diff options
116 files changed, 2504 insertions, 2153 deletions
diff --git a/lib/auth_anon.h b/lib/auth_anon.h index fe1ecadf85..03a68b643d 100644 --- a/lib/auth_anon.h +++ b/lib/auth_anon.h @@ -24,4 +24,6 @@ typedef struct anon_client_auth_info_st anon_client_auth_info_st; typedef anon_client_auth_info_st anon_server_auth_info_st; gnutls_dh_params_t _gnutls_anon_get_dh_params(const - gnutls_anon_server_credentials_t sc, gnutls_session_t session); + gnutls_anon_server_credentials_t + sc, + gnutls_session_t session); diff --git a/lib/auth_cert.c b/lib/auth_cert.c index e67678e80a..ea634b701a 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -49,7 +49,8 @@ static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt_t * certs, uint); static gnutls_privkey *alloc_and_load_x509_key(gnutls_x509_privkey_t key); static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key_t cert); -static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey_t +static gnutls_privkey *alloc_and_load_pgp_key(const + gnutls_openpgp_privkey_t key); @@ -614,7 +615,8 @@ int _gnutls_gen_x509_crt(gnutls_session_t session, opaque ** data) enum PGPKeyDescriptorType { PGP_KEY_FINGERPRINT, PGP_KEY }; -int _gnutls_gen_openpgp_certificate(gnutls_session_t session, opaque ** data) +int _gnutls_gen_openpgp_certificate(gnutls_session_t session, + opaque ** data) { int ret; opaque *pdata; @@ -1463,8 +1465,8 @@ static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key_t cert) /* converts the given raw key to gnutls_privkey* and allocates * space for it. */ -static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey_t - key) +static gnutls_privkey *alloc_and_load_pgp_key(const + gnutls_openpgp_privkey_t key) { gnutls_privkey *local_key; int ret = 0; diff --git a/lib/auth_cert.h b/lib/auth_cert.h index f708e60f1a..3bea3e75f3 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -23,12 +23,21 @@ typedef struct retr_st { } gnutls_retr_st; typedef int gnutls_certificate_client_retrieve_function(gnutls_session_t, - const gnutls_datum_t *req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, - gnutls_retr_st *); + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, + const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_retr_st *); typedef int gnutls_certificate_server_retrieve_function(struct - gnutls_session_int*, gnutls_retr_st *); + gnutls_session_int + *, + gnutls_retr_st *); /* This structure may be complex, but it's the only way to * support a server that has multiple certificates @@ -52,7 +61,7 @@ typedef struct { * row (should be 1 for OpenPGP keys). */ uint ncerts; /* contains the number of columns in cert_list. - * This is the same with the number of pkeys. + * This is the same with the number of pkeys. */ gnutls_privkey *pkey; @@ -111,8 +120,8 @@ typedef struct cert_auth_info_st { rsa_info_st rsa_export; gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the - * peer. - */ + * peer. + */ unsigned int ncerts; /* holds the size of the list above */ } *cert_auth_info_t; @@ -125,23 +134,30 @@ int _gnutls_gen_cert_client_cert_vrfy(gnutls_session_t, opaque **); int _gnutls_gen_cert_server_cert_req(gnutls_session_t, opaque **); int _gnutls_proc_cert_cert_req(gnutls_session_t, opaque *, size_t); int _gnutls_proc_cert_client_cert_vrfy(gnutls_session_t, opaque *, size_t); -int _gnutls_proc_cert_server_certificate(gnutls_session_t, opaque *, size_t); +int _gnutls_proc_cert_server_certificate(gnutls_session_t, opaque *, + size_t); int _gnutls_get_selected_cert(gnutls_session_t session, - gnutls_cert ** apr_cert_list, int *apr_cert_list_length, - gnutls_privkey ** apr_pkey); + gnutls_cert ** apr_cert_list, + int *apr_cert_list_length, + gnutls_privkey ** apr_pkey); int _gnutls_server_select_cert(struct gnutls_session_int *, - gnutls_pk_algorithm_t); + gnutls_pk_algorithm_t); void _gnutls_selected_certs_deinit(gnutls_session_t session); void _gnutls_selected_certs_set(gnutls_session_t session, - gnutls_cert * certs, int ncerts, - gnutls_privkey * key, int need_free); + gnutls_cert * certs, int ncerts, + gnutls_privkey * key, int need_free); #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate gnutls_rsa_params_t _gnutls_certificate_get_rsa_params(const - gnutls_certificate_credentials_t sc, gnutls_session_t); + gnutls_certificate_credentials_t + sc, + gnutls_session_t); gnutls_dh_params_t _gnutls_certificate_get_dh_params(const - gnutls_certificate_credentials_t sc, gnutls_session_t session); + gnutls_certificate_credentials_t + sc, + gnutls_session_t + session); #endif diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c index 52de93fe65..9d4922ebbd 100644 --- a/lib/auth_dh_common.c +++ b/lib/auth_dh_common.c @@ -37,8 +37,9 @@ #include <gnutls_state.h> #include <auth_dh_common.h> -int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, opaque * data, - size_t _data_size, mpi_t g, mpi_t p) +int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, + opaque * data, size_t _data_size, + mpi_t g, mpi_t p) { uint16 n_Y; size_t _n_Y; @@ -80,7 +81,8 @@ int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, opaque * data, return 0; } -int _gnutls_gen_dh_common_client_kx(gnutls_session_t session, opaque ** data) +int _gnutls_gen_dh_common_client_kx(gnutls_session_t session, + opaque ** data) { mpi_t x = NULL, X = NULL; size_t n_X; @@ -147,8 +149,8 @@ int _gnutls_gen_dh_common_client_kx(gnutls_session_t session, opaque ** data) return ret; } -int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, opaque * data, - size_t _data_size) +int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, + opaque * data, size_t _data_size) { uint16 n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p; diff --git a/lib/auth_dh_common.h b/lib/auth_dh_common.h index dcddd38f2d..14b8672276 100644 --- a/lib/auth_dh_common.h +++ b/lib/auth_dh_common.h @@ -10,11 +10,12 @@ typedef struct { } dh_info_st; int _gnutls_gen_dh_common_client_kx(gnutls_session_t, opaque **); -int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, opaque * data, - size_t _data_size, mpi_t p, mpi_t g); -int _gnutls_dh_common_print_server_kx(gnutls_session_t, mpi_t g, - mpi_t p, opaque ** data); -int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, opaque * data, - size_t _data_size); +int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, + opaque * data, size_t _data_size, + mpi_t p, mpi_t g); +int _gnutls_dh_common_print_server_kx(gnutls_session_t, mpi_t g, mpi_t p, + opaque ** data); +int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, + opaque * data, size_t _data_size); #endif diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 70dc42365a..60fc309660 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -136,8 +136,8 @@ int _gnutls_get_public_rsa_params(gnutls_session_t session, /* This function reads the RSA parameters from the private key */ -int _gnutls_get_private_rsa_params(gnutls_session_t session, mpi_t ** params, - int *params_size) +int _gnutls_get_private_rsa_params(gnutls_session_t session, + mpi_t ** params, int *params_size) { int bits; const gnutls_certificate_credentials_t cred; @@ -287,7 +287,7 @@ int _gnutls_proc_rsa_client_kx(gnutls_session_t session, opaque * data, int _gnutls_gen_rsa_client_kx(gnutls_session_t session, opaque ** data) { cert_auth_info_t auth = session->key->auth_info; - gnutls_datum_t sdata; /* data to send */ + gnutls_datum_t sdata; /* data to send */ mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; int params_len = MAX_PUBLIC_PARAMS_SIZE; int ret, i; diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 5b2e6ab801..39abd26456 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -65,7 +65,8 @@ const mod_auth_st rsa_export_auth_struct = { _gnutls_proc_cert_cert_req /* proc server cert request */ }; -static int gen_rsa_export_server_kx(gnutls_session_t session, opaque ** data) +static int gen_rsa_export_server_kx(gnutls_session_t session, + opaque ** data) { gnutls_rsa_params_t rsa_params; const mpi_t *rsa_mpis; @@ -213,8 +214,8 @@ int _gnutls_peers_cert_less_512(gnutls_session_t session) return 0; } -static int proc_rsa_export_server_kx(gnutls_session_t session, opaque * data, - size_t _data_size) +static int proc_rsa_export_server_kx(gnutls_session_t session, + opaque * data, size_t _data_size) { uint16 n_m, n_e; size_t _n_m, _n_e; diff --git a/lib/auth_srp.h b/lib/auth_srp.h index 992cf9247c..8d0cf8c5f5 100644 --- a/lib/auth_srp.h +++ b/lib/auth_srp.h @@ -5,35 +5,42 @@ typedef int gnutls_srp_server_credentials_function(gnutls_session_t, - const char *username, gnutls_datum_t * salt, gnutls_datum_t * verifier, - gnutls_datum_t * generator, gnutls_datum_t * prime); + const char *username, + gnutls_datum_t * salt, + gnutls_datum_t * + verifier, + gnutls_datum_t * + generator, + gnutls_datum_t * prime); typedef int gnutls_srp_client_credentials_function(gnutls_session_t, - unsigned int times, char **username, char** password); + unsigned int times, + char **username, + char **password); typedef struct { - char *username; - char *password; - gnutls_srp_client_credentials_function *get_function; + char *username; + char *password; + gnutls_srp_client_credentials_function *get_function; } srp_client_credentials_st; #define gnutls_srp_client_credentials_t srp_client_credentials_st* typedef struct { - char *password_file; - char *password_conf_file; - /* callback function, instead of reading the - * password files. - */ - gnutls_srp_server_credentials_function *pwd_callback; + char *password_file; + char *password_conf_file; + /* callback function, instead of reading the + * password files. + */ + gnutls_srp_server_credentials_function *pwd_callback; } srp_server_cred_st; #define gnutls_srp_server_credentials_t srp_server_cred_st* /* these structures should not use allocated data */ typedef struct srp_server_auth_info_st { - char username[MAX_SRP_USERNAME]; + char username[MAX_SRP_USERNAME]; } *srp_server_auth_info_t; extern const gnutls_datum_t gnutls_srp_1024_group_prime; diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index 1e547dd0b1..1032cb6745 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -254,7 +254,7 @@ int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, ret = cred->pwd_callback(state, username, &entry->salt, &entry->v, &entry->g, &entry->n); - if (ret == 1) { /* the user does not exist */ + if (ret == 1) { /* the user does not exist */ if (entry->g.size != 0 && entry->n.size != 0) { ret = _randomize_pwd_entry(entry); if (ret < 0) { @@ -394,12 +394,12 @@ void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry) _gnutls_free_datum(&entry->salt); if (entry->g.data != gnutls_srp_1024_group_generator.data) - _gnutls_free_datum(&entry->g); + _gnutls_free_datum(&entry->g); if (entry->n.data != gnutls_srp_1024_group_prime.data && - entry->n.data != gnutls_srp_1536_group_prime.data && - entry->n.data != gnutls_srp_2048_group_prime.data) - _gnutls_free_datum(&entry->n); + entry->n.data != gnutls_srp_1536_group_prime.data && + entry->n.data != gnutls_srp_2048_group_prime.data) + _gnutls_free_datum(&entry->n); gnutls_free(entry->username); gnutls_free(entry); diff --git a/lib/auth_srp_passwd.h b/lib/auth_srp_passwd.h index a9ff502536..c5b99f7e60 100644 --- a/lib/auth_srp_passwd.h +++ b/lib/auth_srp_passwd.h @@ -1,18 +1,21 @@ #ifdef ENABLE_SRP typedef struct { - char* username; - - gnutls_datum_t salt; - gnutls_datum_t v; - gnutls_datum_t g; - gnutls_datum_t n; + char *username; + + gnutls_datum_t salt; + gnutls_datum_t v; + gnutls_datum_t g; + gnutls_datum_t n; } SRP_PWD_ENTRY; /* this is locally allocated. It should be freed using the provided function */ -int _gnutls_srp_pwd_read_entry( gnutls_session_t state, char* username, SRP_PWD_ENTRY**); -void _gnutls_srp_entry_free( SRP_PWD_ENTRY * entry); -int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result); -int _gnutls_sbase64_decode(uint8 * data, size_t data_size, uint8 ** result); +int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, + SRP_PWD_ENTRY **); +void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry); +int _gnutls_sbase64_encode(uint8 * data, size_t data_size, + uint8 ** result); +int _gnutls_sbase64_decode(uint8 * data, size_t data_size, + uint8 ** result); -#endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index cf3d7ddba4..625bcab80b 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -113,8 +113,8 @@ int _gnutls_server_name_recv_params(gnutls_session_t session, /* returns data_size or a negative number on failure */ -int _gnutls_server_name_send_params(gnutls_session_t session, opaque * data, - size_t _data_size) +int _gnutls_server_name_send_params(gnutls_session_t session, + opaque * data, size_t _data_size) { uint16 len; opaque *p; diff --git a/lib/ext_server_name.h b/lib/ext_server_name.h index 56ed33aad3..534827df75 100644 --- a/lib/ext_server_name.h +++ b/lib/ext_server_name.h @@ -1,7 +1,7 @@ int _gnutls_server_name_recv_params(gnutls_session_t session, const opaque * data, size_t data_size); -int _gnutls_server_name_send_params(gnutls_session_t session, opaque * data, - size_t); +int _gnutls_server_name_send_params(gnutls_session_t session, + opaque * data, size_t); int gnutls_get_server_name(gnutls_session_t session, void *data, int *data_length, int *type, int indx); diff --git a/lib/ext_srp.h b/lib/ext_srp.h index 8f69518be9..ad4a152891 100644 --- a/lib/ext_srp.h +++ b/lib/ext_srp.h @@ -2,8 +2,9 @@ #define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \ kx == GNUTLS_KX_SRP_DSS)?1:0) - -int _gnutls_srp_recv_params( gnutls_session_t state, const opaque* data, size_t data_size); -int _gnutls_srp_send_params( gnutls_session_t state, opaque* data, size_t); + +int _gnutls_srp_recv_params(gnutls_session_t state, const opaque * data, + size_t data_size); +int _gnutls_srp_send_params(gnutls_session_t state, opaque * data, size_t); #endif diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 9e5b9604f1..d22de3d960 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -64,11 +64,11 @@ typedef struct { gnutls_kx_algorithm_t kx_algorithm; gnutls_pk_algorithm_t pk_algorithm; enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used - * for encryption, CIPHER_SIGN if signature only, - * CIPHER_IGN if this does not apply at all. - * - * This is useful to certificate cipher suites, which check - * against the certificate key usage bits. + * for encryption, CIPHER_SIGN if signature only, + * CIPHER_IGN if this does not apply at all. + * + * This is useful to certificate cipher suites, which check + * against the certificate key usage bits. */ } gnutls_pk_map; @@ -263,8 +263,8 @@ typedef struct { gnutls_kx_algorithm_t kx_algorithm; gnutls_mac_algorithm_t mac_algorithm; gnutls_protocol_t version; /* this cipher suite is supported - * from 'version' and above; - */ + * from 'version' and above; + */ } gnutls_cipher_suite_entry; /* RSA with NULL cipher and MD5 MAC @@ -587,7 +587,8 @@ int _gnutls_compression_get_wbits(gnutls_compression_method_t algorithm) return ret; } -int _gnutls_compression_get_mem_level(gnutls_compression_method_t algorithm) +int _gnutls_compression_get_mem_level(gnutls_compression_method_t + algorithm) { int ret = -1; /* avoid prefix */ @@ -595,7 +596,8 @@ int _gnutls_compression_get_mem_level(gnutls_compression_method_t algorithm) return ret; } -int _gnutls_compression_get_comp_level(gnutls_compression_method_t algorithm) +int _gnutls_compression_get_comp_level(gnutls_compression_method_t + algorithm) { int ret = -1; /* avoid prefix */ @@ -910,7 +912,7 @@ _gnutls_version_is_supported(gnutls_session_t session, /* Type to KX mappings */ gnutls_kx_algorithm_t _gnutls_map_kx_get_kx(gnutls_credentials_type_t type, - int server) + int server) { gnutls_kx_algorithm_t ret = -1; @@ -923,7 +925,7 @@ gnutls_kx_algorithm_t _gnutls_map_kx_get_kx(gnutls_credentials_type_t type, } gnutls_credentials_type_t _gnutls_map_kx_get_cred(gnutls_kx_algorithm_t - algorithm, int server) + algorithm, int server) { gnutls_credentials_type_t ret = -1; if (server) { @@ -955,8 +957,9 @@ _gnutls_cipher_suite_get_version(const cipher_suite_st * suite) return ret; } -gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const cipher_suite_st - * suite) +gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const + cipher_suite_st * + suite) { int ret = 0; @@ -997,7 +1000,8 @@ const char *_gnutls_cipher_suite_get_name(cipher_suite_st * suite) * by TLS or SSL depending of the protocol in use. * **/ -const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t kx_algorithm, +const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t + kx_algorithm, gnutls_cipher_algorithm_t cipher_algorithm, gnutls_mac_algorithm_t @@ -1343,7 +1347,8 @@ _gnutls_supported_compression_methods(gnutls_session_t session, * Returns a string (or NULL) that contains the name * of the specified certificate type. **/ -const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t type) +const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t + type) { const char *ret = NULL; @@ -1358,7 +1363,8 @@ const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t type) /* returns the gnutls_pk_algorithm_t which is compatible with * the given gnutls_kx_algorithm_t. */ -gnutls_pk_algorithm_t _gnutls_map_pk_get_pk(gnutls_kx_algorithm_t kx_algorithm) +gnutls_pk_algorithm_t _gnutls_map_pk_get_pk(gnutls_kx_algorithm_t + kx_algorithm) { gnutls_pk_algorithm_t ret = -1; @@ -1412,7 +1418,8 @@ static const gnutls_sign_entry sign_algorithms[] = { * Returns a string that contains the name * of the specified sign algorithm or NULL. **/ -const char *gnutls_sign_algorithm_get_name(gnutls_sign_algorithm_t algorithm) +const char *gnutls_sign_algorithm_get_name(gnutls_sign_algorithm_t + algorithm) { const char *ret = NULL; diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 409a0e2740..3bda86fa2f 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -48,16 +48,17 @@ int _gnutls_supported_compression_methods(gnutls_session_t session, const char *_gnutls_cipher_suite_get_name(cipher_suite_st * algorithm); gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo(const - cipher_suite_st - * algorithm); -gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const cipher_suite_st - * algorithm); -gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo(const + cipher_suite_st + * + algorithm); +gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const cipher_suite_st * algorithm); -gnutls_protocol_t _gnutls_cipher_suite_get_version(const +gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo(const cipher_suite_st * algorithm); +gnutls_protocol_t _gnutls_cipher_suite_get_version(const cipher_suite_st * + algorithm); cipher_suite_st _gnutls_cipher_suite_get_suite_name(cipher_suite_st * algorithm); @@ -92,24 +93,26 @@ gnutls_compression_method_t _gnutls_compression_get_id(int num); const char *gnutls_compression_get_name(gnutls_compression_method_t algorithm); -int _gnutls_compression_get_mem_level(gnutls_compression_method_t algorithm); +int _gnutls_compression_get_mem_level(gnutls_compression_method_t + algorithm); int _gnutls_compression_get_comp_level(gnutls_compression_method_t algorithm); int _gnutls_compression_get_wbits(gnutls_compression_method_t algorithm); /* Type to KX mappings */ gnutls_kx_algorithm_t _gnutls_map_kx_get_kx(gnutls_credentials_type_t type, - int server); + int server); gnutls_credentials_type_t _gnutls_map_kx_get_cred(gnutls_kx_algorithm_t - algorithm, int server); + algorithm, int server); /* KX to PK mapping */ gnutls_pk_algorithm_t _gnutls_map_pk_get_pk(gnutls_kx_algorithm_t - kx_algorithm); + kx_algorithm); enum encipher_type { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; -enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm_t algorithm); +enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm_t + algorithm); struct gnutls_kx_algo_entry { const char *name; diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index dde79de41a..299f72f005 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -40,7 +40,8 @@ static const int anon_dummy; * This structure is complex enough to manipulate directly thus * this helper function is provided in order to free (deallocate) it. **/ -void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t sc) +void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t + sc) { gnutls_free(sc); @@ -54,8 +55,8 @@ void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t sc) * -*/ gnutls_dh_params_t _gnutls_anon_get_dh_params(const - gnutls_anon_server_credentials_t - sc, gnutls_session_t session) + gnutls_anon_server_credentials_t + sc, gnutls_session_t session) { gnutls_params_st params; int ret; @@ -83,8 +84,9 @@ gnutls_dh_params_t _gnutls_anon_get_dh_params(const * This structure is complex enough to manipulate directly thus * this helper function is provided in order to allocate it. **/ -int gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t - * sc) +int +gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t * + sc) { *sc = gnutls_calloc(1, sizeof(anon_server_credentials_st)); @@ -100,7 +102,8 @@ int gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t * This structure is complex enough to manipulate directly thus * this helper function is provided in order to free (deallocate) it. **/ -void gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc) +void gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t + sc) { } @@ -111,7 +114,9 @@ void gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc) * This structure is complex enough to manipulate directly thus * this helper function is provided in order to allocate it. **/ -int gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t * sc) +int +gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t * + sc) { /* anon_dummy is only there for *sc not to be null. * it is not used at all; diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index c4b547a4a8..e5f4322414 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -169,7 +169,8 @@ gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session) * to access authentication data. * **/ -gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t session) +gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t + session) { return _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo @@ -186,7 +187,8 @@ gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t session) * to access authentication data. * **/ -gnutls_credentials_type_t gnutls_auth_client_get_type(gnutls_session_t session) +gnutls_credentials_type_t gnutls_auth_client_get_type(gnutls_session_t + session) { return _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index 28ac50a9dd..6aea18f317 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -3,19 +3,26 @@ typedef struct mod_auth_st_int { const char *name; /* null terminated */ - int (*gnutls_generate_server_certificate) (gnutls_session_t, opaque **); - int (*gnutls_generate_client_certificate) (gnutls_session_t, opaque **); + int (*gnutls_generate_server_certificate) (gnutls_session_t, + opaque **); + int (*gnutls_generate_client_certificate) (gnutls_session_t, + opaque **); int (*gnutls_generate_server_kx) (gnutls_session_t, opaque **); int (*gnutls_generate_client_kx) (gnutls_session_t, opaque **); /* used in SRP */ int (*gnutls_generate_client_cert_vrfy) (gnutls_session_t, opaque **); - int (*gnutls_generate_server_certificate_request) (gnutls_session_t, opaque **); + int (*gnutls_generate_server_certificate_request) (gnutls_session_t, + opaque **); - int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *, size_t); - int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *, size_t); + int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *, + size_t); + int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *, + size_t); int (*gnutls_process_server_kx) (gnutls_session_t, opaque *, size_t); int (*gnutls_process_client_kx) (gnutls_session_t, opaque *, size_t); - int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, size_t); - int (*gnutls_process_server_certificate_request) (gnutls_session_t, opaque *, size_t); + int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, + size_t); + int (*gnutls_process_server_certificate_request) (gnutls_session_t, + opaque *, size_t); } mod_auth_st; #endif diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h index d4e690d6a7..cb0b9445eb 100644 --- a/lib/gnutls_auth_int.h +++ b/lib/gnutls_auth_int.h @@ -1,8 +1,8 @@ void gnutls_credentials_clear(gnutls_session_t session); int gnutls_credentials_set(gnutls_session_t session, gnutls_credentials_type_t type, void *cred); -const void *_gnutls_get_cred(gnutls_key_st key, gnutls_credentials_type_t kx, - int *err); +const void *_gnutls_get_cred(gnutls_key_st key, + gnutls_credentials_type_t kx, int *err); const void *_gnutls_get_kx_cred(gnutls_session_t session, gnutls_kx_algorithm_t algo, int *err); int _gnutls_generate_session_key(gnutls_key_st key); diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index d22722db5c..292aa71c0e 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -77,8 +77,9 @@ inline static int RET(int err) /* Buffers received packets of type APPLICATION DATA and * HANDSHAKE DATA. */ -int _gnutls_record_buffer_put(content_type_t type, gnutls_session_t session, - opaque * data, size_t length) +int _gnutls_record_buffer_put(content_type_t type, + gnutls_session_t session, opaque * data, + size_t length) { if (length == 0) return 0; @@ -149,8 +150,9 @@ size_t gnutls_record_check_pending(gnutls_session_t session) session); } -int _gnutls_record_buffer_get(content_type_t type, gnutls_session_t session, - opaque * data, size_t length) +int _gnutls_record_buffer_get(content_type_t type, + gnutls_session_t session, opaque * data, + size_t length) { if (length == 0 || data == NULL) { gnutls_assert(); @@ -577,8 +579,8 @@ inline * to decrypt and verify the integrity. * */ -ssize_t _gnutls_io_write_buffered(gnutls_session_t session, const void *iptr, - size_t n) +ssize_t _gnutls_io_write_buffered(gnutls_session_t session, + const void *iptr, size_t n) { size_t left; uint j, x, sum = 0; diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index c73a225c02..7d5ad40945 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -18,14 +18,16 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_record_buffer_put(content_type_t type, gnutls_session_t session, - opaque * data, size_t length); +int _gnutls_record_buffer_put(content_type_t type, + gnutls_session_t session, opaque * data, + size_t length); int _gnutls_record_buffer_get_size(content_type_t type, gnutls_session_t session); -int _gnutls_record_buffer_get(content_type_t type, gnutls_session_t session, - opaque * data, size_t length); -ssize_t _gnutls_io_read_buffered(gnutls_session_t, opaque ** iptr, size_t n, - content_type_t); +int _gnutls_record_buffer_get(content_type_t type, + gnutls_session_t session, opaque * data, + size_t length); +ssize_t _gnutls_io_read_buffered(gnutls_session_t, opaque ** iptr, + size_t n, content_type_t); void _gnutls_io_clear_read_buffer(gnutls_session_t); int _gnutls_io_clear_peeked_data(gnutls_session_t session); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index f1c0c5c01f..7770f12cd3 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -134,9 +134,10 @@ void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc) * -*/ gnutls_dh_params_t _gnutls_certificate_get_dh_params(const - gnutls_certificate_credentials_t - sc, - gnutls_session_t session) + gnutls_certificate_credentials_t + sc, + gnutls_session_t + session) { gnutls_params_st params; int ret; @@ -166,7 +167,10 @@ gnutls_dh_params_t _gnutls_certificate_get_dh_params(const * -*/ gnutls_rsa_params_t _gnutls_certificate_get_rsa_params(const - gnutls_certificate_credentials_t sc, gnutls_session_t session) + gnutls_certificate_credentials_t + sc, + gnutls_session_t + session) { gnutls_params_st params; int ret; @@ -201,7 +205,8 @@ gnutls_rsa_params_t _gnutls_certificate_get_rsa_params(const * with this structure (ie RSA and DH parameters are not freed by * this function). **/ -void gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc) +void gnutls_certificate_free_credentials(gnutls_certificate_credentials_t + sc) { gnutls_certificate_free_keys(sc); gnutls_certificate_free_cas(sc); @@ -225,7 +230,9 @@ void gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc) * * Returns 0 on success. **/ -int gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t* res) +int +gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t * + res) { *res = gnutls_calloc(1, sizeof(certificate_credentials_st)); @@ -305,7 +312,8 @@ int _gnutls_selected_cert_supported_kx(gnutls_session_t session, * send a certificate. **/ void gnutls_certificate_server_set_request(gnutls_session_t session, - gnutls_certificate_request_t req) + gnutls_certificate_request_t + req) { session->internals.send_cert_req = req; } @@ -389,7 +397,8 @@ OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key = NULL; * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. * -*/ -int _gnutls_openpgp_cert_verify_peers(gnutls_session_t session, unsigned int* status) +int _gnutls_openpgp_cert_verify_peers(gnutls_session_t session, + unsigned int *status) { cert_auth_info_t info; const gnutls_certificate_credentials_t cred; @@ -434,9 +443,9 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session_t session, unsigned int* st if (ret < 0) { gnutls_assert(); - return ret; + return ret; } - + return 0; } @@ -460,7 +469,8 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session_t session, unsigned int* st * This is the same as gnutls_x509_verify_certificate() and * uses the loaded CAs in the credentials as trusted CAs. **/ -int gnutls_certificate_verify_peers2(gnutls_session_t session, unsigned int *status) +int gnutls_certificate_verify_peers2(gnutls_session_t session, + unsigned int *status) { cert_auth_info_t info; @@ -500,16 +510,16 @@ int gnutls_certificate_verify_peers2(gnutls_session_t session, unsigned int *sta -*/ int gnutls_certificate_verify_peers(gnutls_session_t session) { -unsigned int status; -int ret; + unsigned int status; + int ret; + + ret = gnutls_certificate_verify_peers2(session, &status); - ret = gnutls_certificate_verify_peers2( session, &status); - if (ret < 0) { - gnutls_assert(); - return ret; + gnutls_assert(); + return ret; } - + return status; } @@ -650,7 +660,8 @@ int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, * The critical extensions will be catched by the verification functions. */ int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert, - const gnutls_datum_t * derCert, int flags /* OR of ConvFlags */ ) + const gnutls_datum_t * derCert, + int flags /* OR of ConvFlags */ ) { int ret; gnutls_x509_crt_t cert; diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index 28300ed26b..cace507359 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -27,13 +27,13 @@ typedef struct gnutls_cert { mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm - * RSA: [0] is modulus - * [1] is public exponent - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is public key + * key algorithm + * RSA: [0] is modulus + * [1] is public exponent + * DSA: [0] is p + * [1] is q + * [2] is g + * [3] is public key */ int params_size; /* holds the size of MPI params */ @@ -53,7 +53,7 @@ typedef struct gnutls_cert { typedef struct gnutls_privkey_int { mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm + * key algorithm */ /* * RSA: [0] is modulus diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index f47342ff96..cbc0d2d6b7 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -33,37 +33,36 @@ cipher_hd_t _gnutls_cipher_init(gnutls_cipher_algorithm_t cipher, cipher_hd_t ret = NULL; int err = GC_INVALID_CIPHER; /* doesn't matter */ - switch (cipher) - { - case GNUTLS_CIPHER_AES_128_CBC: + switch (cipher) { + case GNUTLS_CIPHER_AES_128_CBC: err = gc_cipher_open(GC_AES128, GC_CBC, &ret); break; - case GNUTLS_CIPHER_AES_256_CBC: + case GNUTLS_CIPHER_AES_256_CBC: err = gc_cipher_open(GC_AES256, GC_CBC, &ret); break; - case GNUTLS_CIPHER_3DES_CBC: + case GNUTLS_CIPHER_3DES_CBC: err = gc_cipher_open(GC_3DES, GC_CBC, &ret); break; - case GNUTLS_CIPHER_DES_CBC: + case GNUTLS_CIPHER_DES_CBC: err = gc_cipher_open(GC_DES, GC_CBC, &ret); break; - case GNUTLS_CIPHER_ARCFOUR_128: + case GNUTLS_CIPHER_ARCFOUR_128: err = gc_cipher_open(GC_ARCFOUR128, GC_STREAM, &ret); break; - case GNUTLS_CIPHER_ARCFOUR_40: + case GNUTLS_CIPHER_ARCFOUR_40: err = gc_cipher_open(GC_ARCFOUR40, GC_STREAM, &ret); break; - case GNUTLS_CIPHER_RC2_40_CBC: + case GNUTLS_CIPHER_RC2_40_CBC: err = gc_cipher_open(GC_ARCTWO40, GC_CBC, &ret); break; - default: + default: return NULL; } @@ -83,7 +82,7 @@ cipher_hd_t _gnutls_cipher_init(gnutls_cipher_algorithm_t cipher, int _gnutls_cipher_encrypt(cipher_hd_t handle, void *text, int textlen) { if (handle != GNUTLS_CIPHER_FAILED) { - if (gc_cipher_encrypt_inline (handle, textlen, text) != 0) { + if (gc_cipher_encrypt_inline(handle, textlen, text) != 0) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } @@ -95,7 +94,8 @@ int _gnutls_cipher_decrypt(cipher_hd_t handle, void *ciphertext, int ciphertextlen) { if (handle != GNUTLS_CIPHER_FAILED) { - if (gc_cipher_decrypt_inline (handle, ciphertextlen, ciphertext) != 0) { + if (gc_cipher_decrypt_inline(handle, ciphertextlen, ciphertext) != + 0) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index d98bab06a4..e60b2f3fd9 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -26,10 +26,11 @@ #define GNUTLS_CIPHER_FAILED NULL cipher_hd_t _gnutls_cipher_init(gnutls_cipher_algorithm_t cipher, - const gnutls_datum_t * key, const gnutls_datum_t * iv); + const gnutls_datum_t * key, + const gnutls_datum_t * iv); int _gnutls_cipher_encrypt(cipher_hd_t handle, void *text, int textlen); int _gnutls_cipher_decrypt(cipher_hd_t handle, void *ciphertext, - int ciphertextlen); + int ciphertextlen); void _gnutls_cipher_deinit(cipher_hd_t handle); -#endif /* GNUTLS_CIPHER_INT */ +#endif /* GNUTLS_CIPHER_INT */ diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c index 66bf42dd13..3b109ccf59 100644 --- a/lib/gnutls_compress_int.c +++ b/lib/gnutls_compress_int.c @@ -28,8 +28,8 @@ #ifdef USE_LZO # ifdef USE_MINILZO # include "../libextra/minilzo.h" /* get the prototypes only. - * Since LZO is a GPLed library, the gnutls_global_init_extra() has - * to be called, before LZO compression can be used. + * Since LZO is a GPLed library, the gnutls_global_init_extra() has + * to be called, before LZO compression can be used. */ # else # include <lzo1x.h> diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index be5c83f1b3..a5c193fc63 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -907,7 +907,8 @@ int _gnutls_set_kx(gnutls_session_t session, gnutls_kx_algorithm_t algo) } /* Sets the specified mac algorithm into pending session */ -int _gnutls_set_read_mac(gnutls_session_t session, gnutls_mac_algorithm_t algo) +int _gnutls_set_read_mac(gnutls_session_t session, + gnutls_mac_algorithm_t algo) { if (_gnutls_mac_is_ok(algo) == 0) { diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c index 255bf7037d..730d6f2d95 100644 --- a/lib/gnutls_datum.c +++ b/lib/gnutls_datum.c @@ -57,7 +57,8 @@ void _gnutls_write_datum8(opaque * dest, gnutls_datum_t dat) int _gnutls_set_datum_m(gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_alloc_function galloc_func) + size_t data_size, + gnutls_alloc_function galloc_func) { if (data_size == 0 || data == NULL) { dat->data = NULL; @@ -76,7 +77,8 @@ int _gnutls_set_datum_m(gnutls_datum_t * dat, const void *data, } int _gnutls_datum_append_m(gnutls_datum_t * dst, const void *data, - size_t data_size, gnutls_realloc_function grealloc_func) + size_t data_size, + gnutls_realloc_function grealloc_func) { dst->data = grealloc_func(dst->data, data_size + dst->size); @@ -90,7 +92,7 @@ int _gnutls_datum_append_m(gnutls_datum_t * dst, const void *data, } void _gnutls_free_datum_m(gnutls_datum_t * dat, - gnutls_free_function gfree_func) + gnutls_free_function gfree_func) { if (dat->data != NULL && dat->size != 0) gfree_func(dat->data); diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h index c477c96688..a2e4a0a5dc 100644 --- a/lib/gnutls_datum.h +++ b/lib/gnutls_datum.h @@ -4,12 +4,12 @@ void _gnutls_write_datum32(opaque * dest, gnutls_datum_t dat); void _gnutls_write_datum8(opaque * dest, gnutls_datum_t dat); int _gnutls_set_datum_m(gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_alloc_function); + size_t data_size, gnutls_alloc_function); #define _gnutls_set_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_malloc) #define _gnutls_sset_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_secure_malloc) int _gnutls_datum_append_m(gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_realloc_function); + size_t data_size, gnutls_realloc_function); #define _gnutls_datum_append(x,y,z) _gnutls_datum_append_m(x,y,z, gnutls_realloc) void _gnutls_free_datum_m(gnutls_datum_t * dat, gnutls_free_function); diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index a519190cca..9f7efc22d7 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -274,7 +274,8 @@ int _gnutls_db_remove_session(gnutls_session_t session, uint8 * session_id, /* Stores session data to the db backend. */ -int _gnutls_store_session(gnutls_session_t session, gnutls_datum_t session_id, +int _gnutls_store_session(gnutls_session_t session, + gnutls_datum_t session_id, gnutls_datum_t session_data) { int ret = 0; @@ -311,7 +312,7 @@ int _gnutls_store_session(gnutls_session_t session, gnutls_datum_t session_id, /* Retrieves session data from the db backend. */ gnutls_datum_t _gnutls_retrieve_session(gnutls_session_t session, - gnutls_datum_t session_id) + gnutls_datum_t session_id) { gnutls_datum_t ret = { NULL, 0 }; @@ -331,7 +332,8 @@ gnutls_datum_t _gnutls_retrieve_session(gnutls_session_t session, /* Removes session data from the db backend. */ -int _gnutls_remove_session(gnutls_session_t session, gnutls_datum_t session_id) +int _gnutls_remove_session(gnutls_session_t session, + gnutls_datum_t session_id) { int ret = 0; diff --git a/lib/gnutls_db.h b/lib/gnutls_db.h index d18fcf4444..2df5bfc218 100644 --- a/lib/gnutls_db.h +++ b/lib/gnutls_db.h @@ -28,9 +28,10 @@ int gnutls_db_clean(gnutls_session_t session); int _gnutls_db_remove_session(gnutls_session_t session, uint8 * session_id, int session_id_size); void gnutls_db_remove_session(gnutls_session_t session); -int _gnutls_store_session(gnutls_session_t session, gnutls_datum_t session_id, +int _gnutls_store_session(gnutls_session_t session, + gnutls_datum_t session_id, gnutls_datum_t session_data); gnutls_datum_t _gnutls_retrieve_session(gnutls_session_t session, - gnutls_datum_t session_id); + gnutls_datum_t session_id); int _gnutls_remove_session(gnutls_session_t session, gnutls_datum_t session_id); diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index cdd5d512ce..58bc538416 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -246,7 +246,8 @@ int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src) * no use to call this in client side. * **/ -int gnutls_dh_params_generate2(gnutls_dh_params_t params, unsigned int bits) +int gnutls_dh_params_generate2(gnutls_dh_params_t params, + unsigned int bits) { int ret; @@ -535,7 +536,9 @@ int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params, * **/ int gnutls_dh_params_export_raw(gnutls_dh_params_t params, - gnutls_datum_t * prime, gnutls_datum_t * generator, unsigned int *bits) + gnutls_datum_t * prime, + gnutls_datum_t * generator, + unsigned int *bits) { size_t size; diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index 6edc98eba6..dc93192b71 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -228,8 +228,10 @@ static gnutls_error_entry error_algorithms[] = { GNUTLS_E_INVALID_PASSWORD, 1), ERROR_ENTRY("The Message Authentication Code verification failed.", GNUTLS_E_MAC_VERIFY_FAILED, 1), - ERROR_ENTRY("Some constraint limits were reached.", GNUTLS_E_CONSTRAINT_ERROR, 1), - ERROR_ENTRY("Failed to acquire random data.", GNUTLS_E_RANDOM_FAILED, 1), + ERROR_ENTRY("Some constraint limits were reached.", + GNUTLS_E_CONSTRAINT_ERROR, 1), + ERROR_ENTRY("Failed to acquire random data.", GNUTLS_E_RANDOM_FAILED, + 1), {NULL, NULL, 0, 0} }; diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h index c3e1543c8b..bdf3090794 100644 --- a/lib/gnutls_errors_int.h +++ b/lib/gnutls_errors_int.h @@ -118,7 +118,7 @@ #define GNUTLS_E_CONSTRAINT_ERROR -101 #define GNUTLS_E_BASE64_ENCODING_ERROR -201 -#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ +#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index ee1cf1e86c..6bdceb2549 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -181,7 +181,8 @@ int _gnutls_parse_extensions(gnutls_session_t session, const opaque * data, * This list is used to check whether the (later) received * extensions are the ones we requested. */ -static void _gnutls_extension_list_add(gnutls_session_t session, uint16 type) +static void _gnutls_extension_list_add(gnutls_session_t session, + uint16 type) { if (session->security_parameters.entity == GNUTLS_CLIENT) { diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 9a68993e1e..4c8a2d50a9 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -109,8 +109,10 @@ int _gnutls_is_secure_mem_null(const void *); * **/ void gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func, - gnutls_alloc_function secure_alloc_func, - gnutls_is_secure_function is_secure_func, + gnutls_alloc_function + secure_alloc_func, + gnutls_is_secure_function + is_secure_func, gnutls_realloc_function realloc_func, gnutls_free_function free_func) { @@ -170,12 +172,11 @@ int gnutls_global_init(void) goto out; _gnutls_init++; - if (gc_init () != GC_OK) - { + if (gc_init() != GC_OK) { gnutls_assert(); _gnutls_debug_log("Initializing crypto backend failed\n"); return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY; - } + } /* for gcrypt in order to be able to allocate memory */ diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 25aa741230..5a23130f2f 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -564,7 +564,7 @@ int _gnutls_server_select_suite(gnutls_session_t session, opaque * data, cipher_suite_st *ciphers, cs; int retval, err; gnutls_pk_algorithm_t pk_algo; /* will hold the pk algorithms - * supported by the peer. + * supported by the peer. */ pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites(data, datalen); @@ -841,7 +841,8 @@ int _gnutls_send_handshake(gnutls_session_t session, void *i_data, */ #define SSL2_HEADERS 1 static int _gnutls_recv_handshake_header(gnutls_session_t session, - handshake_t type, handshake_t * recv_type) + handshake_t type, + handshake_t * recv_type) { int ret; uint32 length32 = 0; @@ -965,8 +966,9 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session, */ static int _gnutls_handshake_hash_add_recvd(gnutls_session_t session, - handshake_t recv_type, opaque * header, uint16 header_size, - opaque * dataptr, uint32 datalen) + handshake_t recv_type, + opaque * header, uint16 header_size, + opaque * dataptr, uint32 datalen) { int ret; @@ -1253,24 +1255,27 @@ static int _gnutls_client_check_if_resuming(gnutls_session_t session, { opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; - _gnutls_handshake_log("HSK[%x]: SessionID length: %d\n", session, session_id_len); + _gnutls_handshake_log("HSK[%x]: SessionID length: %d\n", session, + session_id_len); _gnutls_handshake_log("HSK[%x]: SessionID: %s\n", session, - _gnutls_bin2hex(session_id, session_id_len, buf, sizeof(buf))); + _gnutls_bin2hex(session_id, session_id_len, buf, + sizeof(buf))); if (session_id_len > 0 && - session->internals.resumed_security_parameters.session_id_size == session_id_len && - memcmp(session_id, session->internals.resumed_security_parameters.session_id, - session_id_len) == 0) - { + session->internals.resumed_security_parameters.session_id_size == + session_id_len + && memcmp(session_id, + session->internals.resumed_security_parameters. + session_id, session_id_len) == 0) { /* resume session */ memcpy(session->internals. - resumed_security_parameters.server_random, - session->security_parameters.server_random, - TLS_RANDOM_SIZE); + resumed_security_parameters.server_random, + session->security_parameters.server_random, + TLS_RANDOM_SIZE); memcpy(session->internals. - resumed_security_parameters.client_random, - session->security_parameters.client_random, - TLS_RANDOM_SIZE); + resumed_security_parameters.client_random, + session->security_parameters.client_random, + TLS_RANDOM_SIZE); session->internals.resumed = RESUME_TRUE; /* we are resuming */ return 0; @@ -1290,8 +1295,8 @@ static int _gnutls_client_check_if_resuming(gnutls_session_t session, * This function also restores resumed parameters if we are resuming a * session. */ -static int _gnutls_read_server_hello(gnutls_session_t session, opaque * data, - int datalen) +static int _gnutls_read_server_hello(gnutls_session_t session, + opaque * data, int datalen) { uint8 session_id_len = 0; int pos = 0; @@ -1782,7 +1787,8 @@ int _gnutls_send_hello(gnutls_session_t session, int again) * hello message is expected. It uses the security_parameters.current_cipher_suite * and internals.compression_method. */ -int _gnutls_recv_hello(gnutls_session_t session, opaque * data, int datalen) +int _gnutls_recv_hello(gnutls_session_t session, opaque * data, + int datalen) { int ret; @@ -1870,7 +1876,8 @@ int gnutls_rehandshake(gnutls_session_t session) return 0; } -inline static int _gnutls_abort_handshake(gnutls_session_t session, int ret) +inline static int _gnutls_abort_handshake(gnutls_session_t session, + int ret) { if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) && (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION)) @@ -2390,7 +2397,7 @@ inline static int check_server_params(gnutls_session_t session, int j, remove; cred_type = _gnutls_map_kx_get_cred(kx, 1); - + /* Read the Diffie Hellman parameters, if any. */ if (cred_type == GNUTLS_CRD_CERTIFICATE) { @@ -2600,7 +2607,8 @@ gnutls_protocol_t _gnutls_get_adv_version(gnutls_session_t session) * * Check gnutls.h for the available handshake descriptions. **/ -gnutls_handshake_description_t gnutls_handshake_get_last_in(gnutls_session_t session) +gnutls_handshake_description_t +gnutls_handshake_get_last_in(gnutls_session_t session) { return session->internals.last_handshake_in; } @@ -2616,7 +2624,8 @@ gnutls_handshake_description_t gnutls_handshake_get_last_in(gnutls_session_t ses * Check gnutls.h for the available handshake descriptions. * **/ -gnutls_handshake_description_t gnutls_handshake_get_last_out(gnutls_session_t session) +gnutls_handshake_description_t +gnutls_handshake_get_last_out(gnutls_session_t session) { return session->internals.last_handshake_out; } diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index a93d5a71dc..b515348d7d 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -26,7 +26,8 @@ int gnutls_send_hello_request(gnutls_session_t session); int _gnutls_recv_hello_request(gnutls_session_t session, void *data, uint32 data_size); int _gnutls_send_hello(gnutls_session_t session, int again); -int _gnutls_recv_hello(gnutls_session_t session, opaque * data, int datalen); +int _gnutls_recv_hello(gnutls_session_t session, opaque * data, + int datalen); int gnutls_handshake(gnutls_session_t session); int _gnutls_recv_handshake(gnutls_session_t session, uint8 **, int *, handshake_t, Optional optional); diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 1b60da427c..84bae6f3e9 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -44,17 +44,17 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm_t algorithm) switch (algorithm) { case GNUTLS_MAC_SHA: - result = gc_hash_open(GC_SHA1, 0, &ret->handle); - break; + result = gc_hash_open(GC_SHA1, 0, &ret->handle); + break; case GNUTLS_MAC_MD5: - result = gc_hash_open(GC_MD5, 0, &ret->handle); - break; + result = gc_hash_open(GC_MD5, 0, &ret->handle); + break; case GNUTLS_MAC_RMD160: - result = gc_hash_open(GC_RMD160, 0, &ret->handle); - break; + result = gc_hash_open(GC_RMD160, 0, &ret->handle); + break; default: - gnutls_assert(); - result = -1; + gnutls_assert(); + result = -1; } if (result) { @@ -92,9 +92,9 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm_t algorithm) int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen) { - if (textlen > 0) - gc_hash_write(handle->handle, textlen, text); - return 0; + if (textlen > 0) + gc_hash_write(handle->handle, textlen, text); + return 0; } GNUTLS_HASH_HANDLE _gnutls_hash_copy(GNUTLS_HASH_HANDLE handle) @@ -150,16 +150,13 @@ mac_hd_t _gnutls_hmac_init(gnutls_mac_algorithm_t algorithm, switch (algorithm) { case GNUTLS_MAC_SHA: - result = - gc_hash_open(GC_SHA1, GC_HMAC, &ret->handle); + result = gc_hash_open(GC_SHA1, GC_HMAC, &ret->handle); break; case GNUTLS_MAC_MD5: - result = - gc_hash_open(GC_MD5, GC_HMAC, &ret->handle); + result = gc_hash_open(GC_MD5, GC_HMAC, &ret->handle); break; case GNUTLS_MAC_RMD160: - result = - gc_hash_open(GC_RMD160, GC_HMAC, &ret->handle); + result = gc_hash_open(GC_RMD160, GC_HMAC, &ret->handle); break; default: result = -1; diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index 299b6bb798..f26f8e6885 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -38,8 +38,8 @@ typedef mac_hd_t GNUTLS_HASH_HANDLE; #define GNUTLS_HASH_FAILED NULL #define GNUTLS_MAC_FAILED NULL -mac_hd_t _gnutls_hmac_init(gnutls_mac_algorithm_t algorithm, const void *key, - int keylen); +mac_hd_t _gnutls_hmac_init(gnutls_mac_algorithm_t algorithm, + const void *key, int keylen); #define _gnutls_hmac_get_algo_len _gnutls_hash_get_algo_len #define _gnutls_hmac _gnutls_hash void _gnutls_hmac_deinit(mac_hd_t handle, void *digest); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index f0252eaec4..458c7903f8 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -116,7 +116,8 @@ typedef struct { #include <gnutls_mpi.h> -typedef enum change_cipher_spec_t { GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 } change_cipher_spec_t; +typedef enum change_cipher_spec_t { GNUTLS_TYPE_CHANGE_CIPHER_SPEC = + 1 } change_cipher_spec_t; typedef enum gnutls_certificate_status { GNUTLS_CERT_INVALID = 2, /* will be set if the certificate @@ -134,24 +135,24 @@ typedef enum gnutls_certificate_status { } gnutls_certificate_status_t; typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, - GNUTLS_CERT_REQUEST = 1, GNUTLS_CERT_REQUIRE + GNUTLS_CERT_REQUEST = 1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request_t; typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY, GNUTLS_OPENPGP_KEY_FINGERPRINT } gnutls_openpgp_key_status_t; -typedef enum gnutls_close_request_t { - GNUTLS_SHUT_RDWR = 0, GNUTLS_SHUT_WR = 1 +typedef enum gnutls_close_request_t { + GNUTLS_SHUT_RDWR = 0, GNUTLS_SHUT_WR = 1 } gnutls_close_request_t; -typedef enum handshake_state_t { STATE0 = 0, STATE1, STATE2, +typedef enum handshake_state_t { STATE0 = 0, STATE1, STATE2, STATE3, STATE4, STATE5, STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62 } handshake_state_t; -typedef enum handshake_t { GNUTLS_HELLO_REQUEST, +typedef enum handshake_t { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO, GNUTLS_CERTIFICATE_PKT = 11, GNUTLS_SERVER_KEY_EXCHANGE, GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE, @@ -173,7 +174,7 @@ typedef handshake_t gnutls_handshake_description_t; typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL = 1, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40, GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_DES_CBC } gnutls_cipher_algorithm_t; @@ -188,18 +189,18 @@ typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT = 1, } gnutls_params_type_t; typedef enum gnutls_mac_algorithm { GNUTLS_MAC_UNKNOWN = 0, - GNUTLS_MAC_NULL = 1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, + GNUTLS_MAC_NULL = 1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_RMD160 } gnutls_mac_algorithm_t; typedef gnutls_mac_algorithm_t gnutls_digest_algorithm_t; -typedef enum gnutls_compression_method { +typedef enum gnutls_compression_method { GNUTLS_COMP_NULL = 1, GNUTLS_COMP_DEFLATE, GNUTLS_COMP_LZO } gnutls_compression_method_t; -typedef enum gnutls_connection_end { - GNUTLS_SERVER = 1, GNUTLS_CLIENT +typedef enum gnutls_connection_end { + GNUTLS_SERVER = 1, GNUTLS_CLIENT } gnutls_connection_end_t; typedef enum extensions_t { GNUTLS_EXTENSION_SERVER_NAME = 0, @@ -207,32 +208,33 @@ typedef enum extensions_t { GNUTLS_EXTENSION_SERVER_NAME = 0, GNUTLS_EXTENSION_CERT_TYPE = 7 } extensions_t; -typedef enum gnutls_credentials_type { - GNUTLS_CRD_CERTIFICATE = 1, GNUTLS_CRD_ANON, - GNUTLS_CRD_SRP +typedef enum gnutls_credentials_type { + GNUTLS_CRD_CERTIFICATE = 1, GNUTLS_CRD_ANON, + GNUTLS_CRD_SRP } gnutls_credentials_type_t; -typedef enum gnutls_certificate_type { +typedef enum gnutls_certificate_type { GNUTLS_CRT_X509 = 1, GNUTLS_CRT_OPENPGP } gnutls_certificate_type_t; typedef enum { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t; typedef enum valid_session_t { VALID_TRUE, VALID_FALSE } valid_session_t; -typedef enum resumable_session_t { RESUME_TRUE, RESUME_FALSE } resumable_session_t; +typedef enum resumable_session_t { RESUME_TRUE, + RESUME_FALSE } resumable_session_t; /* Record Protocol */ -typedef enum content_type_t { +typedef enum content_type_t { GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA } content_type_t; -typedef enum gnutls_x509_crt_fmt { +typedef enum gnutls_x509_crt_fmt { GNUTLS_X509_FMT_DER, GNUTLS_X509_FMT_PEM } gnutls_x509_crt_fmt_t; -typedef enum gnutls_pk_algorithm { +typedef enum gnutls_pk_algorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, GNUTLS_PK_UNKNOWN = 0xff } gnutls_pk_algorithm_t; @@ -240,7 +242,7 @@ typedef enum gnutls_pk_algorithm { #define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1 #define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)0 -typedef enum gnutls_sign_algorithm { +typedef enum gnutls_sign_algorithm { GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA, GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2, GNUTLS_SIGN_UNKNOWN = 0xff @@ -252,9 +254,10 @@ typedef void (*LOG_FUNC) (int, const char *); /* Pull & Push functions defines: */ -typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *, size_t); +typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *, + size_t); typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr_t, const void *, - size_t); + size_t); /* Store & Retrieve functions defines: @@ -335,7 +338,7 @@ typedef struct { * (eg. SSL3 is before TLS1) */ #define GNUTLS_TLS1 GNUTLS_TLS1_0 -typedef enum gnutls_protocol_version { +typedef enum gnutls_protocol_version { GNUTLS_SSL3 = 1, GNUTLS_TLS1_0, GNUTLS_TLS1_1, GNUTLS_VERSION_UNKNOWN = 0xff } gnutls_protocol_t; @@ -388,13 +391,13 @@ typedef struct { * there is a time in handshake where the peer has * null cipher and we don't */ - gnutls_cipher_algorithm_t read_bulk_cipher_algorithm; - gnutls_mac_algorithm_t read_mac_algorithm; - gnutls_compression_method_t read_compression_algorithm; + gnutls_cipher_algorithm_t read_bulk_cipher_algorithm; + gnutls_mac_algorithm_t read_mac_algorithm; + gnutls_compression_method_t read_compression_algorithm; - gnutls_cipher_algorithm_t write_bulk_cipher_algorithm; - gnutls_mac_algorithm_t write_mac_algorithm; - gnutls_compression_method_t write_compression_algorithm; + gnutls_cipher_algorithm_t write_bulk_cipher_algorithm; + gnutls_mac_algorithm_t write_mac_algorithm; + gnutls_compression_method_t write_compression_algorithm; /* this is the ciphersuite we are going to use * moved here from internals in order to be restored @@ -416,7 +419,7 @@ typedef struct { uint16 max_record_recv_size; /* holds the negotiated certificate type */ gnutls_certificate_type_t cert_type; - gnutls_protocol_t version; /* moved here */ + gnutls_protocol_t version; /* moved here */ } security_parameters_st; /* This structure holds the generated keys @@ -509,10 +512,10 @@ typedef struct { gnutls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ handshake_state_t handshake_state; /* holds - * a number which indicates where - * the handshake procedure has been - * interrupted. If it is 0 then - * no interruption has happened. + * a number which indicates where + * the handshake procedure has been + * interrupted. If it is 0 then + * no interruption has happened. */ valid_session_t valid_connection; /* true or FALSE - if this session is valid */ @@ -562,15 +565,15 @@ typedef struct { */ gnutls_buffer record_recv_buffer; gnutls_buffer record_send_buffer; /* holds cached data - * for the gnutls_io_write_buffered() - * function. + * for the gnutls_io_write_buffered() + * function. */ size_t record_send_buffer_prev_size; /* holds the - * data written in the previous runs. + * data written in the previous runs. */ size_t record_send_buffer_user_size; /* holds the - * size of the user specified data to - * send. + * size of the user specified data to + * send. */ /* 0 if no peeked data was kept, 1 otherwise. @@ -744,10 +747,10 @@ void _gnutls_set_adv_version(gnutls_session_t, gnutls_protocol_t); gnutls_protocol_t _gnutls_get_adv_version(gnutls_session_t); int gnutls_fingerprint(gnutls_digest_algorithm_t algo, - const gnutls_datum_t * data, void *result, - size_t * result_size); + const gnutls_datum_t * data, void *result, + size_t * result_size); typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t, - gnutls_params_st *); + gnutls_params_st *); #endif /* GNUTLS_INT_H */ diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 69330cf58d..67ace83e9f 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -603,7 +603,8 @@ int _gnutls_recv_server_certificate(gnutls_session_t session) /* Recv the client certificate verify. This packet may not * arrive if the peer did not send us a certificate. */ -int _gnutls_recv_client_certificate_verify_message(gnutls_session_t session) +int _gnutls_recv_client_certificate_verify_message(gnutls_session_t + session) { uint8 *data; int datasize; diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h index f6a6e4eb6a..44cda172fe 100644 --- a/lib/gnutls_kx.h +++ b/lib/gnutls_kx.h @@ -32,4 +32,5 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again); int _gnutls_recv_server_certificate_request(gnutls_session_t session); int _gnutls_send_server_certificate_request(gnutls_session_t session, int again); -int _gnutls_recv_client_certificate_verify_message(gnutls_session_t session); +int _gnutls_recv_client_certificate_verify_message(gnutls_session_t + session); diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h index 1ceb153176..e4db724737 100644 --- a/lib/gnutls_mem.h +++ b/lib/gnutls_mem.h @@ -32,7 +32,7 @@ typedef void svoid; /* for functions that allocate using gnutls_secure_malloc * #endif /* HAVE_ALLOCA */ typedef void *(*gnutls_alloc_function) (size_t); -typedef int (*gnutls_is_secure_function)(const void*); +typedef int (*gnutls_is_secure_function) (const void *); typedef void (*gnutls_free_function) (void *); typedef void *(*gnutls_realloc_function) (void *, size_t); diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index e8953b4f2b..c7bf32a07e 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -101,14 +101,15 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum_t * ciphertext, return ret; } for (i = 0; i < psize; i++) - while (ps[i] == 0) { - if ((ret = - _gnutls_get_random(&ps[i], 1, GNUTLS_STRONG_RANDOM)) < 0) { - gnutls_assert(); - gnutls_afree(edata); - return ret; + while (ps[i] == 0) { + if ((ret = + _gnutls_get_random(&ps[i], 1, + GNUTLS_STRONG_RANDOM)) < 0) { + gnutls_assert(); + gnutls_afree(edata); + return ret; + } } - } break; case 1: /* using private key */ @@ -381,8 +382,9 @@ static int encode_ber_rs(gnutls_datum_t * sig_value, mpi_t r, mpi_t s) /* Do DSA signature calculation. params is p, q, g, y, x in that order. */ -int _gnutls_dsa_sign(gnutls_datum_t * signature, const gnutls_datum_t * hash, - mpi_t * params, uint params_len) +int _gnutls_dsa_sign(gnutls_datum_t * signature, + const gnutls_datum_t * hash, mpi_t * params, + uint params_len) { mpi_t rs[2], mdata; int ret; @@ -589,8 +591,9 @@ int _gnutls_pk_decrypt(int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, case GCRY_PK_RSA: if (pkey_len >= 6) rc = gcry_sexp_build(&s_pkey, NULL, - "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", - pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]); + "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", + pkey[0], pkey[1], pkey[2], pkey[3], + pkey[4], pkey[5]); break; default: diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h index 54fac1f8c2..7687cf30d9 100644 --- a/lib/gnutls_pk.h +++ b/lib/gnutls_pk.h @@ -14,6 +14,7 @@ int _gnutls_rsa_verify(const gnutls_datum_t * vdata, const gnutls_datum_t * ciphertext, mpi_t * params, int params_len, int btype); int _gnutls_dsa_verify(const gnutls_datum_t * vdata, - const gnutls_datum_t * sig_value, mpi_t * params, int params_len); + const gnutls_datum_t * sig_value, mpi_t * params, + int params_len); #endif /* GNUTLS_PK_H */ diff --git a/lib/gnutls_random.c b/lib/gnutls_random.c index e53a593fd1..fc89278e20 100644 --- a/lib/gnutls_random.c +++ b/lib/gnutls_random.c @@ -33,25 +33,24 @@ */ int _gnutls_get_random(opaque * res, int bytes, int level) { - int err; + int err; - switch (level) - { + switch (level) { case GNUTLS_WEAK_RANDOM: - err = gc_nonce ((char*) res, (size_t) bytes); - break; + err = gc_nonce((char *) res, (size_t) bytes); + break; case GNUTLS_STRONG_RANDOM: - err = gc_pseudo_random ((char*) res, (size_t) bytes); - break; + err = gc_pseudo_random((char *) res, (size_t) bytes); + break; - default: /* GNUTLS_VERY_STRONG_RANDOM */ - err = gc_random ((char*) res, (size_t) bytes); - break; + default: /* GNUTLS_VERY_STRONG_RANDOM */ + err = gc_random((char *) res, (size_t) bytes); + break; } - if (err != GC_OK) - return GNUTLS_E_RANDOM_FAILED; + if (err != GC_OK) + return GNUTLS_E_RANDOM_FAILED; - return GNUTLS_E_SUCCESS; + return GNUTLS_E_SUCCESS; } diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index d513afb02f..91bbca79dd 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -420,7 +420,8 @@ ssize_t _gnutls_send_int(gnutls_session_t session, content_type_t type, /* This function is to be called if the handshake was successfully * completed. This sends a Change Cipher Spec packet to the peer. */ -ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, int again) +ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, + int again) { static const opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC }; @@ -543,21 +544,22 @@ inline handshake_t htype, opaque version[2]) { if (htype == GNUTLS_CLIENT_HELLO) { - /* Reject hello packets with major version higher than 3. - */ - if (version[0] > 3) { - gnutls_assert(); - _gnutls_record_log("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", - session, htype, version[0], version[1]); - return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; - } + /* Reject hello packets with major version higher than 3. + */ + if (version[0] > 3) { + gnutls_assert(); + _gnutls_record_log + ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", session, + htype, version[0], version[1]); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; + } } else if (htype != GNUTLS_SERVER_HELLO && - gnutls_protocol_get_version(session) != _gnutls_version_get(version[0], version[1])) - { - /* Reject record packets that have a different version than the - * one negotiated. Note that this version is not protected by any - * mac. I don't really think that this check serves any purpose. - */ + gnutls_protocol_get_version(session) != + _gnutls_version_get(version[0], version[1])) { + /* Reject record packets that have a different version than the + * one negotiated. Note that this version is not protected by any + * mac. I don't really think that this check serves any purpose. + */ gnutls_assert(); _gnutls_record_log("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", session, htype, version[0], version[1]); @@ -643,8 +645,8 @@ static int record_check_type(gnutls_session_t session, * if expecting client hello (for rehandshake * reasons). Otherwise it is an unexpected packet */ - if (htype == GNUTLS_CLIENT_HELLO && (type == GNUTLS_HANDSHAKE || - type == GNUTLS_ALERT)) + if (htype == GNUTLS_CLIENT_HELLO + && (type == GNUTLS_HANDSHAKE || type == GNUTLS_ALERT)) return GNUTLS_E_GOT_APPLICATION_DATA; else return GNUTLS_E_UNEXPECTED_PACKET; diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 5e38a2de5d..567b610c10 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -3,5 +3,6 @@ ssize_t _gnutls_send_int(gnutls_session_t session, content_type_t type, size_t sizeofdata); ssize_t _gnutls_recv_int(gnutls_session_t session, content_type_t type, handshake_t, opaque * data, size_t sizeofdata); -ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, int again); +ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, + int again); void gnutls_transport_set_lowat(gnutls_session_t session, int num); diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c index 3777f752d7..ab1274c26f 100644 --- a/lib/gnutls_rsa_export.c +++ b/lib/gnutls_rsa_export.c @@ -318,9 +318,10 @@ int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params, * **/ int gnutls_rsa_params_export_raw(gnutls_rsa_params_t params, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, unsigned int *bits) + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u, + unsigned int *bits) { int ret; diff --git a/lib/gnutls_session.h b/lib/gnutls_session.h index 1ff8e2b210..b6abde2d14 100644 --- a/lib/gnutls_session.h +++ b/lib/gnutls_session.h @@ -21,5 +21,5 @@ int gnutls_session_set_data(gnutls_session_t session, const opaque * session_data, int session_data_size); -int gnutls_session_get_data(gnutls_session_t session, opaque * session_data, - int *session_data_size); +int gnutls_session_get_data(gnutls_session_t session, + opaque * session_data, int *session_data_size); diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 3f37c6a0c2..2fcf2b8c5d 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -36,9 +36,11 @@ #define PACK_HEADER_SIZE 1 static int _gnutls_pack_certificate_auth_info(cert_auth_info_t info, - gnutls_datum_t * packed_session); + gnutls_datum_t * + packed_session); static int _gnutls_unpack_certificate_auth_info(cert_auth_info_t info, - const gnutls_datum_t * packed_session); + const gnutls_datum_t * + packed_session); static int _gnutls_pack_certificate_auth_info_size(cert_auth_info_t info); @@ -219,9 +221,9 @@ int _gnutls_session_unpack(gnutls_session_t session, } break; #endif - case GNUTLS_CRD_ANON: { - anon_auth_info_t info; - + case GNUTLS_CRD_ANON:{ + anon_auth_info_t info; + pack_size = _gnutls_read_uint32(&packed_session-> data[PACK_HEADER_SIZE]); @@ -243,13 +245,13 @@ int _gnutls_session_unpack(gnutls_session_t session, session->key->auth_info_size = pack_size; memcpy(session->key->auth_info, - &packed_session->data[PACK_HEADER_SIZE + - sizeof(uint32)], pack_size); - + &packed_session->data[PACK_HEADER_SIZE + + sizeof(uint32)], pack_size); + /* Delete the DH parameters. (this might need to be moved to a function) */ info = session->key->auth_info; - memset( &info->dh, 0, sizeof(dh_info_st)); + memset(&info->dh, 0, sizeof(dh_info_st)); } break; case GNUTLS_CRD_CERTIFICATE:{ @@ -327,7 +329,7 @@ int _gnutls_session_unpack(gnutls_session_t session, } int _gnutls_pack_certificate_auth_info(cert_auth_info_t info, - gnutls_datum_t * packed_session) + gnutls_datum_t * packed_session) { unsigned int pos, i; int info_size; @@ -384,7 +386,8 @@ static int _gnutls_pack_certificate_auth_info_size(cert_auth_info_t info) int _gnutls_unpack_certificate_auth_info(cert_auth_info_t info, - const gnutls_datum_t *packed_session) + const gnutls_datum_t * + packed_session) { unsigned int i, j, pos; int ret; @@ -393,11 +396,11 @@ int _gnutls_unpack_certificate_auth_info(cert_auth_info_t info, memcpy(info, &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)], sizeof(cert_auth_info_st)); - + /* Delete the dh_info_st and rsa_info_st fields. */ - memset( &info->dh, 0, sizeof(dh_info_st)); - memset( &info->rsa_export, 0, sizeof(rsa_info_st)); + memset(&info->dh, 0, sizeof(dh_info_st)); + memset(&info->rsa_export, 0, sizeof(rsa_info_st)); pos = PACK_HEADER_SIZE + sizeof(uint32) + sizeof(cert_auth_info_st); if (info->ncerts > 0) { diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 825b306509..b24a83296c 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -182,8 +182,9 @@ int _gnutls_tls_sign_params(gnutls_session_t session, gnutls_cert * cert, /* This will create a PKCS1 or DSA signature, using the given parameters, and the * given data. The output will be allocated and be put in signature. */ -int _gnutls_sign(gnutls_pk_algorithm_t algo, mpi_t * params, int params_size, - const gnutls_datum_t * data, gnutls_datum_t * signature) +int _gnutls_sign(gnutls_pk_algorithm_t algo, mpi_t * params, + int params_size, const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; @@ -249,7 +250,7 @@ int _gnutls_pkcs1_rsa_verify_sig(gnutls_cert * cert, gnutls_datum_t vdata; if (cert->version == 0 || cert == NULL) { /* this is the only way to check - * if it is initialized + * if it is initialized */ gnutls_assert(); return GNUTLS_E_CERTIFICATE_ERROR; diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index c7b79a14ea..339f9d31d4 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -2,17 +2,23 @@ # define GNUTLS_SIG_H # include <auth_cert.h> -gnutls_certificate_status_t gnutls_x509_verify_signature(gnutls_cert * cert, - gnutls_cert * issuer); +gnutls_certificate_status_t gnutls_x509_verify_signature(gnutls_cert * + cert, + gnutls_cert * + issuer); int _gnutls_tls_sign_hdata(gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * signature); + gnutls_privkey * pkey, + gnutls_datum_t * signature); int _gnutls_tls_sign_params(gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * params, gnutls_datum_t * signature); + gnutls_privkey * pkey, gnutls_datum_t * params, + gnutls_datum_t * signature); int _gnutls_verify_sig_hdata(gnutls_session_t session, gnutls_cert * cert, - gnutls_datum_t * signature); + gnutls_datum_t * signature); int _gnutls_verify_sig_params(gnutls_session_t session, gnutls_cert * cert, - const gnutls_datum_t * params, gnutls_datum_t * signature); -int _gnutls_sign(gnutls_pk_algorithm_t algo, mpi_t * params, int params_size, - const gnutls_datum_t * data, gnutls_datum_t * signature); + const gnutls_datum_t * params, + gnutls_datum_t * signature); +int _gnutls_sign(gnutls_pk_algorithm_t algo, mpi_t * params, + int params_size, const gnutls_datum_t * data, + gnutls_datum_t * signature); #endif diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index ab679f1c95..df6bc9253c 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -38,8 +38,7 @@ */ int _gnutls_srp_gx(opaque * text, size_t textsize, opaque ** result, - mpi_t g, mpi_t prime, - gnutls_alloc_function galloc_func) + mpi_t g, mpi_t prime, gnutls_alloc_function galloc_func) { mpi_t x, e; size_t result_size; @@ -163,14 +162,14 @@ mpi_t _gnutls_calc_srp_u(mpi_t A, mpi_t B, mpi_t n) mpi_t res; /* get the size of n in bytes */ - _gnutls_mpi_print( NULL, &n_size, n); + _gnutls_mpi_print(NULL, &n_size, n); _gnutls_mpi_print(NULL, &a_size, A); _gnutls_mpi_print(NULL, &b_size, B); if (a_size > n_size || b_size > n_size) { - gnutls_assert(); - return NULL; /* internal error */ + gnutls_assert(); + return NULL; /* internal error */ } holder_size = n_size + n_size; @@ -208,8 +207,7 @@ mpi_t _gnutls_calc_srp_u(mpi_t A, mpi_t B, mpi_t n) /* S = (A * v^u) ^ b % N * this is our shared key (server premaster secret) */ -mpi_t _gnutls_calc_srp_S1(mpi_t A, mpi_t b, mpi_t u, - mpi_t v, mpi_t n) +mpi_t _gnutls_calc_srp_S1(mpi_t A, mpi_t b, mpi_t u, mpi_t v, mpi_t n) { mpi_t tmp1 = NULL, tmp2 = NULL; mpi_t S = NULL; @@ -321,7 +319,7 @@ int _gnutls_calc_srp_x(char *username, char *password, opaque * salt, * this is our shared key (client premaster secret) */ mpi_t _gnutls_calc_srp_S2(mpi_t B, mpi_t g, mpi_t x, - mpi_t a, mpi_t u, mpi_t n) + mpi_t a, mpi_t u, mpi_t n) { mpi_t S = NULL, tmp1 = NULL, tmp2 = NULL; mpi_t tmp4 = NULL, tmp3 = NULL, k = NULL; @@ -397,8 +395,8 @@ void gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc) * * Returns 0 on success. **/ -int gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t * - sc) +int gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t + * sc) { *sc = gnutls_calloc(1, sizeof(srp_client_credentials_st)); @@ -467,8 +465,8 @@ void gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc) * * Returns 0 on success. **/ -int gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t * - sc) +int gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t + * sc) { *sc = gnutls_calloc(1, sizeof(srp_server_cred_st)); @@ -572,7 +570,9 @@ int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t **/ void gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t - cred, gnutls_srp_server_credentials_function * func) + cred, + gnutls_srp_server_credentials_function + * func) { cred->pwd_callback = func; } diff --git a/lib/gnutls_srp.h b/lib/gnutls_srp.h index afe8c145d1..635f6e1ff9 100644 --- a/lib/gnutls_srp.h +++ b/lib/gnutls_srp.h @@ -1,13 +1,16 @@ #ifdef ENABLE_SRP -int _gnutls_srp_gx(opaque *text, size_t textsize, opaque** result, mpi_t g, mpi_t prime, gnutls_alloc_function); +int _gnutls_srp_gx(opaque * text, size_t textsize, opaque ** result, + mpi_t g, mpi_t prime, gnutls_alloc_function); mpi_t _gnutls_calc_srp_B(mpi_t * ret_b, mpi_t g, mpi_t n, mpi_t v); -mpi_t _gnutls_calc_srp_u( mpi_t A, mpi_t B, mpi_t N); +mpi_t _gnutls_calc_srp_u(mpi_t A, mpi_t B, mpi_t N); mpi_t _gnutls_calc_srp_S1(mpi_t A, mpi_t b, mpi_t u, mpi_t v, mpi_t n); -mpi_t _gnutls_calc_srp_A(mpi_t *a, mpi_t g, mpi_t n); -mpi_t _gnutls_calc_srp_S2(mpi_t B, mpi_t g, mpi_t x, mpi_t a, mpi_t u, mpi_t n); -int _gnutls_calc_srp_x( char* username, char* password, opaque* salt, size_t salt_size, size_t* size, void* digest); -int _gnutls_srp_gn( opaque** ret_g, opaque** ret_n, int bits); +mpi_t _gnutls_calc_srp_A(mpi_t * a, mpi_t g, mpi_t n); +mpi_t _gnutls_calc_srp_S2(mpi_t B, mpi_t g, mpi_t x, mpi_t a, mpi_t u, + mpi_t n); +int _gnutls_calc_srp_x(char *username, char *password, opaque * salt, + size_t salt_size, size_t * size, void *digest); +int _gnutls_srp_gn(opaque ** ret_g, opaque ** ret_n, int bits); /* g is defined to be 2 */ #define SRP_MAX_HASH_SIZE 24 diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 7407f6cf36..0157f928e0 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -72,7 +72,8 @@ gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session) * is by default X.509, unless it is negotiated as a TLS extension. * **/ -gnutls_certificate_type_t gnutls_certificate_type_get(gnutls_session_t session) +gnutls_certificate_type_t gnutls_certificate_type_get(gnutls_session_t + session) { return session->security_parameters.cert_type; } @@ -105,7 +106,8 @@ gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session) * * Returns the currently used compression method. **/ -gnutls_compression_method_t gnutls_compression_get(gnutls_session_t session) +gnutls_compression_method_t gnutls_compression_get(gnutls_session_t + session) { return session->security_parameters.read_compression_algorithm; } @@ -115,7 +117,8 @@ gnutls_compression_method_t gnutls_compression_get(gnutls_session_t session) * and a matching certificate exists. */ int _gnutls_session_cert_type_supported(gnutls_session_t session, - gnutls_certificate_type_t cert_type) + gnutls_certificate_type_t + cert_type) { uint i; uint cert_found = 0; @@ -219,7 +222,8 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session) * This function allocates structures which can only be free'd * by calling gnutls_deinit(). Returns zero on success. **/ -int gnutls_init(gnutls_session_t * session, gnutls_connection_end_t con_end) +int gnutls_init(gnutls_session_t * session, + gnutls_connection_end_t con_end) { *session = gnutls_calloc(1, sizeof(struct gnutls_session_int)); if (*session == NULL) @@ -287,8 +291,10 @@ int gnutls_init(gnutls_session_t * session, gnutls_connection_end_t con_end) /* set the socket pointers to -1; */ - (*session)->internals.transport_recv_ptr = (gnutls_transport_ptr_t) - 1; - (*session)->internals.transport_send_ptr = (gnutls_transport_ptr_t) - 1; + (*session)->internals.transport_recv_ptr = + (gnutls_transport_ptr_t) - 1; + (*session)->internals.transport_send_ptr = + (gnutls_transport_ptr_t) - 1; /* set the default maximum record size for TLS */ @@ -439,8 +445,7 @@ int _gnutls_dh_set_peer_public(gnutls_session_t session, mpi_t public) return GNUTLS_E_INTERNAL_ERROR; } - ret = - _gnutls_mpi_dprint_lz(&dh->public_key, public); + ret = _gnutls_mpi_dprint_lz(&dh->public_key, public); if (ret < 0) { gnutls_assert(); return ret; @@ -491,18 +496,16 @@ int _gnutls_rsa_export_set_pubkey(gnutls_session_t session, mpi_t exp, if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; - ret = - _gnutls_mpi_dprint_lz(&info->rsa_export.modulus, mod); + ret = _gnutls_mpi_dprint_lz(&info->rsa_export.modulus, mod); if (ret < 0) { gnutls_assert(); return ret; } - ret = - _gnutls_mpi_dprint_lz(&info->rsa_export.exponent, exp); + ret = _gnutls_mpi_dprint_lz(&info->rsa_export.exponent, exp); if (ret < 0) { gnutls_assert(); - _gnutls_free_datum( &info->rsa_export.modulus); + _gnutls_free_datum(&info->rsa_export.modulus); return ret; } @@ -555,7 +558,7 @@ int _gnutls_dh_set_group(gnutls_session_t session, mpi_t gen, mpi_t prime) ret = _gnutls_mpi_dprint_lz(&dh->generator, gen); if (ret < 0) { gnutls_assert(); - _gnutls_free_datum( &dh->prime); + _gnutls_free_datum(&dh->prime); return ret; } @@ -828,10 +831,11 @@ int gnutls_session_is_resumed(gnutls_session_t session) if (session->security_parameters.entity == GNUTLS_CLIENT) { if (session->security_parameters.session_id_size > 0 && session->security_parameters.session_id_size == - session->internals.resumed_security_parameters.session_id_size && - memcmp(session->security_parameters.session_id, - session->internals.resumed_security_parameters. - session_id, session->security_parameters.session_id_size) == 0) + session->internals.resumed_security_parameters.session_id_size + && memcmp(session->security_parameters.session_id, + session->internals.resumed_security_parameters. + session_id, + session->security_parameters.session_id_size) == 0) return 1; } else { if (session->internals.resumed == RESUME_TRUE) diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h index e7053370aa..a4d2b5b2bd 100644 --- a/lib/gnutls_state.h +++ b/lib/gnutls_state.h @@ -4,7 +4,7 @@ #include <gnutls_int.h> void _gnutls_session_cert_type_set(gnutls_session_t session, - gnutls_certificate_type_t); + gnutls_certificate_type_t); gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session); gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session); gnutls_certificate_type_t gnutls_certificate_type_get(gnutls_session_t); @@ -18,7 +18,8 @@ gnutls_certificate_type_t gnutls_certificate_type_get(gnutls_session_t); #endif -int _gnutls_session_cert_type_supported(gnutls_session_t, gnutls_certificate_type_t); +int _gnutls_session_cert_type_supported(gnutls_session_t, + gnutls_certificate_type_t); int _gnutls_dh_set_secret_bits(gnutls_session_t session, uint bits); @@ -30,7 +31,7 @@ void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits); void _gnutls_handshake_internal_state_clear(gnutls_session_t); int _gnutls_rsa_export_set_pubkey(gnutls_session_t session, mpi_t exp, - mpi_t mod); + mpi_t mod); int _gnutls_session_is_resumable(gnutls_session_t session); int _gnutls_session_is_export(gnutls_session_t session); @@ -38,7 +39,7 @@ int _gnutls_session_is_export(gnutls_session_t session); int _gnutls_openpgp_send_fingerprint(gnutls_session_t session); int _gnutls_PRF(const opaque * secret, int secret_size, const char *label, - int label_size, opaque * seed, int seed_size, - int total_bytes, void *ret); + int label_size, opaque * seed, int seed_size, + int total_bytes, void *ret); #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509 diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index f12ba647ac..ed77d1e599 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -72,7 +72,8 @@ void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits) * **/ int gnutls_dh_get_group(gnutls_session_t session, - gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) + gnutls_datum_t * raw_gen, + gnutls_datum_t * raw_prime) { dh_info_st *dh; int ret; @@ -103,7 +104,8 @@ int gnutls_dh_get_group(gnutls_session_t session, return ret; } - ret = _gnutls_set_datum(raw_gen, dh->generator.data, dh->generator.size); + ret = + _gnutls_set_datum(raw_gen, dh->generator.data, dh->generator.size); if (ret < 0) { gnutls_assert(); _gnutls_free_datum(raw_prime); @@ -125,7 +127,8 @@ int gnutls_dh_get_group(gnutls_session_t session, * Returns a negative value in case of an error. * **/ -int gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key) +int gnutls_dh_get_pubkey(gnutls_session_t session, + gnutls_datum_t * raw_key) { dh_info_st *dh; anon_server_auth_info_t anon_info; @@ -152,7 +155,8 @@ int gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key) return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_set_datum(raw_key, dh->public_key.data, dh->public_key.size); + return _gnutls_set_datum(raw_key, dh->public_key.data, + dh->public_key.size); } /** @@ -169,7 +173,8 @@ int gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key) * **/ int gnutls_rsa_export_get_pubkey(gnutls_session_t session, - gnutls_datum_t * exp, gnutls_datum_t * mod) + gnutls_datum_t * exp, + gnutls_datum_t * mod) { cert_auth_info_t info; int ret; @@ -390,8 +395,9 @@ const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session) * Returns NULL in case of an error, or if no certificate was sent. * **/ -const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t session, - unsigned int *list_size) +const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t + session, + unsigned int *list_size) { cert_auth_info_t info; @@ -516,8 +522,8 @@ void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res, * **/ void -gnutls_certificate_set_params_function(gnutls_certificate_credentials_t res, - gnutls_params_function * func) +gnutls_certificate_set_params_function(gnutls_certificate_credentials_t + res, gnutls_params_function * func) { res->params_func = func; } @@ -564,11 +570,12 @@ void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t * (gnutls_certificate_verify_peers()) to avoid denial of service attacks. * **/ -void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t res, unsigned int max_bits, - unsigned int max_depth) +void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t + res, unsigned int max_bits, + unsigned int max_depth) { - res->verify_depth = max_depth; - res->verify_bits = max_bits; + res->verify_depth = max_depth; + res->verify_bits = max_bits; } /** @@ -583,7 +590,8 @@ void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t res, **/ void gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials_t - res, gnutls_rsa_params_t rsa_params) + res, + gnutls_rsa_params_t rsa_params) { res->rsa_params = rsa_params; } diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 14c37956f2..938891042c 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -31,18 +31,28 @@ typedef struct gnutls_retr_st { } gnutls_retr_st; typedef int gnutls_certificate_client_retrieve_function(gnutls_session_t, - const gnutls_datum_t* req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st *); + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, + const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_retr_st *); typedef int gnutls_certificate_server_retrieve_function(gnutls_session_t, - gnutls_retr_st *); + gnutls_retr_st *); /* Functions that allow auth_info_t structures handling */ gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session); -gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t session); -gnutls_credentials_type_t gnutls_auth_client_get_type(gnutls_session_t session); +gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t + session); +gnutls_credentials_type_t gnutls_auth_client_get_type(gnutls_session_t + session); /* DH */ @@ -52,12 +62,14 @@ int gnutls_dh_get_peers_public_bits(gnutls_session_t session); int gnutls_dh_get_prime_bits(gnutls_session_t session); int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen, - gnutls_datum_t * raw_prime); -int gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key); + gnutls_datum_t * raw_prime); +int gnutls_dh_get_pubkey(gnutls_session_t session, + gnutls_datum_t * raw_key); /* RSA */ int gnutls_rsa_export_get_pubkey(gnutls_session_t session, - gnutls_datum_t * exp, gnutls_datum_t * mod); + gnutls_datum_t * exp, + gnutls_datum_t * mod); int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session); /* X509PKI */ @@ -65,40 +77,49 @@ int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session); /* These are set on the credentials structure. */ void -gnutls_certificate_client_set_retrieve_function( gnutls_certificate_credentials_t cred, - gnutls_certificate_client_retrieve_function *func); -void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_credentials_t cred, - gnutls_certificate_server_retrieve_function *func); +gnutls_certificate_client_set_retrieve_function +(gnutls_certificate_credentials_t cred, +gnutls_certificate_client_retrieve_function * func); +void +gnutls_certificate_server_set_retrieve_function +(gnutls_certificate_credentials_t cred, +gnutls_certificate_server_retrieve_function * func); void gnutls_certificate_server_set_request(gnutls_session_t session, - gnutls_certificate_request_t req); + gnutls_certificate_request_t + req); /* get data from the session */ -const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t session, - unsigned int *list_size); -const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session); +const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t + session, + unsigned int + *list_size); +const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t + session); time_t gnutls_certificate_activation_time_peers(gnutls_session_t session); time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session); int gnutls_certificate_client_get_request_status(gnutls_session_t session); int gnutls_certificate_verify_peers2(gnutls_session_t session, - unsigned int* status); + unsigned int *status); /* this is obsolete (?). */ int gnutls_certificate_verify_peers(gnutls_session_t session); int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data, - char *result, size_t * result_size); + char *result, size_t * result_size); int gnutls_pem_base64_decode(const char *header, - const gnutls_datum_t * b64_data, - unsigned char *result, size_t * result_size); + const gnutls_datum_t * b64_data, + unsigned char *result, size_t * result_size); int gnutls_pem_base64_encode_alloc(const char *msg, - const gnutls_datum_t * data, gnutls_datum_t * result); + const gnutls_datum_t * data, + gnutls_datum_t * result); int gnutls_pem_base64_decode_alloc(const char *header, - const gnutls_datum_t * b64_data, gnutls_datum_t * result); + const gnutls_datum_t * b64_data, + gnutls_datum_t * result); /* key_usage will be an OR of the following values: */ @@ -129,8 +150,8 @@ typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t, gnutls_params_st *); void -gnutls_certificate_set_params_function(gnutls_certificate_credentials_t res, - gnutls_params_function * func); +gnutls_certificate_set_params_function(gnutls_certificate_credentials_t + res, gnutls_params_function * func); void gnutls_anon_set_params_function(gnutls_certificate_credentials_t res, gnutls_params_function * func); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 7476bc9468..537b84c3e3 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -128,7 +128,8 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session, peer_certificate_list_size = info->ncerts; peer_certificate_list = gnutls_calloc(1, - peer_certificate_list_size * sizeof(gnutls_x509_crt_t)); + peer_certificate_list_size * + sizeof(gnutls_x509_crt_t)); if (peer_certificate_list == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -144,7 +145,8 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session, ret = gnutls_x509_crt_import(peer_certificate_list[i], - &info->raw_certificate_list[i], GNUTLS_X509_FMT_DER); + &info->raw_certificate_list[i], + GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert(); CLEAR_CERTS; @@ -164,10 +166,10 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session, */ ret = gnutls_x509_crt_list_verify(peer_certificate_list, - peer_certificate_list_size, - cred->x509_ca_list, cred->x509_ncas, - cred->x509_crl_list, cred->x509_ncrls, - cred->verify_flags, status); + peer_certificate_list_size, + cred->x509_ca_list, cred->x509_ncas, + cred->x509_crl_list, cred->x509_ncrls, + cred->verify_flags, status); CLEAR_CERTS; @@ -439,7 +441,7 @@ static int parse_pem_cert_mem(gnutls_cert ** cert_list, uint * ncerts, #ifdef ENABLE_PKI if ((ptr = memmem(input_cert, input_cert_size, - PEM_PKCS7_SEP, sizeof (PEM_PKCS7_SEP) - 1)) != NULL) { + PEM_PKCS7_SEP, sizeof(PEM_PKCS7_SEP) - 1)) != NULL) { size = strlen(ptr); ret = parse_pkcs7_cert_mem(cert_list, ncerts, ptr, size, CERT_PEM); @@ -451,10 +453,10 @@ static int parse_pem_cert_mem(gnutls_cert ** cert_list, uint * ncerts, /* move to the certificate */ ptr = memmem(input_cert, input_cert_size, - PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); if (ptr == NULL) ptr = memmem(input_cert, input_cert_size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1); if (ptr == NULL) { gnutls_assert(); @@ -504,10 +506,11 @@ static int parse_pem_cert_mem(gnutls_cert ** cert_list, uint * ncerts, if (size > 0) { char *ptr2; - ptr2 = memmem(ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + ptr2 = + memmem(ptr, size, PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); if (ptr2 == NULL) ptr2 = memmem(ptr, size, PEM_CERT_SEP2, - sizeof (PEM_CERT_SEP2) - 1); + sizeof(PEM_CERT_SEP2) - 1); ptr = ptr2; } else @@ -1127,10 +1130,10 @@ static int parse_pem_ca_mem(gnutls_x509_crt_t ** cert_list, uint * ncerts, /* move to the certificate */ ptr = memmem(input_cert, input_cert_size, - PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); if (ptr == NULL) ptr = memmem(input_cert, input_cert_size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1); if (ptr == NULL) { gnutls_assert(); @@ -1182,10 +1185,11 @@ static int parse_pem_ca_mem(gnutls_x509_crt_t ** cert_list, uint * ncerts, if (size > 0) { char *ptr2; - ptr2 = memmem(ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + ptr2 = + memmem(ptr, size, PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); if (ptr2 == NULL) ptr = memmem(ptr, size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1); ptr = ptr2; } else @@ -1309,27 +1313,29 @@ int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res, gnutls_x509_crt_t * ca_list, int ca_list_size) { - int ret, i,j, ret2; + int ret, i, j, ret2; res->x509_ca_list = gnutls_realloc_fast(res->x509_ca_list, - (ca_list_size + res->x509_ncas) * sizeof(gnutls_x509_crt_t)); + (ca_list_size + + res->x509_ncas) * + sizeof(gnutls_x509_crt_t)); if (res->x509_ca_list == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } for (i = 0; i < ca_list_size; i++) { - ret = gnutls_x509_crt_init(&res->x509_ca_list[i + res->x509_ncas]); + ret = gnutls_x509_crt_init(&res->x509_ca_list[i + res->x509_ncas]); if (ret < 0) { gnutls_assert(); return ret; } - ret = _gnutls_x509_crt_cpy(res->x509_ca_list[i + res->x509_ncas], - ca_list[i]); + ret = _gnutls_x509_crt_cpy(res->x509_ca_list[i + res->x509_ncas], + ca_list[i]); if (ret < 0) { gnutls_assert(); - gnutls_x509_crt_deinit( res->x509_ca_list[i + res->x509_ncas]); + gnutls_x509_crt_deinit(res->x509_ca_list[i + res->x509_ncas]); return ret; } res->x509_ncas++; @@ -1407,7 +1413,7 @@ static int parse_pem_crl_mem(gnutls_x509_crl_t ** crl_list, uint * ncrls, /* move to the certificate */ ptr = memmem(input_crl, input_crl_size, - PEM_CRL_SEP, sizeof (PEM_CRL_SEP) -1); + PEM_CRL_SEP, sizeof(PEM_CRL_SEP) - 1); if (ptr == NULL) { gnutls_assert(); return GNUTLS_E_BASE64_DECODING_ERROR; @@ -1457,7 +1463,7 @@ static int parse_pem_crl_mem(gnutls_x509_crl_t ** crl_list, uint * ncrls, size = input_crl_size - (ptr - input_crl); if (size > 0) - ptr = memmem(ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); + ptr = memmem(ptr, size, PEM_CRL_SEP, sizeof(PEM_CRL_SEP) - 1); else ptr = NULL; i++; diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h index 2effb5d027..4add484839 100644 --- a/lib/gnutls_x509.h +++ b/lib/gnutls_x509.h @@ -1,6 +1,7 @@ #include <libtasn1.h> -int _gnutls_x509_cert_verify_peers(gnutls_session_t session, unsigned int* status); +int _gnutls_x509_cert_verify_peers(gnutls_session_t session, + unsigned int *status); #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" #define PEM_CERT_SEP "-----BEGIN CERTIFICATE" @@ -20,6 +21,7 @@ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, mpi_t * params); int _gnutls_x509_raw_privkey_to_gkey(gnutls_privkey * privkey, - const gnutls_datum_t * raw_key, gnutls_x509_crt_fmt_t type); + const gnutls_datum_t * raw_key, + gnutls_x509_crt_fmt_t type); int _gnutls_x509_privkey_to_gkey(gnutls_privkey * privkey, gnutls_x509_privkey_t); diff --git a/lib/memmem.c b/lib/memmem.c index e32590ccd7..7d4714b8d7 100644 --- a/lib/memmem.c +++ b/lib/memmem.c @@ -26,34 +26,33 @@ #ifndef HAVE_MEMMEM /* Return the first occurrence of NEEDLE in HAYSTACK. */ -void * -memmem (haystack, haystack_len, needle, needle_len) - const void *haystack; - size_t haystack_len; - const void *needle; - size_t needle_len; +void *memmem(haystack, haystack_len, needle, needle_len) +const void *haystack; +size_t haystack_len; +const void *needle; +size_t needle_len; { - const char *begin; - const char *const last_possible - = (const char *) haystack + haystack_len - needle_len; - - if (needle_len == 0) - /* The first occurrence of the empty string is deemed to occur at - the beginning of the string. */ - return (void *) haystack; - - /* Sanity check, otherwise the loop might search through the whole - memory. */ - if (__builtin_expect (haystack_len < needle_len, 0)) - return NULL; - - for (begin = (const char *) haystack; begin <= last_possible; ++begin) - if (begin[0] == ((const char *) needle)[0] && - !memcmp ((const void *) &begin[1], - (const void *) ((const char *) needle + 1), - needle_len - 1)) - return (void *) begin; + const char *begin; + const char *const last_possible + = (const char *) haystack + haystack_len - needle_len; + + if (needle_len == 0) + /* The first occurrence of the empty string is deemed to occur at + the beginning of the string. */ + return (void *) haystack; + + /* Sanity check, otherwise the loop might search through the whole + memory. */ + if (__builtin_expect(haystack_len < needle_len, 0)) + return NULL; + + for (begin = (const char *) haystack; begin <= last_possible; ++begin) + if (begin[0] == ((const char *) needle)[0] && + !memcmp((const void *) &begin[1], + (const void *) ((const char *) needle + 1), + needle_len - 1)) + return (void *) begin; - return NULL; + return NULL; } #endif diff --git a/lib/memmem.h b/lib/memmem.h index 8143ea0ee8..56979c46a8 100644 --- a/lib/memmem.h +++ b/lib/memmem.h @@ -24,9 +24,8 @@ # include <string.h> # if defined HAVE_DECL_MEMMEM && !HAVE_DECL_MEMMEM -void * -memmem (const void *haystack, size_t haystack_len, - const void *needle, size_t needle_len); +void *memmem(const void *haystack, size_t haystack_len, + const void *needle, size_t needle_len); # endif -#endif /* MEMMEM_H */ +#endif /* MEMMEM_H */ diff --git a/lib/x509/common.c b/lib/x509/common.c index 78d5e377d0..feb2566477 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -158,7 +158,8 @@ const char *_gnutls_x509_oid2ldap_string(const char *oid) * hold the string. */ int _gnutls_x509_oid_data2string(const char *oid, void *value, - int value_size, char *res, size_t * res_size) + int value_size, char *res, + size_t * res_size) { char str[MAX_STRING_LEN], tmpname[128]; const char *ANAME = NULL; @@ -205,31 +206,31 @@ int _gnutls_x509_oid_data2string(const char *oid, void *value, * is the value; */ len = sizeof(str) - 1; - if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */ + if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */ gnutls_assert(); asn1_delete_structure(&tmpasn); return _gnutls_asn2err(result); } - + if (CHOICE == 0) { - str[len] = 0; - - if (res) + str[len] = 0; + + if (res) _gnutls_str_cpy(res, *res_size, str); *res_size = len; - } else { /* CHOICE */ - int non_printable = 0, teletex = 0; - str[len] = 0; + } else { /* CHOICE */ + int non_printable = 0, teletex = 0; + str[len] = 0; - /* Note that we do not support strings other than - * UTF-8 (thus ASCII as well). - */ - if ( strcmp( str, "printableString")!=0 && - strcmp( str, "utf8String")!=0 ) { - non_printable = 1; - } - if (strcmp( str, "teletexString")==0) - teletex = 1; + /* Note that we do not support strings other than + * UTF-8 (thus ASCII as well). + */ + if (strcmp(str, "printableString") != 0 && + strcmp(str, "utf8String") != 0) { + non_printable = 1; + } + if (strcmp(str, "teletexString") == 0) + teletex = 1; _gnutls_str_cpy(tmpname, sizeof(tmpname), str); @@ -242,32 +243,34 @@ int _gnutls_x509_oid_data2string(const char *oid, void *value, return _gnutls_asn2err(result); } - asn1_delete_structure(&tmpasn); + asn1_delete_structure(&tmpasn); - if (teletex != 0) { - int ascii = 0, i; - /* HACK: if the teletex string contains only ascii - * characters then treat it as printable. - */ - for(i=0;i<len;i++) - if(!isascii(str[i])) ascii=1; - - if (ascii==0) non_printable = 0; - } + if (teletex != 0) { + int ascii = 0, i; + /* HACK: if the teletex string contains only ascii + * characters then treat it as printable. + */ + for (i = 0; i < len; i++) + if (!isascii(str[i])) + ascii = 1; + + if (ascii == 0) + non_printable = 0; + } if (res) { - if (non_printable==0) { - str[len] = 0; - _gnutls_str_cpy(res, *res_size, str); - *res_size = len; - } else { - result = _gnutls_x509_data2hex( str, len, res, res_size); - if (result < 0) { - gnutls_assert(); - return result; - } - } - } + if (non_printable == 0) { + str[len] = 0; + _gnutls_str_cpy(res, *res_size, str); + *res_size = len; + } else { + result = _gnutls_x509_data2hex(str, len, res, res_size); + if (result < 0) { + gnutls_assert(); + return result; + } + } + } } @@ -279,7 +282,7 @@ int _gnutls_x509_oid_data2string(const char *oid, void *value, * something like '#01020304' */ int _gnutls_x509_data2hex(const opaque * data, size_t data_size, - opaque * out, size_t * sizeof_out) + opaque * out, size_t * sizeof_out) { char *res; char escaped[MAX_STRING_LEN]; @@ -287,22 +290,22 @@ int _gnutls_x509_data2hex(const opaque * data, size_t data_size, res = _gnutls_bin2hex(data, data_size, escaped, sizeof(escaped)); if (res) { - unsigned int size = strlen(res) + 1; - if (size + 1 > *sizeof_out) { - *sizeof_out = size; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - *sizeof_out = size; /* -1 for the null +1 for the '#' */ - - if (out) { - strcpy(out, "#"); - strcat(out, res); - } - - return 0; + unsigned int size = strlen(res) + 1; + if (size + 1 > *sizeof_out) { + *sizeof_out = size; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + *sizeof_out = size; /* -1 for the null +1 for the '#' */ + + if (out) { + strcpy(out, "#"); + strcat(out, res); + } + + return 0; } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; } return 0; @@ -385,7 +388,7 @@ const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t pk) } gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign(gnutls_pk_algorithm_t pk, - gnutls_mac_algorithm_t mac) + gnutls_mac_algorithm_t mac) { if (pk == GNUTLS_PK_RSA) { if (mac == GNUTLS_MAC_SHA) @@ -533,11 +536,11 @@ time_t _gnutls_x509_time2gtime(const char *ttime, int year) ttime += 2; if (strlen(ttime) >= 2) { - memcpy(xx, ttime, 2); - etime.tm_sec = atoi(xx); - ttime += 2; + memcpy(xx, ttime, 2); + etime.tm_sec = atoi(xx); + ttime += 2; } else - etime.tm_sec = 0; + etime.tm_sec = 0; ret = mktime_utc(&etime); @@ -580,7 +583,7 @@ time_t _gnutls_x509_utcTime2gtime(const char *ttime) * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2) */ int _gnutls_x509_gtime2utcTime(time_t gtime, char *str_time, - int str_time_size) + int str_time_size) { size_t ret; @@ -1372,7 +1375,7 @@ int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name, * returns them into signed_data. */ int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signature) + gnutls_datum_t * signature) { int bits, result, len; diff --git a/lib/x509/common.h b/lib/x509/common.h index d5bb50e66e..4ae3ca4515 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -26,53 +26,73 @@ time_t _gnutls_x509_utcTime2gtime(const char *ttime); time_t _gnutls_x509_generalTime2gtime(const char *ttime); int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim); -int _gnutls_x509_oid_data2string( const char* OID, void* value, - int value_size, char * res, size_t *res_size); -int _gnutls_x509_data2hex( const opaque* data, size_t data_size, opaque* out, size_t* sizeof_out); +int _gnutls_x509_oid_data2string(const char *OID, void *value, + int value_size, char *res, + size_t * res_size); +int _gnutls_x509_data2hex(const opaque * data, size_t data_size, + opaque * out, size_t * sizeof_out); -const char* _gnutls_x509_oid2ldap_string( const char* OID); +const char *_gnutls_x509_oid2ldap_string(const char *OID); -int _gnutls_x509_oid_data_choice( const char* OID); -int _gnutls_x509_oid_data_printable( const char* OID); +int _gnutls_x509_oid_data_choice(const char *OID); +int _gnutls_x509_oid_data_printable(const char *OID); -gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm( const char* oid); -gnutls_mac_algorithm_t _gnutls_x509_oid2mac_algorithm( const char* oid); -gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm( const char* oid); +gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm(const char *oid); +gnutls_mac_algorithm_t _gnutls_x509_oid2mac_algorithm(const char *oid); +gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm(const char *oid); -const char* _gnutls_x509_pk_to_oid( gnutls_pk_algorithm_t pk); +const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t pk); -gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign( - gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac); -const char* _gnutls_x509_sign_to_oid( gnutls_pk_algorithm_t, gnutls_mac_algorithm_t mac); -const char* _gnutls_x509_mac_to_oid( gnutls_mac_algorithm_t mac); +gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign(gnutls_pk_algorithm_t pk, + gnutls_mac_algorithm_t + mac); +const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t, + gnutls_mac_algorithm_t mac); +const char *_gnutls_x509_mac_to_oid(gnutls_mac_algorithm_t mac); time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when); -gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type( char* str_type); - -int _gnutls_x509_der_encode_and_copy( ASN1_TYPE src, const char* src_name, - ASN1_TYPE dest, const char* dest_name, int str); -int _gnutls_x509_der_encode( ASN1_TYPE src, const char* src_name, - gnutls_datum_t *res, int str); - -int _gnutls_x509_export_int( ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt_t format, char* pem_header, - int tmp_buf_size, unsigned char* output_data, size_t* output_data_size); - -int _gnutls_x509_read_value( ASN1_TYPE c, const char* root, gnutls_datum_t *ret, int str); -int _gnutls_x509_write_value( ASN1_TYPE c, const char* root, const gnutls_datum_t* data, int str); - -int _gnutls_x509_encode_and_write_attribute( const char* given_oid, ASN1_TYPE asn1_struct, - const char* where, const void* data, int sizeof_data, int multi); -int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct, const char* where, - char* oid, int oid_size, gnutls_datum_t* value, int multi); - -int _gnutls_x509_get_pk_algorithm( ASN1_TYPE src, const char* src_name, unsigned int* bits); - -int _gnutls_x509_encode_and_copy_PKI_params( ASN1_TYPE dst, const char* dst_name, - gnutls_pk_algorithm_t pk_algorithm, mpi_t* params, int params_size); -int _gnutls_asn1_copy_node( ASN1_TYPE *dst, const char* dst_name, - ASN1_TYPE src, const char* src_name); - -int _gnutls_x509_get_signed_data( ASN1_TYPE src, const char* src_name, gnutls_datum_t * signed_data); -int _gnutls_x509_get_signature( ASN1_TYPE src, const char* src_name, gnutls_datum_t * signature); +gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type); + +int _gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name, + ASN1_TYPE dest, const char *dest_name, + int str); +int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name, + gnutls_datum_t * res, int str); + +int _gnutls_x509_export_int(ASN1_TYPE asn1_data, + gnutls_x509_crt_fmt_t format, char *pem_header, + int tmp_buf_size, unsigned char *output_data, + size_t * output_data_size); + +int _gnutls_x509_read_value(ASN1_TYPE c, const char *root, + gnutls_datum_t * ret, int str); +int _gnutls_x509_write_value(ASN1_TYPE c, const char *root, + const gnutls_datum_t * data, int str); + +int _gnutls_x509_encode_and_write_attribute(const char *given_oid, + ASN1_TYPE asn1_struct, + const char *where, + const void *data, + int sizeof_data, int multi); +int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct, + const char *where, char *oid, + int oid_size, + gnutls_datum_t * value, + int multi); + +int _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name, + unsigned int *bits); + +int _gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst, + const char *dst_name, + gnutls_pk_algorithm_t + pk_algorithm, mpi_t * params, + int params_size); +int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name, + ASN1_TYPE src, const char *src_name); + +int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name, + gnutls_datum_t * signed_data); +int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name, + gnutls_datum_t * signature); diff --git a/lib/x509/compat.c b/lib/x509/compat.c index 6e9797252c..c6bcd24b04 100644 --- a/lib/x509/compat.c +++ b/lib/x509/compat.c @@ -36,7 +36,8 @@ * Returns a (time_t) -1 in case of an error. * **/ -time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t * cert) +time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t * + cert) { gnutls_x509_crt_t xcert; time_t result; @@ -67,7 +68,8 @@ time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t * cert) * Returns a (time_t) -1 in case of an error. * **/ -time_t _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t * cert) +time_t _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t * + cert) { gnutls_x509_crt_t xcert; time_t result; diff --git a/lib/x509/compat.h b/lib/x509/compat.h index c312001bb3..b0fcd29537 100644 --- a/lib/x509/compat.h +++ b/lib/x509/compat.h @@ -1,2 +1,2 @@ -time_t _gnutls_x509_get_raw_crt_activation_time( const gnutls_datum_t*); -time_t _gnutls_x509_get_raw_crt_expiration_time( const gnutls_datum_t*); +time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t *); +time_t _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t *); diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 5bda8bfabd..612c951523 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -96,7 +96,8 @@ void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl) * Returns 0 on success. * **/ -int gnutls_x509_crl_import(gnutls_x509_crl_t crl, const gnutls_datum_t * data, +int gnutls_x509_crl_import(gnutls_x509_crl_t crl, + const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 8b802dd0fb..e5c9fe3a39 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -55,7 +55,8 @@ static void disable_optional_stuff(gnutls_x509_crl_t crl); * Returns 0 on success. * **/ -int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version) +int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, + unsigned int version) { int result; char null = version; @@ -170,8 +171,8 @@ int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time) * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, const void *serial, - size_t serial_size, +int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, + const void *serial, size_t serial_size, time_t revocation_time) { int ret; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 9bca8c79ef..0bc303519e 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -103,7 +103,8 @@ void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq) * Returns 0 on success. * **/ -int gnutls_x509_crq_import(gnutls_x509_crq_t crq, const gnutls_datum_t * data, +int gnutls_x509_crq_import(gnutls_x509_crq_t crq, + const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; @@ -451,7 +452,8 @@ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, * Returns 0 on success. * **/ -int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, unsigned int version) +int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, + unsigned int version) { int result; unsigned char null = version; @@ -519,7 +521,8 @@ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq) * Returns 0 on success. * **/ -int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) +int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key) { int result; diff --git a/lib/x509/crq.h b/lib/x509/crq.h index 579b0a0983..277433bf9e 100644 --- a/lib/x509/crq.h +++ b/lib/x509/crq.h @@ -2,20 +2,23 @@ # define CRQ_H typedef struct gnutls_x509_crq_int { - ASN1_TYPE crq; + ASN1_TYPE crq; } gnutls_x509_crq_int; typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; -int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char* oid, - int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf); +int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf); int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); -int gnutls_x509_crq_import(gnutls_x509_crq_t crq, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); +int gnutls_x509_crq_import(gnutls_x509_crq_t crq, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); -int gnutls_x509_crq_get_pk_algorithm( gnutls_x509_crq_t crq, unsigned int* bits); +int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, + unsigned int *bits); #endif diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 20b6fa49e4..ca1c574f62 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -39,40 +39,40 @@ */ static const char *oid2ldap_string(const char *oid) { - const char *ret; + const char *ret; - ret = _gnutls_x509_oid2ldap_string(oid); - if (ret) - return ret; + ret = _gnutls_x509_oid2ldap_string(oid); + if (ret) + return ret; - /* else return the OID in dotted format */ - return oid; + /* else return the OID in dotted format */ + return oid; } /* Escapes a string following the rules from RFC2253. */ static char *str_escape(char *str, char *buffer, unsigned int buffer_size) { - int str_length, j, i; + int str_length, j, i; - if (str == NULL || buffer == NULL) - return NULL; + if (str == NULL || buffer == NULL) + return NULL; - str_length = MIN(strlen(str), buffer_size - 1); + str_length = MIN(strlen(str), buffer_size - 1); - for (i = j = 0; i < str_length; i++) { - if (str[i] == ',' || str[i] == '+' || str[i] == '"' - || str[i] == '\\' || str[i] == '<' || str[i] == '>' - || str[i] == ';') - buffer[j++] = '\\'; + for (i = j = 0; i < str_length; i++) { + if (str[i] == ',' || str[i] == '+' || str[i] == '"' + || str[i] == '\\' || str[i] == '<' || str[i] == '>' + || str[i] == ';') + buffer[j++] = '\\'; - buffer[j++] = str[i]; - } + buffer[j++] = str[i]; + } - /* null terminate the string */ - buffer[j] = 0; + /* null terminate the string */ + buffer[j] = 0; - return buffer; + return buffer; } /* Parses an X509 DN in the asn1_struct, and puts the output into @@ -82,221 +82,223 @@ static char *str_escape(char *str, char *buffer, unsigned int buffer_size) * That is to point in the rndSequence. */ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t * sizeof_buf) + const char *asn1_rdn_name, char *buf, + size_t * sizeof_buf) { - gnutls_string out_str; - int k2, k1, result; - char tmpbuffer1[64]; - char tmpbuffer2[64]; - char tmpbuffer3[64]; - char counter[MAX_INT_DIGITS]; - opaque value[MAX_STRING_LEN], *value2 = NULL; - char *escaped = NULL; - const char *ldap_desc; - char oid[128]; - int len, printable; - char *string = NULL; - size_t sizeof_string, sizeof_escaped; - - if (sizeof_buf == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (buf) - buf[0] = 0; - else - *sizeof_buf = 0; - - _gnutls_string_init(&out_str, gnutls_malloc, gnutls_realloc, - gnutls_free); - - k1 = 0; - do { - - k1++; - /* create a string like "tbsCertList.issuer.rdnSequence.?1" - */ - _gnutls_int2str(k1, counter); - _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); - if (strlen(tmpbuffer1) > 0) - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; - } - - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - k2 = 0; - - do { /* Move to the attibute type and values - */ - k2++; - - _gnutls_int2str(k2, counter); - _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); - if (strlen(tmpbuffer2) > 0) - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); - - /* Try to read the RelativeDistinguishedName attributes. - */ - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); - - len = sizeof(oid) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Read the Value - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value"); - - len = 0; - result = asn1_read_value(asn1_struct, tmpbuffer3, NULL, &len); - - value2 = gnutls_malloc(len); - if (value2 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - result = asn1_read_value(asn1_struct, tmpbuffer3, value2, &len); - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } + gnutls_string out_str; + int k2, k1, result; + char tmpbuffer1[64]; + char tmpbuffer2[64]; + char tmpbuffer3[64]; + char counter[MAX_INT_DIGITS]; + opaque value[MAX_STRING_LEN], *value2 = NULL; + char *escaped = NULL; + const char *ldap_desc; + char oid[128]; + int len, printable; + char *string = NULL; + size_t sizeof_string, sizeof_escaped; + + if (sizeof_buf == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (buf) + buf[0] = 0; + else + *sizeof_buf = 0; + + _gnutls_string_init(&out_str, gnutls_malloc, gnutls_realloc, + gnutls_free); + + k1 = 0; + do { + + k1++; + /* create a string like "tbsCertList.issuer.rdnSequence.?1" + */ + _gnutls_int2str(k1, counter); + _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); + if (strlen(tmpbuffer1) > 0) + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); + + len = sizeof(value) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) { + break; + } + + if (result != ASN1_VALUE_NOT_FOUND) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + k2 = 0; + + do { /* Move to the attibute type and values + */ + k2++; + + _gnutls_int2str(k2, counter); + _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); + if (strlen(tmpbuffer2) > 0) + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); + + /* Try to read the RelativeDistinguishedName attributes. + */ + + len = sizeof(value) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + if (result != ASN1_VALUE_NOT_FOUND) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + /* Read the OID + */ + _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); + _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); + + len = sizeof(oid) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + /* Read the Value + */ + _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); + _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value"); + + len = 0; + result = asn1_read_value(asn1_struct, tmpbuffer3, NULL, &len); + + value2 = gnutls_malloc(len); + if (value2 == NULL) { + gnutls_assert(); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + result = + asn1_read_value(asn1_struct, tmpbuffer3, value2, &len); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } #define STR_APPEND(y) if ((result=_gnutls_string_append_str( &out_str, y)) < 0) { \ gnutls_assert(); \ goto cleanup; \ } - /* The encodings of adjoining RelativeDistinguishedNames are separated - * by a comma character (',' ASCII 44). - */ - - /* Where there is a multi-valued RDN, the outputs from adjoining - * AttributeTypeAndValues are separated by a plus ('+' ASCII 43) - * character. - */ - if (k1 != 1) { /* the first time do not append a comma */ - if (k2 != 1) { /* adjoining multi-value RDN */ - STR_APPEND("+"); - } else { - STR_APPEND(","); - } - } - - ldap_desc = oid2ldap_string(oid); - printable = _gnutls_x509_oid_data_printable(oid); - - sizeof_escaped = 2 * len + 1; - - escaped = gnutls_malloc(sizeof_escaped); - if (escaped == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - sizeof_string = 2 * len + 2; /* in case it is not printable */ - - string = gnutls_malloc(sizeof_string); - if (string == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - STR_APPEND(ldap_desc); - STR_APPEND("="); - if (printable) - result = - _gnutls_x509_oid_data2string(oid, - value2, len, - string, &sizeof_string); - else - result = - _gnutls_x509_data2hex(value2, len, string, &sizeof_string); - - if (result < 0) { - gnutls_assert(); - _gnutls_x509_log - ("Found OID: '%s' with value '%s'\n", - oid, _gnutls_bin2hex(value2, - len, escaped, sizeof_escaped)); - goto cleanup; - } - STR_APPEND(str_escape(string, escaped, sizeof_escaped)); - gnutls_free(string); - string = NULL; - - gnutls_free(escaped); - escaped = NULL; - gnutls_free(value2); - value2 = NULL; - - } while (1); - - } while (1); - - if (out_str.length >= (unsigned int) *sizeof_buf) { - gnutls_assert(); - *sizeof_buf = out_str.length; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto cleanup; - } - - if (buf) { - memcpy(buf, out_str.data, out_str.length); - buf[out_str.length] = 0; - } - *sizeof_buf = out_str.length; - - result = 0; - - cleanup: - gnutls_free(value2); - gnutls_free(string); - gnutls_free(escaped); - _gnutls_string_clear(&out_str); - return result; + /* The encodings of adjoining RelativeDistinguishedNames are separated + * by a comma character (',' ASCII 44). + */ + + /* Where there is a multi-valued RDN, the outputs from adjoining + * AttributeTypeAndValues are separated by a plus ('+' ASCII 43) + * character. + */ + if (k1 != 1) { /* the first time do not append a comma */ + if (k2 != 1) { /* adjoining multi-value RDN */ + STR_APPEND("+"); + } else { + STR_APPEND(","); + } + } + + ldap_desc = oid2ldap_string(oid); + printable = _gnutls_x509_oid_data_printable(oid); + + sizeof_escaped = 2 * len + 1; + + escaped = gnutls_malloc(sizeof_escaped); + if (escaped == NULL) { + gnutls_assert(); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + sizeof_string = 2 * len + 2; /* in case it is not printable */ + + string = gnutls_malloc(sizeof_string); + if (string == NULL) { + gnutls_assert(); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + STR_APPEND(ldap_desc); + STR_APPEND("="); + if (printable) + result = + _gnutls_x509_oid_data2string(oid, + value2, len, + string, &sizeof_string); + else + result = + _gnutls_x509_data2hex(value2, len, string, + &sizeof_string); + + if (result < 0) { + gnutls_assert(); + _gnutls_x509_log + ("Found OID: '%s' with value '%s'\n", + oid, _gnutls_bin2hex(value2, + len, escaped, sizeof_escaped)); + goto cleanup; + } + STR_APPEND(str_escape(string, escaped, sizeof_escaped)); + gnutls_free(string); + string = NULL; + + gnutls_free(escaped); + escaped = NULL; + gnutls_free(value2); + value2 = NULL; + + } while (1); + + } while (1); + + if (out_str.length >= (unsigned int) *sizeof_buf) { + gnutls_assert(); + *sizeof_buf = out_str.length; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; + } + + if (buf) { + memcpy(buf, out_str.data, out_str.length); + buf[out_str.length] = 0; + } + *sizeof_buf = out_str.length; + + result = 0; + + cleanup: + gnutls_free(value2); + gnutls_free(string); + gnutls_free(escaped); + _gnutls_string_clear(&out_str); + return result; } /* Parses an X509 DN in the asn1_struct, and searches for the @@ -312,155 +314,158 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, * OID found, 1 the second etc. */ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - const char *given_oid, int indx, - unsigned int raw_flag, - void *buf, size_t * sizeof_buf) + const char *asn1_rdn_name, + const char *given_oid, int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { - int k2, k1, result; - char tmpbuffer1[64]; - char tmpbuffer2[64]; - char tmpbuffer3[64]; - char counter[MAX_INT_DIGITS]; - opaque value[256]; - char oid[128]; - int len, printable; - int i = 0; - char *cbuf = buf; - - if (cbuf == NULL) - *sizeof_buf = 0; - else - cbuf[0] = 0; - - k1 = 0; - do { - - k1++; - /* create a string like "tbsCertList.issuer.rdnSequence.?1" - */ - _gnutls_int2str(k1, counter); - _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); - - if (strlen(tmpbuffer1) > 0) - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; - } - - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - k2 = 0; - - do { /* Move to the attibute type and values - */ - k2++; - - _gnutls_int2str(k2, counter); - _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); - - if (strlen(tmpbuffer2) > 0) - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); - - /* Try to read the RelativeDistinguishedName attributes. - */ - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; - } - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); - - len = sizeof(oid) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */ - - /* Read the Value - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value"); - - len = *sizeof_buf; - result = asn1_read_value(asn1_struct, tmpbuffer3, buf, &len); - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if (raw_flag != 0) { - if ((uint) len > *sizeof_buf) { - *sizeof_buf = len; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - *sizeof_buf = len; - - return 0; - - } else { /* parse data. raw_flag == 0 */ - printable = _gnutls_x509_oid_data_printable(oid); - - if (printable == 1) - result = - _gnutls_x509_oid_data2string(oid, buf, len, - cbuf, sizeof_buf); - else - result = - _gnutls_x509_data2hex(buf, len, cbuf, sizeof_buf); - - if (result < 0) { - gnutls_assert(); - goto cleanup; - } - - return 0; - - } /* raw_flag == 0 */ - } - } while (1); - - } while (1); - - gnutls_assert(); - - result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - - cleanup: - return result; + int k2, k1, result; + char tmpbuffer1[64]; + char tmpbuffer2[64]; + char tmpbuffer3[64]; + char counter[MAX_INT_DIGITS]; + opaque value[256]; + char oid[128]; + int len, printable; + int i = 0; + char *cbuf = buf; + + if (cbuf == NULL) + *sizeof_buf = 0; + else + cbuf[0] = 0; + + k1 = 0; + do { + + k1++; + /* create a string like "tbsCertList.issuer.rdnSequence.?1" + */ + _gnutls_int2str(k1, counter); + _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); + + if (strlen(tmpbuffer1) > 0) + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); + + len = sizeof(value) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) { + gnutls_assert(); + break; + } + + if (result != ASN1_VALUE_NOT_FOUND) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + k2 = 0; + + do { /* Move to the attibute type and values + */ + k2++; + + _gnutls_int2str(k2, counter); + _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); + + if (strlen(tmpbuffer2) > 0) + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); + + /* Try to read the RelativeDistinguishedName attributes. + */ + + len = sizeof(value) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) { + break; + } + if (result != ASN1_VALUE_NOT_FOUND) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + /* Read the OID + */ + _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); + _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); + + len = sizeof(oid) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */ + + /* Read the Value + */ + _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), + tmpbuffer2); + _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value"); + + len = *sizeof_buf; + result = + asn1_read_value(asn1_struct, tmpbuffer3, buf, &len); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + if (raw_flag != 0) { + if ((uint) len > *sizeof_buf) { + *sizeof_buf = len; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + *sizeof_buf = len; + + return 0; + + } else { /* parse data. raw_flag == 0 */ + printable = _gnutls_x509_oid_data_printable(oid); + + if (printable == 1) + result = + _gnutls_x509_oid_data2string(oid, buf, len, + cbuf, sizeof_buf); + else + result = + _gnutls_x509_data2hex(buf, len, cbuf, + sizeof_buf); + + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + return 0; + + } /* raw_flag == 0 */ + } + } while (1); + + } while (1); + + gnutls_assert(); + + result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + + cleanup: + return result; } @@ -474,117 +479,117 @@ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, * OID found, 1 the second etc. */ int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - int indx, void *_oid, size_t * sizeof_oid) + const char *asn1_rdn_name, + int indx, void *_oid, size_t * sizeof_oid) { - int k2, k1, result; - char tmpbuffer1[64]; - char tmpbuffer2[64]; - char tmpbuffer3[64]; - char counter[MAX_INT_DIGITS]; - char value[256]; - char oid[128]; - int len; - int i = 0; - - k1 = 0; - do { - - k1++; - /* create a string like "tbsCertList.issuer.rdnSequence.?1" - */ - _gnutls_int2str(k1, counter); - _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); - - if (strlen(tmpbuffer1) > 0) - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; - } - - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - k2 = 0; - - do { /* Move to the attibute type and values - */ - k2++; - - _gnutls_int2str(k2, counter); - _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); - - if (strlen(tmpbuffer2) > 0) - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); - - /* Try to read the RelativeDistinguishedName attributes. - */ - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; - } - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); - - len = sizeof(oid) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if (indx == i++) { /* Found the OID */ - - len = strlen(oid) + 1; - - if (*sizeof_oid < (uint) len) { - *sizeof_oid = len; - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - memcpy(_oid, oid, len); - *sizeof_oid = len - 1; - - return 0; - } - } while (1); - - } while (1); - - gnutls_assert(); - - result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + int k2, k1, result; + char tmpbuffer1[64]; + char tmpbuffer2[64]; + char tmpbuffer3[64]; + char counter[MAX_INT_DIGITS]; + char value[256]; + char oid[128]; + int len; + int i = 0; + + k1 = 0; + do { + + k1++; + /* create a string like "tbsCertList.issuer.rdnSequence.?1" + */ + _gnutls_int2str(k1, counter); + _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); + + if (strlen(tmpbuffer1) > 0) + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); + _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); + + len = sizeof(value) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) { + gnutls_assert(); + break; + } + + if (result != ASN1_VALUE_NOT_FOUND) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + k2 = 0; + + do { /* Move to the attibute type and values + */ + k2++; + + _gnutls_int2str(k2, counter); + _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); + + if (strlen(tmpbuffer2) > 0) + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); + _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); + + /* Try to read the RelativeDistinguishedName attributes. + */ + + len = sizeof(value) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) { + break; + } + if (result != ASN1_VALUE_NOT_FOUND) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + /* Read the OID + */ + _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); + _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); + + len = sizeof(oid) - 1; + result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + if (indx == i++) { /* Found the OID */ + + len = strlen(oid) + 1; + + if (*sizeof_oid < (uint) len) { + *sizeof_oid = len; + gnutls_assert(); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + memcpy(_oid, oid, len); + *sizeof_oid = len - 1; + + return 0; + } + } while (1); + + } while (1); + + gnutls_assert(); + + result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - cleanup: - return result; + cleanup: + return result; } /* This will encode and write the AttributeTypeAndValue field. @@ -592,111 +597,111 @@ int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, * In all cases only one value is written. */ int _gnutls_x509_encode_and_write_attribute(const char *given_oid, - ASN1_TYPE asn1_struct, - const char *where, - const void *_data, - int sizeof_data, int multi) + ASN1_TYPE asn1_struct, + const char *where, + const void *_data, + int sizeof_data, int multi) { - const char *val_name; - const opaque *data = _data; - char tmp[128]; - ASN1_TYPE c2; - int result; - - - /* Find how to encode the data. - */ - val_name = asn1_find_structure_from_oid(_gnutls_get_pkix(), given_oid); - if (val_name == NULL) { - gnutls_assert(); - return GNUTLS_E_X509_UNSUPPORTED_OID; - } - - _gnutls_str_cpy(tmp, sizeof(tmp), "PKIX1."); - _gnutls_str_cat(tmp, sizeof(tmp), val_name); - - result = asn1_create_element(_gnutls_get_pkix(), tmp, &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - tmp[0] = 0; - - if ((result = _gnutls_x509_oid_data_choice(given_oid)) > 0) { - char *string_type; - int i; - - string_type = "printableString"; - - /* Check if the data is plain ascii, and use - * the UTF8 string type if not. - */ - for (i = 0; i < sizeof_data; i++) { - if (!isascii(data[i])) { - string_type = "utf8String"; - break; - } - } - - /* if the type is a CHOICE then write the - * type we'll use. - */ - result = asn1_write_value(c2, "", string_type, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); - } - - _gnutls_str_cpy(tmp, sizeof(tmp), string_type); - } - - result = asn1_write_value(c2, tmp, data, sizeof_data); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); - } - - - /* write the data (value) - */ - - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".value"); - - if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ - _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ - - result = asn1_write_value(asn1_struct, tmp, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); - - } - - result = _gnutls_x509_der_encode_and_copy(c2, "", asn1_struct, tmp, 0); - if (result < 0) { - gnutls_assert(); - return result; - } - - /* write the type - */ - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".type"); - - result = asn1_write_value(asn1_struct, tmp, given_oid, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - return 0; + const char *val_name; + const opaque *data = _data; + char tmp[128]; + ASN1_TYPE c2; + int result; + + + /* Find how to encode the data. + */ + val_name = asn1_find_structure_from_oid(_gnutls_get_pkix(), given_oid); + if (val_name == NULL) { + gnutls_assert(); + return GNUTLS_E_X509_UNSUPPORTED_OID; + } + + _gnutls_str_cpy(tmp, sizeof(tmp), "PKIX1."); + _gnutls_str_cat(tmp, sizeof(tmp), val_name); + + result = asn1_create_element(_gnutls_get_pkix(), tmp, &c2); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + tmp[0] = 0; + + if ((result = _gnutls_x509_oid_data_choice(given_oid)) > 0) { + char *string_type; + int i; + + string_type = "printableString"; + + /* Check if the data is plain ascii, and use + * the UTF8 string type if not. + */ + for (i = 0; i < sizeof_data; i++) { + if (!isascii(data[i])) { + string_type = "utf8String"; + break; + } + } + + /* if the type is a CHOICE then write the + * type we'll use. + */ + result = asn1_write_value(c2, "", string_type, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(result); + } + + _gnutls_str_cpy(tmp, sizeof(tmp), string_type); + } + + result = asn1_write_value(c2, tmp, data, sizeof_data); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(result); + } + + + /* write the data (value) + */ + + _gnutls_str_cpy(tmp, sizeof(tmp), where); + _gnutls_str_cat(tmp, sizeof(tmp), ".value"); + + if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ + _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ + + result = asn1_write_value(asn1_struct, tmp, "NEW", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); + + } + + result = _gnutls_x509_der_encode_and_copy(c2, "", asn1_struct, tmp, 0); + if (result < 0) { + gnutls_assert(); + return result; + } + + /* write the type + */ + _gnutls_str_cpy(tmp, sizeof(tmp), where); + _gnutls_str_cat(tmp, sizeof(tmp), ".type"); + + result = asn1_write_value(asn1_struct, tmp, given_oid, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + return 0; } /* This will write the AttributeTypeAndValue field. The data must be already DER encoded. @@ -704,50 +709,50 @@ int _gnutls_x509_encode_and_write_attribute(const char *given_oid, * In all cases only one value is written. */ int _gnutls_x509_write_attribute(const char *given_oid, - ASN1_TYPE asn1_struct, const char *where, - const void *_data, int sizeof_data, - int multi) + ASN1_TYPE asn1_struct, const char *where, + const void *_data, int sizeof_data, + int multi) { - char tmp[128]; - int result; + char tmp[128]; + int result; - /* write the data (value) - */ + /* write the data (value) + */ - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".value"); + _gnutls_str_cpy(tmp, sizeof(tmp), where); + _gnutls_str_cat(tmp, sizeof(tmp), ".value"); - if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ - _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ + if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ + _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ - result = asn1_write_value(asn1_struct, tmp, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } + result = asn1_write_value(asn1_struct, tmp, "NEW", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); + _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); - } + } - result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data); - if (result < 0) { - gnutls_assert(); - return _gnutls_asn2err(result); - } + result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data); + if (result < 0) { + gnutls_assert(); + return _gnutls_asn2err(result); + } - /* write the type - */ - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".type"); + /* write the type + */ + _gnutls_str_cpy(tmp, sizeof(tmp), where); + _gnutls_str_cat(tmp, sizeof(tmp), ".type"); - result = asn1_write_value(asn1_struct, tmp, given_oid, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } + result = asn1_write_value(asn1_struct, tmp, given_oid, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } - return 0; + return 0; } @@ -755,44 +760,44 @@ int _gnutls_x509_write_attribute(const char *given_oid, * otherwise. */ int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct, - const char *where, char *oid, - int oid_size, - gnutls_datum_t * value, - int multi) + const char *where, char *oid, + int oid_size, + gnutls_datum_t * value, + int multi) { - char tmpbuffer[128]; - int len, result; + char tmpbuffer[128]; + int len, result; - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where); - _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type"); + /* Read the OID + */ + _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where); + _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type"); - len = oid_size - 1; - result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len); + len = oid_size - 1; + result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - return result; - } + if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + return result; + } - /* Read the Value - */ + /* Read the Value + */ - _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where); - _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value"); + _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where); + _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value"); - if (multi) - _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */ + if (multi) + _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */ - result = _gnutls_x509_read_value(asn1_struct, tmpbuffer, value, 0); - if (result < 0) { - gnutls_assert(); - return result; - } + result = _gnutls_x509_read_value(asn1_struct, tmpbuffer, value, 0); + if (result < 0) { + gnutls_assert(); + return result; + } - return 0; + return 0; } @@ -804,72 +809,72 @@ int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct, * */ int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_name, const char *given_oid, - int raw_flag, const char *name, - int sizeof_name) + const char *asn1_name, const char *given_oid, + int raw_flag, const char *name, + int sizeof_name) { - int result; - char tmp[64], asn1_rdn_name[64]; - - if (sizeof_name == 0 || name == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - /* create the rdnSequence - */ - result = asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name); - _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name), ".rdnSequence"); - - /* create a new element - */ - result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); - - /* create the set with only one element - */ - result = asn1_write_value(asn1_struct, tmp, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - - /* Encode and write the data - */ - _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST"); - - if (!raw_flag) { - result = - _gnutls_x509_encode_and_write_attribute(given_oid, - asn1_struct, - tmp, name, - sizeof_name, 0); - } else { - result = - _gnutls_x509_write_attribute(given_oid, asn1_struct, - tmp, name, sizeof_name, 0); - } - - if (result < 0) { - gnutls_assert(); - return result; - } - - return 0; + int result; + char tmp[64], asn1_rdn_name[64]; + + if (sizeof_name == 0 || name == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + /* create the rdnSequence + */ + result = asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name); + _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name), ".rdnSequence"); + + /* create a new element + */ + result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); + _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); + + /* create the set with only one element + */ + result = asn1_write_value(asn1_struct, tmp, "NEW", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + + /* Encode and write the data + */ + _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); + _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST"); + + if (!raw_flag) { + result = + _gnutls_x509_encode_and_write_attribute(given_oid, + asn1_struct, + tmp, name, + sizeof_name, 0); + } else { + result = + _gnutls_x509_write_attribute(given_oid, asn1_struct, + tmp, name, sizeof_name, 0); + } + + if (result < 0) { + gnutls_assert(); + return result; + } + + return 0; } @@ -888,39 +893,39 @@ int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, * **/ int gnutls_x509_rdn_get(const gnutls_datum_t * idn, - char *buf, size_t * sizeof_buf) + char *buf, size_t * sizeof_buf) { - int result; - ASN1_TYPE dn = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE dn = ASN1_TYPE_EMPTY; - if (sizeof_buf == 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (sizeof_buf == 0) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (buf) - buf[0] = 0; + if (buf) + buf[0] = 0; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } + if ((result = + asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Name", &dn)) != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } - result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); - if (result != ASN1_SUCCESS) { - /* couldn't decode DER */ - gnutls_assert(); - asn1_delete_structure(&dn); - return _gnutls_asn2err(result); - } + result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); + if (result != ASN1_SUCCESS) { + /* couldn't decode DER */ + gnutls_assert(); + asn1_delete_structure(&dn); + return _gnutls_asn2err(result); + } - result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, sizeof_buf); + result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, sizeof_buf); - asn1_delete_structure(&dn); - return result; + asn1_delete_structure(&dn); + return result; } @@ -942,37 +947,37 @@ int gnutls_x509_rdn_get(const gnutls_datum_t * idn, * **/ int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * sizeof_buf) + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { - int result; - ASN1_TYPE dn = ASN1_TYPE_EMPTY; - - if (sizeof_buf == 0) { - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); - if (result != ASN1_SUCCESS) { - /* couldn't decode DER */ - gnutls_assert(); - asn1_delete_structure(&dn); - return _gnutls_asn2err(result); - } - - result = - _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx, - raw_flag, buf, sizeof_buf); - - asn1_delete_structure(&dn); - return result; + int result; + ASN1_TYPE dn = ASN1_TYPE_EMPTY; + + if (sizeof_buf == 0) { + return GNUTLS_E_INVALID_REQUEST; + } + + if ((result = + asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Name", &dn)) != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); + if (result != ASN1_SUCCESS) { + /* couldn't decode DER */ + gnutls_assert(); + asn1_delete_structure(&dn); + return _gnutls_asn2err(result); + } + + result = + _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx, + raw_flag, buf, sizeof_buf); + + asn1_delete_structure(&dn); + return result; } @@ -991,35 +996,35 @@ int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, * **/ int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, - int indx, void *buf, size_t * sizeof_buf) + int indx, void *buf, size_t * sizeof_buf) { - int result; - ASN1_TYPE dn = ASN1_TYPE_EMPTY; - - if (sizeof_buf == 0) { - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); - if (result != ASN1_SUCCESS) { - /* couldn't decode DER */ - gnutls_assert(); - asn1_delete_structure(&dn); - return _gnutls_asn2err(result); - } - - result = - _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf, sizeof_buf); - - asn1_delete_structure(&dn); - return result; + int result; + ASN1_TYPE dn = ASN1_TYPE_EMPTY; + + if (sizeof_buf == 0) { + return GNUTLS_E_INVALID_REQUEST; + } + + if ((result = + asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Name", &dn)) != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); + if (result != ASN1_SUCCESS) { + /* couldn't decode DER */ + gnutls_assert(); + asn1_delete_structure(&dn); + return _gnutls_asn2err(result); + } + + result = + _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf, sizeof_buf); + + asn1_delete_structure(&dn); + return result; } @@ -1032,16 +1037,16 @@ int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, * a negative value is returned to indicate error. */ int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2) + const gnutls_datum_t * dn2) { - if (dn1->size != dn2->size) { - gnutls_assert(); - return 0; - } - if (memcmp(dn1->data, dn2->data, dn2->size) != 0) { - gnutls_assert(); - return 0; - } - return 1; /* they match */ + if (dn1->size != dn2->size) { + gnutls_assert(); + return 0; + } + if (memcmp(dn1->data, dn2->data, dn2->size) != 0) { + gnutls_assert(); + return 0; + } + return 1; /* they match */ } diff --git a/lib/x509/dn.h b/lib/x509/dn.h index 18cca894a4..ac8495ccb4 100644 --- a/lib/x509/dn.h +++ b/lib/x509/dn.h @@ -13,22 +13,23 @@ #define OID_LDAP_UID "0.9.2342.19200300.100.1.1" #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" -int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, - const char* asn1_rdn_name, char *buf, - size_t* sizeof_buf); +int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, char *buf, + size_t * sizeof_buf); -int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, - const char* asn1_rdn_name, const char* oid, int indx, - unsigned int raw_flag, void *buf, size_t* sizeof_buf); +int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, const char *oid, + int indx, unsigned int raw_flag, void *buf, + size_t * sizeof_buf); -int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, - const char* asn1_rdn_name, const char* oid, int raw_flag, - const char *name, int sizeof_name); +int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, const char *oid, + int raw_flag, const char *name, + int sizeof_name); int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - int indx, - void *_oid, size_t * sizeof_oid); + const char *asn1_rdn_name, + int indx, void *_oid, size_t * sizeof_oid); #endif diff --git a/lib/x509/dsa.h b/lib/x509/dsa.h index 62456953d8..db6e749e69 100644 --- a/lib/x509/dsa.h +++ b/lib/x509/dsa.h @@ -1 +1 @@ -int _gnutls_dsa_generate_params(mpi_t* resarr, int* resarr_len, int bits); +int _gnutls_dsa_generate_params(mpi_t * resarr, int *resarr_len, int bits); diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 33392aa06a..419ca7f6ea 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -747,9 +747,10 @@ int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. * */ -int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t type, - const void *data_string, unsigned int reason_flags, - gnutls_datum_t * der_ext) +int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t + type, const void *data_string, + unsigned int reason_flags, + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; gnutls_datum_t gnames = { NULL, 0 }; diff --git a/lib/x509/extensions.h b/lib/x509/extensions.h index c9f50a99ef..d4ca019e4a 100644 --- a/lib/x509/extensions.h +++ b/lib/x509/extensions.h @@ -1,20 +1,32 @@ -int _gnutls_x509_crt_get_extension( gnutls_x509_crt_t cert, const char* extension_id, - int indx, gnutls_datum_t* ret, unsigned int* critical); +int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, + const char *extension_id, int indx, + gnutls_datum_t * ret, + unsigned int *critical); -int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt_t cert, - int indx, void* ret, size_t * ret_size); -int _gnutls_x509_ext_extract_keyUsage(uint16 *keyUsage, opaque * extnValue, - int extnValueLen); +int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, + int indx, void *ret, + size_t * ret_size); +int _gnutls_x509_ext_extract_keyUsage(uint16 * keyUsage, + opaque * extnValue, + int extnValueLen); int _gnutls_x509_ext_extract_basicConstraints(int *CA, opaque * extnValue, - int extnValueLen); + int extnValueLen); -int _gnutls_x509_crt_set_extension( gnutls_x509_crt_t cert, const char* extension_id, - const gnutls_datum_t* ext_data, unsigned int critical); -int _gnutls_x509_ext_gen_basicConstraints(int CA, gnutls_datum_t* der_ext); -int _gnutls_x509_ext_gen_keyUsage(uint16 usage, gnutls_datum_t* der_ext); -int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t type, - const char* data_string, gnutls_datum_t* der_ext); -int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t type, - const void* data_string, unsigned int reason_flags, gnutls_datum_t* der_ext); -int _gnutls_x509_ext_gen_key_id( const void* id, size_t id_size, gnutls_datum_t* der_data); -int _gnutls_x509_ext_gen_auth_key_id( const void* id, size_t id_size, gnutls_datum_t* der_data); +int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert, + const char *extension_id, + const gnutls_datum_t * ext_data, + unsigned int critical); +int _gnutls_x509_ext_gen_basicConstraints(int CA, + gnutls_datum_t * der_ext); +int _gnutls_x509_ext_gen_keyUsage(uint16 usage, gnutls_datum_t * der_ext); +int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t + type, const char *data_string, + gnutls_datum_t * der_ext); +int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t + type, const void *data_string, + unsigned int reason_flags, + gnutls_datum_t * der_ext); +int _gnutls_x509_ext_gen_key_id(const void *id, size_t id_size, + gnutls_datum_t * der_data); +int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, + gnutls_datum_t * der_data); diff --git a/lib/x509/mpi.h b/lib/x509/mpi.h index 161f9d6e26..df46c0d5d9 100644 --- a/lib/x509/mpi.h +++ b/lib/x509/mpi.h @@ -1,26 +1,32 @@ #include <gnutls_int.h> #include "x509.h" -int _gnutls_x509_crt_get_mpis( gnutls_x509_crt_t cert, - mpi_t* params, int *params_size); -int _gnutls_x509_read_rsa_params(opaque * der, int dersize, mpi_t * params); -int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, mpi_t * params); -int _gnutls_x509_read_dsa_params(opaque * der, int dersize, mpi_t * params); +int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, + mpi_t * params, int *params_size); +int _gnutls_x509_read_rsa_params(opaque * der, int dersize, + mpi_t * params); +int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, + mpi_t * params); +int _gnutls_x509_read_dsa_params(opaque * der, int dersize, + mpi_t * params); -int _gnutls_x509_write_rsa_params( mpi_t * params, int params_size, - gnutls_datum_t* der); -int _gnutls_x509_write_dsa_params( mpi_t * params, int params_size, - gnutls_datum_t* der); -int _gnutls_x509_write_dsa_public_key( mpi_t * params, int params_size, - gnutls_datum_t* der); +int _gnutls_x509_write_rsa_params(mpi_t * params, int params_size, + gnutls_datum_t * der); +int _gnutls_x509_write_dsa_params(mpi_t * params, int params_size, + gnutls_datum_t * der); +int _gnutls_x509_write_dsa_public_key(mpi_t * params, int params_size, + gnutls_datum_t * der); -int _gnutls_x509_read_uint( ASN1_TYPE node, const char* value, - unsigned int* ret); +int _gnutls_x509_read_uint(ASN1_TYPE node, const char *value, + unsigned int *ret); -int _gnutls_x509_read_int( ASN1_TYPE node, const char* value, - mpi_t* ret_mpi); -int _gnutls_x509_write_int( ASN1_TYPE node, const char* value, mpi_t mpi, int lz); -int _gnutls_x509_write_uint32( ASN1_TYPE node, const char* value, uint32 num); +int _gnutls_x509_read_int(ASN1_TYPE node, const char *value, + mpi_t * ret_mpi); +int _gnutls_x509_write_int(ASN1_TYPE node, const char *value, mpi_t mpi, + int lz); +int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value, + uint32 num); -int _gnutls_x509_write_sig_params( ASN1_TYPE dst, const char* dst_name, - gnutls_pk_algorithm_t pk_algorithm, mpi_t * params, int params_size); +int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name, + gnutls_pk_algorithm_t pk_algorithm, + mpi_t * params, int params_size); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 9b9999fc75..2d30172581 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -175,7 +175,8 @@ void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12) * Returns 0 on success. * **/ -int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, const gnutls_datum_t * data, +int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, + const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, unsigned int flags) { int result = 0, need_free = 0; @@ -308,7 +309,7 @@ static inline char *ucs2_to_ascii(char *data, int size) */ int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, - gnutls_pkcs12_bag_t bag) + gnutls_pkcs12_bag_t bag) { char oid[128], root[128]; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -470,7 +471,7 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, static int _parse_safe_contents(ASN1_TYPE sc, const char *sc_name, - gnutls_pkcs12_bag_t bag) + gnutls_pkcs12_bag_t bag) { gnutls_datum_t content = { NULL, 0 }; int result; @@ -514,7 +515,7 @@ int _parse_safe_contents(ASN1_TYPE sc, const char *sc_name, * **/ int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, - int indx, gnutls_pkcs12_bag_t bag) + int indx, gnutls_pkcs12_bag_t bag) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, len; @@ -656,7 +657,7 @@ static int create_empty_pfx(ASN1_TYPE pkcs12) * Returns 0 on success. * **/ -int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) +int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; @@ -989,8 +990,8 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) } -static int write_attributes(gnutls_pkcs12_bag_t bag, int elem, ASN1_TYPE c2, - const char *where) +static int write_attributes(gnutls_pkcs12_bag_t bag, int elem, + ASN1_TYPE c2, const char *where) { int result; char root[128]; @@ -1089,7 +1090,7 @@ static int write_attributes(gnutls_pkcs12_bag_t bag, int elem, ASN1_TYPE c2, * the given datum. Enc is set to non zero if the data are encrypted; */ int -_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, +_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, int *enc) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; diff --git a/lib/x509/pkcs12.h b/lib/x509/pkcs12.h index 21cd6aa275..88309eff48 100644 --- a/lib/x509/pkcs12.h +++ b/lib/x509/pkcs12.h @@ -1,31 +1,31 @@ typedef struct gnutls_pkcs12_int { - ASN1_TYPE pkcs12; + ASN1_TYPE pkcs12; } gnutls_pkcs12_int; typedef enum gnutls_pkcs12_bag_type_t { - GNUTLS_BAG_EMPTY = 0, - - GNUTLS_BAG_PKCS8_ENCRYPTED_KEY=1, - GNUTLS_BAG_PKCS8_KEY, - GNUTLS_BAG_CERTIFICATE, - GNUTLS_BAG_CRL, - GNUTLS_BAG_ENCRYPTED=10, - GNUTLS_BAG_UNKNOWN=20 + GNUTLS_BAG_EMPTY = 0, + + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1, + GNUTLS_BAG_PKCS8_KEY, + GNUTLS_BAG_CERTIFICATE, + GNUTLS_BAG_CRL, + GNUTLS_BAG_ENCRYPTED = 10, + GNUTLS_BAG_UNKNOWN = 20 } gnutls_pkcs12_bag_type_t; #define MAX_BAG_ELEMENTS 32 struct bag_element { - gnutls_datum_t data; - gnutls_pkcs12_bag_type_t type; - gnutls_datum_t local_key_id; - char * friendly_name; + gnutls_datum_t data; + gnutls_pkcs12_bag_type_t type; + gnutls_datum_t local_key_id; + char *friendly_name; }; typedef struct gnutls_pkcs12_bag_int { - struct bag_element element[MAX_BAG_ELEMENTS]; - int bag_elements; + struct bag_element element[MAX_BAG_ELEMENTS]; + int bag_elements; } gnutls_pkcs12_bag_int; #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1" @@ -48,39 +48,45 @@ typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); -int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags); +int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags); -int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, - int indx, gnutls_pkcs12_bag_t bag); +int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, + int indx, gnutls_pkcs12_bag_t bag); int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); -void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); +void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); -int -_pkcs12_string_to_key (unsigned int id, const opaque *salt, unsigned int salt_size, - unsigned int iter, const char *pw, - unsigned int req_keylen, opaque *keybuf); +int +_pkcs12_string_to_key(unsigned int id, const opaque * salt, + unsigned int salt_size, unsigned int iter, + const char *pw, unsigned int req_keylen, + opaque * keybuf); -int _gnutls_pkcs7_decrypt_data( const gnutls_datum_t* data, - const char* password, gnutls_datum_t* dec); +int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, + const char *password, gnutls_datum_t * dec); typedef enum schema_id { - PBES2, /* the stuff in PKCS #5 */ - PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ - PKCS12_ARCFOUR_SHA1, - PKCS12_RC2_40_SHA1 + PBES2, /* the stuff in PKCS #5 */ + PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ + PKCS12_ARCFOUR_SHA1, + PKCS12_RC2_40_SHA1 } schema_id; -int _gnutls_pkcs7_encrypt_data(schema_id schema, const gnutls_datum_t * data, - const char *password, - gnutls_datum_t * enc); -int _pkcs12_decode_safe_contents( const gnutls_datum_t* content, gnutls_pkcs12_bag_t bag); +int _gnutls_pkcs7_encrypt_data(schema_id schema, + const gnutls_datum_t * data, + const char *password, gnutls_datum_t * enc); +int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, + gnutls_pkcs12_bag_t bag); int -_pkcs12_encode_safe_contents( gnutls_pkcs12_bag_t bag, ASN1_TYPE* content, int *enc); - -int _pkcs12_decode_crt_bag( gnutls_pkcs12_bag_type_t type, const gnutls_datum_t* in, - gnutls_datum_t* out); -int _pkcs12_encode_crt_bag( gnutls_pkcs12_bag_type_t type, const gnutls_datum_t* raw, - gnutls_datum_t* out); +_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * content, + int *enc); + +int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * in, + gnutls_datum_t * out); +int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * raw, + gnutls_datum_t * out); diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 972067bebc..127ad08670 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -45,7 +45,7 @@ * Returns 0 on success. * **/ -int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag) +int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag) { *bag = gnutls_calloc(1, sizeof(gnutls_pkcs12_bag_int)); @@ -55,7 +55,7 @@ int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag) return GNUTLS_E_MEMORY_ERROR; } -static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) +static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) { int i; @@ -77,7 +77,7 @@ static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) * This function will deinitialize a PKCS12 Bag structure. * **/ -void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag) +void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag) { if (!bag) return; @@ -96,8 +96,8 @@ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag) * enumerations. * **/ -gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, - int indx) +gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t + bag, int indx) { if (bag == NULL) { gnutls_assert(); @@ -116,7 +116,7 @@ gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, * This function will return the number of the elements withing the bag. * **/ -int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag) +int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag) { if (bag == NULL) { gnutls_assert(); @@ -139,7 +139,7 @@ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag) * Returns 0 on success and a negative error code on error. * **/ -int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx, +int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx, gnutls_datum_t * data) { if (bag == NULL) { @@ -223,7 +223,8 @@ int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, gnutls_datum_t * out) + const gnutls_datum_t * raw, + gnutls_datum_t * out) { int ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -305,7 +306,7 @@ int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, * value on error. * **/ -int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, +int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, gnutls_pkcs12_bag_type_t type, const gnutls_datum_t * data) { @@ -362,7 +363,8 @@ int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, * value on failure. * **/ -int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt) +int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, + gnutls_x509_crt_t crt) { int ret; gnutls_datum_t data; @@ -397,7 +399,8 @@ int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt) * value on failure. * **/ -int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) +int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, + gnutls_x509_crl_t crl) { int ret; gnutls_datum_t data; @@ -434,7 +437,7 @@ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx, +int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx, const gnutls_datum_t * id) { int ret; @@ -473,7 +476,7 @@ int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx, +int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx, gnutls_datum_t * id) { if (bag == NULL) { @@ -504,7 +507,7 @@ int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int indx, +int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int indx, char **name) { if (bag == NULL) { @@ -536,7 +539,7 @@ int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, int indx, +int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, int indx, const char *name) { if (bag == NULL) { @@ -568,7 +571,7 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, int indx, * This function will decrypt the given encrypted bag and return 0 on success. * **/ -int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass) +int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass) { int ret; gnutls_datum_t dec; @@ -617,7 +620,7 @@ int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass) * This function will encrypt the given bag and return 0 on success. * **/ -int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass, +int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass, unsigned int flags) { int ret; diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c index f8fc776229..dfed11cf58 100644 --- a/lib/x509/pkcs12_encr.c +++ b/lib/x509/pkcs12_encr.c @@ -70,8 +70,10 @@ _pkcs12_string_to_key(unsigned int id, const opaque * salt, cur_keylen = 0; - if (pw==NULL) pwlen = 0; - else pwlen = strlen(pw); + if (pw == NULL) + pwlen = 0; + else + pwlen = strlen(pw); if (pwlen > 63 / 2) { gnutls_assert(); @@ -100,16 +102,15 @@ _pkcs12_string_to_key(unsigned int id, const opaque * salt, gnutls_assert(); return GNUTLS_E_DECRYPTION_FAILED; } - for (i = 0; i < 64; i++) - { + for (i = 0; i < 64; i++) { unsigned char lid = id & 0xFF; gc_hash_write(md, 1, &lid); - } + } gc_hash_write(md, 128, buf_i); memcpy(hash, gc_hash_read(md), 20); gc_hash_close(md); for (i = 1; i < iter; i++) - gc_hash_buffer (GC_SHA1, hash, 20, hash); + gc_hash_buffer(GC_SHA1, hash, 20, hash); for (i = 0; i < 20 && cur_keylen < req_keylen; i++) keybuf[cur_keylen++] = hash[i]; if (cur_keylen == req_keylen) { diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 5e8386f075..f16471f066 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -496,7 +496,8 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) * Returns 0 on success. * **/ -int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) +int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crt) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; @@ -801,7 +802,8 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7) * Returns 0 on success. * **/ -int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) +int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crl) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; diff --git a/lib/x509/pkcs7.h b/lib/x509/pkcs7.h index c3d6757ab8..273a586f0c 100644 --- a/lib/x509/pkcs7.h +++ b/lib/x509/pkcs7.h @@ -1,6 +1,6 @@ typedef struct gnutls_pkcs7_int { - ASN1_TYPE pkcs7; + ASN1_TYPE pkcs7; } gnutls_pkcs7_int; typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; @@ -8,7 +8,8 @@ typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, - int indx, void* certificate, size_t* certificate_size); + gnutls_x509_crt_fmt_t format); +int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, + int indx, void *certificate, + size_t * certificate_size); int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7); diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 2f129a0b33..8c5cb61c0d 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -699,9 +699,12 @@ int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, * **/ int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u) { int ret; @@ -784,8 +787,10 @@ int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, * **/ int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, gnutls_datum_t * x) { int ret; diff --git a/lib/x509/privkey.h b/lib/x509/privkey.h index a0f0939a05..e4865405db 100644 --- a/lib/x509/privkey.h +++ b/lib/x509/privkey.h @@ -1,15 +1,18 @@ typedef enum gnutls_pkcs_encrypt_flags_t { - GNUTLS_PKCS_PLAIN=1, /* if set the private key will not - * be encrypted. - */ - GNUTLS_PKCS_USE_PKCS12_3DES=2, - GNUTLS_PKCS_USE_PKCS12_ARCFOUR=4, - GNUTLS_PKCS_USE_PKCS12_RC2_40=8, - GNUTLS_PKCS_USE_PBES2_3DES=16 + GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not + * be encrypted. + */ + GNUTLS_PKCS_USE_PKCS12_3DES = 2, + GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, + GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, + GNUTLS_PKCS_USE_PBES2_3DES = 16 } gnutls_pkcs_encrypt_flags_t; -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( const gnutls_datum_t *raw_key, - gnutls_x509_privkey_t pkey); -int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src); +int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * + raw_key, + gnutls_x509_privkey_t pkey); +int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, + gnutls_x509_privkey_t src); diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index e416161145..05fb99e1f6 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -474,9 +474,9 @@ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, */ static int read_pkcs_schema_params(schema_id schema, const char *password, - const opaque * data, int data_size, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params) + const opaque * data, int data_size, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params) { ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; int result; @@ -822,8 +822,10 @@ int decode_private_key_info(const gnutls_datum_t * der, * **/ int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - const char *password, unsigned int flags) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -1086,7 +1088,8 @@ static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, /* Converts an OID to a gnutls cipher type. */ inline - static int oid2cipher(const char *oid, gnutls_cipher_algorithm_t * algo) + static int oid2cipher(const char *oid, + gnutls_cipher_algorithm_t * algo) { *algo = 0; @@ -1788,7 +1791,8 @@ int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, /* Encrypts to a PKCS #7 encryptedData. The output is allocated * and stored in enc. */ -int _gnutls_pkcs7_encrypt_data(schema_id schema, const gnutls_datum_t * data, +int _gnutls_pkcs7_encrypt_data(schema_id schema, + const gnutls_datum_t * data, const char *password, gnutls_datum_t * enc) { int result; diff --git a/lib/x509/sign.c b/lib/x509/sign.c index d63d4b8015..4d78d5bb1e 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -197,8 +197,10 @@ dsa_sign(const gnutls_datum_t * text, * 'signature' will hold the signature! * 'hash' is only used in PKCS1 RSA signing. */ -int _gnutls_x509_sign(const gnutls_datum_t * tbs, gnutls_mac_algorithm_t hash, - gnutls_x509_privkey_t signer, gnutls_datum_t * signature) +int _gnutls_x509_sign(const gnutls_datum_t * tbs, + gnutls_mac_algorithm_t hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature) { int ret; diff --git a/lib/x509/sign.h b/lib/x509/sign.h index 6a9a385c78..e3bcb2942d 100644 --- a/lib/x509/sign.h +++ b/lib/x509/sign.h @@ -1,6 +1,11 @@ -int _gnutls_x509_sign( const gnutls_datum_t* tbs, gnutls_mac_algorithm_t hash, - gnutls_x509_privkey_t signer, gnutls_datum_t* signature); -int _gnutls_x509_sign_tbs( ASN1_TYPE cert, const char* tbs_name, - gnutls_mac_algorithm_t hash, gnutls_x509_privkey_t signer, gnutls_datum_t* signature); -int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char* src_name, - gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key); +int _gnutls_x509_sign(const gnutls_datum_t * tbs, + gnutls_mac_algorithm_t hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature); +int _gnutls_x509_sign_tbs(ASN1_TYPE cert, const char *tbs_name, + gnutls_mac_algorithm_t hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature); +int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index f924987dc5..37c92e38c2 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -40,16 +40,20 @@ #include <verify.h> static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, int tcas_size, unsigned int flags, - unsigned int *output); + const gnutls_x509_crt_t * + trusted_cas, int tcas_size, + unsigned int flags, + unsigned int *output); int _gnutls_x509_verify_signature(const gnutls_datum_t * signed_data, - const gnutls_datum_t * signature, gnutls_x509_crt_t issuer); + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer); static int is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert); static int _gnutls_verify_crl2(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, int tcas_size, unsigned int flags, - unsigned int *output); + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output); /* Checks if the issuer of a certificate is a @@ -59,8 +63,8 @@ static int _gnutls_verify_crl2(gnutls_x509_crl_t crl, * Returns true or false, if the issuer is a CA, * or not. */ -static int check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, - unsigned int flags) +static int check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + unsigned int flags) { gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t issuer_signed_data = { NULL, 0 }; @@ -109,17 +113,17 @@ static int check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, * return true. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - if (cert_signed_data.size == issuer_signed_data.size) { - if ((memcmp(cert_signed_data.data, issuer_signed_data.data, - cert_signed_data.size) == 0) && - (cert_signature.size == issuer_signature.size) && - (memcmp(cert_signature.data, issuer_signature.data, - cert_signature.size) == 0)) { - result = 1; - goto cleanup; + if (cert_signed_data.size == issuer_signed_data.size) { + if ((memcmp(cert_signed_data.data, issuer_signed_data.data, + cert_signed_data.size) == 0) && + (cert_signature.size == issuer_signature.size) && + (memcmp(cert_signature.data, issuer_signature.data, + cert_signature.size) == 0)) { + result = 1; + goto cleanup; } - } - + } + if (gnutls_x509_crt_get_ca_status(issuer, NULL) == 1) { result = 1; goto cleanup; @@ -175,8 +179,8 @@ int is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert) static inline gnutls_x509_crt_t find_issuer(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size) + const gnutls_x509_crt_t * trusted_cas, + int tcas_size) { int i; @@ -204,8 +208,10 @@ static inline * procedure. */ static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, unsigned int flags, unsigned int *output) + const gnutls_x509_crt_t * + trusted_cas, int tcas_size, + unsigned int flags, + unsigned int *output) { gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t cert_signature = { NULL, 0 }; @@ -305,11 +311,14 @@ static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, * lead to a trusted CA in order to be trusted. */ static -unsigned int _gnutls_x509_verify_certificate( - const gnutls_x509_crt_t * certificate_list, int clist_size, - const gnutls_x509_crt_t * trusted_cas, int tcas_size, - const gnutls_x509_crl_t * CRLs, int crls_size, - unsigned int flags) +unsigned int _gnutls_x509_verify_certificate(const gnutls_x509_crt_t * + certificate_list, + int clist_size, + const gnutls_x509_crt_t * + trusted_cas, int tcas_size, + const gnutls_x509_crl_t * + CRLs, int crls_size, + unsigned int flags) { int i = 0, ret; unsigned int status = 0, output; @@ -497,8 +506,9 @@ _pkcs1_rsa_verify_sig(const gnutls_datum_t * text, /* Hashes input data and verifies a DSA signature. */ static int -dsa_verify_sig(const gnutls_datum_t * text, const gnutls_datum_t * signature, - mpi_t * params, int params_len) +dsa_verify_sig(const gnutls_datum_t * text, + const gnutls_datum_t * signature, mpi_t * params, + int params_len) { int ret; opaque _digest[MAX_HASH_SIZE]; @@ -526,8 +536,9 @@ dsa_verify_sig(const gnutls_datum_t * text, const gnutls_datum_t * signature, * or 1 otherwise. */ static int verify_sig(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_pk_algorithm_t pk, mpi_t * issuer_params, int issuer_params_size) + const gnutls_datum_t * signature, + gnutls_pk_algorithm_t pk, mpi_t * issuer_params, + int issuer_params_size) { switch (pk) { @@ -565,7 +576,8 @@ static int verify_sig(const gnutls_datum_t * tbs, * 'signature' is the signature! */ int _gnutls_x509_verify_signature(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, gnutls_x509_crt_t issuer) + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer) { mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; int ret, issuer_params_size, i; @@ -605,7 +617,8 @@ int _gnutls_x509_verify_signature(const gnutls_datum_t * tbs, * 'signature' is the signature! */ int _gnutls_x509_privkey_verify_signature(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, gnutls_x509_privkey_t issuer) + const gnutls_datum_t * signature, + gnutls_x509_privkey_t issuer) { int ret; @@ -652,11 +665,13 @@ int _gnutls_x509_privkey_verify_signature(const gnutls_datum_t * tbs, * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crt_list_verify( - const gnutls_x509_crt_t * cert_list, int cert_list_length, - const gnutls_x509_crt_t * CA_list, int CA_list_length, - const gnutls_x509_crl_t * CRL_list, int CRL_list_length, - unsigned int flags, unsigned int *verify) +int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, + int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, unsigned int flags, + unsigned int *verify) { if (cert_list == NULL || cert_list_length == 0) return GNUTLS_E_NO_CERTIFICATE_FOUND; @@ -686,8 +701,9 @@ int gnutls_x509_crt_list_verify( * **/ int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * CA_list, int CA_list_length, - unsigned int flags, unsigned int *verify) + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify) { int ret; /* Verify certificate @@ -758,8 +774,9 @@ int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t cert, * **/ int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * CA_list, int CA_list_length, - unsigned int flags, unsigned int *verify) + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify) { int ret; /* Verify crl @@ -805,8 +822,9 @@ int is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert) } static inline -gnutls_x509_crt_t find_crl_issuer(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, int tcas_size) + gnutls_x509_crt_t find_crl_issuer(gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * + trusted_cas, int tcas_size) { int i; @@ -832,8 +850,9 @@ gnutls_x509_crt_t find_crl_issuer(gnutls_x509_crl_t crl, * procedure. */ static int _gnutls_verify_crl2(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, int tcas_size, - unsigned int flags, unsigned int *output) + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output) { /* CRL is ignored for now */ gnutls_datum_t crl_signed_data = { NULL, 0 }; diff --git a/lib/x509/verify.h b/lib/x509/verify.h index cf4907d2d3..4bc9fac425 100644 --- a/lib/x509/verify.h +++ b/lib/x509/verify.h @@ -1,27 +1,33 @@ #include "x509.h" typedef enum gnutls_certificate_verify_flags { - GNUTLS_VERIFY_DISABLE_CA_SIGN=1, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT=2, - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME=4 + GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4 } gnutls_certificate_verify_flags; -int gnutls_x509_crt_is_issuer( gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); -int gnutls_x509_crt_verify( gnutls_x509_crt_t cert, - const gnutls_x509_crt_t *CA_list, int CA_list_length, - unsigned int flags, unsigned int *verify); -int gnutls_x509_crl_verify( gnutls_x509_crl_t crl, - const gnutls_x509_crt_t *CA_list, int CA_list_length, - unsigned int flags, unsigned int *verify); +int gnutls_x509_crt_is_issuer(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer); +int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); +int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); -int gnutls_x509_crt_list_verify( - const gnutls_x509_crt_t* cert_list, int cert_list_length, - const gnutls_x509_crt_t * CA_list, int CA_list_length, - const gnutls_x509_crl_t* CRL_list, int CRL_list_length, - unsigned int flags, unsigned int *verify); +int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, + int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, unsigned int flags, + unsigned int *verify); -int _gnutls_x509_verify_signature( const gnutls_datum_t* tbs, - const gnutls_datum_t* signature, gnutls_x509_crt_t issuer); -int _gnutls_x509_privkey_verify_signature( const gnutls_datum_t* tbs, - const gnutls_datum_t* signature, gnutls_x509_privkey_t issuer); +int _gnutls_x509_verify_signature(const gnutls_datum_t * tbs, + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer); +int _gnutls_x509_privkey_verify_signature(const gnutls_datum_t * tbs, + const gnutls_datum_t * signature, + gnutls_x509_privkey_t issuer); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index ae4b49aabb..e4fb882d95 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -151,7 +151,8 @@ void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert) * Returns 0 on success. * **/ -int gnutls_x509_crt_import(gnutls_x509_crt_t cert, const gnutls_datum_t * data, +int gnutls_x509_crt_import(gnutls_x509_crt_t cert, + const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; @@ -1201,7 +1202,8 @@ int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, * Returns 0 on success, or a negative value on error. * -*/ -int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, gnutls_datum_t * start) +int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, + gnutls_datum_t * start) { return _gnutls_x509_crt_get_raw_dn2(cert, "subject", start); } @@ -1411,7 +1413,8 @@ int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, * **/ int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, int crl_list_length) + const gnutls_x509_crl_t * crl_list, + int crl_list_length) { opaque serial[64]; opaque cert_serial[64]; diff --git a/lib/x509/x509.h b/lib/x509/x509.h index d6bd75c2f7..2f0e0867ad 100644 --- a/lib/x509/x509.h +++ b/lib/x509/x509.h @@ -5,16 +5,16 @@ #define OID_MD5 "1.2.840.113549.2.5" typedef struct gnutls_x509_crl_int { - ASN1_TYPE crl; + ASN1_TYPE crl; } gnutls_x509_crl_int; typedef struct gnutls_x509_crt_int { - ASN1_TYPE cert; - int use_extensions; + ASN1_TYPE cert; + int use_extensions; } gnutls_x509_crt_int; -#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ +#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PRIVATE_PARAMS 5 @@ -31,107 +31,131 @@ typedef struct gnutls_x509_crt_int { #endif typedef struct gnutls_x509_privkey_int { - mpi_t params[MAX_PRIV_PARAMS_SIZE];/* the size of params depends on the public - * key algorithm + mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public + * key algorithm + */ + /* + * RSA: [0] is modulus + * [1] is public exponent + * [2] is private exponent + * [3] is prime1 (p) + * [4] is prime2 (q) + * [5] is coefficient (u == inverse of p mod q) + * DSA: [0] is p + * [1] is q + * [2] is g + * [3] is y (public key) + * [4] is x (private key) + */ + int params_size; /* holds the number of params */ + + gnutls_pk_algorithm_t pk_algorithm; + + int crippled; /* The crippled keys will not use the ASN1_TYPE key. + * The encoding will only be performed at the export + * phase, to optimize copying etc. Cannot be used with + * the exported API (used internally only). */ - /* - * RSA: [0] is modulus - * [1] is public exponent - * [2] is private exponent - * [3] is prime1 (p) - * [4] is prime2 (q) - * [5] is coefficient (u == inverse of p mod q) - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is y (public key) - * [4] is x (private key) - */ - int params_size; /* holds the number of params */ - - gnutls_pk_algorithm_t pk_algorithm; - - int crippled; /* The crippled keys will not use the ASN1_TYPE key. - * The encoding will only be performed at the export - * phase, to optimize copying etc. Cannot be used with - * the exported API (used internally only). - */ - ASN1_TYPE key; + ASN1_TYPE key; } gnutls_x509_privkey_int; typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t; typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t; typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t; -int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, const char* oid, - int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf); -int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, void *ret, size_t *ret_size, unsigned int* critical); -int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char* oid, - int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf); -int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, unsigned int* critical); -int gnutls_x509_crt_get_pk_algorithm( gnutls_x509_crt_t cert, unsigned int* bits); +int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); +int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical); +int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf); +int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, + unsigned int *critical); +int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, + unsigned int *bits); int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src); -int _gnutls_x509_crt_get_raw_issuer_dn( gnutls_x509_crt_t cert, - gnutls_datum_t* start); -int _gnutls_x509_crt_get_raw_dn( gnutls_x509_crt_t cert, - gnutls_datum_t* start); +int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, + gnutls_datum_t * start); +int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, + gnutls_datum_t * start); -int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void* result, size_t* result_size); +int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, + size_t * result_size); int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2); + const gnutls_datum_t * dn2); -int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, int crl_list_length); +int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * crl_list, + int crl_list_length); int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src); -int _gnutls_x509_crl_get_raw_issuer_dn( gnutls_x509_crl_t crl, - gnutls_datum_t* dn); +int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, + gnutls_datum_t * dn); int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int index, - unsigned char *serial, - size_t *serial_size, time_t * time); + unsigned char *serial, + size_t * serial_size, time_t * time); void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); -int gnutls_x509_crl_import(gnutls_x509_crl_t crl, const gnutls_datum_t * data, +int gnutls_x509_crl_import(gnutls_x509_crl_t crl, + const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); -int gnutls_x509_crl_export( gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); +int gnutls_x509_crl_export(gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size); int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); -int gnutls_x509_crt_import(gnutls_x509_crt_t cert, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crt_export( gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); +int gnutls_x509_crt_import(gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_crt_export(gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size); -int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, unsigned int *key_usage, - unsigned int *critical); +int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical); int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); -int gnutls_x509_privkey_generate( gnutls_x509_privkey_t key, gnutls_pk_algorithm_t algo, - unsigned int bits, unsigned int flags); - -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey_t key); -int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t* m, const gnutls_datum_t* e, - const gnutls_datum_t* d, const gnutls_datum_t* p, - const gnutls_datum_t* q, const gnutls_datum_t* u); +int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, + unsigned int bits, unsigned int flags); + +int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); +int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t *e, - gnutls_datum_t *d, gnutls_datum_t *p, gnutls_datum_t* q, - gnutls_datum_t* u); -int gnutls_x509_privkey_export( gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); +int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index d7229b48ea..190f11652e 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -124,7 +124,8 @@ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, unsigned int version) +int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, + unsigned int version) { int result; unsigned char null = version; @@ -158,7 +159,8 @@ int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, unsigned int version) * Returns 0 on success. * **/ -int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, gnutls_x509_privkey_t key) +int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, + gnutls_x509_privkey_t key) { int result; @@ -279,7 +281,8 @@ int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca) * Returns 0 on success. * **/ -int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, unsigned int usage) +int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, + unsigned int usage) { int result; gnutls_datum_t der_data; @@ -528,8 +531,8 @@ static void disable_optional_stuff(gnutls_x509_crt_t cert) * **/ int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data_string, + gnutls_x509_subject_alt_name_t + type, const void *data_string, unsigned int reason_flags) { int result; diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 2c20602391..1c69c83c69 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -413,7 +413,7 @@ int _gnutls_fbase64_decode(const char *header, const opaque * data, if (header != NULL) _gnutls_str_cat(pem_header, sizeof(pem_header), header); - rdata = memmem(data, data_size, pem_header, strlen (pem_header)); + rdata = memmem(data, data_size, pem_header, strlen(pem_header)); if (rdata == NULL) { gnutls_assert(); @@ -428,11 +428,11 @@ int _gnutls_fbase64_decode(const char *header, const opaque * data, return GNUTLS_E_BASE64_DECODING_ERROR; } - kdata = memmem(rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1); + kdata = memmem(rdata, data_size, ENDSTR, sizeof(ENDSTR) - 1); /* allow CR as well. */ if (kdata == NULL) - kdata = memmem(rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1); + kdata = memmem(rdata, data_size, ENDSTR2, sizeof(ENDSTR2) - 1); if (kdata == NULL) { gnutls_assert(); @@ -446,7 +446,7 @@ int _gnutls_fbase64_decode(const char *header, const opaque * data, /* position is now after the ---BEGIN--- headers */ - kdata = memmem(rdata, data_size, bottom, strlen (bottom)); + kdata = memmem(rdata, data_size, bottom, strlen(bottom)); if (kdata == NULL) { gnutls_assert(); return GNUTLS_E_BASE64_DECODING_ERROR; diff --git a/libextra/gnutls_extra.h b/libextra/gnutls_extra.h index 4ae2991f61..196a147e81 100644 --- a/libextra/gnutls_extra.h +++ b/libextra/gnutls_extra.h @@ -1,20 +1,27 @@ #include <auth_cert.h> -typedef int (*OPENPGP_VERIFY_KEY_FUNC)( const gnutls_certificate_credentials_t, - const gnutls_datum_t*, int, unsigned int*); +typedef int (*OPENPGP_VERIFY_KEY_FUNC) (const + gnutls_certificate_credentials_t, + const gnutls_datum_t *, int, + unsigned int *); -typedef time_t (*OPENPGP_KEY_CREATION_TIME_FUNC)( const gnutls_datum_t*); -typedef time_t (*OPENPGP_KEY_EXPIRATION_TIME_FUNC)( const gnutls_datum_t*); -typedef int (*OPENPGP_KEY_REQUEST)(gnutls_session_t, gnutls_datum_t*, - const gnutls_certificate_credentials_t, opaque*,int); +typedef time_t(*OPENPGP_KEY_CREATION_TIME_FUNC) (const gnutls_datum_t *); +typedef time_t(*OPENPGP_KEY_EXPIRATION_TIME_FUNC) (const gnutls_datum_t *); +typedef int (*OPENPGP_KEY_REQUEST) (gnutls_session_t, gnutls_datum_t *, + const gnutls_certificate_credentials_t, + opaque *, int); -typedef int (*OPENPGP_FINGERPRINT)(const gnutls_datum_t*, unsigned char*, size_t*); +typedef int (*OPENPGP_FINGERPRINT) (const gnutls_datum_t *, + unsigned char *, size_t *); -typedef int (*OPENPGP_RAW_KEY_TO_GCERT)(gnutls_cert*, const gnutls_datum_t*); -typedef int (*OPENPGP_RAW_PRIVKEY_TO_GKEY)(gnutls_privkey*, const gnutls_datum_t*); +typedef int (*OPENPGP_RAW_KEY_TO_GCERT) (gnutls_cert *, + const gnutls_datum_t *); +typedef int (*OPENPGP_RAW_PRIVKEY_TO_GKEY) (gnutls_privkey *, + const gnutls_datum_t *); -typedef int (*OPENPGP_KEY_TO_GCERT)(gnutls_cert*, gnutls_openpgp_key_t); -typedef int (*OPENPGP_PRIVKEY_TO_GKEY)(gnutls_privkey*, gnutls_openpgp_privkey_t); +typedef int (*OPENPGP_KEY_TO_GCERT) (gnutls_cert *, gnutls_openpgp_key_t); +typedef int (*OPENPGP_PRIVKEY_TO_GKEY) (gnutls_privkey *, + gnutls_openpgp_privkey_t); -typedef void (*OPENPGP_KEY_DEINIT)(gnutls_openpgp_key_t); -typedef void (*OPENPGP_PRIVKEY_DEINIT)(gnutls_openpgp_privkey_t); +typedef void (*OPENPGP_KEY_DEINIT) (gnutls_openpgp_key_t); +typedef void (*OPENPGP_PRIVKEY_DEINIT) (gnutls_openpgp_privkey_t); diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index d6f0464e1e..5e22bb30c9 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -416,8 +416,9 @@ _gnutls_openpgp_raw_key_to_gcert(gnutls_cert * cert, * from a binary or a file keyring. -*/ int -gnutls_openpgp_get_key(gnutls_datum_t * key, const gnutls_datum_t * keyring, - key_attr_t by, opaque * pattern) +gnutls_openpgp_get_key(gnutls_datum_t * key, + const gnutls_datum_t * keyring, key_attr_t by, + opaque * pattern) { keybox_blob *blob = NULL; cdk_keydb_hd_t hd = NULL; @@ -517,8 +518,8 @@ static int stream_to_datum(cdk_stream_t inp, gnutls_datum_t * raw) * should only contain one key which should not be encrypted. **/ int -gnutls_certificate_set_openpgp_key_mem(gnutls_certificate_credentials_t res, - const gnutls_datum_t * cert, +gnutls_certificate_set_openpgp_key_mem(gnutls_certificate_credentials_t + res, const gnutls_datum_t * cert, const gnutls_datum_t * key) { gnutls_datum_t raw; @@ -657,8 +658,8 @@ gnutls_certificate_set_openpgp_key_mem(gnutls_certificate_credentials_t res, * should only contain one key which should not be encrypted. **/ int -gnutls_certificate_set_openpgp_key_file(gnutls_certificate_credentials_t res, - const char *certfile, +gnutls_certificate_set_openpgp_key_file(gnutls_certificate_credentials_t + res, const char *certfile, const char *keyfile) { struct stat statbuf; @@ -824,8 +825,8 @@ gnutls_openpgp_add_keyring_mem(gnutls_datum_t * keyring, * **/ int -gnutls_certificate_set_openpgp_keyring_file(gnutls_certificate_credentials_t c, - const char *file) +gnutls_certificate_set_openpgp_keyring_file +(gnutls_certificate_credentials_t c, const char *file) { struct stat statbuf; @@ -853,8 +854,8 @@ gnutls_certificate_set_openpgp_keyring_file(gnutls_certificate_credentials_t c, * **/ int -gnutls_certificate_set_openpgp_keyring_mem(gnutls_certificate_credentials_t c, - const opaque * data, +gnutls_certificate_set_openpgp_keyring_mem(gnutls_certificate_credentials_t + c, const opaque * data, size_t dlen) { cdk_stream_t inp; @@ -988,8 +989,8 @@ gnutls_certificate_set_openpgp_keyserver(gnutls_certificate_credentials_t * **/ int -gnutls_certificate_set_openpgp_trustdb(gnutls_certificate_credentials_t res, - const char *trustdb) +gnutls_certificate_set_openpgp_trustdb(gnutls_certificate_credentials_t + res, const char *trustdb) { if (!res || !trustdb) { gnutls_assert(); @@ -1114,8 +1115,8 @@ int _gnutls_openpgp_key_to_gcert(gnutls_cert * gcert, * server). * **/ -int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t res, - gnutls_openpgp_key_t key, +int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t + res, gnutls_openpgp_key_t key, gnutls_openpgp_privkey_t pkey) { int ret; diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c index 439634e964..6d62a7a5c7 100644 --- a/libextra/gnutls_openssl.c +++ b/libextra/gnutls_openssl.c @@ -251,7 +251,8 @@ int SSL_get_error(SSL * ssl, int ret) int SSL_set_fd(SSL * ssl, int fd) { - gnutls_transport_set_ptr(ssl->gnutls_state, (gnutls_transport_ptr_t) fd); + gnutls_transport_set_ptr(ssl->gnutls_state, + (gnutls_transport_ptr_t) fd); return 1; } diff --git a/libextra/lzoconf.h b/libextra/lzoconf.h index 96db18058c..2fd911a53a 100644 --- a/libextra/lzoconf.h +++ b/libextra/lzoconf.h @@ -109,8 +109,8 @@ extern "C" { # define __LZO_TOS16 # elif defined(__C166__) # else - /* porting hint: for pure 16-bit architectures try compiling - * everything with -D__LZO_STRICT_16BIT */ + /* porting hint: for pure 16-bit architectures try compiling + * everything with -D__LZO_STRICT_16BIT */ # error "16-bit target not supported - contact me for porting hints" # endif #endif @@ -150,14 +150,14 @@ extern "C" { /* Integral types with 32 bits or more */ #if !defined(LZO_UINT32_MAX) # if (UINT_MAX >= LZO_0xffffffffL) - typedef unsigned int lzo_uint32; - typedef int lzo_int32; + typedef unsigned int lzo_uint32; + typedef int lzo_int32; # define LZO_UINT32_MAX UINT_MAX # define LZO_INT32_MAX INT_MAX # define LZO_INT32_MIN INT_MIN # elif (ULONG_MAX >= LZO_0xffffffffL) - typedef unsigned long lzo_uint32; - typedef long lzo_int32; + typedef unsigned long lzo_uint32; + typedef long lzo_int32; # define LZO_UINT32_MAX ULONG_MAX # define LZO_INT32_MAX LONG_MAX # define LZO_INT32_MIN LONG_MIN @@ -169,14 +169,14 @@ extern "C" { /* lzo_uint is used like size_t */ #if !defined(LZO_UINT_MAX) # if (UINT_MAX >= LZO_0xffffffffL) - typedef unsigned int lzo_uint; - typedef int lzo_int; + typedef unsigned int lzo_uint; + typedef int lzo_int; # define LZO_UINT_MAX UINT_MAX # define LZO_INT_MAX INT_MAX # define LZO_INT_MIN INT_MIN # elif (ULONG_MAX >= LZO_0xffffffffL) - typedef unsigned long lzo_uint; - typedef long lzo_int; + typedef unsigned long lzo_uint; + typedef long lzo_int; # define LZO_UINT_MAX ULONG_MAX # define LZO_INT_MAX LONG_MAX # define LZO_INT_MIN LONG_MIN @@ -185,7 +185,7 @@ extern "C" { # endif #endif -typedef int lzo_bool; + typedef int lzo_bool; /*********************************************************************** @@ -285,48 +285,58 @@ typedef int lzo_bool; #endif -typedef int -(__LZO_ENTRY *lzo_compress_t) ( const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem ); - -typedef int -(__LZO_ENTRY *lzo_decompress_t) ( const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem ); - -typedef int -(__LZO_ENTRY *lzo_optimize_t) ( lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem ); - -typedef int -(__LZO_ENTRY *lzo_compress_dict_t)(const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem, - const lzo_byte *dict, lzo_uint dict_len ); - -typedef int -(__LZO_ENTRY *lzo_decompress_dict_t)(const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem, - const lzo_byte *dict, lzo_uint dict_len ); + typedef int + (__LZO_ENTRY * lzo_compress_t) (const lzo_byte * src, + lzo_uint src_len, lzo_byte * dst, + lzo_uintp dst_len, lzo_voidp wrkmem); + + typedef int + (__LZO_ENTRY * lzo_decompress_t) (const lzo_byte * src, + lzo_uint src_len, lzo_byte * dst, + lzo_uintp dst_len, + lzo_voidp wrkmem); + + typedef int + (__LZO_ENTRY * lzo_optimize_t) (lzo_byte * src, lzo_uint src_len, + lzo_byte * dst, lzo_uintp dst_len, + lzo_voidp wrkmem); + + typedef int + (__LZO_ENTRY * lzo_compress_dict_t) (const lzo_byte * src, + lzo_uint src_len, lzo_byte * dst, + lzo_uintp dst_len, + lzo_voidp wrkmem, + const lzo_byte * dict, + lzo_uint dict_len); + + typedef int + (__LZO_ENTRY * lzo_decompress_dict_t) (const lzo_byte * src, + lzo_uint src_len, + lzo_byte * dst, + lzo_uintp dst_len, + lzo_voidp wrkmem, + const lzo_byte * dict, + lzo_uint dict_len); /* assembler versions always use __cdecl */ -typedef int -(__LZO_CDECL *lzo_compress_asm_t)( const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem ); + typedef int + (__LZO_CDECL * lzo_compress_asm_t) (const lzo_byte * src, + lzo_uint src_len, lzo_byte * dst, + lzo_uintp dst_len, + lzo_voidp wrkmem); -typedef int -(__LZO_CDECL *lzo_decompress_asm_t)( const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem ); + typedef int + (__LZO_CDECL * lzo_decompress_asm_t) (const lzo_byte * src, + lzo_uint src_len, + lzo_byte * dst, + lzo_uintp dst_len, + lzo_voidp wrkmem); /* a progress indicator callback function */ -typedef void (__LZO_ENTRY *lzo_progress_callback_t) (lzo_uint, lzo_uint); + typedef void (__LZO_ENTRY * lzo_progress_callback_t) (lzo_uint, + lzo_uint); /*********************************************************************** @@ -383,8 +393,8 @@ typedef void (__LZO_ENTRY *lzo_progress_callback_t) (lzo_uint, lzo_uint); */ #define LZO_E_OK 0 #define LZO_E_ERROR (-1) -#define LZO_E_OUT_OF_MEMORY (-2) /* not used right now */ -#define LZO_E_NOT_COMPRESSIBLE (-3) /* not used right now */ +#define LZO_E_OUT_OF_MEMORY (-2) /* not used right now */ +#define LZO_E_NOT_COMPRESSIBLE (-3) /* not used right now */ #define LZO_E_INPUT_OVERRUN (-4) #define LZO_E_OUTPUT_OVERRUN (-5) #define LZO_E_LOOKBEHIND_OVERRUN (-6) @@ -402,40 +412,53 @@ typedef void (__LZO_ENTRY *lzo_progress_callback_t) (lzo_uint, lzo_uint); (int)sizeof(long),(int)sizeof(lzo_uint32),(int)sizeof(lzo_uint),\ (int)lzo_sizeof_dict_t,(int)sizeof(char *),(int)sizeof(lzo_voidp),\ (int)sizeof(lzo_compress_t)) -LZO_EXTERN(int) __lzo_init2(unsigned,int,int,int,int,int,int,int,int,int); + LZO_EXTERN(int) __lzo_init2(unsigned, int, int, int, int, int, int, + int, int, int); /* version functions (useful for shared libraries) */ -LZO_EXTERN(unsigned) lzo_version(void); -LZO_EXTERN(const char *) lzo_version_string(void); -LZO_EXTERN(const char *) lzo_version_date(void); -LZO_EXTERN(const lzo_charp) _lzo_version_string(void); -LZO_EXTERN(const lzo_charp) _lzo_version_date(void); + LZO_EXTERN(unsigned) lzo_version(void); + LZO_EXTERN(const char *) lzo_version_string(void); + LZO_EXTERN(const char *) lzo_version_date(void); + LZO_EXTERN(const lzo_charp) _lzo_version_string(void); + LZO_EXTERN(const lzo_charp) _lzo_version_date(void); /* string functions */ -LZO_EXTERN(int) -lzo_memcmp(const lzo_voidp _s1, const lzo_voidp _s2, lzo_uint _len); -LZO_EXTERN(lzo_voidp) -lzo_memcpy(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); -LZO_EXTERN(lzo_voidp) -lzo_memmove(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); -LZO_EXTERN(lzo_voidp) -lzo_memset(lzo_voidp _s, int _c, lzo_uint _len); + LZO_EXTERN(int) + lzo_memcmp(const lzo_voidp _s1, const lzo_voidp _s2, lzo_uint _len); + LZO_EXTERN(lzo_voidp) + lzo_memcpy(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); + LZO_EXTERN(lzo_voidp) + lzo_memmove(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); + LZO_EXTERN(lzo_voidp) + lzo_memset(lzo_voidp _s, int _c, lzo_uint _len); /* checksum functions */ -LZO_EXTERN(lzo_uint32) -lzo_adler32(lzo_uint32 _adler, const lzo_byte *_buf, lzo_uint _len); -LZO_EXTERN(lzo_uint32) -lzo_crc32(lzo_uint32 _c, const lzo_byte *_buf, lzo_uint _len); + LZO_EXTERN(lzo_uint32) + lzo_adler32(lzo_uint32 _adler, const lzo_byte * _buf, lzo_uint _len); + LZO_EXTERN(lzo_uint32) + lzo_crc32(lzo_uint32 _c, const lzo_byte * _buf, lzo_uint _len); /* misc. */ -LZO_EXTERN(lzo_bool) lzo_assert(int _expr); -LZO_EXTERN(int) _lzo_config_check(void); -typedef union { lzo_bytep p; lzo_uint u; } __lzo_pu_u; -typedef union { lzo_bytep p; lzo_uint32 u32; } __lzo_pu32_u; -typedef union { void *vp; lzo_bytep bp; lzo_uint32 u32; long l; } lzo_align_t; + LZO_EXTERN(lzo_bool) lzo_assert(int _expr); + LZO_EXTERN(int) _lzo_config_check(void); + typedef union { + lzo_bytep p; + lzo_uint u; + } __lzo_pu_u; + typedef union { + lzo_bytep p; + lzo_uint32 u32; + } __lzo_pu32_u; + typedef union { + void *vp; + lzo_bytep bp; + lzo_uint32 u32; + long l; + } lzo_align_t; /* align a char pointer on a boundary that is a multiple of `size' */ -LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp _ptr, lzo_uint _size); + LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp _ptr, + lzo_uint _size); #define LZO_PTR_ALIGN_UP(_ptr,_size) \ ((_ptr) + (lzo_uint) __lzo_align_gap((const lzo_voidp)(_ptr),(lzo_uint)(_size))) @@ -444,8 +467,6 @@ LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp _ptr, lzo_uint _size); #ifdef __cplusplus -} /* extern "C" */ +} /* extern "C" */ #endif - -#endif /* already included */ - +#endif /* already included */ diff --git a/libextra/minilzo.c b/libextra/minilzo.c index 1790c0716a..b886bcc6ee 100644 --- a/libextra/minilzo.c +++ b/libextra/minilzo.c @@ -604,18 +604,17 @@ __asm__ __volatile__( \ int shift) { unsigned char result; - __asm__ + __asm__ __volatile__("movb %b1, %b0; rorb %b2, %b0":"=a"(result):"g" (value), "c"(shift)); return result; - } unsigned short lzo_rotr16(unsigned short value, int shift); + } + unsigned short lzo_rotr16(unsigned short value, int shift); extern __inline__ unsigned short lzo_rotr16(unsigned short value, int shift) { unsigned short result; - __asm__ - __volatile__("movw %b1, %b0; rorw %b2, %b0":"=a"(result):"g" - (value), "c"(shift)); + __asm__ __volatile__("movw %b1, %b0; rorw %b2, %b0": "=a"(result):"g"(value), "c"(shift)); return result; } @@ -1156,8 +1155,7 @@ LZO_PUBLIC(int) unsigned short b; lzo_uint32 aa[4]; unsigned char x[4 * sizeof(lzo_full_align_t)]; - } - u; + } u; COMPILE_TIME_ASSERT((int) ((unsigned char) ((signed char) -1)) == 255); COMPILE_TIME_ASSERT((((unsigned char) 128) << diff --git a/libextra/minilzo.h b/libextra/minilzo.h index e3270f9a32..3d1437d2db 100644 --- a/libextra/minilzo.h +++ b/libextra/minilzo.h @@ -74,27 +74,24 @@ extern "C" { /* compression */ -LZO_EXTERN(int) -lzo1x_1_compress ( const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem ); + LZO_EXTERN(int) + lzo1x_1_compress(const lzo_byte * src, lzo_uint src_len, + lzo_byte * dst, lzo_uintp dst_len, lzo_voidp wrkmem); /* decompression */ -LZO_EXTERN(int) -lzo1x_decompress ( const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem /* NOT USED */ ); + LZO_EXTERN(int) + lzo1x_decompress(const lzo_byte * src, lzo_uint src_len, + lzo_byte * dst, lzo_uintp dst_len, + lzo_voidp wrkmem /* NOT USED */ ); /* safe decompression with overrun testing */ -LZO_EXTERN(int) -lzo1x_decompress_safe ( const lzo_byte *src, lzo_uint src_len, - lzo_byte *dst, lzo_uintp dst_len, - lzo_voidp wrkmem /* NOT USED */ ); + LZO_EXTERN(int) + lzo1x_decompress_safe(const lzo_byte * src, lzo_uint src_len, + lzo_byte * dst, lzo_uintp dst_len, + lzo_voidp wrkmem /* NOT USED */ ); #ifdef __cplusplus -} /* extern "C" */ +} /* extern "C" */ #endif - -#endif /* already included */ - +#endif /* already included */ diff --git a/libextra/openpgp/compat.c b/libextra/openpgp/compat.c index 0676407773..59996ef66b 100644 --- a/libextra/openpgp/compat.c +++ b/libextra/openpgp/compat.c @@ -49,8 +49,8 @@ * may use GnuPG for that purpose, or any other external PGP application. -*/ int _gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t cred, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int *status) + const gnutls_datum_t * cert_list, + int cert_list_length, unsigned int *status) { int ret = 0; gnutls_openpgp_key_t key = NULL; @@ -98,7 +98,7 @@ int _gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t cred, } } - if (cred->pgp_trustdb) { /* Use the trustDB */ + if (cred->pgp_trustdb) { /* Use the trustDB */ ret = gnutls_openpgp_trustdb_init(&tdb); if (ret < 0) { gnutls_assert(); @@ -129,7 +129,7 @@ int _gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t cred, if (!cred->pgp_trustdb && !cred->keyring.data) *status |= GNUTLS_CERT_SIGNER_NOT_FOUND; - ret = 0; + ret = 0; leave: gnutls_openpgp_key_deinit(key); @@ -183,7 +183,8 @@ int _gnutls_openpgp_fingerprint(const gnutls_datum_t * cert, * * Returns the timestamp when the OpenPGP key was created. -*/ -time_t _gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * cert) +time_t _gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * + cert) { gnutls_openpgp_key_t key; int ret; diff --git a/libextra/openpgp/extras.c b/libextra/openpgp/extras.c index 0c315bf9a2..6ceb41b97d 100644 --- a/libextra/openpgp/extras.c +++ b/libextra/openpgp/extras.c @@ -84,21 +84,22 @@ void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring) * Returns 0 on success (if keyid exists) and a negative error code * on failure. */ -int gnutls_openpgp_keyring_check_id( gnutls_openpgp_keyring_t ring, - const unsigned char keyid[8], unsigned int flags) +int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring, + const unsigned char keyid[8], + unsigned int flags) { -int rc; -cdk_pkt_pubkey_t sig_pk; -uint32 id[2]; + int rc; + cdk_pkt_pubkey_t sig_pk; + uint32 id[2]; - id[0] = _gnutls_read_uint32( keyid); - id[1] = _gnutls_read_uint32( &keyid[4]); + id[0] = _gnutls_read_uint32(keyid); + id[1] = _gnutls_read_uint32(&keyid[4]); - rc = cdk_keydb_get_pk( ring->hd, id, &sig_pk); + rc = cdk_keydb_get_pk(ring->hd, id, &sig_pk); if (!rc) - return 0; + return 0; else - return GNUTLS_E_NO_CERTIFICATE_FOUND; + return GNUTLS_E_NO_CERTIFICATE_FOUND; } /** diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h index 3144ba3c53..3b30af9729 100644 --- a/libextra/openpgp/gnutls_openpgp.h +++ b/libextra/openpgp/gnutls_openpgp.h @@ -22,79 +22,70 @@ typedef enum { /* OpenCDK compatible */ typedef enum { - KEY_ATTR_NONE = 0, + KEY_ATTR_NONE = 0, KEY_ATTR_SHORT_KEYID = 3, - KEY_ATTR_KEYID = 4, - KEY_ATTR_FPR = 5 + KEY_ATTR_KEYID = 4, + KEY_ATTR_FPR = 5 } key_attr_t; -int gnutls_certificate_set_openpgp_key_file( - gnutls_certificate_credentials_t res, - const char* CERTFILE, - const char* KEYFILE); - -int gnutls_openpgp_count_key_names( - const gnutls_datum_t *cert ); - -int gnutls_openpgp_add_keyring_mem( - gnutls_datum_t *keyring, - const void *data, - size_t len ); - -int gnutls_openpgp_add_keyring_file( - gnutls_datum_t *keyring, - const char *name ); - -int gnutls_certificate_set_openpgp_keyring_file( - gnutls_certificate_credentials_t c, - const char *file ); - -int gnutls_certificate_set_openpgp_keyring_mem( - gnutls_certificate_credentials_t c, - const opaque *data, - size_t dlen ); - -int gnutls_openpgp_get_key( - gnutls_datum_t *key, - const gnutls_datum_t *keyring, - key_attr_t by, - opaque *pattern ); - -int gnutls_openpgp_recv_key( - const char *host, - short port, - uint32 keyid, - gnutls_datum_t *key ); +int +gnutls_certificate_set_openpgp_key_file(gnutls_certificate_credentials_t + res, const char *CERTFILE, + const char *KEYFILE); + +int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert); + +int gnutls_openpgp_add_keyring_mem(gnutls_datum_t * keyring, + const void *data, size_t len); + +int gnutls_openpgp_add_keyring_file(gnutls_datum_t * keyring, + const char *name); + +int +gnutls_certificate_set_openpgp_keyring_file +(gnutls_certificate_credentials_t c, const char *file); + +int +gnutls_certificate_set_openpgp_keyring_mem(gnutls_certificate_credentials_t + c, const opaque * data, + size_t dlen); + +int gnutls_openpgp_get_key(gnutls_datum_t * key, + const gnutls_datum_t * keyring, + key_attr_t by, opaque * pattern); + +int gnutls_openpgp_recv_key(const char *host, + short port, + uint32 keyid, gnutls_datum_t * key); /* internal */ -int _gnutls_openpgp_raw_key_to_gcert( - gnutls_cert *cert, - const gnutls_datum_t *raw ); +int _gnutls_openpgp_raw_key_to_gcert(gnutls_cert * cert, + const gnutls_datum_t * raw); int -_gnutls_openpgp_raw_privkey_to_gkey( gnutls_privkey *pkey, - const gnutls_datum_t *raw_key); +_gnutls_openpgp_raw_privkey_to_gkey(gnutls_privkey * pkey, + const gnutls_datum_t * raw_key); int -_gnutls_openpgp_request_key( - gnutls_session_t, - gnutls_datum_t* ret, - const gnutls_certificate_credentials_t cred, - opaque* key_fpr, - int key_fpr_size ); +_gnutls_openpgp_request_key(gnutls_session_t, + gnutls_datum_t * ret, + const gnutls_certificate_credentials_t cred, + opaque * key_fpr, int key_fpr_size); -keybox_blob* kbx_read_blob( const gnutls_datum_t* keyring, size_t pos ); -cdk_keydb_hd_t kbx_to_keydb( keybox_blob *blob ); -void kbx_blob_release( keybox_blob *ctx ); +keybox_blob *kbx_read_blob(const gnutls_datum_t * keyring, size_t pos); +cdk_keydb_hd_t kbx_to_keydb(keybox_blob * blob); +void kbx_blob_release(keybox_blob * ctx); int _gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int* status); + const gnutls_datum_t * cert_list, + int cert_list_length, unsigned int *status); int _gnutls_openpgp_fingerprint(const gnutls_datum_t * cert, - unsigned char *fpr, size_t * fprlen); -time_t _gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * cert); -time_t _gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t * cert); + unsigned char *fpr, size_t * fprlen); +time_t _gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * + cert); +time_t _gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t * + cert); -#endif /*GNUTLS_OPENPGP_H*/ +#endif /*GNUTLS_OPENPGP_H */ -#endif /*USE_OPENPGP*/ +#endif /*USE_OPENPGP */ diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h index e2c8d6cbd7..2ff8c1eb4c 100644 --- a/libextra/openpgp/openpgp.h +++ b/libextra/openpgp/openpgp.h @@ -3,7 +3,7 @@ #include <config.h> -typedef enum gnutls_openpgp_key_fmt_t { +typedef enum gnutls_openpgp_key_fmt_t { GNUTLS_OPENPGP_FMT_RAW, GNUTLS_OPENPGP_FMT_BASE64 } gnutls_openpgp_key_fmt_t; @@ -37,53 +37,59 @@ typedef struct gnutls_openpgp_trustdb_int *gnutls_openpgp_trustdb_t; int _gnutls_map_cdk_rc(int rc); int gnutls_openpgp_key_get_name(gnutls_openpgp_key_t key, - int idx, char *buf, size_t * sizeof_buf); + int idx, char *buf, size_t * sizeof_buf); int gnutls_openpgp_key_get_fingerprint(gnutls_openpgp_key_t key, - void *fpr, size_t * fprlen); + void *fpr, size_t * fprlen); int gnutls_openpgp_key_get_pk_algorithm(gnutls_openpgp_key_t key, - unsigned int *bits); + unsigned int *bits); int gnutls_openpgp_key_get_version(gnutls_openpgp_key_t key); time_t gnutls_openpgp_key_get_creation_time(gnutls_openpgp_key_t key); time_t gnutls_openpgp_key_get_expiration_time(gnutls_openpgp_key_t key); int gnutls_openpgp_key_get_id(gnutls_openpgp_key_t key, - unsigned char keyid[8]); + unsigned char keyid[8]); int gnutls_openpgp_key_init(gnutls_openpgp_key_t * key); void gnutls_openpgp_key_deinit(gnutls_openpgp_key_t key); int gnutls_openpgp_key_import(gnutls_openpgp_key_t key, - const gnutls_datum_t * data, - gnutls_openpgp_key_fmt_t format); + const gnutls_datum_t * data, + gnutls_openpgp_key_fmt_t format); int gnutls_openpgp_key_export(gnutls_openpgp_key_t key, - gnutls_openpgp_key_fmt_t format, void *output_data, - size_t * output_data_size); + gnutls_openpgp_key_fmt_t format, + void *output_data, + size_t * output_data_size); void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring); int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * keyring); int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t * data, gnutls_openpgp_key_fmt_t format); -int gnutls_openpgp_keyring_check_id( gnutls_openpgp_keyring_t ring, - const unsigned char keyid[8], unsigned int flags); + const gnutls_datum_t * data, + gnutls_openpgp_key_fmt_t format); +int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring, + const unsigned char keyid[8], + unsigned int flags); void gnutls_openpgp_trustdb_deinit(gnutls_openpgp_trustdb_t trustdb); int gnutls_openpgp_trustdb_init(gnutls_openpgp_trustdb_t * trustdb); int gnutls_openpgp_trustdb_import_file(gnutls_openpgp_trustdb_t trustdb, - const char *file); + const char *file); int gnutls_openpgp_key_verify_ring(gnutls_openpgp_key_t key, - gnutls_openpgp_keyring_t keyring, unsigned int flags, - unsigned int *verify); + gnutls_openpgp_keyring_t keyring, + unsigned int flags, + unsigned int *verify); int gnutls_openpgp_key_verify_trustdb(gnutls_openpgp_key_t key, - gnutls_openpgp_trustdb_t trustdb, unsigned int flags, - unsigned int *verify); + gnutls_openpgp_trustdb_t trustdb, + unsigned int flags, + unsigned int *verify); int gnutls_openpgp_key_verify_self(gnutls_openpgp_key_t key, - unsigned int flags, unsigned int *verify); + unsigned int flags, + unsigned int *verify); int _gnutls_openpgp_key_to_gcert(gnutls_cert * gcert, - gnutls_openpgp_key_t cert); + gnutls_openpgp_key_t cert); int _gnutls_openpgp_privkey_to_gkey(gnutls_privkey * dest, - gnutls_openpgp_privkey_t src); + gnutls_openpgp_privkey_t src); void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key); diff --git a/libextra/openpgp/pgpverify.c b/libextra/openpgp/pgpverify.c index b06eea419e..e652415725 100644 --- a/libextra/openpgp/pgpverify.c +++ b/libextra/openpgp/pgpverify.c @@ -29,7 +29,7 @@ #include <gnutls_openpgp.h> #include <gnutls_num.h> #include <openpgp.h> -#include <x509/verify.h> /* lib/x509/verify.h */ +#include <x509/verify.h> /* lib/x509/verify.h */ static int openpgp_get_key_trust(gnutls_openpgp_trustdb_t trustdb, @@ -98,8 +98,9 @@ openpgp_get_key_trust(gnutls_openpgp_trustdb_t trustdb, * Returns 0 on success. **/ int gnutls_openpgp_key_verify_ring(gnutls_openpgp_key_t key, - gnutls_openpgp_keyring_t keyring, - unsigned int flags, unsigned int *verify) + gnutls_openpgp_keyring_t keyring, + unsigned int flags, + unsigned int *verify) { int rc = 0; int status = 0; @@ -135,21 +136,21 @@ int gnutls_openpgp_key_verify_ring(gnutls_openpgp_key_t key, /* Check if the key is included in the ring. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) { - rc = gnutls_openpgp_key_get_id( key, id); - if (rc < 0) { - gnutls_assert(); - return rc; - } - - rc = gnutls_openpgp_keyring_check_id( keyring, id, 0); - - /* if it exists in the keyring don't treat it - * as unknown. - */ - if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) - *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; + rc = gnutls_openpgp_key_get_id(key, id); + if (rc < 0) { + gnutls_assert(); + return rc; + } + + rc = gnutls_openpgp_keyring_check_id(keyring, id, 0); + + /* if it exists in the keyring don't treat it + * as unknown. + */ + if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) + *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; } - + return 0; } diff --git a/libextra/openssl_compat.c b/libextra/openssl_compat.c index 77a0d7bd30..fd14b1d3f7 100644 --- a/libextra/openssl_compat.c +++ b/libextra/openssl_compat.c @@ -43,7 +43,8 @@ * Returns a negative error code in case of an error. * **/ -int gnutls_x509_extract_dn(const gnutls_datum_t * idn, gnutls_x509_dn * rdn) +int gnutls_x509_extract_dn(const gnutls_datum_t * idn, + gnutls_x509_dn * rdn) { ASN1_TYPE dn = ASN1_TYPE_EMPTY; int result; @@ -329,7 +330,8 @@ int gnutls_x509_extract_certificate_ca_status(const gnutls_datum_t * cert) * **/ time_t gnutls_x509_extract_certificate_activation_time(const - gnutls_datum_t * cert) + gnutls_datum_t * + cert) { gnutls_x509_crt_t xcert; time_t result; @@ -361,7 +363,8 @@ time_t gnutls_x509_extract_certificate_activation_time(const * **/ time_t gnutls_x509_extract_certificate_expiration_time(const - gnutls_datum_t * cert) + gnutls_datum_t * + cert) { gnutls_x509_crt_t xcert; time_t result; @@ -471,8 +474,8 @@ int gnutls_x509_extract_certificate_serial(const gnutls_datum_t * cert, * or a negative value on error. * **/ -int gnutls_x509_extract_certificate_pk_algorithm(const gnutls_datum_t * cert, - int *bits) +int gnutls_x509_extract_certificate_pk_algorithm(const gnutls_datum_t * + cert, int *bits) { gnutls_x509_crt_t xcert; int result; @@ -604,7 +607,8 @@ int gnutls_x509_verify_certificate(const gnutls_datum_t * cert_list, ca_certificate_list_size = CA_list_length; ca_certificate_list = gnutls_calloc(1, - ca_certificate_list_size * sizeof(gnutls_x509_crt_t)); + ca_certificate_list_size * + sizeof(gnutls_x509_crt_t)); if (ca_certificate_list == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; diff --git a/libextra/openssl_compat.h b/libextra/openssl_compat.h index b91c20fada..821d6a6bf7 100644 --- a/libextra/openssl_compat.h +++ b/libextra/openssl_compat.h @@ -4,29 +4,47 @@ /* Extra definitions */ #include <gnutls/openssl.h> -int gnutls_x509_extract_dn( const gnutls_datum_t*, gnutls_x509_dn*); +int gnutls_x509_extract_dn(const gnutls_datum_t *, gnutls_x509_dn *); int gnutls_x509_extract_dn_string(const gnutls_datum_t * idn, - char *buf, unsigned int sizeof_buf); -int gnutls_x509_extract_certificate_dn( const gnutls_datum_t*, gnutls_x509_dn*); -int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf, - const gnutls_datum_t * cert, int issuer); -int gnutls_x509_extract_certificate_issuer_dn( const gnutls_datum_t*, gnutls_x509_dn *); -int gnutls_x509_extract_certificate_version( const gnutls_datum_t*); -int gnutls_x509_extract_certificate_serial(const gnutls_datum_t * cert, char* result, int* result_size); -time_t gnutls_x509_extract_certificate_activation_time( const gnutls_datum_t*); -time_t gnutls_x509_extract_certificate_expiration_time( const gnutls_datum_t*); -int gnutls_x509_extract_certificate_subject_alt_name( const gnutls_datum_t*, int seq, char*, int*); -int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum_t * pkcs7_struct, int indx, char* certificate, int* certificate_size); -int gnutls_x509_extract_certificate_pk_algorithm( const gnutls_datum_t * cert, int* bits); + char *buf, unsigned int sizeof_buf); +int gnutls_x509_extract_certificate_dn(const gnutls_datum_t *, + gnutls_x509_dn *); +int gnutls_x509_extract_certificate_dn_string(char *buf, + unsigned int sizeof_buf, + const gnutls_datum_t * cert, + int issuer); +int gnutls_x509_extract_certificate_issuer_dn(const gnutls_datum_t *, + gnutls_x509_dn *); +int gnutls_x509_extract_certificate_version(const gnutls_datum_t *); +int gnutls_x509_extract_certificate_serial(const gnutls_datum_t * cert, + char *result, int *result_size); +time_t gnutls_x509_extract_certificate_activation_time(const gnutls_datum_t + *); +time_t gnutls_x509_extract_certificate_expiration_time(const gnutls_datum_t + *); +int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum_t + *, int seq, char *, + int *); +int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum_t * + pkcs7_struct, int indx, + char *certificate, + int *certificate_size); +int gnutls_x509_extract_certificate_pk_algorithm(const gnutls_datum_t * + cert, int *bits); int gnutls_x509_extract_certificate_ca_status(const gnutls_datum_t * cert); -int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum_t * key); +int gnutls_x509_extract_key_pk_algorithm(const gnutls_datum_t * key); -int gnutls_x509_verify_certificate( const gnutls_datum_t* cert_list, int cert_list_length, const gnutls_datum_t * CA_list, int CA_list_length, const gnutls_datum_t* CRL_list, int CRL_list_length); +int gnutls_x509_verify_certificate(const gnutls_datum_t * cert_list, + int cert_list_length, + const gnutls_datum_t * CA_list, + int CA_list_length, + const gnutls_datum_t * CRL_list, + int CRL_list_length); #define gnutls_x509_fingerprint gnutls_fingerprint #define gnutls_x509_certificate_format gnutls_x509_crt_fmt_t -int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum_t * key); +int gnutls_x509_extract_key_pk_algorithm(const gnutls_datum_t * key); #define gnutls_certificate_set_rsa_params gnutls_certificate_set_rsa_export_params diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 50cbcccfe1..0bf2115c38 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -3,56 +3,59 @@ extern char *organization, *unit, *locality, *state; extern char *cn, *challenge_password, *password, *pkcs9_email, *country; extern char *dns_name, *email, *crl_dist_points, *pkcs12_key_name; -extern int serial, expiration_days, ca, tls_www_client, tls_www_server, signing_key; -extern int encryption_key, cert_sign_key, crl_sign_key, code_sign_key, ocsp_sign_key; +extern int serial, expiration_days, ca, tls_www_client, tls_www_server, + signing_key; +extern int encryption_key, cert_sign_key, crl_sign_key, code_sign_key, + ocsp_sign_key; extern int time_stamping_key, crl_next_update; -void cfg_init( void); +void cfg_init(void); int template_parse(const char *template); -void read_crt_set( gnutls_x509_crt crt, const char* input_str, const char* oid); -void read_crq_set( gnutls_x509_crq crq, const char* input_str, const char* oid); -int read_int( const char* input_str); -const char* read_str( const char* input_str); -int read_yesno( const char* input_str); +void read_crt_set(gnutls_x509_crt crt, const char *input_str, + const char *oid); +void read_crq_set(gnutls_x509_crq crq, const char *input_str, + const char *oid); +int read_int(const char *input_str); +const char *read_str(const char *input_str); +int read_yesno(const char *input_str); -const char* get_pass(void); -const char* get_challenge_pass(void); -const char* get_crl_dist_point_url(void); -void get_country_crt_set( gnutls_x509_crt crt); -void get_organization_crt_set( gnutls_x509_crt crt); -void get_unit_crt_set( gnutls_x509_crt crt); -void get_state_crt_set( gnutls_x509_crt crt); -void get_locality_crt_set( gnutls_x509_crt crt); -void get_cn_crt_set( gnutls_x509_crt crt); -void get_uid_crt_set( gnutls_x509_crt crt); -void get_pkcs9_email_crt_set( gnutls_x509_crt crt); -void get_oid_crt_set( gnutls_x509_crt crt); -int get_serial( void); -int get_days( void); -int get_ca_status( void); -const char* get_pkcs12_key_name( void); -int get_tls_client_status( void); -int get_tls_server_status( void); -int get_crl_next_update( void); -int get_time_stamp_status( void); +const char *get_pass(void); +const char *get_challenge_pass(void); +const char *get_crl_dist_point_url(void); +void get_country_crt_set(gnutls_x509_crt crt); +void get_organization_crt_set(gnutls_x509_crt crt); +void get_unit_crt_set(gnutls_x509_crt crt); +void get_state_crt_set(gnutls_x509_crt crt); +void get_locality_crt_set(gnutls_x509_crt crt); +void get_cn_crt_set(gnutls_x509_crt crt); +void get_uid_crt_set(gnutls_x509_crt crt); +void get_pkcs9_email_crt_set(gnutls_x509_crt crt); +void get_oid_crt_set(gnutls_x509_crt crt); +int get_serial(void); +int get_days(void); +int get_ca_status(void); +const char *get_pkcs12_key_name(void); +int get_tls_client_status(void); +int get_tls_server_status(void); +int get_crl_next_update(void); +int get_time_stamp_status(void); int get_ocsp_sign_status(void); int get_code_sign_status(void); int get_crl_sign_status(void); int get_cert_sign_status(void); -int get_encrypt_status( int server); -int get_sign_status( int server); -const char* get_email( void); -const char* get_dns_name( void); -const char* get_ip_addr( void); +int get_encrypt_status(int server); +int get_sign_status(int server); +const char *get_email(void); +const char *get_dns_name(void); +const char *get_ip_addr(void); -void get_cn_crq_set( gnutls_x509_crq crq); -void get_uid_crq_set( gnutls_x509_crq crq); -void get_locality_crq_set( gnutls_x509_crq crq); -void get_state_crq_set( gnutls_x509_crq crq); -void get_unit_crq_set( gnutls_x509_crq crq); -void get_organization_crq_set( gnutls_x509_crq crq); -void get_country_crq_set( gnutls_x509_crq crq); -void get_oid_crq_set( gnutls_x509_crq crq); - +void get_cn_crq_set(gnutls_x509_crq crq); +void get_uid_crq_set(gnutls_x509_crq crq); +void get_locality_crq_set(gnutls_x509_crq crq); +void get_state_crq_set(gnutls_x509_crq crq); +void get_unit_crq_set(gnutls_x509_crq crq); +void get_organization_crq_set(gnutls_x509_crq crq); +void get_country_crq_set(gnutls_x509_crq crq); +void get_oid_crq_set(gnutls_x509_crq crq); diff --git a/src/certtool.c b/src/certtool.c index ab5d07da27..b049da43e7 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -86,7 +86,7 @@ static void tls_log_func(int level, const char *str) int main(int argc, char **argv) { - set_program_name (argv[0]); + set_program_name(argv[0]); cfg_init(); gaa_parser(argc, argv); @@ -868,8 +868,8 @@ void gaa_parser(int argc, char **argv) verify_crl(); break; case 15: - smime_to_pkcs7(); - break; + smime_to_pkcs7(); + break; default: fprintf(stderr, "GnuTLS' certtool utility.\n"); fprintf(stderr, @@ -1028,7 +1028,8 @@ static void print_certificate_info(gnutls_x509_crt crt, FILE * out, if (cprint == NULL) cprint = UNKNOWN; fprintf(out, "%s", cprint); - if (bits) fprintf(out, " (%u bits)", bits); + if (bits) + fprintf(out, " (%u bits)", bits); fprintf(out, "\n"); @@ -1231,15 +1232,15 @@ static void print_certificate_info(gnutls_x509_crt crt, FILE * out, fprintf(out, "\t\tDER Data: "); for (j = 0; j < size; j++) { - fprintf(out, "%.2x", (unsigned char) buffer[j]); + fprintf(out, "%.2x", (unsigned char) buffer[j]); } fprintf(out, "\n"); fprintf(out, "\t\tASCII: "); for (j = 0; j < size; j++) { - if (isprint (buffer[j])) - fprintf(out, "%c", (unsigned char) buffer[j]); - else - fprintf(out, "."); + if (isprint(buffer[j])) + fprintf(out, "%c", (unsigned char) buffer[j]); + else + fprintf(out, "."); } fprintf(out, "\n"); } @@ -1951,8 +1952,7 @@ int _verify_x509_mem(const void *cert, int cert_size) gnutls_x509_crt_get_dn(x509_cert_list[i - 2], name, &name_size); if (ret < 0) { - fprintf(stderr, "get_dn: %s\n", - gnutls_strerror(ret)); + fprintf(stderr, "get_dn: %s\n", gnutls_strerror(ret)); exit(1); } @@ -1980,8 +1980,7 @@ int _verify_x509_mem(const void *cert, int cert_size) gnutls_x509_crt_get_dn(x509_cert_list[i - 1], name, &name_size); if (ret < 0) { - fprintf(stderr, "get_dn: %s\n", - gnutls_strerror(ret)); + fprintf(stderr, "get_dn: %s\n", gnutls_strerror(ret)); exit(1); } @@ -2258,9 +2257,9 @@ void generate_pkcs12(void) name = get_pkcs12_key_name(); if (info.pass) - password = info.pass; + password = info.pass; else - password = get_pass(); + password = get_pass(); result = gnutls_pkcs12_bag_init(&bag); if (result < 0) { @@ -2497,9 +2496,9 @@ void pkcs12_info(void) data.size = size; if (info.pass) - password = info.pass; + password = info.pass; else - password = get_pass(); + password = get_pass(); result = gnutls_pkcs12_init(&pkcs12); if (result < 0) { @@ -2683,43 +2682,43 @@ void pkcs7_info(void) void smime_to_pkcs7(void) { - size_t linesize = 0; - char *lineptr = NULL; - ssize_t len; + size_t linesize = 0; + char *lineptr = NULL; + ssize_t len; - /* Find body. FIXME: Handle non-b64 Content-Transfer-Encoding. - Reject non-S/MIME tagged Content-Type's? */ - do - { - len = getline (&lineptr, &linesize, infile); - if (len == -1) - error (EXIT_FAILURE, 0, "Cannot find RFC 2822 header/body separator"); + /* Find body. FIXME: Handle non-b64 Content-Transfer-Encoding. + Reject non-S/MIME tagged Content-Type's? */ + do { + len = getline(&lineptr, &linesize, infile); + if (len == -1) + error(EXIT_FAILURE, 0, + "Cannot find RFC 2822 header/body separator"); } - while (strcmp (lineptr, "\r\n") != 0 && strcmp (lineptr, "\n") != 0); + while (strcmp(lineptr, "\r\n") != 0 && strcmp(lineptr, "\n") != 0); - do - { - len = getline (&lineptr, &linesize, infile); - if (len == -1) - error (EXIT_FAILURE, 0, "Message has RFC 2822 header but no body"); + do { + len = getline(&lineptr, &linesize, infile); + if (len == -1) + error(EXIT_FAILURE, 0, + "Message has RFC 2822 header but no body"); } - while (strcmp (lineptr, "\r\n") == 0 && strcmp (lineptr, "\n") == 0); + while (strcmp(lineptr, "\r\n") == 0 && strcmp(lineptr, "\n") == 0); - printf ("-----BEGIN PKCS7-----\n"); + printf("-----BEGIN PKCS7-----\n"); - do - { - while (len > 0 && (lineptr[len-1] == '\r' || lineptr[len-1] == '\n')) - lineptr[--len] = '\0'; - if (strcmp (lineptr, "") != 0) - printf("%s\n", lineptr); - len = getline (&lineptr, &linesize, infile); + do { + while (len > 0 + && (lineptr[len - 1] == '\r' || lineptr[len - 1] == '\n')) + lineptr[--len] = '\0'; + if (strcmp(lineptr, "") != 0) + printf("%s\n", lineptr); + len = getline(&lineptr, &linesize, infile); } - while (len != -1); + while (len != -1); - printf ("-----END PKCS7-----\n"); + printf("-----END PKCS7-----\n"); - free (lineptr); + free(lineptr); } #else /* ENABLE_PKI */ diff --git a/src/common.c b/src/common.c index 47d0443673..2b67ed9d80 100644 --- a/src/common.c +++ b/src/common.c @@ -141,8 +141,8 @@ void print_x509_info(gnutls_session session, const char *hostname) } if (j == 0 && hostname != NULL) { /* Check the hostname of the first certificate - * if it matches the name of the host we - * connected to. + * if it matches the name of the host we + * connected to. */ if (gnutls_x509_crt_check_hostname(crt, hostname) == 0) { @@ -333,8 +333,8 @@ void print_openpgp_info(gnutls_session session, const char *hostname) } if (hostname != NULL) { /* Check the hostname of the first certificate - * if it matches the name of the host we - * connected to. + * if it matches the name of the host we + * connected to. */ if (gnutls_openpgp_key_check_hostname(crt, hostname) == 0) { printf diff --git a/src/common.h b/src/common.h index 3003a21ed3..3ae4f324cd 100644 --- a/src/common.h +++ b/src/common.h @@ -25,20 +25,20 @@ extern const char str_unknown[]; -int print_info( gnutls_session state, const char* hostname); -void print_cert_info( gnutls_session state, const char* hostname); +int print_info(gnutls_session state, const char *hostname); +void print_cert_info(gnutls_session state, const char *hostname); void print_list(void); -void parse_comp( char** comp, int ncomp, int* comp_priority); -void parse_kx( char** kx, int nkx, int* kx_priority); -void parse_ctypes( char** ctype, int nctype, int * cert_type_priority); -void parse_macs( char** macs, int nmacs, int *mac_priority); -void parse_ciphers( char** ciphers, int nciphers, int* cipher_priority); -void parse_protocols( char** protocols, int protocols_size, int* protocol_priority); +void parse_comp(char **comp, int ncomp, int *comp_priority); +void parse_kx(char **kx, int nkx, int *kx_priority); +void parse_ctypes(char **ctype, int nctype, int *cert_type_priority); +void parse_macs(char **macs, int nmacs, int *mac_priority); +void parse_ciphers(char **ciphers, int nciphers, int *cipher_priority); +void parse_protocols(char **protocols, int protocols_size, + int *protocol_priority); const char *raw_to_string(const unsigned char *raw, size_t raw_size); -void sockets_init( void); +void sockets_init(void); #ifndef HAVE_INET_NTOP -const char *inet_ntop(int af, const void *src, - char *dst, size_t cnt); +const char *inet_ntop(int af, const void *src, char *dst, size_t cnt); #endif diff --git a/src/list.h b/src/list.h index 3f7ebd8549..021591fea7 100644 --- a/src/list.h +++ b/src/list.h @@ -136,8 +136,8 @@ struct list { long length; long item_size; struct list_item { - struct list_item *next; - struct list_item *prev; + struct list_item *next; + struct list_item *prev; char data[1]; } *head, *tail, *search; void (*free_func) (struct list_item *); @@ -444,6 +444,4 @@ struct list { free (__t); \ } \ -#endif /* _LIST_H */ - - +#endif /* _LIST_H */ diff --git a/src/serv.c b/src/serv.c index 90a0920c1e..7161c86bd8 100644 --- a/src/serv.c +++ b/src/serv.c @@ -116,13 +116,12 @@ static int wrap_db_delete(void *dbf, gnutls_datum key); #define HTTP_STATE_RESPONSE 2 #define HTTP_STATE_CLOSING 3 -LIST_TYPE_DECLARE(listener_item, char *http_request; char *http_response; +LIST_TYPE_DECLARE(listener_item, char *http_request; + char *http_response; int request_length; - int response_length; - int response_written; int http_state; int fd; - gnutls_session tls_session; - int handshake_ok; - ); + int response_length; int response_written; + int http_state; + int fd; gnutls_session tls_session; int handshake_ok;); static const char *safe_strerror(int value) { diff --git a/src/tests.c b/src/tests.c index 87bcc4d861..2e293ab3bb 100644 --- a/src/tests.c +++ b/src/tests.c @@ -100,12 +100,13 @@ int do_handshake(gnutls_session session) static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; static const int kx_priority[16] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, -GNUTLS_KX_ANON_DH, + GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA_EXPORT, 0 }; static const int cipher_priority[16] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, -GNUTLS_CIPHER_ARCFOUR_40, 0 }; + GNUTLS_CIPHER_ARCFOUR_40, 0 +}; static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; static const int mac_priority[16] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 }; diff --git a/src/tests.h b/src/tests.h index e256f11686..26ec03372b 100644 --- a/src/tests.h +++ b/src/tests.h @@ -1,40 +1,38 @@ typedef enum { - TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE + TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE } test_code_t; -test_code_t test_srp( gnutls_session state); -test_code_t test_export( gnutls_session state); -test_code_t test_export_info( gnutls_session state); -test_code_t test_hello_extension( gnutls_session state); -test_code_t test_dhe( gnutls_session state); -test_code_t test_dhe_group( gnutls_session state); -test_code_t test_ssl3( gnutls_session state); -test_code_t test_aes( gnutls_session state); -test_code_t test_md5( gnutls_session state); -test_code_t test_sha( gnutls_session state); -test_code_t test_rmd( gnutls_session state); -test_code_t test_3des( gnutls_session state); -test_code_t test_arcfour( gnutls_session state); -test_code_t test_arcfour_40( gnutls_session state); -test_code_t test_tls1( gnutls_session state); -test_code_t test_tls1_1( gnutls_session state); -test_code_t test_tls1_1_fallback( gnutls_session state); -test_code_t test_tls_disable( gnutls_session state); -test_code_t test_rsa_pms( gnutls_session state); -test_code_t test_max_record_size( gnutls_session state); -test_code_t test_version_rollback( gnutls_session state); -test_code_t test_anonymous( gnutls_session state); -test_code_t test_unknown_ciphersuites( gnutls_session state); -test_code_t test_openpgp1( gnutls_session state); -test_code_t test_bye( gnutls_session state); -test_code_t test_certificate( gnutls_session state); -test_code_t test_server_cas( gnutls_session state); -test_code_t test_session_resume2( gnutls_session state); -test_code_t test_rsa_pms_version_check( gnutls_session session); -test_code_t test_version_oob( gnutls_session session); -test_code_t test_zlib( gnutls_session session); -test_code_t test_lzo( gnutls_session session); -int _test_srp_username_callback( gnutls_session session, unsigned int times, - char** username, char** password); - - +test_code_t test_srp(gnutls_session state); +test_code_t test_export(gnutls_session state); +test_code_t test_export_info(gnutls_session state); +test_code_t test_hello_extension(gnutls_session state); +test_code_t test_dhe(gnutls_session state); +test_code_t test_dhe_group(gnutls_session state); +test_code_t test_ssl3(gnutls_session state); +test_code_t test_aes(gnutls_session state); +test_code_t test_md5(gnutls_session state); +test_code_t test_sha(gnutls_session state); +test_code_t test_rmd(gnutls_session state); +test_code_t test_3des(gnutls_session state); +test_code_t test_arcfour(gnutls_session state); +test_code_t test_arcfour_40(gnutls_session state); +test_code_t test_tls1(gnutls_session state); +test_code_t test_tls1_1(gnutls_session state); +test_code_t test_tls1_1_fallback(gnutls_session state); +test_code_t test_tls_disable(gnutls_session state); +test_code_t test_rsa_pms(gnutls_session state); +test_code_t test_max_record_size(gnutls_session state); +test_code_t test_version_rollback(gnutls_session state); +test_code_t test_anonymous(gnutls_session state); +test_code_t test_unknown_ciphersuites(gnutls_session state); +test_code_t test_openpgp1(gnutls_session state); +test_code_t test_bye(gnutls_session state); +test_code_t test_certificate(gnutls_session state); +test_code_t test_server_cas(gnutls_session state); +test_code_t test_session_resume2(gnutls_session state); +test_code_t test_rsa_pms_version_check(gnutls_session session); +test_code_t test_version_oob(gnutls_session session); +test_code_t test_zlib(gnutls_session session); +test_code_t test_lzo(gnutls_session session); +int _test_srp_username_callback(gnutls_session session, unsigned int times, + char **username, char **password); |