summaryrefslogtreecommitdiff
path: root/libdane
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:14:07 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:17:10 +0100
commit76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch)
tree1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /libdane
parent559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff)
downloadgnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz
reindented code
Diffstat (limited to 'libdane')
-rw-r--r--libdane/dane-params.c117
-rw-r--r--libdane/dane.c1086
-rw-r--r--libdane/errors.c98
-rw-r--r--libdane/includes/gnutls/dane.h139
4 files changed, 687 insertions, 753 deletions
diff --git a/libdane/dane-params.c b/libdane/dane-params.c
index 86b4d27519..eff3548cb2 100644
--- a/libdane/dane-params.c
+++ b/libdane/dane-params.c
@@ -32,46 +32,40 @@
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
-typedef struct cert_type_entry
-{
- const char* name;
- dane_cert_type_t type;
+typedef struct cert_type_entry {
+ const char *name;
+ dane_cert_type_t type;
} cert_type_entry;
-static const cert_type_entry dane_cert_types[] =
-{
- {"X.509", DANE_CERT_X509},
- {"SubjectPublicKeyInfo", DANE_CERT_PK},
- {NULL, 0}
+static const cert_type_entry dane_cert_types[] = {
+ {"X.509", DANE_CERT_X509},
+ {"SubjectPublicKeyInfo", DANE_CERT_PK},
+ {NULL, 0}
};
-typedef struct match_type_entry
-{
- const char* name;
- dane_match_type_t type;
+typedef struct match_type_entry {
+ const char *name;
+ dane_match_type_t type;
} match_type_entry;
-static const match_type_entry dane_match_types[] =
-{
- {"Exact match", DANE_MATCH_EXACT},
- {"SHA2-256 hash", DANE_MATCH_SHA2_256},
- {"SHA2-512 hash", DANE_MATCH_SHA2_512},
- {NULL, 0}
+static const match_type_entry dane_match_types[] = {
+ {"Exact match", DANE_MATCH_EXACT},
+ {"SHA2-256 hash", DANE_MATCH_SHA2_256},
+ {"SHA2-512 hash", DANE_MATCH_SHA2_512},
+ {NULL, 0}
};
-typedef struct cert_usage_entry
-{
- const char* name;
- dane_cert_usage_t usage;
+typedef struct cert_usage_entry {
+ const char *name;
+ dane_cert_usage_t usage;
} cert_usage_entry;
-static const cert_usage_entry dane_cert_usages[] =
-{
- {"CA", DANE_CERT_USAGE_CA},
- {"End-entity", DANE_CERT_USAGE_EE},
- {"Local CA", DANE_CERT_USAGE_LOCAL_CA},
- {"Local end-entity", DANE_CERT_USAGE_LOCAL_EE},
- {NULL, 0}
+static const cert_usage_entry dane_cert_usages[] = {
+ {"CA", DANE_CERT_USAGE_CA},
+ {"End-entity", DANE_CERT_USAGE_EE},
+ {"Local CA", DANE_CERT_USAGE_LOCAL_CA},
+ {"Local end-entity", DANE_CERT_USAGE_LOCAL_EE},
+ {NULL, 0}
};
@@ -85,18 +79,17 @@ static const cert_usage_entry dane_cert_usages[] =
* Returns: a string that contains the name of the specified
* type, or %NULL.
**/
-const char* dane_cert_type_name(dane_cert_type_t type)
+const char *dane_cert_type_name(dane_cert_type_t type)
{
-const cert_type_entry* e = dane_cert_types;
-
- while(e->name != NULL)
- {
- if (e->type == type)
- return e->name;
- e++;
- }
-
- return NULL;
+ const cert_type_entry *e = dane_cert_types;
+
+ while (e->name != NULL) {
+ if (e->type == type)
+ return e->name;
+ e++;
+ }
+
+ return NULL;
}
/**
@@ -108,18 +101,17 @@ const cert_type_entry* e = dane_cert_types;
* Returns: a string that contains the name of the specified
* type, or %NULL.
**/
-const char* dane_match_type_name(dane_match_type_t type)
+const char *dane_match_type_name(dane_match_type_t type)
{
-const match_type_entry* e = dane_match_types;
-
- while(e->name != NULL)
- {
- if (e->type == type)
- return e->name;
- e++;
- }
-
- return NULL;
+ const match_type_entry *e = dane_match_types;
+
+ while (e->name != NULL) {
+ if (e->type == type)
+ return e->name;
+ e++;
+ }
+
+ return NULL;
}
/**
@@ -131,17 +123,16 @@ const match_type_entry* e = dane_match_types;
* Returns: a string that contains the name of the specified
* type, or %NULL.
**/
-const char* dane_cert_usage_name(dane_cert_usage_t usage)
+const char *dane_cert_usage_name(dane_cert_usage_t usage)
{
-const cert_usage_entry* e = dane_cert_usages;
-
- while(e->name != NULL)
- {
- if (e->usage == usage)
- return e->name;
- e++;
- }
-
- return NULL;
+ const cert_usage_entry *e = dane_cert_usages;
+
+ while (e->name != NULL) {
+ if (e->usage == usage)
+ return e->name;
+ e++;
+ }
+
+ return NULL;
}
diff --git a/libdane/dane.c b/libdane/dane.c
index b9d9ba293c..26b9a86eeb 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -41,33 +41,30 @@
#ifdef DEBUG
#define gnutls_assert() fprintf(stderr, "ASSERT: %s: %d\n", __FILE__, __LINE__);
#define gnutls_assert_val(x) gnutls_assert_val_int(x, __FILE__, __LINE__)
-static int
-gnutls_assert_val_int (int val, const char *file, int line)
+static int gnutls_assert_val_int(int val, const char *file, int line)
{
- fprintf (stderr, "ASSERT: %s: %d\n", file, line);
- return val;
+ fprintf(stderr, "ASSERT: %s: %d\n", file, line);
+ return val;
}
#else
#define gnutls_assert()
#define gnutls_assert_val(x) (x)
#endif
-struct dane_state_st
-{
- struct ub_ctx *ctx;
- unsigned int flags;
+struct dane_state_st {
+ struct ub_ctx *ctx;
+ unsigned int flags;
};
-struct dane_query_st
-{
- struct ub_result *result;
- unsigned int data_entries;
- dane_cert_usage_t usage[MAX_DATA_ENTRIES];
- dane_cert_type_t type[MAX_DATA_ENTRIES];
- dane_match_type_t match[MAX_DATA_ENTRIES];
- gnutls_datum_t data[MAX_DATA_ENTRIES];
- unsigned int flags;
- dane_query_status_t status;
+struct dane_query_st {
+ struct ub_result *result;
+ unsigned int data_entries;
+ dane_cert_usage_t usage[MAX_DATA_ENTRIES];
+ dane_cert_type_t type[MAX_DATA_ENTRIES];
+ dane_match_type_t match[MAX_DATA_ENTRIES];
+ gnutls_datum_t data[MAX_DATA_ENTRIES];
+ unsigned int flags;
+ dane_query_status_t status;
};
/**
@@ -79,10 +76,9 @@ struct dane_query_st
*
* Returns: The status type.
**/
-dane_query_status_t
-dane_query_status (dane_query_t q)
+dane_query_status_t dane_query_status(dane_query_t q)
{
- return q->status;
+ return q->status;
}
/**
@@ -93,10 +89,9 @@ dane_query_status (dane_query_t q)
*
* Returns: The number of entries.
**/
-unsigned int
-dane_query_entries (dane_query_t q)
+unsigned int dane_query_entries(dane_query_t q)
{
- return q->data_entries;
+ return q->data_entries;
}
/**
@@ -115,26 +110,26 @@ dane_query_entries (dane_query_t q)
* negative error value.
**/
int
-dane_query_data (dane_query_t q, unsigned int idx,
- unsigned int *usage, unsigned int *type,
- unsigned int *match, gnutls_datum_t * data)
+dane_query_data(dane_query_t q, unsigned int idx,
+ unsigned int *usage, unsigned int *type,
+ unsigned int *match, gnutls_datum_t * data)
{
- if (idx >= q->data_entries)
- return gnutls_assert_val (DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (usage)
- *usage = q->usage[idx];
- if (type)
- *type = q->type[idx];
- if (match)
- *match = q->match[idx];
- if (data)
- {
- data->data = q->data[idx].data;
- data->size = q->data[idx].size;
- }
-
- return DANE_E_SUCCESS;
+ if (idx >= q->data_entries)
+ return
+ gnutls_assert_val(DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (usage)
+ *usage = q->usage[idx];
+ if (type)
+ *type = q->type[idx];
+ if (match)
+ *match = q->match[idx];
+ if (data) {
+ data->data = q->data[idx].data;
+ data->size = q->data[idx].size;
+ }
+
+ return DANE_E_SUCCESS;
}
/**
@@ -147,65 +142,60 @@ dane_query_data (dane_query_t q, unsigned int idx,
* Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-dane_state_init (dane_state_t * s, unsigned int flags)
+int dane_state_init(dane_state_t * s, unsigned int flags)
{
- struct ub_ctx *ctx;
- int ret;
-
- *s = calloc (1, sizeof (struct dane_state_st));
- if (*s == NULL)
- return gnutls_assert_val (DANE_E_MEMORY_ERROR);
-
- ctx = ub_ctx_create ();
- if (!ctx)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
- ub_ctx_debugout (ctx, stderr);
-
- if (!(flags & DANE_F_IGNORE_LOCAL_RESOLVER))
- {
- if ((ret = ub_ctx_resolvconf (ctx, NULL)) != 0)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
-
- if ((ret = ub_ctx_hosts (ctx, NULL)) != 0)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
- }
-
- /* read public keys for DNSSEC verification */
- if (!(flags & DANE_F_IGNORE_DNSSEC))
- {
- if ((ret =
- ub_ctx_add_ta_file (ctx, (char *) UNBOUND_ROOT_KEY_FILE)) != 0)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
- }
-
- (*s)->ctx = ctx;
- (*s)->flags = flags;
-
- return DANE_E_SUCCESS;
-cleanup:
-
- if (ctx)
- ub_ctx_delete (ctx);
- free (*s);
-
- return ret;
+ struct ub_ctx *ctx;
+ int ret;
+
+ *s = calloc(1, sizeof(struct dane_state_st));
+ if (*s == NULL)
+ return gnutls_assert_val(DANE_E_MEMORY_ERROR);
+
+ ctx = ub_ctx_create();
+ if (!ctx) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+ ub_ctx_debugout(ctx, stderr);
+
+ if (!(flags & DANE_F_IGNORE_LOCAL_RESOLVER)) {
+ if ((ret = ub_ctx_resolvconf(ctx, NULL)) != 0) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+
+ if ((ret = ub_ctx_hosts(ctx, NULL)) != 0) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+ }
+
+ /* read public keys for DNSSEC verification */
+ if (!(flags & DANE_F_IGNORE_DNSSEC)) {
+ if ((ret =
+ ub_ctx_add_ta_file(ctx,
+ (char *) UNBOUND_ROOT_KEY_FILE)) !=
+ 0) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+ }
+
+ (*s)->ctx = ctx;
+ (*s)->flags = flags;
+
+ return DANE_E_SUCCESS;
+ cleanup:
+
+ if (ctx)
+ ub_ctx_delete(ctx);
+ free(*s);
+
+ return ret;
}
/**
@@ -215,11 +205,10 @@ cleanup:
* This function will deinitialize a DANE query structure.
*
**/
-void
-dane_state_deinit (dane_state_t s)
+void dane_state_deinit(dane_state_t s)
{
- ub_ctx_delete (s->ctx);
- free (s);
+ ub_ctx_delete(s->ctx);
+ free(s);
}
/**
@@ -231,17 +220,17 @@ dane_state_deinit (dane_state_t s)
* for DLV (DNSSEC Lookaside Validation).
*
**/
-int
-dane_state_set_dlv_file (dane_state_t s, const char *file)
+int dane_state_set_dlv_file(dane_state_t s, const char *file)
{
- int ret;
+ int ret;
- ret =
- ub_ctx_set_option (s->ctx, (char *) "dlv-anchor-file:", (void *) file);
- if (ret != 0)
- return gnutls_assert_val (DANE_E_FILE_ERROR);
+ ret =
+ ub_ctx_set_option(s->ctx, (char *) "dlv-anchor-file:",
+ (void *) file);
+ if (ret != 0)
+ return gnutls_assert_val(DANE_E_FILE_ERROR);
- return 0;
+ return 0;
}
/**
@@ -251,12 +240,11 @@ dane_state_set_dlv_file (dane_state_t s, const char *file)
* This function will deinitialize a DANE query result structure.
*
**/
-void
-dane_query_deinit (dane_query_t q)
+void dane_query_deinit(dane_query_t q)
{
- if (q->result)
- ub_resolve_free (q->result);
- free (q);
+ if (q->result)
+ ub_resolve_free(q->result);
+ free(q);
}
@@ -280,59 +268,54 @@ dane_query_deinit (dane_query_t q)
* negative error value.
**/
int
-dane_raw_tlsa (dane_state_t s, dane_query_t * r, char *const *dane_data,
- const int *dane_data_len, int secure, int bogus)
+dane_raw_tlsa(dane_state_t s, dane_query_t * r, char *const *dane_data,
+ const int *dane_data_len, int secure, int bogus)
{
- int ret = DANE_E_SUCCESS;
- unsigned int i;
-
- *r = calloc (1, sizeof (struct dane_query_st));
- if (*r == NULL)
- return gnutls_assert_val (DANE_E_MEMORY_ERROR);
-
- (*r)->data_entries = 0;
-
- for (i = 0; i < MAX_DATA_ENTRIES; i++)
- {
- if (dane_data[i] == NULL)
- break;
-
- if (dane_data_len[i] <= 3)
- return gnutls_assert_val (DANE_E_RECEIVED_CORRUPT_DATA);
-
- (*r)->usage[i] = dane_data[i][0];
- (*r)->type[i] = dane_data[i][1];
- (*r)->match[i] = dane_data[i][2];
- (*r)->data[i].data = (void *) &dane_data[i][3];
- (*r)->data[i].size = dane_data_len[i] - 3;
- (*r)->data_entries++;
- }
-
- if (!(s->flags & DANE_F_INSECURE) && !secure)
- {
- if (bogus)
- ret = gnutls_assert_val (DANE_E_INVALID_DNSSEC_SIG);
- else
- ret = gnutls_assert_val (DANE_E_NO_DNSSEC_SIG);
- }
-
- /* show security status */
- if (secure)
- {
- (*r)->status = DANE_QUERY_DNSSEC_VERIFIED;
- }
- else if (bogus)
- {
- gnutls_assert ();
- (*r)->status = DANE_QUERY_BOGUS;
- }
- else
- {
- gnutls_assert ();
- (*r)->status = DANE_QUERY_NO_DNSSEC;
- }
-
- return ret;
+ int ret = DANE_E_SUCCESS;
+ unsigned int i;
+
+ *r = calloc(1, sizeof(struct dane_query_st));
+ if (*r == NULL)
+ return gnutls_assert_val(DANE_E_MEMORY_ERROR);
+
+ (*r)->data_entries = 0;
+
+ for (i = 0; i < MAX_DATA_ENTRIES; i++) {
+ if (dane_data[i] == NULL)
+ break;
+
+ if (dane_data_len[i] <= 3)
+ return
+ gnutls_assert_val
+ (DANE_E_RECEIVED_CORRUPT_DATA);
+
+ (*r)->usage[i] = dane_data[i][0];
+ (*r)->type[i] = dane_data[i][1];
+ (*r)->match[i] = dane_data[i][2];
+ (*r)->data[i].data = (void *) &dane_data[i][3];
+ (*r)->data[i].size = dane_data_len[i] - 3;
+ (*r)->data_entries++;
+ }
+
+ if (!(s->flags & DANE_F_INSECURE) && !secure) {
+ if (bogus)
+ ret = gnutls_assert_val(DANE_E_INVALID_DNSSEC_SIG);
+ else
+ ret = gnutls_assert_val(DANE_E_NO_DNSSEC_SIG);
+ }
+
+ /* show security status */
+ if (secure) {
+ (*r)->status = DANE_QUERY_DNSSEC_VERIFIED;
+ } else if (bogus) {
+ gnutls_assert();
+ (*r)->status = DANE_QUERY_BOGUS;
+ } else {
+ gnutls_assert();
+ (*r)->status = DANE_QUERY_NO_DNSSEC;
+ }
+
+ return ret;
}
@@ -351,299 +334,269 @@ dane_raw_tlsa (dane_state_t s, dane_query_t * r, char *const *dane_data,
* negative error value.
**/
int
-dane_query_tlsa (dane_state_t s, dane_query_t * r, const char *host,
- const char *proto, unsigned int port)
+dane_query_tlsa(dane_state_t s, dane_query_t * r, const char *host,
+ const char *proto, unsigned int port)
{
- char ns[1024];
- int ret;
- struct ub_result *result;
+ char ns[1024];
+ int ret;
+ struct ub_result *result;
- snprintf (ns, sizeof (ns), "_%u._%s.%s", port, proto, host);
+ snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
- /* query for webserver */
- ret = ub_resolve (s->ctx, ns, 52, 1, &result);
- if (ret != 0)
- {
- return gnutls_assert_val (DANE_E_RESOLVING_ERROR);
- }
+ /* query for webserver */
+ ret = ub_resolve(s->ctx, ns, 52, 1, &result);
+ if (ret != 0) {
+ return gnutls_assert_val(DANE_E_RESOLVING_ERROR);
+ }
/* show first result */
- if (!result->havedata)
- {
- ub_resolve_free (result);
- return gnutls_assert_val (DANE_E_NO_DANE_DATA);
- }
-
- ret =
- dane_raw_tlsa (s, r, result->data, result->len, result->secure,
- result->bogus);
- if (*r == NULL)
- {
- ub_resolve_free (result);
- return ret;
- }
- (*r)->result = result;
- return ret;
+ if (!result->havedata) {
+ ub_resolve_free(result);
+ return gnutls_assert_val(DANE_E_NO_DANE_DATA);
+ }
+
+ ret =
+ dane_raw_tlsa(s, r, result->data, result->len, result->secure,
+ result->bogus);
+ if (*r == NULL) {
+ ub_resolve_free(result);
+ return ret;
+ }
+ (*r)->result = result;
+ return ret;
}
static unsigned int
-matches (const gnutls_datum_t * raw1, const gnutls_datum_t * raw2,
- dane_match_type_t match)
+matches(const gnutls_datum_t * raw1, const gnutls_datum_t * raw2,
+ dane_match_type_t match)
{
- uint8_t digest[64];
- int ret;
+ uint8_t digest[64];
+ int ret;
- if (match == DANE_MATCH_EXACT)
- {
- if (raw1->size != raw2->size)
- return gnutls_assert_val (0);
+ if (match == DANE_MATCH_EXACT) {
+ if (raw1->size != raw2->size)
+ return gnutls_assert_val(0);
- if (memcmp (raw1->data, raw2->data, raw1->size) != 0)
- return gnutls_assert_val (0);
+ if (memcmp(raw1->data, raw2->data, raw1->size) != 0)
+ return gnutls_assert_val(0);
- return 1;
- }
- else if (match == DANE_MATCH_SHA2_256)
- {
+ return 1;
+ } else if (match == DANE_MATCH_SHA2_256) {
- if (raw2->size != 32)
- return gnutls_assert_val (0);
+ if (raw2->size != 32)
+ return gnutls_assert_val(0);
- ret =
- gnutls_hash_fast (GNUTLS_DIG_SHA256, raw1->data, raw1->size, digest);
- if (ret < 0)
- return gnutls_assert_val (0);
+ ret =
+ gnutls_hash_fast(GNUTLS_DIG_SHA256, raw1->data,
+ raw1->size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(0);
- if (memcmp (digest, raw2->data, 32) != 0)
- return gnutls_assert_val (0);
+ if (memcmp(digest, raw2->data, 32) != 0)
+ return gnutls_assert_val(0);
- return 1;
- }
- else if (match == DANE_MATCH_SHA2_512)
- {
- if (raw2->size != 64)
- return gnutls_assert_val (0);
+ return 1;
+ } else if (match == DANE_MATCH_SHA2_512) {
+ if (raw2->size != 64)
+ return gnutls_assert_val(0);
- ret =
- gnutls_hash_fast (GNUTLS_DIG_SHA512, raw1->data, raw1->size, digest);
- if (ret < 0)
- return gnutls_assert_val (0);
+ ret =
+ gnutls_hash_fast(GNUTLS_DIG_SHA512, raw1->data,
+ raw1->size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(0);
- if (memcmp (digest, raw2->data, 64) != 0)
- return gnutls_assert_val (0);
+ if (memcmp(digest, raw2->data, 64) != 0)
+ return gnutls_assert_val(0);
- return 1;
- }
+ return 1;
+ }
- return gnutls_assert_val (0);
+ return gnutls_assert_val(0);
}
static int
-crt_to_pubkey (const gnutls_datum_t * raw_crt, gnutls_datum_t * out)
+crt_to_pubkey(const gnutls_datum_t * raw_crt, gnutls_datum_t * out)
{
- gnutls_pubkey_t pub = NULL;
- gnutls_x509_crt_t crt = NULL;
- int ret;
-
- out->data = NULL;
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- return gnutls_assert_val (DANE_E_PUBKEY_ERROR);
-
- ret = gnutls_pubkey_init (&pub);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import (crt, raw_crt, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509 (pub, crt, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export2 (pub, GNUTLS_X509_FMT_DER, out);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = 0;
- goto clean_certs;
-
-cleanup:
- free (out->data);
- out->data = NULL;
-clean_certs:
- if (pub)
- gnutls_pubkey_deinit (pub);
- if (crt)
- gnutls_x509_crt_deinit (crt);
-
- return ret;
+ gnutls_pubkey_t pub = NULL;
+ gnutls_x509_crt_t crt = NULL;
+ int ret;
+
+ out->data = NULL;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(DANE_E_PUBKEY_ERROR);
+
+ ret = gnutls_pubkey_init(&pub);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import(crt, raw_crt, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pub, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_export2(pub, GNUTLS_X509_FMT_DER, out);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+ goto clean_certs;
+
+ cleanup:
+ free(out->data);
+ out->data = NULL;
+ clean_certs:
+ if (pub)
+ gnutls_pubkey_deinit(pub);
+ if (crt)
+ gnutls_x509_crt_deinit(crt);
+
+ return ret;
}
static int
-verify_ca (const gnutls_datum_t * raw_crt, unsigned raw_crt_size,
- gnutls_certificate_type_t crt_type,
- dane_cert_type_t ctype,
- dane_match_type_t match, gnutls_datum_t * data,
- unsigned int *verify)
+verify_ca(const gnutls_datum_t * raw_crt, unsigned raw_crt_size,
+ gnutls_certificate_type_t crt_type,
+ dane_cert_type_t ctype,
+ dane_match_type_t match, gnutls_datum_t * data,
+ unsigned int *verify)
{
- gnutls_datum_t pubkey = { NULL, 0 };
- int ret;
- unsigned int vstatus;
- gnutls_x509_crt_t crt = NULL, ca = NULL;
-
- if (raw_crt_size < 2)
- return gnutls_assert_val (DANE_E_INVALID_REQUEST);
-
- if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509)
- {
-
- if (!matches (&raw_crt[1], data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
- }
-
- }
- else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509)
- {
- ret = crt_to_pubkey (&raw_crt[1], &pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (!matches (&pubkey, data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
- }
- }
- else
- {
- ret = gnutls_assert_val (DANE_E_UNKNOWN_DANE_DATA);
- goto cleanup;
- }
-
- /* check if the certificate chain is actually a chain */
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_init (&ca);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import (crt, &raw_crt[0], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import (ca, &raw_crt[1], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_check_issuer (crt, ca);
- if (ret == 0)
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
- }
-
- ret = gnutls_x509_crt_verify (crt, &ca, 1, 0, &vstatus);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
- if (vstatus != 0)
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
-
- ret = 0;
-cleanup:
- free (pubkey.data);
- if (crt != NULL)
- gnutls_x509_crt_deinit (crt);
- if (ca != NULL)
- gnutls_x509_crt_deinit (ca);
- return ret;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+ unsigned int vstatus;
+ gnutls_x509_crt_t crt = NULL, ca = NULL;
+
+ if (raw_crt_size < 2)
+ return gnutls_assert_val(DANE_E_INVALID_REQUEST);
+
+ if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
+
+ if (!matches(&raw_crt[1], data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+ }
+
+ } else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
+ ret = crt_to_pubkey(&raw_crt[1], &pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (!matches(&pubkey, data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+ }
+ } else {
+ ret = gnutls_assert_val(DANE_E_UNKNOWN_DANE_DATA);
+ goto cleanup;
+ }
+
+ /* check if the certificate chain is actually a chain */
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_init(&ca);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_import(crt, &raw_crt[0], GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import(ca, &raw_crt[1], GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_check_issuer(crt, ca);
+ if (ret == 0) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+ }
+
+ ret = gnutls_x509_crt_verify(crt, &ca, 1, 0, &vstatus);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+ if (vstatus != 0)
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+
+ ret = 0;
+ cleanup:
+ free(pubkey.data);
+ if (crt != NULL)
+ gnutls_x509_crt_deinit(crt);
+ if (ca != NULL)
+ gnutls_x509_crt_deinit(ca);
+ return ret;
}
static int
-verify_ee (const gnutls_datum_t * raw_crt, gnutls_certificate_type_t crt_type,
- dane_cert_type_t ctype, dane_match_type_t match,
- gnutls_datum_t * data, unsigned int *verify)
+verify_ee(const gnutls_datum_t * raw_crt,
+ gnutls_certificate_type_t crt_type, dane_cert_type_t ctype,
+ dane_match_type_t match, gnutls_datum_t * data,
+ unsigned int *verify)
{
- gnutls_datum_t pubkey = { NULL, 0 };
- int ret;
-
- if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509)
- {
-
- if (!matches (raw_crt, data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CERT_DIFFERS;
- }
-
- }
- else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509)
- {
-
- ret = crt_to_pubkey (raw_crt, &pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (!matches (&pubkey, data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CERT_DIFFERS;
- }
- }
- else
- {
- ret = gnutls_assert_val (DANE_E_UNKNOWN_DANE_DATA);
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
- free (pubkey.data);
- return ret;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+
+ if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
+
+ if (!matches(raw_crt, data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CERT_DIFFERS;
+ }
+
+ } else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
+
+ ret = crt_to_pubkey(raw_crt, &pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (!matches(&pubkey, data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CERT_DIFFERS;
+ }
+ } else {
+ ret = gnutls_assert_val(DANE_E_UNKNOWN_DANE_DATA);
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ free(pubkey.data);
+ return ret;
}
/**
@@ -678,71 +631,69 @@ cleanup:
*
**/
int
-dane_verify_crt_raw (dane_state_t s,
- const gnutls_datum_t * chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- dane_query_t r,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify)
+dane_verify_crt_raw(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ dane_query_t r,
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify)
{
- int ret;
- unsigned checked = 0;
- unsigned int usage, type, match, idx;
- gnutls_datum_t data;
-
- if (chain_type != GNUTLS_CRT_X509)
- return gnutls_assert_val (DANE_E_INVALID_REQUEST);
-
- *verify = 0;
- idx = 0;
- do
- {
- ret = dane_query_data (r, idx++, &usage, &type, &match, &data);
- if (ret == DANE_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (!(vflags & DANE_VFLAG_ONLY_CHECK_EE_USAGE)
- && (usage == DANE_CERT_USAGE_LOCAL_CA
- || usage == DANE_CERT_USAGE_CA))
- {
- ret =
- verify_ca (chain, chain_size, chain_type, type, match, &data,
- verify);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- checked = 1;
- }
- else if (!(vflags & DANE_VFLAG_ONLY_CHECK_CA_USAGE)
- && (usage == DANE_CERT_USAGE_LOCAL_EE
- || usage == DANE_CERT_USAGE_EE))
- {
- ret = verify_ee (&chain[0], chain_type, type, match, &data, verify);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- checked = 1;
- }
- }
- while (1);
-
- if ((vflags & DANE_VFLAG_FAIL_IF_NOT_CHECKED) && checked == 0)
- ret = gnutls_assert_val (DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
- else
- ret = 0;
-
-cleanup:
- return ret;
+ int ret;
+ unsigned checked = 0;
+ unsigned int usage, type, match, idx;
+ gnutls_datum_t data;
+
+ if (chain_type != GNUTLS_CRT_X509)
+ return gnutls_assert_val(DANE_E_INVALID_REQUEST);
+
+ *verify = 0;
+ idx = 0;
+ do {
+ ret =
+ dane_query_data(r, idx++, &usage, &type, &match,
+ &data);
+ if (ret == DANE_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (!(vflags & DANE_VFLAG_ONLY_CHECK_EE_USAGE)
+ && (usage == DANE_CERT_USAGE_LOCAL_CA
+ || usage == DANE_CERT_USAGE_CA)) {
+ ret =
+ verify_ca(chain, chain_size, chain_type, type,
+ match, &data, verify);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ checked = 1;
+ } else if (!(vflags & DANE_VFLAG_ONLY_CHECK_CA_USAGE)
+ && (usage == DANE_CERT_USAGE_LOCAL_EE
+ || usage == DANE_CERT_USAGE_EE)) {
+ ret =
+ verify_ee(&chain[0], chain_type, type, match,
+ &data, verify);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ checked = 1;
+ }
+ }
+ while (1);
+
+ if ((vflags & DANE_VFLAG_FAIL_IF_NOT_CHECKED) && checked == 0)
+ ret =
+ gnutls_assert_val(DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
+ else
+ ret = 0;
+
+ cleanup:
+ return ret;
}
@@ -780,44 +731,40 @@ cleanup:
*
**/
int
-dane_verify_crt (dane_state_t s,
- const gnutls_datum_t * chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- const char *hostname, const char *proto, unsigned int port,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify)
+dane_verify_crt(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ const char *hostname, const char *proto, unsigned int port,
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify)
{
- dane_state_t _s = NULL;
- dane_query_t r = NULL;
- int ret;
-
- *verify = 0;
- if (s == NULL)
- {
- ret = dane_state_init (&_s, sflags);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- else
- _s = s;
-
- ret = dane_query_tlsa (_s, &r, hostname, proto, port);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- ret = dane_verify_crt_raw (s, chain, chain_size, chain_type,
- r, sflags, vflags, verify);
-cleanup:
- if (s == NULL)
- dane_state_deinit (_s);
- if (r != NULL)
- dane_query_deinit (r);
- return ret;
+ dane_state_t _s = NULL;
+ dane_query_t r = NULL;
+ int ret;
+
+ *verify = 0;
+ if (s == NULL) {
+ ret = dane_state_init(&_s, sflags);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else
+ _s = s;
+
+ ret = dane_query_tlsa(_s, &r, hostname, proto, port);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ ret = dane_verify_crt_raw(s, chain, chain_size, chain_type,
+ r, sflags, vflags, verify);
+ cleanup:
+ if (s == NULL)
+ dane_state_deinit(_s);
+ if (r != NULL)
+ dane_query_deinit(r);
+ return ret;
}
/**
@@ -840,26 +787,26 @@ cleanup:
*
**/
int
-dane_verify_session_crt (dane_state_t s,
- gnutls_session_t session,
- const char *hostname, const char *proto,
- unsigned int port, unsigned int sflags,
- unsigned int vflags, unsigned int *verify)
+dane_verify_session_crt(dane_state_t s,
+ gnutls_session_t session,
+ const char *hostname, const char *proto,
+ unsigned int port, unsigned int sflags,
+ unsigned int vflags, unsigned int *verify)
{
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- unsigned int type;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ unsigned int type;
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size == 0)
- {
- return gnutls_assert_val (DANE_E_NO_CERT);
- }
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list_size == 0) {
+ return gnutls_assert_val(DANE_E_NO_CERT);
+ }
- type = gnutls_certificate_type_get (session);
+ type = gnutls_certificate_type_get(session);
- return dane_verify_crt (s, cert_list, cert_list_size, type, hostname, proto,
- port, sflags, vflags, verify);
+ return dane_verify_crt(s, cert_list, cert_list_size, type,
+ hostname, proto, port, sflags, vflags,
+ verify);
}
/**
@@ -878,31 +825,38 @@ dane_verify_session_crt (dane_state_t s,
* negative error value.
**/
int
-dane_verification_status_print (unsigned int status,
- gnutls_datum_t * out, unsigned int flags)
+dane_verification_status_print(unsigned int status,
+ gnutls_datum_t * out, unsigned int flags)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- if (status == 0)
- _gnutls_buffer_append_str (&str, _("Certificate matches. "));
- else
- _gnutls_buffer_append_str (&str, _("Verification failed. "));
+ if (status == 0)
+ _gnutls_buffer_append_str(&str,
+ _("Certificate matches. "));
+ else
+ _gnutls_buffer_append_str(&str,
+ _("Verification failed. "));
- if (status & DANE_VERIFY_CA_CONSTRAINTS_VIOLATED)
- _gnutls_buffer_append_str (&str, _("CA constrains were violated. "));
+ if (status & DANE_VERIFY_CA_CONSTRAINTS_VIOLATED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("CA constrains were violated. "));
- if (status & DANE_VERIFY_CERT_DIFFERS)
- _gnutls_buffer_append_str (&str, _("The certificate differs. "));
+ if (status & DANE_VERIFY_CERT_DIFFERS)
+ _gnutls_buffer_append_str(&str,
+ _("The certificate differs. "));
- if (status & DANE_VERIFY_NO_DANE_INFO)
- _gnutls_buffer_append_str (&str, _("There were no DANE information. "));
+ if (status & DANE_VERIFY_NO_DANE_INFO)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("There were no DANE information. "));
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
diff --git a/libdane/errors.c b/libdane/errors.c
index 2e345ad20f..84be88499e 100644
--- a/libdane/errors.c
+++ b/libdane/errors.c
@@ -31,45 +31,44 @@
#define ERROR_ENTRY(desc, name) \
{ desc, #name, name}
-struct error_entry
-{
- const char *desc;
- const char *_name;
- int number;
+struct error_entry {
+ const char *desc;
+ const char *_name;
+ int number;
};
typedef struct error_entry error_entry;
static const error_entry error_algorithms[] = {
- ERROR_ENTRY (N_("Success."), DANE_E_SUCCESS),
- ERROR_ENTRY (N_("There was error initializing the DNS query."),
- DANE_E_INITIALIZATION_ERROR),
- ERROR_ENTRY (N_("There was an error while resolving."),
- DANE_E_RESOLVING_ERROR),
- ERROR_ENTRY (N_("No DANE data were found."),
- DANE_E_NO_DANE_DATA),
- ERROR_ENTRY (N_("Unknown DANE data were found."),
- DANE_E_UNKNOWN_DANE_DATA),
- ERROR_ENTRY (N_("No DNSSEC signature was found."),
- DANE_E_NO_DNSSEC_SIG),
- ERROR_ENTRY (N_("Received corrupt data."),
- DANE_E_RECEIVED_CORRUPT_DATA),
- ERROR_ENTRY (N_("The DNSSEC signature is invalid."),
- DANE_E_INVALID_DNSSEC_SIG),
- ERROR_ENTRY (N_("There was a memory error."),
- DANE_E_MEMORY_ERROR),
- ERROR_ENTRY (N_("There requested data are not available."),
- DANE_E_REQUESTED_DATA_NOT_AVAILABLE),
- ERROR_ENTRY (N_("There request is invalid."),
- DANE_E_INVALID_REQUEST),
- ERROR_ENTRY (N_("There was an error in the certificate."),
- DANE_E_CERT_ERROR),
- ERROR_ENTRY (N_("There was an error in the public key."),
- DANE_E_PUBKEY_ERROR),
- ERROR_ENTRY (N_("No certificate was found."),
- DANE_E_NO_CERT),
- ERROR_ENTRY (N_("Error in file."),
- DANE_E_FILE_ERROR),
- {NULL, NULL, 0}
+ ERROR_ENTRY(N_("Success."), DANE_E_SUCCESS),
+ ERROR_ENTRY(N_("There was error initializing the DNS query."),
+ DANE_E_INITIALIZATION_ERROR),
+ ERROR_ENTRY(N_("There was an error while resolving."),
+ DANE_E_RESOLVING_ERROR),
+ ERROR_ENTRY(N_("No DANE data were found."),
+ DANE_E_NO_DANE_DATA),
+ ERROR_ENTRY(N_("Unknown DANE data were found."),
+ DANE_E_UNKNOWN_DANE_DATA),
+ ERROR_ENTRY(N_("No DNSSEC signature was found."),
+ DANE_E_NO_DNSSEC_SIG),
+ ERROR_ENTRY(N_("Received corrupt data."),
+ DANE_E_RECEIVED_CORRUPT_DATA),
+ ERROR_ENTRY(N_("The DNSSEC signature is invalid."),
+ DANE_E_INVALID_DNSSEC_SIG),
+ ERROR_ENTRY(N_("There was a memory error."),
+ DANE_E_MEMORY_ERROR),
+ ERROR_ENTRY(N_("There requested data are not available."),
+ DANE_E_REQUESTED_DATA_NOT_AVAILABLE),
+ ERROR_ENTRY(N_("There request is invalid."),
+ DANE_E_INVALID_REQUEST),
+ ERROR_ENTRY(N_("There was an error in the certificate."),
+ DANE_E_CERT_ERROR),
+ ERROR_ENTRY(N_("There was an error in the public key."),
+ DANE_E_PUBKEY_ERROR),
+ ERROR_ENTRY(N_("No certificate was found."),
+ DANE_E_NO_CERT),
+ ERROR_ENTRY(N_("Error in file."),
+ DANE_E_FILE_ERROR),
+ {NULL, NULL, 0}
};
/**
@@ -84,24 +83,21 @@ static const error_entry error_algorithms[] = {
*
* Returns: A string explaining the DANE error message.
**/
-const char *
-dane_strerror (int error)
+const char *dane_strerror(int error)
{
- const char *ret = NULL;
- const error_entry *p;
+ const char *ret = NULL;
+ const error_entry *p;
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->desc;
- break;
- }
- }
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->desc;
+ break;
+ }
+ }
- /* avoid prefix */
- if (ret == NULL)
- return _("(unknown error code)");
+ /* avoid prefix */
+ if (ret == NULL)
+ return _("(unknown error code)");
- return _(ret);
+ return _(ret);
}
diff --git a/libdane/includes/gnutls/dane.h b/libdane/includes/gnutls/dane.h
index 3ce56fb808..9fd807793e 100644
--- a/libdane/includes/gnutls/dane.h
+++ b/libdane/includes/gnutls/dane.h
@@ -21,7 +21,7 @@
*/
-#include <gnutls/gnutls.h> /* for gnutls_datum_t */
+#include <gnutls/gnutls.h> /* for gnutls_datum_t */
/**
* dane_cert_usage_t:
@@ -36,12 +36,11 @@
*
* Enumeration of different certificate usage types.
*/
-typedef enum dane_cert_usage_t
-{
- DANE_CERT_USAGE_CA = 0,
- DANE_CERT_USAGE_EE = 1,
- DANE_CERT_USAGE_LOCAL_CA = 2,
- DANE_CERT_USAGE_LOCAL_EE = 3
+typedef enum dane_cert_usage_t {
+ DANE_CERT_USAGE_CA = 0,
+ DANE_CERT_USAGE_EE = 1,
+ DANE_CERT_USAGE_LOCAL_CA = 2,
+ DANE_CERT_USAGE_LOCAL_EE = 3
} dane_cert_usage_t;
/**
@@ -51,10 +50,9 @@ typedef enum dane_cert_usage_t
*
* Enumeration of different certificate types.
*/
-typedef enum dane_cert_type_t
-{
- DANE_CERT_X509 = 0,
- DANE_CERT_PK = 1
+typedef enum dane_cert_type_t {
+ DANE_CERT_X509 = 0,
+ DANE_CERT_PK = 1
} dane_cert_type_t;
/**
@@ -65,11 +63,10 @@ typedef enum dane_cert_type_t
*
* Enumeration of different content matching types.
*/
-typedef enum dane_match_type_t
-{
- DANE_MATCH_EXACT = 0,
- DANE_MATCH_SHA2_256 = 1,
- DANE_MATCH_SHA2_512 = 2
+typedef enum dane_match_type_t {
+ DANE_MATCH_EXACT = 0,
+ DANE_MATCH_SHA2_256 = 1,
+ DANE_MATCH_SHA2_512 = 2
} dane_match_type_t;
/**
@@ -81,12 +78,11 @@ typedef enum dane_match_type_t
*
* Enumeration of different certificate types.
*/
-typedef enum dane_query_status_t
-{
- DANE_QUERY_UNKNOWN = 0,
- DANE_QUERY_DNSSEC_VERIFIED,
- DANE_QUERY_BOGUS,
- DANE_QUERY_NO_DNSSEC
+typedef enum dane_query_status_t {
+ DANE_QUERY_UNKNOWN = 0,
+ DANE_QUERY_DNSSEC_VERIFIED,
+ DANE_QUERY_BOGUS,
+ DANE_QUERY_NO_DNSSEC
} dane_query_status_t;
typedef struct dane_state_st *dane_state_t;
@@ -100,32 +96,33 @@ typedef struct dane_query_st *dane_query_t;
*
* Enumeration of different verification flags.
*/
-typedef enum dane_state_flags_t
-{
- DANE_F_IGNORE_LOCAL_RESOLVER = 1,
- DANE_F_INSECURE=2,
- DANE_F_IGNORE_DNSSEC=4
+typedef enum dane_state_flags_t {
+ DANE_F_IGNORE_LOCAL_RESOLVER = 1,
+ DANE_F_INSECURE = 2,
+ DANE_F_IGNORE_DNSSEC = 4
} dane_state_flags_t;
-int dane_state_init (dane_state_t* s, unsigned int flags);
-int dane_state_set_dlv_file(dane_state_t s, const char* file);
-void dane_state_deinit (dane_state_t s);
+int dane_state_init(dane_state_t * s, unsigned int flags);
+int dane_state_set_dlv_file(dane_state_t s, const char *file);
+void dane_state_deinit(dane_state_t s);
-int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data, const int *dane_data_len, int secure, int bogus);
+int dane_raw_tlsa(dane_state_t s, dane_query_t * r, char *const *dane_data,
+ const int *dane_data_len, int secure, int bogus);
-int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port);
+int dane_query_tlsa(dane_state_t s, dane_query_t * r, const char *host,
+ const char *proto, unsigned int port);
dane_query_status_t dane_query_status(dane_query_t q);
unsigned int dane_query_entries(dane_query_t q);
int dane_query_data(dane_query_t q, unsigned int idx,
- unsigned int *usage, unsigned int *type,
- unsigned int *match, gnutls_datum_t * data);
+ unsigned int *usage, unsigned int *type,
+ unsigned int *match, gnutls_datum_t * data);
void dane_query_deinit(dane_query_t q);
-const char* dane_cert_type_name(dane_cert_type_t type);
-const char* dane_match_type_name(dane_match_type_t type);
-const char* dane_cert_usage_name(dane_cert_usage_t usage);
+const char *dane_cert_type_name(dane_cert_type_t type);
+const char *dane_match_type_name(dane_match_type_t type);
+const char *dane_cert_usage_name(dane_cert_usage_t usage);
/**
* dane_verify_flags_t:
@@ -135,11 +132,10 @@ const char* dane_cert_usage_name(dane_cert_usage_t usage);
*
* Enumeration of different verification status flags.
*/
-typedef enum dane_verify_flags_t
-{
- DANE_VFLAG_FAIL_IF_NOT_CHECKED = 1,
- DANE_VFLAG_ONLY_CHECK_EE_USAGE = 1<<1,
- DANE_VFLAG_ONLY_CHECK_CA_USAGE = 1<<2,
+typedef enum dane_verify_flags_t {
+ DANE_VFLAG_FAIL_IF_NOT_CHECKED = 1,
+ DANE_VFLAG_ONLY_CHECK_EE_USAGE = 1 << 1,
+ DANE_VFLAG_ONLY_CHECK_CA_USAGE = 1 << 2,
} dane_verify_flags_t;
/**
@@ -150,41 +146,39 @@ typedef enum dane_verify_flags_t
*
* Enumeration of different verification status flags.
*/
-typedef enum dane_verify_status_t
-{
- DANE_VERIFY_CA_CONSTRAINTS_VIOLATED = 1,
- DANE_VERIFY_CERT_DIFFERS = 1<<1,
- DANE_VERIFY_NO_DANE_INFO = 1<<2,
+typedef enum dane_verify_status_t {
+ DANE_VERIFY_CA_CONSTRAINTS_VIOLATED = 1,
+ DANE_VERIFY_CERT_DIFFERS = 1 << 1,
+ DANE_VERIFY_NO_DANE_INFO = 1 << 2,
} dane_verify_status_t;
#define DANE_VERIFY_CA_CONSTRAINS_VIOLATED DANE_VERIFY_CA_CONSTRAINTS_VIOLATED
int
-dane_verification_status_print (unsigned int status,
- gnutls_datum_t * out, unsigned int flags);
-
-int dane_verify_crt_raw (dane_state_t s,
- const gnutls_datum_t *chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- dane_query_t r,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify);
-
-int dane_verify_crt (dane_state_t s,
- const gnutls_datum_t *chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- const char * hostname, const char* proto, unsigned int port,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify);
-
-int dane_verify_session_crt (
- dane_state_t s,
- gnutls_session_t session,
- const char * hostname, const char* proto, unsigned int port,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify);
-
-const char * dane_strerror (int error);
+dane_verification_status_print(unsigned int status,
+ gnutls_datum_t * out, unsigned int flags);
+
+int dane_verify_crt_raw(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ dane_query_t r,
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify);
+
+int dane_verify_crt(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ const char *hostname, const char *proto,
+ unsigned int port, unsigned int sflags,
+ unsigned int vflags, unsigned int *verify);
+
+int dane_verify_session_crt(dane_state_t s,
+ gnutls_session_t session,
+ const char *hostname, const char *proto,
+ unsigned int port, unsigned int sflags,
+ unsigned int vflags, unsigned int *verify);
+
+const char *dane_strerror(int error);
#define DANE_E_SUCCESS 0
#define DANE_E_INITIALIZATION_ERROR -1
@@ -201,4 +195,3 @@ const char * dane_strerror (int error);
#define DANE_E_FILE_ERROR -12
#define DANE_E_CERT_ERROR -13
#define DANE_E_UNKNOWN_DANE_DATA -14
-