diff options
92 files changed, 1732 insertions, 1542 deletions
diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c index 35a90b00ba..fe38ac2807 100644 --- a/doc/examples/ex-cert-select.c +++ b/doc/examples/ex-cert-select.c @@ -264,38 +264,41 @@ cert_callback (gnutls_session_t session, gnutls_sign_algorithm_t cert_algo, req_algo; int i, match = 0; - ret = gnutls_x509_crt_get_signature_algorithm(crt); + ret = gnutls_x509_crt_get_signature_algorithm (crt); if (ret < 0) - { - /* error reading signature algorithm - */ - return -1; - } + { + /* error reading signature algorithm + */ + return -1; + } cert_algo = ret; - - i=0; - do { - ret = gnutls_sign_algorithm_get_requested(session, i, &req_algo); - if (ret >= 0 && cert_algo == req_algo) - { - match = 1; - break; - } - - /* server has not requested anything specific */ - if (i==0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - match = 1; - break; - } - i++; - } while(ret >= 0); - + + i = 0; + do + { + ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo); + if (ret >= 0 && cert_algo == req_algo) + { + match = 1; + break; + } + + /* server has not requested anything specific */ + if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + match = 1; + break; + } + i++; + } + while (ret >= 0); + if (match == 0) - { - printf("- Could not find a suitable certificate to send to server\n"); - return -1; - } + { + printf + ("- Could not find a suitable certificate to send to server\n"); + return -1; + } st->type = type; st->ncerts = 1; diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c index d4edfdd8c3..33e3d321b4 100644 --- a/doc/examples/ex-client-psk.c +++ b/doc/examples/ex-client-psk.c @@ -30,7 +30,7 @@ main (void) char buffer[MAX_BUF + 1]; const char *err; gnutls_psk_client_credentials_t pskcred; - const gnutls_datum_t key = { (char*) "DEADBEEF", 8 }; + const gnutls_datum_t key = { (char *) "DEADBEEF", 8 }; gnutls_global_init (); diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c index ef7d38a629..7bb210b64e 100644 --- a/doc/examples/ex-pkcs12.c +++ b/doc/examples/ex-pkcs12.c @@ -33,7 +33,7 @@ write_pkcs12 (const gnutls_datum_t * cert, /* A good idea might be to use gnutls_x509_privkey_get_key_id() * to obtain a unique ID. */ - gnutls_datum_t key_id = { (char*) "\x00\x00\x07", 3 }; + gnutls_datum_t key_id = { (char *) "\x00\x00\x07", 3 }; gnutls_global_init (); diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index 098432aaf7..a9b908b481 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -94,7 +94,8 @@ main (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); diff --git a/doc/examples/ex-serv-export.c b/doc/examples/ex-serv-export.c index f86a0c28bb..33b6d0ac68 100644 --- a/doc/examples/ex-serv-export.c +++ b/doc/examples/ex-serv-export.c @@ -173,7 +173,8 @@ main (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index e0cfcdc1a1..da8e8eff92 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -108,7 +108,8 @@ main (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index e010313a89..f661ff9cec 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -139,7 +139,8 @@ main (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c index 859b2f0743..d601fa2cf4 100644 --- a/doc/examples/ex-serv-srp.c +++ b/doc/examples/ex-serv-srp.c @@ -99,7 +99,8 @@ main (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c index 6dd8164ef5..755bf8d202 100644 --- a/doc/examples/ex-serv1.c +++ b/doc/examples/ex-serv1.c @@ -125,7 +125,8 @@ main (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); diff --git a/guile/src/core.c b/guile/src/core.c index c0ded90166..e31e336798 100644 --- a/guile/src/core.c +++ b/guile/src/core.c @@ -758,6 +758,7 @@ free_session_record_port (SCM port) return 0; } + #undef FUNC_NAME #endif /* SCM_MAJOR_VERSION == 1 && SCM_MINOR_VERSION <= 8 */ @@ -868,15 +869,13 @@ make_session_record_port (SCM session) unsigned char *c_port_buf; const unsigned long mode_bits = SCM_OPN | SCM_RDNG | SCM_WRTNG; - c_port_buf = - (unsigned char *) + c_port_buf = (unsigned char *) #ifdef HAVE_SCM_GC_MALLOC_POINTERLESS scm_gc_malloc_pointerless #else scm_gc_malloc #endif - (SCM_GNUTLS_SESSION_RECORD_PORT_BUFFER_SIZE, - session_record_port_gc_hint); + (SCM_GNUTLS_SESSION_RECORD_PORT_BUFFER_SIZE, session_record_port_gc_hint); /* Create a new port. */ port = scm_new_port_table_entry (session_record_port_type); @@ -956,7 +955,8 @@ SCM_DEFINE (scm_gnutls_set_session_transport_fd_x, c_session = scm_to_gnutls_session (session, 1, FUNC_NAME); c_fd = (int) scm_to_uint (fd); - gnutls_transport_set_ptr (c_session, (gnutls_transport_ptr_t) (intptr_t) c_fd); + gnutls_transport_set_ptr (c_session, + (gnutls_transport_ptr_t) (intptr_t) c_fd); SCM_GNUTLS_SET_SESSION_TRANSPORT_IS_FD (c_session, 1); diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 2cd8b585a5..0dbba1f925 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -66,8 +66,7 @@ static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); */ static int _gnutls_copy_certificate_auth_info (cert_auth_info_t info, - gnutls_cert * cert, - size_t ncerts) + gnutls_cert * cert, size_t ncerts) { /* Copy peer's information to auth_info_t */ @@ -1026,14 +1025,17 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, gnutls_assert (); goto cleanup; } - + /* check if signature algorithm is supported */ - ret = _gnutls_session_sign_algo_enabled(session, peer_certificate_list[j].sign_algo); + ret = + _gnutls_session_sign_algo_enabled (session, + peer_certificate_list + [j].sign_algo); if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } p += len; } @@ -1360,7 +1362,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { /* read supported hashes */ int hash_num; @@ -1369,12 +1371,12 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, p += 2; DECR_LEN (dsize, hash_num); - ret = _gnutls_sign_algorithm_parse_data( session, p, hash_num); + ret = _gnutls_sign_algorithm_parse_data (session, p, hash_num); if (ret < 0) - { - gnutls_assert(); - return ret; - } + { + gnutls_assert (); + return ret; + } p += hash_num; } @@ -1420,7 +1422,7 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) int apr_cert_list_length, size; gnutls_datum_t signature; int total_data; - opaque* p; + opaque *p; gnutls_sign_algorithm_t sign_algo; gnutls_protocol_t ver = gnutls_protocol_get_version (session); @@ -1439,13 +1441,13 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) { if ((ret = _gnutls_handshake_sign_cert_vrfy (session, - &apr_cert_list[0], - apr_pkey, &signature)) < 0) + &apr_cert_list[0], + apr_pkey, &signature)) < 0) { gnutls_assert (); return ret; } - sign_algo = ret; + sign_algo = ret; } else { @@ -1455,9 +1457,9 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) total_data = signature.size + 2; /* add hash and signature algorithms */ - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { - total_data+=2; + total_data += 2; } *data = gnutls_malloc (total_data); @@ -1468,20 +1470,20 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) } p = *data; - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { sign_algorithm_st aid; /* error checking is not needed here since we have used those algorithms */ - aid = _gnutls_sign_to_tls_aid(sign_algo); + aid = _gnutls_sign_to_tls_aid (sign_algo); p[0] = aid.hash_algorithm; p[1] = aid.sign_algorithm; - p+=2; + p += 2; } size = signature.size; _gnutls_write_uint16 (size, p); - p+=2; + p += 2; memcpy (p, signature.data, size); _gnutls_free_datum (&signature); @@ -1509,27 +1511,27 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { - sign_algorithm_st aid; + sign_algorithm_st aid; DECR_LEN (dsize, 2); aid.hash_algorithm = pdata[0]; aid.sign_algorithm = pdata[1]; - - sign_algo = _gnutls_tls_aid_to_sign(&aid); + + sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_PK_UNKNOWN) - { - gnutls_assert(); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } - pdata+=2; + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } + pdata += 2; } ret = _gnutls_session_sign_algo_enabled (session, sign_algo); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } @@ -1552,7 +1554,9 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, return ret; } - if ((ret = _gnutls_handshake_verify_cert_vrfy (session, &peer_cert, &sig, sign_algo)) < 0) + if ((ret = + _gnutls_handshake_verify_cert_vrfy (session, &peer_cert, &sig, + sign_algo)) < 0) { gnutls_assert (); _gnutls_gcert_deinit (&peer_cert); @@ -1571,7 +1575,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) int size, ret; opaque *pdata; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - const int signalgosize = 2+MAX_SIGNATURE_ALGORITHMS*2; + const int signalgosize = 2 + MAX_SIGNATURE_ALGORITHMS * 2; /* Now we need to generate the RDN sequence. This is * already in the CERTIFICATE_CRED structure, to improve @@ -1593,7 +1597,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) session->internals.ignore_rdn_sequence == 0) size += cred->x509_rdn_sequence.size; - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) /* Need two bytes to announce the number of supported hash functions (see below). */ size += signalgosize; @@ -1613,17 +1617,18 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) pdata[2] = DSA_SIGN; /* only these for now */ pdata += CERTTYPE_SIZE; - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { - ret = _gnutls_sign_algorithm_write_params(session, pdata, signalgosize); + ret = + _gnutls_sign_algorithm_write_params (session, pdata, signalgosize); if (ret < 0) - { - gnutls_assert(); - return ret; - } - + { + gnutls_assert (); + return ret; + } + /* recalculate size */ - size=size-signalgosize+ret; + size = size - signalgosize + ret; pdata += ret; } @@ -1915,23 +1920,29 @@ _gnutls_server_select_cert (gnutls_session_t session, for (i = 0; i < cred->ncerts; i++) { - /* find one compatible certificate + /* find one compatible certificate */ if (requested_algo == GNUTLS_PK_ANY || requested_algo == cred->cert_list[i][0].subject_pk_algorithm) { - /* if cert type and signature algorithm matches + /* if cert type and signature algorithm matches */ - if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type && - (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP || /* FIXME: make this a check for - * certificate type capabilities - */ - !_gnutls_version_has_selectable_sighash (gnutls_protocol_get_version (session)) || - _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0)) + /* *INDENT-OFF* */ + if (session->security_parameters.cert_type + == cred->cert_list[i][0].cert_type + && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP + || /* FIXME: make this a check for certificate + type capabilities */ + !_gnutls_version_has_selectable_sighash + (gnutls_protocol_get_version (session)) + || + _gnutls_session_sign_algo_requested + (session, cred->cert_list[i][0].sign_algo) == 0)) { idx = i; break; } + /* *INDENT-ON* */ } } diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 7026026f83..eca85b34fa 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -149,8 +149,8 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) { if ((ret = _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -233,9 +233,9 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, { sign_algorithm_st aid; - DECR_LEN(data_size, 1); + DECR_LEN (data_size, 1); aid.hash_algorithm = *sigdata++; - DECR_LEN(data_size, 1); + DECR_LEN (data_size, 1); aid.sign_algorithm = *sigdata++; sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_SIGN_UNKNOWN) @@ -261,7 +261,8 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, return ret; } - ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, + ret = + _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, sign_algo); _gnutls_gcert_deinit (&peer_cert); diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 789a9498d5..52adff6be8 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -155,8 +155,8 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) { if ((ret = _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -310,7 +310,8 @@ proc_rsa_export_server_kx (gnutls_session_t session, return ret; } - ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, + ret = + _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 634749c196..6eac98d123 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -245,7 +245,7 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) _gnutls_write_uint16 (n_b, data_b); - _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int)n_b, + _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b, _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf))); _gnutls_srp_entry_free (pwd_entry); @@ -364,7 +364,7 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data) return GNUTLS_E_MPI_PRINT_FAILED; } - _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int)n_a, + _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a, _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf))); _gnutls_mpi_release (&A); diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index 6a1e986761..46daf24e78 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -346,8 +346,8 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, /* Keep the last index in memory, so we can retrieve fake parameters (g,n) * when the user does not exist. */ - /* XXX: last_idx will not be read as both if block branches return. */ - last_idx = idx; + /* XXX: last_idx will not be read as both if block branches return. */ + last_idx = idx; if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0) { return 0; diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c index e3192f751f..23d8e0d6a7 100644 --- a/lib/auth_srp_rsa.c +++ b/lib/auth_srp_rsa.c @@ -117,8 +117,8 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -193,7 +193,8 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * data, return ret; } - ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, + ret = + _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index 60fd2a05bb..c5a5a352ce 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -242,4 +242,3 @@ _gnutls_cert_type2num (int cert_type) } } - diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index 1b8513a73f..14ac269396 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -331,7 +331,8 @@ gnutls_server_name_set (gnutls_session_t session, if (name_length > MAX_SERVER_NAME_SIZE) return GNUTLS_E_SHORT_MEMORY_BUFFER; - server_names = session->security_parameters.extensions.server_names_size + 1; + server_names = + session->security_parameters.extensions.server_names_size + 1; if (server_names > MAX_SERVER_NAME_EXTENSIONS) server_names = MAX_SERVER_NAME_EXTENSIONS; @@ -340,8 +341,9 @@ gnutls_server_name_set (gnutls_session_t session, [server_names - 1].type = type; memcpy (session->security_parameters.extensions. server_names[server_names - 1].name, name, name_length); - session->security_parameters.extensions.server_names - [server_names - 1].name_length = name_length; + session->security_parameters.extensions.server_names[server_names - + 1].name_length = + name_length; session->security_parameters.extensions.server_names_size++; diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c index dc5051a091..f51c2b88ef 100644 --- a/lib/ext_session_ticket.c +++ b/lib/ext_session_ticket.c @@ -42,7 +42,8 @@ #define MAC_SIZE 32 -struct ticket { +struct ticket +{ opaque key_name[KEY_NAME_SIZE]; opaque IV[IV_SIZE]; opaque *encrypted_state; @@ -51,7 +52,8 @@ struct ticket { }; static int -digest_ticket (const gnutls_datum_t *key, struct ticket *ticket, opaque *digest) +digest_ticket (const gnutls_datum_t * key, struct ticket *ticket, + opaque * digest) { digest_hd_st digest_hd; uint16_t length16; @@ -85,8 +87,8 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket) int ret; /* Check the integrity of ticket using HMAC-SHA-256. */ - mac_secret.data = session->security_parameters.extensions. - session_ticket_key->mac_secret; + mac_secret.data = + session->security_parameters.extensions.session_ticket_key->mac_secret; mac_secret.size = MAC_SECRET_SIZE; ret = digest_ticket (&mac_secret, ticket, final); if (ret < 0) @@ -102,12 +104,12 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket) } /* Decrypt encrypted_state using 128-bit AES in CBC mode. */ - key.data = session->security_parameters.extensions. - session_ticket_key->key; + key.data = session->security_parameters.extensions.session_ticket_key->key; key.size = KEY_SIZE; IV.data = ticket->IV; IV.size = IV_SIZE; - ret = _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); + ret = + _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); if (ret < 0) { gnutls_assert (); @@ -161,7 +163,8 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) return ret; } blocksize = _gnutls_cipher_get_block_size (GNUTLS_CIPHER_AES_128_CBC); - encrypted_state.size = ((state.size + blocksize - 1) / blocksize) * blocksize; + encrypted_state.size = + ((state.size + blocksize - 1) / blocksize) * blocksize; encrypted_state.data = gnutls_malloc (encrypted_state.size); if (!encrypted_state.data) { @@ -178,7 +181,8 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) key.size = KEY_SIZE; IV.data = session->security_parameters.extensions.session_ticket_IV; IV.size = IV_SIZE; - ret = _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); + ret = + _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); if (ret < 0) { gnutls_assert (); @@ -199,14 +203,13 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) /* Fill the ticket structure to compute MAC. */ memcpy (ticket->key_name, session->security_parameters.extensions. - session_ticket_key->key_name, - KEY_NAME_SIZE); + session_ticket_key->key_name, KEY_NAME_SIZE); memcpy (ticket->IV, IV.data, IV.size); ticket->encrypted_state_len = encrypted_state.size; ticket->encrypted_state = encrypted_state.data; - mac_secret.data = session->security_parameters.extensions. - session_ticket_key->mac_secret; + mac_secret.data = + session->security_parameters.extensions.session_ticket_key->mac_secret; mac_secret.size = MAC_SECRET_SIZE; ret = digest_ticket (&mac_secret, ticket, ticket->mac); if (ret < 0) @@ -246,11 +249,10 @@ _gnutls_session_ticket_recv_params (gnutls_session_t session, data += KEY_NAME_SIZE; /* If the key name of the ticket does not match the one that we - hold, issue a new ticket. */ + hold, issue a new ticket. */ if (memcmp (ticket.key_name, session->security_parameters.extensions. - session_ticket_key->key_name, - KEY_NAME_SIZE)) + session_ticket_key->key_name, KEY_NAME_SIZE)) { session->internals.session_ticket_renew = 1; return 0; @@ -360,11 +362,11 @@ _gnutls_session_ticket_send_params (gnutls_session_t session, * Since: 2.10.0 **/ int -gnutls_session_ticket_key_generate (gnutls_datum_t *key) +gnutls_session_ticket_key_generate (gnutls_datum_t * key) { int ret; - key->size = sizeof(struct gnutls_session_ticket_key_st); + key->size = sizeof (struct gnutls_session_ticket_key_st); key->data = gnutls_malloc (key->size); if (!key->data) { @@ -424,12 +426,12 @@ gnutls_session_ticket_enable_client (gnutls_session_t session) **/ int gnutls_session_ticket_enable_server (gnutls_session_t session, - const gnutls_datum_t *key) + const gnutls_datum_t * key) { int ret; if (!session || !key - || key->size != sizeof(struct gnutls_session_ticket_key_st)) + || key->size != sizeof (struct gnutls_session_ticket_key_st)) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -445,7 +447,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session, } session->security_parameters.extensions.session_ticket_key = - (struct gnutls_session_ticket_key_st *)key->data; + (struct gnutls_session_ticket_key_st *) key->data; session->internals.session_ticket_enable = 1; return 0; } @@ -489,9 +491,9 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) if (again == 0) { /* XXX: Temporarily set write algorithms to be used. - _gnutls_write_connection_state_init() does this job, but it also - triggers encryption, while NewSessionTicket should not be - encrypted in the record layer. */ + _gnutls_write_connection_state_init() does this job, but it also + triggers encryption, while NewSessionTicket should not be + encrypted in the record layer. */ SAVE_WRITE_SECURITY_PARAMETERS; ret = _gnutls_set_write_cipher (session, _gnutls_cipher_suite_get_cipher_algo @@ -532,7 +534,7 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) p = data; /* FIXME: ticket lifetime is fixed to 10 days, which should be - customizable. */ + customizable. */ _gnutls_write_uint32 (864000, p); p += 4; @@ -620,7 +622,7 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session) } return 0; - error: +error: gnutls_free (data); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } diff --git a/lib/ext_signature.c b/lib/ext_signature.c index 9be866dd3e..7dcea66866 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -90,10 +90,9 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, sig = _gnutls_tls_aid_to_sign (&aid); if (sig != GNUTLS_SIGN_UNKNOWN) { - session->security_parameters. - extensions.sign_algorithms[session->security_parameters. - extensions. - sign_algorithms_size++] = sig; + session->security_parameters.extensions. + sign_algorithms[session->security_parameters.extensions. + sign_algorithms_size++] = sig; if (session->security_parameters.extensions.sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS) break; diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 8b04524942..bb1a5f193b 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1238,14 +1238,15 @@ _gnutls_version_has_selectable_sighash (gnutls_protocol_t version) int _gnutls_version_has_extensions (gnutls_protocol_t version) { - switch(version) { - case GNUTLS_TLS1_0: - case GNUTLS_TLS1_1: - case GNUTLS_TLS1_2: - return 1; - default: - return 0; - } + switch (version) + { + case GNUTLS_TLS1_0: + case GNUTLS_TLS1_1: + case GNUTLS_TLS1_2: + return 1; + default: + return 0; + } } /* This function determines if the version specified has explicit IVs @@ -1253,27 +1254,30 @@ _gnutls_version_has_extensions (gnutls_protocol_t version) int _gnutls_version_has_explicit_iv (gnutls_protocol_t version) { - switch(version) { - case GNUTLS_TLS1_1: - case GNUTLS_TLS1_2: - return 1; - default: - return 0; - } + switch (version) + { + case GNUTLS_TLS1_1: + case GNUTLS_TLS1_2: + return 1; + default: + return 0; + } } /* This function determines if the version specified can have non-minimal padding. */ -int _gnutls_version_has_variable_padding (gnutls_protocol_t version) +int +_gnutls_version_has_variable_padding (gnutls_protocol_t version) { - switch(version) { - case GNUTLS_TLS1_0: - case GNUTLS_TLS1_1: - case GNUTLS_TLS1_2: - return 1; - default: - return 0; - } + switch (version) + { + case GNUTLS_TLS1_0: + case GNUTLS_TLS1_1: + case GNUTLS_TLS1_2: + return 1; + default: + return 0; + } } /* Type to KX mappings */ @@ -1849,7 +1853,8 @@ static const gnutls_sign_entry sign_algorithms[] = { GNUTLS_MAC_MD5, {1, 1}}, {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN}, - {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, + {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, + TLS_SIGN_AID_UNKNOWN}, {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN} }; @@ -2021,16 +2026,15 @@ _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign) } gnutls_sign_algorithm_t -_gnutls_tls_aid_to_sign (const sign_algorithm_st *aid) +_gnutls_tls_aid_to_sign (const sign_algorithm_st * aid) { gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; - GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid->hash_algorithm - && p->aid.sign_algorithm == aid->sign_algorithm) - { - ret = p->id; - break; - } ); + GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm + && p->aid.sign_algorithm == aid->sign_algorithm) + { + ret = p->id; break;} + ); return ret; } diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 75c3287e48..53e0e67dbd 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -134,19 +134,19 @@ _gnutls_record_buffer_put (content_type_t type, case GNUTLS_APPLICATION_DATA: buf = &session->internals.application_data_buffer; _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_HANDSHAKE: buf = &session->internals.handshake_data_buffer; _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_INNER_APPLICATION: buf = &session->internals.ia_data_buffer; _gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; default: @@ -215,22 +215,25 @@ _gnutls_record_buffer_get (content_type_t type, switch (type) { case GNUTLS_APPLICATION_DATA: - _gnutls_buffer_get_data( &session->internals.application_data_buffer, data, &length); + _gnutls_buffer_get_data (&session->internals.application_data_buffer, + data, &length); _gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_HANDSHAKE: - _gnutls_buffer_get_data( &session->internals.handshake_data_buffer, data, &length); + _gnutls_buffer_get_data (&session->internals.handshake_data_buffer, + data, &length); _gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_INNER_APPLICATION: - _gnutls_buffer_get_data( &session->internals.ia_data_buffer, data, &length); + _gnutls_buffer_get_data (&session->internals.ia_data_buffer, data, + &length); _gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; default: @@ -303,7 +306,7 @@ _gnutls_read (gnutls_session_t session, void *iptr, : errno; _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n", - (int)i, fd, errno, session->internals.errnum); + (int) i, fd, errno, session->internals.errnum); if (err == EAGAIN || err == EINTR) { @@ -311,7 +314,7 @@ _gnutls_read (gnutls_session_t session, void *iptr, { _gnutls_read_log ("READ: returning %d bytes from %p\n", - (int)(sizeOfPtr - left), fd); + (int) (sizeOfPtr - left), fd); goto finish; } @@ -330,7 +333,7 @@ _gnutls_read (gnutls_session_t session, void *iptr, else { - _gnutls_read_log ("READ: Got %d bytes from %p\n", (int)i, fd); + _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd); if (i == 0) break; /* EOF */ @@ -349,7 +352,7 @@ finish: _gnutls_read_log ("READ: read %d bytes from %p\n", - (int)(sizeOfPtr - left), fd); + (int) (sizeOfPtr - left), fd); for (x = 0; x < ((sizeOfPtr - left) / 16) + 1; x++) { @@ -508,12 +511,13 @@ _gnutls_io_read_buffered (gnutls_session_t session, opaque ** iptr, /* Allocate the data required to store the new packet. */ - ret = _gnutls_buffer_resize( &session->internals.record_recv_buffer, - recvdata + session->internals.record_recv_buffer.length); + ret = _gnutls_buffer_resize (&session->internals.record_recv_buffer, + recvdata + + session->internals.record_recv_buffer.length); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -542,8 +546,8 @@ _gnutls_io_read_buffered (gnutls_session_t session, opaque ** iptr, { _gnutls_read_log ("RB: Have %d bytes into buffer. Adding %d bytes.\n", - (int)session->internals.record_recv_buffer.length, (int)ret); - _gnutls_read_log ("RB: Requested %d bytes\n", (int)sizeOfPtr); + (int) session->internals.record_recv_buffer.length, (int) ret); + _gnutls_read_log ("RB: Requested %d bytes\n", (int) sizeOfPtr); session->internals.record_recv_buffer.length += ret; } @@ -565,10 +569,12 @@ _gnutls_io_read_buffered (gnutls_session_t session, opaque ** iptr, if (ret2 > 0) { - _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", (int)ret2); + _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", + (int) ret2); _gnutls_read_log ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", - (int)session->internals.record_recv_buffer.length, (int)ret2, (int)sizeOfPtr); + (int) session->internals.record_recv_buffer.length, (int) ret2, + (int) sizeOfPtr); session->internals.have_peeked_data = 1; session->internals.record_recv_buffer.length += ret2; @@ -653,16 +659,18 @@ _gnutls_io_write_buffered (gnutls_session_t session, { gnutls_datum_t bdata; /* checking is handled above */ - _gnutls_buffer_get_datum (&session->internals.record_send_buffer, &bdata, session->internals.record_send_buffer.length); + _gnutls_buffer_get_datum (&session->internals.record_send_buffer, + &bdata, + session->internals.record_send_buffer.length); ptr = bdata.data; n = bdata.size; _gnutls_write_log - ("WRITE: Restoring old write. (%d bytes to send)\n", (int)n); + ("WRITE: Restoring old write. (%d bytes to send)\n", (int) n); } - _gnutls_write_log ("WRITE: Will write %d bytes to %p.\n", (int)n, fd); + _gnutls_write_log ("WRITE: Will write %d bytes to %p.\n", (int) n, fd); left = n; while (left > 0) @@ -718,7 +726,7 @@ _gnutls_io_write_buffered (gnutls_session_t session, _gnutls_write_log ("WRITE: Interrupted. Stored %d bytes to buffer. Already sent %d bytes.\n", - (int)left, (int)(n - left)); + (int) left, (int) (n - left)); if (err == EAGAIN) return GNUTLS_E_AGAIN; @@ -741,7 +749,7 @@ _gnutls_io_write_buffered (gnutls_session_t session, _gnutls_write_log ("WRITE: wrote %d bytes to %p. Left %d bytes. Total %d bytes.\n", - (int)i, fd, (int)left, (int)n); + (int) i, fd, (int) left, (int) n); for (x = 0; x < (unsigned) ((i) / 16) + 1; x++) { line[0] = 0; @@ -790,8 +798,8 @@ _gnutls_io_write_flush (gnutls_session_t session) return 0; /* done */ ret = _gnutls_io_write_buffered (session, NULL, 0); - _gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", (int)ret, - (int)session->internals.record_send_buffer.length); + _gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", (int) ret, + (int) session->internals.record_send_buffer.length); return ret; } @@ -811,7 +819,7 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session) return ret; } - _gnutls_write_log ("HANDSHAKE_FLUSH: written[1] %d bytes\n", (int)ret); + _gnutls_write_log ("HANDSHAKE_FLUSH: written[1] %d bytes\n", (int) ret); if (session->internals.handshake_send_buffer.length == 0) { @@ -849,7 +857,10 @@ _gnutls_handshake_io_send_int (gnutls_session_t session, gnutls_assert (); /* checking is handled above */ - _gnutls_buffer_get_datum (&session->internals.handshake_send_buffer, &bdata, session->internals.handshake_send_buffer.length); + _gnutls_buffer_get_datum (&session->internals.handshake_send_buffer, + &bdata, + session->internals. + handshake_send_buffer.length); ptr = bdata.data; n = bdata.size; @@ -984,22 +995,24 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, if (session->internals.handshake_recv_buffer.length > 0) { size_t tmp; - + /* if we have already received some data */ if (sizeOfPtr <= session->internals.handshake_recv_buffer.length) { /* if requested less data then return it. */ gnutls_assert (); - + tmp = sizeOfPtr; - _gnutls_string_get_data( &session->internals.handshake_recv_buffer, iptr, &tmp); + _gnutls_string_get_data (&session->internals.handshake_recv_buffer, + iptr, &tmp); return tmp; } gnutls_assert (); - tmp = sizeOfPtr; - _gnutls_string_get_data( &session->internals.handshake_recv_buffer, iptr, &tmp); + tmp = sizeOfPtr; + _gnutls_string_get_data (&session->internals.handshake_recv_buffer, + iptr, &tmp); left -= tmp; htype = session->internals.handshake_recv_buffer_htype; @@ -1017,8 +1030,9 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, { gnutls_assert (); - _gnutls_buffer_append (&session->internals.handshake_recv_buffer, iptr, - dsize); + _gnutls_buffer_append (&session-> + internals.handshake_recv_buffer, iptr, + dsize); session->internals.handshake_recv_buffer_htype = htype; session->internals.handshake_recv_buffer_type = type; @@ -1063,7 +1077,7 @@ _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data, return GNUTLS_E_HANDSHAKE_TOO_LARGE; } - _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int)length); + _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int) length); if (_gnutls_buffer_append (&session->internals.handshake_hash_buffer, data, length) < 0) { @@ -1091,7 +1105,8 @@ _gnutls_handshake_buffer_get_ptr (gnutls_session_t session, if (length != NULL) *length = session->internals.handshake_hash_buffer.length; - _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", (int)session->internals.handshake_hash_buffer.length); + _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", + (int) session->internals.handshake_hash_buffer.length); if (data_ptr != NULL) *data_ptr = session->internals.handshake_hash_buffer.data; diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 5b110ad298..6e5dcef9ea 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -817,7 +817,7 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, memset (gcert, 0, sizeof (gnutls_cert)); gcert->cert_type = GNUTLS_CRT_X509; - gcert->sign_algo = gnutls_x509_crt_get_signature_algorithm(cert); + gcert->sign_algo = gnutls_x509_crt_get_signature_algorithm (cert); if (!(flags & CERT_NO_COPY)) { diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 525540e0b3..4d0dda2399 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -274,7 +274,8 @@ calc_enc_length (gnutls_session_t session, int data_size, *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; length += *pad; - if (_gnutls_version_has_explicit_iv(session->security_parameters.version)) + if (_gnutls_version_has_explicit_iv + (session->security_parameters.version)) length += blocksize; /* for the IV */ break; @@ -343,7 +344,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, write_sequence_number), 8); _gnutls_hmac (&td, &type, 1); - if (_gnutls_version_has_variable_padding(ver)) + if (_gnutls_version_has_variable_padding (ver)) { /* TLS 1.0 or higher */ _gnutls_hmac (&td, &major, 1); _gnutls_hmac (&td, &minor, 1); @@ -375,7 +376,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, data_ptr = cipher_data; if (block_algo == CIPHER_BLOCK && - _gnutls_version_has_explicit_iv(session->security_parameters.version)) + _gnutls_version_has_explicit_iv (session->security_parameters.version)) { /* copy the random IV. */ @@ -476,7 +477,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, ciphertext.size)) < 0) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return ret; @@ -489,7 +491,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return GNUTLS_E_DECRYPTION_FAILED; } @@ -499,13 +502,15 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, ciphertext.size)) < 0) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return ret; } /* ignore the IV in TLS 1.1. */ - if (_gnutls_version_has_explicit_iv(session->security_parameters.version)) + if (_gnutls_version_has_explicit_iv + (session->security_parameters.version)) { ciphertext.size -= blocksize; ciphertext.data += blocksize; @@ -513,7 +518,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, if (ciphertext.size == 0) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return GNUTLS_E_DECRYPTION_FAILED; } } @@ -536,7 +542,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, /* Check the pading bytes (TLS 1.x) */ - if (_gnutls_version_has_variable_padding(ver) && pad_failed == 0) + if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0) for (i = 2; i < pad; i++) { if (ciphertext.data[ciphertext.size - i] != @@ -546,7 +552,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, break; default: gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, session->security_parameters.write_mac_algorithm); return GNUTLS_E_INTERNAL_ERROR; } @@ -564,7 +570,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, read_sequence_number), 8); _gnutls_hmac (&td, &type, 1); - if (_gnutls_version_has_variable_padding(ver)) + if (_gnutls_version_has_variable_padding (ver)) { /* TLS 1.x */ _gnutls_hmac (&td, &major, 1); _gnutls_hmac (&td, &minor, 1); diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index b5d8bb6cb1..fa81cd2b3f 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -433,14 +433,15 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (res != 0) { gnutls_assert (); - _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, (int)binlen); + _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, + (int) binlen); return; } - if (binlen > 1024*1024) + if (binlen > 1024 * 1024) { gnutls_assert (); - _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int)binlen); + _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int) binlen); return; } @@ -448,7 +449,7 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (!binbuf) { gnutls_assert (); - _gnutls_hard_log ("MPI: out of memory (%d)\n", (int)binlen); + _gnutls_hard_log ("MPI: out of memory (%d)\n", (int) binlen); return; } @@ -456,7 +457,8 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (res != 0) { gnutls_assert (); - _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, (int)binlen); + _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, + (int) binlen); gnutls_free (binbuf); return; } @@ -467,14 +469,15 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (!hexbuf) { gnutls_assert (); - _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int)hexlen); + _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int) hexlen); gnutls_free (binbuf); return; } _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen); - _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int)binlen, prefix, hexbuf); + _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix, + hexbuf); gnutls_free (hexbuf); gnutls_free (binbuf); diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 5f2c47cc6b..b3f388ce73 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -342,19 +342,19 @@ _gnutls_ext_init (void) #ifdef ENABLE_SESSION_TICKET ret = gnutls_ext_register (GNUTLS_EXTENSION_SESSION_TICKET, - "SESSION_TICKET", - GNUTLS_EXT_TLS, - _gnutls_session_ticket_recv_params, - _gnutls_session_ticket_send_params); + "SESSION_TICKET", + GNUTLS_EXT_TLS, + _gnutls_session_ticket_recv_params, + _gnutls_session_ticket_send_params); if (ret != GNUTLS_E_SUCCESS) return ret; #endif ret = gnutls_ext_register (GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - "SIGNATURE_ALGORITHMS", - GNUTLS_EXT_TLS, - _gnutls_signature_algorithm_recv_params, - _gnutls_signature_algorithm_send_params); + "SIGNATURE_ALGORITHMS", + GNUTLS_EXT_TLS, + _gnutls_signature_algorithm_recv_params, + _gnutls_signature_algorithm_send_params); if (ret != GNUTLS_E_SUCCESS) return ret; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index b7d5af3310..6c2787dcee 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -65,7 +65,7 @@ static int _gnutls_handshake_hash_init (gnutls_session_t session); static int _gnutls_server_select_comp_method (gnutls_session_t session, - opaque * data, int datalen); + opaque * data, int datalen); static int _gnutls_handshake_hash_add_recvd (gnutls_session_t session, gnutls_handshake_description_t recv_type, @@ -78,21 +78,21 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session) { - if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) { - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls10.md5, NULL); - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls10.sha, NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5, + NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.sha, + NULL); } - else if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls12.sha256, NULL); - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls12.sha1, NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle. + tls12.sha256, NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle. + tls12.sha1, NULL); } session->security_parameters.handshake_mac_handle_type = 0; session->internals.handshake_mac_handle_init = 0; @@ -171,19 +171,23 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) const char *mesg; int rc; - if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) { - rc = _gnutls_hash_copy (&td_md5, &session->internals. - handshake_mac_handle.tls10.md5); + rc = + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle. + tls10.md5); if (rc < 0) { gnutls_assert (); return rc; } - rc = _gnutls_hash_copy (&td_sha, &session->internals. - handshake_mac_handle.tls10.sha); + rc = + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle. + tls10.sha); if (rc < 0) { gnutls_assert (); @@ -193,7 +197,7 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) } else { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } @@ -228,27 +232,30 @@ static int _gnutls_finished (gnutls_session_t session, int type, void *ret) { const int siz = TLS_MSG_LEN; - opaque concat[MAX_HASH_SIZE+16/*MD5*/]; + opaque concat[MAX_HASH_SIZE + 16 /*MD5 */ ]; size_t len = 20 + 16; const char *mesg; digest_hd_st td_md5; digest_hd_st td_sha; int rc; - if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) { rc = - _gnutls_hash_copy (&td_md5, &session->internals. - handshake_mac_handle.tls10.md5); + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle. + tls10.md5); if (rc < 0) { gnutls_assert (); return rc; } - rc = _gnutls_hash_copy (&td_sha, &session->internals. - handshake_mac_handle.tls10.sha); + rc = + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle. + tls10.sha); if (rc < 0) { gnutls_assert (); @@ -259,11 +266,13 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret) _gnutls_hash_deinit (&td_md5, concat); _gnutls_hash_deinit (&td_sha, &concat[16]); } - else if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - rc = _gnutls_hash_copy (&td_sha, &session->internals. - handshake_mac_handle.tls12.sha256); + rc = + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle. + tls12.sha256); if (rc < 0) { gnutls_assert (); @@ -475,7 +484,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, /* Parse the extensions (if any) */ - if (_gnutls_version_has_extensions(neg_version)) + if (_gnutls_version_has_extensions (neg_version)) { ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION, &data[pos], len); @@ -494,7 +503,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, return ret; } - if (_gnutls_version_has_extensions(neg_version)) + if (_gnutls_version_has_extensions (neg_version)) { ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS, &data[pos], len); @@ -514,9 +523,11 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, session->internals.resumed_security_parameters.session_id_size = session_id_len; - session->internals.resumed_security_parameters.max_record_recv_size = + session->internals. + resumed_security_parameters.max_record_recv_size = session->security_parameters.max_record_recv_size; - session->internals.resumed_security_parameters.max_record_send_size = + session->internals. + resumed_security_parameters.max_record_send_size = session->security_parameters.max_record_send_size; resume_copy_required_values (session); @@ -569,16 +580,22 @@ _gnutls_handshake_hash_pending (gnutls_session_t session) if (siz > 0) { - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, data, siz); - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, data, siz); - } - else if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, data, siz); - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, data, siz); - } + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, + data, siz); + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, + data, siz); + } + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, + data, siz); + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, + data, siz); + } } _gnutls_handshake_buffer_empty (session); @@ -958,7 +975,8 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, { int ret; - if (session->security_parameters.entity == GNUTLS_CLIENT && type == GNUTLS_HANDSHAKE_CLIENT_HELLO) + if (session->security_parameters.entity == GNUTLS_CLIENT + && type == GNUTLS_HANDSHAKE_CLIENT_HELLO) { /* do not hash immediatelly since the hash has not yet been initialized */ if ((ret = @@ -978,20 +996,22 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, dataptr, - datalen); - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, dataptr, - datalen); - } - else if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, dataptr, - datalen); - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, dataptr, - datalen); - } + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, + dataptr, datalen); + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, + dataptr, datalen); + } + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, + dataptr, datalen); + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, + dataptr, datalen); + } } return 0; @@ -1230,14 +1250,16 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, /* The idea here is to hash the previous message we received, * and add the one we just received into the handshake_hash_buffer. */ - if ((session->security_parameters.entity == GNUTLS_SERVER || recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO) && - (session->security_parameters.entity == GNUTLS_CLIENT || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)) + if ((session->security_parameters.entity == GNUTLS_SERVER + || recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO) + && (session->security_parameters.entity == GNUTLS_CLIENT + || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)) { if ((ret = _gnutls_handshake_hash_pending (session)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } /* here we buffer the handshake messages - needed at Finished message */ @@ -1360,22 +1382,23 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, case GNUTLS_HANDSHAKE_CLIENT_HELLO: case GNUTLS_HANDSHAKE_SERVER_HELLO: ret = _gnutls_recv_hello (session, dataptr, length32); - + /* dataptr is freed because the caller does not * need it */ gnutls_free (dataptr); if (data != NULL) *data = NULL; - + if (ret < 0) - break; + break; /* initialize the hashes for both - (client will know server's version * and server as well at this point) */ - if ((ret = _gnutls_handshake_hash_init (session)) < 0) { - gnutls_assert(); - return ret; - } + if ((ret = _gnutls_handshake_hash_init (session)) < 0) + { + gnutls_assert (); + return ret; + } break; case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: @@ -1664,7 +1687,7 @@ _gnutls_read_server_hello (gnutls_session_t session, /* Parse extensions. */ - if (_gnutls_version_has_extensions(version)) + if (_gnutls_version_has_extensions (version)) { ret = _gnutls_parse_extensions (session, GNUTLS_EXT_ANY, &data[pos], len); @@ -1836,7 +1859,8 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) } extdatalen = MAX_EXT_DATA_LENGTH - + session->internals.resumed_security_parameters.extensions. + + + session->internals.resumed_security_parameters.extensions. session_ticket_len; extdata = gnutls_malloc (extdatalen); if (extdata == NULL) @@ -1850,12 +1874,12 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) * version number to the previously established. */ if (SessionID == NULL) - { - if (rehandshake) /* already negotiated version thus version_max == negotiated version */ - hver = session->security_parameters.version; - else - hver = _gnutls_version_max (session); - } + { + if (rehandshake) /* already negotiated version thus version_max == negotiated version */ + hver = session->security_parameters.version; + else + hver = _gnutls_version_max (session); + } else { /* we are resuming a session */ hver = session->internals.resumed_security_parameters.version; @@ -1877,24 +1901,24 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) */ _gnutls_set_adv_version (session, hver); - if (session->internals.priorities.ssl3_record_version) - { - /* Honor the SSL3_RECORD_VERSION option - */ - _gnutls_set_current_version (session, GNUTLS_SSL3); - } + if (session->internals.priorities.ssl3_record_version) + { + /* Honor the SSL3_RECORD_VERSION option + */ + _gnutls_set_current_version (session, GNUTLS_SSL3); + } else - { - /* Some old implementations do not interoperate if we send a - * different version in the record layer. - * It seems they prefer to read the record's version - * as the one we actually requested. - * The proper behaviour is to use the one in the client hello - * handshake packet and ignore the one in the packet's record - * header. - */ - _gnutls_set_current_version (session, hver); - } + { + /* Some old implementations do not interoperate if we send a + * different version in the record layer. + * It seems they prefer to read the record's version + * as the one we actually requested. + * The proper behaviour is to use the one in the client hello + * handshake packet and ignore the one in the packet's record + * header. + */ + _gnutls_set_current_version (session, hver); + } /* In order to know when this session was initiated. */ @@ -1978,7 +2002,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) /* Generate and copy TLS extensions. */ - if (_gnutls_version_has_extensions(hver)) + if (_gnutls_version_has_extensions (hver)) { ret = _gnutls_gen_extensions (session, extdata, extdatalen); @@ -2274,57 +2298,63 @@ _gnutls_handshake_hash_init (gnutls_session_t session) /* set the hash type for handshake message hashing */ if (_gnutls_version_has_selectable_prf (ver)) - session->security_parameters.handshake_mac_handle_type = HANDSHAKE_MAC_TYPE_12; + session->security_parameters.handshake_mac_handle_type = + HANDSHAKE_MAC_TYPE_12; else - session->security_parameters.handshake_mac_handle_type = HANDSHAKE_MAC_TYPE_10; + session->security_parameters.handshake_mac_handle_type = + HANDSHAKE_MAC_TYPE_10; - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) - { - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.md5, - GNUTLS_MAC_MD5); + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) + { + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls10.md5, GNUTLS_MAC_MD5); - if (ret < 0) - { + if (ret < 0) + { gnutls_assert (); return ret; } - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.sha, - GNUTLS_MAC_SHA1); - if (ret < 0) + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls10.sha, GNUTLS_MAC_SHA1); + if (ret < 0) + { + gnutls_assert (); + _gnutls_hash_deinit (&session->internals. + handshake_mac_handle.tls10.md5, NULL); + return GNUTLS_E_MEMORY_ERROR; + } + } + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) + { + /* The algorithm to compute hash over handshake messages must be + same as the one used as the basis for PRF. By now we use + SHA256. */ + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls12.sha256, GNUTLS_DIG_SHA256); + if (ret < 0) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls12.sha1, GNUTLS_DIG_SHA1); + if (ret < 0) { gnutls_assert (); - _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5, NULL); + _gnutls_hash_deinit (&session->internals. + handshake_mac_handle.tls12.sha256, NULL); return GNUTLS_E_MEMORY_ERROR; } - } - else if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) - { - /* The algorithm to compute hash over handshake messages must be - same as the one used as the basis for PRF. By now we use - SHA256. */ - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.sha256, - GNUTLS_DIG_SHA256); - if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.sha1, - GNUTLS_DIG_SHA1); - if (ret < 0) - { - gnutls_assert (); - _gnutls_hash_deinit(&session->internals.handshake_mac_handle.tls12.sha256, NULL); - return GNUTLS_E_MEMORY_ERROR; - } - } + } session->internals.handshake_mac_handle_init = 1; } @@ -2842,7 +2872,8 @@ _gnutls_handshake_common (gnutls_session_t session) case STATE40: if (session->internals.session_ticket_renew) { - ret = _gnutls_send_new_session_ticket (session, AGAIN(STATE40)); + ret = + _gnutls_send_new_session_ticket (session, AGAIN (STATE40)); STATE = STATE40; IMED_RET ("send handshake new session ticket", ret, 0); } @@ -2857,10 +2888,10 @@ _gnutls_handshake_common (gnutls_session_t session) /* only store if we are not resuming */ if (session->security_parameters.entity == GNUTLS_SERVER) - { - /* in order to support session resuming */ - _gnutls_server_register_current_session (session); - } + { + /* in order to support session resuming */ + _gnutls_server_register_current_session (session); + } } else { /* if we are a client not resuming - or we are a server resuming */ diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 5e5b2aa6e1..45cdbc6e54 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -121,7 +121,7 @@ _gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src) { int result; - memset(dst, 0, sizeof(*dst)); + memset (dst, 0, sizeof (*dst)); dst->algorithm = src->algorithm; dst->registered = src->registered; dst->active = 1; @@ -167,9 +167,10 @@ _gnutls_hash_output (digest_hd_st * handle, void *digest) void _gnutls_hash_deinit (digest_hd_st * handle, void *digest) { - if (handle->active != 1) { - return; - } + if (handle->active != 1) + { + return; + } if (digest != NULL) _gnutls_hash_output (handle, digest); @@ -334,9 +335,10 @@ _gnutls_hmac_output (digest_hd_st * handle, void *digest) void _gnutls_hmac_deinit (digest_hd_st * handle, void *digest) { - if (handle->active != 1) { - return; - } + if (handle->active != 1) + { + return; + } if (digest) _gnutls_hmac_output (handle, digest); diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 8365d06928..8a71b0a636 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -341,10 +341,10 @@ _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi, result = _gnutls_mpi_print_lz (mpi, NULL, &s_len); else result = _gnutls_mpi_print (mpi, NULL, &s_len); - + if (result != 0) { - gnutls_assert(); + gnutls_assert (); return result; } diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 5248b4f1e1..7fab2c797d 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -452,8 +452,9 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) * This will be overridden later. */ if (session->internals.priorities.protocol.algorithms > 0) - _gnutls_set_current_version (session, session->internals. - priorities.protocol.priority[0]); + _gnutls_set_current_version (session, + session->internals.priorities. + protocol.priority[0]); return 0; } @@ -548,8 +549,7 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) **/ int gnutls_priority_init (gnutls_priority_t * priority_cache, - const char *priorities, - const char **err_pos) + const char *priorities, const char **err_pos) { char *broken_list[MAX_ELEMENTS]; int broken_list_size, i, j; @@ -599,14 +599,16 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, cipher_priority_performance); _set_priority (&(*priority_cache)->kx, kx_priority_performance); _set_priority (&(*priority_cache)->mac, mac_priority_performance); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); } else if (strcasecmp (broken_list[i], "NORMAL") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); } else if (strcasecmp (broken_list[i], "SECURE256") == 0 || strcasecmp (broken_list[i], "SECURE") == 0) @@ -615,7 +617,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, cipher_priority_secure256); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_secure256); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure256); } else if (strcasecmp (broken_list[i], "SECURE128") == 0) { @@ -623,14 +626,16 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, cipher_priority_secure128); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_secure128); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure128); } else if (strcasecmp (broken_list[i], "EXPORT") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_export); _set_priority (&(*priority_cache)->kx, kx_priority_export); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); } /* now check if the element is something like -ALGO */ else if (broken_list[i][0] == '!' || broken_list[i][0] == '+' || broken_list[i][0] == '-') @@ -655,8 +660,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_protocol_get_id (&broken_list[i][6])) != GNUTLS_VERSION_UNKNOWN) fn (&(*priority_cache)->protocol, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) { @@ -664,8 +669,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_compression_get_id (&broken_list[i][6])) != GNUTLS_COMP_UNKNOWN) fn (&(*priority_cache)->compression, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) { @@ -673,8 +678,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_certificate_type_get_id (&broken_list[i][7])) != GNUTLS_CRT_UNKNOWN) fn (&(*priority_cache)->cert_type, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) { @@ -682,8 +687,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_sign_get_id (&broken_list[i][6])) != GNUTLS_SIGN_UNKNOWN) fn (&(*priority_cache)->sign_algo, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else goto error; @@ -694,11 +699,11 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, (*priority_cache)->no_padding = 1; else if (strcasecmp (&broken_list[i][1], "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) - { - prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); + { + prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); (*priority_cache)->additional_verify_flags |= - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; - } + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; + } else if (strcasecmp (&broken_list[i][1], "SSL3_RECORD_VERSION") == 0) (*priority_cache)->ssl3_record_version = 1; @@ -760,8 +765,7 @@ gnutls_priority_deinit (gnutls_priority_t priority_cache) **/ int gnutls_priority_set_direct (gnutls_session_t session, - const char *priorities, - const char **err_pos) + const char *priorities, const char **err_pos) { gnutls_priority_t prio; int ret; diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c index 5e8bc3c381..71b5ad2504 100644 --- a/lib/gnutls_psk.c +++ b/lib/gnutls_psk.c @@ -407,7 +407,7 @@ int gnutls_hex_encode (const gnutls_datum_t * data, char *result, size_t * result_size) { -size_t res = data->size + data->size + 1; + size_t res = data->size + data->size + 1; if (*result_size < res) { @@ -417,7 +417,7 @@ size_t res = data->size + data->size + 1; _gnutls_bin2hex (data->data, data->size, result, *result_size); *result_size = res; - + return 0; } diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 62df871517..9df7128096 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -373,7 +373,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, ("REC[%p]: Sending Packet[%d] %s(%d) with length: %d\n", session, (int) _gnutls_uint64touint32 (&session->connection_state. write_sequence_number), - _gnutls_packet2str (type), type, (int)sizeofdata); + _gnutls_packet2str (type), type, (int) sizeofdata); if (sizeofdata > MAX_RECORD_SEND_SIZE) data2send_size = MAX_RECORD_SEND_SIZE; @@ -744,12 +744,14 @@ record_check_type (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_SERVER) { gnutls_assert (); - ret = _gnutls_record_buffer_put (recv_type, session, (void *) data, data_size); - if (ret < 0) - { - gnutls_assert(); - return ret; - } + ret = + _gnutls_record_buffer_put (recv_type, session, (void *) data, + data_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } return GNUTLS_E_REHANDSHAKE; } @@ -947,7 +949,7 @@ begin: ("REC[%p]: Expected Packet[%d] %s(%d) with length: %d\n", session, (int) _gnutls_uint64touint32 (&session->connection_state. read_sequence_number), - _gnutls_packet2str (type), type, (int)sizeofdata); + _gnutls_packet2str (type), type, (int) sizeofdata); _gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n", session, (int) diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 75b8870617..30c9e6b083 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -281,7 +281,8 @@ pack_certificate_auth_info (gnutls_session_t session, */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -515,7 +516,8 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -621,7 +623,8 @@ pack_anon_auth_info (gnutls_session_t session, */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -785,7 +788,8 @@ pack_psk_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -1084,8 +1088,7 @@ pack_security_parameters (gnutls_session_t session, } _gnutls_write_uint16 (session->security_parameters.extensions. - session_ticket_len, - &packed_session->data[pos]); + session_ticket_len, &packed_session->data[pos]); pos += 2; memcpy (&packed_session->data[pos], session->security_parameters.extensions.session_ticket, @@ -1235,8 +1238,7 @@ unpack_security_parameters (gnutls_session_t session, gnutls_malloc (session->internals.resumed_security_parameters.extensions. session_ticket_len); memcpy (session->internals.resumed_security_parameters.extensions. - session_ticket, - &packed_session->data[pos], + session_ticket, &packed_session->data[pos], session->internals.resumed_security_parameters.extensions. session_ticket_len); diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 5e88241457..af14f6b029 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -126,9 +126,9 @@ _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo, */ int _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t * sign_algo) + gnutls_privkey * pkey, gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t * sign_algo) { gnutls_datum_t dconcat; int ret; @@ -137,8 +137,9 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, gnutls_protocol_t ver = gnutls_protocol_get_version (session); gnutls_digest_algorithm_t hash_algo; - *sign_algo = _gnutls_session_get_sign_algo(session, cert->subject_pk_algorithm, - &hash_algo); + *sign_algo = + _gnutls_session_get_sign_algo (session, cert->subject_pk_algorithm, + &hash_algo); if (*sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert (); @@ -185,7 +186,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, dconcat.size = 36; } else - { /* TLS 1.2 way */ + { /* TLS 1.2 way */ gnutls_datum_t hash; _gnutls_hash_deinit (&td_sha, concat); @@ -202,10 +203,10 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, _gnutls_hash_deinit (&td_sha, concat); if (hash_algo != GNUTLS_DIG_SHA1) - { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } dconcat.data = concat; dconcat.size = 20; break; @@ -380,9 +381,9 @@ _gnutls_verify_sig (gnutls_cert * cert, */ int _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t algo) + const gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t algo) { gnutls_datum_t dconcat; int ret; @@ -392,10 +393,10 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, gnutls_protocol_t ver = gnutls_protocol_get_version (session); gnutls_digest_algorithm_t hash_algo = GNUTLS_DIG_SHA1; - ret = _gnutls_session_sign_algo_enabled(session, algo); + ret = _gnutls_session_sign_algo_enabled (session, algo); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -455,7 +456,8 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, } ret = _gnutls_verify_sig (cert, &dconcat, signature, - dconcat.size - _gnutls_hash_get_algo_len (hash_algo), + dconcat.size - + _gnutls_hash_get_algo_len (hash_algo), _gnutls_sign_get_pk_algorithm (algo)); if (ret < 0) { @@ -472,8 +474,11 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, /* this is _gnutls_handshake_verify_cert_vrfy for TLS 1.2 */ -static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutls_cert * cert, - gnutls_datum_t * signature, gnutls_sign_algorithm_t sign_algo) +static int +_gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, + gnutls_cert * cert, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { int ret; opaque concat[MAX_SIG_SIZE]; @@ -481,26 +486,27 @@ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutl gnutls_datum_t dconcat; gnutls_sign_algorithm_t _sign_algo; gnutls_digest_algorithm_t hash_algo; - digest_hd_st* handshake_td; + digest_hd_st *handshake_td; handshake_td = &session->internals.handshake_mac_handle.tls12.sha1; hash_algo = handshake_td->algorithm; - _sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + _sign_algo = + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (_sign_algo != sign_algo) { handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; - _sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + _sign_algo = + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (sign_algo != _sign_algo) - { - gnutls_assert(); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } } - ret = - _gnutls_hash_copy (&td, handshake_td); + ret = _gnutls_hash_copy (&td, handshake_td); if (ret < 0) { gnutls_assert (); @@ -512,7 +518,9 @@ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutl dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len (hash_algo); - ret = _gnutls_verify_sig (cert, &dconcat, signature, 0, cert->subject_pk_algorithm); + ret = + _gnutls_verify_sig (cert, &dconcat, signature, 0, + cert->subject_pk_algorithm); if (ret < 0) { gnutls_assert (); @@ -527,8 +535,10 @@ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutl * verify message). */ int -_gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert, - gnutls_datum_t * signature, gnutls_sign_algorithm_t sign_algo) +_gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, + gnutls_cert * cert, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { int ret; opaque concat[MAX_SIG_SIZE]; @@ -537,18 +547,22 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert gnutls_datum_t dconcat; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - return _gnutls_handshake_verify_cert_vrfy12(session, cert, signature, sign_algo); + return _gnutls_handshake_verify_cert_vrfy12 (session, cert, signature, + sign_algo); } - else if (session->security_parameters.handshake_mac_handle_type != HANDSHAKE_MAC_TYPE_10) + else if (session->security_parameters.handshake_mac_handle_type != + HANDSHAKE_MAC_TYPE_10) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } ret = - _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle.tls10.md5); + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle.tls10.md5); if (ret < 0) { gnutls_assert (); @@ -556,7 +570,8 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert } ret = - _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle.tls10.sha); + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle.tls10.sha); if (ret < 0) { gnutls_assert (); @@ -589,7 +604,9 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert dconcat.data = concat; dconcat.size = 20 + 16; /* md5+ sha */ - ret = _gnutls_verify_sig (cert, &dconcat, signature, 16, cert->subject_pk_algorithm); + ret = + _gnutls_verify_sig (cert, &dconcat, signature, 16, + cert->subject_pk_algorithm); if (ret < 0) { gnutls_assert (); @@ -602,9 +619,10 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert /* the same as _gnutls_handshake_sign_cert_vrfy except that it is made for TLS 1.2 */ -static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey * pkey, - gnutls_datum_t * signature) +static int +_gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, + gnutls_cert * cert, gnutls_privkey * pkey, + gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -612,41 +630,47 @@ static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, digest_hd_st td; gnutls_sign_algorithm_t sign_algo; gnutls_digest_algorithm_t hash_algo; - digest_hd_st* handshake_td; + digest_hd_st *handshake_td; handshake_td = &session->internals.handshake_mac_handle.tls12.sha1; hash_algo = handshake_td->algorithm; - sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + sign_algo = _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); /* The idea here is to try signing with the one of the algorithms * that have been initiated at handshake (SHA1, SHA256). If they * are not requested by peer... tough luck */ - ret = _gnutls_session_sign_algo_requested(session, sign_algo); + ret = _gnutls_session_sign_algo_requested (session, sign_algo); if (sign_algo == GNUTLS_SIGN_UNKNOWN || ret < 0) { handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; - sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + sign_algo = + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (sign_algo == GNUTLS_SIGN_UNKNOWN) - { - gnutls_assert(); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } - - ret = _gnutls_session_sign_algo_requested(session, sign_algo); + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } + + ret = _gnutls_session_sign_algo_requested (session, sign_algo); if (ret < 0) - { - gnutls_assert(); - _gnutls_x509_log("Server did not allow either '%s' or '%s' for signing\n", gnutls_mac_get_name(hash_algo), gnutls_mac_get_name(session->internals.handshake_mac_handle.tls12.sha1.algorithm)); - return ret; - } + { + gnutls_assert (); + _gnutls_x509_log + ("Server did not allow either '%s' or '%s' for signing\n", + gnutls_mac_get_name (hash_algo), + gnutls_mac_get_name (session->internals. + handshake_mac_handle.tls12.sha1.algorithm)); + return ret; + } } - - _gnutls_x509_log("sign handshake cert vrfy: picked %s with %s\n", gnutls_sign_algorithm_get_name(sign_algo), gnutls_mac_get_name(hash_algo)); - ret = - _gnutls_hash_copy (&td, handshake_td); + _gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n", + gnutls_sign_algorithm_get_name (sign_algo), + gnutls_mac_get_name (hash_algo)); + + ret = _gnutls_hash_copy (&td, handshake_td); if (ret < 0) { gnutls_assert (); @@ -678,8 +702,8 @@ static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, */ int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey * pkey, - gnutls_datum_t * signature) + gnutls_cert * cert, gnutls_privkey * pkey, + gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -688,18 +712,22 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, digest_hd_st td_sha; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - return _gnutls_handshake_sign_cert_vrfy12(session, cert, pkey, signature); + return _gnutls_handshake_sign_cert_vrfy12 (session, cert, pkey, + signature); } - else if (session->security_parameters.handshake_mac_handle_type != HANDSHAKE_MAC_TYPE_10) + else if (session->security_parameters.handshake_mac_handle_type != + HANDSHAKE_MAC_TYPE_10) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } - + ret = - _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle.tls10.sha); + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle.tls10.sha); if (ret < 0) { gnutls_assert (); @@ -727,7 +755,8 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, case GNUTLS_PK_RSA: ret = _gnutls_hash_copy (&td_md5, - &session->internals.handshake_mac_handle.tls10.md5); + &session->internals.handshake_mac_handle. + tls10.md5); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 3ecca89b5d..3ba533b3c6 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -202,7 +202,7 @@ deinit_internal_params (gnutls_session_t session) if (session->internals.params.free_rsa_params) gnutls_rsa_params_deinit (session->internals.params.rsa_params); - _gnutls_handshake_hash_buffers_clear(session); + _gnutls_handshake_hash_buffers_clear (session); memset (&session->internals.params, 0, sizeof (session->internals.params)); } @@ -239,7 +239,7 @@ _gnutls_handshake_internal_state_init (gnutls_session_t session) void _gnutls_handshake_internal_state_clear (gnutls_session_t session) { - _gnutls_handshake_internal_state_init(session); + _gnutls_handshake_internal_state_init (session); _gnutls_free_datum (&session->internals.recv_buffer); @@ -913,7 +913,7 @@ _gnutls_PRF (gnutls_session_t session, memcpy (s_seed, label, label_size); memcpy (&s_seed[label_size], seed, seed_size); - if (_gnutls_version_has_selectable_prf(ver)) + if (_gnutls_version_has_selectable_prf (ver)) { result = _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size, @@ -1339,7 +1339,8 @@ _gnutls_rsa_pms_set_version (gnutls_session_t session, **/ void gnutls_handshake_set_post_client_hello_function (gnutls_session_t session, - gnutls_handshake_post_client_hello_func func) + gnutls_handshake_post_client_hello_func + func) { session->internals.user_hello_func = func; } @@ -1361,4 +1362,3 @@ gnutls_session_enable_compatibility_mode (gnutls_session_t session) { gnutls_record_disable_padding (session); } - diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index a4c765e53f..4586b4b1ce 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -128,15 +128,15 @@ _gnutls_string_append_data (gnutls_string * dest, const void *data, if (dest->max_length >= tot_len) { - size_t unused = MEMSUB(dest->data, dest->allocd); - + size_t unused = MEMSUB (dest->data, dest->allocd); + if (dest->max_length - unused <= tot_len) - { - if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); + { + if (dest->length && dest->data) + memmove (dest->allocd, dest->data, dest->length); - dest->data = dest->allocd; - } + dest->data = dest->allocd; + } memmove (&dest->data[dest->length], data, data_size); dest->length = tot_len; @@ -144,7 +144,7 @@ _gnutls_string_append_data (gnutls_string * dest, const void *data, } else { - size_t unused = MEMSUB(dest->data, dest->allocd); + size_t unused = MEMSUB (dest->data, dest->allocd); size_t new_len = MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); @@ -158,7 +158,7 @@ _gnutls_string_append_data (gnutls_string * dest, const void *data, dest->data = dest->allocd + unused; if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); + memmove (dest->allocd, dest->data, dest->length); dest->data = dest->allocd; memcpy (&dest->data[dest->length], data, data_size); @@ -173,19 +173,19 @@ _gnutls_string_resize (gnutls_string * dest, size_t new_size) { if (dest->max_length >= new_size) { - size_t unused = MEMSUB(dest->data, dest->allocd); + size_t unused = MEMSUB (dest->data, dest->allocd); if (dest->max_length - unused <= new_size) - { - if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); - dest->data = dest->allocd; - } + { + if (dest->length && dest->data) + memmove (dest->allocd, dest->data, dest->length); + dest->data = dest->allocd; + } return 0; } else { - size_t unused = MEMSUB(dest->data, dest->allocd); + size_t unused = MEMSUB (dest->data, dest->allocd); size_t alloc_len = MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); @@ -199,7 +199,7 @@ _gnutls_string_resize (gnutls_string * dest, size_t new_size) dest->data = dest->allocd + unused; if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); + memmove (dest->allocd, dest->data, dest->length); dest->data = dest->allocd; return 0; @@ -209,7 +209,7 @@ _gnutls_string_resize (gnutls_string * dest, size_t new_size) int _gnutls_string_append_str (gnutls_string * dest, const char *src) { - return _gnutls_string_append_data (dest, src, strlen(src)); + return _gnutls_string_append_data (dest, src, strlen (src)); } /* returns data from a string in a constant buffer. @@ -217,18 +217,19 @@ _gnutls_string_append_str (gnutls_string * dest, const char *src) * data are appended in the buffer. */ void -_gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t *data, - size_t req_size) +_gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t * data, + size_t req_size) { - if (str->length == 0) { + if (str->length == 0) + { data->data = NULL; data->size = 0; return; - } + } if (req_size > str->length) - req_size = str->length; + req_size = str->length; data->data = str->data; data->size = req_size; @@ -237,9 +238,10 @@ _gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t *data, str->length -= req_size; /* if string becomes empty start from begining */ - if (str->length == 0) { + if (str->length == 0) + { str->data = str->allocd; - } + } return; } @@ -247,15 +249,14 @@ _gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t *data, /* returns data from a string in a constant buffer. */ void -_gnutls_string_get_data (gnutls_string * str, void *data, - size_t *req_size) +_gnutls_string_get_data (gnutls_string * str, void *data, size_t * req_size) { gnutls_datum_t tdata; - _gnutls_string_get_datum( str, &tdata, *req_size); + _gnutls_string_get_datum (str, &tdata, *req_size); *req_size = tdata.size; - memcpy( data, tdata.data, tdata.size); + memcpy (data, tdata.data, tdata.size); return; } @@ -368,8 +369,7 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, */ int _gnutls_hostname_compare (const char *certname, - size_t certnamesize, - const char *hostname) + size_t certnamesize, const char *hostname) { /* find the first different character */ for (; *certname && *hostname && toupper (*certname) == toupper (*hostname); diff --git a/lib/gnutls_supplemental.c b/lib/gnutls_supplemental.c index d2439de12d..0e9a24c23b 100644 --- a/lib/gnutls_supplemental.c +++ b/lib/gnutls_supplemental.c @@ -141,7 +141,7 @@ _gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer * buf) buf->data[2] = (buf->length - 3) & 0xFF; _gnutls_debug_log ("EXT[%p]: Sending %d bytes of supplemental data\n", - session, (int)buf->length); + session, (int) buf->length); return buf->length; } diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index bb4f393e87..baed5fa556 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -289,7 +289,7 @@ gnutls_dh_get_secret_bits (gnutls_session_t session) } static int -mpi_buf2bits (gnutls_datum_t *mpi_buf) +mpi_buf2bits (gnutls_datum_t * mpi_buf) { bigint_t mpi; int rc; diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index ab7e44709f..810a569796 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -159,13 +159,13 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, return ret; } - + if (ret < 0) - { - gnutls_assert(); - CLEAR_CERTS; - return ret; - } + { + gnutls_assert (); + CLEAR_CERTS; + return ret; + } ret = check_bits (peer_certificate_list[i], cred->verify_bits); if (ret < 0) @@ -179,13 +179,14 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, /* Verify certificate */ - + ret = gnutls_x509_crt_list_verify (peer_certificate_list, peer_certificate_list_size, cred->x509_ca_list, cred->x509_ncas, cred->x509_crl_list, cred->x509_ncrls, - cred->verify_flags | session->internals.priorities.additional_verify_flags, - status); + cred->verify_flags | session-> + internals.priorities. + additional_verify_flags, status); CLEAR_CERTS; @@ -1577,7 +1578,7 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, *cert = NULL; *key = NULL; - *crl = NULL; + *crl = NULL; /* find the first private key */ for (;;) @@ -1649,12 +1650,12 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, { case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: case GNUTLS_BAG_PKCS8_KEY: - if (*key != NULL) /* too simple to continue */ - { - gnutls_assert(); - break; - } - + if (*key != NULL) /* too simple to continue */ + { + gnutls_assert (); + break; + } + ret = gnutls_x509_privkey_init (key); if (ret < 0) { @@ -1668,20 +1669,22 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_x509_privkey_deinit( *key); + gnutls_x509_privkey_deinit (*key); goto done; } - - key_id_size = sizeof(key_id); - ret = gnutls_x509_privkey_get_key_id( *key, 0, key_id, &key_id_size); + + key_id_size = sizeof (key_id); + ret = + gnutls_x509_privkey_get_key_id (*key, 0, key_id, + &key_id_size); if (ret < 0) { gnutls_assert (); - gnutls_x509_privkey_deinit( *key); + gnutls_x509_privkey_deinit (*key); goto done; } - - privkey_ok = 1; /* break */ + + privkey_ok = 1; /* break */ break; default: break; @@ -1690,14 +1693,14 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, idx++; gnutls_pkcs12_bag_deinit (bag); - - if (privkey_ok != 0) /* private key was found */ - break; + + if (privkey_ok != 0) /* private key was found */ + break; } - if (privkey_ok == 0) /* no private key */ + if (privkey_ok == 0) /* no private key */ { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1773,11 +1776,11 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, switch (type) { case GNUTLS_BAG_CERTIFICATE: - if (*cert != NULL) /* no need to set it again */ - { - gnutls_assert(); - break; - } + if (*cert != NULL) /* no need to set it again */ + { + gnutls_assert (); + break; + } ret = gnutls_x509_crt_init (cert); if (ret < 0) @@ -1791,33 +1794,34 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_x509_crt_deinit( *cert); + gnutls_x509_crt_deinit (*cert); goto done; } /* check if the key id match */ - cert_id_size = sizeof(cert_id); - ret = gnutls_x509_crt_get_key_id( *cert, 0, cert_id, &cert_id_size); + cert_id_size = sizeof (cert_id); + ret = + gnutls_x509_crt_get_key_id (*cert, 0, cert_id, &cert_id_size); if (ret < 0) { gnutls_assert (); - gnutls_x509_crt_deinit( *cert); + gnutls_x509_crt_deinit (*cert); goto done; } - - if (memcmp( cert_id, key_id, cert_id_size) != 0) - { /* they don't match - skip the certificate */ - gnutls_x509_crt_deinit( *cert); - *cert = NULL; - } + + if (memcmp (cert_id, key_id, cert_id_size) != 0) + { /* they don't match - skip the certificate */ + gnutls_x509_crt_deinit (*cert); + *cert = NULL; + } break; case GNUTLS_BAG_CRL: if (*crl != NULL) - { - gnutls_assert(); - break; - } + { + gnutls_assert (); + break; + } ret = gnutls_x509_crl_init (crl); if (ret < 0) @@ -1830,7 +1834,7 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_x509_crl_deinit( *crl); + gnutls_x509_crl_deinit (*crl); goto done; } break; @@ -1905,9 +1909,11 @@ int gnutls_assert (); return GNUTLS_E_FILE_ERROR; } - - ret = gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob, type, password); - free(p12blob.data); + + ret = + gnutls_certificate_set_x509_simple_pkcs12_mem (res, &p12blob, type, + password); + free (p12blob.data); return ret; } @@ -1948,7 +1954,7 @@ int **/ int gnutls_certificate_set_x509_simple_pkcs12_mem - (gnutls_certificate_credentials_t res, const gnutls_datum_t *p12blob, + (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob, gnutls_x509_crt_fmt_t type, const char *password) { gnutls_pkcs12_t p12; diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c index b79002cd13..af94cea2e5 100644 --- a/lib/minitasn1/decoding.c +++ b/lib/minitasn1/decoding.c @@ -288,18 +288,20 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len, leading = 1; for (k = 1; k < len; k++) { - + /* X.690 mandates that the leading byte must never be 0x80 */ - if (leading != 0 && der[len_len + k] == 0x80) return ASN1_DER_ERROR; + if (leading != 0 && der[len_len + k] == 0x80) + return ASN1_DER_ERROR; leading = 0; /* check for wrap around */ val = val << 7; val |= der[len_len + k] & 0x7F; - if (val < prev_val) return ASN1_DER_ERROR; + if (val < prev_val) + return ASN1_DER_ERROR; prev_val = val; @@ -313,7 +315,7 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len, } } *ret_len = len + len_len; - + return ASN1_SUCCESS; } @@ -1054,8 +1056,9 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider, int len, move = RIGHT; break; case TYPE_OBJECT_ID: - result = _asn1_get_objectid_der (der + counter, len - counter, &len2, - temp, sizeof (temp)); + result = + _asn1_get_objectid_der (der + counter, len - counter, &len2, + temp, sizeof (temp)); if (result != ASN1_SUCCESS) { asn1_delete_structure (element); @@ -1670,12 +1673,13 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const char *elementName, case TYPE_OBJECT_ID: if (state == FOUND) { - result = _asn1_get_objectid_der (der + counter, len - counter, &len2, - temp, sizeof (temp)); - if (result != ASN1_SUCCESS) - { - return result; - } + result = + _asn1_get_objectid_der (der + counter, len - counter, + &len2, temp, sizeof (temp)); + if (result != ASN1_SUCCESS) + { + return result; + } tlen = strlen (temp); diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c index 5686809f01..3a08b5fda3 100644 --- a/lib/opencdk/armor.c +++ b/lib/opencdk/armor.c @@ -595,7 +595,8 @@ armor_decode (void *data, FILE * in, FILE * out) afx->crc_okay = (afx->crc == crc2) ? 1 : 0; if (!afx->crc_okay && !rc) { - _cdk_log_debug ("file crc=%08X afx_crc=%08X\n", (unsigned int)crc2, (unsigned int)afx->crc); + _cdk_log_debug ("file crc=%08X afx_crc=%08X\n", (unsigned int) crc2, + (unsigned int) afx->crc); rc = CDK_Armor_CRC_Error; } diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index 314fefedc4..85281c69b5 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -663,7 +663,8 @@ keydb_cache_add (cdk_keydb_search_t dbs, off_t offset) k->next = dbs->cache; dbs->cache = k; dbs->ncache++; - _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int)offset, (int)dbs->type); + _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset, + (int) dbs->type); return 0; } diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c index 1dde4a163e..d76f795654 100644 --- a/lib/opencdk/literal.c +++ b/lib/opencdk/literal.c @@ -121,7 +121,7 @@ literal_decode (void *data, FILE * in, FILE * out) while (!feof (in)) { _cdk_log_debug ("literal_decode: part on %d size %lu\n", - (int)pfx->blkmode.on, pfx->blkmode.size); + (int) pfx->blkmode.on, pfx->blkmode.size); if (pfx->blkmode.on) bufsize = pfx->blkmode.size; else @@ -200,7 +200,7 @@ literal_encode (void *data, FILE * in, FILE * out) filelen = strlen (pfx->filename); cdk_pkt_new (&pkt); pt = pkt->pkt.literal = cdk_calloc (1, sizeof *pt + filelen); - pt->name = (char*) pt + sizeof(*pt); + pt->name = (char *) pt + sizeof (*pt); if (!pt) { cdk_pkt_release (pkt); diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c index 0df82a1f15..1331253df6 100644 --- a/lib/opencdk/misc.c +++ b/lib/opencdk/misc.c @@ -97,7 +97,7 @@ cdk_strlist_add (cdk_strlist_t * list, const char *string) sl = cdk_calloc (1, sizeof *sl + strlen (string) + 2); if (!sl) return NULL; - sl->d = (char*) sl + sizeof(*sl); + sl->d = (char *) sl + sizeof (*sl); strcpy (sl->d, string); sl->next = *list; *list = sl; diff --git a/lib/opencdk/new-packet.c b/lib/opencdk/new-packet.c index 9159af0043..dc5304b8bb 100644 --- a/lib/opencdk/new-packet.c +++ b/lib/opencdk/new-packet.c @@ -388,7 +388,7 @@ _cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src) u = cdk_calloc (1, sizeof *u + strlen (src->name) + 2); if (!u) return CDK_Out_Of_Core; - u->name = (char*)u + sizeof(*u); + u->name = (char *) u + sizeof (*u); memcpy (u, src, sizeof *u); memcpy (u->name, src->name, strlen (src->name)); @@ -627,7 +627,7 @@ cdk_subpkt_new (size_t size) s = cdk_calloc (1, sizeof *s + size + 2); if (!s) return NULL; - s->d = (char*)s + sizeof(*s); + s->d = (char *) s + sizeof (*s); return s; } diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index 97e844be0f..a2ab51b166 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -128,15 +128,15 @@ read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure) if (nbits > MAX_MPI_BITS || nbits == 0) { - _cdk_log_debug ("read_mpi: too large %d bits\n",(int) nbits); + _cdk_log_debug ("read_mpi: too large %d bits\n", (int) nbits); return CDK_MPI_Error; /* Sanity check */ } rc = stream_read (inp, buf + 2, nread, &nread); if (!rc && nread != ((nbits + 7) / 8)) { - _cdk_log_debug ("read_mpi: too short %d < %d\n", (int)nread, - (int)((nbits + 7) / 8)); + _cdk_log_debug ("read_mpi: too short %d < %d\n", (int) nread, + (int) ((nbits + 7) / 8)); return CDK_MPI_Error; } @@ -197,7 +197,7 @@ read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_pubkey_enc: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_pubkey_enc: %d octets\n", (int) pktlen); if (pktlen < 12) return CDK_Inv_Packet; @@ -251,7 +251,7 @@ read_compressed (cdk_stream_t inp, size_t pktlen, cdk_pkt_compressed_t c) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_compressed: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_compressed: %d octets\n", (int) pktlen); c->algorithm = cdk_stream_getc (inp); if (c->algorithm > 3) @@ -278,7 +278,7 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_public_key: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_public_key: %d octets\n", (int) pktlen); pk->is_invalid = 1; /* default to detect missing self signatures */ pk->is_revoked = 0; @@ -336,7 +336,7 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_secret_key: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_secret_key: %d octets\n", (int) pktlen); p1 = cdk_stream_tell (inp); rc = read_public_key (inp, pktlen, sk->pk); @@ -631,7 +631,7 @@ read_onepass_sig (cdk_stream_t inp, size_t pktlen, cdk_pkt_onepass_sig_t sig) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_onepass_sig: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_onepass_sig: %d octets\n", (int) pktlen); if (pktlen != 13) return CDK_Inv_Packet; @@ -730,7 +730,7 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_signature: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_signature: %d octets\n", (int) pktlen); if (pktlen < 16) return CDK_Inv_Packet; @@ -836,7 +836,7 @@ read_literal (cdk_stream_t inp, size_t pktlen, *ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2); if (!pt) return CDK_Out_Of_Core; - pt->name = (char*)pt + sizeof(*pt); + pt->name = (char *) pt + sizeof (*pt); rc = stream_read (inp, pt->name, pt->namelen, &nread); if (rc) return rc; @@ -958,7 +958,8 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) if (!(ctb & 0x80)) { _cdk_log_info ("cdk_pkt_read: no openpgp data found. " - "(ctb=%02X; fpos=%02X)\n",(int) ctb, (int)cdk_stream_tell (inp)); + "(ctb=%02X; fpos=%02X)\n", (int) ctb, + (int) cdk_stream_tell (inp)); return CDK_Inv_Packet; } @@ -998,7 +999,8 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) + pkt->pktlen + 16 + 1); if (!pkt->pkt.user_id) return CDK_Out_Of_Core; - pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id); + pkt->pkt.user_id->name = + (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); rc = read_attribute (inp, pktlen, pkt->pkt.user_id); pkt->pkttype = CDK_PKT_ATTRIBUTE; @@ -1009,7 +1011,8 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) + pkt->pktlen + 1); if (!pkt->pkt.user_id) return CDK_Out_Of_Core; - pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id); + pkt->pkt.user_id->name = + (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); rc = read_user_id (inp, pktlen, pkt->pkt.user_id); break; diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index d4e2c74b9d..5dc9da6fd1 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -542,8 +542,8 @@ cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status) } _cdk_log_debug ("signature %s: signer %08X keyid %08X\n", - rc == CDK_Bad_Sig ? "BAD" : "good", (unsigned int)sig->keyid[1], - (unsigned int)keyid); + rc == CDK_Bad_Sig ? "BAD" : "good", + (unsigned int) sig->keyid[1], (unsigned int) keyid); if (IS_UID_SIG (sig) && uid_name != NULL) { diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index eaeb637587..82f8155b01 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -1056,7 +1056,7 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) memcpy (s->cache.buf, old, s->cache.size); cdk_free (old); _cdk_log_debug ("stream: enlarge cache to %d octets\n", - (int)s->cache.alloced); + (int) s->cache.alloced); } memcpy (s->cache.buf + s->cache.size, buf, count); s->cache.size += count; @@ -1575,7 +1575,8 @@ _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes) { assert (s); - _cdk_log_debug ("stream: activate block mode with blocksize %d\n", (int)nbytes); + _cdk_log_debug ("stream: activate block mode with blocksize %d\n", + (int) nbytes); s->blkmode = nbytes; return 0; } diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c index e6e560fae1..1b17940787 100644 --- a/lib/opencdk/verify.c +++ b/lib/opencdk/verify.c @@ -58,7 +58,8 @@ struct }; -static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *, const char *); +static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *, + const char *); /** diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c index fb50075390..0f2a9e059e 100644 --- a/lib/openpgp/gnutls_openpgp.c +++ b/lib/openpgp/gnutls_openpgp.c @@ -459,8 +459,8 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, * Since: 2.4.0 **/ int -gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t res, - const char *certfile, +gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t + res, const char *certfile, const char *keyfile, const char *subkey_id, gnutls_openpgp_crt_fmt_t format) @@ -566,8 +566,8 @@ gnutls_openpgp_count_key_names (const gnutls_datum_t * cert) * negative error value. **/ int -gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c, - const char *file, +gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t + c, const char *file, gnutls_openpgp_crt_fmt_t format) { gnutls_datum_t ring; @@ -613,8 +613,8 @@ gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c, * negative error value. **/ int -gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t c, - const opaque * data, +gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t + c, const opaque * data, size_t dlen, gnutls_openpgp_crt_fmt_t format) { @@ -800,7 +800,7 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) memset (gcert, 0, sizeof (gnutls_cert)); gcert->cert_type = GNUTLS_CRT_OPENPGP; - gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */ + gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */ gcert->version = gnutls_openpgp_crt_get_version (cert); gcert->params_size = MAX_PUBLIC_PARAMS_SIZE; diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c index bd395841a6..58a6a1ab4d 100644 --- a/lib/openpgp/output.c +++ b/lib/openpgp/output.c @@ -520,7 +520,8 @@ gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, print_oneline (&str, cert); else { - _gnutls_string_append_str (&str, _("OpenPGP Certificate Information:\n")); + _gnutls_string_append_str (&str, + _("OpenPGP Certificate Information:\n")); print_cert (&str, cert); } diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index aa2a235a23..0d62b36409 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -200,11 +200,11 @@ _gnutls_openpgp_export (cdk_kbnode_t node, *output_data_size = calc_size; if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } return 0; @@ -363,7 +363,7 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, if (buf) { memcpy (buf, uid->name, uid->len); - buf[uid->len] = '\0'; /* make sure it's a string */ + buf[uid->len] = '\0'; /* make sure it's a string */ } *sizeof_buf = uid->len + 1; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 74fa84235e..0702a2c186 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -791,9 +791,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) result = _gnutls_x509_encode_and_copy_PKI_params (crq->crq, "certificationRequestInfo.subjectPKInfo", - key->pk_algorithm, - key->params, - key->params_size); + key->pk_algorithm, key->params, key->params_size); if (result < 0) { @@ -923,9 +921,7 @@ gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq, result = _gnutls_x509_encode_and_copy_PKI_params (crq->crq, "certificationRequestInfo.subjectPKInfo", - GNUTLS_PK_RSA, - temp_params, - RSA_PUBLIC_PARAMS); + GNUTLS_PK_RSA, temp_params, RSA_PUBLIC_PARAMS); if (result < 0) { @@ -977,8 +973,7 @@ gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, result = _gnutls_x509_encode_and_write_attribute ("1.2.840.113549.1.9.7", crq->crq, - "certificationRequestInfo.attributes.?LAST", - pass, strlen (pass), 1); + "certificationRequestInfo.attributes.?LAST", pass, strlen (pass), 1); if (result < 0) { gnutls_assert (); @@ -1400,7 +1395,7 @@ gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, result = 0; - out: +out: gnutls_free (extensions); return result; } @@ -1652,8 +1647,7 @@ get_subject_alt_name (gnutls_x509_crq_t crq, /* Extract extension. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0, - NULL, &dns_size, - critical); + NULL, &dns_size, critical); if (result < 0) { gnutls_assert (); @@ -2093,8 +2087,7 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, /* Extract extension. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - NULL, &prev_size, - critical); + NULL, &prev_size, critical); prev.size = prev_size; if (result < 0) @@ -2193,8 +2186,7 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, /* Read existing extension, if there is one. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - NULL, &prev_size, - &critical); + NULL, &prev_size, &critical); prev.size = prev_size; switch (result) @@ -2418,8 +2410,9 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, } pubkey.size = 0; - result = asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", - NULL, &pubkey.size, NULL); + result = + asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL, + &pubkey.size, NULL); if (result != ASN1_MEM_ERROR) { gnutls_assert (); @@ -2433,8 +2426,9 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, return GNUTLS_E_MEMORY_ERROR; } - result = asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", - pubkey.data, &pubkey.size, NULL); + result = + asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", + pubkey.data, &pubkey.size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert (); diff --git a/lib/x509/dn.c b/lib/x509/dn.c index daf14dfece..89b84bd34b 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -308,7 +308,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, if (buf) { - _gnutls_string_get_data( &out_str, buf, sizeof_buf); + _gnutls_string_get_data (&out_str, buf, sizeof_buf); buf[*sizeof_buf] = 0; } else @@ -997,7 +997,7 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data) int result; char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - result = asn1_der_decoding ((ASN1_TYPE *) &dn, + result = asn1_der_decoding ((ASN1_TYPE *) & dn, data->data, data->size, err); if (result != ASN1_SUCCESS) { @@ -1022,7 +1022,7 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data) void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn) { - asn1_delete_structure ((ASN1_TYPE *) &dn); + asn1_delete_structure ((ASN1_TYPE *) & dn); } /** diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 6bfb402175..18d455d34f 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -52,7 +52,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, gnutls_datum_t auth_safe = { NULL, 0 }; int len, result; char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - + len = sizeof (oid) - 1; result = asn1_read_value (pkcs12, "authSafe.contentType", oid, &len); if (result != ASN1_SUCCESS) @@ -95,7 +95,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, if (result != ASN1_SUCCESS) { gnutls_assert (); - _gnutls_x509_log("DER error: %s\n", error_str); + _gnutls_x509_log ("DER error: %s\n", error_str); result = _gnutls_asn2err (result); goto cleanup; } @@ -233,11 +233,12 @@ gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, need_free = 1; } - result = asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, error_str); + result = + asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, error_str); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err (result); - _gnutls_x509_log("DER error: %s\n", error_str); + _gnutls_x509_log ("DER error: %s\n", error_str); gnutls_assert (); goto cleanup; } @@ -427,7 +428,8 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, goto cleanup; } - if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL || bag_type == GNUTLS_BAG_SECRET) + if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL + || bag_type == GNUTLS_BAG_SECRET) { gnutls_datum_t tmp = bag->element[i].data; diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 9ed23af347..42ff1b4e23 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -182,90 +182,90 @@ _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, int ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - switch(type) + switch (type) { - case GNUTLS_BAG_CERTIFICATE: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + case GNUTLS_BAG_CERTIFICATE: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_der_decoding (&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value (c2, "certValue", out, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_CRL: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_read_value (c2, "certValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_CRL: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_der_decoding (&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value (c2, "crlValue", out, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_SECRET: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_read_value (c2, "crlValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_SECRET: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-SecretBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_der_decoding (&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value (c2, "secretValue", out, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - default: - gnutls_assert(); - asn1_delete_structure (&c2); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_read_value (c2, "secretValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + default: + gnutls_assert (); + asn1_delete_structure (&c2); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; } asn1_delete_structure (&c2); @@ -287,90 +287,90 @@ _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, int ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - switch(type) + switch (type) { - case GNUTLS_BAG_CERTIFICATE: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + case GNUTLS_BAG_CERTIFICATE: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value (c2, "certValue", raw, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_CRL: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_write_value (c2, "certValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_CRL: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_SECRET: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_SECRET: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-SecretBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value (c2, "secretValue", raw, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - default: - gnutls_assert(); - asn1_delete_structure (&c2); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_write_value (c2, "secretValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + default: + gnutls_assert (); + asn1_delete_structure (&c2); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; } ret = _gnutls_x509_der_encode (c2, "", out, 0); @@ -805,7 +805,7 @@ gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, return GNUTLS_E_INVALID_REQUEST; } - id = _gnutls_pkcs_flags_to_schema(flags); + id = _gnutls_pkcs_flags_to_schema (flags); /* Now encrypt them. */ diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index fa14858b7d..24dce8b683 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -108,7 +108,7 @@ check_schema (const char *oid) { if (strcmp (oid, PBES2_OID) == 0) - return PBES2_GENERIC; /* ok */ + return PBES2_GENERIC; /* ok */ if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0) return PKCS12_3DES_SHA1; @@ -362,86 +362,96 @@ error: } -static const char* cipher_to_pkcs_params(int cipher, const char** oid) +static const char * +cipher_to_pkcs_params (int cipher, const char **oid) { - switch(cipher) - { - case GNUTLS_CIPHER_AES_128_CBC: - if (oid) *oid = AES_128_CBC_OID; - return "PKIX1.pkcs-5-aes128-CBC-params"; - break; - case GNUTLS_CIPHER_AES_192_CBC: - if (oid) *oid = AES_192_CBC_OID; - return "PKIX1.pkcs-5-aes192-CBC-params"; - break; - case GNUTLS_CIPHER_AES_256_CBC: - if (oid) *oid = AES_256_CBC_OID; - return "PKIX1.pkcs-5-aes256-CBC-params"; - break; - case GNUTLS_CIPHER_3DES_CBC: - if (oid) *oid = DES_EDE3_CBC_OID; - return "PKIX1.pkcs-5-des-EDE3-CBC-params"; - break; - default: - return NULL; - break; + switch (cipher) + { + case GNUTLS_CIPHER_AES_128_CBC: + if (oid) + *oid = AES_128_CBC_OID; + return "PKIX1.pkcs-5-aes128-CBC-params"; + break; + case GNUTLS_CIPHER_AES_192_CBC: + if (oid) + *oid = AES_192_CBC_OID; + return "PKIX1.pkcs-5-aes192-CBC-params"; + break; + case GNUTLS_CIPHER_AES_256_CBC: + if (oid) + *oid = AES_256_CBC_OID; + return "PKIX1.pkcs-5-aes256-CBC-params"; + break; + case GNUTLS_CIPHER_3DES_CBC: + if (oid) + *oid = DES_EDE3_CBC_OID; + return "PKIX1.pkcs-5-des-EDE3-CBC-params"; + break; + default: + return NULL; + break; } } -static int cipher_to_schema(int cipher) +static int +cipher_to_schema (int cipher) { - switch(cipher) - { - case GNUTLS_CIPHER_AES_128_CBC: - return PBES2_AES_128; - break; - case GNUTLS_CIPHER_AES_192_CBC: - return PBES2_AES_192; - break; - case GNUTLS_CIPHER_AES_256_CBC: - return PBES2_AES_256; - break; - case GNUTLS_CIPHER_3DES_CBC: - return PBES2_3DES; - break; - default: - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; - break; + switch (cipher) + { + case GNUTLS_CIPHER_AES_128_CBC: + return PBES2_AES_128; + break; + case GNUTLS_CIPHER_AES_192_CBC: + return PBES2_AES_192; + break; + case GNUTLS_CIPHER_AES_256_CBC: + return PBES2_AES_256; + break; + case GNUTLS_CIPHER_3DES_CBC: + return PBES2_3DES; + break; + default: + return GNUTLS_E_UNKNOWN_CIPHER_TYPE; + break; } } -int _gnutls_pkcs_flags_to_schema(unsigned int flags) +int +_gnutls_pkcs_flags_to_schema (unsigned int flags) { -int schema; - - if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) - schema = PKCS12_ARCFOUR_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) - schema = PKCS12_RC2_40_SHA1; - else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) - schema = PBES2_3DES; - else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128) - schema = PBES2_AES_128; - else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192) - schema = PBES2_AES_192; - else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256) - schema = PBES2_AES_256; - else { - gnutls_assert(); + int schema; + + if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) + schema = PKCS12_ARCFOUR_SHA1; + else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) + schema = PKCS12_RC2_40_SHA1; + else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) + schema = PBES2_3DES; + else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128) + schema = PBES2_AES_128; + else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192) + schema = PBES2_AES_192; + else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256) + schema = PBES2_AES_256; + else + { + gnutls_assert (); _gnutls_x509_log - ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", flags); + ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", + flags); schema = PKCS12_3DES_SHA1; } - return schema; + return schema; } /* returns the OID corresponding to given schema */ -static int schema_to_oid(schema_id schema, const char** str_oid) +static int +schema_to_oid (schema_id schema, const char **str_oid) { -int result = 0; + int result = 0; switch (schema) { @@ -461,11 +471,11 @@ int result = 0; *str_oid = PKCS12_PBE_RC2_40_SHA1_OID; break; default: - gnutls_assert(); + gnutls_assert (); result = GNUTLS_E_INTERNAL_ERROR; } - - return result; + + return result; } /* Converts a PKCS #8 private key info to @@ -481,7 +491,7 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; struct pbkdf2_params kdf_params; struct pbe_enc_params enc_params; - const char* str_oid; + const char *str_oid; if ((result = @@ -496,16 +506,15 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, /* Write the encryption schema OID */ - result = schema_to_oid(schema, &str_oid); + result = schema_to_oid (schema, &str_oid); if (result < 0) { - gnutls_assert(); + gnutls_assert (); return result; } result = - asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", - str_oid, 1); + asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1); if (result != ASN1_SUCCESS) { @@ -628,7 +637,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, return ret; } - schema = _gnutls_pkcs_flags_to_schema(flags); + schema = _gnutls_pkcs_flags_to_schema (flags); if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) { @@ -669,7 +678,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, * schema ID. */ static int -read_pkcs_schema_params (schema_id *schema, const char *password, +read_pkcs_schema_params (schema_id * schema, const char *password, const opaque * data, int data_size, struct pbkdf2_params *kdf_params, struct pbe_enc_params *enc_params) @@ -726,14 +735,14 @@ read_pkcs_schema_params (schema_id *schema, const char *password, } asn1_delete_structure (&pbes2_asn); - - result = cipher_to_schema(enc_params->cipher); + + result = cipher_to_schema (enc_params->cipher); if (result < 0) - { - gnutls_assert(); - goto error; - } - + { + gnutls_assert (); + goto error; + } + *schema = result; return 0; @@ -803,9 +812,9 @@ read_pkcs_schema_params (schema_id *schema, const char *password, asn1_delete_structure (&pbes2_asn); return 0; - - default: - gnutls_assert(); + + default: + gnutls_assert (); } /* switch */ return GNUTLS_E_UNKNOWN_CIPHER_TYPE; @@ -893,7 +902,7 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto error; } @@ -1443,26 +1452,22 @@ oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) *algo = GNUTLS_CIPHER_3DES_CBC; return 0; } - else - if (strcmp (oid, DES_CBC_OID) == 0) + else if (strcmp (oid, DES_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_DES_CBC; return 0; } - else - if (strcmp (oid, AES_128_CBC_OID) == 0) + else if (strcmp (oid, AES_128_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_AES_128_CBC; return 0; } - else - if (strcmp (oid, AES_192_CBC_OID) == 0) + else if (strcmp (oid, AES_192_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_AES_192_CBC; return 0; } - else - if (strcmp (oid, AES_256_CBC_OID) == 0) + else if (strcmp (oid, AES_256_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_AES_256_CBC; return 0; @@ -1483,7 +1488,7 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn, int params_len, len, result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; char oid[64]; - const char* eparams; + const char *eparams; memset (params, 0, sizeof (params)); @@ -1518,17 +1523,16 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn, /* Now check the encryption parameters. */ - eparams = cipher_to_pkcs_params( params->cipher, NULL); + eparams = cipher_to_pkcs_params (params->cipher, NULL); if (eparams == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } if ((result = asn1_create_element (_gnutls_get_pkix (), - eparams, - &pbe_asn)) != ASN1_SUCCESS) + eparams, &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1617,35 +1621,35 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn, /* generate the key */ - switch(schema) + switch (schema) { - case PBES2_3DES: - case PBES2_AES_128: - case PBES2_AES_192: - case PBES2_AES_256: + case PBES2_3DES: + case PBES2_AES_128: + case PBES2_AES_192: + case PBES2_AES_256: - result = _gnutls_pbkdf2_sha1 (password, strlen (password), + result = _gnutls_pbkdf2_sha1 (password, strlen (password), kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, key, key_size); - if (result < 0) - { - gnutls_assert (); - goto error; - } - break; - default: - result = - _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, - kdf_params->salt_size, + if (result < 0) + { + gnutls_assert (); + goto error; + } + break; + default: + result = + _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + kdf_params->salt_size, kdf_params->iter_count, password, key_size, key); - if (result < 0) - { - gnutls_assert (); - goto error; - } + if (result < 0) + { + gnutls_assert (); + goto error; + } } /* do the decryption. @@ -1810,20 +1814,18 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn, { int result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; - const char* oid, *eparams; + const char *oid, *eparams; /* Write the encryption algorithm */ - eparams = cipher_to_pkcs_params(params->cipher, &oid); + eparams = cipher_to_pkcs_params (params->cipher, &oid); if (eparams == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - result = - asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", - oid, 1); + result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1835,8 +1837,7 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn, */ if ((result = asn1_create_element (_gnutls_get_pkix (), - eparams, - &pbe_asn)) != ASN1_SUCCESS) + eparams, &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1895,36 +1896,36 @@ generate_key (schema_id schema, kdf_params->salt_size = MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10))); - switch(schema) - { - case PBES2_3DES: - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; - break; - case PBES2_AES_128: - enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC; - break; - case PBES2_AES_192: - enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC; - break; - case PBES2_AES_256: - enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC; - break; + switch (schema) + { + case PBES2_3DES: + enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + break; + case PBES2_AES_128: + enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC; + break; + case PBES2_AES_192: + enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC; + break; + case PBES2_AES_256: + enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC; + break; /* non PBES2 algorithms */ - case PKCS12_ARCFOUR_SHA1: - enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; - kdf_params->salt_size = 8; - break; - case PKCS12_3DES_SHA1: - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; - kdf_params->salt_size = 8; - break; - case PKCS12_RC2_40_SHA1: - enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; - kdf_params->salt_size = 8; - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + case PKCS12_ARCFOUR_SHA1: + enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; + kdf_params->salt_size = 8; + break; + case PKCS12_3DES_SHA1: + enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + kdf_params->salt_size = 8; + break; + case PKCS12_RC2_40_SHA1: + enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; + kdf_params->salt_size = 8; + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt, @@ -1950,63 +1951,63 @@ generate_key (schema_id schema, /* now generate the key. */ - switch(schema) + switch (schema) { - case PBES2_3DES: - case PBES2_AES_128: - case PBES2_AES_192: - case PBES2_AES_256: + case PBES2_3DES: + case PBES2_AES_128: + case PBES2_AES_192: + case PBES2_AES_256: - ret = _gnutls_pbkdf2_sha1 (password, strlen (password), + ret = _gnutls_pbkdf2_sha1 (password, strlen (password), kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, key->data, kdf_params->key_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (enc_params->iv_size) - { - ret = _gnutls_rnd (GNUTLS_RND_NONCE, + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + if (enc_params->iv_size) + { + ret = _gnutls_rnd (GNUTLS_RND_NONCE, enc_params->iv, enc_params->iv_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } - break; - - default: - ret = - _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } + break; + + default: + ret = + _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, password, kdf_params->key_size, key->data); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* Now generate the IV - */ - if (enc_params->iv_size) - { - ret = - _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + /* Now generate the IV + */ + if (enc_params->iv_size) + { + ret = + _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, password, enc_params->iv_size, enc_params->iv); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } } @@ -2026,74 +2027,74 @@ write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, int result; ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; - switch(schema) + switch (schema) { - case PBES2_3DES: - case PBES2_AES_128: - case PBES2_AES_192: - case PBES2_AES_256: - if ((result = + case PBES2_3DES: + case PBES2_AES_128: + case PBES2_AES_192: + case PBES2_AES_256: + if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-5-PBES2-params", &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - result = write_pbkdf2_params (pbes2_asn, kdf_params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = write_pbe_enc_params (pbes2_asn, enc_params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + result = write_pbkdf2_params (pbes2_asn, kdf_params); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + result = write_pbe_enc_params (pbes2_asn, enc_params); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", pkcs8_asn, where, 0); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - asn1_delete_structure (&pbes2_asn); - break; - - default: - - if ((result = + if (result < 0) + { + gnutls_assert (); + goto error; + } + + asn1_delete_structure (&pbes2_asn); + break; + + default: + + if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-PbeParams", &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } - - result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", pkcs8_asn, where, 0); - if (result < 0) - { - gnutls_assert (); - goto error; - } + if (result < 0) + { + gnutls_assert (); + goto error; + } - asn1_delete_structure (&pbes2_asn); + asn1_delete_structure (&pbes2_asn); } @@ -2297,7 +2298,7 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY; struct pbkdf2_params kdf_params; struct pbe_enc_params enc_params; - const char* str_oid; + const char *str_oid; if ((result = asn1_create_element (_gnutls_get_pkix (), @@ -2311,17 +2312,17 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, /* Write the encryption schema OID */ - result = schema_to_oid(schema, &str_oid); + result = schema_to_oid (schema, &str_oid); if (result < 0) { - gnutls_assert(); + gnutls_assert (); return result; } result = - asn1_write_value (pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - str_oid, 1); + asn1_write_value (pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + str_oid, 1); if (result != ASN1_SUCCESS) { diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 8120da6ca7..2f8bc5c100 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -55,7 +55,9 @@ static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl, static int check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) { - gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = { NULL, 0 }; + gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = + { + NULL, 0}; int result; result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0); @@ -78,7 +80,7 @@ check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) else result = 1; - cleanup: +cleanup: _gnutls_free_datum (&cert1bin); _gnutls_free_datum (&cert2bin); return result; @@ -427,7 +429,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, * MD2 algorithm. */ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) > 0) + certificate_list[clist_size - 1]) > 0) { clist_size--; } @@ -502,7 +504,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, for (i = 0; i < clist_size; i++) { t = gnutls_x509_crt_get_activation_time (certificate_list[i]); - if (t == (time_t) -1 || now < t) + if (t == (time_t) - 1 || now < t) { status |= GNUTLS_CERT_NOT_ACTIVATED; status |= GNUTLS_CERT_INVALID; @@ -510,7 +512,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, } t = gnutls_x509_crt_get_expiration_time (certificate_list[i]); - if (t == (time_t) -1 || now > t) + if (t == (time_t) - 1 || now > t) { status |= GNUTLS_CERT_EXPIRED; status |= GNUTLS_CERT_INVALID; @@ -670,27 +672,27 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text, if (prehash && prehash->data && prehash->size == digest_size) { - cmp = prehash->data; + cmp = prehash->data; } else { - if (!text) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_hash_init (&hd, hash); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - _gnutls_hash (&hd, text->data, text->size); - _gnutls_hash_deinit (&hd, md); - - cmp = md; + if (!text) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_hash_init (&hd, hash); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + _gnutls_hash (&hd, text->data, text->size); + _gnutls_hash_deinit (&hd, md); + + cmp = md; } if (memcmp (cmp, digest, digest_size) != 0) @@ -717,22 +719,22 @@ dsa_verify_sig (const gnutls_datum_t * text, if (hash && hash->data && hash->size == 20) { - digest = *hash; + digest = *hash; } else { - ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - _gnutls_hash (&hd, text->data, text->size); - _gnutls_hash_deinit (&hd, _digest); - - digest.data = _digest; - digest.size = 20; + ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + _gnutls_hash (&hd, text->data, text->size); + _gnutls_hash_deinit (&hd, _digest); + + digest.data = _digest; + digest.size = 20; } ret = _gnutls_dsa_verify (&digest, signature, params, params_len); @@ -783,7 +785,7 @@ verify_sig (const gnutls_datum_t * tbs, } int -_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t *hash, +_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, const gnutls_datum_t * signature, const gnutls_x509_crt_t issuer) { @@ -797,16 +799,19 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t *hash, switch (gnutls_x509_crt_get_pk_algorithm (issuer, NULL)) { case GNUTLS_PK_DSA: - if (hash) *hash = GNUTLS_MAC_SHA1; + if (hash) + *hash = GNUTLS_MAC_SHA1; return 0; case GNUTLS_PK_RSA: issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; - ret = _gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size); + ret = + _gnutls_x509_crt_get_mpis (issuer, issuer_params, + &issuer_params_size); if (ret < 0) { - gnutls_assert (); - return ret; + gnutls_assert (); + return ret; } ret = @@ -815,30 +820,31 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t *hash, /* release allocated mpis */ for (i = 0; i < issuer_params_size; i++) - { - _gnutls_mpi_release (&issuer_params[i]); - } + { + _gnutls_mpi_release (&issuer_params[i]); + } if (ret < 0) { - gnutls_assert (); - return ret; + gnutls_assert (); + return ret; } digest_size = sizeof (digest); if ((ret = - decode_ber_digest_info (&decrypted, hash, digest, &digest_size)) != 0) + decode_ber_digest_info (&decrypted, hash, digest, + &digest_size)) != 0) { - gnutls_assert (); - _gnutls_free_datum (&decrypted); - return ret; + gnutls_assert (); + _gnutls_free_datum (&decrypted); + return ret; } _gnutls_free_datum (&decrypted); if (digest_size != _gnutls_hash_get_algo_len (*hash)) { - gnutls_assert (); - return GNUTLS_E_ASN1_GENERIC_ERROR; + gnutls_assert (); + return GNUTLS_E_ASN1_GENERIC_ERROR; } return 0; @@ -1188,7 +1194,8 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, } ret = - _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature, issuer); + _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature, + issuer); if (ret < 0) { gnutls_assert (); diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index a57ccc287f..c5b7b13ca5 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -556,8 +556,8 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) **/ int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const char *data_string) + gnutls_x509_subject_alt_name_t + type, const char *data_string) { if (crt == NULL) { @@ -1189,8 +1189,7 @@ gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, - const void *oid, - unsigned int critical) + const void *oid, unsigned int critical) { int result; gnutls_datum_t old_id, der_data; diff --git a/libextra/gl/md5.c b/libextra/gl/md5.c index 0905367bdd..2eb66ed578 100644 --- a/libextra/gl/md5.c +++ b/libextra/gl/md5.c @@ -63,7 +63,7 @@ /* This array contains the bytes used to pad the buffer to the next 64-byte boundary. (RFC 1321, 3.1: Step 1) */ -static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; +static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; /* Initialize structure containing state of computation. @@ -129,13 +129,13 @@ md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) return md5_read_ctx (ctx, resbuf); } -#if 0 /* Not needed by GnuTLS, and it has a large stack frame. */ +#if 0 /* Not needed by GnuTLS, and it has a large stack frame. */ /* Compute MD5 message digest for bytes read from STREAM. The resulting message digest number will be written into the 16 bytes beginning at RESBLOCK. */ int -md5_stream (FILE *stream, void *resblock) +md5_stream (FILE * stream, void *resblock) { struct md5_ctx ctx; size_t sum; diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c index b079088f39..38ae5a86cf 100644 --- a/libextra/gnutls_openssl.c +++ b/libextra/gnutls_openssl.c @@ -849,7 +849,7 @@ SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size) { if (local_alloc) free (tmpbuf); - return (char*) "Buffer too small"; + return (char *) "Buffer too small"; } return tmpbuf; diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index c76c34bbe6..42674a8d8d 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -72,7 +72,7 @@ typedef struct _cfg_ctx int code_sign_key; int ocsp_sign_key; int time_stamping_key; - char** key_purpose_oids; + char **key_purpose_oids; int crl_next_update; int crl_number; int crq_extensions; @@ -198,7 +198,8 @@ read_crt_set (gnutls_x509_crt_t crt, const char *input_str, const char *oid) int ret; fputs (input_str, stderr); - if (fgets (input, sizeof (input), stdin)==NULL) return; + if (fgets (input, sizeof (input), stdin) == NULL) + return; if (strlen (input) == 1) /* only newline */ return; @@ -219,7 +220,8 @@ read_crq_set (gnutls_x509_crq_t crq, const char *input_str, const char *oid) int ret; fputs (input_str, stderr); - if (fgets (input, sizeof (input), stdin)==NULL) return; + if (fgets (input, sizeof (input), stdin) == NULL) + return; if (strlen (input) == 1) /* only newline */ return; @@ -302,7 +304,8 @@ read_yesno (const char *input_str) char input[128]; fputs (input_str, stderr); - if (fgets (input, sizeof (input), stdin)==NULL) return 0; + if (fgets (input, sizeof (input), stdin) == NULL) + return 0; if (strlen (input) == 1) /* only newline */ return 0; @@ -597,13 +600,16 @@ get_key_purpose_set (gnutls_x509_crt_t crt) { if (!cfg.key_purpose_oids) return; - for (i = 0; cfg.key_purpose_oids[i] != NULL; i ++) + for (i = 0; cfg.key_purpose_oids[i] != NULL; i++) { - ret = gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i], 0); + ret = + gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i], + 0); if (ret < 0) { - fprintf (stderr, "set_key_purpose_oid (%s): %s\n", cfg.key_purpose_oids[i], gnutls_strerror (ret)); + fprintf (stderr, "set_key_purpose_oid (%s): %s\n", + cfg.key_purpose_oids[i], gnutls_strerror (ret)); exit (1); } } @@ -986,7 +992,8 @@ get_dns_name_set (int type, void *crt) do { - p = read_str ("Enter a dnsName of the subject of the certificate: "); + p = + read_str ("Enter a dnsName of the subject of the certificate: "); if (!p) return; @@ -372,41 +372,45 @@ cert_callback (gnutls_session_t session, { gnutls_sign_algorithm_t cert_algo, req_algo; int i, match = 0; - + if (x509_crt[0] != NULL) - { - ret = gnutls_x509_crt_get_signature_algorithm(x509_crt[0]); - if (ret < 0) - { - /* error reading signature algorithm */ - return -1; - } - cert_algo = ret; - - i=0; - do { - ret = gnutls_sign_algorithm_get_requested(session, i, &req_algo); - if (ret >= 0 && cert_algo == req_algo) - { - match = 1; - break; - } - - /* server has not requested anything specific */ - if (i==0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - match = 1; - break; - } - i++; - } while(ret >= 0); - - if (match == 0) - { - printf("- Could not find a suitable certificate to send to server\n"); - return -1; - } - } + { + ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]); + if (ret < 0) + { + /* error reading signature algorithm */ + return -1; + } + cert_algo = ret; + + i = 0; + do + { + ret = + gnutls_sign_algorithm_get_requested (session, i, &req_algo); + if (ret >= 0 && cert_algo == req_algo) + { + match = 1; + break; + } + + /* server has not requested anything specific */ + if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + match = 1; + break; + } + i++; + } + while (ret >= 0); + + if (match == 0) + { + printf + ("- Could not find a suitable certificate to send to server\n"); + return -1; + } + } if (x509_crt != NULL && x509_key != NULL) { diff --git a/src/common.c b/src/common.c index 1e726e6e6f..55a28d8525 100644 --- a/src/common.c +++ b/src/common.c @@ -152,8 +152,7 @@ print_x509_info (gnutls_session_t session, const char *hostname, int insecure) } else if (hostname_ok == 2) { - printf ("- The hostname in the certificate matches '%s'.\n", - hostname); + printf ("- The hostname in the certificate matches '%s'.\n", hostname); } } @@ -188,7 +187,8 @@ print_openpgp_info (gnutls_session_t session, const char *hostname, if (verbose) ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo); else - ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo); + ret = + gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo); if (ret == 0) { printf (" - %s\n", cinfo.data); @@ -235,8 +235,7 @@ print_openpgp_info (gnutls_session_t session, const char *hostname, } else if (hostname_ok == 2) { - printf ("- The hostname in the certificate matches '%s'.\n", - hostname); + printf ("- The hostname in the certificate matches '%s'.\n", hostname); } } @@ -273,7 +272,8 @@ print_cert_vrfy (gnutls_session_t session) if (status & GNUTLS_CERT_INSECURE_ALGORITHM) printf ("- Peer's certificate chain uses insecure algorithm\n"); if (status & GNUTLS_CERT_NOT_ACTIVATED) - printf ("- Peer's certificate chain uses not yet valid certificate\n"); + printf + ("- Peer's certificate chain uses not yet valid certificate\n"); if (status & GNUTLS_CERT_EXPIRED) printf ("- Peer's certificate chain uses expired certificate\n"); if (status & GNUTLS_CERT_INVALID) diff --git a/src/crypt.c b/src/crypt.c index a9b71d280a..623052b43c 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -419,9 +419,9 @@ main (int argc, char **argv) } if (info.passwd == NULL) - info.passwd = (char*) KPASSWD; + info.passwd = (char *) KPASSWD; if (info.passwd_conf == NULL) - info.passwd_conf = (char*) KPASSWD_CONF; + info.passwd_conf = (char *) KPASSWD_CONF; if (info.username == NULL) { @@ -710,7 +710,7 @@ read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str) return index; } -extern void srptool_version(void); +extern void srptool_version (void); void srptool_version (void) @@ -92,7 +92,7 @@ main (int argc, char **argv) } if (info.passwd == NULL) - info.passwd = (char*) KPASSWD; + info.passwd = (char *) KPASSWD; if (info.username == NULL) { diff --git a/src/serv.c b/src/serv.c index aaeda8edcd..a8eb8fa513 100644 --- a/src/serv.c +++ b/src/serv.c @@ -1169,10 +1169,10 @@ main (int argc, char **argv) ctt = ctime (&tt); ctt[strlen (ctt) - 1] = 0; - printf("\n* Accepted connection from %s on %s\n", - human_addr ((struct sockaddr *) - &client_address, calen, topbuf, - sizeof (topbuf)), ctt); + printf ("\n* Accepted connection from %s on %s\n", + human_addr ((struct sockaddr *) + &client_address, calen, topbuf, + sizeof (topbuf)), ctt); } } } @@ -1476,7 +1476,7 @@ gaa_parser (int argc, char **argv) parse_comp (info.comp, info.ncomp, comp_priority); } -extern void serv_version(void); +extern void serv_version (void); void serv_version (void) diff --git a/tests/anonself.c b/tests/anonself.c index b454aa4861..21bd6df147 100644 --- a/tests/anonself.c +++ b/tests/anonself.c @@ -178,7 +178,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -216,7 +216,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/chainverify.c b/tests/chainverify.c index 13d47103b7..0407d14156 100644 --- a/tests/chainverify.c +++ b/tests/chainverify.c @@ -37,7 +37,7 @@ current time. This should work fine on systems where the library call to time is resolved at run-time. */ time_t -time (time_t *t) +time (time_t * t) { time_t then = 1256803113; @@ -779,16 +779,16 @@ main (int argc, char *argv[]) gnutls_datum_t tmp; size_t j; - printf ("Chain '%s' (%d)...\n", chains[i].name, (int)i); + printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i); for (j = 0; chains[i].chain[j]; j++) { - printf ("\tAdding certificate %d...", (int)j); + printf ("\tAdding certificate %d...", (int) j); ret = gnutls_x509_crt_init (&certs[j]); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d,%d]: %s", (int)i, (int)j, - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d,%d]: %s", + (int) i, (int) j, gnutls_strerror (ret)); tmp.data = (char *) chains[i].chain[j]; tmp.size = strlen (chains[i].chain[j]); @@ -796,11 +796,11 @@ main (int argc, char *argv[]) ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM); printf ("done\n"); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s", (int)i, (int)j, - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s", + (int) i, (int) j, gnutls_strerror (ret)); gnutls_x509_crt_print (certs[j], GNUTLS_CRT_PRINT_ONELINE, &tmp); - printf ("\tCertificate %d: %.*s\n", (int)j, tmp.size, tmp.data); + printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data); gnutls_free (tmp.data); } diff --git a/tests/crq_apis.c b/tests/crq_apis.c index ee5da504df..63742b228a 100644 --- a/tests/crq_apis.c +++ b/tests/crq_apis.c @@ -56,7 +56,8 @@ static unsigned char key_pem[] = "-----END RSA PRIVATE KEY-----\n"; const gnutls_datum_t key = { key_pem, sizeof (key_pem) }; -void doit (void) +void +doit (void) { gnutls_x509_privkey_t pkey; gnutls_x509_crt_t crt; @@ -169,7 +170,8 @@ void doit (void) fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret); s = 0; - ret = gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_SERVER, 0); + ret = + gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_SERVER, 0); if (ret != 0) fail ("gnutls_x509_crq_set_key_purpose_oid %d\n", ret); @@ -179,7 +181,8 @@ void doit (void) fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret); s = 0; - ret = gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_CLIENT, 1); + ret = + gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_CLIENT, 1); if (ret != 0) fail ("gnutls_x509_crq_set_key_purpose_oid2 %d\n", ret); diff --git a/tests/cve-2008-4989.c b/tests/cve-2008-4989.c index 65a9de3277..fd4fb85fe7 100644 --- a/tests/cve-2008-4989.c +++ b/tests/cve-2008-4989.c @@ -38,112 +38,109 @@ static const char *pem_certs[] = { "-----BEGIN CERTIFICATE-----\n" - "MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n" - "RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n" - "ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n" - "MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n" - "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n" - "aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n" - "UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n" - "VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n" - "96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n" - "XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n" - "bF7pG7Cg3oEHUM0H5KUU\n" - "-----END CERTIFICATE-----\n", + "MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n" + "RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n" + "ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n" + "MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n" + "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n" + "aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n" + "UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n" + "VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n" + "96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n" + "XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n" + "bF7pG7Cg3oEHUM0H5KUU\n" "-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n" - "MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n" - "BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n" - "Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n" - "FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n" - "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n" - "2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n" - "5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n" - "AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n" - "A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n" - "AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n" - "n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n" - "-----END CERTIFICATE-----\n", + "MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n" + "BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n" + "Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n" + "FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n" + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n" + "2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n" + "5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n" + "AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n" + "A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n" + "AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n" + "n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n" + "-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n" - "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n" - "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n" - "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n" - "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n" - "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n" - "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n" - "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n" - "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n" - "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n" - "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" - "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n" - "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n" - "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n" - "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n" - "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n" - "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n" - "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n" - "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n" - "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n" - "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n" - "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n" - "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n" - "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n" - "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" - "-----END CERTIFICATE-----\n" + "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n" + "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n" + "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n" + "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n" + "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n" + "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n" + "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n" + "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n" + "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n" + "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n" + "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n" + "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n" + "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n" + "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n" + "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n" + "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n" + "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n" + "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n" + "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n" + "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n" + "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n" + "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" "-----END CERTIFICATE-----\n" }; static const char *pem_ca = { "-----BEGIN CERTIFICATE-----\n" - "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n" - "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n" - "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n" - "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n" - "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n" - "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n" - "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n" - "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n" - "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n" - "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" - "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n" - "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n" - "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n" - "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n" - "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n" - "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n" - "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n" - "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n" - "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n" - "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n" - "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n" - "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n" - "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n" - "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" - "-----END CERTIFICATE-----\n" + "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n" + "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n" + "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n" + "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n" + "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n" + "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n" + "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n" + "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n" + "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n" + "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n" + "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n" + "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n" + "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n" + "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n" + "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n" + "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n" + "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n" + "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n" + "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n" + "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n" + "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n" + "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" "-----END CERTIFICATE-----\n" }; #define CHAIN_LENGTH (sizeof (pem_certs) / sizeof (pem_certs[0])) static const char *pem_self_cert = { "-----BEGIN CERTIFICATE-----\n" - "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n" - "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n" - "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n" - "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n" - "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n" - "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n" - "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n" - "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n" - "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n" - "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n" - "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n" - "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n" - "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n" - "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n" - "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n" - "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n" - "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n" - "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n" - "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n" - "-----END CERTIFICATE-----\n" + "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n" + "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n" + "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n" + "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n" + "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n" + "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n" + "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n" + "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n" + "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n" + "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n" + "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n" + "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n" + "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n" + "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n" + "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n" + "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n" + "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n" + "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n" + "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n" + "-----END CERTIFICATE-----\n" }; int @@ -171,7 +168,7 @@ main (int argc, char *argv[]) error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d]: %s", i, gnutls_strerror (ret)); - tmp.data = (char*) pem_certs[i]; + tmp.data = (char *) pem_certs[i]; tmp.size = strlen (pem_certs[i]); ret = gnutls_x509_crt_import (certs[i], &tmp, GNUTLS_X509_FMT_PEM); @@ -182,9 +179,10 @@ main (int argc, char *argv[]) ret = gnutls_x509_crt_init (&ca); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", + gnutls_strerror (ret)); - tmp.data = (char*) pem_ca; + tmp.data = (char *) pem_ca; tmp.size = strlen (pem_ca); ret = gnutls_x509_crt_import (ca, &tmp, GNUTLS_X509_FMT_PEM); @@ -213,9 +211,10 @@ main (int argc, char *argv[]) ret = gnutls_x509_crt_init (&self_cert); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", + gnutls_strerror (ret)); - tmp.data = (char*) pem_self_cert; + tmp.data = (char *) pem_self_cert; tmp.size = strlen (pem_self_cert); ret = gnutls_x509_crt_import (self_cert, &tmp, GNUTLS_X509_FMT_PEM); diff --git a/tests/cve-2009-1415.c b/tests/cve-2009-1415.c index fe89aa4cfb..b74a5a29b4 100644 --- a/tests/cve-2009-1415.c +++ b/tests/cve-2009-1415.c @@ -67,8 +67,7 @@ static char dsa_cert[] = "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n" "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n" "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n" - "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" - "-----END CERTIFICATE-----\n"; + "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n"; const gnutls_datum_t dsa_cert_dat = { dsa_cert, sizeof (dsa_cert) diff --git a/tests/dhepskself.c b/tests/dhepskself.c index 406668d40d..ce9f58e577 100644 --- a/tests/dhepskself.c +++ b/tests/dhepskself.c @@ -60,7 +60,7 @@ client (void) gnutls_session_t session; char buffer[MAX_BUF + 1]; gnutls_psk_client_credentials_t pskcred; - const gnutls_datum_t key = { (char*) "DEADBEEF", 8 }; + const gnutls_datum_t key = { (char *) "DEADBEEF", 8 }; gnutls_global_init (); @@ -167,7 +167,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -220,7 +220,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/dn2.c b/tests/dn2.c index 4df3f71b34..5ea4fb9e11 100644 --- a/tests/dn2.c +++ b/tests/dn2.c @@ -61,10 +61,10 @@ static char pem[] = "96B6WWBo9mzgwSM1d8LDhrarZ7uQhm+kBAMyEXhmDnCPWhvExvxJzjEmOlxjThyP\n" "2yvIgfLyDfplRe+jUbsY7YNe08eEyoLRq1jwPuRWTaEx2gA7C6pq45747/HkJrtF\n" "ya3ULM/AJv6Nj6pobxzQ5rEkUGEwKavu7GMjLrSMnHrbVCiQrn1v6c7B9nSPA31L\n" - "/do1TDFI0vSl5+M=\n" - "-----END CERTIFICATE-----\n"; + "/do1TDFI0vSl5+M=\n" "-----END CERTIFICATE-----\n"; -static const char *info = "subject `1.3.6.1.4.1.311.60.2.1.3=#13024445,1.3.6.1.4.1.311.60.2.1.1=#14084d75656e6368656e,2.5.4.15=#131256312e302c20436c6175736520352e286229,serialNumber=HRB 144261,C=DE,2.5.4.17=#14053830383037,ST=Bavaria,L=Muenchen,STREET=Frankfurter Ring 129,O=GMX GmbH,CN=www.gmx.de', issuer `C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using RSA-SHA1, activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59 UTC', SHA-1 fingerprint `7ece297c45d5b17685224b4e929a30e91a9553cb'"; +static const char *info = + "subject `1.3.6.1.4.1.311.60.2.1.3=#13024445,1.3.6.1.4.1.311.60.2.1.1=#14084d75656e6368656e,2.5.4.15=#131256312e302c20436c6175736520352e286229,serialNumber=HRB 144261,C=DE,2.5.4.17=#14053830383037,ST=Bavaria,L=Muenchen,STREET=Frankfurter Ring 129,O=GMX GmbH,CN=www.gmx.de', issuer `C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using RSA-SHA1, activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59 UTC', SHA-1 fingerprint `7ece297c45d5b17685224b4e929a30e91a9553cb'"; void doit (void) @@ -94,9 +94,7 @@ doit (void) success ("comparison ok\n"); else fail ("comparison fail (%d/%d)\nexpect: %s\n got: %.*s\n", - out.size, strlen (info), - info, - out.size, out.data); + out.size, strlen (info), info, out.size, out.data); gnutls_x509_crt_deinit (cert); gnutls_global_deinit (); diff --git a/tests/finished.c b/tests/finished.c index 5a5810ff4b..f482ef8d83 100644 --- a/tests/finished.c +++ b/tests/finished.c @@ -155,7 +155,7 @@ doit (void) { /* Server stuff. */ gnutls_anon_server_credentials_t s_anoncred; - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; static gnutls_dh_params_t dh_params; gnutls_session_t server; int sret = GNUTLS_E_AGAIN; diff --git a/tests/hostname-check.c b/tests/hostname-check.c index 45257ebf40..22ce874f00 100644 --- a/tests/hostname-check.c +++ b/tests/hostname-check.c @@ -549,8 +549,7 @@ char pem9[] = "A1UdDgQWBBRMuQqb+h00437ey9IHFf6h2stokTALBgkqhkiG9w0BAQUDgYEAoh/S\n" "kF/JHG+SHcULrLAXI8VnRpRvD2J9Zkwo/7cQc2CuDqJHgoO7iQ3xFl75WzVLzu5e\n" "0K21i8w3s6xNG1jCTxx/xqw9JRhnN/AnEZssILZ4JCGmd0TnGuX2v0WEMoFnr42W\n" - "Jvc5MWtjxRWd4KCaHpYSy62Fy6fUhqzY9emkKyA=\n" - "-----END CERTIFICATE-----\n"; + "Jvc5MWtjxRWd4KCaHpYSy62Fy6fUhqzY9emkKyA=\n" "-----END CERTIFICATE-----\n"; /* Certificate with SAN and CN that match iff you truncate the SAN to the embedded NUL. @@ -634,8 +633,7 @@ char pem10[] = "ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L\n" "gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t\n" "170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt\n" - "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" - "-----END CERTIFICATE-----\n"; + "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" "-----END CERTIFICATE-----\n"; #ifdef ENABLE_OPENPGP /* Check basic OpenPGP comparison too. @@ -668,8 +666,7 @@ char pem11[] = "03G+ynCHf5pBAXHhfCNhA0lMv5h3eJECNElcCh0sYGmo19jOzbnlRSGKRqrflOtO\n" "YwhQXK9y/ohJBBgRAgAJBQJFyJ51AhsMAAoJEK5frT5dHRTYDDgAn2bLaS5n3Xy8\n" "Z/V2Me1st/9pqPfZAJ4+9YBnyjCq/0vosIoZabi+s92m7g==\n" - "=NkXV\n" - "-----END PGP PUBLIC KEY BLOCK-----\n"; + "=NkXV\n" "-----END PGP PUBLIC KEY BLOCK-----\n"; #endif void diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c index d46180cd32..9cc3c5a301 100644 --- a/tests/mini-eagain.c +++ b/tests/mini-eagain.c @@ -56,7 +56,7 @@ client_pull (gnutls_transport_ptr_t tr, void *data, size_t len) unsigned char rnd; gcry_create_nonce (&rnd, 1); - if (handshake == 0 && rnd % 2 == 0) + if (handshake == 0 && rnd % 2 == 0) { gnutls_transport_set_global_errno (EAGAIN); return -1; @@ -105,7 +105,7 @@ server_pull (gnutls_transport_ptr_t tr, void *data, size_t len) unsigned char rnd; gcry_create_nonce (&rnd, 1); - if (handshake == 0 && rnd % 2 == 0) + if (handshake == 0 && rnd % 2 == 0) { gnutls_transport_set_global_errno (EAGAIN); return -1; @@ -134,7 +134,7 @@ server_push (gnutls_transport_ptr_t tr, const void *data, size_t len) //success ("server_push len %d has %d\n", len, to_client_len); gcry_create_nonce (&rnd, 1); - if (handshake == 0 && rnd % 2 == 0) + if (handshake == 0 && rnd % 2 == 0) { gnutls_transport_set_global_errno (EAGAIN); return -1; @@ -164,7 +164,7 @@ doit (void) { /* Server stuff. */ gnutls_anon_server_credentials_t s_anoncred; - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; static gnutls_dh_params_t dh_params; gnutls_session_t server; int sret = GNUTLS_E_AGAIN; @@ -230,46 +230,48 @@ doit (void) ns = gnutls_record_send (client, MSG, strlen (MSG)); //success ("client: sent %d\n", ns); - do + do { //success("transferred: %d\n", transferred); ret = gnutls_record_recv (server, buffer, MAX_BUF); if (ret == 0) - fail ("server: didn't receive any data\n"); - else if (ret < 0) - { - if (ret != GNUTLS_E_AGAIN) { - fail ("server: error: %s\n", gnutls_strerror (ret)); - break; - } - } + fail ("server: didn't receive any data\n"); + else if (ret < 0) + { + if (ret != GNUTLS_E_AGAIN) + { + fail ("server: error: %s\n", gnutls_strerror (ret)); + break; + } + } else - { - transferred+=ret; - fputs ("*", stdout); - } - - ns = gnutls_record_send (server, MSG, strlen (MSG)); - //success ("server: sent %d\n", ns); - - ret = gnutls_record_recv (client, buffer, MAX_BUF); - if (ret == 0) - { - fail ("client: Peer has closed the TLS connection\n"); - } - else if (ret < 0) - { - if (ret != GNUTLS_E_AGAIN) { - fail ("client: Error: %s\n", gnutls_strerror (ret)); - break; - } - } - else - { - transferred+=ret; - fputs (".", stdout); - } + { + transferred += ret; + fputs ("*", stdout); + } + + ns = gnutls_record_send (server, MSG, strlen (MSG)); + //success ("server: sent %d\n", ns); + + ret = gnutls_record_recv (client, buffer, MAX_BUF); + if (ret == 0) + { + fail ("client: Peer has closed the TLS connection\n"); + } + else if (ret < 0) + { + if (ret != GNUTLS_E_AGAIN) + { + fail ("client: Error: %s\n", gnutls_strerror (ret)); + break; + } + } + else + { + transferred += ret; + fputs (".", stdout); + } } while (transferred < 7000); fputs ("\n", stdout); diff --git a/tests/mini.c b/tests/mini.c index b64401db62..21a426ee7e 100644 --- a/tests/mini.c +++ b/tests/mini.c @@ -137,7 +137,7 @@ doit (void) { /* Server stuff. */ gnutls_anon_server_credentials_t s_anoncred; - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; static gnutls_dh_params_t dh_params; gnutls_session_t server; int sret = GNUTLS_E_AGAIN; diff --git a/tests/nul-in-x509-names.c b/tests/nul-in-x509-names.c index f79dea0fff..0ad9626a5e 100644 --- a/tests/nul-in-x509-names.c +++ b/tests/nul-in-x509-names.c @@ -54,8 +54,7 @@ static char badguy_nul_cn_data[] = "8/pc7vh7C8Y5tQQzXq64Xg5mzKjAag3sYMHF2TnqvRuPHH0WOLHoyDcBqkuZ3+QP\n" "EL5h7prPzScFRgBg2Gp0CDI8i5ABagczDGyQ2+r7ahcadrtzFCfhpH7V3TCxXfIO\n" "qtSy1Uz2T5EqB/Q3wc9IGcX+fpKWqN9QajGSo7EU/kHMSWKYTerFugUtScMicu9B\n" - "CQ==\n" - "-----END CERTIFICATE-----\n"; + "CQ==\n" "-----END CERTIFICATE-----\n"; const gnutls_datum_t badguy_nul_cn = { badguy_nul_cn_data, sizeof (badguy_nul_cn_data) @@ -120,11 +119,11 @@ main (void) ret = gnutls_x509_crt_check_hostname (crt, "www.bank.com"); if (ret == 0) { - puts("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)"); + puts ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)"); } else { - puts("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)"); + puts ("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)"); exit_code = 1; } @@ -138,11 +137,11 @@ main (void) ret = gnutls_x509_crt_check_hostname (crt, "www.bank.com"); if (ret == 0) { - puts("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)"); + puts ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)"); } else { - puts("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)"); + puts ("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)"); exit_code = 1; } diff --git a/tests/openpgpself.c b/tests/openpgpself.c index 2b07ae31f7..958388ac6d 100644 --- a/tests/openpgpself.c +++ b/tests/openpgpself.c @@ -239,7 +239,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -352,7 +352,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/oprfi.c b/tests/oprfi.c index 46089cefcb..8f128ef6fd 100644 --- a/tests/oprfi.c +++ b/tests/oprfi.c @@ -292,7 +292,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c index ff72f43053..28e24aaf27 100644 --- a/tests/pkcs12_encode.c +++ b/tests/pkcs12_encode.c @@ -45,8 +45,7 @@ static char client_pem[] = "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" - "dc8Siq5JojruiMizAf0pA7in\n" - "-----END CERTIFICATE-----\n"; + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; const gnutls_datum_t client_dat = { client_pem, sizeof (client_pem) }; static char ca_pem[] = @@ -61,8 +60,7 @@ static char ca_pem[] = "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n" "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n" "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n" - "PfqUpIhz5Bbm7J4=\n" - "-----END CERTIFICATE-----\n"; + "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n"; const gnutls_datum_t ca_dat = { ca_pem, sizeof (ca_pem) }; int diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c index 58c58ee299..e8b6dfcb29 100644 --- a/tests/pkcs12_s2k.c +++ b/tests/pkcs12_s2k.c @@ -75,27 +75,36 @@ static struct size_t iter; size_t keylen; const char *key; -} tv[] = { - { 1, "smeg", "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, 24, - "8aaae6297b6cb04642ab5b077851284eb7128f1a2a7fbca3" }, - { 2, "smeg", "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, 8, - "79993dfe048d3b76" }, - { 1, "smeg", "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, 24, - "f3a95fec48d7711e985cfe67908c5ab79fa3d7c5caa5d966" }, - { 2, "smeg", "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, 8, - "c0a38d64a79bea1d" }, - { 3, "smeg", "\x3D\x83\xC0\xE4\x54\x6A\xC1\x40", 1, 20, - "8d967d88f6caa9d714800ab3d48051d63f73a312" }, - { 1, "queeg", "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", 1000, 24, - "ed2034e36328830ff09df1e1a07dd357185dac0d4f9eb3d4" }, - { 2, "queeg", "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", 1000, 8, - "11dedad7758d4860" }, - { 1, "queeg", "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", 1000, 24, - "483dd6e919d7de2e8e648ba8f862f3fbfbdc2bcb2c02957f" }, - { 2, "queeg", "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", 1000, 8, - "9d461d1b00355c50" }, - { 3, "queeg", "\x26\x32\x16\xFC\xC2\xFA\xB3\x1C", 1000, 20, - "5ec4c7a80df652294c3925b6489a7ab857c83476" } +} tv[] = +{ + { + 1, "smeg", "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, 24, + "8aaae6297b6cb04642ab5b077851284eb7128f1a2a7fbca3"}, + { + 2, "smeg", "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, 8, "79993dfe048d3b76"}, + { + 1, "smeg", "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, 24, + "f3a95fec48d7711e985cfe67908c5ab79fa3d7c5caa5d966"}, + { + 2, "smeg", "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, 8, "c0a38d64a79bea1d"}, + { + 3, "smeg", "\x3D\x83\xC0\xE4\x54\x6A\xC1\x40", 1, 20, + "8d967d88f6caa9d714800ab3d48051d63f73a312"}, + { + 1, "queeg", "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", 1000, 24, + "ed2034e36328830ff09df1e1a07dd357185dac0d4f9eb3d4"}, + { + 2, "queeg", "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", 1000, 8, + "11dedad7758d4860"}, + { + 1, "queeg", "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", 1000, 24, + "483dd6e919d7de2e8e648ba8f862f3fbfbdc2bcb2c02957f"}, + { + 2, "queeg", "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", 1000, 8, + "9d461d1b00355c50"}, + { + 3, "queeg", "\x26\x32\x16\xFC\xC2\xFA\xB3\x1C", 1000, 20, + "5ec4c7a80df652294c3925b6489a7ab857c83476"} }; void @@ -123,8 +132,7 @@ doit (void) fail ("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc); if (strcmp (_gnutls_bin2hex (key, sizeof (key), - tmp, sizeof (tmp)), - values[x]) != 0) + tmp, sizeof (tmp)), values[x]) != 0) fail ("_gnutls_pkcs12_string_to_key failed[1]\n"); printf ("ij: %d.%d: %s\n", i, j, diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c index 71fe4bf4c8..7298e19685 100644 --- a/tests/pkcs12_s2k_pem.c +++ b/tests/pkcs12_s2k_pem.c @@ -234,17 +234,28 @@ static struct const char *password; const char *pkcs12key; int expected_result; -} keys[] = { - { "x_9607", "123456", X_9607, 0 }, - { "x_9671", "123456", X_9671, 0 }, - { "x_9925", "123456", X_9925, 0 }, - { "x_9926", "123456", X_9926, 0 }, - { "x_9927", "123456", X_9927, 0 }, - { "x_9928", "123456", X_9928, 0 }, - { "x_9929", "123456", X_9929, 0 }, - { "x_9930", "123456", X_9930, 0 }, - { "x_9931", "123456", X_9931, 0 }, - { "x_9932", "123456", X_9932, 0 } +} keys[] = +{ + { + "x_9607", "123456", X_9607, 0}, + { + "x_9671", "123456", X_9671, 0}, + { + "x_9925", "123456", X_9925, 0}, + { + "x_9926", "123456", X_9926, 0}, + { + "x_9927", "123456", X_9927, 0}, + { + "x_9928", "123456", X_9928, 0}, + { + "x_9929", "123456", X_9929, 0}, + { + "x_9930", "123456", X_9930, 0}, + { + "x_9931", "123456", X_9931, 0}, + { + "x_9932", "123456", X_9932, 0} }; int @@ -265,7 +276,7 @@ main (void) if (ret < 0) return 1; - tmp.data = (char*) keys[i].pkcs12key; + tmp.data = (char *) keys[i].pkcs12key; tmp.size = strlen (tmp.data); ret = gnutls_x509_privkey_import_pkcs8 (key, &tmp, diff --git a/tests/pskself.c b/tests/pskself.c index d3e42f473f..6c74763c2b 100644 --- a/tests/pskself.c +++ b/tests/pskself.c @@ -56,7 +56,7 @@ client (void) gnutls_psk_client_credentials_t pskcred; /* Need to enable anonymous KX specifically. */ const int kx_prio[] = { GNUTLS_KX_PSK, 0 }; - const gnutls_datum_t key = { (char*) "DEADBEEF", 8 }; + const gnutls_datum_t key = { (char *) "DEADBEEF", 8 }; gnutls_global_init (); @@ -206,7 +206,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/resume.c b/tests/resume.c index 5cc3eda330..c52c1d6bed 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -58,16 +58,15 @@ struct params_res int expect_resume; }; -struct params_res resume_tests[] = - { - {"try to resume from db", 50, 0, 0, 1}, +struct params_res resume_tests[] = { + {"try to resume from db", 50, 0, 0, 1}, #ifdef ENABLE_SESSION_TICKET - {"try to resume from session ticket", 0, 1, 1, 1}, - {"try to resume from session ticket (server only)", 0, 1, 0, 0}, - {"try to resume from session ticket (client only)", 0, 0, 1, 0}, + {"try to resume from session ticket", 0, 1, 1, 1}, + {"try to resume from session ticket (server only)", 0, 1, 0, 0}, + {"try to resume from session ticket (client only)", 0, 0, 1, 0}, #endif - {NULL, -1} - }; + {NULL, -1} +}; /* A very basic TLS client, with anonymous authentication. */ @@ -256,7 +255,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -294,7 +293,8 @@ global_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/tlsia.c b/tests/tlsia.c index fff10a8595..cc1dbce345 100644 --- a/tests/tlsia.c +++ b/tests/tlsia.c @@ -262,7 +262,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -378,7 +378,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/x509_altname.c b/tests/x509_altname.c index ef99bae377..c9f00dc623 100644 --- a/tests/x509_altname.c +++ b/tests/x509_altname.c @@ -30,35 +30,34 @@ #include "utils.h" static char pem[] = -"-----BEGIN CERTIFICATE-----\n" -"MIIE6zCCA9OgAwIBAgIBdjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJTRTEf\n" -"MB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRldDEgMB4GA1UEAxMXU3RvY2to\n" -"b2xtIFVuaXZlcnNpdHkgQ0EwHhcNMDYwMzIyMDkxNTI4WhcNMDcwMzIyMDkxNTI4\n" -"WjBDMQswCQYDVQQGEwJTRTEfMB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRl\n" -"dDETMBEGA1UEAxMKc2lwMS5zdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\n" -"gYEArUzXTD36ZK7CwZJH/faUNTcdaqM7JyiZsfrO703d7cT/bJ3wKxT8trOOh/Ou\n" -"WwgGFX2+r7ykun3aIUXUuD13Yle/yHqH/4g9vWX7UeFCBlSI0tAxnlqt0QqlPgSd\n" -"GLHcoO4PPyjon9jj0A/zpJGZHiRUCooo63YqE9MYfr5HBfkCAwEAAaOCAl8wggJb\n" -"MAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYD\n" -"VR0OBBYEFDpcXNHMLJ7fc/c72BtZseq4MDXFMH8GA1UdIwR4MHaAFJ4uMLo32VFE\n" -"yZ2/GCHxvX7utYZIoVukWTBXMQswCQYDVQQGEwJTRTEYMBYGA1UEChMPVW1lYSBV\n" -"bml2ZXJzaXR5MRMwEQYDVQQLEwpTd1VQS0ktUENBMRkwFwYDVQQDExBTd1VQS0kg\n" -"UG9saWN5IENBggEQMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYS5zdS5zZS8y\n" -"MDA1LTEvY3JsLXYyLmNybDB5BgNVHSAEcjBwMG4GCCqFcCsCAQEBMGIwHwYIKwYB\n" -"BQUHAgEWE2h0dHA6Ly9jYS5zdS5zZS9DUFMwPwYIKwYBBQUHAgIwMxoxTGltaXRl\n" -"ZCBMaWFiaWxpdHksIHNlZSBodHRwOi8vd3d3LnN3dXBraS5zdS5zZS9DUDAkBgNV\n" -"HRIEHTAbgQhjYUBzdS5zZYYPaHR0cDovL2NhLnN1LnNlMIG3BgNVHREEga8wgayC\n" -"F2luY29taW5ncHJveHkuc2lwLnN1LnNlghhpbmNvbWluZ3Byb3h5MS5zaXAuc3Uu\n" -"c2WCF291dGdvaW5ncHJveHkuc2lwLnN1LnNlghhvdXRnb2luZ3Byb3h5MS5zaXAu\n" -"c3Uuc2WCDW91dC5zaXAuc3Uuc2WCE2FwcHNlcnZlci5zaXAuc3Uuc2WCFGFwcHNl\n" -"cnZlcjEuc2lwLnN1LnNlggpzaXAxLnN1LnNlMA0GCSqGSIb3DQEBBQUAA4IBAQAR\n" -"FYg7ytcph0E7WmvM44AN/8qru7tRX6aSFWrjLyVr/1Wk4prCK4y5JpfNw5dh9Z8f\n" -"/gyFsr1iFsb6fS3nJTTd3fVlWRfcNCGIx5g8KuSb3u6f7VznkGOeiRMRESQc1G8B\n" -"eh0zbdZS7BYO2g9EKlbGST5PwQnc4g9K7pqPyKSNVkzb60Nujg/+qYje7MCcN+ZR\n" -"nUBo6U2NZ06/QEUFm+uUIhZ8IGM1gLehC7Q3G4+d4c38CDJxQnSPOgWiXuSvhhQm\n" -"KDsbrKzRaeBRh5eEJbTkA8Dp0Emb0UrkRVhixeg97stxUcATAjdGljJ9MLnuHXnI\n" -"7ihGdUfg5q/105vpsQpO\n" -"-----END CERTIFICATE-----\n"; + "-----BEGIN CERTIFICATE-----\n" + "MIIE6zCCA9OgAwIBAgIBdjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJTRTEf\n" + "MB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRldDEgMB4GA1UEAxMXU3RvY2to\n" + "b2xtIFVuaXZlcnNpdHkgQ0EwHhcNMDYwMzIyMDkxNTI4WhcNMDcwMzIyMDkxNTI4\n" + "WjBDMQswCQYDVQQGEwJTRTEfMB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRl\n" + "dDETMBEGA1UEAxMKc2lwMS5zdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\n" + "gYEArUzXTD36ZK7CwZJH/faUNTcdaqM7JyiZsfrO703d7cT/bJ3wKxT8trOOh/Ou\n" + "WwgGFX2+r7ykun3aIUXUuD13Yle/yHqH/4g9vWX7UeFCBlSI0tAxnlqt0QqlPgSd\n" + "GLHcoO4PPyjon9jj0A/zpJGZHiRUCooo63YqE9MYfr5HBfkCAwEAAaOCAl8wggJb\n" + "MAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYD\n" + "VR0OBBYEFDpcXNHMLJ7fc/c72BtZseq4MDXFMH8GA1UdIwR4MHaAFJ4uMLo32VFE\n" + "yZ2/GCHxvX7utYZIoVukWTBXMQswCQYDVQQGEwJTRTEYMBYGA1UEChMPVW1lYSBV\n" + "bml2ZXJzaXR5MRMwEQYDVQQLEwpTd1VQS0ktUENBMRkwFwYDVQQDExBTd1VQS0kg\n" + "UG9saWN5IENBggEQMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYS5zdS5zZS8y\n" + "MDA1LTEvY3JsLXYyLmNybDB5BgNVHSAEcjBwMG4GCCqFcCsCAQEBMGIwHwYIKwYB\n" + "BQUHAgEWE2h0dHA6Ly9jYS5zdS5zZS9DUFMwPwYIKwYBBQUHAgIwMxoxTGltaXRl\n" + "ZCBMaWFiaWxpdHksIHNlZSBodHRwOi8vd3d3LnN3dXBraS5zdS5zZS9DUDAkBgNV\n" + "HRIEHTAbgQhjYUBzdS5zZYYPaHR0cDovL2NhLnN1LnNlMIG3BgNVHREEga8wgayC\n" + "F2luY29taW5ncHJveHkuc2lwLnN1LnNlghhpbmNvbWluZ3Byb3h5MS5zaXAuc3Uu\n" + "c2WCF291dGdvaW5ncHJveHkuc2lwLnN1LnNlghhvdXRnb2luZ3Byb3h5MS5zaXAu\n" + "c3Uuc2WCDW91dC5zaXAuc3Uuc2WCE2FwcHNlcnZlci5zaXAuc3Uuc2WCFGFwcHNl\n" + "cnZlcjEuc2lwLnN1LnNlggpzaXAxLnN1LnNlMA0GCSqGSIb3DQEBBQUAA4IBAQAR\n" + "FYg7ytcph0E7WmvM44AN/8qru7tRX6aSFWrjLyVr/1Wk4prCK4y5JpfNw5dh9Z8f\n" + "/gyFsr1iFsb6fS3nJTTd3fVlWRfcNCGIx5g8KuSb3u6f7VznkGOeiRMRESQc1G8B\n" + "eh0zbdZS7BYO2g9EKlbGST5PwQnc4g9K7pqPyKSNVkzb60Nujg/+qYje7MCcN+ZR\n" + "nUBo6U2NZ06/QEUFm+uUIhZ8IGM1gLehC7Q3G4+d4c38CDJxQnSPOgWiXuSvhhQm\n" + "KDsbrKzRaeBRh5eEJbTkA8Dp0Emb0UrkRVhixeg97stxUcATAjdGljJ9MLnuHXnI\n" + "7ihGdUfg5q/105vpsQpO\n" "-----END CERTIFICATE-----\n"; #define MAX_DATA_SIZE 1024 @@ -69,7 +68,7 @@ doit (void) gnutls_datum_t derCert = { pem, sizeof (pem) }; gnutls_x509_crt_t cert; size_t data_len = MAX_DATA_SIZE; - char data[ MAX_DATA_SIZE ]; + char data[MAX_DATA_SIZE]; unsigned int critical = 0; int alt_name_count = 0; @@ -85,32 +84,43 @@ doit (void) if (ret < 0) fail ("crt_import %d\n", ret); - for (alt_name_count = 0; ; ++alt_name_count) { - ret = gnutls_x509_crt_get_issuer_alt_name (cert, alt_name_count, data, &data_len, &critical); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + for (alt_name_count = 0;; ++alt_name_count) + { + ret = + gnutls_x509_crt_get_issuer_alt_name (cert, alt_name_count, data, + &data_len, &critical); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; - if (ret < 0) - fail ("get_issuer_alt_name: %d\n", ret); + if (ret < 0) + fail ("get_issuer_alt_name: %d\n", ret); - // TODO: print out / check results - if (GNUTLS_SAN_URI == ret) { - if (strcmp( data, "http://ca.su.se" ) != 0) { - fail("unexpected issuer GNUTLS_SAN_URI: %s\n", data); - } - } else if (GNUTLS_SAN_RFC822NAME == ret) { - if (strcmp( data, "ca@su.se" ) != 0) { - fail("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data); - } - } else { - fail("unexpected alt name type: %d\n", ret); + // TODO: print out / check results + if (GNUTLS_SAN_URI == ret) + { + if (strcmp (data, "http://ca.su.se") != 0) + { + fail ("unexpected issuer GNUTLS_SAN_URI: %s\n", data); + } + } + else if (GNUTLS_SAN_RFC822NAME == ret) + { + if (strcmp (data, "ca@su.se") != 0) + { + fail ("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data); + } + } + else + { + fail ("unexpected alt name type: %d\n", ret); + } + data_len = MAX_DATA_SIZE; } - data_len = MAX_DATA_SIZE; - } - if (alt_name_count !=2) { - fail("unexpected number of alt names: %i\n", alt_name_count); - } + if (alt_name_count != 2) + { + fail ("unexpected number of alt names: %i\n", alt_name_count); + } success ("done\n"); diff --git a/tests/x509dn.c b/tests/x509dn.c index 57a517bb1c..f64f68f9fe 100644 --- a/tests/x509dn.c +++ b/tests/x509dn.c @@ -305,7 +305,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -385,7 +385,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) diff --git a/tests/x509self.c b/tests/x509self.c index 14979a1ec0..fa2dbe86c9 100644 --- a/tests/x509self.c +++ b/tests/x509self.c @@ -167,15 +167,15 @@ client (void) print_info (session); ret = gnutls_record_send (session, MSG, strlen (MSG)); - - if (ret == strlen(MSG)) + + if (ret == strlen (MSG)) { success ("client: sent record.\n"); } - else + else { fail ("client: failed to send record.\n"); - gnutls_perror(ret); + gnutls_perror (ret); goto end; } @@ -187,16 +187,16 @@ client (void) { success ("client: doing handshake!\n"); ret = gnutls_handshake (session); - if (ret == 0) - { - success ("client: handshake complete, reading again.\n"); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - } + if (ret == 0) + { + success ("client: handshake complete, reading again.\n"); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + } else - { - fail ("client: handshake failed.\n"); - } - } + { + fail ("client: handshake failed.\n"); + } + } if (ret == 0) { @@ -256,8 +256,8 @@ initialize_tls_session (void) /* request client certificate if any. Moved to later on to be able to test re-handshakes. - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - */ + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); + */ gnutls_dh_set_prime_bits (session, DH_BITS); @@ -269,7 +269,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -349,7 +349,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -438,27 +439,28 @@ server (void) } else if (ret > 0) { - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - - success ("server: got data, forcing rehandshake.\n"); - - ret = gnutls_rehandshake(session); - if (ret < 0) - { - fail ("server: rehandshake failed\n"); - gnutls_perror(ret); - break; - } - - ret = gnutls_handshake(session); - if (ret < 0) - { - fail ("server: (re)handshake failed\n"); - gnutls_perror(ret); - break; - } - - success ("server: rehandshake complete.\n"); + gnutls_certificate_server_set_request (session, + GNUTLS_CERT_REQUEST); + + success ("server: got data, forcing rehandshake.\n"); + + ret = gnutls_rehandshake (session); + if (ret < 0) + { + fail ("server: rehandshake failed\n"); + gnutls_perror (ret); + break; + } + + ret = gnutls_handshake (session); + if (ret < 0) + { + fail ("server: (re)handshake failed\n"); + gnutls_perror (ret); + break; + } + + success ("server: rehandshake complete.\n"); /* echo data back to the client */ diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c index 3b68a70401..532114f297 100644 --- a/tests/x509sign-verify.c +++ b/tests/x509sign-verify.c @@ -65,8 +65,7 @@ static char pem1_cert[] = "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" - "dc8Siq5JojruiMizAf0pA7in\n" - "-----END CERTIFICATE-----\n"; + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; static char pem1_key[] = "-----BEGIN RSA PRIVATE KEY-----\n" @@ -105,8 +104,7 @@ static char pem2_cert[] = "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n" "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n" "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n" - "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" - "-----END CERTIFICATE-----\n"; + "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n"; static char pem2_key[] = "-----BEGIN DSA PRIVATE KEY-----\n" @@ -119,17 +117,18 @@ static char pem2_key[] = "jsY+OpcCgYAPiodX8tHC3KzfS4sPi7op9+ED5FX6spgH1v0SsYC89bq0UNR/oA5D\n" "55/JeBFf5eQMLGtqpDXcvVTlYDaaMdGKWW5rHLq9LrrrfIfv2sjdoeukg+aLrfr6\n" "jlvXN8gyPpbCPvRD2n2RAg+3vPjvj/dBAF6W3w8IltzqsukGgq/SLwIUS5/r/2ya\n" - "AoNBXjeBjgCGMei2m8E=\n" - "-----END DSA PRIVATE KEY-----\n"; + "AoNBXjeBjgCGMei2m8E=\n" "-----END DSA PRIVATE KEY-----\n"; const gnutls_datum_t cert_dat[] = { - { pem1_cert, sizeof (pem1_cert) }, - { pem2_cert, sizeof (pem2_cert) } + {pem1_cert, sizeof (pem1_cert)} + , + {pem2_cert, sizeof (pem2_cert)} }; const gnutls_datum_t key_dat[] = { - { pem1_key, sizeof (pem1_key) }, - { pem2_key, sizeof (pem2_key) } + {pem1_key, sizeof (pem1_key)} + , + {pem2_key, sizeof (pem2_key)} }; void @@ -154,7 +153,8 @@ doit (void) if (ret < 0) fail ("gnutls_x509_privkey_init\n"); - ret = gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM); + ret = + gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM); if (ret < 0) fail ("gnutls_x509_privkey_import\n"); @@ -174,7 +174,8 @@ doit (void) signature.data = _signature; signature.size = _signature_size; - ret = gnutls_x509_crt_get_verify_algorithm (crt, &signature, &hash_algo); + ret = + gnutls_x509_crt_get_verify_algorithm (crt, &signature, &hash_algo); if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1) fail ("gnutls_x509_crt_get_verify_algorithm\n"); diff --git a/tests/x509signself.c b/tests/x509signself.c index b39439d58d..6f7c1a2332 100644 --- a/tests/x509signself.c +++ b/tests/x509signself.c @@ -271,7 +271,7 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params (void) { - const gnutls_datum_t p3 = { (char*) pkcs3, strlen (pkcs3) }; + const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the @@ -350,7 +350,8 @@ server_start (void) sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) |