summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac6
-rw-r--r--doc/Makefile.am22
-rw-r--r--doc/examples/ex-pkcs11-list.c2
-rw-r--r--doc/gnutls.texi4
-rw-r--r--lib/Makefile.am10
-rw-r--r--lib/algorithms/ciphers.c8
-rw-r--r--lib/algorithms/ciphersuites.c32
-rw-r--r--lib/algorithms/ecc.c2
-rw-r--r--lib/algorithms/kx.c12
-rw-r--r--lib/algorithms/mac.c8
-rw-r--r--lib/algorithms/protocols.c4
-rw-r--r--lib/algorithms/publickey.c8
-rw-r--r--lib/algorithms/secparams.c2
-rw-r--r--lib/auth/cert.c2
-rw-r--r--lib/auth/dh_common.c8
-rw-r--r--lib/auth/ecdhe.c18
-rw-r--r--lib/auth/psk.c6
-rw-r--r--lib/auth/psk_passwd.c4
-rw-r--r--lib/auth/srp_passwd.c2
-rw-r--r--lib/auto-verify.c28
-rw-r--r--lib/buffers.c6
-rw-r--r--lib/buffers.h4
-rw-r--r--lib/cipher.c7
-rw-r--r--lib/cipher_int.c16
-rw-r--r--lib/compress.c6
-rw-r--r--lib/crypto-api.c10
-rw-r--r--lib/crypto-backend.c4
-rw-r--r--lib/datum.h6
-rw-r--r--lib/dtls-sw.c2
-rw-r--r--lib/dtls.c2
-rw-r--r--lib/dtls.h2
-rw-r--r--lib/ecc.c4
-rw-r--r--lib/errors.c4
-rw-r--r--lib/ext/dumbfw.c2
-rw-r--r--lib/ext/srp.h2
-rw-r--r--lib/ext/status_request.c12
-rw-r--r--lib/extras/hex.c4
-rw-r--r--lib/fips.c2
-rw-r--r--lib/gnutls.asn6
-rw-r--r--lib/gnutls_int.h14
-rw-r--r--lib/handshake.c46
-rw-r--r--lib/includes/gnutls/abstract.h4
-rw-r--r--lib/includes/gnutls/crypto.h20
-rw-r--r--lib/includes/gnutls/gnutls.h.in2
-rw-r--r--lib/includes/gnutls/x509.h2
-rw-r--r--lib/mem.h12
-rw-r--r--lib/minitasn1/decoding.c20
-rw-r--r--lib/minitasn1/element.c2
-rw-r--r--lib/minitasn1/libtasn1.h2
-rw-r--r--lib/mpi.c2
-rw-r--r--lib/nettle/cipher.c20
-rw-r--r--lib/nettle/int/drbg-aes-self-test.c4
-rw-r--r--lib/nettle/pk.c68
-rw-r--r--lib/opencdk/armor.c4
-rw-r--r--lib/opencdk/stream.c6
-rw-r--r--lib/openpgp/openpgp.c10
-rw-r--r--lib/pcert.c16
-rw-r--r--lib/pk.c6
-rw-r--r--lib/pkcs11.c54
-rw-r--r--lib/pkcs11_privkey.c26
-rw-r--r--lib/pkcs11_write.c10
-rw-r--r--lib/pkcs11x.c14
-rw-r--r--lib/prf.c24
-rw-r--r--lib/privkey.c8
-rw-r--r--lib/record.c9
-rw-r--r--lib/session_pack.c10
-rw-r--r--lib/str.c2
-rw-r--r--lib/str.h118
-rw-r--r--lib/supplemental.c2
-rw-r--r--lib/system-keys.h2
-rw-r--r--lib/system/inet_ntop.c66
-rw-r--r--lib/system/keys-dummy.c14
-rw-r--r--lib/system/keys-win.c622
-rw-r--r--lib/verify-tofu.c12
-rw-r--r--lib/x509.c32
-rw-r--r--lib/x509.h2
-rw-r--r--lib/x509/common.c2
-rw-r--r--lib/x509/common.h2
-rw-r--r--lib/x509/crl.c4
-rw-r--r--lib/x509/crq.c2
-rw-r--r--lib/x509/email-verify.c6
-rw-r--r--lib/x509/extensions.c4
-rw-r--r--lib/x509/hostname-verify.c8
-rw-r--r--lib/x509/krb5.c90
-rw-r--r--lib/x509/name_constraints.c70
-rw-r--r--lib/x509/ocsp.c20
-rw-r--r--lib/x509/output.c2
-rw-r--r--lib/x509/pkcs12.c4
-rw-r--r--lib/x509/pkcs7-attrs.c29
-rw-r--r--lib/x509/pkcs7-crypt.c465
-rw-r--r--lib/x509/pkcs7.c494
-rw-r--r--lib/x509/privkey.c48
-rw-r--r--lib/x509/privkey_pkcs8.c2
-rw-r--r--lib/x509/time.c18
-rw-r--r--lib/x509/tls_features.c2
-rw-r--r--lib/x509/verify-high.c12
-rw-r--r--lib/x509/verify.c14
-rw-r--r--lib/x509/x509.c54
-rw-r--r--lib/x509/x509_ext.c4
-rw-r--r--lib/x509/x509_write.c29
-rw-r--r--m4/hooks.m42
-rw-r--r--src/certtool-cfg.c138
-rw-r--r--src/certtool.c26
-rw-r--r--src/cli.c30
-rw-r--r--src/danetool.c4
-rw-r--r--src/list.h2
-rw-r--r--src/ocsptool-common.c4
-rw-r--r--src/ocsptool.c4
-rw-r--r--src/pkcs11.c112
-rw-r--r--src/serv.c36
-rw-r--r--src/tests.c2
-rw-r--r--tests/auto-verify.c30
-rw-r--r--tests/cert-key-exchange.c4
-rw-r--r--tests/cert-tests/Makefile.am2
-rw-r--r--tests/certificate_set_x509_crl.c6
-rw-r--r--tests/chainverify.c12
-rw-r--r--tests/common-cert-key-exchange.c8
-rw-r--r--tests/conv-utf8.c2
-rw-r--r--tests/crl-basic.c4
-rw-r--r--tests/crlverify.c6
-rw-r--r--tests/crq-basic.c4
-rw-r--r--tests/crq_key_id.c4
-rw-r--r--tests/custom-urls-override.c2
-rw-r--r--tests/custom-urls.c4
-rw-r--r--tests/dane.c916
-rw-r--r--tests/dtls-handshake-versions.c4
-rw-r--r--tests/dtls-max-record.c4
-rw-r--r--tests/dtls-rehandshake-anon.c4
-rw-r--r--tests/dtls-rehandshake-cert-2.c4
-rw-r--r--tests/dtls-rehandshake-cert-3.c2
-rw-r--r--tests/dtls-rehandshake-cert.c8
-rw-r--r--tests/dtls-sliding-window.c2
-rw-r--r--tests/dtls/dtls-stress.c32
-rw-r--r--tests/eagain-common.h126
-rw-r--r--tests/fallback-scsv.c2
-rw-r--r--tests/handshake-false-start.c16
-rw-r--r--tests/handshake-versions.c4
-rw-r--r--tests/hostname-check.c520
-rw-r--r--tests/key-material-dtls.c2
-rw-r--r--tests/key-usage.c8
-rw-r--r--tests/mini-cert-status.c4
-rw-r--r--tests/mini-chain-unsorted.c6
-rw-r--r--tests/mini-dtls-heartbeat.c12
-rw-r--r--tests/mini-dtls-large.c18
-rw-r--r--tests/mini-dtls-lowmtu.c2
-rw-r--r--tests/mini-dtls-mtu.c36
-rw-r--r--tests/mini-eagain-dtls.c8
-rw-r--r--tests/mini-eagain.c8
-rw-r--r--tests/mini-emsgsize-dtls.c8
-rw-r--r--tests/mini-etm.c2
-rw-r--r--tests/mini-extension.c4
-rw-r--r--tests/mini-global-load.c4
-rw-r--r--tests/mini-key-material.c2
-rw-r--r--tests/mini-record.c2
-rw-r--r--tests/mini-rsa-psk.c4
-rw-r--r--tests/mini-session-verify-function.c24
-rw-r--r--tests/mini-supplementaldata.c4
-rw-r--r--tests/mini-x509-2.c10
-rw-r--r--tests/mini-x509-callbacks-intr.c8
-rw-r--r--tests/mini-x509-callbacks.c8
-rw-r--r--tests/mini-x509-cas.c4
-rw-r--r--tests/mini-x509-default-prio.c4
-rw-r--r--tests/mini-x509-dual.c4
-rw-r--r--tests/mini-x509.c4
-rw-r--r--tests/name-constraints-ip.c32
-rw-r--r--tests/ocsp-tests/Makefile.am8
-rw-r--r--tests/ocsp.c26
-rw-r--r--tests/openpgp-auth.c8
-rw-r--r--tests/openpgp-auth2.c4
-rw-r--r--tests/openpgpself.c2
-rw-r--r--tests/pgps2kgnu.c10
-rw-r--r--tests/pkcs12_s2k.c10
-rw-r--r--tests/pkcs12_s2k_pem.c8
-rw-r--r--tests/pkcs12_simple.c4
-rw-r--r--tests/pkcs8-key-decode.c6
-rw-r--r--tests/prf.c12
-rw-r--r--tests/rehandshake-ext-secret.c4
-rw-r--r--tests/rehandshake-switch-cert-allow.c6
-rw-r--r--tests/rehandshake-switch-cert-client-allow.c6
-rw-r--r--tests/rehandshake-switch-cert-client.c6
-rw-r--r--tests/rehandshake-switch-cert.c6
-rw-r--r--tests/rehandshake-switch-psk-id.c6
-rw-r--r--tests/rehandshake-switch-srp-id.c6
-rw-r--r--tests/resume-dtls.c4
-rw-r--r--tests/resume-with-false-start.c4
-rw-r--r--tests/resume.c6
-rw-r--r--tests/rsa-encrypt-decrypt.c4
-rw-r--r--tests/send-client-cert.c4
-rw-r--r--tests/session-export-funcs.c4
-rw-r--r--tests/simple.c18
-rw-r--r--tests/slow/cipher-override.c20
-rw-r--r--tests/slow/cipher-override2.c20
-rw-r--r--tests/srp.c4
-rw-r--r--tests/test-chains.h6
-rw-r--r--tests/tls-max-record.c4
-rw-r--r--tests/tls-rehandshake-cert-2.c8
-rw-r--r--tests/tls-rehandshake-cert.c4
-rw-r--r--tests/tlsfeature-crt.c42
-rw-r--r--tests/tlsfeature-ext.c98
-rw-r--r--tests/utils-adv.c6
-rw-r--r--tests/utils.c18
-rw-r--r--tests/version-checks.c4
-rw-r--r--tests/windows/cng-windows.c2
-rw-r--r--tests/windows/crypt32.c4
-rw-r--r--tests/x509-extensions.c2
-rw-r--r--tests/x509cert-tl.c4
-rw-r--r--tests/x509cert.c14
-rw-r--r--tests/x509dn.c4
-rw-r--r--tests/x509sign-verify.c28
-rw-r--r--tests/x509sign-verify2.c24
210 files changed, 2962 insertions, 2821 deletions
diff --git a/configure.ac b/configure.ac
index 2e79ed9103..06640631cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -522,7 +522,7 @@ if test "$enable_dane" != "no"; then
AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
enable_dane=yes],
[AC_MSG_RESULT(no)
- AC_MSG_WARN([[
+ AC_MSG_WARN([[
***
*** libunbound was not found. Libdane will not be built.
*** ]])
@@ -539,7 +539,7 @@ if test "$have_win" = yes; then
unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
else
if test -f /var/lib/unbound/root.key;then
- unbound_root_key_file="/var/lib/unbound/root.key"
+ unbound_root_key_file="/var/lib/unbound/root.key"
else
if test -f /usr/share/dns/root.key;then
unbound_root_key_file="/usr/share/dns/root.key"
@@ -608,7 +608,7 @@ if test "$with_tpm" != "no"; then
AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
with_tpm=yes],
[AC_MSG_RESULT(no)
- AC_MSG_WARN([[
+ AC_MSG_WARN([[
***
*** trousers was not found. TPM support will be disabled.
*** ]])
diff --git a/doc/Makefile.am b/doc/Makefile.am
index c69d8770ee..218bbc98ec 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -32,7 +32,7 @@ endif
-include $(top_srcdir)/doc/doc.mk
invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -40,7 +40,7 @@ invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def
mv -f $@.tmp $@
invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls-cli.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -48,7 +48,7 @@ invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls
mv -f $@.tmp $@
invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -56,7 +56,7 @@ invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug
mv -f $@.tmp $@
invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -67,7 +67,7 @@ invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.tex
rm -f $@.tmp
invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -78,7 +78,7 @@ invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi
rm -f $@.tmp
invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -89,7 +89,7 @@ invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi
rm -f $@.tmp
invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -100,7 +100,7 @@ invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi
rm -f $@.tmp
invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -111,7 +111,7 @@ invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi
rm -f $@.tmp
invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -122,7 +122,7 @@ invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi
rm -f $@.tmp
invoke-tpmtool.texi: $(top_srcdir)/src/tpmtool-args.def invoke-p11tool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
@@ -139,7 +139,7 @@ gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi \
cha-gtls-app.texi cha-internals.texi cha-intro-tls.texi \
cha-library.texi cha-preface.texi cha-programs.texi \
sec-tls-app.texi cha-errors.texi cha-support.texi \
- cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \
+ cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \
cha-tokens.texi cha-crypto.texi cha-auth.texi
AUTOGENED_DOC = invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \
diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c
index b2636312f7..7f1d4595a6 100644
--- a/doc/examples/ex-pkcs11-list.c
+++ b/doc/examples/ex-pkcs11-list.c
@@ -39,7 +39,7 @@ int main(int argc, char **argv)
}
for (i = 0; i < obj_list_size; i++)
- gnutls_pkcs11_obj_deinit(obj_list[i]);
+ gnutls_pkcs11_obj_deinit(obj_list[i]);
gnutls_free(obj_list);
return 0;
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index d62f310cde..cefbbeb7f8 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -16,8 +16,8 @@
This manual is last updated @value{UPDATED} for version
@value{VERSION} of GnuTLS.
-Copyright @copyright{} 2001-2015 Free Software Foundation, Inc.\\
-Copyright @copyright{} 2001-2015 Nikos Mavrogiannopoulos
+Copyright @copyright{} 2001-2016 Free Software Foundation, Inc.\\
+Copyright @copyright{} 2001-2016 Nikos Mavrogiannopoulos
@quotation
Permission is granted to copy, distribute and/or modify this document
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 7341f80c7f..5db029e01c 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -68,14 +68,14 @@ PSK_COBJECTS = psk.c
COBJECTS = range.c record.c compress.c debug.c cipher.c \
mbuffers.c buffers.c handshake.c num.c errors.c dh.c kx.c \
- priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \
+ priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \
extensions.c auth.c sslv2_compat.c datum.c session_pack.c mpi.c \
pk.c cert.c global.c constate.c anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \
- mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \
- system/certs.c system/threads.c system/fastopen.c system/sockets.c \
+ mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \
+ system/certs.c system/threads.c system/fastopen.c system/sockets.c \
system/inet_ntop.c system/iconv.c system/vasprintf.c vasprintf.h system.c \
- str.c state.c x509.c file.c supplemental.c \
- random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \
+ str.c state.c x509.c file.c supplemental.c \
+ random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \
system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \
safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \
system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 7b358bbc8a..95f37561d4 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -176,7 +176,7 @@ static const cipher_entry_st algorithms[] = {
.explicit_iv = 8,
.cipher_iv = 12,
.tagsize = 16},
- { .name = "3DES-CBC",
+ { .name = "3DES-CBC",
.id = GNUTLS_CIPHER_3DES_CBC,
.blocksize = 8,
.keysize = 24,
@@ -212,11 +212,11 @@ static const cipher_entry_st algorithms[] = {
};
#define GNUTLS_CIPHER_LOOP(b) \
- const cipher_entry_st *p; \
- for(p = algorithms; p->name != NULL; p++) { b ; }
+ const cipher_entry_st *p; \
+ for(p = algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_ALG_LOOP(a) \
- GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } )
+ GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } )
/* CIPHER functions */
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 76964ae81c..3fb417dc70 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -85,8 +85,8 @@
#define GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x9A }
#define GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x9B }
-#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A }
-#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B }
+#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A }
+#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B }
#define GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x7C }
#define GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7D }
#define GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 { 0xC0,0x80 }
@@ -97,8 +97,8 @@
#define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x87 }
#define GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8A }
#define GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8B }
-#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E }
-#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F }
+#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E }
+#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F }
#define GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x90 }
#define GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x91 }
#define GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x92 }
@@ -252,21 +252,21 @@
#define GNUTLS_DHE_PSK_AES_256_GCM_SHA384 { 0x00, 0xAB }
#define GNUTLS_PSK_AES_256_CBC_SHA384 { 0x00,0xAF }
-#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 }
+#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 }
#define GNUTLS_DHE_PSK_AES_256_CBC_SHA384 { 0x00,0xB3 }
-#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 }
+#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 }
-#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C }
-#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D }
-#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E }
-#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 }
+#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C }
+#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D }
+#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E }
+#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 }
#define GNUTLS_RSA_PSK_AES_128_GCM_SHA256 { 0x00,0xAC }
#define GNUTLS_RSA_PSK_AES_256_GCM_SHA384 { 0x00,0xAD }
#define GNUTLS_RSA_PSK_AES_128_CBC_SHA256 { 0x00,0xB6 }
#define GNUTLS_RSA_PSK_AES_256_CBC_SHA384 { 0x00,0xB7 }
-#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 }
-#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 }
+#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 }
+#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 }
/* PSK - SHA256 HMAC */
@@ -291,7 +291,7 @@
#define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 }
/* ECC-ECDSA */
-#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 }
+#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 }
#define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 }
#define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 }
#define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A }
@@ -1139,11 +1139,11 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
};
#define CIPHER_SUITE_LOOP(b) { \
- const gnutls_cipher_suite_entry_st *p; \
- for(p = cs_algorithms; p->name != NULL; p++) { b ; } }
+ const gnutls_cipher_suite_entry_st *p; \
+ for(p = cs_algorithms; p->name != NULL; p++) { b ; } }
#define CIPHER_SUITE_ALG_LOOP(a, suite) \
- CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } )
+ CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } )
/* Cipher Suite's functions */
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index 9d0c584b0a..ac1c3e2187 100644
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -82,7 +82,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
#define GNUTLS_ECC_CURVE_LOOP(b) \
{ const gnutls_ecc_curve_entry_st *p; \
- for(p = ecc_curves; p->name != NULL; p++) { b ; } }
+ for(p = ecc_curves; p->name != NULL; p++) { b ; } }
/* Returns the TLS id of the given curve
diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c
index 09eab0d8c2..2d5ad81bc5 100644
--- a/lib/algorithms/kx.c
+++ b/lib/algorithms/kx.c
@@ -76,11 +76,11 @@ static const gnutls_cred_map cred_mappings[] = {
};
#define GNUTLS_KX_MAP_LOOP(b) \
- const gnutls_cred_map *p; \
- for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
+ const gnutls_cred_map *p; \
+ for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
- GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
+ GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
struct gnutls_kx_algo_entry {
const char *name;
@@ -134,11 +134,11 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
};
#define GNUTLS_KX_LOOP(b) \
- const gnutls_kx_algo_entry *p; \
- for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
+ const gnutls_kx_algo_entry *p; \
+ for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_KX_ALG_LOOP(a) \
- GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
+ GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
/* Key EXCHANGE functions */
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index f0882549c9..0198e4a205 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -62,11 +62,11 @@ static const mac_entry_st hash_algorithms[] = {
#define GNUTLS_HASH_LOOP(b) \
- const mac_entry_st *p; \
- for(p = hash_algorithms; p->name != NULL; p++) { b ; }
+ const mac_entry_st *p; \
+ for(p = hash_algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_HASH_ALG_LOOP(a) \
- GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
+ GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
const mac_entry_st *_gnutls_mac_to_entry(gnutls_mac_algorithm_t c)
{
@@ -172,7 +172,7 @@ gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name)
GNUTLS_HASH_LOOP(
if (strcasecmp(p->name, name) == 0) {
if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
- ret = p->id;
+ ret = p->id;
break;
}
);
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index 8ef69a5e70..b2bd675f5f 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -129,8 +129,8 @@ static const version_entry_st sup_versions[] = {
};
#define GNUTLS_VERSION_LOOP(b) \
- const version_entry_st *p; \
- for(p = sup_versions; p->name != NULL; p++) { b ; }
+ const version_entry_st *p; \
+ for(p = sup_versions; p->name != NULL; p++) { b ; }
#define GNUTLS_VERSION_ALG_LOOP(a) \
GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c
index c70187736f..b7b1169fbb 100644
--- a/lib/algorithms/publickey.c
+++ b/lib/algorithms/publickey.c
@@ -57,11 +57,11 @@ static const gnutls_pk_map pk_mappings[] = {
};
#define GNUTLS_PK_MAP_LOOP(b) \
- const gnutls_pk_map *p; \
- for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
+ const gnutls_pk_map *p; \
+ for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
#define GNUTLS_PK_MAP_ALG_LOOP(a) \
- GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
+ GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
/* returns the gnutls_pk_algorithm_t which is compatible with
@@ -104,7 +104,7 @@ static const gnutls_pk_entry pk_algorithms[] = {
#define GNUTLS_PK_LOOP(b) \
{ const gnutls_pk_entry *p; \
- for(p = pk_algorithms; p->name != NULL; p++) { b ; } }
+ for(p = pk_algorithms; p->name != NULL; p++) { b ; } }
/**
diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c
index 081a6bf4cf..ee65fc7a90 100644
--- a/lib/algorithms/secparams.c
+++ b/lib/algorithms/secparams.c
@@ -60,7 +60,7 @@ static const gnutls_sec_params_entry sec_params[] = {
#define GNUTLS_SEC_PARAM_LOOP(b) \
{ const gnutls_sec_params_entry *p; \
- for(p = sec_params; p->name != NULL; p++) { b ; } }
+ for(p = sec_params; p->name != NULL; p++) { b ; } }
/**
* gnutls_sec_param_to_pk_bits:
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index e52acd636b..15601725dc 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -714,7 +714,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data)
/* if no certificates were found then send:
* 0B 00 00 03 00 00 00 // Certificate with no certs
* instead of:
- * 0B 00 00 00 // empty certificate handshake
+ * 0B 00 00 00 // empty certificate handshake
*
* ( the above is the whole handshake message, not
* the one produced here )
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index d5b953ed27..f9e2b36649 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -107,9 +107,9 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
}
ret = 0;
-error:
+ error:
_gnutls_mpi_release(&session->key.client_Y);
- gnutls_pk_params_clear(&session->key.dh_params);
+ gnutls_pk_params_clear(&session->key.dh_params);
return ret;
}
@@ -173,8 +173,8 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
ret = data->length;
- error:
- gnutls_pk_params_clear(&session->key.dh_params);
+ error:
+ gnutls_pk_params_clear(&session->key.dh_params);
return ret;
}
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index e445c2f0fe..909e472dc0 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -191,8 +191,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session,
goto cleanup;
}
-cleanup:
- gnutls_pk_params_clear(&session->key.ecdh_params);
+ cleanup:
+ gnutls_pk_params_clear(&session->key.ecdh_params);
return ret;
}
@@ -271,8 +271,8 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
} else if (pk == GNUTLS_PK_ECDHX) {
ret =
_gnutls_buffer_append_data_prefix(data, 8,
- session->key.ecdh_params.raw_pub.data,
- session->key.ecdh_params.raw_pub.size);
+ session->key.ecdh_params.raw_pub.data,
+ session->key.ecdh_params.raw_pub.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -287,8 +287,8 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
}
ret = data->length;
-cleanup:
- gnutls_pk_params_clear(&session->key.ecdh_params);
+ cleanup:
+ gnutls_pk_params_clear(&session->key.ecdh_params);
return ret;
}
@@ -451,9 +451,9 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
} else if (pk == GNUTLS_PK_ECDHX) {
ret =
- _gnutls_buffer_append_data_prefix(data, 8,
- session->key.ecdh_params.raw_pub.data,
- session->key.ecdh_params.raw_pub.size);
+ _gnutls_buffer_append_data_prefix(data, 8,
+ session->key.ecdh_params.raw_pub.data,
+ session->key.ecdh_params.raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
}
diff --git a/lib/auth/psk.c b/lib/auth/psk.c
index 2b3ac41dc0..ea1417b662 100644
--- a/lib/auth/psk.c
+++ b/lib/auth/psk.c
@@ -292,9 +292,9 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data,
*
* struct {
* select (KeyExchangeAlgorithm) {
- * // other cases for rsa, diffie_hellman, etc.
- * case psk: // NEW
- * uint8_t psk_identity_hint<0..2^16-1>;
+ * // other cases for rsa, diffie_hellman, etc.
+ * case psk: // NEW
+ * uint8_t psk_identity_hint<0..2^16-1>;
* };
* } ServerKeyExchange;
*
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c
index 2ef2c9c901..72aadb83f8 100644
--- a/lib/auth/psk_passwd.c
+++ b/lib/auth/psk_passwd.c
@@ -194,8 +194,8 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, char *username,
cleanup:
if (fd != NULL)
fclose(fd);
-
- zeroize_key(line, line_size);
+
+ zeroize_key(line, line_size);
free(line);
return ret;
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
index 4e00f88b4f..b911282567 100644
--- a/lib/auth/srp_passwd.c
+++ b/lib/auth/srp_passwd.c
@@ -213,7 +213,7 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx)
/* move to first ':' */
i = 0;
while ((i < line_size) && (line[i] != ':')
- && (line[i] != '\0')) {
+ && (line[i] != '\0')) {
i++;
}
diff --git a/lib/auto-verify.c b/lib/auto-verify.c
index 4780843c00..8c618b612b 100644
--- a/lib/auto-verify.c
+++ b/lib/auto-verify.c
@@ -31,26 +31,26 @@
/* The actual verification callback. */
static int auto_verify_cb(gnutls_session_t session)
{
- unsigned int status;
- int ret;
+ unsigned int status;
+ int ret;
- if (session->internals.vc_elements == 0) {
- ret = gnutls_certificate_verify_peers2(session, &status);
+ if (session->internals.vc_elements == 0) {
+ ret = gnutls_certificate_verify_peers2(session, &status);
} else {
- ret = gnutls_certificate_verify_peers(session, session->internals.vc_data,
+ ret = gnutls_certificate_verify_peers(session, session->internals.vc_data,
session->internals.vc_elements, &status);
- }
- if (ret < 0) {
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
- }
+ }
+ if (ret < 0) {
+ return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
+ }
- session->internals.vc_status = status;
+ session->internals.vc_status = status;
- if (status != 0) /* Certificate is not trusted */
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR);
+ if (status != 0) /* Certificate is not trusted */
+ return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR);
- /* notify gnutls to continue handshake normally */
- return 0;
+ /* notify gnutls to continue handshake normally */
+ return 0;
}
/**
diff --git a/lib/buffers.c b/lib/buffers.c
index 72c48e7e04..0371ae849a 100644
--- a/lib/buffers.c
+++ b/lib/buffers.c
@@ -266,7 +266,7 @@ _gnutls_dgram_read(gnutls_session_t session, mbuffer_st ** bufel,
int err = get_errno(session);
_gnutls_read_log("READ: %d returned from %p, errno=%d\n",
- (int) i, fd, err);
+ (int) i, fd, err);
ret = errno_to_gerr(err, 1);
goto cleanup;
@@ -459,9 +459,9 @@ _gnutls_writev_emu(gnutls_session_t session, gnutls_transport_ptr_t fd,
}
if (ret == -1) {
- gnutls_assert();
+ gnutls_assert();
break;
- }
+ }
total += ret;
diff --git a/lib/buffers.h b/lib/buffers.h
index e4dabf1b5f..a8f2c5c779 100644
--- a/lib/buffers.h
+++ b/lib/buffers.h
@@ -119,7 +119,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
unsigned int ms);
#define _gnutls_handshake_io_buffer_clear( session) \
- _mbuffer_head_clear( &session->internals.handshake_send_buffer); \
- _gnutls_handshake_recv_buffer_clear( session);
+ _mbuffer_head_clear( &session->internals.handshake_send_buffer); \
+ _gnutls_handshake_recv_buffer_clear( session);
#endif
diff --git a/lib/cipher.c b/lib/cipher.c
index 50096df6c4..b25ba90997 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -400,10 +400,9 @@ compressed_to_ciphertext(gnutls_session_t session,
memset(nonce, 0, 4);
memcpy(&nonce[4],
- UINT64DATA(params->write.sequence_number),
- 8);
+ UINT64DATA(params->write.sequence_number), 8);
- memxor(nonce, params->write.IV.data, 12);
+ memxor(nonce, params->write.IV.data, 12);
}
}
@@ -602,7 +601,7 @@ ciphertext_to_compressed(gnutls_session_t session,
memset(nonce, 0, 4);
memcpy(&nonce[4], UINT64DATA(*sequence), 8);
- memxor(nonce, params->read.IV.data, 12);
+ memxor(nonce, params->read.IV.data, 12);
}
length =
diff --git a/lib/cipher_int.c b/lib/cipher_int.c
index 6482e00bc5..46ce30b6c8 100644
--- a/lib/cipher_int.c
+++ b/lib/cipher_int.c
@@ -85,7 +85,7 @@ _gnutls_cipher_init(cipher_hd_st *handle, const cipher_entry_st *e,
if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- FAIL_IF_LIB_ERROR;
+ FAIL_IF_LIB_ERROR;
handle->e = e;
handle->handle = NULL;
@@ -183,7 +183,7 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
if (unlikely(e == NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- FAIL_IF_LIB_ERROR;
+ FAIL_IF_LIB_ERROR;
memset(handle, 0, sizeof(*handle));
handle->etm = etm;
@@ -308,9 +308,9 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
l = (textlen / blocksize) * blocksize;
if (l > 0) {
ret =
- _gnutls_cipher_encrypt2(&handle->cipher, text,
- l, ciphertext,
- ciphertextlen);
+ _gnutls_cipher_encrypt2(&handle->cipher, text,
+ l, ciphertext,
+ ciphertextlen);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -353,9 +353,9 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
MAC(handle, ciphertext, textlen);
ret =
- _gnutls_auth_cipher_tag(handle,
- ciphertext + textlen,
- handle->tag_size);
+ _gnutls_auth_cipher_tag(handle,
+ ciphertext + textlen,
+ handle->tag_size);
if (ret < 0)
return gnutls_assert_val(ret);
}
diff --git a/lib/compress.c b/lib/compress.c
index 2e7197fb63..8008bf60d8 100644
--- a/lib/compress.c
+++ b/lib/compress.c
@@ -205,9 +205,9 @@ _gnutls_supported_compression_methods(gnutls_session_t session,
for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
if (IS_DTLS(session) && session->internals.priorities.compression.priority[i] != GNUTLS_COMP_NULL) {
- gnutls_assert();
- continue;
- }
+ gnutls_assert();
+ continue;
+ }
tmp =
_gnutls_compression_get_num(session->
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index e8fc7b9404..9b2bafa66a 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -763,11 +763,11 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
ret = _gnutls_aead_cipher_encrypt(&h->ctx_enc,
- nonce, nonce_len,
- auth, auth_len,
- tag_size,
- ptext, ptext_len,
- ctext, *ctext_len);
+ nonce, nonce_len,
+ auth, auth_len,
+ tag_size,
+ ptext, ptext_len,
+ ctext, *ctext_len);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c
index 9130e894ed..bac3035c44 100644
--- a/lib/crypto-backend.c
+++ b/lib/crypto-backend.c
@@ -98,8 +98,8 @@ _algo_register(algo_list * al, int algorithm, int priority, void *s, int free_s)
return 0;
cleanup:
- if (free_s) gnutls_free(s);
- return ret;
+ if (free_s) gnutls_free(s);
+ return ret;
}
static const void *_get_algo(algo_list * al, int algo)
diff --git a/lib/datum.h b/lib/datum.h
index 6b4ff48b8f..9b2d82925b 100644
--- a/lib/datum.h
+++ b/lib/datum.h
@@ -29,7 +29,7 @@ int _gnutls_set_datum(gnutls_datum_t * dat, const void *data,
size_t data_size);
int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data,
- size_t data_size);
+ size_t data_size);
int _gnutls_datum_append(gnutls_datum_t * dat, const void *data,
size_t data_size);
@@ -54,7 +54,7 @@ void _gnutls_free_temp_key_datum(gnutls_datum_t * dat)
if (dat->data != NULL) {
zeroize_temp_key(dat->data, dat->size);
gnutls_free(dat->data);
- }
+ }
dat->data = NULL;
dat->size = 0;
@@ -66,7 +66,7 @@ void _gnutls_free_key_datum(gnutls_datum_t * dat)
if (dat->data != NULL) {
zeroize_key(dat->data, dat->size);
gnutls_free(dat->data);
- }
+ }
dat->data = NULL;
dat->size = 0;
diff --git a/lib/dtls-sw.c b/lib/dtls-sw.c
index 36630abb07..7e9d701d12 100644
--- a/lib/dtls-sw.c
+++ b/lib/dtls-sw.c
@@ -2,7 +2,7 @@
* Copyright (C) 2016 Red Hat, Inc.
*
* Authors: Fridolin Pokorny
- * Nikos Mavrogiannopoulos
+ * Nikos Mavrogiannopoulos
*
* This file is part of GNUTLS.
*
diff --git a/lib/dtls.c b/lib/dtls.c
index 50d5dcefc4..e78665fd81 100644
--- a/lib/dtls.c
+++ b/lib/dtls.c
@@ -3,7 +3,7 @@
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* Authors: Jonathan Bastien-Filiatrault
- * Nikos Mavrogiannopoulos
+ * Nikos Mavrogiannopoulos
*
* This file is part of GNUTLS.
*
diff --git a/lib/dtls.h b/lib/dtls.h
index e49a8a1344..5603241fb4 100644
--- a/lib/dtls.h
+++ b/lib/dtls.h
@@ -54,7 +54,7 @@ void _dtls_reset_window(struct record_parameters_st *rp);
if (r != GNUTLS_E_INTERRUPTED) _rr = GNUTLS_E_AGAIN; \
else _rr = r; \
if (!(session->internals.flags & GNUTLS_NONBLOCK)) \
- millisleep(50); \
+ millisleep(50); \
return gnutls_assert_val(_rr); \
} \
}
diff --git a/lib/ecc.c b/lib/ecc.c
index e559cc39f3..e3dc6d139e 100644
--- a/lib/ecc.c
+++ b/lib/ecc.c
@@ -86,8 +86,8 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
/* pad and store y */
return 0;
cleanup:
- _gnutls_free_datum(out);
- return ret;
+ _gnutls_free_datum(out);
+ return ret;
}
diff --git a/lib/errors.c b/lib/errors.c
index 21bcdddd62..05ef2e3171 100644
--- a/lib/errors.c
+++ b/lib/errors.c
@@ -74,8 +74,8 @@ static const gnutls_error_entry error_entries[] = {
ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR),
ERROR_ENTRY(N_(
- "A connection with inappropriate fallback was attempted."),
- GNUTLS_E_INAPPROPRIATE_FALLBACK),
+ "A connection with inappropriate fallback was attempted."),
+ GNUTLS_E_INAPPROPRIATE_FALLBACK),
ERROR_ENTRY(N_("An illegal TLS extension was received."),
GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION),
ERROR_ENTRY(N_("A TLS fatal alert has been received."),
diff --git a/lib/ext/dumbfw.c b/lib/ext/dumbfw.c
index d48f28ecc1..b623f2a396 100644
--- a/lib/ext/dumbfw.c
+++ b/lib/ext/dumbfw.c
@@ -63,7 +63,7 @@ _gnutls_dumbfw_send_params(gnutls_session_t session,
} else {
/* 256 <= extdata->length < 512 */
pad_size = 512 - extdata->length;
- memset(pad, 0, pad_size);
+ memset(pad, 0, pad_size);
ret =
gnutls_buffer_append_data(extdata, pad,
diff --git a/lib/ext/srp.h b/lib/ext/srp.h
index c3a316a500..00b8e2ba0e 100644
--- a/lib/ext/srp.h
+++ b/lib/ext/srp.h
@@ -28,7 +28,7 @@
#ifdef ENABLE_SRP
#define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \
- kx == GNUTLS_KX_SRP_DSS)?1:0)
+ kx == GNUTLS_KX_SRP_DSS)?1:0)
extern const extension_entry_st ext_mod_srp;
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index c95224a834..637a4403d2 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -50,17 +50,17 @@ typedef struct {
From RFC 6066. Client sends:
struct {
- CertificateStatusType status_type;
- select (status_type) {
- case ocsp: OCSPStatusRequest;
- } request;
+ CertificateStatusType status_type;
+ select (status_type) {
+ case ocsp: OCSPStatusRequest;
+ } request;
} CertificateStatusRequest;
enum { ocsp(1), (255) } CertificateStatusType;
struct {
- ResponderID responder_id_list<0..2^16-1>;
- Extensions request_extensions;
+ ResponderID responder_id_list<0..2^16-1>;
+ Extensions request_extensions;
} OCSPStatusRequest;
opaque ResponderID<1..2^16-1>;
diff --git a/lib/extras/hex.c b/lib/extras/hex.c
index 3a89a014bb..55b64ca309 100644
--- a/lib/extras/hex.c
+++ b/lib/extras/hex.c
@@ -10,11 +10,11 @@ static bool char_to_hex(unsigned char *val, char c)
*val = c - '0';
return true;
}
- if (c >= 'a' && c <= 'f') {
+ if (c >= 'a' && c <= 'f') {
*val = c - 'a' + 10;
return true;
}
- if (c >= 'A' && c <= 'F') {
+ if (c >= 'A' && c <= 'F') {
*val = c - 'A' + 10;
return true;
}
diff --git a/lib/fips.c b/lib/fips.c
index 992a918d8d..8a0ada34bc 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -350,7 +350,7 @@ int _gnutls_fips_perform_self_checks2(void)
gnutls_assert();
goto error;
}
-
+
ret = _gnutls_rnd_ops.self_test();
if (ret < 0) {
gnutls_assert();
diff --git a/lib/gnutls.asn b/lib/gnutls.asn
index 76bad6fbb6..744403403a 100644
--- a/lib/gnutls.asn
+++ b/lib/gnutls.asn
@@ -26,7 +26,7 @@ RSAPrivateKey ::= SEQUENCE {
exponent1 INTEGER, -- (Usually large) d mod (p-1)
exponent2 INTEGER, -- (Usually large) d mod (q-1)
coefficient INTEGER, -- (Usually large) (inverse of q) mod p
- otherInfo RSAOtherInfo OPTIONAL
+ otherInfo RSAOtherInfo OPTIONAL
}
ProvableSeed ::= SEQUENCE {
@@ -35,8 +35,8 @@ ProvableSeed ::= SEQUENCE {
}
RSAOtherInfo ::= CHOICE {
- otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation
- seed [1] ProvableSeed
+ otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation
+ seed [1] ProvableSeed
}
OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 25d4b3a814..2435c5c1e1 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -609,7 +609,7 @@ struct record_state_st {
0x0000-0xffff. */
#define EPOCH_READ_CURRENT 70000
#define EPOCH_WRITE_CURRENT 70001
-#define EPOCH_NEXT 70002
+#define EPOCH_NEXT 70002
struct record_parameters_st {
uint16_t epoch;
@@ -694,12 +694,12 @@ struct gnutls_priority_st {
#define DEFAULT_MAX_EMPTY_RECORDS 200
#define ENABLE_COMPAT(x) \
- (x)->allow_large_records = 1; \
- (x)->no_etm = 1; \
- (x)->no_ext_master_secret = 1; \
- (x)->allow_key_usage_violation = 1; \
- (x)->allow_wrong_pms = 1; \
- (x)->dumbfw = 1
+ (x)->allow_large_records = 1; \
+ (x)->no_etm = 1; \
+ (x)->no_ext_master_secret = 1; \
+ (x)->allow_key_usage_violation = 1; \
+ (x)->allow_wrong_pms = 1; \
+ (x)->dumbfw = 1
/* DH and RSA parameters types.
*/
diff --git a/lib/handshake.c b/lib/handshake.c
index 7dccae6030..9a8c9acc3f 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1264,7 +1264,7 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
}
ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0,
- _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
+ _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
if (ret < 0) {
gnutls_assert();
_mbuffer_xfree(&bufel);
@@ -1281,7 +1281,7 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
}
ret = call_hook_func(session, type, GNUTLS_HOOK_POST, 0,
- _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
+ _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1707,8 +1707,8 @@ client_check_if_resuming(gnutls_session_t session,
memcpy(session->security_parameters.cipher_suite,
session->internals.resumed_security_parameters.cipher_suite, 2);
- session->security_parameters.compression_method =
- session->internals.resumed_security_parameters.compression_method;
+ session->security_parameters.compression_method =
+ session->internals.resumed_security_parameters.compression_method;
_gnutls_epoch_set_cipher_suite
(session, EPOCH_NEXT,
@@ -2344,37 +2344,37 @@ recv_hello_verify_request(gnutls_session_t session,
/* The packets in gnutls_handshake (it's more broad than original TLS handshake)
*
- * Client Server
+ * Client Server
*
- * ClientHello -------->
- * <-------- ServerHello
+ * ClientHello -------->
+ * <-------- ServerHello
*
- * Certificate*
- * ServerKeyExchange*
- * <-------- CertificateRequest*
+ * Certificate*
+ * ServerKeyExchange*
+ * <-------- CertificateRequest*
*
- * <-------- ServerHelloDone
+ * <-------- ServerHelloDone
* Certificate*
* ClientKeyExchange
* CertificateVerify*
* [ChangeCipherSpec]
- * Finished -------->
- * NewSessionTicket
- * [ChangeCipherSpec]
- * <-------- Finished
+ * Finished -------->
+ * NewSessionTicket
+ * [ChangeCipherSpec]
+ * <-------- Finished
*
* (*): means optional packet.
*/
/* Handshake when resumming session:
- * Client Server
+ * Client Server
*
- * ClientHello -------->
- * ServerHello
- * [ChangeCipherSpec]
- * <-------- Finished
+ * ClientHello -------->
+ * ServerHello
+ * [ChangeCipherSpec]
+ * <-------- Finished
* [ChangeCipherSpec]
- * Finished -------->
+ * Finished -------->
*
*/
@@ -2570,7 +2570,7 @@ int gnutls_handshake(gnutls_session_t session)
if (session->internals.handshake_timeout_ms &&
session->internals.handshake_endtime == 0)
session->internals.handshake_endtime = session->internals.handshake_start_time.tv_sec +
- session->internals.handshake_timeout_ms / 1000;
+ session->internals.handshake_timeout_ms / 1000;
}
if (session->internals.recv_state == RECV_STATE_FALSE_START) {
@@ -2677,7 +2677,7 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
session->internals.handshake_large_loops++; \
return ret; \
} \
- /* a warning alert might interrupt handshake */ \
+ /* a warning alert might interrupt handshake */ \
if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \
gnutls_assert(); \
ERR( str, ret); \
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 772bd36255..e4c3efd42c 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -476,8 +476,8 @@ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
gnutls_x509_crt_t crt, unsigned int flags);
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
- gnutls_x509_crt_t *crt, unsigned *ncrt,
- unsigned int flags);
+ gnutls_x509_crt_t *crt, unsigned *ncrt,
+ unsigned int flags);
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
gnutls_x509_crt_t * crt);
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 3abc77e658..7cd92a2000 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -153,17 +153,17 @@ typedef int (*gnutls_cipher_auth_func) (void *ctx, const void *data, size_t data
typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsize);
typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx,
- const void *nonce, size_t noncesize,
- const void *auth, size_t authsize,
- size_t tag_size,
- const void *plain, size_t plainsize,
- void *encr, size_t encrsize);
+ const void *nonce, size_t noncesize,
+ const void *auth, size_t authsize,
+ size_t tag_size,
+ const void *plain, size_t plainsize,
+ void *encr, size_t encrsize);
typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx,
- const void *nonce, size_t noncesize,
- const void *auth, size_t authsize,
- size_t tag_size,
- const void *encr, size_t encrsize,
- void *plain, size_t plainsize);
+ const void *nonce, size_t noncesize,
+ const void *auth, size_t authsize,
+ size_t tag_size,
+ const void *encr, size_t encrsize,
+ void *plain, size_t plainsize);
typedef void (*gnutls_cipher_deinit_func) (void *ctx);
int
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 20a13c9aca..c04e1597d0 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1126,7 +1126,7 @@ typedef struct mbuffer_st *gnutls_packet_t;
ssize_t
gnutls_record_recv_packet(gnutls_session_t session,
- gnutls_packet_t *packet);
+ gnutls_packet_t *packet);
void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence);
void gnutls_packet_deinit(gnutls_packet_t packet);
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 08f41890d2..7e95b0fd76 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -188,7 +188,7 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert,
unsigned gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
const char *hostname);
unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
- const char *hostname, unsigned int flags);
+ const char *hostname, unsigned int flags);
int
gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
const char *email, unsigned int flags);
diff --git a/lib/mem.h b/lib/mem.h
index 6391e1aff6..8de248632f 100644
--- a/lib/mem.h
+++ b/lib/mem.h
@@ -39,15 +39,15 @@ unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size);
inline static
int safe_memcmp(const void *s1, const void *s2, size_t n)
{
- if (n == 0)
- return 0;
- return memcmp(s1, s2, n);
+ if (n == 0)
+ return 0;
+ return memcmp(s1, s2, n);
}
#define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \
- _gnutls_mpi_clear(*mpi); \
- _gnutls_mpi_release(mpi); \
- }
+ _gnutls_mpi_clear(*mpi); \
+ _gnutls_mpi_release(mpi); \
+ }
#define zeroize_key(x, size) gnutls_memset(x, 0, size)
diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c
index 2cd9ac359a..9ac1131f5c 100644
--- a/lib/minitasn1/decoding.c
+++ b/lib/minitasn1/decoding.c
@@ -1141,8 +1141,8 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
if (result != ASN1_SUCCESS)
{
warn();
- goto cleanup;
- }
+ goto cleanup;
+ }
DECR_LEN(ider_len, len2);
@@ -1186,15 +1186,15 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
dflags |= DECODE_FLAG_INDEFINITE;
result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags);
- if (result != ASN1_SUCCESS)
+ if (result != ASN1_SUCCESS)
{
warn();
goto cleanup;
}
- DECR_LEN(ider_len, ber_len);
+ DECR_LEN(ider_len, ber_len);
- _asn1_set_value_lv (p, ptmp, vlen);
+ _asn1_set_value_lv (p, ptmp, vlen);
counter += ber_len;
free(ptmp);
@@ -1434,8 +1434,8 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
if (result != ASN1_SUCCESS)
{
warn();
- goto cleanup;
- }
+ goto cleanup;
+ }
DECR_LEN(ider_len, len2);
_asn1_set_value_lv (p, der + counter, len2);
@@ -1470,7 +1470,7 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
if (p)
{
- p->end = counter - 1;
+ p->end = counter - 1;
}
if (p == node && move != DOWN)
@@ -2250,8 +2250,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
if (p[0] == 0 && p[1] == 0) /* EOC */
{
if (ber_len) *ber_len += 2;
- break;
- }
+ break;
+ }
/* no EOC */
der_len += 2;
diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c
index b7a0905efb..3ae7740d1a 100644
--- a/lib/minitasn1/element.c
+++ b/lib/minitasn1/element.c
@@ -932,7 +932,7 @@ asn1_read_value_type (asn1_node root, const char *name, void *ivalue,
{
*len = 0;
if (value)
- value[0] = 0;
+ value[0] = 0;
p = node->down;
while (p)
{
diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h
index 5c4340f133..9a41780204 100644
--- a/lib/minitasn1/libtasn1.h
+++ b/lib/minitasn1/libtasn1.h
@@ -377,7 +377,7 @@ extern "C"
extern ASN1_API int
asn1_get_object_id_der (const unsigned char *der,
int der_len, int *ret_len,
- char *str, int str_size);
+ char *str, int str_size);
/* Compatibility types */
diff --git a/lib/mpi.c b/lib/mpi.c
index 828a0b8dad..8f39516785 100644
--- a/lib/mpi.c
+++ b/lib/mpi.c
@@ -306,7 +306,7 @@ __gnutls_x509_read_int(ASN1_TYPE node, const char *value,
result = _gnutls_mpi_init_scan(ret_mpi, tmpstr, tmpstr_size);
if (overwrite)
- zeroize_key(tmpstr, tmpstr_size);
+ zeroize_key(tmpstr, tmpstr_size);
gnutls_free(tmpstr);
if (result < 0) {
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index bf99985338..569047f1d3 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -100,21 +100,21 @@ struct nettle_cipher_ctx {
static void
_stream_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
ctx->cipher->encrypt_block(ctx->ctx_ptr, length, dst, src);
}
static void
_stream_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
ctx->cipher->decrypt_block(ctx->ctx_ptr, length, dst, src);
}
static void
_cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
cbc_encrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block,
ctx->iv_size, ctx->iv,
@@ -123,7 +123,7 @@ _cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
static void
_cbc_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
cbc_decrypt(ctx->ctx_ptr, ctx->cipher->decrypt_block,
ctx->iv_size, ctx->iv,
@@ -160,11 +160,11 @@ _ccm_decrypt(struct nettle_cipher_ctx *ctx,
static void
_chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx,
- size_t length, const uint8_t *nonce)
+ size_t length, const uint8_t *nonce)
{
chacha_poly1305_set_nonce(ctx, nonce);
}
-
+
struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1]; };
#define GCM_CTX_GET_KEY(ptr) (&((struct gcm_cast_st*)ptr)->key)
#define GCM_CTX_GET_CTX(ptr) (&((struct gcm_cast_st*)ptr)->gcm)
@@ -172,7 +172,7 @@ struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1]
static void
_gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
gcm_encrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr),
GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block,
@@ -181,7 +181,7 @@ _gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
static void
_gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
gcm_decrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr),
GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block,
@@ -620,7 +620,7 @@ wrap_nettle_cipher_aead_encrypt(void *_ctx,
const void *auth, size_t auth_size,
size_t tag_size,
const void *plain, size_t plain_size,
- void *encr, size_t encr_size)
+ void *encr, size_t encr_size)
{
struct nettle_cipher_ctx *ctx = _ctx;
@@ -652,7 +652,7 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx,
const void *nonce, size_t nonce_size,
const void *auth, size_t auth_size,
size_t tag_size,
- const void *encr, size_t encr_size,
+ const void *encr, size_t encr_size,
void *plain, size_t plain_size)
{
struct nettle_cipher_ctx *ctx = _ctx;
diff --git a/lib/nettle/int/drbg-aes-self-test.c b/lib/nettle/int/drbg-aes-self-test.c
index c4547a6665..a36aceba47 100644
--- a/lib/nettle/int/drbg-aes-self-test.c
+++ b/lib/nettle/int/drbg-aes-self-test.c
@@ -235,6 +235,6 @@ int drbg_aes_self_test(void)
free(tmp);
return 1;
fail:
- free(tmp);
- return 0;
+ free(tmp);
+ return 0;
}
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index b41ebfba8d..c50e7efc8d 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -22,7 +22,7 @@
*/
/* This file contains the functions needed for RSA/DSA public key
- * encryption and signatures.
+ * encryption and signatures.
*/
#include "gnutls_int.h"
@@ -66,17 +66,17 @@ static void rnd_func(void *_ctx, size_t length, uint8_t * data)
static void
ecc_scalar_zclear (struct ecc_scalar *s)
{
- zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t));
- ecc_scalar_clear(s);
+ zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t));
+ ecc_scalar_clear(s);
}
-static void
+static void
ecc_point_zclear (struct ecc_point *p)
{
- zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t));
- ecc_point_clear(p);
+ zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t));
+ ecc_point_clear(p);
}
-
+
static void
_dsa_params_get(const gnutls_pk_params_st * pk_params,
struct dsa_params *pub)
@@ -175,7 +175,7 @@ ecc_shared_secret(struct ecc_scalar *private_key,
#define DH_EXPONENT_SIZE(p_size) (2*_gnutls_pk_bits_to_subgroup_bits(p_size))
/* This is used for DH or ECDH key derivation. In DH for example
- * it is given the peers Y and our x, and calculates Y^x
+ * it is given the peers Y and our x, and calculates Y^x
*/
static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
gnutls_datum_t * out,
@@ -204,7 +204,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
goto dh_cleanup;
}
- /* check if f==0,1, or f >= p-1.
+ /* check if f==0,1, or f >= p-1.
* or (ff=f+1) equivalently ff==1,2, ff >= p */
if ((_gnutls_mpi_cmp_ui(ff, 2) == 0)
|| (_gnutls_mpi_cmp_ui(ff, 1) == 0)
@@ -852,18 +852,14 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
if (params->seed_size) {
ret =
- _dsa_generate_dss_pqg(&pub, &cert,
- index,
- params->seed_size, params->seed,
- NULL, NULL,
- level, q_bits);
+ _dsa_generate_dss_pqg(&pub, &cert,
+ index, params->seed_size, params->seed,
+ NULL, NULL, level, q_bits);
} else {
ret =
- dsa_generate_dss_pqg(&pub, &cert,
- index,
- NULL, rnd_func,
- NULL, NULL,
- level, q_bits);
+ dsa_generate_dss_pqg(&pub, &cert,
+ index, NULL, rnd_func,
+ NULL, NULL, level, q_bits);
}
if (ret != 1) {
gnutls_assert();
@@ -1000,11 +996,11 @@ int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params,
ret = 0;
goto cleanup;
fail:
- gnutls_free(pub_key->data);
- gnutls_free(priv_key->data);
+ gnutls_free(pub_key->data);
+ gnutls_free(priv_key->data);
cleanup:
- gnutls_pk_params_clear(&params);
- return ret;
+ gnutls_pk_params_clear(&params);
+ return ret;
}
/* Note that the value of Z will have the leading bytes stripped if they are zero -
@@ -1052,9 +1048,9 @@ int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params,
ret = 0;
cleanup:
- gnutls_pk_params_clear(&pub);
- gnutls_pk_params_clear(&priv);
- return ret;
+ gnutls_pk_params_clear(&pub);
+ gnutls_pk_params_clear(&priv);
+ return ret;
}
int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
@@ -1101,12 +1097,12 @@ int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
ret = 0;
goto cleanup;
fail:
- gnutls_free(y->data);
- gnutls_free(x->data);
- gnutls_free(k->data);
+ gnutls_free(y->data);
+ gnutls_free(x->data);
+ gnutls_free(k->data);
cleanup:
- gnutls_pk_params_clear(&params);
- return ret;
+ gnutls_pk_params_clear(&params);
+ return ret;
}
int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
@@ -1181,9 +1177,9 @@ int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
ret = 0;
cleanup:
- gnutls_pk_params_clear(&pub);
- gnutls_pk_params_clear(&priv);
- return ret;
+ gnutls_pk_params_clear(&pub);
+ gnutls_pk_params_clear(&priv);
+ return ret;
}
#endif
@@ -1216,7 +1212,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
ret =
dsa_generate_dss_keypair(&pub, y, x,
- NULL, rnd_func,
+ NULL, rnd_func,
NULL, NULL);
if (ret != 1) {
gnutls_assert();
@@ -1410,7 +1406,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
- ret = _gnutls_mpi_init_multi(&params->params[ECC_X], &params->params[ECC_Y],
+ ret = _gnutls_mpi_init_multi(&params->params[ECC_X], &params->params[ECC_Y],
&params->params[ECC_K], NULL);
if (ret < 0) {
gnutls_assert();
diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c
index bfe93c5fbc..e2c945b5f1 100644
--- a/lib/opencdk/armor.c
+++ b/lib/opencdk/armor.c
@@ -304,7 +304,7 @@ static cdk_error_t armor_decode(void *data, FILE * in, FILE * out)
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
ret = base64_decode_update(&ctx, &crcbuf_size, crcbuf,
- len-1, (uint8_t*)buf+1);
+ len-1, (uint8_t*)buf+1);
if (ret == 0)
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
@@ -323,7 +323,7 @@ static cdk_error_t armor_decode(void *data, FILE * in, FILE * out)
if ((ssize_t)raw_size < BASE64_DECODE_LENGTH(len))
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
ret = base64_decode_update(&ctx, &raw_size, raw,
- len, (uint8_t*)buf);
+ len, (uint8_t*)buf);
if (ret == 0)
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
index d272886b68..a4e54926c7 100644
--- a/lib/opencdk/stream.c
+++ b/lib/opencdk/stream.c
@@ -50,9 +50,9 @@ struct stream_filter_s *filter_add(cdk_stream_t s, filter_fnct_t fnc,
/* FIXME: The read/write/putc/getc function cannot directly
- return an error code. It is stored in an error variable
- inside the string. Right now there is no code to
- return the error code or to reset it. */
+ return an error code. It is stored in an error variable
+ inside the string. Right now there is no code to
+ return the error code or to reset it. */
/**
* cdk_stream_open:
diff --git a/lib/openpgp/openpgp.c b/lib/openpgp/openpgp.c
index 68cf932d26..783f77af12 100644
--- a/lib/openpgp/openpgp.c
+++ b/lib/openpgp/openpgp.c
@@ -191,8 +191,8 @@ gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t res,
*/
int
gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_openpgp_privkey_t *key)
+ unsigned index,
+ gnutls_openpgp_privkey_t *key)
{
if (index >= res->ncerts) {
gnutls_assert();
@@ -230,9 +230,9 @@ gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res,
*/
int
gnutls_certificate_get_openpgp_crt(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_openpgp_crt_t **crt_list,
- unsigned *crt_list_size)
+ unsigned index,
+ gnutls_openpgp_crt_t **crt_list,
+ unsigned *crt_list_size)
{
int ret;
unsigned i;
diff --git a/lib/pcert.c b/lib/pcert.c
index 6127f182d5..3fdce92017 100644
--- a/lib/pcert.c
+++ b/lib/pcert.c
@@ -107,8 +107,8 @@ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
* Since: 3.4.0
**/
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
- gnutls_x509_crt_t *crt, unsigned *ncrt,
- unsigned int flags)
+ gnutls_x509_crt_t *crt, unsigned *ncrt,
+ unsigned int flags)
{
int ret;
unsigned i;
@@ -145,10 +145,10 @@ int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
return 0;
cleanup:
- for (i=0;i<current;i++) {
- gnutls_pcert_deinit(&pcert[i]);
- }
- return ret;
+ for (i=0;i<current;i++) {
+ gnutls_pcert_deinit(&pcert[i]);
+ }
+ return ret;
}
@@ -422,7 +422,7 @@ int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert,
* Since: 3.4.0
*/
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
- gnutls_x509_crt_t * crt)
+ gnutls_x509_crt_t * crt)
{
int ret;
@@ -464,7 +464,7 @@ int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
* Since: 3.4.0
*/
int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert,
- gnutls_openpgp_crt_t * crt)
+ gnutls_openpgp_crt_t * crt)
{
int ret;
diff --git a/lib/pk.c b/lib/pk.c
index 5af82908ed..2dddb49560 100644
--- a/lib/pk.c
+++ b/lib/pk.c
@@ -101,7 +101,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
ret = 0;
cleanup:
- gnutls_free(tmp);
+ gnutls_free(tmp);
asn1_delete_structure(&sig);
return ret;
}
@@ -321,8 +321,8 @@ void gnutls_pk_params_clear(gnutls_pk_params_st * p)
*/
int
encode_ber_digest_info(const mac_entry_st * e,
- const gnutls_datum_t * digest,
- gnutls_datum_t * output)
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output)
{
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
int result;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index b54f532a8f..e1ea59ce33 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -52,7 +52,7 @@ struct gnutls_pkcs11_provider_st {
struct ck_function_list *module;
unsigned active;
unsigned trusted; /* in the sense of p11-kit trusted:
- * it can be used for verification */
+ * it can be used for verification */
struct ck_info info;
};
@@ -511,8 +511,8 @@ gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t obj,
ret = 0;
cleanup:
- pkcs11_close_session(&sinfo);
- return ret;
+ pkcs11_close_session(&sinfo);
+ return ret;
}
/**
@@ -1341,14 +1341,12 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input,
}
if (info != NULL) {
- if (!p11_kit_uri_match_token_info
- (info, &l_tinfo)
- || !p11_kit_uri_match_module_info(info,
- &providers
+ if (!p11_kit_uri_match_token_info(info, &l_tinfo) ||
+ !p11_kit_uri_match_module_info(info, &providers
[x].info)) {
continue;
- }
- }
+ }
+ }
rv = (module)->C_OpenSession(slots[z],
((flags & SESSION_WRITE) ? CKF_RW_SESSION : 0)
@@ -1772,7 +1770,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
a[0].type = CKA_UNWRAP;
a[0].value = &b;
@@ -1780,7 +1778,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
a[0].type = CKA_PRIVATE;
a[0].value = &b;
@@ -1788,7 +1786,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
a[0].type = CKA_TRUSTED;
a[0].value = &b;
@@ -1796,7 +1794,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
a[0].type = CKA_SENSITIVE;
a[0].value = &b;
@@ -1804,7 +1802,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE;
a[0].type = CKA_EXTRACTABLE;
a[0].value = &b;
@@ -1812,7 +1810,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE;
a[0].type = CKA_NEVER_EXTRACTABLE;
a[0].value = &b;
@@ -1820,7 +1818,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE;
a[0].type = CKA_CERTIFICATE_CATEGORY;
a[0].value = &category;
@@ -1828,7 +1826,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && category == 2)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
a[0].type = CKA_ALWAYS_AUTHENTICATE;
a[0].value = &b;
@@ -1836,7 +1834,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH;
/* now recover the object label/id */
a[0].type = CKA_LABEL;
@@ -1902,8 +1900,8 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class,
ret = 0;
cleanup:
- gnutls_free(data.data);
- return ret;
+ gnutls_free(data.data);
+ return ret;
}
static int
@@ -2059,8 +2057,8 @@ gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj, const char *url,
static int
find_token_num_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info, void *input)
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
struct find_token_num *find_data = input;
@@ -2860,8 +2858,8 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
while (pkcs11_find_objects
(sinfo->module, sinfo->pks, ctx, OBJECTS_A_TIME, &count) == CKR_OK
&& count > 0) {
- unsigned j;
- gnutls_datum_t id;
+ unsigned j;
+ gnutls_datum_t id;
find_data->p_list = gnutls_realloc_fast(find_data->p_list, (find_data->current+count)*sizeof(find_data->p_list[0]));
if (find_data->p_list == NULL) {
@@ -2869,7 +2867,7 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
goto fail;
}
- for (j=0;j<count;j++) {
+ for (j=0;j<count;j++) {
a[0].type = CKA_ID;
a[0].value = certid_tmp;
a[0].value_len = sizeof certid_tmp;
@@ -2905,8 +2903,8 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
/* not found */
continue;
}
- }
- }
+ }
+ }
ret =
gnutls_pkcs11_obj_init(&find_data->p_list
@@ -2926,7 +2924,7 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
}
find_data->current++;
- }
+ }
}
pkcs11_find_objects_final(sinfo);
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 5acba77f58..bb9b286b1c 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -47,18 +47,18 @@
int retries = 0; \
int rret; \
ret = find_object (&key->sinfo, &key->pin, &key->ref, key->uinfo, \
- SESSION_LOGIN); \
+ SESSION_LOGIN); \
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { \
if (_gnutls_token_func) \
{ \
rret = pkcs11_call_token_func (key->uinfo, retries++); \
if (rret == 0) continue; \
- } \
+ } \
return gnutls_assert_val(ret); \
} else if (ret < 0) { \
- return gnutls_assert_val(ret); \
- } \
- break; \
+ return gnutls_assert_val(ret); \
+ } \
+ break; \
} while (1);
struct gnutls_pkcs11_privkey_st {
@@ -85,7 +85,7 @@ struct gnutls_pkcs11_privkey_st {
**/
int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
{
- FAIL_IF_LIB_ERROR;
+ FAIL_IF_LIB_ERROR;
*key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st));
if (*key == NULL) {
@@ -273,7 +273,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
if (key->reauth) {
ret =
pkcs11_login(&key->sinfo, &key->pin,
- key->uinfo, 0, 1);
+ key->uinfo, 0, 1);
if (ret < 0) {
gnutls_assert();
_gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
@@ -480,8 +480,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
p11_kit_uri_free(pkey->uinfo);
pkey->uinfo = NULL;
}
- gnutls_free(pkey->url);
- pkey->url = NULL;
+ gnutls_free(pkey->url);
+ pkey->url = NULL;
return ret;
}
@@ -531,7 +531,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
if (key->reauth) {
ret =
pkcs11_login(&key->sinfo, &key->pin,
- key->uinfo, 0, 1);
+ key->uinfo, 0, 1);
if (ret < 0) {
gnutls_assert();
_gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
@@ -1081,7 +1081,7 @@ static int load_pubkey_obj(gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t pub)
ret = gnutls_pubkey_import_x509(pub, crt, 0);
cleanup:
- gnutls_x509_crt_deinit(crt);
+ gnutls_x509_crt_deinit(crt);
return ret;
}
@@ -1173,8 +1173,8 @@ _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub,
**/
int
gnutls_pkcs11_privkey_export_pubkey(gnutls_pkcs11_privkey_t pkey,
- gnutls_x509_crt_fmt_t fmt,
- gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t fmt,
+ gnutls_datum_t * data,
unsigned int flags)
{
int ret;
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 5732a8e373..79c1f93c9e 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -162,12 +162,12 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url,
id_size = sizeof(id);
ret = gnutls_x509_crt_get_subject_key_id(crt, id, &id_size, NULL);
if (ret < 0) {
- id_size = sizeof(id);
+ id_size = sizeof(id);
ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
- }
+ }
}
a[1].value = id;
@@ -494,7 +494,7 @@ gnutls_pkcs11_copy_pubkey(const char *token_url,
ret = 0;
cleanup:
- clean_pubkey(a, a_val);
+ clean_pubkey(a, a_val);
pkcs11_close_session(&sinfo);
return ret;
@@ -980,8 +980,8 @@ struct delete_data_st {
static int
delete_obj_url_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info, void *input)
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
struct delete_data_st *find_data = input;
struct ck_attribute a[4];
diff --git a/lib/pkcs11x.c b/lib/pkcs11x.c
index eb7b9a0595..b12918a47a 100644
--- a/lib/pkcs11x.c
+++ b/lib/pkcs11x.c
@@ -149,12 +149,12 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t
ret = 0;
cleanup:
- if (crt != NULL)
- gnutls_x509_crt_deinit(crt);
+ if (crt != NULL)
+ gnutls_x509_crt_deinit(crt);
if (finalize != 0)
pkcs11_find_objects_final(sinfo);
- gnutls_free(ext_data);
- return ret;
+ gnutls_free(ext_data);
+ return ret;
}
@@ -225,7 +225,7 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
ret = 0;
cleanup:
- pkcs11_find_objects_final(sinfo);
+ pkcs11_find_objects_final(sinfo);
return ret;
}
@@ -292,8 +292,8 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj,
ret = 0;
cleanup:
- if (deinit_spki)
- gnutls_free(spki.data);
+ if (deinit_spki)
+ gnutls_free(spki.data);
return ret;
}
diff --git a/lib/prf.c b/lib/prf.c
index 0eac36f9f7..34c398fd70 100644
--- a/lib/prf.c
+++ b/lib/prf.c
@@ -127,9 +127,9 @@ P_hash(gnutls_mac_algorithm_t algorithm,
*/
static int
_gnutls_PRF_raw(gnutls_mac_algorithm_t mac,
- const uint8_t * secret, unsigned int secret_size,
- const char *label, int label_size, const uint8_t * seed,
- int seed_size, int total_bytes, void *ret)
+ const uint8_t * secret, unsigned int secret_size,
+ const char *label, int label_size, const uint8_t * seed,
+ int seed_size, int total_bytes, void *ret)
{
int l_s, s_seed_size;
const uint8_t *s1, *s2;
@@ -155,7 +155,7 @@ _gnutls_PRF_raw(gnutls_mac_algorithm_t mac,
if (mac != GNUTLS_MAC_UNKNOWN) {
result =
P_hash(mac, secret, secret_size,
- s_seed, s_seed_size,
+ s_seed, s_seed_size,
total_bytes, ret);
if (result < 0) {
gnutls_assert();
@@ -230,10 +230,10 @@ _gnutls_PRF(gnutls_session_t session,
#ifdef ENABLE_FIPS140
int
_gnutls_prf_raw(gnutls_mac_algorithm_t mac,
- size_t master_size, const void *master,
- size_t label_size, const char *label,
- size_t seed_size, const char *seed, size_t outsize,
- char *out);
+ size_t master_size, const void *master,
+ size_t label_size, const char *label,
+ size_t seed_size, const char *seed, size_t outsize,
+ char *out);
/*-
* _gnutls_prf_raw:
@@ -254,10 +254,10 @@ _gnutls_prf_raw(gnutls_mac_algorithm_t mac,
-*/
int
_gnutls_prf_raw(gnutls_mac_algorithm_t mac,
- size_t master_size, const void *master,
- size_t label_size, const char *label,
- size_t seed_size, const char *seed, size_t outsize,
- char *out)
+ size_t master_size, const void *master,
+ size_t label_size, const char *label,
+ size_t seed_size, const char *seed, size_t outsize,
+ char *out)
{
return _gnutls_PRF_raw(mac,
master, master_size,
diff --git a/lib/privkey.c b/lib/privkey.c
index 4782454d07..030d72cb0c 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -495,7 +495,7 @@ int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, uns
*/
int
gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t *key)
+ gnutls_pkcs11_privkey_t *key)
{
int ret;
@@ -756,7 +756,7 @@ gnutls_privkey_import_x509(gnutls_privkey_t pkey,
*/
int
gnutls_privkey_export_x509(gnutls_privkey_t pkey,
- gnutls_x509_privkey_t *key)
+ gnutls_x509_privkey_t *key)
{
int ret;
@@ -1011,7 +1011,7 @@ int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
*/
int
gnutls_privkey_export_openpgp(gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t *key)
+ gnutls_openpgp_privkey_t *key)
{
int ret;
@@ -1383,7 +1383,7 @@ gnutls_privkey_import_url(gnutls_privkey_t key, const char *url,
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
cleanup:
- return ret;
+ return ret;
}
/**
diff --git a/lib/record.c b/lib/record.c
index 746e7c2b8b..69cd6c2871 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -626,8 +626,7 @@ get_packet_from_buffers(gnutls_session_t session, content_type_t type,
if (_gnutls_record_buffer_get_size(session) > 0) {
int ret;
ret =
- _gnutls_record_buffer_get_packet(type, session,
- packet);
+ _gnutls_record_buffer_get_packet(type, session, packet);
if (ret < 0) {
if (IS_DTLS(session)) {
if (ret == GNUTLS_E_UNEXPECTED_PACKET) {
@@ -1404,7 +1403,7 @@ check_session_status(gnutls_session_t session)
* prior to anything else. */
if (session->security_parameters.entity == GNUTLS_CLIENT &&
(session->internals.flags & GNUTLS_ENABLE_FALSE_START)) {
- /* Attempt to complete handshake */
+ /* Attempt to complete handshake */
session->internals.recv_state = RECV_STATE_FALSE_START_HANDLING;
ret = gnutls_handshake(session);
@@ -1558,7 +1557,7 @@ gnutls_record_discard_queued(gnutls_session_t session)
**/
ssize_t
gnutls_record_recv_packet(gnutls_session_t session,
- gnutls_packet_t *packet)
+ gnutls_packet_t *packet)
{
int ret;
@@ -1574,7 +1573,7 @@ gnutls_record_recv_packet(gnutls_session_t session,
return ret;
ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1,
- session->internals.record_timeout_ms);
+ session->internals.record_timeout_ms);
if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
return gnutls_assert_val(ret);
diff --git a/lib/session_pack.c b/lib/session_pack.c
index 5833eb0eaf..39f0737042 100644
--- a/lib/session_pack.c
+++ b/lib/session_pack.c
@@ -274,7 +274,7 @@ _gnutls_session_unpack(gnutls_session_t session,
/* Format:
* 1 byte the credentials type
* 4 bytes the size of the whole structure
- * DH stuff
+ * DH stuff
* 2 bytes the size of secret key in bits
* 4 bytes the size of the prime
* x bytes the prime
@@ -282,12 +282,12 @@ _gnutls_session_unpack(gnutls_session_t session,
* x bytes the generator
* 4 bytes the size of the public key
* x bytes the public key
- * RSA stuff
+ * RSA stuff
* 4 bytes the size of the modulus
* x bytes the modulus
* 4 bytes the size of the exponent
* x bytes the exponent
- * CERTIFICATES
+ * CERTIFICATES
* 4 bytes the length of the certificate list
* 4 bytes the size of first certificate
* x bytes the certificate
@@ -712,8 +712,8 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
*
* 4 bytes the new record padding flag
* 4 bytes the ECC curve
- * -------------------
- * MAX: 169 bytes
+ * -------------------
+ * MAX: 169 bytes
*
*/
static int
diff --git a/lib/str.c b/lib/str.c
index e78383fd07..b76296a075 100644
--- a/lib/str.c
+++ b/lib/str.c
@@ -475,7 +475,7 @@ char *_gnutls_bin2hex(const void *_old, size_t oldlen,
* @hex_size: size of hex data
* @bin_data: output array with binary data
* @bin_size: when calling should hold maximum size of @bin_data,
- * on return will hold actual length of @bin_data.
+ * on return will hold actual length of @bin_data.
*
* Convert a buffer with hex data to binary data. This function
* unlike gnutls_hex_decode() can parse hex data with separators
diff --git a/lib/str.h b/lib/str.h
index c723e1457a..5bda483a64 100644
--- a/lib/str.h
+++ b/lib/str.h
@@ -129,93 +129,93 @@ int _gnutls_hostname_compare(const char *certname, size_t certnamesize,
#define MAX_DN 1024
#define BUFFER_APPEND(b, x, s) { \
- ret = _gnutls_buffer_append_data(b, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data(b, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
/* append data prefixed with 4-bytes length field*/
#define BUFFER_APPEND_PFX4(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_PFX3(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_PFX2(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_PFX1(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_NUM(b, s) { \
- ret = _gnutls_buffer_append_prefix(b, 32, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_prefix(b, 32, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_POP(b, x, s) { \
- size_t is = s; \
- _gnutls_buffer_pop_data(b, x, &is); \
- if (is != s) { \
- ret = GNUTLS_E_PARSING_ERROR; \
- gnutls_assert(); \
- goto error; \
- } \
+ size_t is = s; \
+ _gnutls_buffer_pop_data(b, x, &is); \
+ if (is != s) { \
+ ret = GNUTLS_E_PARSING_ERROR; \
+ gnutls_assert(); \
+ goto error; \
+ } \
}
#define BUFFER_POP_DATUM(b, o) { \
- gnutls_datum_t d; \
- ret = _gnutls_buffer_pop_datum_prefix(b, &d); \
- if (ret >= 0) \
- ret = _gnutls_set_datum (o, d.data, d.size); \
- if (ret < 0) { \
- gnutls_assert(); \
- goto error; \
- } \
+ gnutls_datum_t d; \
+ ret = _gnutls_buffer_pop_datum_prefix(b, &d); \
+ if (ret >= 0) \
+ ret = _gnutls_set_datum (o, d.data, d.size); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
}
#define BUFFER_POP_NUM(b, o) { \
- size_t s; \
- ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
- if (ret < 0) { \
- gnutls_assert(); \
- goto error; \
- } \
- o = s; \
+ size_t s; \
+ ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
+ o = s; \
}
#define BUFFER_POP_CAST_NUM(b, o) { \
- size_t s; \
- ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
- if (ret < 0) { \
- gnutls_assert(); \
- goto error; \
- } \
- o = (void *) (intptr_t)(s); \
+ size_t s; \
+ ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
+ o = (void *) (intptr_t)(s); \
}
#endif
diff --git a/lib/supplemental.c b/lib/supplemental.c
index 4e2df85abd..6ab5b42978 100644
--- a/lib/supplemental.c
+++ b/lib/supplemental.c
@@ -267,7 +267,7 @@ _gnutls_supplemental_register(gnutls_supplemental_entry *entry)
**/
int
gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_type_t type,
- gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func)
+ gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func)
{
gnutls_supplemental_entry tmp_entry;
int ret;
diff --git a/lib/system-keys.h b/lib/system-keys.h
index b5969c3b51..bc755e4c5b 100644
--- a/lib/system-keys.h
+++ b/lib/system-keys.h
@@ -32,7 +32,7 @@ _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url);
int
_gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
- const char *url);
+ const char *url);
void _gnutls_system_key_deinit(void);
int _gnutls_system_key_init(void);
diff --git a/lib/system/inet_ntop.c b/lib/system/inet_ntop.c
index 69920cd772..87760ebf11 100644
--- a/lib/system/inet_ntop.c
+++ b/lib/system/inet_ntop.c
@@ -79,7 +79,7 @@ static const char *inet_ntop6 (const unsigned char *src, char *dst, unsigned siz
*/
const char *
inet_ntop (int af, const void *restrict src,
- char *restrict dst, unsigned cnt)
+ char *restrict dst, unsigned cnt)
{
switch (af)
{
@@ -171,26 +171,26 @@ inet_ntop6 (const unsigned char *src, char *dst, unsigned size)
for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++)
{
if (words[i] == 0)
- {
- if (cur.base == -1)
- cur.base = i, cur.len = 1;
- else
- cur.len++;
- }
+ {
+ if (cur.base == -1)
+ cur.base = i, cur.len = 1;
+ else
+ cur.len++;
+ }
else
- {
- if (cur.base != -1)
- {
- if (best.base == -1 || cur.len > best.len)
- best = cur;
- cur.base = -1;
- }
- }
+ {
+ if (cur.base != -1)
+ {
+ if (best.base == -1 || cur.len > best.len)
+ best = cur;
+ cur.base = -1;
+ }
+ }
}
if (cur.base != -1)
{
if (best.base == -1 || cur.len > best.len)
- best = cur;
+ best = cur;
}
if (best.base != -1 && best.len < 2)
best.base = -1;
@@ -203,28 +203,28 @@ inet_ntop6 (const unsigned char *src, char *dst, unsigned size)
{
/* Are we inside the best run of 0x00's? */
if (best.base != -1 && i >= best.base && i < (best.base + best.len))
- {
- if (i == best.base)
- *tp++ = ':';
- continue;
- }
+ {
+ if (i == best.base)
+ *tp++ = ':';
+ continue;
+ }
/* Are we following an initial run of 0x00s or any real hex? */
if (i != 0)
- *tp++ = ':';
+ *tp++ = ':';
/* Is this address an encapsulated IPv4? */
if (i == 6 && best.base == 0 &&
- (best.len == 6 || (best.len == 5 && words[5] == 0xffff)))
- {
- if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp)))
- return (NULL);
- tp += strlen (tp);
- break;
- }
+ (best.len == 6 || (best.len == 5 && words[5] == 0xffff)))
+ {
+ if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp)))
+ return (NULL);
+ tp += strlen (tp);
+ break;
+ }
{
- int len = sprintf (tp, "%x", words[i]);
- if (len < 0)
- return NULL;
- tp += len;
+ int len = sprintf (tp, "%x", words[i]);
+ if (len < 0)
+ return NULL;
+ tp += len;
}
}
/* Was it a trailing run of 0x00's? */
diff --git a/lib/system/keys-dummy.c b/lib/system/keys-dummy.c
index 269af8038c..31acb4eccf 100644
--- a/lib/system/keys-dummy.c
+++ b/lib/system/keys-dummy.c
@@ -35,12 +35,12 @@ void gnutls_system_key_iter_deinit(gnutls_system_key_iter_t iter)
int
gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter,
- unsigned cert_type,
- char **cert_url,
- char **key_url,
- char **label,
- gnutls_datum_t *der,
- unsigned int flags)
+ unsigned cert_type,
+ char **cert_url,
+ char **key_url,
+ char **label,
+ gnutls_datum_t *der,
+ unsigned int flags)
{
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
@@ -58,7 +58,7 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv
int
_gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
- const char *url)
+ const char *url)
{
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
index 1f5ffad4a2..0df8540aa5 100644
--- a/lib/system/keys-win.c
+++ b/lib/system/keys-win.c
@@ -26,7 +26,6 @@
#define _WIN32_WINNT 0x600
#endif
-
#include "gnutls_int.h"
#include "errors.h"
#include <gnutls/gnutls.h>
@@ -39,7 +38,7 @@
#include <urls.h>
#if !defined(_WIN32)
-# error should not be included
+#error should not be included
#endif
#include <wincrypt.h>
@@ -51,22 +50,22 @@
// MinGW headers may not have these defines
#ifndef NCRYPT_SHA1_ALGORITHM
-#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM
+#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM
#endif
#ifndef NCRYPT_SHA256_ALGORITHM
-#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM
+#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM
#endif
#ifndef NCRYPT_SHA384_ALGORITHM
-#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM
+#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM
#endif
#ifndef NCRYPT_SHA512_ALGORITHM
-#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM
+#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM
#endif
#ifndef NCRYPT_PAD_PKCS1_FLAG
#define NCRYPT_PAD_PKCS1_FLAG 2
#endif
#ifndef NCRYPT_ALGORITHM_PROPERTY
-#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name"
+#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name"
#endif
#ifndef CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID
#define CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID 99
@@ -83,49 +82,62 @@ struct system_key_iter_st {
};
typedef struct priv_st {
- DWORD dwKeySpec; /* CAPI key */
- HCRYPTPROV hCryptProv; /* CAPI keystore*/
- NCRYPT_KEY_HANDLE nc; /* CNG Keystore*/
+ DWORD dwKeySpec; /* CAPI key */
+ HCRYPTPROV hCryptProv; /* CAPI keystore */
+ NCRYPT_KEY_HANDLE nc; /* CNG Keystore */
gnutls_pk_algorithm_t pk;
gnutls_sign_algorithm_t sign_algo;
} priv_st;
-
-typedef SECURITY_STATUS (WINAPI *NCryptDeleteKeyFunc)(
- NCRYPT_KEY_HANDLE hKey,DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptOpenStorageProviderFunc)(
- NCRYPT_PROV_HANDLE *phProvider, LPCWSTR pszProviderName,
- DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptOpenKeyFunc)(
- NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey,
- LPCWSTR pszKeyName, DWORD dwLegacyKeySpec,
- DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptGetPropertyFunc)(
- NCRYPT_HANDLE hObject, LPCWSTR pszProperty,
- PBYTE pbOutput, DWORD cbOutput,
- DWORD *pcbResult, DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptFreeObjectFunc)(
- NCRYPT_HANDLE hObject);
-
-typedef SECURITY_STATUS (WINAPI *NCryptDecryptFunc)(
- NCRYPT_KEY_HANDLE hKey, PBYTE pbInput,
- DWORD cbInput, VOID *pPaddingInfo,
- PBYTE pbOutput, DWORD cbOutput,
- DWORD *pcbResult, DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptSignHashFunc)(
- NCRYPT_KEY_HANDLE hKey, VOID* pPaddingInfo,
- PBYTE pbHashValue, DWORD cbHashValue,
- PBYTE pbSignature, DWORD cbSignature,
- DWORD* pcbResult, DWORD dwFlags);
-
-static int StrCmpW(const WCHAR *str1, const WCHAR *str2 )
+typedef SECURITY_STATUS(WINAPI * NCryptDeleteKeyFunc) (NCRYPT_KEY_HANDLE hKey,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI *
+ NCryptOpenStorageProviderFunc) (NCRYPT_PROV_HANDLE *
+ phProvider,
+ LPCWSTR pszProviderName,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI *
+ NCryptOpenKeyFunc) (NCRYPT_PROV_HANDLE hProvider,
+ NCRYPT_KEY_HANDLE * phKey,
+ LPCWSTR pszKeyName,
+ DWORD dwLegacyKeySpec,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI * NCryptGetPropertyFunc) (NCRYPT_HANDLE hObject,
+ LPCWSTR pszProperty,
+ PBYTE pbOutput,
+ DWORD cbOutput,
+ DWORD * pcbResult,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI * NCryptFreeObjectFunc) (NCRYPT_HANDLE hObject);
+
+typedef SECURITY_STATUS(WINAPI * NCryptDecryptFunc) (NCRYPT_KEY_HANDLE hKey,
+ PBYTE pbInput,
+ DWORD cbInput,
+ VOID * pPaddingInfo,
+ PBYTE pbOutput,
+ DWORD cbOutput,
+ DWORD * pcbResult,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI * NCryptSignHashFunc) (NCRYPT_KEY_HANDLE hKey,
+ VOID * pPaddingInfo,
+ PBYTE pbHashValue,
+ DWORD cbHashValue,
+ PBYTE pbSignature,
+ DWORD cbSignature,
+ DWORD * pcbResult,
+ DWORD dwFlags);
+
+static int StrCmpW(const WCHAR * str1, const WCHAR * str2)
{
- while (*str1 && (*str1 == *str2)) { str1++; str2++; }
+ while (*str1 && (*str1 == *str2)) {
+ str1++;
+ str2++;
+ }
return *str1 - *str2;
}
@@ -154,7 +166,7 @@ static HMODULE ncrypt_lib;
#define WIN_URL_SIZE 11
static int
-get_id(const char *url, uint8_t *bin, size_t *bin_size, unsigned cert)
+get_id(const char *url, uint8_t * bin, size_t * bin_size, unsigned cert)
{
int ret;
unsigned url_size = strlen(url);
@@ -162,10 +174,12 @@ get_id(const char *url, uint8_t *bin, size_t *bin_size, unsigned cert)
gnutls_datum_t tmp;
if (cert != 0) {
- if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
+ if (url_size < sizeof(WIN_URL)
+ || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
} else {
- if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
+ if (url_size < sizeof(WIN_URL)
+ || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
@@ -198,7 +212,7 @@ void *memrev(unsigned char *pvData, DWORD cbData)
char t;
DWORD i;
- for (i = 0; i < cbData / 2; i++){
+ for (i = 0; i < cbData / 2; i++) {
t = pvData[i];
pvData[i] = pvData[cbData - 1 - i];
pvData[cbData - 1 - i] = t;
@@ -208,17 +222,16 @@ void *memrev(unsigned char *pvData, DWORD cbData)
static
int capi_sign(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *raw_data,
- gnutls_datum_t *signature)
+ const gnutls_datum_t * raw_data, gnutls_datum_t * signature)
{
- priv_st *priv = (priv_st*)userdata;
- ALG_ID Algid;
+ priv_st *priv = (priv_st *) userdata;
+ ALG_ID Algid;
HCRYPTHASH hHash = NULL;
uint8_t digest[MAX_HASH_SIZE];
unsigned int digest_size;
gnutls_digest_algorithm_t algo;
DWORD size1 = 0, sizesize = sizeof(DWORD);
- DWORD ret_sig = 0;
+ DWORD ret_sig = 0;
int ret;
signature->data = NULL;
@@ -226,51 +239,78 @@ int capi_sign(gnutls_privkey_t key, void *userdata,
digest_size = raw_data->size;
- switch (digest_size) {
- case 16: Algid = CALG_MD5; break;
- //case 35: size=20; // DigestInfo SHA1
- case 20: Algid = CALG_SHA1; break;
- //case 51: size=32; // DigestInto SHA-256
- case 32: Algid = CALG_SHA_256; break;
- case 36: Algid = CALG_SSL3_SHAMD5; break;
- case 48: Algid = CALG_SHA_384; break;
- case 64: Algid = CALG_SHA_512; break;
- default:
- digest_size = sizeof(digest);
- ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ switch (digest_size) {
+ case 16:
+ Algid = CALG_MD5;
+ break;
+ //case 35: size=20; // DigestInfo SHA1
+ case 20:
+ Algid = CALG_SHA1;
+ break;
+ //case 51: size=32; // DigestInto SHA-256
+ case 32:
+ Algid = CALG_SHA_256;
+ break;
+ case 36:
+ Algid = CALG_SSL3_SHAMD5;
+ break;
+ case 48:
+ Algid = CALG_SHA_384;
+ break;
+ case 64:
+ Algid = CALG_SHA_512;
+ break;
+ default:
+ digest_size = sizeof(digest);
+ ret =
+ decode_ber_digest_info(raw_data, &algo, digest,
+ &digest_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- switch (algo) {
- case GNUTLS_DIG_SHA1: Algid = CALG_SHA1; break;
+ switch (algo) {
+ case GNUTLS_DIG_SHA1:
+ Algid = CALG_SHA1;
+ break;
#ifdef NCRYPT_SHA224_ALGORITHM
- case GNUTLS_DIG_SHA224: Algid = CALG_SHA_224; break;
+ case GNUTLS_DIG_SHA224:
+ Algid = CALG_SHA_224;
+ break;
#endif
- case GNUTLS_DIG_SHA256: Algid = CALG_SHA_256; break;
- case GNUTLS_DIG_SHA384: Algid = CALG_SHA_384; break;
- case GNUTLS_DIG_SHA512: Algid = CALG_SHA_512; break;
- default:
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
- }
+ case GNUTLS_DIG_SHA256:
+ Algid = CALG_SHA_256;
+ break;
+ case GNUTLS_DIG_SHA384:
+ Algid = CALG_SHA_384;
+ break;
+ case GNUTLS_DIG_SHA512:
+ Algid = CALG_SHA_512;
+ break;
+ default:
+ return
+ gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+ }
}
if (!CryptCreateHash(priv->hCryptProv, Algid, 0, 0, &hHash)) {
gnutls_assert();
- _gnutls_debug_log("error in create hash: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in create hash: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
if (!CryptSetHashParam(hHash, HP_HASHVAL, digest, 0)) {
gnutls_assert();
- _gnutls_debug_log("error in set hash val: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in set hash val: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
-
- if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&size1, &sizesize, 0) ||
- digest_size != size1) {
+ if (!CryptGetHashParam
+ (hHash, HP_HASHSIZE, (BYTE *) & size1, &sizesize, 0)
+ || digest_size != size1) {
gnutls_assert();
_gnutls_debug_log("error in hash size: %d\n", (int)size1);
ret = GNUTLS_E_PK_SIGN_FAILED;
@@ -279,20 +319,23 @@ int capi_sign(gnutls_privkey_t key, void *userdata,
if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, NULL, &ret_sig)) {
gnutls_assert();
- _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in pre-signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
signature->size = ret_sig;
- signature->data = (unsigned char*)gnutls_malloc(signature->size);
+ signature->data = (unsigned char *)gnutls_malloc(signature->size);
if (signature->data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) {
+ if (!CryptSignHash
+ (hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) {
gnutls_assert();
- _gnutls_debug_log("error in signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
@@ -303,7 +346,7 @@ int capi_sign(gnutls_privkey_t key, void *userdata,
signature->size = ret_sig;
return 0;
-fail:
+ fail:
if (hHash != 0)
CryptDestroyHash(hHash);
gnutls_free(signature->data);
@@ -312,10 +355,9 @@ fail:
static
int capi_decrypt(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *ciphertext,
- gnutls_datum_t *plaintext)
+ const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext)
{
- priv_st *priv = (priv_st*)userdata;
+ priv_st *priv = (priv_st *) userdata;
DWORD size = 0;
int ret;
@@ -327,22 +369,23 @@ int capi_decrypt(gnutls_privkey_t key, void *userdata,
}
plaintext->size = size = ciphertext->size;
- plaintext->data = (unsigned char*)gnutls_malloc(plaintext->size);
+ plaintext->data = (unsigned char *)gnutls_malloc(plaintext->size);
if (plaintext->data == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
memcpy(plaintext->data, ciphertext->data, size);
- if (0 == CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data, &size))
- {
+ if (0 ==
+ CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data,
+ &size)) {
gnutls_assert();
ret = GNUTLS_E_PK_DECRYPTION_FAILED;
goto fail;
}
return 0;
-fail:
+ fail:
gnutls_free(plaintext->data);
return ret;
}
@@ -350,14 +393,14 @@ fail:
static
void capi_deinit(gnutls_privkey_t key, void *userdata)
{
- priv_st *priv = (priv_st*)userdata;
+ priv_st *priv = (priv_st *) userdata;
CryptReleaseContext(priv->hCryptProv, 0);
gnutls_free(priv);
}
static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
{
- priv_st *priv = (priv_st*)userdata;
+ priv_st *priv = (priv_st *) userdata;
if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO)
return priv->pk;
@@ -368,8 +411,7 @@ static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
static
int cng_sign(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *raw_data,
- gnutls_datum_t *signature)
+ const gnutls_datum_t * raw_data, gnutls_datum_t * signature)
{
priv_st *priv = userdata;
BCRYPT_PKCS1_PADDING_INFO _info;
@@ -377,7 +419,7 @@ int cng_sign(gnutls_privkey_t key, void *userdata,
DWORD ret_sig = 0;
int ret;
DWORD flags = 0;
- gnutls_datum_t data = {raw_data->data, raw_data->size};
+ gnutls_datum_t data = { raw_data->data, raw_data->size };
uint8_t digest[MAX_HASH_SIZE];
unsigned int digest_size;
gnutls_digest_algorithm_t algo;
@@ -391,34 +433,38 @@ int cng_sign(gnutls_privkey_t key, void *userdata,
flags = BCRYPT_PAD_PKCS1;
info = &_info;
- if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */
+ if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */
_info.pszAlgId = NULL;
} else {
digest_size = sizeof(digest);
- ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size);
+ ret =
+ decode_ber_digest_info(raw_data, &algo, digest,
+ &digest_size);
if (ret < 0)
return gnutls_assert_val(ret);
- switch(algo) {
- case GNUTLS_DIG_SHA1:
- _info.pszAlgId = NCRYPT_SHA1_ALGORITHM;
- break;
+ switch (algo) {
+ case GNUTLS_DIG_SHA1:
+ _info.pszAlgId = NCRYPT_SHA1_ALGORITHM;
+ break;
#ifdef NCRYPT_SHA224_ALGORITHM
- case GNUTLS_DIG_SHA224:
- _info.pszAlgId = NCRYPT_SHA224_ALGORITHM;
- break;
+ case GNUTLS_DIG_SHA224:
+ _info.pszAlgId = NCRYPT_SHA224_ALGORITHM;
+ break;
#endif
- case GNUTLS_DIG_SHA256:
- _info.pszAlgId = NCRYPT_SHA256_ALGORITHM;
- break;
- case GNUTLS_DIG_SHA384:
- _info.pszAlgId = NCRYPT_SHA384_ALGORITHM;
- break;
- case GNUTLS_DIG_SHA512:
- _info.pszAlgId = NCRYPT_SHA512_ALGORITHM;
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+ case GNUTLS_DIG_SHA256:
+ _info.pszAlgId = NCRYPT_SHA256_ALGORITHM;
+ break;
+ case GNUTLS_DIG_SHA384:
+ _info.pszAlgId = NCRYPT_SHA384_ALGORITHM;
+ break;
+ case GNUTLS_DIG_SHA512:
+ _info.pszAlgId = NCRYPT_SHA512_ALGORITHM;
+ break;
+ default:
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
}
data.data = digest;
data.size = digest_size;
@@ -429,7 +475,8 @@ int cng_sign(gnutls_privkey_t key, void *userdata,
NULL, 0, &ret_sig, flags);
if (FAILED(r)) {
gnutls_assert();
- _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in pre-signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
@@ -440,11 +487,11 @@ int cng_sign(gnutls_privkey_t key, void *userdata,
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
r = pNCryptSignHash(priv->nc, info, data.data, data.size,
- signature->data, signature->size,
- &ret_sig, flags);
+ signature->data, signature->size, &ret_sig, flags);
if (FAILED(r)) {
gnutls_assert();
- _gnutls_debug_log("error in signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
@@ -459,8 +506,7 @@ int cng_sign(gnutls_privkey_t key, void *userdata,
static
int cng_decrypt(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *ciphertext,
- gnutls_datum_t *plaintext)
+ const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext)
{
priv_st *priv = userdata;
SECURITY_STATUS r;
@@ -475,7 +521,7 @@ int cng_decrypt(gnutls_privkey_t key, void *userdata,
}
r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size,
- NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
+ NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
if (FAILED(r)) {
gnutls_assert();
return GNUTLS_E_PK_DECRYPTION_FAILED;
@@ -489,8 +535,8 @@ int cng_decrypt(gnutls_privkey_t key, void *userdata,
}
r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size,
- NULL, plaintext->data, plaintext->size,
- &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
+ NULL, plaintext->data, plaintext->size,
+ &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
if (FAILED(r)) {
gnutls_assert();
ret = GNUTLS_E_PK_DECRYPTION_FAILED;
@@ -537,9 +583,7 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
* Since: 3.4.0
*
-*/
-int
-_gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
- const char *url)
+int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
{
uint8_t id[MAX_WID_SIZE];
HCERTSTORE store = NULL;
@@ -556,8 +600,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
WCHAR algo_str[64];
DWORD algo_str_size = 0;
priv_st *priv;
- DWORD i,dwErrCode = 0;
-
+ DWORD i, dwErrCode = 0;
if (ncrypt_init == 0)
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
@@ -585,17 +628,16 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
}
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_KEY_IDENTIFIER,
- &blob,
- NULL);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_KEY_IDENTIFIER,
+ &blob, NULL);
if (cert == NULL) {
char buf[64];
_gnutls_debug_log("cannot find ID: %s from %s\n",
- _gnutls_bin2hex(id, id_size,
- buf, sizeof(buf), NULL), url);
+ _gnutls_bin2hex(id, id_size,
+ buf, sizeof(buf), NULL), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
@@ -605,7 +647,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
NULL, &kpi_size);
if (r == 0) {
_gnutls_debug_log("error in getting context: %d from %s\n",
- (int)GetLastError(), url);
+ (int)GetLastError(), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
@@ -621,26 +663,29 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
kpi, &kpi_size);
if (r == 0) {
_gnutls_debug_log("error in getting context: %d from %s\n",
- (int)GetLastError(), url);
+ (int)GetLastError(), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0);
- if (!FAILED(r)) /* if this works carry on with CNG*/
- {
+ if (!FAILED(r)) { /* if this works carry on with CNG */
r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0);
if (FAILED(r)) {
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY,
- (BYTE*)algo_str, sizeof(algo_str),
- &algo_str_size, 0);
+ (BYTE *) algo_str, sizeof(algo_str),
+ &algo_str_size, 0);
if (FAILED(r)) {
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
@@ -661,36 +706,39 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
priv->pk = GNUTLS_PK_EC;
priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512;
} else {
- _gnutls_debug_log("unknown key algorithm: %ls\n", algo_str);
+ _gnutls_debug_log("unknown key algorithm: %ls\n",
+ algo_str);
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
priv->nc = nc;
ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign,
- (enc_too!=0)?cng_decrypt:NULL,
- cng_deinit,
- cng_info, 0);
+ (enc_too !=
+ 0) ? cng_decrypt : NULL,
+ cng_deinit, cng_info, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
- /* this should be CAPI*/
- _gnutls_debug_log("error in opening CNG keystore: %x from %ls\n",
- (int) r, kpi->pwszProvName);
+ /* this should be CAPI */
+ _gnutls_debug_log
+ ("error in opening CNG keystore: %x from %ls\n", (int)r,
+ kpi->pwszProvName);
if (CryptAcquireContextW(&hCryptProv,
- kpi->pwszContainerName,
- kpi->pwszProvName,
- kpi->dwProvType,
- kpi->dwFlags)) {
+ kpi->pwszContainerName,
+ kpi->pwszProvName,
+ kpi->dwProvType, kpi->dwFlags)) {
for (i = 0; i < kpi->cProvParam; i++)
if (!CryptSetProvParam(hCryptProv,
- kpi->rgProvParam[i].dwParam,
- kpi->rgProvParam[i].pbData,
- kpi->rgProvParam[i].dwFlags))
- {
+ kpi->rgProvParam[i].
+ dwParam,
+ kpi->rgProvParam[i].
+ pbData,
+ kpi->rgProvParam[i].
+ dwFlags)) {
dwErrCode = GetLastError();
break;
};
@@ -699,45 +747,59 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
}
if (ERROR_SUCCESS != dwErrCode) {
- _gnutls_debug_log("error in getting cryptprov: %d from %s\n",
- (int)GetLastError(), url);
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ _gnutls_debug_log
+ ("error in getting cryptprov: %d from %s\n",
+ (int)GetLastError(), url);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
{
BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2];
- PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *)buf;
+ PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf;
DWORD len = sizeof(buf);
- if (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_FIRST)) {
+ if (CryptGetProvParam
+ (hCryptProv, PP_ENUMALGS_EX, buf, &len,
+ CRYPT_FIRST)) {
DWORD hash = 0;
do {
switch (pAlgo->aiAlgid) {
- case CALG_RSA_SIGN:
- priv->pk = GNUTLS_PK_RSA;
- enc_too = 1;
- break;
- case CALG_DSS_SIGN:
- priv->pk = priv->pk == GNUTLS_PK_RSA ? GNUTLS_PK_RSA : GNUTLS_PK_DSA;
- break;
- case CALG_SHA1:
- hash = 1;
- break;
- case CALG_SHA_256:
- hash = 256;
- break;
- default:
- break;
+ case CALG_RSA_SIGN:
+ priv->pk = GNUTLS_PK_RSA;
+ enc_too = 1;
+ break;
+ case CALG_DSS_SIGN:
+ priv->pk =
+ priv->pk ==
+ GNUTLS_PK_RSA ?
+ GNUTLS_PK_RSA :
+ GNUTLS_PK_DSA;
+ break;
+ case CALG_SHA1:
+ hash = 1;
+ break;
+ case CALG_SHA_256:
+ hash = 256;
+ break;
+ default:
+ break;
}
- len = sizeof(buf); // reset the buffer size
- } while (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_NEXT));
+ len = sizeof(buf); // reset the buffer size
+ } while (CryptGetProvParam
+ (hCryptProv, PP_ENUMALGS_EX, buf, &len,
+ CRYPT_NEXT));
if (priv->pk == GNUTLS_PK_DSA)
priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
else
- priv->sign_algo = (hash > 1) ? GNUTLS_SIGN_RSA_SHA256 : GNUTLS_SIGN_RSA_SHA1;
+ priv->sign_algo =
+ (hash >
+ 1) ? GNUTLS_SIGN_RSA_SHA256 :
+ GNUTLS_SIGN_RSA_SHA1;
}
}
@@ -745,9 +807,9 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
priv->dwKeySpec = kpi->dwKeySpec;
ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign,
- (enc_too != 0) ? capi_decrypt : NULL,
- capi_deinit,
- capi_info, 0);
+ (enc_too !=
+ 0) ? capi_decrypt : NULL,
+ capi_deinit, capi_info, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -774,8 +836,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
return ret;
}
-int
-_gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
+int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
{
uint8_t id[MAX_WID_SIZE];
HCERTSTORE store = NULL;
@@ -804,18 +865,16 @@ _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
}
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_KEY_IDENTIFIER,
- &blob,
- NULL);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_KEY_IDENTIFIER,
+ &blob, NULL);
if (cert == NULL) {
char buf[64];
_gnutls_debug_log("cannot find ID: %s from %s\n",
- _gnutls_bin2hex(id, id_size,
- buf, sizeof(buf), NULL),
- url);
+ _gnutls_bin2hex(id, id_size,
+ buf, sizeof(buf), NULL), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
@@ -856,15 +915,15 @@ void gnutls_system_key_iter_deinit(gnutls_system_key_iter_t iter)
}
static
-int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
- char **label, gnutls_datum_t *der)
+int get_win_urls(const CERT_CONTEXT * cert, char **cert_url, char **key_url,
+ char **label, gnutls_datum_t * der)
{
BOOL r;
int ret;
DWORD tl_size;
- gnutls_datum_t tmp_label = {NULL, 0};
- char name[MAX_CN*2];
- char hex[MAX_WID_SIZE*2+1];
+ gnutls_datum_t tmp_label = { NULL, 0 };
+ char name[MAX_CN * 2];
+ char hex[MAX_WID_SIZE * 2 + 1];
gnutls_buffer_st str;
#ifdef WORDS_BIGENDIAN
const unsigned bigendian = 1;
@@ -892,18 +951,18 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
if (cert_url)
*cert_url = NULL;
-
tl_size = sizeof(name);
r = CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
name, &tl_size);
- if (r != 0) { /* optional */
- ret = _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian);
+ if (r != 0) { /* optional */
+ ret =
+ _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian);
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (label)
- *label = (char*)tmp_label.data;
+ *label = (char *)tmp_label.data;
}
tl_size = sizeof(name);
@@ -920,7 +979,8 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
goto fail;
}
- ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=cert", hex);
+ ret =
+ _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=cert", hex);
if (ret < 0) {
gnutls_assert();
goto fail;
@@ -933,7 +993,9 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
goto fail;
}
- ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " ");
+ ret =
+ _gnutls_buffer_append_escape(&str, tmp_label.data,
+ tmp_label.size, " ");
if (ret < 0) {
gnutls_assert();
goto fail;
@@ -947,10 +1009,12 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
}
if (cert_url)
- *cert_url = (char*)str.data;
+ *cert_url = (char *)str.data;
_gnutls_buffer_init(&str);
- ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=privkey", hex);
+ ret =
+ _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=privkey",
+ hex);
if (ret < 0) {
gnutls_assert();
goto fail;
@@ -963,7 +1027,9 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
goto fail;
}
- ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " ");
+ ret =
+ _gnutls_buffer_append_escape(&str, tmp_label.data,
+ tmp_label.size, " ");
if (ret < 0) {
gnutls_assert();
goto fail;
@@ -977,24 +1043,24 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
}
if (key_url)
- *key_url = (char*)str.data;
+ *key_url = (char *)str.data;
_gnutls_buffer_init(&str);
ret = 0;
goto cleanup;
fail:
- if (der)
- gnutls_free(der->data);
- if (cert_url)
- gnutls_free(*cert_url);
- if (key_url)
- gnutls_free(*key_url);
- if (label)
- gnutls_free(*label);
+ if (der)
+ gnutls_free(der->data);
+ if (cert_url)
+ gnutls_free(*cert_url);
+ if (key_url)
+ gnutls_free(*key_url);
+ if (label)
+ gnutls_free(*label);
cleanup:
- _gnutls_buffer_clear(&str);
- return ret;
+ _gnutls_buffer_clear(&str);
+ return ret;
}
/**
@@ -1022,13 +1088,12 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
* Since: 3.4.0
**/
int
-gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter,
- unsigned cert_type,
- char **cert_url,
- char **key_url,
- char **label,
- gnutls_datum_t *der,
- unsigned int flags)
+gnutls_system_key_iter_get_info(gnutls_system_key_iter_t * iter,
+ unsigned cert_type,
+ char **cert_url,
+ char **key_url,
+ char **label,
+ gnutls_datum_t * der, unsigned int flags)
{
if (ncrypt_init == 0)
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
@@ -1044,18 +1109,26 @@ gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter,
if ((*iter)->store == NULL) {
gnutls_free(*iter);
*iter = NULL;
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
}
- (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, NULL);
+ (*iter)->cert =
+ CertEnumCertificatesInStore((*iter)->store, NULL);
- return get_win_urls((*iter)->cert, cert_url, key_url, label, der);
+ return get_win_urls((*iter)->cert, cert_url, key_url, label,
+ der);
} else {
if ((*iter)->cert == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, (*iter)->cert);
- return get_win_urls((*iter)->cert, cert_url, key_url, label, der);
+ (*iter)->cert =
+ CertEnumCertificatesInStore((*iter)->store, (*iter)->cert);
+ return get_win_urls((*iter)->cert, cert_url, key_url, label,
+ der);
}
}
@@ -1109,16 +1182,17 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url)
if (store != NULL) {
do {
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_KEY_IDENTIFIER,
- &blob,
- cert);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_KEY_IDENTIFIER,
+ &blob, cert);
if (cert && key_url) {
nc_size = sizeof(nc);
- r = CertGetCertificateContextProperty(cert, CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID,
- &nc, &nc_size);
+ r = CertGetCertificateContextProperty(cert,
+ CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID,
+ &nc,
+ &nc_size);
if (r != 0) {
pNCryptDeleteKey(nc, 0);
pNCryptFreeObject(nc);
@@ -1129,7 +1203,7 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url)
if (cert && cert_url)
CertDeleteCertificateFromStore(cert);
- } while(cert != NULL);
+ } while (cert != NULL);
CertCloseStore(store, 0);
}
@@ -1152,12 +1226,13 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url)
*
* Since: 3.4.0
**/
-int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t privkey,
- const char *label, char **cert_url, char **key_url)
+int gnutls_system_key_add_x509(gnutls_x509_crt_t crt,
+ gnutls_x509_privkey_t privkey, const char *label,
+ char **cert_url, char **key_url)
{
HCERTSTORE store = NULL;
CRYPT_DATA_BLOB pfx;
- gnutls_datum_t _pfx = {NULL, 0};
+ gnutls_datum_t _pfx = { NULL, 0 };
gnutls_pkcs12_t p12 = NULL;
gnutls_pkcs12_bag_t bag1 = NULL, bag2 = NULL;
uint8_t id[MAX_WID_SIZE];
@@ -1273,7 +1348,9 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv
goto cleanup;
}
- ret = gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size, sha);
+ ret =
+ gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size,
+ sha);
gnutls_free(data.data);
if (ret < 0) {
gnutls_assert();
@@ -1284,11 +1361,10 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv
blob.pbData = sha;
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_SHA1_HASH,
- &blob,
- NULL);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_SHA1_HASH,
+ &blob, NULL);
if (cert == NULL) {
gnutls_assert();
@@ -1306,13 +1382,13 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv
ret = 0;
cleanup:
- if (p12 != NULL)
- gnutls_pkcs12_deinit(p12);
- if (bag1 != NULL)
- gnutls_pkcs12_bag_deinit(bag1);
- if (bag2 != NULL)
- gnutls_pkcs12_bag_deinit(bag2);
- if (store != NULL)
+ if (p12 != NULL)
+ gnutls_pkcs12_deinit(p12);
+ if (bag1 != NULL)
+ gnutls_pkcs12_bag_deinit(bag1);
+ if (bag2 != NULL)
+ gnutls_pkcs12_bag_deinit(bag2);
+ if (store != NULL)
CertCloseStore(store, 0);
gnutls_free(_pfx.data);
return ret;
@@ -1328,43 +1404,53 @@ int _gnutls_system_key_init(void)
return gnutls_assert_val(GNUTLS_E_CRYPTO_INIT_FAILED);
}
- pNCryptDeleteKey = (NCryptDeleteKeyFunc)GetProcAddress(ncrypt_lib, "NCryptDeleteKey");
+ pNCryptDeleteKey =
+ (NCryptDeleteKeyFunc) GetProcAddress(ncrypt_lib, "NCryptDeleteKey");
if (pNCryptDeleteKey == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptOpenStorageProvider = (NCryptOpenStorageProviderFunc)GetProcAddress(ncrypt_lib, "NCryptOpenStorageProvider");
+ pNCryptOpenStorageProvider =
+ (NCryptOpenStorageProviderFunc) GetProcAddress(ncrypt_lib,
+ "NCryptOpenStorageProvider");
if (pNCryptOpenStorageProvider == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptOpenKey = (NCryptOpenKeyFunc)GetProcAddress(ncrypt_lib, "NCryptOpenKey");
+ pNCryptOpenKey =
+ (NCryptOpenKeyFunc) GetProcAddress(ncrypt_lib, "NCryptOpenKey");
if (pNCryptOpenKey == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptGetProperty = (NCryptGetPropertyFunc)GetProcAddress(ncrypt_lib, "NCryptGetProperty");
+ pNCryptGetProperty =
+ (NCryptGetPropertyFunc) GetProcAddress(ncrypt_lib,
+ "NCryptGetProperty");
if (pNCryptGetProperty == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptFreeObject = (NCryptFreeObjectFunc)GetProcAddress(ncrypt_lib, "NCryptFreeObject");
+ pNCryptFreeObject =
+ (NCryptFreeObjectFunc) GetProcAddress(ncrypt_lib,
+ "NCryptFreeObject");
if (pNCryptFreeObject == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptDecrypt = (NCryptDecryptFunc)GetProcAddress(ncrypt_lib, "NCryptDecrypt");
+ pNCryptDecrypt =
+ (NCryptDecryptFunc) GetProcAddress(ncrypt_lib, "NCryptDecrypt");
if (pNCryptDecrypt == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptSignHash = (NCryptSignHashFunc)GetProcAddress(ncrypt_lib, "NCryptSignHash");
+ pNCryptSignHash =
+ (NCryptSignHashFunc) GetProcAddress(ncrypt_lib, "NCryptSignHash");
if (pNCryptSignHash == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c
index b81d255183..788ca9ac80 100644
--- a/lib/verify-tofu.c
+++ b/lib/verify-tofu.c
@@ -211,7 +211,7 @@ static int parse_commitment_line(char *line,
/* hash and hex encode */
ret =
_gnutls_hash_fast((gnutls_digest_algorithm_t)hash_algo->id,
- skey->data, skey->size, phash);
+ skey->data, skey->size, phash);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -728,8 +728,8 @@ int gnutls_tdb_init(gnutls_tdb_t * tdb)
* trust storage structure. The function is of the following form.
*
* int gnutls_tdb_store_func(const char* db_name, const char* host,
- * const char* service, time_t expiration,
- * const gnutls_datum_t* pubkey);
+ * const char* service, time_t expiration,
+ * const gnutls_datum_t* pubkey);
*
* The @db_name should be used to pass any private data to this function.
*
@@ -749,8 +749,8 @@ void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
* trust storage structure. The function is of the following form.
*
* int gnutls_tdb_store_commitment_func(const char* db_name, const char* host,
- * const char* service, time_t expiration,
- * gnutls_digest_algorithm_t, const gnutls_datum_t* hash);
+ * const char* service, time_t expiration,
+ * gnutls_digest_algorithm_t, const gnutls_datum_t* hash);
*
* The @db_name should be used to pass any private data to this function.
*
@@ -771,7 +771,7 @@ void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
* trust storage structure. The function is of the following form.
*
* int gnutls_tdb_verify_func(const char* db_name, const char* host,
- * const char* service, const gnutls_datum_t* pubkey);
+ * const char* service, const gnutls_datum_t* pubkey);
*
* The verify function should return zero on a match, %GNUTLS_E_CERTIFICATE_KEY_MISMATCH
* if there is a mismatch and any other negative error code otherwise.
diff --git a/lib/x509.c b/lib/x509.c
index e6d58de15b..07508258de 100644
--- a/lib/x509.c
+++ b/lib/x509.c
@@ -364,8 +364,8 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session,
}
ret =
- check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers,
- cand_issuers_size, &resp, &ocsp_status);
+ check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers,
+ cand_issuers_size, &resp, &ocsp_status);
if (ret < 0) {
CLEAR_CERTS;
@@ -820,11 +820,11 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
/* Try to load the whole certificate chain from the PKCS #11 token */
for (i=0;i<MAX_PKCS11_CERT_CHAIN;i++) {
- ret = gnutls_x509_crt_check_issuer(crt, crt);
- if (i > 0 && ret != 0) {
- /* self signed */
- break;
- }
+ ret = gnutls_x509_crt_check_issuer(crt, crt);
+ if (i > 0 && ret != 0) {
+ /* self signed */
+ break;
+ }
ret = gnutls_pcert_import_x509(&ccert[i], crt, 0);
if (ret < 0) {
@@ -1149,8 +1149,8 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
}
ret =
- gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size,
- GNUTLS_X509_CRT_LIST_SORT);
+ gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size,
+ GNUTLS_X509_CRT_LIST_SORT);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -1174,7 +1174,7 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
return 0;
cleanup:
- gnutls_free(pcerts);
+ gnutls_free(pcerts);
_gnutls_str_array_clear(&names);
return ret;
}
@@ -1203,8 +1203,8 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
*/
int
gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_x509_privkey_t *key)
+ unsigned index,
+ gnutls_x509_privkey_t *key)
{
if (index >= res->ncerts) {
gnutls_assert();
@@ -1242,9 +1242,9 @@ gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
*/
int
gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_x509_crt_t **crt_list,
- unsigned *crt_list_size)
+ unsigned index,
+ gnutls_x509_crt_t **crt_list,
+ unsigned *crt_list_size)
{
int ret;
unsigned i;
@@ -1433,7 +1433,7 @@ gnutls_certificate_set_trust_list(gnutls_certificate_credentials_t res,
**/
void
gnutls_certificate_get_trust_list(gnutls_certificate_credentials_t res,
- gnutls_x509_trust_list_t *tlist)
+ gnutls_x509_trust_list_t *tlist)
{
*tlist = res->tlist;
}
diff --git a/lib/x509.h b/lib/x509.h
index bc11f7b93f..8048416691 100644
--- a/lib/x509.h
+++ b/lib/x509.h
@@ -25,7 +25,7 @@
int _gnutls_x509_cert_verify_peers(gnutls_session_t session,
gnutls_typed_vdata_st * data,
- unsigned int elements,
+ unsigned int elements,
unsigned int *status);
#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE"
diff --git a/lib/x509/common.c b/lib/x509/common.c
index dab7fbb582..6d72338d42 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1624,7 +1624,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert,
unsigned
_gnutls_check_valid_key_id(gnutls_datum_t *key_id,
- gnutls_x509_crt_t cert, time_t now)
+ gnutls_x509_crt_t cert, time_t now)
{
uint8_t id[MAX_KEY_ID_SIZE];
size_t id_size;
diff --git a/lib/x509/common.h b/lib/x509/common.h
index b2413c4511..6716939255 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -241,7 +241,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert,
gnutls_datum_t * rpubkey);
int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt,
- gnutls_datum_t * rpubkey);
+ gnutls_datum_t * rpubkey);
typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t);
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index ebda949fde..5f0abe301e 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -651,8 +651,8 @@ void gnutls_x509_crl_iter_deinit(gnutls_x509_crl_iter_t iter)
int
gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl,
gnutls_x509_crl_iter_t *iter,
- unsigned char *serial,
- size_t * serial_size, time_t * t)
+ unsigned char *serial,
+ size_t * serial_size, time_t * t)
{
int result, _serial_size;
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 51c0e17969..6a9cccaa5e 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -1690,7 +1690,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq,
ret = 0;
cleanup:
asn1_delete_structure(&c2);
- gnutls_free(extensions);
+ gnutls_free(extensions);
return ret;
}
diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c
index 1b0da2e3df..e6a3b1773c 100644
--- a/lib/x509/email-verify.c
+++ b/lib/x509/email-verify.c
@@ -159,8 +159,8 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
*/
ret = 0;
cleanup:
- if (a_email != email) {
- idn_free(a_email);
+ if (a_email != email) {
+ idn_free(a_email);
}
- return ret;
+ return ret;
}
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 8a92849db9..751c2986e6 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -904,6 +904,6 @@ _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
ret = 0;
cleanup:
- gnutls_x509_aki_deinit(aki);
- return ret;
+ gnutls_x509_aki_deinit(aki);
+ return ret;
}
diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c
index 06a8d42c05..fcbb987e64 100644
--- a/lib/x509/hostname-verify.c
+++ b/lib/x509/hostname-verify.c
@@ -118,7 +118,7 @@ static int has_embedded_null(const char *str, unsigned size)
**/
unsigned
gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
- const char *hostname, unsigned int flags)
+ const char *hostname, unsigned int flags)
{
char dnsname[MAX_CN];
size_t dnsnamesize;
@@ -262,8 +262,8 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
*/
ret = 0;
cleanup:
- if (a_hostname != hostname) {
- idn_free(a_hostname);
+ if (a_hostname != hostname) {
+ idn_free(a_hostname);
}
- return ret;
+ return ret;
}
diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c
index 1021a37914..dc8351f6fe 100644
--- a/lib/x509/krb5.c
+++ b/lib/x509/krb5.c
@@ -41,19 +41,19 @@ typedef struct krb5_principal_data {
extern const asn1_static_node krb5_asn1_tab[];
-static void cleanup_principal(krb5_principal_data *princ)
+static void cleanup_principal(krb5_principal_data * princ)
{
- unsigned i;
- if (princ) {
- gnutls_free(princ->realm);
- for (i=0;i<princ->length;i++)
- gnutls_free(princ->data[i]);
+ unsigned i;
+ if (princ) {
+ gnutls_free(princ->realm);
+ for (i = 0; i < princ->length; i++)
+ gnutls_free(princ->data[i]);
memset(princ, 0, sizeof(*princ));
gnutls_free(princ);
- }
+ }
}
-static krb5_principal_data* name_to_principal(const char *_name)
+static krb5_principal_data *name_to_principal(const char *_name)
{
krb5_principal_data *princ;
char *p, *p2, *sp;
@@ -78,7 +78,7 @@ static krb5_principal_data* name_to_principal(const char *_name)
goto fail;
}
- princ->realm = gnutls_strdup(p+1);
+ princ->realm = gnutls_strdup(p + 1);
if (princ->realm == NULL) {
gnutls_assert();
goto fail;
@@ -87,9 +87,11 @@ static krb5_principal_data* name_to_principal(const char *_name)
if (p == p2) {
p = strtok_r(name, "/", &sp);
- while(p) {
+ while (p) {
if (pos == MAX_COMPONENTS) {
- _gnutls_debug_log("%s: Cannot parse names with more than %d components\n", __func__, MAX_COMPONENTS);
+ _gnutls_debug_log
+ ("%s: Cannot parse names with more than %d components\n",
+ __func__, MAX_COMPONENTS);
goto fail;
}
@@ -105,12 +107,13 @@ static krb5_principal_data* name_to_principal(const char *_name)
p = strtok_r(NULL, "/", &sp);
}
- if ((princ->length == 2) && (strcmp (princ->data[0], "krbtgt") == 0)) {
- princ->type = 2; /* KRB_NT_SRV_INST */
+ if ((princ->length == 2)
+ && (strcmp(princ->data[0], "krbtgt") == 0)) {
+ princ->type = 2; /* KRB_NT_SRV_INST */
} else {
- princ->type = 1; /* KRB_NT_PRINCIPAL */
+ princ->type = 1; /* KRB_NT_PRINCIPAL */
}
- } else { /* enterprise */
+ } else { /* enterprise */
princ->data[0] = gnutls_strdup(name);
if (princ->data[0] == NULL) {
gnutls_assert();
@@ -118,13 +121,13 @@ static krb5_principal_data* name_to_principal(const char *_name)
}
princ->length++;
- princ->type = 10; /* KRB_NT_ENTERPRISE */
+ princ->type = 10; /* KRB_NT_ENTERPRISE */
}
goto cleanup;
fail:
- cleanup_principal(princ);
- princ = NULL;
+ cleanup_principal(princ);
+ princ = NULL;
cleanup:
gnutls_free(name);
@@ -135,7 +138,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
{
int ret, result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- krb5_principal_data * princ;
+ krb5_principal_data *princ;
unsigned i;
princ = name_to_principal(name);
@@ -145,7 +148,9 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
goto cleanup;
}
- result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2);
+ result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.KRB5PrincipalName", &c2);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -161,8 +166,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
}
result =
- asn1_write_value(c2, "principalName.name-type", &princ->type,
- 1);
+ asn1_write_value(c2, "principalName.name-type", &princ->type, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -171,8 +175,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
for (i = 0; i < princ->length; i++) {
result =
- asn1_write_value(c2, "principalName.name-string",
- "NEW", 1);
+ asn1_write_value(c2, "principalName.name-string", "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -203,10 +206,10 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
return ret;
}
-static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
+static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st * str)
{
- gnutls_datum_t realm = {NULL, 0};
- gnutls_datum_t component = {NULL, 0};
+ gnutls_datum_t realm = { NULL, 0 };
+ gnutls_datum_t component = { NULL, 0 };
unsigned char name_type[2];
int ret, result, len;
unsigned i;
@@ -219,29 +222,33 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
}
len = sizeof(name_type);
- result = asn1_read_value(c2, "principalName.name-type", name_type, &len);
+ result =
+ asn1_read_value(c2, "principalName.name-type", name_type, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- if (len != 1 || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) {
+ if (len != 1
+ || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) {
ret = GNUTLS_E_INVALID_REQUEST;
goto cleanup;
}
- for (i=0;;i++) {
- snprintf(val, sizeof(val), "principalName.name-string.?%u", i+1);
+ for (i = 0;; i++) {
+ snprintf(val, sizeof(val), "principalName.name-string.?%u",
+ i + 1);
ret = _gnutls_x509_read_value(c2, val, &component);
- if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND
+ || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
break;
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (i>0) {
+ if (i > 0) {
ret = _gnutls_buffer_append_data(str, "/", 1);
if (ret < 0) {
gnutls_assert();
@@ -249,7 +256,9 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
}
}
- ret = _gnutls_buffer_append_data(str, component.data, component.size);
+ ret =
+ _gnutls_buffer_append_data(str, component.data,
+ component.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -273,11 +282,12 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
ret = 0;
cleanup:
_gnutls_free_datum(&component);
- gnutls_free(realm.data);
- return ret;
+ gnutls_free(realm.data);
+ return ret;
}
-int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *name)
+int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der,
+ gnutls_datum_t * name)
{
int ret, result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
@@ -285,7 +295,9 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na
_gnutls_buffer_init(&str);
- result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2);
+ result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.KRB5PrincipalName", &c2);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -318,7 +330,7 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na
return _gnutls_buffer_to_datum(&str, name, 1);
cleanup:
- _gnutls_buffer_clear(&str);
+ _gnutls_buffer_clear(&str);
asn1_delete_structure(&c2);
return ret;
}
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index 776e209825..98c0f0297d 100644
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -40,8 +40,8 @@
// for documentation see the implementation
static int name_constraints_intersect_nodes(name_constraints_node_st * nc1,
- name_constraints_node_st * nc2,
- name_constraints_node_st ** intersection);
+ name_constraints_node_st * nc2,
+ name_constraints_node_st ** intersection);
/*-
* is_nc_empty:
@@ -92,7 +92,7 @@ static unsigned is_nc_empty(struct gnutls_name_constraints_st* nc, unsigned type
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
-*/
static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t* name)
+ const gnutls_datum_t* name)
{
if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI &&
@@ -209,8 +209,8 @@ void _gnutls_name_constraints_node_free(name_constraints_node_st *node)
* Returns: Pointer to newly allocated node or NULL in case of memory error.
-*/
static name_constraints_node_st* name_constraints_node_new(unsigned type,
- unsigned char *data,
- unsigned int size)
+ unsigned char *data,
+ unsigned int size)
{
name_constraints_node_st *tmp = gnutls_malloc(sizeof(struct name_constraints_node_st));
if (tmp == NULL)
@@ -250,8 +250,8 @@ static name_constraints_node_st* name_constraints_node_new(unsigned type,
-*/
static
int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc,
- name_constraints_node_st * _nc2,
- name_constraints_node_st ** _nc_excluded)
+ name_constraints_node_st * _nc2,
+ name_constraints_node_st ** _nc_excluded)
{
name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL, *prev = NULL;
int ret, type, used;
@@ -335,7 +335,7 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc,
}
// if the node from nc2 was not used for intersection, copy it to DEST
// Beware: also copies nodes other than DNS, email, IP,
- // since their counterpart may have been moved in phase 1.
+ // since their counterpart may have been moved in phase 1.
if (!used) {
tmp = name_constraints_node_new(nc2->type, nc2->name.data, nc2->name.size);
if (tmp == NULL) {
@@ -451,9 +451,9 @@ static int _gnutls_name_constraints_append(name_constraints_node_st **_nc,
* Since: 3.3.0
**/
int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt,
- gnutls_x509_name_constraints_t nc,
- unsigned int flags,
- unsigned int *critical)
+ gnutls_x509_name_constraints_t nc,
+ unsigned int flags,
+ unsigned int *critical)
{
int ret;
gnutls_datum_t der = { NULL, 0 };
@@ -526,9 +526,9 @@ int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc)
static
int name_constraints_add(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name,
- unsigned permitted)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name,
+ unsigned permitted)
{
struct name_constraints_node_st * tmp, *prev = NULL;
int ret;
@@ -581,7 +581,7 @@ int name_constraints_add(gnutls_x509_name_constraints_t nc,
* Since: 3.5.0
-*/
int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
- gnutls_x509_name_constraints_t nc2)
+ gnutls_x509_name_constraints_t nc2)
{
int ret;
@@ -621,8 +621,8 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
return name_constraints_add(nc, type, name, 1);
}
@@ -645,8 +645,8 @@ int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
return name_constraints_add(nc, type, name, 0);
}
@@ -666,8 +666,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
* Since: 3.3.0
**/
int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt,
- gnutls_x509_name_constraints_t nc,
- unsigned int critical)
+ gnutls_x509_name_constraints_t nc,
+ unsigned int critical)
{
int ret;
gnutls_datum_t der;
@@ -760,7 +760,7 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t *
* @nc1: name constraints node 1
* @nc2: name constraints node 2
* @_intersection: newly allocated node with intersected constraints,
- * NULL if the intersection is empty
+ * NULL if the intersection is empty
*
* Inspect 2 name constraints nodes (of possibly different types) and allocate
* a new node with intersection of given constraints.
@@ -769,8 +769,8 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t *
-*/
static int
name_constraints_intersect_nodes(name_constraints_node_st * nc1,
- name_constraints_node_st * nc2,
- name_constraints_node_st ** _intersection)
+ name_constraints_node_st * nc2,
+ name_constraints_node_st ** _intersection)
{
// presume empty intersection
name_constraints_node_st *intersection = NULL;
@@ -1029,8 +1029,8 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc,
* Since: 3.3.0
**/
unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
if (type == GNUTLS_SAN_DNSNAME)
return check_dns_constraints(nc, name);
@@ -1049,8 +1049,8 @@ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc,
* is present in the CA, _and_ the name in the end certificate contains
* the constrained element. */
static int check_unsupported_constraint2(gnutls_x509_crt_t cert,
- gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type)
+ gnutls_x509_name_constraints_t nc,
+ gnutls_x509_subject_alt_name_t type)
{
unsigned idx, found_one;
char name[MAX_CN];
@@ -1102,8 +1102,8 @@ static int check_unsupported_constraint2(gnutls_x509_crt_t cert,
* Since: 3.3.0
**/
unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- gnutls_x509_crt_t cert)
+ gnutls_x509_subject_alt_name_t type,
+ gnutls_x509_crt_t cert)
{
char name[MAX_CN];
size_t name_size;
@@ -1212,7 +1212,7 @@ unsigned found_one;
/* ensure there is only a single CN, according to rfc6125 */
name_size = sizeof(name);
ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
- 1, 0, name, &name_size);
+ 1, 0, name, &name_size);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
return gnutls_assert_val(0);
@@ -1300,8 +1300,8 @@ unsigned found_one;
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc,
- unsigned idx,
- unsigned *type, gnutls_datum_t * name)
+ unsigned idx,
+ unsigned *type, gnutls_datum_t * name)
{
unsigned int i;
struct name_constraints_node_st * tmp = nc->permitted;
@@ -1344,8 +1344,8 @@ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc,
- unsigned idx,
- unsigned *type, gnutls_datum_t * name)
+ unsigned idx,
+ unsigned *type, gnutls_datum_t * name)
{
unsigned int i;
struct name_constraints_node_st * tmp = nc->excluded;
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index 597827a58e..eb41fcb295 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -406,11 +406,11 @@ int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req)
* corresponds to the CertID structure:
*
* <informalexample><programlisting>
- * CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- * serialNumber CertificateSerialNumber }
+ * CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ * serialNumber CertificateSerialNumber }
* </programlisting></informalexample>
*
* Each of the pointers to output variables may be NULL to indicate
@@ -522,11 +522,11 @@ gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
* The information needed corresponds to the CertID structure:
*
* <informalexample><programlisting>
- * CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- * serialNumber CertificateSerialNumber }
+ * CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ * serialNumber CertificateSerialNumber }
* </programlisting></informalexample>
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 917cad0e5b..8f8521285b 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -580,7 +580,7 @@ static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t *der)
print_name(str, "\t\t\t", type, &dist, 0);
}
cleanup:
- gnutls_x509_crl_dist_points_deinit(dp);
+ gnutls_x509_crl_dist_points_deinit(dp);
}
static void
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 765d982440..9b280ba857 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1403,9 +1403,9 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len,
* @chain: the corresponding to key certificate chain (may be %NULL)
* @chain_len: will be updated with the number of additional (may be %NULL)
* @extra_certs: optional pointer to receive an array of additional
- * certificates found in the PKCS12 structure (may be %NULL).
+ * certificates found in the PKCS12 structure (may be %NULL).
* @extra_certs_len: will be updated with the number of additional
- * certs (may be %NULL).
+ * certs (may be %NULL).
* @crl: an optional structure to store the parsed CRL (may be %NULL).
* @flags: should be zero or one of GNUTLS_PKCS12_SP_*
*
diff --git a/lib/x509/pkcs7-attrs.c b/lib/x509/pkcs7-attrs.c
index 9bfbe2f329..c948bca224 100644
--- a/lib/x509/pkcs7-attrs.c
+++ b/lib/x509/pkcs7-attrs.c
@@ -51,7 +51,8 @@
* Since: 3.4.2
**/
int
-gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_t *data, unsigned flags)
+gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid,
+ gnutls_datum_t * data, unsigned flags)
{
int ret;
gnutls_pkcs7_attrs_st *r;
@@ -62,7 +63,8 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_
if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) {
ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING,
- data->data, data->size, &r->data);
+ data->data, data->size,
+ &r->data);
} else {
ret = _gnutls_set_datum(&r->data, data->data, data->size);
}
@@ -78,12 +80,12 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_
return 0;
fail:
- if (r) {
- gnutls_free(r->data.data);
- gnutls_free(r);
+ if (r) {
+ gnutls_free(r->data.data);
+ gnutls_free(r);
}
- gnutls_pkcs7_attrs_deinit(*list);
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_pkcs7_attrs_deinit(*list);
+ return GNUTLS_E_MEMORY_ERROR;
}
@@ -106,13 +108,14 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_
* Since: 3.4.2
**/
int
-gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutls_datum_t *data, unsigned flags)
+gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid,
+ gnutls_datum_t * data, unsigned flags)
{
unsigned i;
gnutls_pkcs7_attrs_st *p = list;
int ret;
- for (i=0;i<idx;i++) {
+ for (i = 0; i < idx; i++) {
p = p->next;
if (p == NULL)
break;
@@ -125,7 +128,8 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl
if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) {
ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- p->data.data, p->data.size, data, 1);
+ p->data.data, p->data.size,
+ data, 1);
} else {
ret = _gnutls_set_datum(data, p->data.data, p->data.size);
}
@@ -143,12 +147,11 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl
*
* Since: 3.4.2
**/
-void
-gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list)
+void gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list)
{
gnutls_pkcs7_attrs_st *r = list, *next;
- while(r) {
+ while (r) {
next = r->next;
gnutls_free(r->data.data);
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
index a4bb551662..7f67376ce0 100644
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -53,107 +53,97 @@
#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
-static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] =
-{
+static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = {
{
- .schema = PBES1_DES_MD5,
- .name = "PBES1-DES-CBC-MD5",
- .flag = GNUTLS_PKCS_PBES1_DES_MD5,
- .cipher = GNUTLS_CIPHER_DES_CBC,
- .pbes2 = 0,
- .cipher_oid = PBES1_DES_MD5_OID,
- .write_oid = PBES1_DES_MD5_OID,
- .desc = NULL,
- .decrypt_only = 1
- },
+ .schema = PBES1_DES_MD5,
+ .name = "PBES1-DES-CBC-MD5",
+ .flag = GNUTLS_PKCS_PBES1_DES_MD5,
+ .cipher = GNUTLS_CIPHER_DES_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PBES1_DES_MD5_OID,
+ .write_oid = PBES1_DES_MD5_OID,
+ .desc = NULL,
+ .decrypt_only = 1},
{
- .schema = PBES2_3DES,
- .name = "PBES2-3DES-CBC",
- .flag = GNUTLS_PKCS_PBES2_3DES,
- .cipher = GNUTLS_CIPHER_3DES_CBC,
- .pbes2 = 1,
- .cipher_oid = DES_EDE3_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_3DES,
+ .name = "PBES2-3DES-CBC",
+ .flag = GNUTLS_PKCS_PBES2_3DES,
+ .cipher = GNUTLS_CIPHER_3DES_CBC,
+ .pbes2 = 1,
+ .cipher_oid = DES_EDE3_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_DES,
- .name = "PBES2-DES-CBC",
- .flag = GNUTLS_PKCS_PBES2_DES,
- .cipher = GNUTLS_CIPHER_DES_CBC,
- .pbes2 = 1,
- .cipher_oid = DES_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-des-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_DES,
+ .name = "PBES2-DES-CBC",
+ .flag = GNUTLS_PKCS_PBES2_DES,
+ .cipher = GNUTLS_CIPHER_DES_CBC,
+ .pbes2 = 1,
+ .cipher_oid = DES_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-des-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_128,
- .name = "PBES2-AES128-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_128,
- .cipher = GNUTLS_CIPHER_AES_128_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_128_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes128-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_128,
+ .name = "PBES2-AES128-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_128,
+ .cipher = GNUTLS_CIPHER_AES_128_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_128_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes128-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_192,
- .name = "PBES2-AES192-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_192,
- .cipher = GNUTLS_CIPHER_AES_192_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_192_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes192-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_192,
+ .name = "PBES2-AES192-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_192,
+ .cipher = GNUTLS_CIPHER_AES_192_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_192_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes192-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_256,
- .name = "PBES2-AES256-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_256,
- .cipher = GNUTLS_CIPHER_AES_256_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_256_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes256-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_256,
+ .name = "PBES2-AES256-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_256,
+ .cipher = GNUTLS_CIPHER_AES_256_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_256_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes256-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PKCS12_ARCFOUR_SHA1,
- .name = "PKCS12-ARCFOUR-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_ARCFOUR,
- .cipher = GNUTLS_CIPHER_ARCFOUR,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
- .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_ARCFOUR_SHA1,
+ .name = "PKCS12-ARCFOUR-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_ARCFOUR,
+ .cipher = GNUTLS_CIPHER_ARCFOUR,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
+ .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{
- .schema = PKCS12_RC2_40_SHA1,
- .name = "PKCS12-RC2-40-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_RC2_40,
- .cipher = GNUTLS_CIPHER_RC2_40_CBC,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID,
- .write_oid = PKCS12_PBE_RC2_40_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_RC2_40_SHA1,
+ .name = "PKCS12-RC2-40-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_RC2_40,
+ .cipher = GNUTLS_CIPHER_RC2_40_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID,
+ .write_oid = PKCS12_PBE_RC2_40_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{
- .schema = PKCS12_3DES_SHA1,
- .name = "PKCS12-3DES-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_3DES,
- .cipher = GNUTLS_CIPHER_3DES_CBC,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_3DES_SHA1_OID,
- .write_oid = PKCS12_PBE_3DES_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_3DES_SHA1,
+ .name = "PKCS12-3DES-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_3DES,
+ .cipher = GNUTLS_CIPHER_3DES_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_3DES_SHA1_OID,
+ .write_oid = PKCS12_PBE_3DES_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{0, 0, 0, 0, 0}
};
@@ -167,12 +157,13 @@ static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] =
int _gnutls_pkcs_flags_to_schema(unsigned int flags)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;
+ );
gnutls_assert();
_gnutls_debug_log
("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
- flags);
+ flags);
return PKCS12_3DES_SHA1;
}
@@ -189,11 +180,11 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags)
*/
const char *gnutls_pkcs_schema_get_name(unsigned int schema)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;
+ );
return NULL;
}
-
/**
* gnutls_pkcs_schema_get_oid:
* @schema: Holds the PKCS #12 or PBES2 schema (%gnutls_pkcs_encrypt_flags_t)
@@ -207,16 +198,17 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema)
*/
const char *gnutls_pkcs_schema_get_oid(unsigned int schema)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;
+ );
return NULL;
}
-static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned cipher)
+static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned
+ cipher)
{
- PBES2_SCHEMA_LOOP(
- if (_p->cipher == cipher && _p->pbes2 != 0) {
- return _p;
- });
+ PBES2_SCHEMA_LOOP(if (_p->cipher == cipher && _p->pbes2 != 0) {
+ return _p;}
+ ) ;
gnutls_assert();
return NULL;
@@ -227,9 +219,11 @@ static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned
int _gnutls_check_pkcs_cipher_schema(const char *oid)
{
if (strcmp(oid, PBES2_OID) == 0)
- return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */
+ return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */
- PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {return _p->schema;});
+ PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {
+ return _p->schema;}
+ ) ;
_gnutls_debug_log
("PKCS #12 encryption schema OID '%s' is unsupported.\n", oid);
@@ -238,7 +232,7 @@ int _gnutls_check_pkcs_cipher_schema(const char *oid)
const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema)
{
- PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;);
+ PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;) ;
gnutls_assert();
return NULL;
@@ -247,22 +241,19 @@ const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema)
/* Converts an OID to a gnutls cipher type.
*/
static int
-pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t *algo)
+pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t * algo)
{
*algo = 0;
- PBES2_SCHEMA_LOOP(if (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) {
- *algo = _p->cipher;
- return 0;
- }
- );
+ PBES2_SCHEMA_LOOP(if
+ (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) {
+ *algo = _p->cipher; return 0;}
+ ) ;
- _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n",
- oid);
+ _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
-
/* Decrypts a PKCS #7 encryptedData. The output is allocated
* and stored in dec.
*/
@@ -288,8 +279,7 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
goto error;
}
- result =
- asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -330,8 +320,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
result =
_gnutls_read_pkcs_schema_params(&schema, password,
- &data->data[params_start],
- params_len, &kdf_params, &enc_params);
+ &data->data[params_start],
+ params_len, &kdf_params,
+ &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
@@ -343,8 +334,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
result =
_gnutls_pkcs_raw_decrypt_data(schema, pkcs7_asn,
- "encryptedContentInfo.encryptedContent", password,
- &kdf_params, &enc_params, &tmp);
+ "encryptedContentInfo.encryptedContent",
+ password, &kdf_params, &enc_params,
+ &tmp);
if (result < 0) {
gnutls_assert();
goto error;
@@ -356,15 +348,16 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
return result;
}
int
-_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_cipher_schema_st **p,
- struct pbkdf2_params *kdf_params, char **oid)
+_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data,
+ const struct pkcs_cipher_schema_st **p,
+ struct pbkdf2_params *kdf_params, char **oid)
{
int result, len;
char enc_oid[MAX_OID_SIZE];
@@ -382,8 +375,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe
goto error;
}
- result =
- asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -428,8 +420,9 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe
result =
_gnutls_read_pkcs_schema_params(&schema, NULL,
- &data->data[params_start],
- params_len, kdf_params, &enc_params);
+ &data->data[params_start],
+ params_len, kdf_params,
+ &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
@@ -446,7 +439,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
return result;
@@ -497,15 +490,16 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
*/
result =
- _gnutls_pkcs_generate_key(schema, password, &kdf_params, &enc_params, &key);
+ _gnutls_pkcs_generate_key(schema, password, &kdf_params,
+ &enc_params, &key);
if (result < 0) {
gnutls_assert();
goto error;
}
result = _gnutls_pkcs_write_schema_params(schema, pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
@@ -571,8 +565,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
goto error;
}
-
- error:
+ error:
_gnutls_free_key_datum(&key);
_gnutls_free_datum(&tmp);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
@@ -583,8 +576,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
*/
static int
read_pbkdf2_params(ASN1_TYPE pasn,
- const gnutls_datum_t * der,
- struct pbkdf2_params *params)
+ const gnutls_datum_t * der, struct pbkdf2_params *params)
{
int params_start, params_end;
int params_len, len, result;
@@ -599,8 +591,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
*/
len = sizeof(oid);
result =
- asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid,
- &len);
+ asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -610,8 +601,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
if (strcmp(oid, PBKDF2_OID) != 0) {
gnutls_assert();
_gnutls_debug_log
- ("PKCS #8 key derivation OID '%s' is unsupported.\n",
- oid);
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
return _gnutls_asn2err(result);
}
@@ -638,7 +628,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
result =
_asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start],
- params_len, NULL);
+ params_len, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -671,17 +661,14 @@ read_pbkdf2_params(ASN1_TYPE pasn,
/* read the keylength, if it is set.
*/
result =
- _gnutls_x509_read_uint(pbkdf2_asn, "keyLength",
- &params->key_size);
+ _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", &params->key_size);
if (result < 0) {
params->key_size = 0;
}
_gnutls_hard_log("keyLength: %d\n", params->key_size);
len = sizeof(oid);
- result =
- asn1_read_value(pbkdf2_asn, "prf.algorithm",
- oid, &len);
+ result = asn1_read_value(pbkdf2_asn, "prf.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
/* use the default MAC */
result = 0;
@@ -698,7 +685,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbkdf2_asn);
return result;
@@ -706,8 +693,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
/* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
*/
-static int
-read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
+static int read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
{
int result;
@@ -716,8 +702,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
/* read the salt */
params->salt_size = sizeof(params->salt);
result =
- asn1_read_value(pasn, "salt", params->salt,
- &params->salt_size);
+ asn1_read_value(pasn, "salt", params->salt, &params->salt_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -728,8 +713,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
/* read the iteration count
*/
result =
- _gnutls_x509_read_uint(pasn, "iterations",
- &params->iter_count);
+ _gnutls_x509_read_uint(pasn, "iterations", &params->iter_count);
if (result < 0) {
gnutls_assert();
goto error;
@@ -740,7 +724,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
return 0;
- error:
+ error:
return result;
}
@@ -748,8 +732,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
/* Writes the PBE parameters for PKCS-12 schemas.
*/
static int
-write_pkcs12_kdf_params(ASN1_TYPE pasn,
- const struct pbkdf2_params *kdf_params)
+write_pkcs12_kdf_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params)
{
int result;
@@ -778,15 +761,14 @@ write_pkcs12_kdf_params(ASN1_TYPE pasn,
return 0;
- error:
+ error:
return result;
}
static int
read_pbes2_enc_params(ASN1_TYPE pasn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params)
+ const gnutls_datum_t * der, struct pbe_enc_params *params)
{
int params_start, params_end;
int params_len, len, result;
@@ -799,9 +781,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
/* Check the encryption algorithm
*/
len = sizeof(oid);
- result =
- asn1_read_value(pasn, "encryptionScheme.algorithm", oid,
- &len);
+ result = asn1_read_value(pasn, "encryptionScheme.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -840,7 +820,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
result =
_asn1_strict_der_decode(&pbe_asn, &der->data[params_start],
- params_len, NULL);
+ params_len, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -849,8 +829,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
/* read the IV */
params->iv_size = sizeof(params->iv);
- result =
- asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
+ result = asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -860,7 +839,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbe_asn);
return result;
}
@@ -871,9 +850,9 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
*/
int
_gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
- const uint8_t * data, int data_size,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params)
+ const uint8_t * data, int data_size,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params)
{
ASN1_TYPE pasn = ASN1_TYPE_EMPTY;
int result;
@@ -895,8 +874,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
/* Decode the parameters.
*/
- result =
- _asn1_strict_der_decode(&pasn, data, data_size, NULL);
+ result = _asn1_strict_der_decode(&pasn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -930,8 +908,9 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
*schema = p->schema;
return 0;
} else if (*schema == PBES1_DES_MD5) {
- return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, enc_params);
- } else { /* PKCS #12 schema */
+ return _gnutls_read_pbkdf1_params(data, data_size, kdf_params,
+ enc_params);
+ } else { /* PKCS #12 schema */
memset(enc_params, 0, sizeof(*enc_params));
p = _gnutls_pkcs_schema_get(*schema);
@@ -954,8 +933,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
/* Decode the parameters.
*/
- result =
- _asn1_strict_der_decode(&pasn, data, data_size, NULL);
+ result = _asn1_strict_der_decode(&pasn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -970,16 +948,14 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
if (enc_params->iv_size) {
result =
- _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 2 /*IV*/,
+ _gnutls_pkcs12_string_to_key(mac_to_entry
+ (GNUTLS_MAC_SHA1),
+ 2 /*IV*/,
kdf_params->salt,
- kdf_params->
- salt_size,
- kdf_params->
- iter_count,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
password,
- enc_params->
- iv_size,
+ enc_params->iv_size,
enc_params->iv);
if (result < 0) {
gnutls_assert();
@@ -1000,13 +976,13 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
int
_gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *root, const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t *decrypted_data)
+ const char *root, const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data)
{
int result;
- gnutls_datum_t enc = {NULL, 0};
+ gnutls_datum_t enc = { NULL, 0 };
uint8_t *key = NULL;
gnutls_datum_t dkey, d_iv;
cipher_hd_st ch;
@@ -1026,8 +1002,9 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
if (schema == PBES1_DES_MD5) {
return _gnutls_decrypt_pbes1_des_md5_data(password, pass_len,
- kdf_params, enc_params,
- &enc, decrypted_data);
+ kdf_params,
+ enc_params, &enc,
+ decrypted_data);
}
if (kdf_params->key_size == 0) {
@@ -1045,22 +1022,24 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
/* generate the key
*/
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
if (kdf_params->mac == GNUTLS_MAC_SHA1)
- pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+ pbkdf2_hmac_sha1(pass_len, (uint8_t *) password,
kdf_params->iter_count,
- kdf_params->salt_size, kdf_params->salt,
- key_size, key);
+ kdf_params->salt_size,
+ kdf_params->salt, key_size, key);
else if (kdf_params->mac == GNUTLS_MAC_SHA256)
- pbkdf2_hmac_sha256(pass_len, (uint8_t*)password,
- kdf_params->iter_count,
- kdf_params->salt_size, kdf_params->salt,
- key_size, key);
- else return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
- } else if (p != NULL) { /* PKCS 12 schema */
+ pbkdf2_hmac_sha256(pass_len, (uint8_t *) password,
+ kdf_params->iter_count,
+ kdf_params->salt_size,
+ kdf_params->salt, key_size, key);
+ else
+ return
+ gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+ } else if (p != NULL) { /* PKCS 12 schema */
result =
_gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 1 /*KEY*/,
+ 1 /*KEY*/,
kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count,
@@ -1114,7 +1093,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
return 0;
- error:
+ error:
gnutls_free(enc.data);
gnutls_free(key);
if (ch_init != 0)
@@ -1122,12 +1101,10 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
return result;
}
-
/* Writes the PBKDF2 parameters.
*/
static int
-write_pbkdf2_params(ASN1_TYPE pasn,
- const struct pbkdf2_params *kdf_params)
+write_pbkdf2_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params)
{
int result;
ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
@@ -1171,8 +1148,7 @@ write_pbkdf2_params(ASN1_TYPE pasn,
result = _gnutls_asn2err(result);
goto error;
}
- _gnutls_hard_log("salt.specified.size: %d\n",
- kdf_params->salt_size);
+ _gnutls_hard_log("salt.specified.size: %d\n", kdf_params->salt_size);
/* write the iteration count
*/
@@ -1218,16 +1194,14 @@ write_pbkdf2_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbkdf2_asn);
return result;
}
-
static int
-write_pbes2_enc_params(ASN1_TYPE pasn,
- const struct pbe_enc_params *params)
+write_pbes2_enc_params(ASN1_TYPE pasn, const struct pbe_enc_params *params)
{
int result;
ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
@@ -1260,8 +1234,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn,
}
/* read the salt */
- result =
- asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
+ result = asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1283,7 +1256,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbe_asn);
return result;
@@ -1293,9 +1266,10 @@ write_pbes2_enc_params(ASN1_TYPE pasn,
*/
int
_gnutls_pkcs_generate_key(schema_id schema,
- const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+ const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key)
{
unsigned char rnd[2];
unsigned int pass_len = 0;
@@ -1313,10 +1287,10 @@ _gnutls_pkcs_generate_key(schema_id schema,
/* generate salt */
kdf_params->salt_size =
- MIN(sizeof(kdf_params->salt), (unsigned) (12 + (rnd[1] % 10)));
+ MIN(sizeof(kdf_params->salt), (unsigned)(12 + (rnd[1] % 10)));
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
enc_params->cipher = p->cipher;
} else if (p != NULL) {
/* non PBES2 algorithms */
@@ -1334,12 +1308,11 @@ _gnutls_pkcs_generate_key(schema_id schema,
return GNUTLS_E_RANDOM_FAILED;
}
- kdf_params->iter_count = 5*1024 + rnd[0];
+ kdf_params->iter_count = 5 * 1024 + rnd[0];
key->size = kdf_params->key_size =
gnutls_cipher_get_key_size(enc_params->cipher);
- enc_params->iv_size =
- gnutls_cipher_get_iv_size(enc_params->cipher);
+ enc_params->iv_size = gnutls_cipher_get_iv_size(enc_params->cipher);
key->data = gnutls_malloc(key->size);
if (key->data == NULL) {
gnutls_assert();
@@ -1349,25 +1322,24 @@ _gnutls_pkcs_generate_key(schema_id schema,
/* now generate the key.
*/
- if (p->pbes2 != 0) {
- pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+ if (p->pbes2 != 0) {
+ pbkdf2_hmac_sha1(pass_len, (uint8_t *) password,
kdf_params->iter_count,
kdf_params->salt_size, kdf_params->salt,
kdf_params->key_size, key->data);
if (enc_params->iv_size) {
ret = _gnutls_rnd(GNUTLS_RND_NONCE,
- enc_params->iv,
- enc_params->iv_size);
+ enc_params->iv, enc_params->iv_size);
if (ret < 0) {
gnutls_assert();
return ret;
}
}
- } else { /* PKCS 12 schema */
+ } else { /* PKCS 12 schema */
ret =
_gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 1 /*KEY*/,
+ 1 /*KEY*/,
kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count,
@@ -1383,16 +1355,14 @@ _gnutls_pkcs_generate_key(schema_id schema,
*/
if (enc_params->iv_size) {
ret =
- _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
+ _gnutls_pkcs12_string_to_key(mac_to_entry
+ (GNUTLS_MAC_SHA1),
2 /*IV*/,
kdf_params->salt,
- kdf_params->
- salt_size,
- kdf_params->
- iter_count,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
password,
- enc_params->
- iv_size,
+ enc_params->iv_size,
enc_params->iv);
if (ret < 0) {
gnutls_assert();
@@ -1401,19 +1371,17 @@ _gnutls_pkcs_generate_key(schema_id schema,
}
}
-
return 0;
}
-
/* Encodes the parameters to be written in the encryptionAlgorithm.parameters
* part.
*/
int
_gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params)
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
{
int result;
ASN1_TYPE pasn = ASN1_TYPE_EMPTY;
@@ -1421,7 +1389,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
if ((result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.pkcs-5-PBES2-params",
@@ -1443,8 +1411,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
}
result = _gnutls_x509_der_encode_and_copy(pasn, "",
- pkcs8_asn, where,
- 0);
+ pkcs8_asn, where, 0);
if (result < 0) {
gnutls_assert();
goto error;
@@ -1452,7 +1419,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
asn1_delete_structure(&pasn);
- } else if (p != NULL) { /* PKCS #12 */
+ } else if (p != NULL) { /* PKCS #12 */
if ((result =
asn1_create_element(_gnutls_get_pkix(),
@@ -1470,8 +1437,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
}
result = _gnutls_x509_der_encode_and_copy(pasn, "",
- pkcs8_asn, where,
- 0);
+ pkcs8_asn, where, 0);
if (result < 0) {
gnutls_assert();
goto error;
@@ -1482,7 +1448,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
return result;
@@ -1490,8 +1456,8 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
int
_gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted)
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted)
{
int result;
int data_size;
@@ -1550,10 +1516,9 @@ _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain,
return 0;
- error:
+ error:
gnutls_free(data);
if (ch_init != 0)
_gnutls_cipher_deinit(&ch);
return result;
}
-
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 15a1e17c25..997b51763a 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -49,12 +49,11 @@ static const uint8_t one = 1;
* which holds them. If raw is non null then the raw decoded
* data are copied (they are locally allocated) there.
*/
-static int
-_decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
+static int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
{
char oid[MAX_OID_SIZE];
ASN1_TYPE c2;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
int len, result;
len = sizeof(oid) - 1;
@@ -102,16 +101,20 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
/* read the encapsulated content */
len = sizeof(oid) - 1;
- result = asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len);
+ result =
+ asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
- if (strcmp(oid, PLAIN_DATA_OID) != 0 && strcmp(oid, DIGESTED_DATA_OID) != 0) {
+ if (strcmp(oid, PLAIN_DATA_OID) != 0
+ && strcmp(oid, DIGESTED_DATA_OID) != 0) {
gnutls_assert();
- _gnutls_debug_log("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", oid);
+ _gnutls_debug_log
+ ("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n",
+ oid);
result = GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
goto cleanup;
}
@@ -121,7 +124,7 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
gnutls_free(tmp.data);
return 0;
- cleanup:
+ cleanup:
if (c2)
asn1_delete_structure(&c2);
gnutls_free(tmp.data);
@@ -135,8 +138,7 @@ static int pkcs7_reinit(gnutls_pkcs7_t pkcs7)
asn1_delete_structure(&pkcs7->pkcs7);
result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-7-ContentInfo",
- &pkcs7->pkcs7);
+ "PKIX1.pkcs-7-ContentInfo", &pkcs7->pkcs7);
if (result != ASN1_SUCCESS) {
result = _gnutls_asn2err(result);
gnutls_assert();
@@ -245,8 +247,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
}
pkcs7->expanded = 1;
- result =
- asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
+ result = asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
if (result != ASN1_SUCCESS) {
result = _gnutls_asn2err(result);
gnutls_assert();
@@ -263,7 +264,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
result = 0;
- cleanup:
+ cleanup:
if (need_free)
_gnutls_free_datum(&_data);
return result;
@@ -290,7 +291,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
**/
int
gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
- unsigned indx, gnutls_datum_t *cert)
+ unsigned indx, gnutls_datum_t * cert)
{
int result, len;
char root2[ASN1_MAX_NAME_SIZE];
@@ -330,8 +331,9 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
goto cleanup;
}
- result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
- root2, &start, &end);
+ result =
+ asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data,
+ tmp.size, root2, &start, &end);
if (result != ASN1_SUCCESS) {
gnutls_assert();
@@ -346,7 +348,7 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return result;
}
@@ -376,13 +378,13 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7,
size_t * certificate_size)
{
int ret;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
ret = gnutls_pkcs7_get_crt_raw2(pkcs7, indx, &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
- if ((unsigned) tmp.size > *certificate_size) {
+ if ((unsigned)tmp.size > *certificate_size) {
*certificate_size = tmp.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto cleanup;
@@ -392,12 +394,11 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7,
if (certificate)
memcpy(certificate, tmp.data, tmp.size);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return ret;
}
-
/**
* gnutls_pkcs7_get_crt_count:
* @pkcs7: should contain a #gnutls_pkcs7_t type
@@ -417,7 +418,8 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7)
/* Step 2. Count the CertificateSet */
- result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
+ result =
+ asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return 0; /* no certificates */
@@ -435,7 +437,7 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7)
*
* Since: 3.4.2
**/
-void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info)
+void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st * info)
{
gnutls_free(info->sig.data);
gnutls_free(info->issuer_dn.data);
@@ -478,8 +480,8 @@ static time_t parse_time(gnutls_pkcs7_t pkcs7, const char *root)
ret = _gnutls_x509_get_time(c2, "", 0);
cleanup:
- asn1_delete_structure(&c2);
- return ret;
+ asn1_delete_structure(&c2);
+ return ret;
}
/**
@@ -501,7 +503,8 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7)
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
return 0;
@@ -525,14 +528,15 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7)
*
* Since: 3.4.2
**/
-int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_pkcs7_signature_info_st *info)
+int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx,
+ gnutls_pkcs7_signature_info_st * info)
{
int ret, count, len;
char root[256];
char oid[MAX_OID_SIZE];
gnutls_pk_algorithm_t pk;
gnutls_sign_algorithm_t sig;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned i;
if (pkcs7 == NULL)
@@ -541,14 +545,16 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
memset(info, 0, sizeof(*info));
info->signing_time = -1;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1);
- len = sizeof(oid)-1;
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
@@ -565,9 +571,10 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* use the digests algorithm */
- snprintf(root, sizeof(root), "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1);
- len = sizeof(oid)-1;
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
@@ -598,21 +605,32 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* read the issuer info */
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence",
+ idx + 1);
/* read the signature */
- ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, root, &info->issuer_dn);
+ ret =
+ _gnutls_x509_get_raw_field(pkcs7->signed_data, root,
+ &info->issuer_dn);
if (ret >= 0) {
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber",
+ idx + 1);
/* read the signature */
- ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->signer_serial);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data, root,
+ &info->signer_serial);
if (ret < 0) {
gnutls_assert();
goto fail;
}
- } else { /* keyid */
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1);
+ } else { /* keyid */
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1);
/* read the signature */
- ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->issuer_keyid);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data, root,
+ &info->issuer_keyid);
if (ret < 0) {
gnutls_assert();
}
@@ -624,15 +642,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* read the signing time */
- for (i=0;;i++) {
- snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.type", idx+1, i+1);
- len = sizeof(oid)-1;
+ for (i = 0;; i++) {
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signedAttrs.?%u.type", idx + 1,
+ i + 1);
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
break;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.values.?1", idx+1, i+1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signedAttrs.?%u.values.?1", idx + 1,
+ i + 1);
ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp);
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
tmp.data = NULL;
@@ -657,15 +679,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* read the unsigned attrs */
- for (i=0;;i++) {
- snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.type", idx+1, i+1);
- len = sizeof(oid)-1;
+ for (i = 0;; i++) {
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.unsignedAttrs.?%u.type", idx + 1,
+ i + 1);
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
break;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx+1, i+1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx + 1,
+ i + 1);
ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp);
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
tmp.data = NULL;
@@ -675,7 +701,8 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
goto fail;
}
- ret = gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
+ ret =
+ gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
gnutls_free(tmp.data);
tmp.data = NULL;
@@ -685,11 +712,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
}
- return 0;
+ return 0;
fail:
gnutls_free(tmp.data);
gnutls_pkcs7_signature_info_deinit(info);
- return ret;
+ return ret;
unsupp_algo:
return GNUTLS_E_UNKNOWN_ALGORITHM;
}
@@ -698,11 +725,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
* and matches our calculated hash */
static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
gnutls_sign_algorithm_t algo,
- const gnutls_datum_t *data)
+ const gnutls_datum_t * data)
{
unsigned hash;
- gnutls_datum_t tmp = {NULL, 0};
- gnutls_datum_t tmp2 = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
+ gnutls_datum_t tmp2 = { NULL, 0 };
uint8_t hash_output[MAX_HASH_SIZE];
unsigned hash_size, i;
char oid[MAX_OID_SIZE];
@@ -720,7 +747,9 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
hash_size = gnutls_hash_get_len(hash);
if (data == NULL || data->data == NULL) {
- ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", &tmp);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", &tmp);
if (ret < 0) {
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
@@ -739,11 +768,13 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
return gnutls_assert_val(ret);
/* now verify that hash matches */
- for (i=0;;i++) {
- snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i+1);
+ for (i = 0;; i++) {
+ snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i + 1);
ret = _gnutls_x509_decode_and_read_attribute(pkcs7->signed_data,
- name, oid, sizeof(oid), &tmp, 1, 0);
+ name, oid,
+ sizeof(oid), &tmp,
+ 1, 0);
if (ret < 0) {
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
break;
@@ -751,14 +782,17 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
}
if (strcmp(oid, ATTR_MESSAGE_DIGEST) == 0) {
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- tmp.data, tmp.size, &tmp2, 0);
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
+ tmp.data, tmp.size,
+ &tmp2, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (tmp2.size == hash_size && memcmp(hash_output, tmp2.data, tmp2.size) == 0) {
+ if (tmp2.size == hash_size
+ && memcmp(hash_output, tmp2.data, tmp2.size) == 0) {
msg_digest_ok = 1;
}
} else if (strcmp(oid, ATTR_CONTENT_TYPE) == 0) {
@@ -771,22 +805,26 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
num_cont_types++;
/* check if it matches */
- ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, "encapContentInfo.eContentType", &tmp2);
+ ret =
+ _gnutls_x509_get_raw_field(pkcs7->signed_data,
+ "encapContentInfo.eContentType",
+ &tmp2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (tmp2.size != tmp.size || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) {
+ if (tmp2.size != tmp.size
+ || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) {
gnutls_assert();
ret = GNUTLS_E_PARSING_ERROR;
goto cleanup;
}
}
- gnutls_free(tmp.data);
- tmp.data = NULL;
- gnutls_free(tmp2.data);
- tmp2.data = NULL;
+ gnutls_free(tmp.data);
+ tmp.data = NULL;
+ gnutls_free(tmp2.data);
+ tmp2.data = NULL;
}
if (msg_digest_ok)
@@ -795,19 +833,18 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
cleanup:
- gnutls_free(tmp.data);
- gnutls_free(tmp2.data);
- return ret;
+ gnutls_free(tmp.data);
+ gnutls_free(tmp2.data);
+ return ret;
}
-
/* Returns the data to be used for signature verification. PKCS #7
* decided that this should not be an easy task.
*/
static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root,
- const gnutls_datum_t *data,
+ const gnutls_datum_t * data,
gnutls_sign_algorithm_t algo,
- gnutls_datum_t *sigdata)
+ gnutls_datum_t * sigdata)
{
int ret;
char name[256];
@@ -829,7 +866,10 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root,
/* We have no signedAttrs. Use the provided data, or the encapsulated */
if (data == NULL || data->data == NULL) {
- ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", sigdata);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data,
+ "encapContentInfo.eContent",
+ sigdata);
if (ret < 0) {
gnutls_assert();
return gnutls_assert_val(ret);
@@ -860,10 +900,11 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root,
* Since: 3.4.8
**/
int
-gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_t *data)
+gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx,
+ gnutls_datum_t * data)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
char root[128];
@@ -872,8 +913,9 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -921,15 +963,14 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_
* Since: 3.4.2
**/
int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_t signer,
- unsigned idx,
- const gnutls_datum_t *data,
- unsigned flags)
+ gnutls_x509_crt_t signer,
+ unsigned idx,
+ const gnutls_datum_t * data, unsigned flags)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
- gnutls_datum_t sigdata = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
char root[128];
memset(&info, 0, sizeof(info));
@@ -937,8 +978,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -956,7 +998,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
goto cleanup;
}
- ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig);
+ ret =
+ gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata,
+ &info.sig);
if (ret < 0) {
gnutls_assert();
}
@@ -971,18 +1015,22 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
static
gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
- gnutls_typed_vdata_st *vdata, unsigned vdata_size,
- gnutls_pkcs7_signature_info_st *info)
+ gnutls_typed_vdata_st * vdata,
+ unsigned vdata_size,
+ gnutls_pkcs7_signature_info_st * info)
{
gnutls_x509_crt_t issuer = NULL, crt = NULL;
int ret, count;
uint8_t serial[128];
size_t serial_size;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned i, vtmp;
if (info->issuer_dn.data) {
- ret = gnutls_x509_trust_list_get_issuer_by_dn(tl, &info->issuer_dn, &issuer, 0);
+ ret =
+ gnutls_x509_trust_list_get_issuer_by_dn(tl,
+ &info->issuer_dn,
+ &issuer, 0);
if (ret < 0) {
gnutls_assert();
issuer = NULL;
@@ -990,7 +1038,13 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
}
if (info->issuer_keyid.data && issuer == NULL) {
- ret = gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, NULL, &info->issuer_keyid, &issuer, 0);
+ ret =
+ gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl,
+ NULL,
+ &info->
+ issuer_keyid,
+ &issuer,
+ 0);
if (ret < 0) {
gnutls_assert();
issuer = NULL;
@@ -1003,9 +1057,11 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
}
/* check issuer's key purpose */
- for (i=0;i<vdata_size;i++) {
+ for (i = 0; i < vdata_size; i++) {
if (vdata[i].type == GNUTLS_DT_KEY_PURPOSE_OID) {
- ret = _gnutls_check_key_purpose(issuer, (char*)vdata[i].data, 0);
+ ret =
+ _gnutls_check_key_purpose(issuer,
+ (char *)vdata[i].data, 0);
if (ret == 0) {
gnutls_assert();
goto fail;
@@ -1025,7 +1081,9 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
goto fail;
}
- if (serial_size == info->signer_serial.size && memcmp(info->signer_serial.data, serial, serial_size) == 0) {
+ if (serial_size == info->signer_serial.size
+ && memcmp(info->signer_serial.data, serial,
+ serial_size) == 0) {
/* issuer == signer */
return issuer;
}
@@ -1037,7 +1095,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
goto fail;
}
- for (i=0;i<(unsigned)count;i++) {
+ for (i = 0; i < (unsigned)count; i++) {
/* Try to find the signer in the appended list. */
ret = gnutls_pkcs7_get_crt_raw2(pkcs7, 0, &tmp);
if (ret < 0) {
@@ -1064,14 +1122,19 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
goto fail;
}
- if (serial_size != info->signer_serial.size || memcmp(info->signer_serial.data, serial, serial_size) != 0) {
+ if (serial_size != info->signer_serial.size
+ || memcmp(info->signer_serial.data, serial,
+ serial_size) != 0) {
gnutls_assert();
goto skip;
}
- ret = gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, vdata_size, 0, &vtmp, NULL);
+ ret =
+ gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata,
+ vdata_size, 0, &vtmp,
+ NULL);
if (ret < 0 || vtmp != 0) {
- gnutls_assert(); /* maybe next one is trusted */
+ gnutls_assert(); /* maybe next one is trusted */
skip:
gnutls_x509_crt_deinit(crt);
crt = NULL;
@@ -1097,7 +1160,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
gnutls_free(tmp.data);
if (issuer)
gnutls_x509_crt_deinit(issuer);
-
+
return crt;
}
@@ -1128,14 +1191,13 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
gnutls_typed_vdata_st * vdata,
unsigned int vdata_size,
unsigned idx,
- const gnutls_datum_t *data,
- unsigned flags)
+ const gnutls_datum_t * data, unsigned flags)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
gnutls_x509_crt_t signer;
- gnutls_datum_t sigdata = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
char root[128];
memset(&info, 0, sizeof(info));
@@ -1143,8 +1205,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -1165,7 +1228,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
signer = find_signer(pkcs7, tl, vdata, vdata_size, &info);
if (signer) {
- ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig);
+ ret =
+ gnutls_x509_crt_verify_data2(signer, info.algo, flags,
+ &sigdata, &info.sig);
if (ret < 0) {
gnutls_assert();
}
@@ -1175,7 +1240,6 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
-
cleanup:
gnutls_free(tmpdata.data);
gnutls_free(sigdata.data);
@@ -1195,7 +1259,8 @@ static void disable_opt_fields(gnutls_pkcs7_t pkcs7)
asn1_write_value(pkcs7->signed_data, "crls", NULL, 0);
}
- result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
+ result =
+ asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
if (result != ASN1_SUCCESS || count == 0) {
asn1_write_value(pkcs7->signed_data, "certificates", NULL, 0);
}
@@ -1213,8 +1278,9 @@ static int reencode(gnutls_pkcs7_t pkcs7)
/* Replace the old content with the new
*/
result =
- _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", pkcs7->pkcs7,
- "content", 0);
+ _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "",
+ pkcs7->pkcs7, "content",
+ 0);
if (result < 0) {
return gnutls_assert_val(result);
}
@@ -1222,7 +1288,8 @@ static int reencode(gnutls_pkcs7_t pkcs7)
/* Write the content type of the signed data
*/
result =
- asn1_write_value(pkcs7->pkcs7, "contentType", SIGNED_DATA_OID, 1);
+ asn1_write_value(pkcs7->pkcs7, "contentType",
+ SIGNED_DATA_OID, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1296,8 +1363,7 @@ gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
if ((ret = reencode(pkcs7)) < 0)
return gnutls_assert_val(ret);
- return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7,
- out);
+ return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7, out);
}
/* Creates an empty signed data structure in the pkcs7
@@ -1339,8 +1405,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
goto cleanup;
}
- result =
- asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
+ result = asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1356,10 +1421,9 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
/* Add no signerInfos.
*/
-
return 0;
- cleanup:
+ cleanup:
asn1_delete_structure(sdata);
return result;
@@ -1376,8 +1440,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
+int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
{
int result;
@@ -1391,7 +1454,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
/* The pkcs7 structure is new, so create the
* signedData.
*/
- result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
+ result =
+ create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
if (result < 0) {
gnutls_assert();
return result;
@@ -1409,7 +1473,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
}
result =
- asn1_write_value(pkcs7->signed_data, "certificates.?LAST", "certificate", 1);
+ asn1_write_value(pkcs7->signed_data, "certificates.?LAST",
+ "certificate", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1417,18 +1482,18 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
}
result =
- asn1_write_value(pkcs7->signed_data, "certificates.?LAST.certificate",
- crt->data, crt->size);
+ asn1_write_value(pkcs7->signed_data,
+ "certificates.?LAST.certificate", crt->data,
+ crt->size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
-
result = 0;
- cleanup:
+ cleanup:
return result;
}
@@ -1470,7 +1535,6 @@ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
return 0;
}
-
/**
* gnutls_pkcs7_delete_crt:
* @pkcs7: The pkcs7 type
@@ -1504,7 +1568,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx)
return 0;
- cleanup:
+ cleanup:
return result;
}
@@ -1527,7 +1591,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx)
**/
int
gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
- unsigned indx, gnutls_datum_t *crl)
+ unsigned indx, gnutls_datum_t * crl)
{
int result;
char root2[ASN1_MAX_NAME_SIZE];
@@ -1550,8 +1614,9 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
/* Get the raw CRL
*/
- result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
- root2, &start, &end);
+ result =
+ asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
+ root2, &start, &end);
if (result != ASN1_SUCCESS) {
gnutls_assert();
@@ -1563,7 +1628,7 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
result = _gnutls_set_datum(crl, &tmp.data[start], end);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return result;
}
@@ -1588,13 +1653,13 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
unsigned indx, void *crl, size_t * crl_size)
{
int ret;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
ret = gnutls_pkcs7_get_crl_raw2(pkcs7, indx, &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
- if ((unsigned) tmp.size > *crl_size) {
+ if ((unsigned)tmp.size > *crl_size) {
*crl_size = tmp.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto cleanup;
@@ -1604,7 +1669,7 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
if (crl)
memcpy(crl, tmp.data, tmp.size);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return ret;
}
@@ -1648,8 +1713,7 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
+int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
{
int result;
@@ -1663,7 +1727,8 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
/* The pkcs7 structure is new, so create the
* signedData.
*/
- result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
+ result =
+ create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
if (result < 0) {
gnutls_assert();
return result;
@@ -1680,7 +1745,9 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
goto cleanup;
}
- result = asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, crl->size);
+ result =
+ asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data,
+ crl->size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1689,7 +1756,7 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
result = 0;
- cleanup:
+ cleanup:
return result;
}
@@ -1763,11 +1830,12 @@ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx)
return 0;
- cleanup:
+ cleanup:
return result;
}
-static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t signer, unsigned flags)
+static int write_signer_id(ASN1_TYPE c2, const char *root,
+ gnutls_x509_crt_t signer, unsigned flags)
{
int result;
size_t serial_size;
@@ -1778,8 +1846,7 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
const uint8_t ver = 3;
snprintf(name, sizeof(name), "%s.version", root);
- result =
- asn1_write_value(c2, name, &ver, 1);
+ result = asn1_write_value(c2, name, &ver, 1);
snprintf(name, sizeof(name), "%s.sid", root);
result = asn1_write_value(c2, name, "subjectKeyIdentifier", 1);
@@ -1789,7 +1856,9 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
}
serial_size = sizeof(serial);
- result = gnutls_x509_crt_get_subject_key_id(signer, serial, &serial_size, NULL);
+ result =
+ gnutls_x509_crt_get_subject_key_id(signer, serial,
+ &serial_size, NULL);
if (result < 0)
return gnutls_assert_val(result);
@@ -1801,7 +1870,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
}
} else {
serial_size = sizeof(serial);
- result = gnutls_x509_crt_get_serial(signer, serial, &serial_size);
+ result =
+ gnutls_x509_crt_get_serial(signer, serial, &serial_size);
if (result < 0)
return gnutls_assert_val(result);
@@ -1812,15 +1882,19 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.serialNumber", root);
+ snprintf(name, sizeof(name),
+ "%s.sid.issuerAndSerialNumber.serialNumber", root);
result = asn1_write_value(c2, name, serial, serial_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.issuer", root);
- result = asn1_copy_node(c2, name, signer->cert, "tbsCertificate.issuer");
+ snprintf(name, sizeof(name),
+ "%s.sid.issuerAndSerialNumber.issuer", root);
+ result =
+ asn1_copy_node(c2, name, signer->cert,
+ "tbsCertificate.issuer");
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1830,7 +1904,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
return 0;
}
-static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, unsigned already_set)
+static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
+ unsigned already_set)
{
char name[256];
gnutls_pkcs7_attrs_st *p = attrs;
@@ -1841,7 +1916,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
if (already_set == 0)
asn1_write_value(c2, root, NULL, 0);
} else {
- while(p != NULL) {
+ while (p != NULL) {
result = asn1_write_value(c2, root, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
@@ -1849,8 +1924,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, p->oid, 1);
+ result = asn1_write_value(c2, name, p->oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1863,8 +1937,11 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.?LAST.values.?1", root);
- result = asn1_write_value(c2, name, p->data.data, p->data.size);
+ snprintf(name, sizeof(name), "%s.?LAST.values.?1",
+ root);
+ result =
+ asn1_write_value(c2, name, p->data.data,
+ p->data.size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1877,14 +1954,15 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
return 0;
}
-static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t *data,
- const mac_entry_st *me, gnutls_pkcs7_attrs_t other_attrs,
- unsigned flags)
+static int write_attributes(ASN1_TYPE c2, const char *root,
+ const gnutls_datum_t * data,
+ const mac_entry_st * me,
+ gnutls_pkcs7_attrs_t other_attrs, unsigned flags)
{
char name[256];
int result, ret;
uint8_t digest[MAX_HASH_SIZE];
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned digest_size;
unsigned already_set = 0;
@@ -1903,8 +1981,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1);
+ result = asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -1930,7 +2007,6 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
already_set = 1;
}
-
ret = add_attrs(c2, root, other_attrs, already_set);
if (ret < 0) {
gnutls_assert();
@@ -1947,8 +2023,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1);
+ result = asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -1963,7 +2038,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
return ret;
}
- ret = _gnutls_x509_get_raw_field(c2, "encapContentInfo.eContentType", &tmp);
+ ret =
+ _gnutls_x509_get_raw_field(c2,
+ "encapContentInfo.eContentType",
+ &tmp);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1998,9 +2076,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
}
snprintf(name, sizeof(name), "%s.?LAST", root);
- ret = _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST,
- c2, name,
- digest, digest_size, 1);
+ ret =
+ _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST,
+ c2, name, digest,
+ digest_size, 1);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -2038,15 +2117,14 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_t signer,
gnutls_privkey_t signer_key,
- const gnutls_datum_t *data,
+ const gnutls_datum_t * data,
gnutls_pkcs7_attrs_t signed_attrs,
gnutls_pkcs7_attrs_t unsigned_attrs,
- gnutls_digest_algorithm_t dig,
- unsigned flags)
+ gnutls_digest_algorithm_t dig, unsigned flags)
{
int ret, result;
- gnutls_datum_t sigdata = {NULL, 0};
- gnutls_datum_t signature = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
+ gnutls_datum_t signature = { NULL, 0 };
const mac_entry_st *me = hash_to_entry(dig);
unsigned pk, sigalgo;
@@ -2054,7 +2132,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
return GNUTLS_E_INVALID_REQUEST;
if (pkcs7->signed_data == ASN1_TYPE_EMPTY) {
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", &pkcs7->signed_data);
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-SignedData",
+ &pkcs7->signed_data);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2062,20 +2143,27 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
if (!(flags & GNUTLS_PKCS7_EMBED_DATA)) {
- asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", NULL, 0);
}
}
asn1_write_value(pkcs7->signed_data, "version", &one, 1);
- result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContentType", PLAIN_DATA_OID, 0);
+ result =
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContentType", PLAIN_DATA_OID,
+ 0);
if (result != ASN1_SUCCESS) {
ret = _gnutls_asn2err(result);
goto cleanup;
}
- if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */
- result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", data->data, data->size);
+ if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */
+ result =
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", data->data,
+ data->size);
if (result != ASN1_SUCCESS) {
ret = _gnutls_asn2err(result);
goto cleanup;
@@ -2091,7 +2179,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
/* append digest info algorithm */
- result = asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1);
+ result =
+ asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2099,13 +2188,16 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
result =
- asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.algorithm", _gnutls_x509_digest_to_oid(me), 1);
+ asn1_write_value(pkcs7->signed_data,
+ "digestAlgorithms.?LAST.algorithm",
+ _gnutls_x509_digest_to_oid(me), 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.parameters", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "digestAlgorithms.?LAST.parameters", NULL, 0);
/* append signer's info */
result = asn1_write_value(pkcs7->signed_data, "signerInfos", "NEW", 1);
@@ -2116,7 +2208,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", &one, 1);
+ asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version",
+ &one, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2124,27 +2217,38 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.algorithm", _gnutls_x509_digest_to_oid(me), 1);
+ asn1_write_value(pkcs7->signed_data,
+ "signerInfos.?LAST.digestAlgorithm.algorithm",
+ _gnutls_x509_digest_to_oid(me), 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.parameters", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "signerInfos.?LAST.digestAlgorithm.parameters", NULL,
+ 0);
- ret = write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, flags);
+ ret =
+ write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer,
+ flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", unsigned_attrs, 0);
+ ret =
+ add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs",
+ unsigned_attrs, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = write_attributes(pkcs7->signed_data, "signerInfos.?LAST.signedAttrs", data, me, signed_attrs, flags);
+ ret =
+ write_attributes(pkcs7->signed_data,
+ "signerInfos.?LAST.signedAttrs", data, me,
+ signed_attrs, flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -2160,7 +2264,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
* that a generic RSA OID should be used. We switch to this "unexpected" value
* because some implementations cannot cope with the "expected" signature values.
*/
- ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig, 1);
+ ret =
+ _gnutls_x509_write_sig_params(pkcs7->signed_data,
+ "signerInfos.?LAST.signatureAlgorithm",
+ pk, dig, 1);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -2174,20 +2281,24 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
/* sign the data */
- ret = figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, &sigdata);
+ ret =
+ figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo,
+ &sigdata);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature);
+ ret =
+ gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", signature.data, signature.size);
+ asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature",
+ signature.data, signature.size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2201,4 +2312,3 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
gnutls_free(signature.data);
return ret;
}
-
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index a3dc9ac7b6..73fdc5df4b 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -555,8 +555,8 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
if (key->pk_algorithm == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) {
if (memcmp(ptr, PEM_KEY_PKCS8, sizeof(PEM_KEY_PKCS8)-1) == 0) {
result =
- _gnutls_fbase64_decode(PEM_KEY_PKCS8, begin_ptr,
- left, &_data);
+ _gnutls_fbase64_decode(PEM_KEY_PKCS8,
+ begin_ptr, left, &_data);
if (result >= 0) {
/* signal for PKCS #8 keys */
key->pk_algorithm = -1;
@@ -758,7 +758,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
if (memcmp(ptr, PEM_KEY_RSA, sizeof(PEM_KEY_RSA)-1) == 0 ||
memcmp(ptr, PEM_KEY_ECC, sizeof(PEM_KEY_ECC)-1) == 0 ||
memcmp(ptr, PEM_KEY_DSA, sizeof(PEM_KEY_DSA)-1) == 0) {
- head_enc = 0;
+ head_enc = 0;
}
}
}
@@ -788,7 +788,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
/* use the callback if any */
ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin));
if (ret == 0) {
- password = pin;
+ password = pin;
}
ret =
@@ -1784,17 +1784,17 @@ int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2)
ret = 0;
cleanup:
- gnutls_free(m1.data);
- gnutls_free(e1.data);
- gnutls_free(d1.data);
- gnutls_free(p1.data);
- gnutls_free(q1.data);
- gnutls_free(m2.data);
- gnutls_free(e2.data);
- gnutls_free(d2.data);
- gnutls_free(p2.data);
- gnutls_free(q2.data);
- return ret;
+ gnutls_free(m1.data);
+ gnutls_free(e1.data);
+ gnutls_free(d1.data);
+ gnutls_free(p1.data);
+ gnutls_free(q1.data);
+ gnutls_free(m2.data);
+ gnutls_free(e2.data);
+ gnutls_free(d2.data);
+ gnutls_free(p2.data);
+ gnutls_free(q2.data);
+ return ret;
}
static
@@ -1836,13 +1836,13 @@ int cmp_dsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2)
ret = 0;
cleanup:
- gnutls_free(g1.data);
- gnutls_free(p1.data);
- gnutls_free(q1.data);
- gnutls_free(g2.data);
- gnutls_free(p2.data);
- gnutls_free(q2.data);
- return ret;
+ gnutls_free(g1.data);
+ gnutls_free(p1.data);
+ gnutls_free(q1.data);
+ gnutls_free(g2.data);
+ gnutls_free(p2.data);
+ gnutls_free(q2.data);
+ return ret;
}
/**
@@ -1909,7 +1909,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg
ret = cmp_dsa_key(key, okey);
cleanup:
- gnutls_x509_privkey_deinit(okey);
+ gnutls_x509_privkey_deinit(okey);
return ret;
}
@@ -2224,7 +2224,7 @@ void gnutls_x509_privkey_set_pin_function(gnutls_x509_privkey_t privkey,
*
**/
void gnutls_x509_privkey_set_flags(gnutls_x509_privkey_t key,
- unsigned int flags)
+ unsigned int flags)
{
key->flags |= flags;
}
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index bebc82afc4..74bb466c65 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -70,7 +70,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
case GNUTLS_PK_EC:
ret =
gnutls_x509_privkey_export2(pkey, GNUTLS_X509_FMT_DER,
- raw);
+ raw);
if (ret < 0) {
gnutls_assert();
goto error;
diff --git a/lib/x509/time.c b/lib/x509/time.c
index 9ae270e10e..5ae6be01ee 100644
--- a/lib/x509/time.c
+++ b/lib/x509/time.c
@@ -64,7 +64,7 @@ static const int MONTHDAYS[] = {
/* Whether a given year is a leap year. */
#define ISLEAP(year) \
- (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
+ (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
/*
** Given a struct tm representing a calendar time in UTC, convert it to
@@ -234,10 +234,10 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig
|| gtime >= 253402210800
#endif
) {
- if (tag)
- *tag = ASN1_TAG_GENERALIZEDTime;
- snprintf(str_time, str_time_size, "99991231235959Z");
- return 0;
+ if (tag)
+ *tag = ASN1_TAG_GENERALIZEDTime;
+ snprintf(str_time, str_time_size, "99991231235959Z");
+ return 0;
}
if (!gmtime_r(&gtime, &_tm)) {
@@ -247,11 +247,11 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig
if (_tm.tm_year >= 150) {
if (tag)
- *tag = ASN1_TAG_GENERALIZEDTime;
+ *tag = ASN1_TAG_GENERALIZEDTime;
ret = strftime(str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm);
} else {
if (tag)
- *tag = ASN1_TAG_UTCTime;
+ *tag = ASN1_TAG_UTCTime;
ret = strftime(str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm);
}
if (!ret) {
@@ -273,8 +273,8 @@ gtime_to_generalTime(time_t gtime, char *str_time, size_t str_time_size)
|| gtime >= 253402210800
#endif
) {
- snprintf(str_time, str_time_size, "99991231235959Z");
- return 0;
+ snprintf(str_time, str_time_size, "99991231235959Z");
+ return 0;
}
if (!gmtime_r(&gtime, &_tm)) {
diff --git a/lib/x509/tls_features.c b/lib/x509/tls_features.c
index af5bb06a51..d6055fa28a 100644
--- a/lib/x509/tls_features.c
+++ b/lib/x509/tls_features.c
@@ -214,7 +214,7 @@ int gnutls_x509_crt_set_tlsfeatures(gnutls_x509_crt_t crt,
* Since: 3.5.1
**/
unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat,
- gnutls_x509_crt_t cert)
+ gnutls_x509_crt_t cert)
{
int ret;
gnutls_x509_tlsfeatures_t cfeat;
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 6aa732c7d9..e7484ff439 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -346,7 +346,7 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
static int
advance_iter(gnutls_x509_trust_list_t list,
- gnutls_x509_trust_list_iter_t iter)
+ gnutls_x509_trust_list_iter_t iter)
{
int ret;
@@ -408,8 +408,8 @@ advance_iter(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list,
- gnutls_x509_trust_list_iter_t *iter,
- gnutls_x509_crt_t *crt)
+ gnutls_x509_trust_list_iter_t *iter,
+ gnutls_x509_crt_t *crt)
{
int ret;
@@ -745,9 +745,9 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
if (gnutls_x509_crl_get_this_update(crl_list[i]) >=
gnutls_x509_crl_get_this_update(list->node[hash].crls[x])) {
- gnutls_x509_crl_deinit(list->node[hash].crls[x]);
- list->node[hash].crls[x] = crl_list[i];
- goto next;
+ gnutls_x509_crl_deinit(list->node[hash].crls[x]);
+ list->node[hash].crls[x] = crl_list[i];
+ goto next;
} else {
/* The new is older, discard it */
gnutls_x509_crl_deinit(crl_list[i]);
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 3a0fbe04b7..ecd2369b1c 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -660,8 +660,8 @@ verify_crt(gnutls_x509_crt_t cert,
if (issuer_version < 0) {
MARK_INVALID(0);
} else if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
- ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
- || issuer_version != 1)) {
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1)) {
if (check_if_ca(cert, issuer, &vparams->max_path, flags) != 1) {
MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_CA);
}
@@ -687,11 +687,11 @@ verify_crt(gnutls_x509_crt_t cert,
if (me == NULL) {
MARK_INVALID(0);
} else if (cert_signed_data.data != NULL &&
- cert_signature.data != NULL) {
+ cert_signature.data != NULL) {
ret =
_gnutls_x509_verify_data(me,
&cert_signed_data,
- &cert_signature,
+ &cert_signature,
issuer);
if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE);
@@ -1123,8 +1123,8 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
/* check against issuer */
ret = gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1],
- &raw_issuer, GNUTLS_X509_FMT_DER,
- GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
+ &raw_issuer, GNUTLS_X509_FMT_DER,
+ GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
if (ret < 0) {
gnutls_assert();
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && clist_size > 2) {
@@ -1132,7 +1132,7 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
/* check if the last certificate in the chain is present
* in our trusted list, and if yes, verify against it. */
ret = gnutls_pkcs11_crt_is_known(url, certificate_list[clist_size - 1],
- GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE);
+ GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE);
if (ret != 0) {
return _gnutls_verify_crt_status(certificate_list, clist_size,
&certificate_list[clist_size - 1], 1, flags,
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index a781d2e098..25f1d2691a 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -73,7 +73,7 @@ static int crt_reinit(gnutls_x509_crt_t crt)
* Since: 3.5.0
**/
unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1,
- gnutls_x509_crt_t cert2)
+ gnutls_x509_crt_t cert2)
{
int ret;
bool result;
@@ -305,12 +305,12 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert)
/* handle equally empty parameters with missing parameters */
if (sp1.size == 2 && memcmp(sp1.data, "\x05\x00", 2) == 0) {
empty1 = 1;
- _gnutls_free_datum(&sp1);
+ _gnutls_free_datum(&sp1);
}
if (sp2.size == 2 && memcmp(sp2.data, "\x05\x00", 2) == 0) {
empty2 = 1;
- _gnutls_free_datum(&sp2);
+ _gnutls_free_datum(&sp2);
}
if (empty1 != empty2 ||
@@ -322,9 +322,9 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert)
ret = 0;
cleanup:
- _gnutls_free_datum(&sp1);
- _gnutls_free_datum(&sp2);
- return ret;
+ _gnutls_free_datum(&sp1);
+ _gnutls_free_datum(&sp2);
+ return ret;
}
/**
@@ -889,8 +889,8 @@ gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
- gnutls_free(dsig.data);
- return ret;
+ gnutls_free(dsig.data);
+ return ret;
}
/**
@@ -1225,10 +1225,10 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
- if (aki != NULL)
- gnutls_x509_aki_deinit(aki);
- gnutls_free(der.data);
- return ret;
+ if (aki != NULL)
+ gnutls_x509_aki_deinit(aki);
+ gnutls_free(der.data);
+ return ret;
}
/**
@@ -1311,10 +1311,10 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id,
ret = 0;
cleanup:
- if (aki != NULL)
- gnutls_x509_aki_deinit(aki);
- gnutls_free(der.data);
- return ret;
+ if (aki != NULL)
+ gnutls_x509_aki_deinit(aki);
+ gnutls_free(der.data);
+ return ret;
}
/**
@@ -2139,8 +2139,8 @@ gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx,
ret = 0;
cleanup:
- if (policies != NULL)
- gnutls_x509_policies_deinit(policies);
+ if (policies != NULL)
+ gnutls_x509_policies_deinit(policies);
_gnutls_free_datum(&tmpd);
return ret;
@@ -2846,8 +2846,8 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
return 0; /* not revoked. */
fail:
- gnutls_x509_crl_iter_deinit(iter);
- return ret;
+ gnutls_x509_crl_iter_deinit(iter);
+ return ret;
}
@@ -2919,7 +2919,7 @@ gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
@@ -3090,9 +3090,9 @@ gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
- gnutls_free(ext.data);
- if (p!=NULL)
- gnutls_x509_key_purpose_deinit(p);
+ gnutls_free(ext.data);
+ if (p!=NULL)
+ gnutls_x509_key_purpose_deinit(p);
return ret;
}
@@ -3137,7 +3137,7 @@ gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
@@ -3186,7 +3186,7 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
@@ -3234,7 +3234,7 @@ gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index dc51e4b68b..d503d5d394 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -2665,7 +2665,7 @@ static int parse_aia(ASN1_TYPE c2, gnutls_x509_aia_t aia)
result = asn1_read_value(c2, nptr, tmpoid, &len);
if (result == ASN1_VALUE_NOT_FOUND
|| result == ASN1_ELEMENT_NOT_FOUND) {
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
break;
}
@@ -3141,7 +3141,7 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out)
ret = 0;
goto cleanup;
fail:
- memset(out, 0, sizeof(*out));
+ memset(out, 0, sizeof(*out));
cleanup:
asn1_delete_structure(&c2);
return ret;
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 86b9280950..bf6cba155e 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -335,8 +335,8 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
**/
int
gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq, const char *oid,
- unsigned flags)
+ gnutls_x509_crq_t crq, const char *oid,
+ unsigned flags)
{
size_t i;
@@ -835,10 +835,9 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt,
/* generate the extension.
*/
result =
- _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
- encoded_data.data, encoded_data.size,
- &prev_der_data,
- &der_data);
+ _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
+ encoded_data.data, encoded_data.size,
+ &prev_der_data, &der_data);
if (result < 0) {
gnutls_assert();
@@ -926,11 +925,9 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt,
/* generate the extension.
*/
result =
- _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
- encoded_data.data, encoded_data.size,
- &prev_der_data,
- &der_data);
-
+ _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
+ encoded_data.data, encoded_data.size,
+ &prev_der_data, &der_data);
if (result < 0) {
gnutls_assert();
goto finish;
@@ -1818,9 +1815,9 @@ gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt,
goto cleanup;
}
- cleanup:
- if (aia_ctx != NULL)
- gnutls_x509_aia_deinit(aia_ctx);
+ cleanup:
+ if (aia_ctx != NULL)
+ gnutls_x509_aia_deinit(aia_ctx);
_gnutls_free_datum(&new_der);
_gnutls_free_datum(&der);
@@ -1899,8 +1896,8 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt,
&der_data, 0);
cleanup:
- if (policies != NULL)
- gnutls_x509_policies_deinit(policies);
+ if (policies != NULL)
+ gnutls_x509_policies_deinit(policies);
_gnutls_free_datum(&prev_der_data);
_gnutls_free_datum(&der_data);
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 45640f4233..925e43d1fd 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -94,7 +94,7 @@ AC_MSG_ERROR([[
GMP_LIBS=""
else
if test x$GMP_LIBS = x; then
- AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[
+ AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[
***
*** gmp was not found.
]])])
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index d149021bcb..f4f5ca3045 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -73,7 +73,7 @@ struct cfg_options {
unsigned type;
/* used when parsing */
- unsigned found;
+ unsigned found;
};
static struct cfg_options available_options[] = {
@@ -237,12 +237,12 @@ void cfg_init(void)
i = 0; \
s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
do { \
- if (val && !strcmp(val->pzName, name)==0) \
- continue; \
- s_name[i] = strdup(val->v.strVal); \
- i++; \
- if (i>=MAX_ENTRIES) \
- break; \
+ if (val && !strcmp(val->pzName, name)==0) \
+ continue; \
+ s_name[i] = strdup(val->v.strVal); \
+ i++; \
+ if (i>=MAX_ENTRIES) \
+ break; \
} while((val = optionNextValue(pov, val)) != NULL); \
s_name[i] = NULL; \
} \
@@ -259,31 +259,31 @@ void cfg_init(void)
i = 0; \
s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
do { \
- if (val && !strcmp(val->pzName, name)==0) \
- continue; \
- len = strlen(val->v.strVal); \
- if (sizeof(str) > len) { \
- strcpy(str, val->v.strVal); \
+ if (val && !strcmp(val->pzName, name)==0) \
+ continue; \
+ len = strlen(val->v.strVal); \
+ if (sizeof(str) > len) { \
+ strcpy(str, val->v.strVal); \
} else { \
- memcpy(str, val->v.strVal, sizeof(str)-1); \
- str[sizeof(str)-1] = 0; \
+ memcpy(str, val->v.strVal, sizeof(str)-1); \
+ str[sizeof(str)-1] = 0; \
} \
- if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
- fprintf(stderr, "Error parsing %s\n", name); \
- exit(1); \
- } \
- p[0] = 0; \
- p++; \
- s_name[i] = strdup(str); \
- while(*p==' ' || *p == '\t') p++; \
- if (p[0] == 0) { \
- fprintf(stderr, "Error (2) parsing %s\n", name); \
- exit(1); \
- } \
- s_name[i+1] = strdup(p); \
- i+=2; \
- if (i>=MAX_ENTRIES) \
- break; \
+ if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
+ fprintf(stderr, "Error parsing %s\n", name); \
+ exit(1); \
+ } \
+ p[0] = 0; \
+ p++; \
+ s_name[i] = strdup(str); \
+ while(*p==' ' || *p == '\t') p++; \
+ if (p[0] == 0) { \
+ fprintf(stderr, "Error (2) parsing %s\n", name); \
+ exit(1); \
+ } \
+ s_name[i+1] = strdup(p); \
+ i+=2; \
+ if (i>=MAX_ENTRIES) \
+ break; \
} while((val = optionNextValue(pov, val)) != NULL); \
s_name[i] = NULL; \
} \
@@ -299,8 +299,8 @@ void cfg_init(void)
/* READ_NUMERIC only returns a long */
#define CHECK_LONG_OVERFLOW(x) \
if (x == LONG_MAX) { \
- fprintf(stderr, "overflow in number\n"); \
- exit(1); \
+ fprintf(stderr, "overflow in number\n"); \
+ exit(1); \
}
#define READ_NUMERIC(name, s_name) \
@@ -308,9 +308,9 @@ void cfg_init(void)
if (val != NULL) \
{ \
if (val->valType == OPARG_TYPE_NUMERIC) \
- s_name = val->v.longVal; \
+ s_name = val->v.longVal; \
else if (val->valType == OPARG_TYPE_STRING) \
- s_name = strtol(val->v.strVal, NULL, 10); \
+ s_name = strtol(val->v.strVal, NULL, 10); \
}
#define HEX_DECODE(hex, output, output_size) \
@@ -339,7 +339,7 @@ unsigned len, cmp;
cmp = strcasecmp(val->pzName, available_options[j].name);
if (cmp == 0) {
- if (available_options[j].type != OPTION_MULTI_LINE &&
+ if (available_options[j].type != OPTION_MULTI_LINE &&
available_options[j].found != 0) {
fprintf(stderr, "Warning: multiple options found for '%s'; only the first will be taken into account.\n", available_options[j].name);
}
@@ -1463,18 +1463,18 @@ time_t get_date(const char* date)
struct timespec r;
if (date==NULL || parse_datetime(&r, date, NULL) == 0) {
- fprintf(stderr, "Cannot parse date: %s\n", date);
- exit(1);
- }
-
- return r.tv_sec;
+ fprintf(stderr, "Cannot parse date: %s\n", date);
+ exit(1);
+ }
+
+ return r.tv_sec;
}
time_t get_activation_date(void)
{
if (batch && cfg.activation_date != NULL) {
- return get_date(cfg.activation_date);
+ return get_date(cfg.activation_date);
}
return time(NULL);
@@ -1484,7 +1484,7 @@ time_t get_crl_revocation_date(void)
{
if (batch && cfg.revocation_date != NULL) {
- return get_date(cfg.revocation_date);
+ return get_date(cfg.revocation_date);
}
return time(NULL);
@@ -1494,7 +1494,7 @@ time_t get_crl_this_update_date(void)
{
if (batch && cfg.this_update_date != NULL) {
- return get_date(cfg.this_update_date);
+ return get_date(cfg.this_update_date);
}
return time(NULL);
@@ -1506,26 +1506,26 @@ time_t days_to_secs(int days)
time_t secs = days;
time_t now = time(NULL);
- if (secs != (time_t)-1) {
- if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
- goto overflow;
- } else {
- secs *= 24*60*60;
- }
- }
-
- if (secs != (time_t)-1) {
- if (INT_ADD_OVERFLOW(secs, now)) {
- goto overflow;
- } else {
- secs += now;
- }
- }
-
- return secs;
+ if (secs != (time_t)-1) {
+ if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
+ goto overflow;
+ } else {
+ secs *= 24*60*60;
+ }
+ }
+
+ if (secs != (time_t)-1) {
+ if (INT_ADD_OVERFLOW(secs, now)) {
+ goto overflow;
+ } else {
+ secs += now;
+ }
+ }
+
+ return secs;
overflow:
- fprintf(stderr, "Overflow while parsing days\n");
- exit(1);
+ fprintf(stderr, "Overflow while parsing days\n");
+ exit(1);
}
static
@@ -1533,13 +1533,13 @@ time_t get_int_date(const char *txt_val, int int_val, const char *msg)
{
if (batch) {
if (txt_val == NULL) {
- time_t secs;
-
- if (int_val == 0 || int_val < -2)
- secs = days_to_secs(365);
- else {
- secs = days_to_secs(int_val);
- }
+ time_t secs;
+
+ if (int_val == 0 || int_val < -2)
+ secs = days_to_secs(365);
+ else {
+ secs = days_to_secs(int_val);
+ }
return secs;
} else
diff --git a/src/certtool.c b/src/certtool.c
index e6563ea8b8..e27f055093 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -58,7 +58,7 @@ void pkcs7_info(common_info_st *);
void pkcs7_sign(common_info_st *, unsigned embed);
void pkcs7_generate(common_info_st *);
void pkcs8_info(void);
-void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
+void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
unsigned ignore_err, FILE *out, const char *tab);
void crq_info(void);
void smime_to_pkcs7(void);
@@ -2324,14 +2324,14 @@ static gnutls_x509_trust_list_t load_tl(common_info_st * cinfo)
}
ret =
- gnutls_x509_trust_list_add_trust_mem(list, &tmp,
- tmp2.data?&tmp2:NULL,
- cinfo->incert_format,
- 0, 0);
+ gnutls_x509_trust_list_add_trust_mem(list, &tmp,
+ tmp2.data?&tmp2:NULL,
+ cinfo->incert_format,
+ 0, 0);
if (ret < 0) {
int ret2 =
- gnutls_x509_trust_list_add_trust_mem(list, &tmp,
- tmp2.data?&tmp2:NULL,
+ gnutls_x509_trust_list_add_trust_mem(list, &tmp,
+ tmp2.data?&tmp2:NULL,
GNUTLS_X509_FMT_PEM,
0, 0);
if (ret2 >= 0)
@@ -2519,7 +2519,7 @@ _verify_x509_mem(const void *cert, int cert_size, const void *ca,
vflags,
&output,
detailed_verification);
- } else {
+ } else {
ret =
gnutls_x509_trust_list_verify_crt(list, x509_cert_list,
x509_ncerts,
@@ -2595,7 +2595,7 @@ static void verify_chain(void)
buf[size] = 0;
_verify_x509_mem(buf, size, NULL, 0, 0, OPT_ARG(VERIFY_PURPOSE),
- OPT_ARG(VERIFY_HOSTNAME), OPT_ARG(VERIFY_EMAIL));
+ OPT_ARG(VERIFY_HOSTNAME), OPT_ARG(VERIFY_EMAIL));
free(buf);
}
@@ -2736,8 +2736,8 @@ static void print_dn(const char *prefix, const gnutls_datum_t *raw)
fprintf(outfile, "%s: %s\n", prefix, str.data);
cleanup:
- gnutls_x509_dn_deinit(dn);
- gnutls_free(str.data);
+ gnutls_x509_dn_deinit(dn);
+ gnutls_free(str.data);
}
static void print_raw(const char *prefix, const gnutls_datum_t *raw)
@@ -3448,7 +3448,7 @@ void pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, FILE *out)
const char *str;
char *oid = NULL;
- ret = gnutls_pkcs12_bag_enc_info(bag,
+ ret = gnutls_pkcs12_bag_enc_info(bag,
&schema, &cipher, salt, &salt_size, &iter_count, &oid);
if (ret == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
fprintf(out, "\tSchema: unsupported (%s)\n", oid);
@@ -3623,7 +3623,7 @@ void pkcs12_info(common_info_st * cinfo)
}
}
-void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
+void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
unsigned ignore_err, FILE *out, const char *tab)
{
int ret;
diff --git a/src/cli.c b/src/cli.c
index 2a65085f17..75c228fa49 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -751,21 +751,21 @@ gnutls_session_t init_tls_session(const char *host)
GNUTLS_HB_PEER_ALLOWED_TO_SEND);
#ifdef ENABLE_DTLS_SRTP
- if (HAVE_OPT(SRTP_PROFILES)) {
- ret =
- gnutls_srtp_set_profile_direct(session,
- OPT_ARG(SRTP_PROFILES),
- &err);
- if (ret == GNUTLS_E_INVALID_REQUEST)
- fprintf(stderr, "Syntax error at: %s\n", err);
- else if (ret != 0)
- fprintf(stderr, "Error in profiles: %s\n",
- gnutls_strerror(ret));
- else fprintf(stderr,"DTLS profile set to %s\n",
- OPT_ARG(SRTP_PROFILES));
-
- if (ret != 0) exit(1);
- }
+ if (HAVE_OPT(SRTP_PROFILES)) {
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ OPT_ARG(SRTP_PROFILES),
+ &err);
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ else if (ret != 0)
+ fprintf(stderr, "Error in profiles: %s\n",
+ gnutls_strerror(ret));
+ else fprintf(stderr,"DTLS profile set to %s\n",
+ OPT_ARG(SRTP_PROFILES));
+
+ if (ret != 0) exit(1);
+ }
#endif
diff --git a/src/danetool.c b/src/danetool.c
index d5883569a3..0334d94c5e 100644
--- a/src/danetool.c
+++ b/src/danetool.c
@@ -372,8 +372,8 @@ static void dane_check(const char *host, const char *proto,
cstr = dane_match_type_name(match);
if (cstr == NULL) cstr= "Unknown";
- fprintf(outfile, "Contents: %s (%.2x)\n", cstr, match);
- fprintf(outfile, "Data: %s\n", lbuffer);
+ fprintf(outfile, "Contents: %s (%.2x)\n", cstr, match);
+ fprintf(outfile, "Data: %s\n", lbuffer);
}
/* Verify the DANE data */
diff --git a/src/list.h b/src/list.h
index 0cccd25857..138f6d476d 100644
--- a/src/list.h
+++ b/src/list.h
@@ -288,7 +288,7 @@ struct list {
memset (__t, 0, (l).item_size); \
__t->prev = (void *) p; \
__t->next = (void *) q; \
- q->prev = (void *) __t; \
+ q->prev = (void *) __t; \
p->next = (void *) __t; \
(l).length++; \
}
diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c
index 19c5af7fa7..654cda08ae 100644
--- a/src/ocsptool-common.c
+++ b/src/ocsptool-common.c
@@ -409,7 +409,7 @@ check_ocsp_response(gnutls_x509_crt_t cert,
}
if (nonce) {
- gnutls_datum_t rnonce;
+ gnutls_datum_t rnonce;
ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
@@ -430,7 +430,7 @@ check_ocsp_response(gnutls_x509_crt_t cert,
exit(1);
}
- gnutls_free(rnonce.data);
+ gnutls_free(rnonce.data);
}
finish_ok:
diff --git a/src/ocsptool.c b/src/ocsptool.c
index 5e38410429..c7610e9a5c 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -323,7 +323,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
}
if (nonce) {
- gnutls_datum_t rnonce;
+ gnutls_datum_t rnonce;
ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
if (ret < 0) {
@@ -338,7 +338,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
exit(1);
}
- gnutls_free(rnonce.data);
+ gnutls_free(rnonce.data);
}
if (HAVE_OPT(LOAD_TRUST)) {
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 4bc7c985e9..62f0be6b91 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -377,16 +377,16 @@ pkcs11_export(FILE * outfile, const char *url, unsigned int flags,
ret = gnutls_pkcs11_obj_export3(obj, info->outcert_format, &t);
if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
- exit(1);
- }
+ exit(1);
+ }
fwrite(t.data, 1, t.size, outfile);
gnutls_free(t.data);
if (info->outcert_format == GNUTLS_X509_FMT_PEM)
- fputs("\n\n", outfile);
+ fputs("\n\n", outfile);
gnutls_pkcs11_obj_deinit(obj);
@@ -432,62 +432,62 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags,
ret = gnutls_x509_crt_import_pkcs11(xcrt, obj);
if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
- exit(1);
- }
+ exit(1);
+ }
ret = gnutls_pkcs11_obj_export3(obj, GNUTLS_X509_FMT_PEM, &t);
if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
- exit(1);
- }
+ exit(1);
+ }
fwrite(t.data, 1, t.size, outfile);
- fputs("\n\n", outfile);
- gnutls_free(t.data);
-
- gnutls_pkcs11_obj_deinit(obj);
-
- do {
- ret = gnutls_pkcs11_get_raw_issuer(url, xcrt, &t, GNUTLS_X509_FMT_PEM, 0);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
- __LINE__, gnutls_strerror(ret));
- exit(1);
- }
-
- fwrite(t.data, 1, t.size, outfile);
- fputs("\n\n", outfile);
-
- gnutls_x509_crt_deinit(xcrt);
-
- ret = gnutls_x509_crt_init(&xcrt);
- if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
- __LINE__, gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM);
- if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
- __LINE__, gnutls_strerror(ret));
- exit(1);
- }
-
- gnutls_free(t.data);
-
- ret = gnutls_x509_crt_check_issuer(xcrt, xcrt);
- if (ret != 0) {
- /* self signed */
- break;
- }
-
- } while(1);
-
+ fputs("\n\n", outfile);
+ gnutls_free(t.data);
+
+ gnutls_pkcs11_obj_deinit(obj);
+
+ do {
+ ret = gnutls_pkcs11_get_raw_issuer(url, xcrt, &t, GNUTLS_X509_FMT_PEM, 0);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(t.data, 1, t.size, outfile);
+ fputs("\n\n", outfile);
+
+ gnutls_x509_crt_deinit(xcrt);
+
+ ret = gnutls_x509_crt_init(&xcrt);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(t.data);
+
+ ret = gnutls_x509_crt_check_issuer(xcrt, xcrt);
+ if (ret != 0) {
+ /* self signed */
+ break;
+ }
+
+ } while(1);
+
UNFIX;
return;
}
@@ -840,8 +840,8 @@ pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int
ret =
gnutls_pkcs11_privkey_export_pubkey(pkey,
- GNUTLS_X509_FMT_PEM, &pubkey,
- flags);
+ GNUTLS_X509_FMT_PEM, &pubkey,
+ flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
gnutls_strerror(ret));
diff --git a/src/serv.c b/src/serv.c
index 1695725f55..37851a8450 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -470,21 +470,21 @@ gnutls_session_t initialize_session(int dtls)
GNUTLS_HB_PEER_ALLOWED_TO_SEND);
#ifdef ENABLE_DTLS_SRTP
- if (HAVE_OPT(SRTP_PROFILES)) {
- ret =
- gnutls_srtp_set_profile_direct(session,
- OPT_ARG(SRTP_PROFILES),
- &err);
- if (ret == GNUTLS_E_INVALID_REQUEST)
- fprintf(stderr, "Syntax error at: %s\n", err);
- else if (ret != 0)
- fprintf(stderr, "Error in profiles: %s\n",
- gnutls_strerror(ret));
- else fprintf(stderr,"DTLS profile set to %s\n",
- OPT_ARG(SRTP_PROFILES));
-
- if (ret != 0) exit(1);
- }
+ if (HAVE_OPT(SRTP_PROFILES)) {
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ OPT_ARG(SRTP_PROFILES),
+ &err);
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ else if (ret != 0)
+ fprintf(stderr, "Error in profiles: %s\n",
+ gnutls_strerror(ret));
+ else fprintf(stderr,"DTLS profile set to %s\n",
+ OPT_ARG(SRTP_PROFILES));
+
+ if (ret != 0) exit(1);
+ }
#endif
@@ -739,7 +739,7 @@ const char *human_addr(const struct sockaddr *sa, socklen_t salen,
if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) !=
0) {
return "(error)";
- }
+ }
l = strlen(buf);
buf += l;
@@ -755,7 +755,7 @@ const char *human_addr(const struct sockaddr *sa, socklen_t salen,
if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) !=
0) {
snprintf(buf, buflen, "%s", " unknown");
- }
+ }
return save_buf;
}
@@ -1485,7 +1485,7 @@ static void tcp_server(const char *name, int port)
if (r == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
gnutls_heartbeat_pong(j->tls_session, 0);
} else if (r == GNUTLS_E_REHANDSHAKE) {
- try_rehandshake(j);
+ try_rehandshake(j);
} else {
j->http_state = HTTP_STATE_CLOSING;
if (r < 0) {
diff --git a/src/tests.c b/src/tests.c
index aa5cf18917..b235f0c383 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -465,7 +465,7 @@ test_code_t test_dhe_group(gnutls_session_t session)
print = raw_to_string(prime.data, prime.size);
if (print) {
fprintf(fp, " Prime [%d bits]: %s\n", prime.size * 8,
- print);
+ print);
}
gnutls_dh_get_pubkey(session, &pubkey2);
diff --git a/tests/auto-verify.c b/tests/auto-verify.c
index afd489105d..069ea73919 100644
--- a/tests/auto-verify.c
+++ b/tests/auto-verify.c
@@ -216,7 +216,7 @@ void test_failure(void)
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
@@ -232,7 +232,7 @@ void test_failure(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
@@ -252,15 +252,15 @@ void test_failure(void)
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -341,7 +341,7 @@ void test_success1(void)
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
@@ -357,7 +357,7 @@ void test_success1(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
@@ -377,15 +377,15 @@ void test_success1(void)
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -465,7 +465,7 @@ void test_success2(void)
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
@@ -481,7 +481,7 @@ void test_success2(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
@@ -501,15 +501,15 @@ void test_success2(void)
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/cert-key-exchange.c b/tests/cert-key-exchange.c
index 138744207c..64c0d30b0c 100644
--- a/tests/cert-key-exchange.c
+++ b/tests/cert-key-exchange.c
@@ -95,7 +95,7 @@ static void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
@@ -131,7 +131,7 @@ static void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index e66c7ff995..a5b38cab71 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -98,7 +98,7 @@ TESTS = $(dist_check_SCRIPTS)
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
LC_ALL="C" \
- VALGRIND="$(VALGRIND)" \
+ VALGRIND="$(VALGRIND)" \
LIBTOOL="$(LIBTOOL)" \
top_builddir="$(top_builddir)" \
srcdir="$(srcdir)"
diff --git a/tests/certificate_set_x509_crl.c b/tests/certificate_set_x509_crl.c
index eebfff7557..ff4d5c81c6 100644
--- a/tests/certificate_set_x509_crl.c
+++ b/tests/certificate_set_x509_crl.c
@@ -81,21 +81,21 @@ int main(void)
rc = gnutls_x509_crl_init(&crl);
if (rc) {
printf("gnutls_x509_crl_init rc %d: %s\n", rc,
- gnutls_strerror(rc));
+ gnutls_strerror(rc));
return 1;
}
rc = gnutls_x509_crl_import(crl, &crldatum, GNUTLS_X509_FMT_PEM);
if (rc) {
printf("gnutls_x509_crl_import rc %d: %s\n", rc,
- gnutls_strerror(rc));
+ gnutls_strerror(rc));
return 1;
}
rc = gnutls_certificate_set_x509_crl(crt, &crl, 1);
if (rc < 0) {
printf("gnutls_certificate_set_x509_crl rc %d: %s\n",
- rc, gnutls_strerror(rc));
+ rc, gnutls_strerror(rc));
return 1;
}
diff --git a/tests/chainverify.c b/tests/chainverify.c
index 1630d32d2f..a43f3bd7d8 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -122,7 +122,7 @@ void doit(void)
GNUTLS_CRT_PRINT_ONELINE, &tmp);
if (debug)
printf("\tCertificate %d: %.*s\n", (int)j,
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
}
@@ -217,11 +217,11 @@ void doit(void)
ret =
gnutls_x509_trust_list_verify_crt2(tl, certs, j,
- vdata, 1,
- chains
- [i].verify_flags,
- &verify_status1,
- NULL);
+ vdata, 1,
+ chains
+ [i].verify_flags,
+ &verify_status1,
+ NULL);
} else {
ret =
gnutls_x509_trust_list_verify_crt(tl, certs, j,
diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c
index 507ff36941..5e0e92ee7c 100644
--- a/tests/common-cert-key-exchange.c
+++ b/tests/common-cert-key-exchange.c
@@ -96,7 +96,7 @@ void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t client
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
@@ -132,7 +132,7 @@ void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t client
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -258,7 +258,7 @@ void dtls_try(const char *name, const char *client_prio, gnutls_kx_algorithm_t c
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
@@ -295,7 +295,7 @@ void dtls_try(const char *name, const char *client_prio, gnutls_kx_algorithm_t c
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/conv-utf8.c b/tests/conv-utf8.c
index ce93a4e2e9..205c55ac58 100644
--- a/tests/conv-utf8.c
+++ b/tests/conv-utf8.c
@@ -38,7 +38,7 @@ int _gnutls_utf8_to_ucs2(const void *data, size_t size,
gnutls_datum_t * output);
int _gnutls_ucs2_to_utf8(const void *data, size_t size,
- gnutls_datum_t * output, unsigned be);
+ gnutls_datum_t * output, unsigned be);
#define DEBUG
diff --git a/tests/crl-basic.c b/tests/crl-basic.c
index 5701562f99..a65c7a8396 100644
--- a/tests/crl-basic.c
+++ b/tests/crl-basic.c
@@ -158,7 +158,7 @@ void doit(void)
if (debug)
printf("Chain '%s' (%d)...\n", crl_list[i].name,
- (int) i);
+ (int) i);
if (debug > 2)
printf("\tAdding CRL...");
@@ -193,7 +193,7 @@ void doit(void)
&tmp);
if (debug)
printf("\tCRL: %.*s\n",
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
ret = gnutls_x509_crl_get_signature_algorithm(crl);
diff --git a/tests/crlverify.c b/tests/crlverify.c
index 66e621e5da..c586011da0 100644
--- a/tests/crlverify.c
+++ b/tests/crlverify.c
@@ -242,7 +242,7 @@ void doit(void)
if (debug)
printf("Chain '%s' (%d)...\n", crl_list[i].name,
- (int) i);
+ (int) i);
if (debug > 2)
printf("\tAdding CRL...");
@@ -277,7 +277,7 @@ void doit(void)
&tmp);
if (debug)
printf("\tCRL: %.*s\n",
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
if (debug > 2)
@@ -307,7 +307,7 @@ void doit(void)
gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp);
if (debug)
printf("\tCA Certificate: %.*s\n", tmp.size,
- tmp.data);
+ tmp.data);
gnutls_free(tmp.data);
if (debug)
diff --git a/tests/crq-basic.c b/tests/crq-basic.c
index 780153e306..26927e9248 100644
--- a/tests/crq-basic.c
+++ b/tests/crq-basic.c
@@ -130,7 +130,7 @@ void doit(void)
if (debug)
printf("Chain '%s' (%d)...\n", crq_list[i].name,
- (int) i);
+ (int) i);
if (debug > 2)
printf("\tAdding CRL...");
@@ -165,7 +165,7 @@ void doit(void)
&tmp);
if (debug)
printf("\tCRL: %.*s\n",
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
ret = gnutls_x509_crq_get_signature_algorithm(crq);
diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c
index c729c7a7fb..077f182dd1 100644
--- a/tests/crq_key_id.c
+++ b/tests/crq_key_id.c
@@ -144,7 +144,7 @@ void doit(void)
crq_key_id_len = 0;
ret =
gnutls_x509_crq_get_key_id(crq, 0, crq_key_id,
- &crq_key_id_len);
+ &crq_key_id_len);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret));
}
@@ -153,7 +153,7 @@ void doit(void)
malloc(sizeof(unsigned char) * crq_key_id_len);
ret =
gnutls_x509_crq_get_key_id(crq, 0, crq_key_id,
- &crq_key_id_len);
+ &crq_key_id_len);
if (ret != GNUTLS_E_SUCCESS) {
fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret));
}
diff --git a/tests/custom-urls-override.c b/tests/custom-urls-override.c
index 2209fe8edd..e6e936ae85 100644
--- a/tests/custom-urls-override.c
+++ b/tests/custom-urls-override.c
@@ -154,7 +154,7 @@ static void server(int fd)
gnutls_certificate_allocate_credentials(&x509_cred);
ret = gnutls_certificate_set_x509_key_file(x509_cred, "system:cert", "system:key",
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n",
gnutls_strerror(ret));
diff --git a/tests/custom-urls.c b/tests/custom-urls.c
index 0827d3c2d8..28768121d6 100644
--- a/tests/custom-urls.c
+++ b/tests/custom-urls.c
@@ -150,7 +150,7 @@ static void server(int fd)
*/
gnutls_certificate_allocate_credentials(&x509_cred);
ret = gnutls_certificate_set_x509_key_file(x509_cred, "nomyurl:cert", "nomyurl:key",
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret != GNUTLS_E_FILE_ERROR) {
fail("server: gnutls_certificate_set_x509_key_file unexpected error (%s)\n\n",
gnutls_strerror(ret));
@@ -158,7 +158,7 @@ static void server(int fd)
}
ret = gnutls_certificate_set_x509_key_file(x509_cred, "myurl:cert", "myurl:key",
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n",
gnutls_strerror(ret));
diff --git a/tests/dane.c b/tests/dane.c
index 941b2b58f9..e9ed4011ef 100644
--- a/tests/dane.c
+++ b/tests/dane.c
@@ -44,469 +44,432 @@ struct data_entry_st {
int bogus;
const char *cert;
const char *ca;
- unsigned expected_status; /* if cert is non-null */
- int expected_verify_ret; /* if cert is non-null */
+ unsigned expected_status; /* if cert is non-null */
+ int expected_verify_ret; /* if cert is non-null */
};
const struct data_entry_st data_entries[] = {
{
- .name = "Entry parsing",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char *)
- "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
- (char *)
- "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 3,
- .secure = 1,
- .bogus = 0
- },
- { /* as the previous but with first byte invalid */
- .name = "Cert verification (single entry)",
- .queries = {
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Entry parsing",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
+ (char *)
+ "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88",
+ NULL},
+ .q_size = {35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 3,
+ .secure = 1,
+ .bogus = 0},
+ { /* as the previous but with first byte invalid */
+ .name = "Cert verification (single entry)",
+ .queries = {
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ NULL},
+ .q_size = {35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "Cert verification (multi entries)",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- (char *)
- "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 3,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Cert verification (multi entries)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ (char *)
+ "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
+ NULL},
+ .q_size = { 35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 3,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "Cert verification (invalid hash)",
- .queries = {
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = DANE_VERIFY_CERT_DIFFERS,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Cert verification (invalid hash)",
+ .queries = {
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = DANE_VERIFY_CERT_DIFFERS,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "Cert verification (bogus data)",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE,
- .expected_status = -1,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Cert verification (bogus data)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE,
+ .expected_status = -1,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "CA verification (valid)",
- .queries = {
- (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
- "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
- "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
- "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
- "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
- "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
- "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
- "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
- "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
- "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
- "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
- "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
- "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
- "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
- "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
- "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
- "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
- "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
- "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
- "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
- "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
- "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
- "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
- "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
- "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
- "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
- "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
- "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
- "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
- "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
- "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
- "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
- "hrA=\n"
- "-----END CERTIFICATE-----\n",
- .ca = "-----BEGIN CERTIFICATE-----\n"
- "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
- "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
- "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
- "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
- "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
- "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
- "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
- "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
- "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
- "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
- "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
- "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
- "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
- "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
- "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
- "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
- "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
- "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
- "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
- "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
- "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
- "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
- "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
- "cPUeybQ=\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "CA verification (valid)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
+ "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
+ "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
+ "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
+ "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
+ "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
+ "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
+ "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
+ "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
+ "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
+ "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
+ "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
+ "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
+ "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
+ "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
+ "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
+ "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
+ "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
+ "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
+ "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
+ "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
+ "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
+ "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
+ "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
+ "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
+ "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
+ "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
+ "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
+ "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
+ "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
+ "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
+ "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
+ "hrA=\n" "-----END CERTIFICATE-----\n",
+ .ca = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
+ "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
+ "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
+ "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
+ "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
+ "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
+ "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
+ "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
+ "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+ "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
+ "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
+ "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
+ "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
+ "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
+ "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
+ "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
+ "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
+ "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
+ "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
+ "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
+ "cPUeybQ=\n" "-----END CERTIFICATE-----\n"},
{
- .name = "CA verification (invalid)",
- .queries = {
- (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
- "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
- "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
- "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
- "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
- "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
- "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
- "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
- "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
- "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
- "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
- "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
- "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
- "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
- "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
- "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
- "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
- "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
- "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
- "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
- "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
- "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
- "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
- "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
- "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
- "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
- "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
- "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
- "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
- "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
- "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
- "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
- "hrA=\n"
- "-----END CERTIFICATE-----\n",
- .ca = "-----BEGIN CERTIFICATE-----\n"
- "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
- "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
- "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
- "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
- "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
- "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
- "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
- "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
- "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
- "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
- "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
- "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
- "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
- "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
- "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
- "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
- "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
- "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
- "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
- "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
- "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
- "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
- "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
- "cPUeybQ=\n"
- "-----END CERTIFICATE-----\n"
- },
- { /* as the previous but with first byte invalid */
- .name = "CA verification (multiple entries)",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char*)
- "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 4,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
- "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
- "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
- "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
- "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
- "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
- "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
- "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
- "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
- "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
- "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
- "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
- "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
- "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
- "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
- "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
- "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
- "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
- "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
- "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
- "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
- "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
- "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
- "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
- "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
- "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
- "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
- "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
- "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
- "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
- "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
- "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
- "hrA=\n"
- "-----END CERTIFICATE-----\n",
- .ca = "-----BEGIN CERTIFICATE-----\n"
- "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
- "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
- "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
- "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
- "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
- "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
- "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
- "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
- "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
- "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
- "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
- "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
- "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
- "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
- "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
- "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
- "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
- "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
- "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
- "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
- "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
- "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
- "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
- "cPUeybQ=\n"
- "-----END CERTIFICATE-----\n"
- }
+ .name = "CA verification (invalid)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
+ "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
+ "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
+ "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
+ "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
+ "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
+ "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
+ "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
+ "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
+ "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
+ "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
+ "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
+ "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
+ "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
+ "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
+ "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
+ "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
+ "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
+ "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
+ "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
+ "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
+ "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
+ "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
+ "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
+ "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
+ "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
+ "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
+ "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
+ "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
+ "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
+ "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
+ "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
+ "hrA=\n" "-----END CERTIFICATE-----\n",
+ .ca = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
+ "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
+ "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
+ "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
+ "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
+ "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
+ "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
+ "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
+ "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+ "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
+ "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
+ "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
+ "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
+ "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
+ "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
+ "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
+ "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
+ "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
+ "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
+ "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
+ "cPUeybQ=\n" "-----END CERTIFICATE-----\n"},
+ { /* as the previous but with first byte invalid */
+ .name = "CA verification (multiple entries)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
+ NULL},
+ .q_size = { 35, 35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 4,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
+ "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
+ "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
+ "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
+ "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
+ "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
+ "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
+ "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
+ "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
+ "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
+ "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
+ "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
+ "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
+ "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
+ "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
+ "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
+ "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
+ "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
+ "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
+ "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
+ "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
+ "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
+ "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
+ "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
+ "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
+ "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
+ "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
+ "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
+ "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
+ "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
+ "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
+ "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
+ "hrA=\n" "-----END CERTIFICATE-----\n",
+ .ca = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
+ "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
+ "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
+ "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
+ "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
+ "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
+ "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
+ "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
+ "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+ "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
+ "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
+ "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
+ "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
+ "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
+ "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
+ "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
+ "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
+ "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
+ "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
+ "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
+ "cPUeybQ=\n" "-----END CERTIFICATE-----\n"}
};
static time_t mytime(time_t * t)
@@ -519,11 +482,11 @@ static time_t mytime(time_t * t)
return then;
}
-static void crt_to_der(gnutls_datum_t *chain, const char *pem, unsigned size)
+static void crt_to_der(gnutls_datum_t * chain, const char *pem, unsigned size)
{
int ret;
gnutls_x509_crt_t crt;
- gnutls_datum_t input = {(void*)pem, size};
+ gnutls_datum_t input = { (void *)pem, size };
gnutls_x509_crt_init(&crt);
@@ -562,21 +525,25 @@ static void dane_raw_check(void)
for (j = 0; j < sizeof(data_entries) / sizeof(data_entries[0]); j++) {
if (debug)
- success("running test[%d]: %s\n", j, data_entries[j].name);
+ success("running test[%d]: %s\n", j,
+ data_entries[j].name);
ret =
dane_raw_tlsa(s, &r, data_entries[j].queries,
- data_entries[j].q_size, data_entries[j].secure,
+ data_entries[j].q_size,
+ data_entries[j].secure,
data_entries[j].bogus);
if (ret != data_entries[j].expected_ret) {
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
}
ret =
dane_query_to_raw_tlsa(r, &entries, &r_data, &r_data_len,
&secure, &bogus);
if (ret < 0) {
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
}
if (entries != data_entries[j].no_queries)
@@ -590,33 +557,41 @@ static void dane_raw_check(void)
for (i = 0; i < entries; i++) {
if (r_data_len[i] != data_entries[j].q_size[i])
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
if (memcmp
(r_data[i], data_entries[j].queries[i],
r_data_len[i]) != 0)
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
}
- if (data_entries[j].cert) { /* verify cert */
+ if (data_entries[j].cert) { /* verify cert */
gnutls_datum_t chain[2];
unsigned status = 0;
unsigned chain_size = 1;
- crt_to_der(&chain[0], data_entries[j].cert, strlen(data_entries[j].cert));
+ crt_to_der(&chain[0], data_entries[j].cert,
+ strlen(data_entries[j].cert));
if (data_entries[j].ca) {
- crt_to_der(&chain[1], data_entries[j].ca, strlen(data_entries[j].ca));
+ crt_to_der(&chain[1], data_entries[j].ca,
+ strlen(data_entries[j].ca));
chain_size++;
}
- ret = dane_verify_crt_raw(NULL, chain, chain_size, GNUTLS_CRT_X509, r,
- 0, 0, &status);
+ ret =
+ dane_verify_crt_raw(NULL, chain, chain_size,
+ GNUTLS_CRT_X509, r, 0, 0,
+ &status);
if (ret != data_entries[j].expected_verify_ret)
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
- if (ret >= 0 && status != data_entries[j].expected_status) {
+ if (ret >= 0
+ && status != data_entries[j].expected_status) {
fail("tests[%d]: expected verif. status %x, got %x\n", j, data_entries[j].expected_status, status);
}
free(chain[0].data);
@@ -625,7 +600,8 @@ static void dane_raw_check(void)
}
if (debug)
- success("completed test[%d]: %s\n", j, data_entries[j].name);
+ success("completed test[%d]: %s\n", j,
+ data_entries[j].name);
gnutls_free(r_data);
gnutls_free(r_data_len);
diff --git a/tests/dtls-handshake-versions.c b/tests/dtls-handshake-versions.c
index c373d9d862..507aa065dc 100644
--- a/tests/dtls-handshake-versions.c
+++ b/tests/dtls-handshake-versions.c
@@ -73,7 +73,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2)
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -99,7 +99,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/dtls-max-record.c b/tests/dtls-max-record.c
index 10664cf7c9..e0cee44608 100644
--- a/tests/dtls-max-record.c
+++ b/tests/dtls-max-record.c
@@ -75,7 +75,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -101,7 +101,7 @@ void doit(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/dtls-rehandshake-anon.c b/tests/dtls-rehandshake-anon.c
index bef4f30643..e102a54b3e 100644
--- a/tests/dtls-rehandshake-anon.c
+++ b/tests/dtls-rehandshake-anon.c
@@ -306,7 +306,7 @@ static void server(int fd, int server_init)
ret = gnutls_handshake(session);
}
while (ret < 0
- && gnutls_error_is_fatal(ret) == 0);
+ && gnutls_error_is_fatal(ret) == 0);
if (ret == 0)
break;
}
@@ -319,7 +319,7 @@ static void server(int fd, int server_init)
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
diff --git a/tests/dtls-rehandshake-cert-2.c b/tests/dtls-rehandshake-cert-2.c
index 039b79c178..dad82ee6bf 100644
--- a/tests/dtls-rehandshake-cert-2.c
+++ b/tests/dtls-rehandshake-cert-2.c
@@ -317,7 +317,7 @@ static void server(int fd, int server_init)
ret = gnutls_handshake(session);
}
while (ret < 0
- && gnutls_error_is_fatal(ret) == 0);
+ && gnutls_error_is_fatal(ret) == 0);
if (ret == 0)
break;
}
@@ -330,7 +330,7 @@ static void server(int fd, int server_init)
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
diff --git a/tests/dtls-rehandshake-cert-3.c b/tests/dtls-rehandshake-cert-3.c
index d1c0399890..f1d298c339 100644
--- a/tests/dtls-rehandshake-cert-3.c
+++ b/tests/dtls-rehandshake-cert-3.c
@@ -322,7 +322,7 @@ static void server(int fd)
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
diff --git a/tests/dtls-rehandshake-cert.c b/tests/dtls-rehandshake-cert.c
index b12b792669..cad962641c 100644
--- a/tests/dtls-rehandshake-cert.c
+++ b/tests/dtls-rehandshake-cert.c
@@ -107,7 +107,7 @@ static void client(int fd, int server_init)
NULL) >= 0);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
@@ -237,7 +237,7 @@ static void server(int fd, int server_init)
NULL) >= 0);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
@@ -310,7 +310,7 @@ static void server(int fd, int server_init)
ret = gnutls_handshake(session);
}
while (ret < 0
- && gnutls_error_is_fatal(ret) == 0);
+ && gnutls_error_is_fatal(ret) == 0);
if (ret == 0)
break;
}
@@ -323,7 +323,7 @@ static void server(int fd, int server_init)
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
diff --git a/tests/dtls-sliding-window.c b/tests/dtls-sliding-window.c
index c6a5e3d554..80be2cf4f0 100644
--- a/tests/dtls-sliding-window.c
+++ b/tests/dtls-sliding-window.c
@@ -42,7 +42,7 @@ struct record_parameters_st {
};
typedef struct {
- unsigned char i[8];
+ unsigned char i[8];
} uint64;
#define gnutls_assert_val(x) x
diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c
index a07af8cc91..c9493afffe 100644
--- a/tests/dtls/dtls-stress.c
+++ b/tests/dtls/dtls-stress.c
@@ -25,27 +25,27 @@
*
* **** Available parameters ****
*
- * -nb enable nonblocking operations on sessions
- * -batch read test identifiers from stdin and run them
- * -d increase debug level by one
- * -r replay messages (very crude replay mechanism)
- * -d <n> set debug level to <n>
- * -die don't start new tests after the first detected failure
- * -timeout <n> set handshake timeout to <n> seconds. Tests that don't make progress
- * within twice this time will be forcibly killed. (default: 120)
+ * -nb enable nonblocking operations on sessions
+ * -batch read test identifiers from stdin and run them
+ * -d increase debug level by one
+ * -r replay messages (very crude replay mechanism)
+ * -d <n> set debug level to <n>
+ * -die don't start new tests after the first detected failure
+ * -timeout <n> set handshake timeout to <n> seconds. Tests that don't make progress
+ * within twice this time will be forcibly killed. (default: 120)
* -retransmit <n> set retransmit timeout to <n> milliseconds (default: 100)
- * -j <n> run up to <n> tests in parallel
- * -full use full handshake with mutual certificate authentication
- * -resume use resumed handshake
+ * -j <n> run up to <n> tests in parallel
+ * -full use full handshake with mutual certificate authentication
+ * -resume use resumed handshake
* -shello <perm> run only one test, with the server hello flight permuted as <perm>
* -sfinished <perm> run only one test, with the server finished flight permuted as <perm>
* -cfinished <perm> run only one test, with the client finished flight permuted as <perm>
* <packet name> run only one test, drop <packet name> three times
- * valid values for <packet name> are:
- * SHello, SCertificate, SKeyExchange, SCertificateRequest, SHelloDone,
- * CCertificate, CKeyExchange, CCertificateVerify, CChangeCipherSpec,
- * CFinished, SChangeCipherSpec, SFinished
- * using *Certificate* without -full will yield unexpected results
+ * valid values for <packet name> are:
+ * SHello, SCertificate, SKeyExchange, SCertificateRequest, SHelloDone,
+ * CCertificate, CKeyExchange, CCertificateVerify, CChangeCipherSpec,
+ * CFinished, SChangeCipherSpec, SFinished
+ * using *Certificate* without -full will yield unexpected results
*
*
* **** Permutation handling ****
diff --git a/tests/eagain-common.h b/tests/eagain-common.h
index 5f904b80de..4e9a0ff206 100644
--- a/tests/eagain-common.h
+++ b/tests/eagain-common.h
@@ -7,17 +7,17 @@ extern const char *side;
do \
{ \
if (cret == GNUTLS_E_AGAIN) \
- { \
- side = "client"; \
- cret = gnutls_handshake (c); \
- if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \
- } \
+ { \
+ side = "client"; \
+ cret = gnutls_handshake (c); \
+ if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \
+ } \
if (sret == GNUTLS_E_AGAIN) \
- { \
- side = "server"; \
- sret = gnutls_handshake (s); \
- if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \
- } \
+ { \
+ side = "server"; \
+ sret = gnutls_handshake (s); \
+ if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \
+ } \
} \
while ((cret == GNUTLS_E_AGAIN || (cret == 0 && sret == GNUTLS_E_AGAIN)) && (sret == GNUTLS_E_AGAIN || (sret == 0 && cret == GNUTLS_E_AGAIN))); \
if (cret != clierr || sret != serverr) \
@@ -36,25 +36,25 @@ extern const char *side;
do \
{ \
if (cret == GNUTLS_E_LARGE_PACKET) \
- { \
- unsigned int mtu = gnutls_dtls_get_mtu(s); \
- gnutls_dtls_set_mtu(s, mtu/2); \
- } \
+ { \
+ unsigned int mtu = gnutls_dtls_get_mtu(s); \
+ gnutls_dtls_set_mtu(s, mtu/2); \
+ } \
if (cret < 0 && gnutls_error_is_fatal(cret) == 0) \
- { \
- side = "client"; \
- cret = gnutls_handshake (c); \
- } \
+ { \
+ side = "client"; \
+ cret = gnutls_handshake (c); \
+ } \
if (sret == GNUTLS_E_LARGE_PACKET) \
- { \
- unsigned int mtu = gnutls_dtls_get_mtu(s); \
- gnutls_dtls_set_mtu(s, mtu/2); \
- } \
+ { \
+ unsigned int mtu = gnutls_dtls_get_mtu(s); \
+ gnutls_dtls_set_mtu(s, mtu/2); \
+ } \
if (sret < 0 && gnutls_error_is_fatal(sret) == 0) \
- { \
- side = "server"; \
- sret = gnutls_handshake (s); \
- } \
+ { \
+ side = "server"; \
+ sret = gnutls_handshake (s); \
+ } \
} \
while (((gnutls_error_is_fatal(cret) == 0 && gnutls_error_is_fatal(sret) == 0)) && (cret < 0 || sret < 0)); \
if (cret != clierr || sret != serverr) \
@@ -80,54 +80,54 @@ extern const char *side;
do \
{ \
do \
- { \
- side = "server"; \
- ret = gnutls_record_recv (s, buf, buflen); \
- } \
+ { \
+ side = "server"; \
+ ret = gnutls_record_recv (s, buf, buflen); \
+ } \
while(ret == GNUTLS_E_AGAIN); \
if (ret == 0) \
- fail ("server: didn't receive any data\n"); \
+ fail ("server: didn't receive any data\n"); \
else if (ret < 0) \
- { \
- fail ("server: error: %s\n", gnutls_strerror (ret)); \
- } \
+ { \
+ fail ("server: error: %s\n", gnutls_strerror (ret)); \
+ } \
else \
- { \
- transferred += ret; \
- } \
+ { \
+ transferred += ret; \
+ } \
side = "server"; \
ns = record_send_loop (server, msg, msglen, retry_send_with_null); \
if (ns < 0) fail ("server send error: %s\n", gnutls_strerror (ret)); \
do \
- { \
- side = "client"; \
- ret = gnutls_record_recv (client, buf, buflen); \
- } \
+ { \
+ side = "client"; \
+ ret = gnutls_record_recv (client, buf, buflen); \
+ } \
while(ret == GNUTLS_E_AGAIN); \
if (ret == 0) \
- { \
- fail ("client: Peer has closed the TLS connection\n"); \
- } \
+ { \
+ fail ("client: Peer has closed the TLS connection\n"); \
+ } \
else if (ret < 0) \
- { \
- if (debug) \
- fputs ("!", stdout); \
- fail ("client: Error: %s\n", gnutls_strerror (ret)); \
- } \
+ { \
+ if (debug) \
+ fputs ("!", stdout); \
+ fail ("client: Error: %s\n", gnutls_strerror (ret)); \
+ } \
else \
- { \
- if (msglen != ret || memcmp (buf, msg, msglen) != 0) \
- { \
- fail ("client: Transmitted data do not match\n"); \
- } \
- /* echo back */ \
- side = "client"; \
- ns = record_send_loop (client, buf, msglen, retry_send_with_null); \
- if (ns < 0) fail ("client send error: %s\n", gnutls_strerror (ret)); \
- transferred += ret; \
- if (debug) \
- fputs (".", stdout); \
- } \
+ { \
+ if (msglen != ret || memcmp (buf, msg, msglen) != 0) \
+ { \
+ fail ("client: Transmitted data do not match\n"); \
+ } \
+ /* echo back */ \
+ side = "client"; \
+ ns = record_send_loop (client, buf, msglen, retry_send_with_null); \
+ if (ns < 0) fail ("client send error: %s\n", gnutls_strerror (ret)); \
+ transferred += ret; \
+ if (debug) \
+ fputs (".", stdout); \
+ } \
} \
while (transferred < 70000)
@@ -325,7 +325,7 @@ inline static int record_send_loop(gnutls_session_t session,
while (ret == GNUTLS_E_AGAIN) {
ret =
gnutls_record_send(session, retry_data,
- retry_sizeofdata);
+ retry_sizeofdata);
}
return ret;
diff --git a/tests/fallback-scsv.c b/tests/fallback-scsv.c
index 0774e403c2..d307fe78a8 100644
--- a/tests/fallback-scsv.c
+++ b/tests/fallback-scsv.c
@@ -272,7 +272,7 @@ static void server(int fd, const char *prio, unsigned expect_fail)
do {
ret =
gnutls_record_send(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
diff --git a/tests/handshake-false-start.c b/tests/handshake-false-start.c
index 11366aebc5..cd1240a54d 100644
--- a/tests/handshake-false-start.c
+++ b/tests/handshake-false-start.c
@@ -175,7 +175,7 @@ static void try(const char *name, unsigned testno, unsigned fs,
gnutls_record_send(client, TESTDATA, sizeof(TESTDATA) - 1);
if (ret < 0) {
myfail("%d: error sending false start data: %s\n",
- __LINE__, gnutls_strerror(ret));
+ __LINE__, gnutls_strerror(ret));
exit(1);
}
@@ -184,7 +184,7 @@ static void try(const char *name, unsigned testno, unsigned fs,
ret = gnutls_record_recv(server, buffer, sizeof(buffer));
if (ret < 0) {
myfail("%d: error receiving data: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
if (ret != sizeof(TESTDATA) - 1) {
@@ -200,7 +200,7 @@ static void try(const char *name, unsigned testno, unsigned fs,
gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1);
if (ret < 0) {
myfail("%d: error sending false start data: %s\n",
- __LINE__, gnutls_strerror(ret));
+ __LINE__, gnutls_strerror(ret));
exit(1);
}
@@ -211,7 +211,7 @@ static void try(const char *name, unsigned testno, unsigned fs,
} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
myfail("%d: error receiving data: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
} else if (testno == TEST_RECV_SEND) {
side = "server";
@@ -219,7 +219,7 @@ static void try(const char *name, unsigned testno, unsigned fs,
gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1);
if (ret < 0) {
myfail("%d: error sending false start data: %s\n",
- __LINE__, gnutls_strerror(ret));
+ __LINE__, gnutls_strerror(ret));
exit(1);
}
@@ -228,7 +228,7 @@ static void try(const char *name, unsigned testno, unsigned fs,
ret = gnutls_record_recv(client, buffer, sizeof(buffer));
if (ret < 0) {
myfail("%d: error receiving data: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
if (ret != sizeof(TESTDATA) - 1) {
@@ -255,14 +255,14 @@ static void try(const char *name, unsigned testno, unsigned fs,
ret = gnutls_bye(server, GNUTLS_SHUT_WR);
if (ret < 0) {
myfail("%d: error in server bye: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
side = "client";
ret = gnutls_bye(client, GNUTLS_SHUT_RDWR);
if (ret < 0) {
myfail("%d: error in client bye: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
success("%5s%s \tok\n", dtls?"dtls-":"", name);
diff --git a/tests/handshake-versions.c b/tests/handshake-versions.c
index b12fb58ce9..a558f38f23 100644
--- a/tests/handshake-versions.c
+++ b/tests/handshake-versions.c
@@ -72,7 +72,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -96,7 +96,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/hostname-check.c b/tests/hostname-check.c
index 670248ac28..4c0ff93d40 100644
--- a/tests/hostname-check.c
+++ b/tests/hostname-check.c
@@ -65,47 +65,47 @@ char wildcards[] = "-----BEGIN CERTIFICATE-----"
/* Certificate with no SAN nor CN. */
char pem1[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: O=GnuTLS hostname check test CA\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
- " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
- " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
- " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
- " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
- " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
- " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
- " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
- " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: O=GnuTLS hostname check test CA\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
+ " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
+ " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
+ " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
+ " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
+ " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
+ " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
+ " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
+ " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " fd845ded8c28ba5e78d6c1844ceafd24\n"
- " SHA-1 fingerprint:\n"
- " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " fd845ded8c28ba5e78d6c1844ceafd24\n"
+ " SHA-1 fingerprint:\n"
+ " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
@@ -123,47 +123,47 @@ char pem1[] =
/* Certificate with CN but no SAN. */
char pem2[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: CN=www.example.org\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
- " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
- " Subject: CN=www.example.org\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
- " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
- " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
- " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
- " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
- " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
- " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
- " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: CN=www.example.org\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
+ " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
+ " Subject: CN=www.example.org\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
+ " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
+ " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
+ " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
+ " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
+ " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
+ " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
+ " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " 30cda7de4f0360892547974f45111ac1\n"
- " SHA-1 fingerprint:\n"
- " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " 30cda7de4f0360892547974f45111ac1\n"
+ " SHA-1 fingerprint:\n"
+ " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
@@ -181,51 +181,51 @@ char pem2[] =
/* Certificate with SAN but no CN. */
char pem3[] =
"X.509 Certificate Information:"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: O=GnuTLS hostname check test CA\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
- " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: www.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
- " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
- " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
- " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
- " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
- " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
- " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
- " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: O=GnuTLS hostname check test CA\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
+ " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: www.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
+ " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
+ " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
+ " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
+ " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
+ " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
+ " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
+ " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " df3f57d00c8149bd826b177d6ea4f369\n"
- " SHA-1 fingerprint:\n"
- " e95e56e2acac305f72ea6f698c11624663a595bd\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " df3f57d00c8149bd826b177d6ea4f369\n"
+ " SHA-1 fingerprint:\n"
+ " e95e56e2acac305f72ea6f698c11624663a595bd\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
@@ -244,51 +244,51 @@ char pem3[] =
/* Certificate with wildcard SAN but no CN. */
char pem4[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer:\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
- " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
- " Subject:\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: *.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
- " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
- " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
- " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
- " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
- " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
- " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
- " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer:\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
+ " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
+ " Subject:\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: *.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
+ " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
+ " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
+ " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
+ " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
+ " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
+ " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
+ " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " a411da7b0fa064d214116d5f94e06c24\n"
- " SHA-1 fingerprint:\n"
- " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " a411da7b0fa064d214116d5f94e06c24\n"
+ " SHA-1 fingerprint:\n"
+ " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n"
@@ -307,36 +307,36 @@ char pem4[] =
/* Certificate with multiple wildcards SAN but no CN. */
char pem6[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:00:51 UTC 2008\n"
- " Not After: Sat May 17 11:00:54 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: *.*.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:00:51 UTC 2008\n"
+ " Not After: Sat May 17 11:00:54 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: *.*.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
@@ -355,36 +355,36 @@ char pem6[] =
/* Certificate with prefixed and suffixed wildcard SAN but no CN. */
char pem7[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:02:43 UTC 2008\n"
- " Not After: Sat May 17 11:02:45 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: foo*bar.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:02:43 UTC 2008\n"
+ " Not After: Sat May 17 11:02:45 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: foo*bar.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
@@ -404,36 +404,36 @@ char pem7[] =
/* Certificate with ending wildcard SAN but no CN. */
char pem8[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:24:38 UTC 2008\n"
- " Not After: Sat May 17 11:24:40 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: www.example.*\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:24:38 UTC 2008\n"
+ " Not After: Sat May 17 11:24:40 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: www.example.*\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
@@ -728,12 +728,12 @@ char pem_ips[] = "\n"
" bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n"
" Public key's random art:\n"
" +--[ RSA 2048]----+\n"
- " | |\n"
- " | . |\n"
- " | . + |\n"
+ " | |\n"
+ " | . |\n"
+ " | . + |\n"
" | . .= . |\n"
- " | .S+oo |\n"
- " | E+.+ |\n"
+ " | .S+oo |\n"
+ " | E+.+ |\n"
" | . +. *.o |\n"
" | . oo.=..+ o |\n"
" | ooo.+Bo . |\n"
diff --git a/tests/key-material-dtls.c b/tests/key-material-dtls.c
index f7660a49e1..a9ea96083c 100644
--- a/tests/key-material-dtls.c
+++ b/tests/key-material-dtls.c
@@ -170,7 +170,7 @@ static void client(int fd)
block_size = 2*hash_size + 2*key_size + 2 *iv_size;
ret = gnutls_prf(session, 13, "key expansion", 1, 0, NULL, block_size,
- (void*)key_material);
+ (void*)key_material);
if (ret < 0) {
fprintf(stderr, "error in %d\n", __LINE__);
gnutls_perror(ret);
diff --git a/tests/key-usage.c b/tests/key-usage.c
index eb8932ad69..e04b813dab 100644
--- a/tests/key-usage.c
+++ b/tests/key-usage.c
@@ -172,7 +172,7 @@ void server_check(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-KX-ALL:+RSA",
NULL);
@@ -194,7 +194,7 @@ void server_check(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -296,7 +296,7 @@ void client_check(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-KX-ALL:+RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS",
NULL);
@@ -318,7 +318,7 @@ void client_check(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/mini-cert-status.c b/tests/mini-cert-status.c
index e6be43f4b7..eaf80f4dcd 100644
--- a/tests/mini-cert-status.c
+++ b/tests/mini-cert-status.c
@@ -134,8 +134,8 @@ static void client(int fd)
/* Use default priorities */
ret =
gnutls_priority_set_direct(session,
- "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
- &p);
+ "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ &p);
if (ret < 0) {
fail("error in setting priority: %s\n", p);
exit(1);
diff --git a/tests/mini-chain-unsorted.c b/tests/mini-chain-unsorted.c
index a16a673765..2ac949ee1a 100644
--- a/tests/mini-chain-unsorted.c
+++ b/tests/mini-chain-unsorted.c
@@ -138,7 +138,7 @@ static unsigned char server_cert_pem[] =
const gnutls_datum_t server_cert = {
server_cert_pem,
- sizeof(server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
@@ -204,8 +204,8 @@ static void client(int fd)
/* Use default priorities */
ret =
gnutls_priority_set_direct(session,
- "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
- &p);
+ "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ &p);
if (ret < 0) {
fail("error in setting priority: %s\n", p);
exit(1);
diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c
index 927708593b..bb6fa7e528 100644
--- a/tests/mini-dtls-heartbeat.c
+++ b/tests/mini-dtls-heartbeat.c
@@ -131,7 +131,7 @@ static void client(int fd, int server_init)
do {
ret =
gnutls_record_recv(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
if (debug)
@@ -146,7 +146,7 @@ static void client(int fd, int server_init)
}
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
- || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
if (ret < 0) {
fail("recv: %s\n", gnutls_strerror(ret));
@@ -162,7 +162,7 @@ static void client(int fd, int server_init)
success("Ping sent.\n");
}
while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
+ || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
fail("ping: %s\n", gnutls_strerror(ret));
@@ -258,7 +258,7 @@ static void server(int fd, int server_init)
do {
ret =
gnutls_record_recv(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
if (debug)
@@ -273,7 +273,7 @@ static void server(int fd, int server_init)
}
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
- || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
} else {
do {
ret =
@@ -284,7 +284,7 @@ static void server(int fd, int server_init)
success("Ping sent.\n");
}
while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
+ || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
fail("ping: %s\n", gnutls_strerror(ret));
diff --git a/tests/mini-dtls-large.c b/tests/mini-dtls-large.c
index da32f4e8ab..8ae5c6905b 100644
--- a/tests/mini-dtls-large.c
+++ b/tests/mini-dtls-large.c
@@ -210,7 +210,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 12);
+ gnutls_dtls_get_data_mtu(session) + 12);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -218,7 +218,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 5048);
+ gnutls_dtls_get_data_mtu(session) + 5048);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -226,7 +226,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -235,7 +235,7 @@ static void server(int fd)
gnutls_dtls_set_mtu(session, MAX_MTU);
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 12);
+ gnutls_dtls_get_data_mtu(session) + 12);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -243,7 +243,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 5048);
+ gnutls_dtls_get_data_mtu(session) + 5048);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -251,7 +251,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret > 16384 || ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -262,7 +262,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -278,7 +278,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) - 16);
+ gnutls_dtls_get_data_mtu(session) - 16);
if (ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
@@ -286,7 +286,7 @@ static void server(int fd)
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
diff --git a/tests/mini-dtls-lowmtu.c b/tests/mini-dtls-lowmtu.c
index 93a645f6f5..a04d6227ef 100644
--- a/tests/mini-dtls-lowmtu.c
+++ b/tests/mini-dtls-lowmtu.c
@@ -264,7 +264,7 @@ static void server(int fd, const char *prio)
do {
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
diff --git a/tests/mini-dtls-mtu.c b/tests/mini-dtls-mtu.c
index dda02a1d44..33dfedd2bc 100644
--- a/tests/mini-dtls-mtu.c
+++ b/tests/mini-dtls-mtu.c
@@ -95,32 +95,32 @@ const gnutls_datum_t server_key = { server_key_pem,
static int client_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
{
- fd_set rfds;
- struct timeval tv;
- int ret;
- int fd = (long int)ptr;
+ fd_set rfds;
+ struct timeval tv;
+ int ret;
+ int fd = (long int)ptr;
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
+ FD_ZERO(&rfds);
+ FD_SET(fd, &rfds);
- tv.tv_sec = 0;
- tv.tv_usec = ms * 1000;
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
- while (tv.tv_usec >= 1000000) {
- tv.tv_usec -= 1000000;
- tv.tv_sec++;
- }
+ while (tv.tv_usec >= 1000000) {
+ tv.tv_usec -= 1000000;
+ tv.tv_sec++;
+ }
- ret = select(fd + 1, &rfds, NULL, NULL, &tv);
- if (ret <= 0)
- return ret;
+ ret = select(fd + 1, &rfds, NULL, NULL, &tv);
+ if (ret <= 0)
+ return ret;
- return ret;
+ return ret;
}
static ssize_t client_pull(gnutls_transport_ptr_t ptr, void *data, size_t len)
{
- int fd = (long int)ptr;
+ int fd = (long int)ptr;
ssize_t ret;
ret = recv(fd, data, len, 0);
@@ -165,7 +165,7 @@ static void client(int fd)
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_int(session, fd);
- gnutls_transport_set_pull_function(session, client_pull);
+ gnutls_transport_set_pull_function(session, client_pull);
gnutls_transport_set_pull_timeout_function(session, client_pull_timeout);
/* Perform the TLS handshake
diff --git a/tests/mini-eagain-dtls.c b/tests/mini-eagain-dtls.c
index 8b1a501916..c3654f9e19 100644
--- a/tests/mini-eagain-dtls.c
+++ b/tests/mini-eagain-dtls.c
@@ -77,8 +77,8 @@ void doit(void)
GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
ret =
gnutls_priority_set_direct(server,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
@@ -94,8 +94,8 @@ void doit(void)
GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
cret =
gnutls_priority_set_direct(client,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (cret < 0)
exit(1);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c
index 8f913e66b2..f74092d058 100644
--- a/tests/mini-eagain.c
+++ b/tests/mini-eagain.c
@@ -78,8 +78,8 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
ret =
gnutls_priority_set_direct(server,
- "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
@@ -92,8 +92,8 @@ void doit(void)
gnutls_init(&client, GNUTLS_CLIENT);
ret =
gnutls_priority_set_direct(client,
- "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
diff --git a/tests/mini-emsgsize-dtls.c b/tests/mini-emsgsize-dtls.c
index d69122f83e..0d4a1e4443 100644
--- a/tests/mini-emsgsize-dtls.c
+++ b/tests/mini-emsgsize-dtls.c
@@ -126,8 +126,8 @@ void doit(void)
GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
ret =
gnutls_priority_set_direct(server,
- "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
@@ -143,8 +143,8 @@ void doit(void)
GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
cret =
gnutls_priority_set_direct(client,
- "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (cret < 0)
exit(1);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
diff --git a/tests/mini-etm.c b/tests/mini-etm.c
index daccb826c8..1270b531ae 100644
--- a/tests/mini-etm.c
+++ b/tests/mini-etm.c
@@ -301,7 +301,7 @@ static void server(int fd, const char *prio, unsigned etm)
do {
ret =
gnutls_record_send(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
diff --git a/tests/mini-extension.c b/tests/mini-extension.c
index c90ac515ab..e298b6bed9 100644
--- a/tests/mini-extension.c
+++ b/tests/mini-extension.c
@@ -142,7 +142,7 @@ static void client(int sd)
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, sd);
@@ -260,7 +260,7 @@ static void server(int sd)
NULL);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_ext_register("ext_server", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL);
diff --git a/tests/mini-global-load.c b/tests/mini-global-load.c
index f10814e7fa..1d01da3798 100644
--- a/tests/mini-global-load.c
+++ b/tests/mini-global-load.c
@@ -107,7 +107,7 @@ void doit(void)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-CBC",
NULL);
@@ -119,7 +119,7 @@ void doit(void)
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
diff --git a/tests/mini-key-material.c b/tests/mini-key-material.c
index 15c79f0ef6..9fb266f23b 100644
--- a/tests/mini-key-material.c
+++ b/tests/mini-key-material.c
@@ -169,7 +169,7 @@ static void client(int fd)
block_size = 2*hash_size + 2*key_size + 2 *iv_size;
ret = gnutls_prf(session, 13, "key expansion", 1, 0, NULL, block_size,
- (void*)key_material);
+ (void*)key_material);
if (ret < 0) {
fprintf(stderr, "error in %d\n", __LINE__);
gnutls_perror(ret);
diff --git a/tests/mini-record.c b/tests/mini-record.c
index dcf8dfc7e4..f6d9c61a5d 100644
--- a/tests/mini-record.c
+++ b/tests/mini-record.c
@@ -329,7 +329,7 @@ static void server(int fd, const char *prio)
do {
ret =
gnutls_record_send(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
diff --git a/tests/mini-rsa-psk.c b/tests/mini-rsa-psk.c
index cb33e1070d..445efce610 100644
--- a/tests/mini-rsa-psk.c
+++ b/tests/mini-rsa-psk.c
@@ -100,7 +100,7 @@ static void client(int sd)
*/
gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, sd);
@@ -253,7 +253,7 @@ static void server(int sd)
gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_transport_set_int(session, sd);
ret = gnutls_handshake(session);
diff --git a/tests/mini-session-verify-function.c b/tests/mini-session-verify-function.c
index 19358f284a..30baf4b4c1 100644
--- a/tests/mini-session-verify-function.c
+++ b/tests/mini-session-verify-function.c
@@ -137,26 +137,26 @@ void test_success(void)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_session_set_verify_function(server,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
/* Init client */
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_session_set_verify_function(client,
- client_callback);
+ client_callback);
HANDSHAKE(client, server);
@@ -204,26 +204,26 @@ void test_failure_client(void)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_session_set_verify_function(server,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
/* Init client */
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_session_set_verify_function(client,
- client_callback);
+ client_callback);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_CERTIFICATE_ERROR, GNUTLS_E_AGAIN);
@@ -265,26 +265,26 @@ void test_failure_server(void)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_session_set_verify_function(server,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
/* Init client */
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_session_set_verify_function(client,
- client_callback);
+ client_callback);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_CERTIFICATE_ERROR);
diff --git a/tests/mini-supplementaldata.c b/tests/mini-supplementaldata.c
index b960f2cdb9..8ddb89a513 100644
--- a/tests/mini-supplementaldata.c
+++ b/tests/mini-supplementaldata.c
@@ -143,7 +143,7 @@ static void client(int sd)
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, sd);
@@ -256,7 +256,7 @@ static void server(int sd)
NULL);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_supplemental_recv(session, 1);
gnutls_supplemental_send(session, 1);
diff --git a/tests/mini-x509-2.c b/tests/mini-x509-2.c
index 8555b195b1..66db99ddae 100644
--- a/tests/mini-x509-2.c
+++ b/tests/mini-x509-2.c
@@ -216,7 +216,7 @@ void doit(void)
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
@@ -232,7 +232,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
@@ -252,15 +252,15 @@ void doit(void)
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/mini-x509-callbacks-intr.c b/tests/mini-x509-callbacks-intr.c
index 955e31863b..0342121e3a 100644
--- a/tests/mini-x509-callbacks-intr.c
+++ b/tests/mini-x509-callbacks-intr.c
@@ -142,13 +142,13 @@ void doit(void)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_certificate_set_verify_function(serverx509cred,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_handshake_set_post_client_hello_function(server,
post_client_hello_callback);
@@ -157,13 +157,13 @@ void doit(void)
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_certificate_set_verify_function(clientx509cred,
- client_callback);
+ client_callback);
HANDSHAKE(client, server);
diff --git a/tests/mini-x509-callbacks.c b/tests/mini-x509-callbacks.c
index c6410c327e..59205eb7c0 100644
--- a/tests/mini-x509-callbacks.c
+++ b/tests/mini-x509-callbacks.c
@@ -231,13 +231,13 @@ void doit(void)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_certificate_set_verify_function(serverx509cred,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_handshake_set_post_client_hello_function(server,
post_client_hello_callback);
@@ -250,13 +250,13 @@ void doit(void)
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_certificate_set_verify_function(clientx509cred,
- client_callback);
+ client_callback);
append_alpn(client);
HANDSHAKE(client, server);
diff --git a/tests/mini-x509-cas.c b/tests/mini-x509-cas.c
index c8f095f5cf..3866239c60 100644
--- a/tests/mini-x509-cas.c
+++ b/tests/mini-x509-cas.c
@@ -82,7 +82,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
@@ -93,7 +93,7 @@ void doit(void)
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
diff --git a/tests/mini-x509-default-prio.c b/tests/mini-x509-default-prio.c
index 30f235e147..62ef5b55ff 100644
--- a/tests/mini-x509-default-prio.c
+++ b/tests/mini-x509-default-prio.c
@@ -167,7 +167,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
ret = gnutls_set_default_priority(server);
if (ret < 0)
exit(1);
@@ -190,7 +190,7 @@ void doit(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/mini-x509-dual.c b/tests/mini-x509-dual.c
index 75bca268a8..0bfd614d32 100644
--- a/tests/mini-x509-dual.c
+++ b/tests/mini-x509-dual.c
@@ -178,7 +178,7 @@ static void try(const char *client_prio, gnutls_kx_algorithm_t client_kx)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
@@ -205,7 +205,7 @@ static void try(const char *client_prio, gnutls_kx_algorithm_t client_kx)
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/mini-x509.c b/tests/mini-x509.c
index 13d93cb3b4..28fae45afe 100644
--- a/tests/mini-x509.c
+++ b/tests/mini-x509.c
@@ -79,7 +79,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
#ifndef ENABLE_FIPS140
"NORMAL:-CIPHER-ALL:+ARCFOUR-128",
@@ -105,7 +105,7 @@ void doit(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/name-constraints-ip.c b/tests/name-constraints-ip.c
index 626c64d5c9..60958292ed 100644
--- a/tests/name-constraints-ip.c
+++ b/tests/name-constraints-ip.c
@@ -271,7 +271,7 @@ static void check_simple_intersection(void **glob_state)
/* 4: simple intersection
* --------P:203.0.113.0/24--------
* --P:203.0.113.0/26--
- * A B C
+ * A B C
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
@@ -307,8 +307,8 @@ static void check_empty_intersection(void **glob_state)
{
/* 5: empty intersection
* --P:127.0.113.0/24--
- * --P:255.0.113.0/24--
- * A B C
+ * --P:255.0.113.0/24--
+ * A B C
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
@@ -344,8 +344,8 @@ static void check_mediocre_intersection(void **glob_state)
{
/* 6: mediocre intersection
* --------P:127.0.113.0/24--------
- * --P:127.0.113.0/26-- --P:255.0.113.0/24--
- * A B C D
+ * --P:127.0.113.0/26-- --P:255.0.113.0/24--
+ * A B C D
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
@@ -390,7 +390,7 @@ static void check_difficult_intersection(void **glob_state)
/* 7: difficult intersection
* --------P:0.0.0.0/3--------------- --P:88.0.0.0/5--
* --P:0.0.0.0/5-- --P:16.0.0.0/5-- ----P:64.0.0.0/3----
- * A B C D E F G H
+ * A B C D E F G H
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
@@ -461,7 +461,7 @@ static void check_ipv6_intersection(void **glob_state)
/* 8: IPv6 intersection
* --------P:affb::/16----- --P:affd:0000::/20--
* --P:affb:aa00::/24--
- * A B C D E F G
+ * A B C D E F G
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
@@ -521,11 +521,11 @@ static void check_empty_ipv4_intersection_ipv6_remains(void **glob_state)
/* 9: IPv4 and IPv6 in a common test case
* IPv4 with empty intersection, but IPv6 gets restricted as well
* --P:127.0.113.0/24--
- * --P:255.0.113.0/24--
- * A B C
+ * --P:255.0.113.0/24--
+ * A B C
*
* --P:bfa6::/16--
- * D E
+ * D E
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
@@ -575,12 +575,12 @@ static void check_empty_ipv4v6_intersections(void **glob_state)
/* 10: IPv4 and IPv6 in a common test case
* both IPv4 and IPv6 have empty intersection
* --P:127.0.113.0/24--
- * --P:255.0.113.0/24--
- * A B C
+ * --P:255.0.113.0/24--
+ * A B C
*
* --P:bfa6::/16--
- * --P:cfa6::/16--
- * D E F
+ * --P:cfa6::/16--
+ * D E F
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
@@ -638,10 +638,10 @@ static void check_ipv4v6_single_constraint_each(void **glob_state)
/* 11: 1 IPv4 range and 1 IPv6 range in a common test case
* (no overlap)
* --P:127.0.113.0/24--
- * A B
+ * A B
*
* --P:bfa6::/16--
- * C D
+ * C D
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
diff --git a/tests/ocsp-tests/Makefile.am b/tests/ocsp-tests/Makefile.am
index e91ca9b610..e839c737d3 100644
--- a/tests/ocsp-tests/Makefile.am
+++ b/tests/ocsp-tests/Makefile.am
@@ -33,10 +33,10 @@ endif
TESTS = $(dist_check_SCRIPTS)
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
- LC_ALL="C" \
- VALGRIND="$(VALGRIND)" \
- LIBTOOL="$(LIBTOOL)" \
- top_builddir="$(top_builddir)" \
+ LC_ALL="C" \
+ VALGRIND="$(VALGRIND)" \
+ LIBTOOL="$(LIBTOOL)" \
+ top_builddir="$(top_builddir)" \
srcdir="$(srcdir)"
if WINDOWS
diff --git a/tests/ocsp.c b/tests/ocsp.c
index d7ed212d85..9748b85870 100644
--- a/tests/ocsp.c
+++ b/tests/ocsp.c
@@ -899,8 +899,8 @@ static void req_parse(void)
if (strlen(REQ1INFO) != d.size ||
memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(REQ1INFO), REQ1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(REQ1INFO), REQ1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp request print failed\n");
exit(1);
}
@@ -1093,8 +1093,8 @@ static void req_addcert_id(void)
if (strlen(REQ1INFO) != d.size ||
memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(REQ1INFO), REQ1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(REQ1INFO), REQ1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp request print failed\n");
exit(1);
}
@@ -1185,7 +1185,7 @@ static void req_addcert(void)
}
ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1,
- issuer, subject);
+ issuer, subject);
if (ret != 0) {
fail("gnutls_ocsp_add_cert %d\n", ret);
exit(1);
@@ -1206,8 +1206,8 @@ static void req_addcert(void)
if (strlen(REQ1INFO) != d.size ||
memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(REQ1INFO), REQ1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(REQ1INFO), REQ1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp request print failed\n");
exit(1);
}
@@ -1308,8 +1308,8 @@ static void resp_import(void)
if (strlen(RESP1INFO) != d.size ||
memcmp(RESP1INFO, d.data, strlen(RESP1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(RESP1INFO), RESP1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(RESP1INFO), RESP1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp response print failed\n");
exit(1);
}
@@ -1334,8 +1334,8 @@ static void resp_import(void)
if (memcmp(RESP2INFO, d.data, strlen(RESP2INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(RESP2INFO), RESP2INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(RESP2INFO), RESP2INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp response print failed\n");
exit(1);
}
@@ -1369,8 +1369,8 @@ static void resp_import(void)
if (memcmp(RESP3INFO, d.data, strlen(RESP3INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(RESP3INFO), RESP3INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(RESP3INFO), RESP3INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp response 3 print failed\n");
exit(1);
}
diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c
index 1836f0777c..86cf910363 100644
--- a/tests/openpgp-auth.c
+++ b/tests/openpgp-auth.c
@@ -217,7 +217,7 @@ void doit(void)
sent =
gnutls_record_send(session, message,
- sizeof(message));
+ sizeof(message));
if (sent != sizeof(message))
fail("client sent %li vs. %li\n",
(long) sent, (long) sizeof(message));
@@ -248,7 +248,7 @@ void doit(void)
if (debug)
printf("server process %i (child %i)\n",
- getpid(), child);
+ getpid(), child);
err = gnutls_init(&session, GNUTLS_SERVER);
if (err != 0)
@@ -317,14 +317,14 @@ void doit(void)
stored_cli_cert.data =
gnutls_malloc(d[0].size);
memcpy(stored_cli_cert.data,
- d[0].data, d[0].size);
+ d[0].data, d[0].size);
stored_cli_cert.size = d[0].size;
}
}
received =
gnutls_record_recv(session, greetings,
- sizeof(greetings));
+ sizeof(greetings));
if (received != sizeof(message)
|| memcmp(greetings, message, sizeof(message)))
fail("server received %li vs. %li\n",
diff --git a/tests/openpgp-auth2.c b/tests/openpgp-auth2.c
index 5cfcac6b7e..a742eaf5a0 100644
--- a/tests/openpgp-auth2.c
+++ b/tests/openpgp-auth2.c
@@ -177,7 +177,7 @@ void doit(void)
if (debug)
printf("server process %i (child %i)\n", getpid(),
- child);
+ child);
err = gnutls_init(&session, GNUTLS_SERVER);
if (err != 0)
@@ -229,7 +229,7 @@ void doit(void)
received =
gnutls_record_recv(session, greetings,
- sizeof(greetings));
+ sizeof(greetings));
if (received != sizeof(g_message)
|| memcmp(greetings, g_message, sizeof(g_message)))
fail("server received %li vs. %li\n",
diff --git a/tests/openpgpself.c b/tests/openpgpself.c
index 52768c6526..d255a80704 100644
--- a/tests/openpgpself.c
+++ b/tests/openpgpself.c
@@ -179,7 +179,7 @@ static void client(int sds[])
/* put the x509 credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- xcred);
+ xcred);
gnutls_transport_set_int(session, sd);
diff --git a/tests/pgps2kgnu.c b/tests/pgps2kgnu.c
index a8ae98231c..38c1796062 100644
--- a/tests/pgps2kgnu.c
+++ b/tests/pgps2kgnu.c
@@ -4,8 +4,8 @@
* Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* pgps2kgnu: test GNU extensions to the OpenPGP S2K specification.
- * at the moment, we just test the "GNU dummy" S2K
- * extension.
+ * at the moment, we just test the "GNU dummy" S2K
+ * extension.
*
* This file is part of GnuTLS.
@@ -66,7 +66,7 @@ static char dummy_key[] =
/* Test capability of reading the gnu-dummy OpenPGP S2K extension.
See: doc/DETAILS from gnupg
- http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00023.html
+ http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00023.html
*/
static void tls_log_func(int level, const char *str)
@@ -95,7 +95,7 @@ int main(int argc, char **argv)
rc = gnutls_openpgp_privkey_init(&key);
if (rc) {
printf("gnutls_openpgp_privkey_init rc %d: %s\n",
- rc, gnutls_strerror(rc));
+ rc, gnutls_strerror(rc));
return 1;
}
@@ -104,7 +104,7 @@ int main(int argc, char **argv)
0);
if (rc) {
printf("gnutls_openpgp_privkey_import rc %d: %s\n",
- rc, gnutls_strerror(rc));
+ rc, gnutls_strerror(rc));
return 1;
}
diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c
index 847aa9a4f3..7301f293f5 100644
--- a/tests/pkcs12_s2k.c
+++ b/tests/pkcs12_s2k.c
@@ -135,9 +135,9 @@ void doit(void)
if (debug)
printf("ij: %d.%d: %s\n", i, j,
- _gnutls_bin2hex(key, sizeof(key),
- tmp, sizeof(tmp),
- NULL));
+ _gnutls_bin2hex(key, sizeof(key),
+ tmp, sizeof(tmp),
+ NULL));
x++;
}
}
@@ -159,8 +159,8 @@ void doit(void)
if (debug)
printf("tv[%d]: %s\n", i,
- _gnutls_bin2hex(key, tv[i].keylen, tmp,
- sizeof(tmp), NULL));
+ _gnutls_bin2hex(key, tv[i].keylen, tmp,
+ sizeof(tmp), NULL));
}
if (debug)
printf("\n");
diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c
index 35b8947ed6..dc5093ccc4 100644
--- a/tests/pkcs12_s2k_pem.c
+++ b/tests/pkcs12_s2k_pem.c
@@ -267,14 +267,14 @@ int main(void)
tmp.size = strlen((char *) tmp.data);
ret = gnutls_x509_privkey_import_pkcs8(key, &tmp,
- GNUTLS_X509_FMT_PEM,
- keys[i].password,
- 0);
+ GNUTLS_X509_FMT_PEM,
+ keys[i].password,
+ 0);
gnutls_x509_privkey_deinit(key);
if (ret != keys[i].expected_result) {
printf("fail[%d]: %d: %s\n", (int) i, ret,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
return 1;
}
diff --git a/tests/pkcs12_simple.c b/tests/pkcs12_simple.c
index 98c0577ab4..7c5a6a33d0 100644
--- a/tests/pkcs12_simple.c
+++ b/tests/pkcs12_simple.c
@@ -85,8 +85,8 @@ void doit(void)
ret =
gnutls_pkcs12_simple_parse(pkcs12, password, &pkey, &chain,
- &chain_size, &extras, &extras_size,
- NULL, 0);
+ &chain_size, &extras, &extras_size,
+ NULL, 0);
if (ret < 0)
fail("pkcs12_simple_parse failed %d: %s\n", ret,
gnutls_strerror(ret));
diff --git a/tests/pkcs8-key-decode.c b/tests/pkcs8-key-decode.c
index a36c4af8ea..1c462abdbe 100644
--- a/tests/pkcs8-key-decode.c
+++ b/tests/pkcs8-key-decode.c
@@ -26,8 +26,8 @@
#include <string.h>
#include <stdlib.h>
-# define PRIVATE_KEY \
- "-----BEGIN PRIVATE KEY-----\n" \
+# define PRIVATE_KEY \
+ "-----BEGIN PRIVATE KEY-----\n" \
"MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n" \
"BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE\n" \
"Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9\n" \
@@ -43,7 +43,7 @@
"L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd\n" \
"a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W\n" \
"nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp\n" \
- "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \
+ "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \
"-----END PRIVATE KEY-----\n"
diff --git a/tests/prf.c b/tests/prf.c
index 5be9d420ca..78526cfba8 100644
--- a/tests/prf.c
+++ b/tests/prf.c
@@ -165,7 +165,7 @@ static gnutls_datum_t sess_id =
#define TRY(label_size, label, extra_size, extra, size, exp) \
{ \
ret = gnutls_prf_rfc5705(session, label_size, label, extra_size, extra, size, \
- (void*)key_material); \
+ (void*)key_material); \
if (ret < 0) { \
fprintf(stderr, "gnutls_prf_rfc5705: error in %d\n", __LINE__); \
gnutls_perror(ret); \
@@ -182,7 +182,7 @@ static gnutls_datum_t sess_id =
#define TRY_OLD(label_size, label, extra_size, extra, size, exp) \
{ \
ret = gnutls_prf(session, label_size, label, 1, extra_size, extra, size, \
- (void*)key_material); \
+ (void*)key_material); \
if (ret < 0) { \
fprintf(stderr, "gnutls_prf: error in %d\n", __LINE__); \
gnutls_perror(ret); \
@@ -211,7 +211,7 @@ static void check_prfs(gnutls_session_t session)
/* check whether gnutls_prf matches gnutls_prf_rfc5705 when no context is given */
ret = gnutls_prf(session, 4, "aaaa", 0, 0, NULL, 64,
- (void*)key_material);
+ (void*)key_material);
if (ret < 0) {
fprintf(stderr, "gnutls_prf: error in %d\n", __LINE__);
gnutls_perror(ret);
@@ -219,7 +219,7 @@ static void check_prfs(gnutls_session_t session)
}
ret = gnutls_prf_rfc5705(session, 4, "aaaa", 0, NULL, 64,
- (void*)key_material2);
+ (void*)key_material2);
if (ret < 0) {
fprintf(stderr, "gnutls_prf_rfc5705: error in %d\n", __LINE__);
gnutls_perror(ret);
@@ -275,7 +275,7 @@ static void client(int fd)
}
ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -379,7 +379,7 @@ static void server(int fd)
&server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_handshake_set_random(session, &hsrnd);
gnutls_transport_set_int(session, fd);
diff --git a/tests/rehandshake-ext-secret.c b/tests/rehandshake-ext-secret.c
index f0fe578355..86d269d4b2 100644
--- a/tests/rehandshake-ext-secret.c
+++ b/tests/rehandshake-ext-secret.c
@@ -72,7 +72,7 @@ static void try(unsigned onclient)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
@@ -82,7 +82,7 @@ static void try(unsigned onclient)
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
diff --git a/tests/rehandshake-switch-cert-allow.c b/tests/rehandshake-switch-cert-allow.c
index fc365d149d..a31597e5f1 100644
--- a/tests/rehandshake-switch-cert-allow.c
+++ b/tests/rehandshake-switch-cert-allow.c
@@ -81,7 +81,7 @@ static void try(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -105,7 +105,7 @@ static void try(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -126,7 +126,7 @@ static void try(void)
/* switch server's certificate and rehandshake */
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred2);
+ serverx509cred2);
HANDSHAKE(client, server);
diff --git a/tests/rehandshake-switch-cert-client-allow.c b/tests/rehandshake-switch-cert-client-allow.c
index c4b0bf38b8..367fda8c58 100644
--- a/tests/rehandshake-switch-cert-client-allow.c
+++ b/tests/rehandshake-switch-cert-client-allow.c
@@ -78,7 +78,7 @@ static void try(void)
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -118,7 +118,7 @@ static void try(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -139,7 +139,7 @@ static void try(void)
/* switch server's certificate and rehandshake */
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred2);
+ clientx509cred2);
HANDSHAKE(client, server);
diff --git a/tests/rehandshake-switch-cert-client.c b/tests/rehandshake-switch-cert-client.c
index d79db49ef4..7c28a2fa96 100644
--- a/tests/rehandshake-switch-cert-client.c
+++ b/tests/rehandshake-switch-cert-client.c
@@ -78,7 +78,7 @@ static void try(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -118,7 +118,7 @@ static void try(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -139,7 +139,7 @@ static void try(void)
/* switch server's certificate and rehandshake */
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred2);
+ clientx509cred2);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SESSION_USER_ID_CHANGED);
diff --git a/tests/rehandshake-switch-cert.c b/tests/rehandshake-switch-cert.c
index 45f4666b76..bb71e620e5 100644
--- a/tests/rehandshake-switch-cert.c
+++ b/tests/rehandshake-switch-cert.c
@@ -81,7 +81,7 @@ static void try(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -105,7 +105,7 @@ static void try(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -126,7 +126,7 @@ static void try(void)
/* switch server's certificate and rehandshake */
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred2);
+ serverx509cred2);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_SESSION_USER_ID_CHANGED, GNUTLS_E_AGAIN);
diff --git a/tests/rehandshake-switch-psk-id.c b/tests/rehandshake-switch-psk-id.c
index 4b2a50e2e0..ebe4c10eed 100644
--- a/tests/rehandshake-switch-psk-id.c
+++ b/tests/rehandshake-switch-psk-id.c
@@ -96,7 +96,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang
else
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_PSK,
- serverpskcred);
+ serverpskcred);
gnutls_priority_set_direct(server,
prio,
@@ -126,7 +126,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK,
- clientpskcred);
+ clientpskcred);
if (ret < 0)
exit(1);
@@ -149,7 +149,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang
/* switch client's username and rehandshake */
ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK,
- clientpskcred2);
+ clientpskcred2);
if (ret < 0)
exit(1);
diff --git a/tests/rehandshake-switch-srp-id.c b/tests/rehandshake-switch-srp-id.c
index c4202bce88..91de6fc96e 100644
--- a/tests/rehandshake-switch-srp-id.c
+++ b/tests/rehandshake-switch-srp-id.c
@@ -173,9 +173,9 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang
else
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_SRP,
- server_srp_cred);
+ server_srp_cred);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- server_x509_cred);
+ server_x509_cred);
gnutls_priority_set_direct(server,
prio,
@@ -209,7 +209,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- client_x509_cred);
+ client_x509_cred);
if (ret < 0)
exit(1);
diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c
index df818ae3dd..9e6327c7fe 100644
--- a/tests/resume-dtls.c
+++ b/tests/resume-dtls.c
@@ -539,14 +539,14 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key)
return res;
memcpy(res.data, cache_db[i].session_data,
- res.size);
+ res.size);
if (debug) {
unsigned j;
printf("data:\n");
for (j = 0; j < res.size; j++) {
printf("%02x ",
- res.data[j] & 0xFF);
+ res.data[j] & 0xFF);
if ((j + 1) % 16 == 0)
printf("\n");
}
diff --git a/tests/resume-with-false-start.c b/tests/resume-with-false-start.c
index 6c5eecd8d6..b0093b09e0 100644
--- a/tests/resume-with-false-start.c
+++ b/tests/resume-with-false-start.c
@@ -81,7 +81,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_set_default_priority(server);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
@@ -101,7 +101,7 @@ void doit(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/resume.c b/tests/resume.c
index 21455a4f2d..1bcd3b8d04 100644
--- a/tests/resume.c
+++ b/tests/resume.c
@@ -168,7 +168,7 @@ static void tls_log_func(int level, const char *str)
}
static int hsk_hook_cb(gnutls_session_t session, unsigned int htype, unsigned post,
- unsigned int incoming, const gnutls_datum_t *_msg)
+ unsigned int incoming, const gnutls_datum_t *_msg)
{
unsigned size;
gnutls_datum msg = {_msg->data, _msg->size};
@@ -823,7 +823,7 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key)
return res;
memcpy(res.data, cache_db[i].session_data,
- res.size);
+ res.size);
#ifdef DEBUG_CACHE
if (debug) {
@@ -831,7 +831,7 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key)
printf("data:\n");
for (j = 0; j < res.size; j++) {
printf("%02x ",
- res.data[j] & 0xFF);
+ res.data[j] & 0xFF);
if ((j + 1) % 16 == 0)
printf("\n");
}
diff --git a/tests/rsa-encrypt-decrypt.c b/tests/rsa-encrypt-decrypt.c
index c303b53d04..374684388c 100644
--- a/tests/rsa-encrypt-decrypt.c
+++ b/tests/rsa-encrypt-decrypt.c
@@ -117,7 +117,7 @@ void doit(void)
ret =
gnutls_x509_privkey_import(key, &key_dat[i],
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("gnutls_x509_privkey_import\n");
@@ -150,7 +150,7 @@ void doit(void)
ret =
gnutls_pubkey_encrypt_data(pubkey, 0, &hash_data,
- &out);
+ &out);
if (ret < 0)
fail("gnutls_pubkey_encrypt_data\n");
diff --git a/tests/send-client-cert.c b/tests/send-client-cert.c
index 048628b6b5..33cce4a861 100644
--- a/tests/send-client-cert.c
+++ b/tests/send-client-cert.c
@@ -103,7 +103,7 @@ static void try(unsigned expect, unsigned ca_type)
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -138,7 +138,7 @@ static void try(unsigned expect, unsigned ca_type)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/session-export-funcs.c b/tests/session-export-funcs.c
index 3fe4a80fd1..65b554277f 100644
--- a/tests/session-export-funcs.c
+++ b/tests/session-export-funcs.c
@@ -77,7 +77,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -103,7 +103,7 @@ void doit(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/simple.c b/tests/simple.c
index 9d4c98f2c4..ef37e3689e 100644
--- a/tests/simple.c
+++ b/tests/simple.c
@@ -48,7 +48,7 @@ void doit(void)
if (debug) {
printf("GnuTLS header version %s.\n", GNUTLS_VERSION);
printf("GnuTLS library version %s.\n",
- gnutls_check_version(NULL));
+ gnutls_check_version(NULL));
}
if (!gnutls_check_version_numeric(GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH)) {
@@ -79,11 +79,11 @@ void doit(void)
for (i = 0; algs[i]; i++) {
if (debug)
printf("pk_list[%d] = %d = %s = %d\n",
- (int) i, algs[i],
- gnutls_pk_algorithm_get_name(algs
+ (int) i, algs[i],
+ gnutls_pk_algorithm_get_name(algs
[i]),
- gnutls_pk_get_id
- (gnutls_pk_algorithm_get_name
+ gnutls_pk_get_id
+ (gnutls_pk_algorithm_get_name
(algs[i])));
if (gnutls_pk_get_id
(gnutls_pk_algorithm_get_name(algs[i]))
@@ -111,11 +111,11 @@ void doit(void)
for (i = 0; algs[i]; i++) {
if (debug)
printf("sign_list[%d] = %d = %s = %d\n",
- (int) i, algs[i],
- gnutls_sign_algorithm_get_name(algs
+ (int) i, algs[i],
+ gnutls_sign_algorithm_get_name(algs
[i]),
- gnutls_sign_get_id
- (gnutls_sign_algorithm_get_name
+ gnutls_sign_get_id
+ (gnutls_sign_algorithm_get_name
(algs[i])));
if (gnutls_sign_get_id
(gnutls_sign_algorithm_get_name(algs[i])) !=
diff --git a/tests/slow/cipher-override.c b/tests/slow/cipher-override.c
index a980b8b8a7..fd5d0c990b 100644
--- a/tests/slow/cipher-override.c
+++ b/tests/slow/cipher-override.c
@@ -145,11 +145,11 @@ static void myaes_gcm_deinit(void *_ctx)
static int
myaes_gcm_encrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *plain, size_t plain_size,
- void *encr, size_t encr_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *plain, size_t plain_size,
+ void *encr, size_t encr_size)
{
/* proper AEAD cipher */
struct myaes_gcm_ctx *ctx = _ctx;
@@ -168,11 +168,11 @@ myaes_gcm_encrypt(void *_ctx,
static int
myaes_gcm_decrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *encr, size_t encr_size,
- void *plain, size_t plain_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *encr, size_t encr_size,
+ void *plain, size_t plain_size)
{
uint8_t tag[16];
struct myaes_gcm_ctx *ctx = _ctx;
diff --git a/tests/slow/cipher-override2.c b/tests/slow/cipher-override2.c
index 1f9319f4c2..3ed71186ae 100644
--- a/tests/slow/cipher-override2.c
+++ b/tests/slow/cipher-override2.c
@@ -96,22 +96,22 @@ static void myaes_gcm_deinit(void *_ctx)
static int
myaes_gcm_encrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *plain, size_t plain_size,
- void *encr, size_t encr_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *plain, size_t plain_size,
+ void *encr, size_t encr_size)
{
abort();
}
static int
myaes_gcm_decrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *encr, size_t encr_size,
- void *plain, size_t plain_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *encr, size_t encr_size,
+ void *plain, size_t plain_size)
{
abort();
}
diff --git a/tests/srp.c b/tests/srp.c
index 6925855311..e0c1b8a8e6 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -190,7 +190,7 @@ static gnutls_session_t initialize_tls_session(const char *prio)
gnutls_credentials_set(session, GNUTLS_CRD_SRP, s_srp_cred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- s_x509_cred);
+ s_x509_cred);
return session;
}
@@ -220,7 +220,7 @@ static void server(int fd, const char *prio)
gnutls_srp_allocate_server_credentials(&s_srp_cred);
gnutls_srp_set_server_credentials_file(s_srp_cred, "tpasswd",
- "tpasswd.conf");
+ "tpasswd.conf");
gnutls_certificate_allocate_credentials(&s_x509_cred);
gnutls_certificate_set_x509_key_mem(s_x509_cred,
diff --git a/tests/test-chains.h b/tests/test-chains.h
index 1398110b08..59b82d30fe 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -954,7 +954,7 @@ static const char *nc_good0[] = {
"-----END CERTIFICATE-----\n",
NULL,
/* Name constraints (critical):
- Permitted: DNSname: example.com */
+ Permitted: DNSname: example.com */
"-----BEGIN CERTIFICATE-----\n"
"MIIC/zCCAeegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
"MCIYDzIwMTUwMzI1MDc1ODQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
@@ -2788,9 +2788,9 @@ static struct
{ "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH), 0, NULL},
{ "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB128), 0, NULL},
{ "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
- GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
{ "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB192),
- GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
{ "name constraints: empty CN, empty SAN, permitted dns range", nc_good0, &nc_good0[2], 0, 0, 0, 1427270515},
{ "name constraints: dns in permitted range", nc_good1, &nc_good1[4], 0, 0, NULL, 1412850586},
{ "name constraints: ipv6 in permitted range", nc_good2, &nc_good2[4], 0, 0, NULL, 1467193927},
diff --git a/tests/tls-max-record.c b/tests/tls-max-record.c
index 4e074e658c..fb4076edf1 100644
--- a/tests/tls-max-record.c
+++ b/tests/tls-max-record.c
@@ -74,7 +74,7 @@ void doit(void)
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
@@ -100,7 +100,7 @@ void doit(void)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/tls-rehandshake-cert-2.c b/tests/tls-rehandshake-cert-2.c
index c352a11acb..c096519210 100644
--- a/tests/tls-rehandshake-cert-2.c
+++ b/tests/tls-rehandshake-cert-2.c
@@ -177,7 +177,7 @@ static void client(int fd, unsigned test)
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
@@ -193,7 +193,7 @@ static void client(int fd, unsigned test)
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
@@ -313,7 +313,7 @@ static void server(int fd, unsigned test)
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
@@ -363,7 +363,7 @@ static void server(int fd, unsigned test)
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
diff --git a/tests/tls-rehandshake-cert.c b/tests/tls-rehandshake-cert.c
index 5cba8f1b00..88370b801d 100644
--- a/tests/tls-rehandshake-cert.c
+++ b/tests/tls-rehandshake-cert.c
@@ -107,7 +107,7 @@ void doit(void)
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
@@ -117,7 +117,7 @@ void doit(void)
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
diff --git a/tests/tlsfeature-crt.c b/tests/tlsfeature-crt.c
index 02288d5d0b..fa68816303 100644
--- a/tests/tlsfeature-crt.c
+++ b/tests/tlsfeature-crt.c
@@ -61,39 +61,39 @@ void doit(void)
if (ret < 0)
fail("init %d\n", ret);
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_crt_init(&crt) >= 0);
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ assert(gnutls_x509_crt_init(&crt) >= 0);
- assert(gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM) >= 0);
+ assert(gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM) >= 0);
- assert(gnutls_x509_crt_get_tlsfeatures(crt, feat, 0, &critical) >= 0);
- assert(critical == 0);
+ assert(gnutls_x509_crt_get_tlsfeatures(crt, feat, 0, &critical) >= 0);
+ assert(critical == 0);
- assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
- assert(out == 5);
+ assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
+ assert(out == 5);
- assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) != 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) != 0);
- /* append more features */
- assert(gnutls_x509_tlsfeatures_add(feat, 6) >= 0);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
+ /* append more features */
+ assert(gnutls_x509_tlsfeatures_add(feat, 6) >= 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- /* check whether a single TLSFeat with another value will fail verification */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether a single TLSFeat with another value will fail verification */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
- gnutls_x509_tlsfeatures_deinit(feat);
- gnutls_x509_crt_deinit(crt);
+ gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
}
diff --git a/tests/tlsfeature-ext.c b/tests/tlsfeature-ext.c
index 0c313b4716..ce028cd202 100644
--- a/tests/tlsfeature-ext.c
+++ b/tests/tlsfeature-ext.c
@@ -71,80 +71,80 @@ void doit(void)
if (ret < 0)
fail("init %d\n", ret);
- /* init and write >1 features
- */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* init and write >1 features
+ */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 2) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 3) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 5) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 7) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 11) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 2) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 3) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 5) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 7) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 11) >= 0);
- assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
+ assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- /* re-load and read
- */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* re-load and read
+ */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
+ assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
- assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
- assert(out == 2);
+ assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
+ assert(out == 2);
- assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) >= 0);
- assert(out == 3);
+ assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) >= 0);
+ assert(out == 3);
- assert(gnutls_x509_tlsfeatures_get(feat, 2, &out) >= 0);
- assert(out == 5);
+ assert(gnutls_x509_tlsfeatures_get(feat, 2, &out) >= 0);
+ assert(out == 5);
- assert(gnutls_x509_tlsfeatures_get(feat, 3, &out) >= 0);
- assert(out == 7);
+ assert(gnutls_x509_tlsfeatures_get(feat, 3, &out) >= 0);
+ assert(out == 7);
- assert(gnutls_x509_tlsfeatures_get(feat, 4, &out) >= 0);
- assert(out == 11);
+ assert(gnutls_x509_tlsfeatures_get(feat, 4, &out) >= 0);
+ assert(out == 11);
- gnutls_x509_tlsfeatures_deinit(feat);
- gnutls_free(der.data);
+ gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_free(der.data);
- /* check whether no feature is acceptable */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether no feature is acceptable */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
+ assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
+ assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
- assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- gnutls_free(der.data);
+ gnutls_free(der.data);
- /* check whether we can add a reasonable number of features */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether we can add a reasonable number of features */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- for (i=0;i<128;i++) {
- ret = gnutls_x509_tlsfeatures_add(feat, i);
- if (ret < 0) {
- assert(i>=32);
- assert(ret == GNUTLS_E_INTERNAL_ERROR);
- }
- }
+ for (i=0;i<128;i++) {
+ ret = gnutls_x509_tlsfeatures_add(feat, i);
+ if (ret < 0) {
+ assert(i>=32);
+ assert(ret == GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- /* check whether we can import a very long list */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether we can import a very long list */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_import_tlsfeatures(&der_long, feat, 0) == GNUTLS_E_INTERNAL_ERROR);
+ assert(gnutls_x509_ext_import_tlsfeatures(&der_long, feat, 0) == GNUTLS_E_INTERNAL_ERROR);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
gnutls_global_deinit();
}
diff --git a/tests/utils-adv.c b/tests/utils-adv.c
index 9e6ffdb9f3..8dbc441560 100644
--- a/tests/utils-adv.c
+++ b/tests/utils-adv.c
@@ -40,7 +40,7 @@ void
test_cli_serv(gnutls_certificate_credentials_t server_cred,
gnutls_certificate_credentials_t client_cred,
const char *prio, const char *host,
- void *priv, callback_func *client_cb, callback_func *server_cb)
+ void *priv, callback_func *client_cb, callback_func *server_cb)
{
int exit_code = EXIT_SUCCESS;
int ret;
@@ -57,7 +57,7 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred,
/* Init server */
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- server_cred);
+ server_cred);
gnutls_priority_set_direct(server, prio, NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
@@ -71,7 +71,7 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred,
assert(gnutls_server_name_set(client, GNUTLS_NAME_DNS, host, strlen(host))>=0);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- client_cred);
+ client_cred);
if (ret < 0)
exit(1);
diff --git a/tests/utils.c b/tests/utils.c
index 16649a79da..21ef9d641d 100644
--- a/tests/utils.c
+++ b/tests/utils.c
@@ -215,14 +215,14 @@ void binprint(const void *_str, size_t len)
printf("\t;; ");
for (i = 0; i < len; i++) {
printf("%d%d%d%d%d%d%d%d ",
- (str[i] & 0xFF) & 0x80 ? 1 : 0,
- (str[i] & 0xFF) & 0x40 ? 1 : 0,
- (str[i] & 0xFF) & 0x20 ? 1 : 0,
- (str[i] & 0xFF) & 0x10 ? 1 : 0,
- (str[i] & 0xFF) & 0x08 ? 1 : 0,
- (str[i] & 0xFF) & 0x04 ? 1 : 0,
- (str[i] & 0xFF) & 0x02 ? 1 : 0,
- (str[i] & 0xFF) & 0x01 ? 1 : 0);
+ (str[i] & 0xFF) & 0x80 ? 1 : 0,
+ (str[i] & 0xFF) & 0x40 ? 1 : 0,
+ (str[i] & 0xFF) & 0x20 ? 1 : 0,
+ (str[i] & 0xFF) & 0x10 ? 1 : 0,
+ (str[i] & 0xFF) & 0x08 ? 1 : 0,
+ (str[i] & 0xFF) & 0x04 ? 1 : 0,
+ (str[i] & 0xFF) & 0x02 ? 1 : 0,
+ (str[i] & 0xFF) & 0x01 ? 1 : 0);
if ((i + 1) % 3 == 0)
printf(" ");
if ((i + 1) % 6 == 0 && i + 1 < len)
@@ -254,7 +254,7 @@ int main(int argc, char *argv[])
if (debug || error_count > 0)
printf("Self test `%s' finished with %d errors\n", argv[0],
- error_count);
+ error_count);
return error_count ? 1 : 0;
}
diff --git a/tests/version-checks.c b/tests/version-checks.c
index 64755b556f..588d5776e2 100644
--- a/tests/version-checks.c
+++ b/tests/version-checks.c
@@ -84,7 +84,7 @@ static void try(const char *client_prio, int expected)
gnutls_init(&server, GNUTLS_SERVER|flags);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
assert(gnutls_priority_set_direct(server,
server_prio,
@@ -109,7 +109,7 @@ static void try(const char *client_prio, int expected)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
diff --git a/tests/windows/cng-windows.c b/tests/windows/cng-windows.c
index e92f7b037e..3c3edf6f6d 100644
--- a/tests/windows/cng-windows.c
+++ b/tests/windows/cng-windows.c
@@ -151,7 +151,7 @@ void test_sig(void)
/* test the raw interface DigestInfo
*/
- ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info);
+ ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info);
assert(ret >= 0);
ret =
diff --git a/tests/windows/crypt32.c b/tests/windows/crypt32.c
index 9d51a2938f..11325f7beb 100644
--- a/tests/windows/crypt32.c
+++ b/tests/windows/crypt32.c
@@ -67,7 +67,7 @@ __declspec(dllexport)
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(
HCERTSTORE hCertStore, DWORD dwCertEncodingType,
DWORD dwFindFlags, DWORD dwFindType,
- const void *pvFindPara, PCCERT_CONTEXT pPrevCertContext)
+ const void *pvFindPara, PCCERT_CONTEXT pPrevCertContext)
{
//CRYPT_HASH_BLOB *blob = (void*)pvFindPara;
@@ -163,7 +163,7 @@ BOOL WINAPI CryptAcquireContextW(HCRYPTPROV *phProv, LPCWSTR szContainer,
__declspec(dllexport)
BOOL WINAPI CryptDecrypt(HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final,
- DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
+ DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
{
return 0;
}
diff --git a/tests/x509-extensions.c b/tests/x509-extensions.c
index c7c821cbe0..d480f83646 100644
--- a/tests/x509-extensions.c
+++ b/tests/x509-extensions.c
@@ -725,7 +725,7 @@ void doit(void)
oid_len = sizeof(oid);
ret =
gnutls_x509_crt_get_extension_info(cert, i, oid, &oid_len,
- &critical);
+ &critical);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
if (i != 9) {
fail("unexpected number of extensions: %d\n",
diff --git a/tests/x509cert-tl.c b/tests/x509cert-tl.c
index fef0158b49..e636ccc0a9 100644
--- a/tests/x509cert-tl.c
+++ b/tests/x509cert-tl.c
@@ -320,7 +320,7 @@ void doit(void)
vdata.size = NAME_SIZE;
ret =
gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1,
- 0, &status, NULL);
+ 0, &status, NULL);
if (ret < 0 || status != 0)
fail("gnutls_x509_trust_list_verify_crt2 - 1: status: %x\n", status);
@@ -329,7 +329,7 @@ void doit(void)
vdata.size = NAME_SIZE-2;
ret =
gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1,
- 0, &status, NULL);
+ 0, &status, NULL);
if (ret < 0 || status == 0)
fail("gnutls_x509_trust_list_verify_crt2 - 2: status: %x\n", status);
diff --git a/tests/x509cert.c b/tests/x509cert.c
index 32360bd2c4..13f0ed3aaf 100644
--- a/tests/x509cert.c
+++ b/tests/x509cert.c
@@ -144,8 +144,8 @@ void doit(void)
ret =
gnutls_x509_privkey_export2(get_key,
- GNUTLS_X509_FMT_PEM,
- &get_datum);
+ GNUTLS_X509_FMT_PEM,
+ &get_datum);
if (ret < 0)
fail("gnutls_x509_privkey_export2");
@@ -190,13 +190,13 @@ void doit(void)
n_get_ca_crts = 0;
trust_iter = NULL;
while (gnutls_x509_trust_list_iter_get_ca(trust_list,
- &trust_iter,
- &get_ca_crt) !=
- GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ &trust_iter,
+ &get_ca_crt) !=
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
ret =
gnutls_x509_crt_export2(get_ca_crt,
- GNUTLS_X509_FMT_PEM,
- &get_datum);
+ GNUTLS_X509_FMT_PEM,
+ &get_datum);
if (ret < 0)
fail("gnutls_x509_crt_export2");
diff --git a/tests/x509dn.c b/tests/x509dn.c
index f9b5a7be6d..d84151149a 100644
--- a/tests/x509dn.c
+++ b/tests/x509dn.c
@@ -85,7 +85,7 @@ cert_callback(gnutls_session_t session,
if (nreqs != 1) {
fail("client: invoked to provide client cert, but %d CAs are requested by server.\n",
- nreqs);
+ nreqs);
return -1;
}
@@ -111,7 +111,7 @@ cert_callback(gnutls_session_t session,
if (val.value.size == strlen(EXPECT_RDN0)
&& strncmp((char *) val.value.data,
- EXPECT_RDN0, val.value.size) == 0) {
+ EXPECT_RDN0, val.value.size) == 0) {
if (debug)
success
("client: RND 0 correct.\n");
diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c
index c5850e03b1..5379f36841 100644
--- a/tests/x509sign-verify.c
+++ b/tests/x509sign-verify.c
@@ -174,7 +174,7 @@ void doit(void)
ret =
gnutls_x509_privkey_import(key, &key_dat[i],
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("gnutls_x509_privkey_import\n");
@@ -191,12 +191,12 @@ void doit(void)
fail("gnutls_privkey_import_x509\n");
ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0,
- &hash_data, &signature2);
+ &hash_data, &signature2);
if (ret < 0)
fail("gnutls_privkey_sign_hash\n");
ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0,
- &raw_data, &signature);
+ &raw_data, &signature);
if (ret < 0)
fail("gnutls_x509_privkey_sign_hash\n");
@@ -245,15 +245,15 @@ void doit(void)
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- &hash_data, &signature2);
+ &hash_data, &signature2);
if (ret < 0)
fail("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n");
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- &invalid_hash_data,
- &signature2);
+ &invalid_hash_data,
+ &signature2);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
fail("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n");
@@ -280,9 +280,9 @@ void doit(void)
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo,
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
- &hash_data,
- &signature);
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
+ &hash_data,
+ &signature);
if (ret < 0)
fail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n");
@@ -290,17 +290,17 @@ void doit(void)
/* test the legacy API */
ret =
gnutls_privkey_sign_raw_data(privkey, 0,
- &hash_data,
- &signature);
+ &hash_data,
+ &signature);
if (ret < 0)
fail("gnutls_privkey_sign_raw_data: %s\n",
gnutls_strerror(ret));
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo,
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
- &hash_data,
- &signature);
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
+ &hash_data,
+ &signature);
if (ret < 0)
fail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n");
}
diff --git a/tests/x509sign-verify2.c b/tests/x509sign-verify2.c
index 157305e60f..dd54cfed18 100644
--- a/tests/x509sign-verify2.c
+++ b/tests/x509sign-verify2.c
@@ -125,17 +125,17 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits)
ret =
gnutls_pubkey_verify_hash2(pubkey,
- sign_algo, 0,
- hash_data, &signature);
+ sign_algo, 0,
+ hash_data, &signature);
if (ret < 0)
ERR(__LINE__);
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey,
- sign_algo, 0,
- &invalid_hash_data,
- &signature);
+ sign_algo, 0,
+ &invalid_hash_data,
+ &signature);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
ERR(__LINE__);
@@ -145,15 +145,15 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits)
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- hash_data, &signature);
+ hash_data, &signature);
if (ret < 0)
ERR(__LINE__);
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- &invalid_hash_data,
- &signature);
+ &invalid_hash_data,
+ &signature);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
ERR(__LINE__);
@@ -178,10 +178,10 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits)
ret =
gnutls_pubkey_verify_hash2(pubkey,
- sign_algo,
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
- hash_data,
- &signature);
+ sign_algo,
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
+ hash_data,
+ &signature);
if (ret < 0)
ERR(__LINE__);