_t serial[128]; size_t serial_size; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; unsigned i, vtmp; if (info->issuer_dn.data) { - ret = gnutls_x509_trust_list_get_issuer_by_dn(tl, &info->issuer_dn, &issuer, 0); + ret = + gnutls_x509_trust_list_get_issuer_by_dn(tl, + &info->issuer_dn, + &issuer, 0); if (ret < 0) { gnutls_assert(); issuer = NULL; @@ -990,7 +1038,13 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, } if (info->issuer_keyid.data && issuer == NULL) { - ret = gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, NULL, &info->issuer_keyid, &issuer, 0); + ret = + gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, + NULL, + &info-> + issuer_keyid, + &issuer, + 0); if (ret < 0) { gnutls_assert(); issuer = NULL; @@ -1003,9 +1057,11 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, } /* check issuer's key purpose */ - for (i=0;i<vdata_size;i++) { + for (i = 0; i < vdata_size; i++) { if (vdata[i].type == GNUTLS_DT_KEY_PURPOSE_OID) { - ret = _gnutls_check_key_purpose(issuer, (char*)vdata[i].data, 0); + ret = + _gnutls_check_key_purpose(issuer, + (char *)vdata[i].data, 0); if (ret == 0) { gnutls_assert(); goto fail; @@ -1025,7 +1081,9 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, goto fail; } - if (serial_size == info->signer_serial.size && memcmp(info->signer_serial.data, serial, serial_size) == 0) { + if (serial_size == info->signer_serial.size + && memcmp(info->signer_serial.data, serial, + serial_size) == 0) { /* issuer == signer */ return issuer; } @@ -1037,7 +1095,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, goto fail; } - for (i=0;i<(unsigned)count;i++) { + for (i = 0; i < (unsigned)count; i++) { /* Try to find the signer in the appended list. */ ret = gnutls_pkcs7_get_crt_raw2(pkcs7, 0, &tmp); if (ret < 0) { @@ -1064,14 +1122,19 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, goto fail; } - if (serial_size != info->signer_serial.size || memcmp(info->signer_serial.data, serial, serial_size) != 0) { + if (serial_size != info->signer_serial.size + || memcmp(info->signer_serial.data, serial, + serial_size) != 0) { gnutls_assert(); goto skip; } - ret = gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, vdata_size, 0, &vtmp, NULL); + ret = + gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, + vdata_size, 0, &vtmp, + NULL); if (ret < 0 || vtmp != 0) { - gnutls_assert(); /* maybe next one is trusted */ + gnutls_assert(); /* maybe next one is trusted */ skip: gnutls_x509_crt_deinit(crt); crt = NULL; @@ -1097,7 +1160,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, gnutls_free(tmp.data); if (issuer) gnutls_x509_crt_deinit(issuer); - + return crt; } @@ -1128,14 +1191,13 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, gnutls_typed_vdata_st * vdata, unsigned int vdata_size, unsigned idx, - const gnutls_datum_t *data, - unsigned flags) + const gnutls_datum_t * data, unsigned flags) { int count, ret; - gnutls_datum_t tmpdata = {NULL, 0}; + gnutls_datum_t tmpdata = { NULL, 0 }; gnutls_pkcs7_signature_info_st info; gnutls_x509_crt_t signer; - gnutls_datum_t sigdata = {NULL, 0}; + gnutls_datum_t sigdata = { NULL, 0 }; char root[128]; memset(&info, 0, sizeof(info)); @@ -1143,8 +1205,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1165,7 +1228,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, signer = find_signer(pkcs7, tl, vdata, vdata_size, &info); if (signer) { - ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig); + ret = + gnutls_x509_crt_verify_data2(signer, info.algo, flags, + &sigdata, &info.sig); if (ret < 0) { gnutls_assert(); } @@ -1175,7 +1240,6 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; } - cleanup: gnutls_free(tmpdata.data); gnutls_free(sigdata.data); @@ -1195,7 +1259,8 @@ static void disable_opt_fields(gnutls_pkcs7_t pkcs7) asn1_write_value(pkcs7->signed_data, "crls", NULL, 0); } - result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); + result = + asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); if (result != ASN1_SUCCESS || count == 0) { asn1_write_value(pkcs7->signed_data, "certificates", NULL, 0); } @@ -1213,8 +1278,9 @@ static int reencode(gnutls_pkcs7_t pkcs7) /* Replace the old content with the new */ result = - _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", pkcs7->pkcs7, - "content", 0); + _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", + pkcs7->pkcs7, "content", + 0); if (result < 0) { return gnutls_assert_val(result); } @@ -1222,7 +1288,8 @@ static int reencode(gnutls_pkcs7_t pkcs7) /* Write the content type of the signed data */ result = - asn1_write_value(pkcs7->pkcs7, "contentType", SIGNED_DATA_OID, 1); + asn1_write_value(pkcs7->pkcs7, "contentType", + SIGNED_DATA_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1296,8 +1363,7 @@ gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7, if ((ret = reencode(pkcs7)) < 0) return gnutls_assert_val(ret); - return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7, - out); + return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7, out); } /* Creates an empty signed data structure in the pkcs7 @@ -1339,8 +1405,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) goto cleanup; } - result = - asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0); + result = asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1356,10 +1421,9 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) /* Add no signerInfos. */ - return 0; - cleanup: + cleanup: asn1_delete_structure(sdata); return result; @@ -1376,8 +1440,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) +int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) { int result; @@ -1391,7 +1454,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) /* The pkcs7 structure is new, so create the * signedData. */ - result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); + result = + create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); if (result < 0) { gnutls_assert(); return result; @@ -1409,7 +1473,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) } result = - asn1_write_value(pkcs7->signed_data, "certificates.?LAST", "certificate", 1); + asn1_write_value(pkcs7->signed_data, "certificates.?LAST", + "certificate", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1417,18 +1482,18 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) } result = - asn1_write_value(pkcs7->signed_data, "certificates.?LAST.certificate", - crt->data, crt->size); + asn1_write_value(pkcs7->signed_data, + "certificates.?LAST.certificate", crt->data, + crt->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = 0; - cleanup: + cleanup: return result; } @@ -1470,7 +1535,6 @@ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) return 0; } - /** * gnutls_pkcs7_delete_crt: * @pkcs7: The pkcs7 type @@ -1504,7 +1568,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) return 0; - cleanup: + cleanup: return result; } @@ -1527,7 +1591,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) **/ int gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, - unsigned indx, gnutls_datum_t *crl) + unsigned indx, gnutls_datum_t * crl) { int result; char root2[ASN1_MAX_NAME_SIZE]; @@ -1550,8 +1614,9 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, /* Get the raw CRL */ - result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size, - root2, &start, &end); + result = + asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size, + root2, &start, &end); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -1563,7 +1628,7 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, result = _gnutls_set_datum(crl, &tmp.data[start], end); - cleanup: + cleanup: _gnutls_free_datum(&tmp); return result; } @@ -1588,13 +1653,13 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, unsigned indx, void *crl, size_t * crl_size) { int ret; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; ret = gnutls_pkcs7_get_crl_raw2(pkcs7, indx, &tmp); if (ret < 0) return gnutls_assert_val(ret); - if ((unsigned) tmp.size > *crl_size) { + if ((unsigned)tmp.size > *crl_size) { *crl_size = tmp.size; ret = GNUTLS_E_SHORT_MEMORY_BUFFER; goto cleanup; @@ -1604,7 +1669,7 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, if (crl) memcpy(crl, tmp.data, tmp.size); - cleanup: + cleanup: _gnutls_free_datum(&tmp); return ret; } @@ -1648,8 +1713,7 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) +int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) { int result; @@ -1663,7 +1727,8 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) /* The pkcs7 structure is new, so create the * signedData. */ - result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); + result = + create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); if (result < 0) { gnutls_assert(); return result; @@ -1680,7 +1745,9 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) goto cleanup; } - result = asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, crl->size); + result = + asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, + crl->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1689,7 +1756,7 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) result = 0; - cleanup: + cleanup: return result; } @@ -1763,11 +1830,12 @@ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx) return 0; - cleanup: + cleanup: return result; } -static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t signer, unsigned flags) +static int write_signer_id(ASN1_TYPE c2, const char *root, + gnutls_x509_crt_t signer, unsigned flags) { int result; size_t serial_size; @@ -1778,8 +1846,7 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig const uint8_t ver = 3; snprintf(name, sizeof(name), "%s.version", root); - result = - asn1_write_value(c2, name, &ver, 1); + result = asn1_write_value(c2, name, &ver, 1); snprintf(name, sizeof(name), "%s.sid", root); result = asn1_write_value(c2, name, "subjectKeyIdentifier", 1); @@ -1789,7 +1856,9 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig } serial_size = sizeof(serial); - result = gnutls_x509_crt_get_subject_key_id(signer, serial, &serial_size, NULL); + result = + gnutls_x509_crt_get_subject_key_id(signer, serial, + &serial_size, NULL); if (result < 0) return gnutls_assert_val(result); @@ -1801,7 +1870,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig } } else { serial_size = sizeof(serial); - result = gnutls_x509_crt_get_serial(signer, serial, &serial_size); + result = + gnutls_x509_crt_get_serial(signer, serial, &serial_size); if (result < 0) return gnutls_assert_val(result); @@ -1812,15 +1882,19 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig return _gnutls_asn2err(result); } - snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.serialNumber", root); + snprintf(name, sizeof(name), + "%s.sid.issuerAndSerialNumber.serialNumber", root); result = asn1_write_value(c2, name, serial, serial_size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.issuer", root); - result = asn1_copy_node(c2, name, signer->cert, "tbsCertificate.issuer"); + snprintf(name, sizeof(name), + "%s.sid.issuerAndSerialNumber.issuer", root); + result = + asn1_copy_node(c2, name, signer->cert, + "tbsCertificate.issuer"); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1830,7 +1904,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig return 0; } -static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, unsigned already_set) +static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, + unsigned already_set) { char name[256]; gnutls_pkcs7_attrs_st *p = attrs; @@ -1841,7 +1916,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, if (already_set == 0) asn1_write_value(c2, root, NULL, 0); } else { - while(p != NULL) { + while (p != NULL) { result = asn1_write_value(c2, root, "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -1849,8 +1924,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, } snprintf(name, sizeof(name), "%s.?LAST.type", root); - result = - asn1_write_value(c2, name, p->oid, 1); + result = asn1_write_value(c2, name, p->oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1863,8 +1937,11 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, return _gnutls_asn2err(result); } - snprintf(name, sizeof(name), "%s.?LAST.values.?1", root); - result = asn1_write_value(c2, name, p->data.data, p->data.size); + snprintf(name, sizeof(name), "%s.?LAST.values.?1", + root); + result = + asn1_write_value(c2, name, p->data.data, + p->data.size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1877,14 +1954,15 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, return 0; } -static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t *data, - const mac_entry_st *me, gnutls_pkcs7_attrs_t other_attrs, - unsigned flags) +static int write_attributes(ASN1_TYPE c2, const char *root, + const gnutls_datum_t * data, + const mac_entry_st * me, + gnutls_pkcs7_attrs_t other_attrs, unsigned flags) { char name[256]; int result, ret; uint8_t digest[MAX_HASH_SIZE]; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; unsigned digest_size; unsigned already_set = 0; @@ -1903,8 +1981,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t } snprintf(name, sizeof(name), "%s.?LAST.type", root); - result = - asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1); + result = asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1930,7 +2007,6 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t already_set = 1; } - ret = add_attrs(c2, root, other_attrs, already_set); if (ret < 0) { gnutls_assert(); @@ -1947,8 +2023,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t } snprintf(name, sizeof(name), "%s.?LAST.type", root); - result = - asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1); + result = asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1963,7 +2038,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t return ret; } - ret = _gnutls_x509_get_raw_field(c2, "encapContentInfo.eContentType", &tmp); + ret = + _gnutls_x509_get_raw_field(c2, + "encapContentInfo.eContentType", + &tmp); if (ret < 0) { gnutls_assert(); return ret; @@ -1998,9 +2076,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t } snprintf(name, sizeof(name), "%s.?LAST", root); - ret = _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST, - c2, name, - digest, digest_size, 1); + ret = + _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST, + c2, name, digest, + digest_size, 1); if (ret < 0) { gnutls_assert(); return ret; @@ -2038,15 +2117,14 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer, gnutls_privkey_t signer_key, - const gnutls_datum_t *data, + const gnutls_datum_t * data, gnutls_pkcs7_attrs_t signed_attrs, gnutls_pkcs7_attrs_t unsigned_attrs, - gnutls_digest_algorithm_t dig, - unsigned flags) + gnutls_digest_algorithm_t dig, unsigned flags) { int ret, result; - gnutls_datum_t sigdata = {NULL, 0}; - gnutls_datum_t signature = {NULL, 0}; + gnutls_datum_t sigdata = { NULL, 0 }; + gnutls_datum_t signature = { NULL, 0 }; const mac_entry_st *me = hash_to_entry(dig); unsigned pk, sigalgo; @@ -2054,7 +2132,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, return GNUTLS_E_INVALID_REQUEST; if (pkcs7->signed_data == ASN1_TYPE_EMPTY) { - result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", &pkcs7->signed_data); + result = + asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-SignedData", + &pkcs7->signed_data); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2062,20 +2143,27 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } if (!(flags & GNUTLS_PKCS7_EMBED_DATA)) { - asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", NULL, 0); + asn1_write_value(pkcs7->signed_data, + "encapContentInfo.eContent", NULL, 0); } } asn1_write_value(pkcs7->signed_data, "version", &one, 1); - result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContentType", PLAIN_DATA_OID, 0); + result = + asn1_write_value(pkcs7->signed_data, + "encapContentInfo.eContentType", PLAIN_DATA_OID, + 0); if (result != ASN1_SUCCESS) { ret = _gnutls_asn2err(result); goto cleanup; } - if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */ - result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", data->data, data->size); + if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */ + result = + asn1_write_value(pkcs7->signed_data, + "encapContentInfo.eContent", data->data, + data->size); if (result != ASN1_SUCCESS) { ret = _gnutls_asn2err(result); goto cleanup; @@ -2091,7 +2179,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } /* append digest info algorithm */ - result = asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1); + result = + asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2099,13 +2188,16 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } result = - asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.algorithm", _gnutls_x509_digest_to_oid(me), 1); + asn1_write_value(pkcs7->signed_data, + "digestAlgorithms.?LAST.algorithm", + _gnutls_x509_digest_to_oid(me), 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.parameters", NULL, 0); + asn1_write_value(pkcs7->signed_data, + "digestAlgorithms.?LAST.parameters", NULL, 0); /* append signer's info */ result = asn1_write_value(pkcs7->signed_data, "signerInfos", "NEW", 1); @@ -2116,7 +2208,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", &one, 1); + asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", + &one, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2124,27 +2217,38 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.algorithm", _gnutls_x509_digest_to_oid(me), 1); + asn1_write_value(pkcs7->signed_data, + "signerInfos.?LAST.digestAlgorithm.algorithm", + _gnutls_x509_digest_to_oid(me), 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.parameters", NULL, 0); + asn1_write_value(pkcs7->signed_data, + "signerInfos.?LAST.digestAlgorithm.parameters", NULL, + 0); - ret = write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, flags); + ret = + write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, + flags); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", unsigned_attrs, 0); + ret = + add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", + unsigned_attrs, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = write_attributes(pkcs7->signed_data, "signerInfos.?LAST.signedAttrs", data, me, signed_attrs, flags); + ret = + write_attributes(pkcs7->signed_data, + "signerInfos.?LAST.signedAttrs", data, me, + signed_attrs, flags); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2160,7 +2264,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, * that a generic RSA OID should be used. We switch to this "unexpected" value * because some implementations cannot cope with the "expected" signature values. */ - ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig, 1); + ret = + _gnutls_x509_write_sig_params(pkcs7->signed_data, + "signerInfos.?LAST.signatureAlgorithm", + pk, dig, 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2174,20 +2281,24 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } /* sign the data */ - ret = figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, &sigdata); + ret = + figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, + &sigdata); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature); + ret = + gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature); if (ret < 0) { gnutls_assert(); goto cleanup; } result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", signature.data, signature.size); + asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", + signature.data, signature.size); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2201,4 +2312,3 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, gnutls_free(signature.data); return ret; } - diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index a3dc9ac7b6..73fdc5df4b 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -555,8 +555,8 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, if (key->pk_algorithm == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) { if (memcmp(ptr, PEM_KEY_PKCS8, sizeof(PEM_KEY_PKCS8)-1) == 0) { result = - _gnutls_fbase64_decode(PEM_KEY_PKCS8, begin_ptr, - left, &_data); + _gnutls_fbase64_decode(PEM_KEY_PKCS8, + begin_ptr, left, &_data); if (result >= 0) { /* signal for PKCS #8 keys */ key->pk_algorithm = -1; @@ -758,7 +758,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, if (memcmp(ptr, PEM_KEY_RSA, sizeof(PEM_KEY_RSA)-1) == 0 || memcmp(ptr, PEM_KEY_ECC, sizeof(PEM_KEY_ECC)-1) == 0 || memcmp(ptr, PEM_KEY_DSA, sizeof(PEM_KEY_DSA)-1) == 0) { - head_enc = 0; + head_enc = 0; } } } @@ -788,7 +788,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, /* use the callback if any */ ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); if (ret == 0) { - password = pin; + password = pin; } ret = @@ -1784,17 +1784,17 @@ int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) ret = 0; cleanup: - gnutls_free(m1.data); - gnutls_free(e1.data); - gnutls_free(d1.data); - gnutls_free(p1.data); - gnutls_free(q1.data); - gnutls_free(m2.data); - gnutls_free(e2.data); - gnutls_free(d2.data); - gnutls_free(p2.data); - gnutls_free(q2.data); - return ret; + gnutls_free(m1.data); + gnutls_free(e1.data); + gnutls_free(d1.data); + gnutls_free(p1.data); + gnutls_free(q1.data); + gnutls_free(m2.data); + gnutls_free(e2.data); + gnutls_free(d2.data); + gnutls_free(p2.data); + gnutls_free(q2.data); + return ret; } static @@ -1836,13 +1836,13 @@ int cmp_dsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) ret = 0; cleanup: - gnutls_free(g1.data); - gnutls_free(p1.data); - gnutls_free(q1.data); - gnutls_free(g2.data); - gnutls_free(p2.data); - gnutls_free(q2.data); - return ret; + gnutls_free(g1.data); + gnutls_free(p1.data); + gnutls_free(q1.data); + gnutls_free(g2.data); + gnutls_free(p2.data); + gnutls_free(q2.data); + return ret; } /** @@ -1909,7 +1909,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg ret = cmp_dsa_key(key, okey); cleanup: - gnutls_x509_privkey_deinit(okey); + gnutls_x509_privkey_deinit(okey); return ret; } @@ -2224,7 +2224,7 @@ void gnutls_x509_privkey_set_pin_function(gnutls_x509_privkey_t privkey, * **/ void gnutls_x509_privkey_set_flags(gnutls_x509_privkey_t key, - unsigned int flags) + unsigned int flags) { key->flags |= flags; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index bebc82afc4..74bb466c65 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -70,7 +70,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) case GNUTLS_PK_EC: ret = gnutls_x509_privkey_export2(pkey, GNUTLS_X509_FMT_DER, - raw); + raw); if (ret < 0) { gnutls_assert(); goto error; diff --git a/lib/x509/time.c b/lib/x509/time.c index 9ae270e10e..5ae6be01ee 100644 --- a/lib/x509/time.c +++ b/lib/x509/time.c @@ -64,7 +64,7 @@ static const int MONTHDAYS[] = { /* Whether a given year is a leap year. */ #define ISLEAP(year) \ - (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0)) + (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0)) /* ** Given a struct tm representing a calendar time in UTC, convert it to @@ -234,10 +234,10 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig || gtime >= 253402210800 #endif ) { - if (tag) - *tag = ASN1_TAG_GENERALIZEDTime; - snprintf(str_time, str_time_size, "99991231235959Z"); - return 0; + if (tag) + *tag = ASN1_TAG_GENERALIZEDTime; + snprintf(str_time, str_time_size, "99991231235959Z"); + return 0; } if (!gmtime_r(>ime, &_tm)) { @@ -247,11 +247,11 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig if (_tm.tm_year >= 150) { if (tag) - *tag = ASN1_TAG_GENERALIZEDTime; + *tag = ASN1_TAG_GENERALIZEDTime; ret = strftime(str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm); } else { if (tag) - *tag = ASN1_TAG_UTCTime; + *tag = ASN1_TAG_UTCTime; ret = strftime(str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm); } if (!ret) { @@ -273,8 +273,8 @@ gtime_to_generalTime(time_t gtime, char *str_time, size_t str_time_size) || gtime >= 253402210800 #endif ) { - snprintf(str_time, str_time_size, "99991231235959Z"); - return 0; + snprintf(str_time, str_time_size, "99991231235959Z"); + return 0; } if (!gmtime_r(>ime, &_tm)) { diff --git a/lib/x509/tls_features.c b/lib/x509/tls_features.c index af5bb06a51..d6055fa28a 100644 --- a/lib/x509/tls_features.c +++ b/lib/x509/tls_features.c @@ -214,7 +214,7 @@ int gnutls_x509_crt_set_tlsfeatures(gnutls_x509_crt_t crt, * Since: 3.5.1 **/ unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat, - gnutls_x509_crt_t cert) + gnutls_x509_crt_t cert) { int ret; gnutls_x509_tlsfeatures_t cfeat; diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 6aa732c7d9..e7484ff439 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -346,7 +346,7 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, static int advance_iter(gnutls_x509_trust_list_t list, - gnutls_x509_trust_list_iter_t iter) + gnutls_x509_trust_list_iter_t iter) { int ret; @@ -408,8 +408,8 @@ advance_iter(gnutls_x509_trust_list_t list, **/ int gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list, - gnutls_x509_trust_list_iter_t *iter, - gnutls_x509_crt_t *crt) + gnutls_x509_trust_list_iter_t *iter, + gnutls_x509_crt_t *crt) { int ret; @@ -745,9 +745,9 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, if (gnutls_x509_crl_get_this_update(crl_list[i]) >= gnutls_x509_crl_get_this_update(list->node[hash].crls[x])) { - gnutls_x509_crl_deinit(list->node[hash].crls[x]); - list->node[hash].crls[x] = crl_list[i]; - goto next; + gnutls_x509_crl_deinit(list->node[hash].crls[x]); + list->node[hash].crls[x] = crl_list[i]; + goto next; } else { /* The new is older, discard it */ gnutls_x509_crl_deinit(crl_list[i]); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 3a0fbe04b7..ecd2369b1c 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -660,8 +660,8 @@ verify_crt(gnutls_x509_crt_t cert, if (issuer_version < 0) { MARK_INVALID(0); } else if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && - ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) - || issuer_version != 1)) { + ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) + || issuer_version != 1)) { if (check_if_ca(cert, issuer, &vparams->max_path, flags) != 1) { MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_CA); } @@ -687,11 +687,11 @@ verify_crt(gnutls_x509_crt_t cert, if (me == NULL) { MARK_INVALID(0); } else if (cert_signed_data.data != NULL && - cert_signature.data != NULL) { + cert_signature.data != NULL) { ret = _gnutls_x509_verify_data(me, &cert_signed_data, - &cert_signature, + &cert_signature, issuer); if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) { MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE); @@ -1123,8 +1123,8 @@ _gnutls_pkcs11_verify_crt_status(const char* url, /* check against issuer */ ret = gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1], - &raw_issuer, GNUTLS_X509_FMT_DER, - GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); + &raw_issuer, GNUTLS_X509_FMT_DER, + GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); if (ret < 0) { gnutls_assert(); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && clist_size > 2) { @@ -1132,7 +1132,7 @@ _gnutls_pkcs11_verify_crt_status(const char* url, /* check if the last certificate in the chain is present * in our trusted list, and if yes, verify against it. */ ret = gnutls_pkcs11_crt_is_known(url, certificate_list[clist_size - 1], - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE); + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE); if (ret != 0) { return _gnutls_verify_crt_status(certificate_list, clist_size, &certificate_list[clist_size - 1], 1, flags, diff --git a/lib/x509/x509.c b/lib/x509/x509.c index a781d2e098..25f1d2691a 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -73,7 +73,7 @@ static int crt_reinit(gnutls_x509_crt_t crt) * Since: 3.5.0 **/ unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1, - gnutls_x509_crt_t cert2) + gnutls_x509_crt_t cert2) { int ret; bool result; @@ -305,12 +305,12 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) /* handle equally empty parameters with missing parameters */ if (sp1.size == 2 && memcmp(sp1.data, "\x05\x00", 2) == 0) { empty1 = 1; - _gnutls_free_datum(&sp1); + _gnutls_free_datum(&sp1); } if (sp2.size == 2 && memcmp(sp2.data, "\x05\x00", 2) == 0) { empty2 = 1; - _gnutls_free_datum(&sp2); + _gnutls_free_datum(&sp2); } if (empty1 != empty2 || @@ -322,9 +322,9 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) ret = 0; cleanup: - _gnutls_free_datum(&sp1); - _gnutls_free_datum(&sp2); - return ret; + _gnutls_free_datum(&sp1); + _gnutls_free_datum(&sp2); + return ret; } /** @@ -889,8 +889,8 @@ gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, ret = 0; cleanup: - gnutls_free(dsig.data); - return ret; + gnutls_free(dsig.data); + return ret; } /** @@ -1225,10 +1225,10 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, ret = 0; cleanup: - if (aki != NULL) - gnutls_x509_aki_deinit(aki); - gnutls_free(der.data); - return ret; + if (aki != NULL) + gnutls_x509_aki_deinit(aki); + gnutls_free(der.data); + return ret; } /** @@ -1311,10 +1311,10 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, ret = 0; cleanup: - if (aki != NULL) - gnutls_x509_aki_deinit(aki); - gnutls_free(der.data); - return ret; + if (aki != NULL) + gnutls_x509_aki_deinit(aki); + gnutls_free(der.data); + return ret; } /** @@ -2139,8 +2139,8 @@ gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx, ret = 0; cleanup: - if (policies != NULL) - gnutls_x509_policies_deinit(policies); + if (policies != NULL) + gnutls_x509_policies_deinit(policies); _gnutls_free_datum(&tmpd); return ret; @@ -2846,8 +2846,8 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, return 0; /* not revoked. */ fail: - gnutls_x509_crl_iter_deinit(iter); - return ret; + gnutls_x509_crl_iter_deinit(iter); + return ret; } @@ -2919,7 +2919,7 @@ gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } @@ -3090,9 +3090,9 @@ gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, ret = 0; cleanup: - gnutls_free(ext.data); - if (p!=NULL) - gnutls_x509_key_purpose_deinit(p); + gnutls_free(ext.data); + if (p!=NULL) + gnutls_x509_key_purpose_deinit(p); return ret; } @@ -3137,7 +3137,7 @@ gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } @@ -3186,7 +3186,7 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } @@ -3234,7 +3234,7 @@ gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index dc51e4b68b..d503d5d394 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -2665,7 +2665,7 @@ static int parse_aia(ASN1_TYPE c2, gnutls_x509_aia_t aia) result = asn1_read_value(c2, nptr, tmpoid, &len); if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { - ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; break; } @@ -3141,7 +3141,7 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out) ret = 0; goto cleanup; fail: - memset(out, 0, sizeof(*out)); + memset(out, 0, sizeof(*out)); cleanup: asn1_delete_structure(&c2); return ret; diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 86b9280950..bf6cba155e 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -335,8 +335,8 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, - gnutls_x509_crq_t crq, const char *oid, - unsigned flags) + gnutls_x509_crq_t crq, const char *oid, + unsigned flags) { size_t i; @@ -835,10 +835,9 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, /* generate the extension. */ result = - _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, - encoded_data.data, encoded_data.size, - &prev_der_data, - &der_data); + _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, + encoded_data.data, encoded_data.size, + &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); @@ -926,11 +925,9 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, /* generate the extension. */ result = - _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, - encoded_data.data, encoded_data.size, - &prev_der_data, - &der_data); - + _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, + encoded_data.data, encoded_data.size, + &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); goto finish; @@ -1818,9 +1815,9 @@ gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt, goto cleanup; } - cleanup: - if (aia_ctx != NULL) - gnutls_x509_aia_deinit(aia_ctx); + cleanup: + if (aia_ctx != NULL) + gnutls_x509_aia_deinit(aia_ctx); _gnutls_free_datum(&new_der); _gnutls_free_datum(&der); @@ -1899,8 +1896,8 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, &der_data, 0); cleanup: - if (policies != NULL) - gnutls_x509_policies_deinit(policies); + if (policies != NULL) + gnutls_x509_policies_deinit(policies); _gnutls_free_datum(&prev_der_data); _gnutls_free_datum(&der_data); |