diff options
210 files changed, 2962 insertions, 2821 deletions
diff --git a/configure.ac b/configure.ac index 2e79ed9103..06640631cf 100644 --- a/configure.ac +++ b/configure.ac @@ -522,7 +522,7 @@ if test "$enable_dane" != "no"; then AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library]) enable_dane=yes], [AC_MSG_RESULT(no) - AC_MSG_WARN([[ + AC_MSG_WARN([[ *** *** libunbound was not found. Libdane will not be built. *** ]]) @@ -539,7 +539,7 @@ if test "$have_win" = yes; then unbound_root_key_file="C:\\Program Files\\Unbound\\root.key" else if test -f /var/lib/unbound/root.key;then - unbound_root_key_file="/var/lib/unbound/root.key" + unbound_root_key_file="/var/lib/unbound/root.key" else if test -f /usr/share/dns/root.key;then unbound_root_key_file="/usr/share/dns/root.key" @@ -608,7 +608,7 @@ if test "$with_tpm" != "no"; then AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM]) with_tpm=yes], [AC_MSG_RESULT(no) - AC_MSG_WARN([[ + AC_MSG_WARN([[ *** *** trousers was not found. TPM support will be disabled. *** ]]) diff --git a/doc/Makefile.am b/doc/Makefile.am index c69d8770ee..218bbc98ec 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -32,7 +32,7 @@ endif -include $(top_srcdir)/doc/doc.mk invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -40,7 +40,7 @@ invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def mv -f $@.tmp $@ invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls-cli.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -48,7 +48,7 @@ invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls mv -f $@.tmp $@ invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -56,7 +56,7 @@ invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug mv -f $@.tmp $@ invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -67,7 +67,7 @@ invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.tex rm -f $@.tmp invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -78,7 +78,7 @@ invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi rm -f $@.tmp invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -89,7 +89,7 @@ invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi rm -f $@.tmp invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -100,7 +100,7 @@ invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi rm -f $@.tmp invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -111,7 +111,7 @@ invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi rm -f $@.tmp invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -122,7 +122,7 @@ invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi rm -f $@.tmp invoke-tpmtool.texi: $(top_srcdir)/src/tpmtool-args.def invoke-p11tool.texi - PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \ if [ ! -e $@ ]; then \ cp $(srcdir)/$@ .; \ fi; \ @@ -139,7 +139,7 @@ gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi \ cha-gtls-app.texi cha-internals.texi cha-intro-tls.texi \ cha-library.texi cha-preface.texi cha-programs.texi \ sec-tls-app.texi cha-errors.texi cha-support.texi \ - cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \ + cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \ cha-tokens.texi cha-crypto.texi cha-auth.texi AUTOGENED_DOC = invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \ diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c index b2636312f7..7f1d4595a6 100644 --- a/doc/examples/ex-pkcs11-list.c +++ b/doc/examples/ex-pkcs11-list.c @@ -39,7 +39,7 @@ int main(int argc, char **argv) } for (i = 0; i < obj_list_size; i++) - gnutls_pkcs11_obj_deinit(obj_list[i]); + gnutls_pkcs11_obj_deinit(obj_list[i]); gnutls_free(obj_list); return 0; diff --git a/doc/gnutls.texi b/doc/gnutls.texi index d62f310cde..cefbbeb7f8 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -16,8 +16,8 @@ This manual is last updated @value{UPDATED} for version @value{VERSION} of GnuTLS. -Copyright @copyright{} 2001-2015 Free Software Foundation, Inc.\\ -Copyright @copyright{} 2001-2015 Nikos Mavrogiannopoulos +Copyright @copyright{} 2001-2016 Free Software Foundation, Inc.\\ +Copyright @copyright{} 2001-2016 Nikos Mavrogiannopoulos @quotation Permission is granted to copy, distribute and/or modify this document diff --git a/lib/Makefile.am b/lib/Makefile.am index 7341f80c7f..5db029e01c 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -68,14 +68,14 @@ PSK_COBJECTS = psk.c COBJECTS = range.c record.c compress.c debug.c cipher.c \ mbuffers.c buffers.c handshake.c num.c errors.c dh.c kx.c \ - priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \ + priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \ extensions.c auth.c sslv2_compat.c datum.c session_pack.c mpi.c \ pk.c cert.c global.c constate.c anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \ - mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \ - system/certs.c system/threads.c system/fastopen.c system/sockets.c \ + mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \ + system/certs.c system/threads.c system/fastopen.c system/sockets.c \ system/inet_ntop.c system/iconv.c system/vasprintf.c vasprintf.h system.c \ - str.c state.c x509.c file.c supplemental.c \ - random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \ + str.c state.c x509.c file.c supplemental.c \ + random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \ system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \ safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \ system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \ diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 7b358bbc8a..95f37561d4 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -176,7 +176,7 @@ static const cipher_entry_st algorithms[] = { .explicit_iv = 8, .cipher_iv = 12, .tagsize = 16}, - { .name = "3DES-CBC", + { .name = "3DES-CBC", .id = GNUTLS_CIPHER_3DES_CBC, .blocksize = 8, .keysize = 24, @@ -212,11 +212,11 @@ static const cipher_entry_st algorithms[] = { }; #define GNUTLS_CIPHER_LOOP(b) \ - const cipher_entry_st *p; \ - for(p = algorithms; p->name != NULL; p++) { b ; } + const cipher_entry_st *p; \ + for(p = algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_ALG_LOOP(a) \ - GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } ) + GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } ) /* CIPHER functions */ diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 76964ae81c..3fb417dc70 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -85,8 +85,8 @@ #define GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x9A } #define GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x9B } -#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A } -#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B } +#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A } +#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B } #define GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x7C } #define GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7D } #define GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 { 0xC0,0x80 } @@ -97,8 +97,8 @@ #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x87 } #define GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8A } #define GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8B } -#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E } -#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F } +#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E } +#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F } #define GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x90 } #define GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x91 } #define GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x92 } @@ -252,21 +252,21 @@ #define GNUTLS_DHE_PSK_AES_256_GCM_SHA384 { 0x00, 0xAB } #define GNUTLS_PSK_AES_256_CBC_SHA384 { 0x00,0xAF } -#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 } +#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 } #define GNUTLS_DHE_PSK_AES_256_CBC_SHA384 { 0x00,0xB3 } -#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 } +#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 } -#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C } -#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D } -#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E } -#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 } +#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C } +#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D } +#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E } +#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 } #define GNUTLS_RSA_PSK_AES_128_GCM_SHA256 { 0x00,0xAC } #define GNUTLS_RSA_PSK_AES_256_GCM_SHA384 { 0x00,0xAD } #define GNUTLS_RSA_PSK_AES_128_CBC_SHA256 { 0x00,0xB6 } #define GNUTLS_RSA_PSK_AES_256_CBC_SHA384 { 0x00,0xB7 } -#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 } -#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 } +#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 } +#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 } /* PSK - SHA256 HMAC */ @@ -291,7 +291,7 @@ #define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 } /* ECC-ECDSA */ -#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 } +#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 } #define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 } #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 } #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A } @@ -1139,11 +1139,11 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { }; #define CIPHER_SUITE_LOOP(b) { \ - const gnutls_cipher_suite_entry_st *p; \ - for(p = cs_algorithms; p->name != NULL; p++) { b ; } } + const gnutls_cipher_suite_entry_st *p; \ + for(p = cs_algorithms; p->name != NULL; p++) { b ; } } #define CIPHER_SUITE_ALG_LOOP(a, suite) \ - CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } ) + CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } ) /* Cipher Suite's functions */ diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index 9d0c584b0a..ac1c3e2187 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -82,7 +82,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { #define GNUTLS_ECC_CURVE_LOOP(b) \ { const gnutls_ecc_curve_entry_st *p; \ - for(p = ecc_curves; p->name != NULL; p++) { b ; } } + for(p = ecc_curves; p->name != NULL; p++) { b ; } } /* Returns the TLS id of the given curve diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c index 09eab0d8c2..2d5ad81bc5 100644 --- a/lib/algorithms/kx.c +++ b/lib/algorithms/kx.c @@ -76,11 +76,11 @@ static const gnutls_cred_map cred_mappings[] = { }; #define GNUTLS_KX_MAP_LOOP(b) \ - const gnutls_cred_map *p; \ - for(p = cred_mappings; p->algorithm != 0; p++) { b ; } + const gnutls_cred_map *p; \ + for(p = cred_mappings; p->algorithm != 0; p++) { b ; } #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \ - GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) + GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) struct gnutls_kx_algo_entry { const char *name; @@ -134,11 +134,11 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { }; #define GNUTLS_KX_LOOP(b) \ - const gnutls_kx_algo_entry *p; \ - for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; } + const gnutls_kx_algo_entry *p; \ + for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_KX_ALG_LOOP(a) \ - GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } ) + GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } ) /* Key EXCHANGE functions */ diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index f0882549c9..0198e4a205 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -62,11 +62,11 @@ static const mac_entry_st hash_algorithms[] = { #define GNUTLS_HASH_LOOP(b) \ - const mac_entry_st *p; \ - for(p = hash_algorithms; p->name != NULL; p++) { b ; } + const mac_entry_st *p; \ + for(p = hash_algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_HASH_ALG_LOOP(a) \ - GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) + GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) const mac_entry_st *_gnutls_mac_to_entry(gnutls_mac_algorithm_t c) { @@ -172,7 +172,7 @@ gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name) GNUTLS_HASH_LOOP( if (strcasecmp(p->name, name) == 0) { if (p->placeholder != 0 || _gnutls_mac_exists(p->id)) - ret = p->id; + ret = p->id; break; } ); diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 8ef69a5e70..b2bd675f5f 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -129,8 +129,8 @@ static const version_entry_st sup_versions[] = { }; #define GNUTLS_VERSION_LOOP(b) \ - const version_entry_st *p; \ - for(p = sup_versions; p->name != NULL; p++) { b ; } + const version_entry_st *p; \ + for(p = sup_versions; p->name != NULL; p++) { b ; } #define GNUTLS_VERSION_ALG_LOOP(a) \ GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; }) diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c index c70187736f..b7b1169fbb 100644 --- a/lib/algorithms/publickey.c +++ b/lib/algorithms/publickey.c @@ -57,11 +57,11 @@ static const gnutls_pk_map pk_mappings[] = { }; #define GNUTLS_PK_MAP_LOOP(b) \ - const gnutls_pk_map *p; \ - for(p = pk_mappings; p->kx_algorithm != 0; p++) { b } + const gnutls_pk_map *p; \ + for(p = pk_mappings; p->kx_algorithm != 0; p++) { b } #define GNUTLS_PK_MAP_ALG_LOOP(a) \ - GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) + GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) /* returns the gnutls_pk_algorithm_t which is compatible with @@ -104,7 +104,7 @@ static const gnutls_pk_entry pk_algorithms[] = { #define GNUTLS_PK_LOOP(b) \ { const gnutls_pk_entry *p; \ - for(p = pk_algorithms; p->name != NULL; p++) { b ; } } + for(p = pk_algorithms; p->name != NULL; p++) { b ; } } /** diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index 081a6bf4cf..ee65fc7a90 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -60,7 +60,7 @@ static const gnutls_sec_params_entry sec_params[] = { #define GNUTLS_SEC_PARAM_LOOP(b) \ { const gnutls_sec_params_entry *p; \ - for(p = sec_params; p->name != NULL; p++) { b ; } } + for(p = sec_params; p->name != NULL; p++) { b ; } } /** * gnutls_sec_param_to_pk_bits: diff --git a/lib/auth/cert.c b/lib/auth/cert.c index e52acd636b..15601725dc 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -714,7 +714,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) /* if no certificates were found then send: * 0B 00 00 03 00 00 00 // Certificate with no certs * instead of: - * 0B 00 00 00 // empty certificate handshake + * 0B 00 00 00 // empty certificate handshake * * ( the above is the whole handshake message, not * the one produced here ) diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index d5b953ed27..f9e2b36649 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -107,9 +107,9 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, } ret = 0; -error: + error: _gnutls_mpi_release(&session->key.client_Y); - gnutls_pk_params_clear(&session->key.dh_params); + gnutls_pk_params_clear(&session->key.dh_params); return ret; } @@ -173,8 +173,8 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, ret = data->length; - error: - gnutls_pk_params_clear(&session->key.dh_params); + error: + gnutls_pk_params_clear(&session->key.dh_params); return ret; } diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index e445c2f0fe..909e472dc0 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -191,8 +191,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, goto cleanup; } -cleanup: - gnutls_pk_params_clear(&session->key.ecdh_params); + cleanup: + gnutls_pk_params_clear(&session->key.ecdh_params); return ret; } @@ -271,8 +271,8 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, } else if (pk == GNUTLS_PK_ECDHX) { ret = _gnutls_buffer_append_data_prefix(data, 8, - session->key.ecdh_params.raw_pub.data, - session->key.ecdh_params.raw_pub.size); + session->key.ecdh_params.raw_pub.data, + session->key.ecdh_params.raw_pub.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -287,8 +287,8 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, } ret = data->length; -cleanup: - gnutls_pk_params_clear(&session->key.ecdh_params); + cleanup: + gnutls_pk_params_clear(&session->key.ecdh_params); return ret; } @@ -451,9 +451,9 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, } else if (pk == GNUTLS_PK_ECDHX) { ret = - _gnutls_buffer_append_data_prefix(data, 8, - session->key.ecdh_params.raw_pub.data, - session->key.ecdh_params.raw_pub.size); + _gnutls_buffer_append_data_prefix(data, 8, + session->key.ecdh_params.raw_pub.data, + session->key.ecdh_params.raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); } diff --git a/lib/auth/psk.c b/lib/auth/psk.c index 2b3ac41dc0..ea1417b662 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -292,9 +292,9 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, * * struct { * select (KeyExchangeAlgorithm) { - * // other cases for rsa, diffie_hellman, etc. - * case psk: // NEW - * uint8_t psk_identity_hint<0..2^16-1>; + * // other cases for rsa, diffie_hellman, etc. + * case psk: // NEW + * uint8_t psk_identity_hint<0..2^16-1>; * }; * } ServerKeyExchange; * diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 2ef2c9c901..72aadb83f8 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -194,8 +194,8 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, char *username, cleanup: if (fd != NULL) fclose(fd); - - zeroize_key(line, line_size); + + zeroize_key(line, line_size); free(line); return ret; diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index 4e00f88b4f..b911282567 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -213,7 +213,7 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != ':') - && (line[i] != '\0')) { + && (line[i] != '\0')) { i++; } diff --git a/lib/auto-verify.c b/lib/auto-verify.c index 4780843c00..8c618b612b 100644 --- a/lib/auto-verify.c +++ b/lib/auto-verify.c @@ -31,26 +31,26 @@ /* The actual verification callback. */ static int auto_verify_cb(gnutls_session_t session) { - unsigned int status; - int ret; + unsigned int status; + int ret; - if (session->internals.vc_elements == 0) { - ret = gnutls_certificate_verify_peers2(session, &status); + if (session->internals.vc_elements == 0) { + ret = gnutls_certificate_verify_peers2(session, &status); } else { - ret = gnutls_certificate_verify_peers(session, session->internals.vc_data, + ret = gnutls_certificate_verify_peers(session, session->internals.vc_data, session->internals.vc_elements, &status); - } - if (ret < 0) { - return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); - } + } + if (ret < 0) { + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + } - session->internals.vc_status = status; + session->internals.vc_status = status; - if (status != 0) /* Certificate is not trusted */ - return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR); + if (status != 0) /* Certificate is not trusted */ + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR); - /* notify gnutls to continue handshake normally */ - return 0; + /* notify gnutls to continue handshake normally */ + return 0; } /** diff --git a/lib/buffers.c b/lib/buffers.c index 72c48e7e04..0371ae849a 100644 --- a/lib/buffers.c +++ b/lib/buffers.c @@ -266,7 +266,7 @@ _gnutls_dgram_read(gnutls_session_t session, mbuffer_st ** bufel, int err = get_errno(session); _gnutls_read_log("READ: %d returned from %p, errno=%d\n", - (int) i, fd, err); + (int) i, fd, err); ret = errno_to_gerr(err, 1); goto cleanup; @@ -459,9 +459,9 @@ _gnutls_writev_emu(gnutls_session_t session, gnutls_transport_ptr_t fd, } if (ret == -1) { - gnutls_assert(); + gnutls_assert(); break; - } + } total += ret; diff --git a/lib/buffers.h b/lib/buffers.h index e4dabf1b5f..a8f2c5c779 100644 --- a/lib/buffers.h +++ b/lib/buffers.h @@ -119,7 +119,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, unsigned int ms); #define _gnutls_handshake_io_buffer_clear( session) \ - _mbuffer_head_clear( &session->internals.handshake_send_buffer); \ - _gnutls_handshake_recv_buffer_clear( session); + _mbuffer_head_clear( &session->internals.handshake_send_buffer); \ + _gnutls_handshake_recv_buffer_clear( session); #endif diff --git a/lib/cipher.c b/lib/cipher.c index 50096df6c4..b25ba90997 100644 --- a/lib/cipher.c +++ b/lib/cipher.c @@ -400,10 +400,9 @@ compressed_to_ciphertext(gnutls_session_t session, memset(nonce, 0, 4); memcpy(&nonce[4], - UINT64DATA(params->write.sequence_number), - 8); + UINT64DATA(params->write.sequence_number), 8); - memxor(nonce, params->write.IV.data, 12); + memxor(nonce, params->write.IV.data, 12); } } @@ -602,7 +601,7 @@ ciphertext_to_compressed(gnutls_session_t session, memset(nonce, 0, 4); memcpy(&nonce[4], UINT64DATA(*sequence), 8); - memxor(nonce, params->read.IV.data, 12); + memxor(nonce, params->read.IV.data, 12); } length = diff --git a/lib/cipher_int.c b/lib/cipher_int.c index 6482e00bc5..46ce30b6c8 100644 --- a/lib/cipher_int.c +++ b/lib/cipher_int.c @@ -85,7 +85,7 @@ _gnutls_cipher_init(cipher_hd_st *handle, const cipher_entry_st *e, if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - FAIL_IF_LIB_ERROR; + FAIL_IF_LIB_ERROR; handle->e = e; handle->handle = NULL; @@ -183,7 +183,7 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle, if (unlikely(e == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - FAIL_IF_LIB_ERROR; + FAIL_IF_LIB_ERROR; memset(handle, 0, sizeof(*handle)); handle->etm = etm; @@ -308,9 +308,9 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle, l = (textlen / blocksize) * blocksize; if (l > 0) { ret = - _gnutls_cipher_encrypt2(&handle->cipher, text, - l, ciphertext, - ciphertextlen); + _gnutls_cipher_encrypt2(&handle->cipher, text, + l, ciphertext, + ciphertextlen); if (ret < 0) return gnutls_assert_val(ret); @@ -353,9 +353,9 @@ int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle, MAC(handle, ciphertext, textlen); ret = - _gnutls_auth_cipher_tag(handle, - ciphertext + textlen, - handle->tag_size); + _gnutls_auth_cipher_tag(handle, + ciphertext + textlen, + handle->tag_size); if (ret < 0) return gnutls_assert_val(ret); } diff --git a/lib/compress.c b/lib/compress.c index 2e7197fb63..8008bf60d8 100644 --- a/lib/compress.c +++ b/lib/compress.c @@ -205,9 +205,9 @@ _gnutls_supported_compression_methods(gnutls_session_t session, for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) { if (IS_DTLS(session) && session->internals.priorities.compression.priority[i] != GNUTLS_COMP_NULL) { - gnutls_assert(); - continue; - } + gnutls_assert(); + continue; + } tmp = _gnutls_compression_get_num(session-> diff --git a/lib/crypto-api.c b/lib/crypto-api.c index e8fc7b9404..9b2bafa66a 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -763,11 +763,11 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle, return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); ret = _gnutls_aead_cipher_encrypt(&h->ctx_enc, - nonce, nonce_len, - auth, auth_len, - tag_size, - ptext, ptext_len, - ctext, *ctext_len); + nonce, nonce_len, + auth, auth_len, + tag_size, + ptext, ptext_len, + ctext, *ctext_len); if (unlikely(ret < 0)) return gnutls_assert_val(ret); diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c index 9130e894ed..bac3035c44 100644 --- a/lib/crypto-backend.c +++ b/lib/crypto-backend.c @@ -98,8 +98,8 @@ _algo_register(algo_list * al, int algorithm, int priority, void *s, int free_s) return 0; cleanup: - if (free_s) gnutls_free(s); - return ret; + if (free_s) gnutls_free(s); + return ret; } static const void *_get_algo(algo_list * al, int algo) diff --git a/lib/datum.h b/lib/datum.h index 6b4ff48b8f..9b2d82925b 100644 --- a/lib/datum.h +++ b/lib/datum.h @@ -29,7 +29,7 @@ int _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size); int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data, - size_t data_size); + size_t data_size); int _gnutls_datum_append(gnutls_datum_t * dat, const void *data, size_t data_size); @@ -54,7 +54,7 @@ void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) if (dat->data != NULL) { zeroize_temp_key(dat->data, dat->size); gnutls_free(dat->data); - } + } dat->data = NULL; dat->size = 0; @@ -66,7 +66,7 @@ void _gnutls_free_key_datum(gnutls_datum_t * dat) if (dat->data != NULL) { zeroize_key(dat->data, dat->size); gnutls_free(dat->data); - } + } dat->data = NULL; dat->size = 0; diff --git a/lib/dtls-sw.c b/lib/dtls-sw.c index 36630abb07..7e9d701d12 100644 --- a/lib/dtls-sw.c +++ b/lib/dtls-sw.c @@ -2,7 +2,7 @@ * Copyright (C) 2016 Red Hat, Inc. * * Authors: Fridolin Pokorny - * Nikos Mavrogiannopoulos + * Nikos Mavrogiannopoulos * * This file is part of GNUTLS. * diff --git a/lib/dtls.c b/lib/dtls.c index 50d5dcefc4..e78665fd81 100644 --- a/lib/dtls.c +++ b/lib/dtls.c @@ -3,7 +3,7 @@ * Copyright (C) 2013 Nikos Mavrogiannopoulos * * Authors: Jonathan Bastien-Filiatrault - * Nikos Mavrogiannopoulos + * Nikos Mavrogiannopoulos * * This file is part of GNUTLS. * diff --git a/lib/dtls.h b/lib/dtls.h index e49a8a1344..5603241fb4 100644 --- a/lib/dtls.h +++ b/lib/dtls.h @@ -54,7 +54,7 @@ void _dtls_reset_window(struct record_parameters_st *rp); if (r != GNUTLS_E_INTERRUPTED) _rr = GNUTLS_E_AGAIN; \ else _rr = r; \ if (!(session->internals.flags & GNUTLS_NONBLOCK)) \ - millisleep(50); \ + millisleep(50); \ return gnutls_assert_val(_rr); \ } \ } @@ -86,8 +86,8 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, /* pad and store y */ return 0; cleanup: - _gnutls_free_datum(out); - return ret; + _gnutls_free_datum(out); + return ret; } diff --git a/lib/errors.c b/lib/errors.c index 21bcdddd62..05ef2e3171 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -74,8 +74,8 @@ static const gnutls_error_entry error_entries[] = { ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR), ERROR_ENTRY(N_( - "A connection with inappropriate fallback was attempted."), - GNUTLS_E_INAPPROPRIATE_FALLBACK), + "A connection with inappropriate fallback was attempted."), + GNUTLS_E_INAPPROPRIATE_FALLBACK), ERROR_ENTRY(N_("An illegal TLS extension was received."), GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION), ERROR_ENTRY(N_("A TLS fatal alert has been received."), diff --git a/lib/ext/dumbfw.c b/lib/ext/dumbfw.c index d48f28ecc1..b623f2a396 100644 --- a/lib/ext/dumbfw.c +++ b/lib/ext/dumbfw.c @@ -63,7 +63,7 @@ _gnutls_dumbfw_send_params(gnutls_session_t session, } else { /* 256 <= extdata->length < 512 */ pad_size = 512 - extdata->length; - memset(pad, 0, pad_size); + memset(pad, 0, pad_size); ret = gnutls_buffer_append_data(extdata, pad, diff --git a/lib/ext/srp.h b/lib/ext/srp.h index c3a316a500..00b8e2ba0e 100644 --- a/lib/ext/srp.h +++ b/lib/ext/srp.h @@ -28,7 +28,7 @@ #ifdef ENABLE_SRP #define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \ - kx == GNUTLS_KX_SRP_DSS)?1:0) + kx == GNUTLS_KX_SRP_DSS)?1:0) extern const extension_entry_st ext_mod_srp; diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index c95224a834..637a4403d2 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -50,17 +50,17 @@ typedef struct { From RFC 6066. Client sends: struct { - CertificateStatusType status_type; - select (status_type) { - case ocsp: OCSPStatusRequest; - } request; + CertificateStatusType status_type; + select (status_type) { + case ocsp: OCSPStatusRequest; + } request; } CertificateStatusRequest; enum { ocsp(1), (255) } CertificateStatusType; struct { - ResponderID responder_id_list<0..2^16-1>; - Extensions request_extensions; + ResponderID responder_id_list<0..2^16-1>; + Extensions request_extensions; } OCSPStatusRequest; opaque ResponderID<1..2^16-1>; diff --git a/lib/extras/hex.c b/lib/extras/hex.c index 3a89a014bb..55b64ca309 100644 --- a/lib/extras/hex.c +++ b/lib/extras/hex.c @@ -10,11 +10,11 @@ static bool char_to_hex(unsigned char *val, char c) *val = c - '0'; return true; } - if (c >= 'a' && c <= 'f') { + if (c >= 'a' && c <= 'f') { *val = c - 'a' + 10; return true; } - if (c >= 'A' && c <= 'F') { + if (c >= 'A' && c <= 'F') { *val = c - 'A' + 10; return true; } diff --git a/lib/fips.c b/lib/fips.c index 992a918d8d..8a0ada34bc 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -350,7 +350,7 @@ int _gnutls_fips_perform_self_checks2(void) gnutls_assert(); goto error; } - + ret = _gnutls_rnd_ops.self_test(); if (ret < 0) { gnutls_assert(); diff --git a/lib/gnutls.asn b/lib/gnutls.asn index 76bad6fbb6..744403403a 100644 --- a/lib/gnutls.asn +++ b/lib/gnutls.asn @@ -26,7 +26,7 @@ RSAPrivateKey ::= SEQUENCE { exponent1 INTEGER, -- (Usually large) d mod (p-1) exponent2 INTEGER, -- (Usually large) d mod (q-1) coefficient INTEGER, -- (Usually large) (inverse of q) mod p - otherInfo RSAOtherInfo OPTIONAL + otherInfo RSAOtherInfo OPTIONAL } ProvableSeed ::= SEQUENCE { @@ -35,8 +35,8 @@ ProvableSeed ::= SEQUENCE { } RSAOtherInfo ::= CHOICE { - otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation - seed [1] ProvableSeed + otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation + seed [1] ProvableSeed } OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 25d4b3a814..2435c5c1e1 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -609,7 +609,7 @@ struct record_state_st { 0x0000-0xffff. */ #define EPOCH_READ_CURRENT 70000 #define EPOCH_WRITE_CURRENT 70001 -#define EPOCH_NEXT 70002 +#define EPOCH_NEXT 70002 struct record_parameters_st { uint16_t epoch; @@ -694,12 +694,12 @@ struct gnutls_priority_st { #define DEFAULT_MAX_EMPTY_RECORDS 200 #define ENABLE_COMPAT(x) \ - (x)->allow_large_records = 1; \ - (x)->no_etm = 1; \ - (x)->no_ext_master_secret = 1; \ - (x)->allow_key_usage_violation = 1; \ - (x)->allow_wrong_pms = 1; \ - (x)->dumbfw = 1 + (x)->allow_large_records = 1; \ + (x)->no_etm = 1; \ + (x)->no_ext_master_secret = 1; \ + (x)->allow_key_usage_violation = 1; \ + (x)->allow_wrong_pms = 1; \ + (x)->dumbfw = 1 /* DH and RSA parameters types. */ diff --git a/lib/handshake.c b/lib/handshake.c index 7dccae6030..9a8c9acc3f 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1264,7 +1264,7 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, } ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0, - _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); + _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); if (ret < 0) { gnutls_assert(); _mbuffer_xfree(&bufel); @@ -1281,7 +1281,7 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, } ret = call_hook_func(session, type, GNUTLS_HOOK_POST, 0, - _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); + _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); if (ret < 0) { gnutls_assert(); return ret; @@ -1707,8 +1707,8 @@ client_check_if_resuming(gnutls_session_t session, memcpy(session->security_parameters.cipher_suite, session->internals.resumed_security_parameters.cipher_suite, 2); - session->security_parameters.compression_method = - session->internals.resumed_security_parameters.compression_method; + session->security_parameters.compression_method = + session->internals.resumed_security_parameters.compression_method; _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, @@ -2344,37 +2344,37 @@ recv_hello_verify_request(gnutls_session_t session, /* The packets in gnutls_handshake (it's more broad than original TLS handshake) * - * Client Server + * Client Server * - * ClientHello --------> - * <-------- ServerHello + * ClientHello --------> + * <-------- ServerHello * - * Certificate* - * ServerKeyExchange* - * <-------- CertificateRequest* + * Certificate* + * ServerKeyExchange* + * <-------- CertificateRequest* * - * <-------- ServerHelloDone + * <-------- ServerHelloDone * Certificate* * ClientKeyExchange * CertificateVerify* * [ChangeCipherSpec] - * Finished --------> - * NewSessionTicket - * [ChangeCipherSpec] - * <-------- Finished + * Finished --------> + * NewSessionTicket + * [ChangeCipherSpec] + * <-------- Finished * * (*): means optional packet. */ /* Handshake when resumming session: - * Client Server + * Client Server * - * ClientHello --------> - * ServerHello - * [ChangeCipherSpec] - * <-------- Finished + * ClientHello --------> + * ServerHello + * [ChangeCipherSpec] + * <-------- Finished * [ChangeCipherSpec] - * Finished --------> + * Finished --------> * */ @@ -2570,7 +2570,7 @@ int gnutls_handshake(gnutls_session_t session) if (session->internals.handshake_timeout_ms && session->internals.handshake_endtime == 0) session->internals.handshake_endtime = session->internals.handshake_start_time.tv_sec + - session->internals.handshake_timeout_ms / 1000; + session->internals.handshake_timeout_ms / 1000; } if (session->internals.recv_state == RECV_STATE_FALSE_START) { @@ -2677,7 +2677,7 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms) session->internals.handshake_large_loops++; \ return ret; \ } \ - /* a warning alert might interrupt handshake */ \ + /* a warning alert might interrupt handshake */ \ if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \ gnutls_assert(); \ ERR( str, ret); \ diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 772bd36255..e4c3efd42c 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -476,8 +476,8 @@ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, gnutls_x509_crt_t crt, unsigned int flags); int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert, - gnutls_x509_crt_t *crt, unsigned *ncrt, - unsigned int flags); + gnutls_x509_crt_t *crt, unsigned *ncrt, + unsigned int flags); int gnutls_pcert_export_x509(gnutls_pcert_st * pcert, gnutls_x509_crt_t * crt); diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 3abc77e658..7cd92a2000 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -153,17 +153,17 @@ typedef int (*gnutls_cipher_auth_func) (void *ctx, const void *data, size_t data typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsize); typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx, - const void *nonce, size_t noncesize, - const void *auth, size_t authsize, - size_t tag_size, - const void *plain, size_t plainsize, - void *encr, size_t encrsize); + const void *nonce, size_t noncesize, + const void *auth, size_t authsize, + size_t tag_size, + const void *plain, size_t plainsize, + void *encr, size_t encrsize); typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx, - const void *nonce, size_t noncesize, - const void *auth, size_t authsize, - size_t tag_size, - const void *encr, size_t encrsize, - void *plain, size_t plainsize); + const void *nonce, size_t noncesize, + const void *auth, size_t authsize, + size_t tag_size, + const void *encr, size_t encrsize, + void *plain, size_t plainsize); typedef void (*gnutls_cipher_deinit_func) (void *ctx); int diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 20a13c9aca..c04e1597d0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1126,7 +1126,7 @@ typedef struct mbuffer_st *gnutls_packet_t; ssize_t gnutls_record_recv_packet(gnutls_session_t session, - gnutls_packet_t *packet); + gnutls_packet_t *packet); void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence); void gnutls_packet_deinit(gnutls_packet_t packet); diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 08f41890d2..7e95b0fd76 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -188,7 +188,7 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, unsigned gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, const char *hostname); unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, - const char *hostname, unsigned int flags); + const char *hostname, unsigned int flags); int gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, const char *email, unsigned int flags); @@ -39,15 +39,15 @@ unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size); inline static int safe_memcmp(const void *s1, const void *s2, size_t n) { - if (n == 0) - return 0; - return memcmp(s1, s2, n); + if (n == 0) + return 0; + return memcmp(s1, s2, n); } #define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \ - _gnutls_mpi_clear(*mpi); \ - _gnutls_mpi_release(mpi); \ - } + _gnutls_mpi_clear(*mpi); \ + _gnutls_mpi_release(mpi); \ + } #define zeroize_key(x, size) gnutls_memset(x, 0, size) diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c index 2cd9ac359a..9ac1131f5c 100644 --- a/lib/minitasn1/decoding.c +++ b/lib/minitasn1/decoding.c @@ -1141,8 +1141,8 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, if (result != ASN1_SUCCESS) { warn(); - goto cleanup; - } + goto cleanup; + } DECR_LEN(ider_len, len2); @@ -1186,15 +1186,15 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, dflags |= DECODE_FLAG_INDEFINITE; result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags); - if (result != ASN1_SUCCESS) + if (result != ASN1_SUCCESS) { warn(); goto cleanup; } - DECR_LEN(ider_len, ber_len); + DECR_LEN(ider_len, ber_len); - _asn1_set_value_lv (p, ptmp, vlen); + _asn1_set_value_lv (p, ptmp, vlen); counter += ber_len; free(ptmp); @@ -1434,8 +1434,8 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, if (result != ASN1_SUCCESS) { warn(); - goto cleanup; - } + goto cleanup; + } DECR_LEN(ider_len, len2); _asn1_set_value_lv (p, der + counter, len2); @@ -1470,7 +1470,7 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, if (p) { - p->end = counter - 1; + p->end = counter - 1; } if (p == node && move != DOWN) @@ -2250,8 +2250,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, if (p[0] == 0 && p[1] == 0) /* EOC */ { if (ber_len) *ber_len += 2; - break; - } + break; + } /* no EOC */ der_len += 2; diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c index b7a0905efb..3ae7740d1a 100644 --- a/lib/minitasn1/element.c +++ b/lib/minitasn1/element.c @@ -932,7 +932,7 @@ asn1_read_value_type (asn1_node root, const char *name, void *ivalue, { *len = 0; if (value) - value[0] = 0; + value[0] = 0; p = node->down; while (p) { diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h index 5c4340f133..9a41780204 100644 --- a/lib/minitasn1/libtasn1.h +++ b/lib/minitasn1/libtasn1.h @@ -377,7 +377,7 @@ extern "C" extern ASN1_API int asn1_get_object_id_der (const unsigned char *der, int der_len, int *ret_len, - char *str, int str_size); + char *str, int str_size); /* Compatibility types */ @@ -306,7 +306,7 @@ __gnutls_x509_read_int(ASN1_TYPE node, const char *value, result = _gnutls_mpi_init_scan(ret_mpi, tmpstr, tmpstr_size); if (overwrite) - zeroize_key(tmpstr, tmpstr_size); + zeroize_key(tmpstr, tmpstr_size); gnutls_free(tmpstr); if (result < 0) { diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index bf99985338..569047f1d3 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -100,21 +100,21 @@ struct nettle_cipher_ctx { static void _stream_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { ctx->cipher->encrypt_block(ctx->ctx_ptr, length, dst, src); } static void _stream_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { ctx->cipher->decrypt_block(ctx->ctx_ptr, length, dst, src); } static void _cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { cbc_encrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block, ctx->iv_size, ctx->iv, @@ -123,7 +123,7 @@ _cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, static void _cbc_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { cbc_decrypt(ctx->ctx_ptr, ctx->cipher->decrypt_block, ctx->iv_size, ctx->iv, @@ -160,11 +160,11 @@ _ccm_decrypt(struct nettle_cipher_ctx *ctx, static void _chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx, - size_t length, const uint8_t *nonce) + size_t length, const uint8_t *nonce) { chacha_poly1305_set_nonce(ctx, nonce); } - + struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1]; }; #define GCM_CTX_GET_KEY(ptr) (&((struct gcm_cast_st*)ptr)->key) #define GCM_CTX_GET_CTX(ptr) (&((struct gcm_cast_st*)ptr)->gcm) @@ -172,7 +172,7 @@ struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1] static void _gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { gcm_encrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr), GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block, @@ -181,7 +181,7 @@ _gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, static void _gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) + const uint8_t * src) { gcm_decrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr), GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block, @@ -620,7 +620,7 @@ wrap_nettle_cipher_aead_encrypt(void *_ctx, const void *auth, size_t auth_size, size_t tag_size, const void *plain, size_t plain_size, - void *encr, size_t encr_size) + void *encr, size_t encr_size) { struct nettle_cipher_ctx *ctx = _ctx; @@ -652,7 +652,7 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx, const void *nonce, size_t nonce_size, const void *auth, size_t auth_size, size_t tag_size, - const void *encr, size_t encr_size, + const void *encr, size_t encr_size, void *plain, size_t plain_size) { struct nettle_cipher_ctx *ctx = _ctx; diff --git a/lib/nettle/int/drbg-aes-self-test.c b/lib/nettle/int/drbg-aes-self-test.c index c4547a6665..a36aceba47 100644 --- a/lib/nettle/int/drbg-aes-self-test.c +++ b/lib/nettle/int/drbg-aes-self-test.c @@ -235,6 +235,6 @@ int drbg_aes_self_test(void) free(tmp); return 1; fail: - free(tmp); - return 0; + free(tmp); + return 0; } diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index b41ebfba8d..c50e7efc8d 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -22,7 +22,7 @@ */ /* This file contains the functions needed for RSA/DSA public key - * encryption and signatures. + * encryption and signatures. */ #include "gnutls_int.h" @@ -66,17 +66,17 @@ static void rnd_func(void *_ctx, size_t length, uint8_t * data) static void ecc_scalar_zclear (struct ecc_scalar *s) { - zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t)); - ecc_scalar_clear(s); + zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t)); + ecc_scalar_clear(s); } -static void +static void ecc_point_zclear (struct ecc_point *p) { - zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t)); - ecc_point_clear(p); + zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t)); + ecc_point_clear(p); } - + static void _dsa_params_get(const gnutls_pk_params_st * pk_params, struct dsa_params *pub) @@ -175,7 +175,7 @@ ecc_shared_secret(struct ecc_scalar *private_key, #define DH_EXPONENT_SIZE(p_size) (2*_gnutls_pk_bits_to_subgroup_bits(p_size)) /* This is used for DH or ECDH key derivation. In DH for example - * it is given the peers Y and our x, and calculates Y^x + * it is given the peers Y and our x, and calculates Y^x */ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * out, @@ -204,7 +204,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, goto dh_cleanup; } - /* check if f==0,1, or f >= p-1. + /* check if f==0,1, or f >= p-1. * or (ff=f+1) equivalently ff==1,2, ff >= p */ if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) || (_gnutls_mpi_cmp_ui(ff, 1) == 0) @@ -852,18 +852,14 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, if (params->seed_size) { ret = - _dsa_generate_dss_pqg(&pub, &cert, - index, - params->seed_size, params->seed, - NULL, NULL, - level, q_bits); + _dsa_generate_dss_pqg(&pub, &cert, + index, params->seed_size, params->seed, + NULL, NULL, level, q_bits); } else { ret = - dsa_generate_dss_pqg(&pub, &cert, - index, - NULL, rnd_func, - NULL, NULL, - level, q_bits); + dsa_generate_dss_pqg(&pub, &cert, + index, NULL, rnd_func, + NULL, NULL, level, q_bits); } if (ret != 1) { gnutls_assert(); @@ -1000,11 +996,11 @@ int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, ret = 0; goto cleanup; fail: - gnutls_free(pub_key->data); - gnutls_free(priv_key->data); + gnutls_free(pub_key->data); + gnutls_free(priv_key->data); cleanup: - gnutls_pk_params_clear(¶ms); - return ret; + gnutls_pk_params_clear(¶ms); + return ret; } /* Note that the value of Z will have the leading bytes stripped if they are zero - @@ -1052,9 +1048,9 @@ int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params, ret = 0; cleanup: - gnutls_pk_params_clear(&pub); - gnutls_pk_params_clear(&priv); - return ret; + gnutls_pk_params_clear(&pub); + gnutls_pk_params_clear(&priv); + return ret; } int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, @@ -1101,12 +1097,12 @@ int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, ret = 0; goto cleanup; fail: - gnutls_free(y->data); - gnutls_free(x->data); - gnutls_free(k->data); + gnutls_free(y->data); + gnutls_free(x->data); + gnutls_free(k->data); cleanup: - gnutls_pk_params_clear(¶ms); - return ret; + gnutls_pk_params_clear(¶ms); + return ret; } int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, @@ -1181,9 +1177,9 @@ int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, ret = 0; cleanup: - gnutls_pk_params_clear(&pub); - gnutls_pk_params_clear(&priv); - return ret; + gnutls_pk_params_clear(&pub); + gnutls_pk_params_clear(&priv); + return ret; } #endif @@ -1216,7 +1212,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, ret = dsa_generate_dss_keypair(&pub, y, x, - NULL, rnd_func, + NULL, rnd_func, NULL, NULL); if (ret != 1) { gnutls_assert(); @@ -1410,7 +1406,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, ecdsa_generate_keypair(&pub, &key, NULL, rnd_func); - ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y], + ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y], ¶ms->params[ECC_K], NULL); if (ret < 0) { gnutls_assert(); diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c index bfe93c5fbc..e2c945b5f1 100644 --- a/lib/opencdk/armor.c +++ b/lib/opencdk/armor.c @@ -304,7 +304,7 @@ static cdk_error_t armor_decode(void *data, FILE * in, FILE * out) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); ret = base64_decode_update(&ctx, &crcbuf_size, crcbuf, - len-1, (uint8_t*)buf+1); + len-1, (uint8_t*)buf+1); if (ret == 0) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); @@ -323,7 +323,7 @@ static cdk_error_t armor_decode(void *data, FILE * in, FILE * out) if ((ssize_t)raw_size < BASE64_DECODE_LENGTH(len)) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); ret = base64_decode_update(&ctx, &raw_size, raw, - len, (uint8_t*)buf); + len, (uint8_t*)buf); if (ret == 0) return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR); diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index d272886b68..a4e54926c7 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -50,9 +50,9 @@ struct stream_filter_s *filter_add(cdk_stream_t s, filter_fnct_t fnc, /* FIXME: The read/write/putc/getc function cannot directly - return an error code. It is stored in an error variable - inside the string. Right now there is no code to - return the error code or to reset it. */ + return an error code. It is stored in an error variable + inside the string. Right now there is no code to + return the error code or to reset it. */ /** * cdk_stream_open: diff --git a/lib/openpgp/openpgp.c b/lib/openpgp/openpgp.c index 68cf932d26..783f77af12 100644 --- a/lib/openpgp/openpgp.c +++ b/lib/openpgp/openpgp.c @@ -191,8 +191,8 @@ gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_openpgp_privkey_t *key) + unsigned index, + gnutls_openpgp_privkey_t *key) { if (index >= res->ncerts) { gnutls_assert(); @@ -230,9 +230,9 @@ gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_openpgp_crt(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_openpgp_crt_t **crt_list, - unsigned *crt_list_size) + unsigned index, + gnutls_openpgp_crt_t **crt_list, + unsigned *crt_list_size) { int ret; unsigned i; diff --git a/lib/pcert.c b/lib/pcert.c index 6127f182d5..3fdce92017 100644 --- a/lib/pcert.c +++ b/lib/pcert.c @@ -107,8 +107,8 @@ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, * Since: 3.4.0 **/ int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert, - gnutls_x509_crt_t *crt, unsigned *ncrt, - unsigned int flags) + gnutls_x509_crt_t *crt, unsigned *ncrt, + unsigned int flags) { int ret; unsigned i; @@ -145,10 +145,10 @@ int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert, return 0; cleanup: - for (i=0;i<current;i++) { - gnutls_pcert_deinit(&pcert[i]); - } - return ret; + for (i=0;i<current;i++) { + gnutls_pcert_deinit(&pcert[i]); + } + return ret; } @@ -422,7 +422,7 @@ int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert, * Since: 3.4.0 */ int gnutls_pcert_export_x509(gnutls_pcert_st * pcert, - gnutls_x509_crt_t * crt) + gnutls_x509_crt_t * crt) { int ret; @@ -464,7 +464,7 @@ int gnutls_pcert_export_x509(gnutls_pcert_st * pcert, * Since: 3.4.0 */ int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert, - gnutls_openpgp_crt_t * crt) + gnutls_openpgp_crt_t * crt) { int ret; @@ -101,7 +101,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, ret = 0; cleanup: - gnutls_free(tmp); + gnutls_free(tmp); asn1_delete_structure(&sig); return ret; } @@ -321,8 +321,8 @@ void gnutls_pk_params_clear(gnutls_pk_params_st * p) */ int encode_ber_digest_info(const mac_entry_st * e, - const gnutls_datum_t * digest, - gnutls_datum_t * output) + const gnutls_datum_t * digest, + gnutls_datum_t * output) { ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; int result; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index b54f532a8f..e1ea59ce33 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -52,7 +52,7 @@ struct gnutls_pkcs11_provider_st { struct ck_function_list *module; unsigned active; unsigned trusted; /* in the sense of p11-kit trusted: - * it can be used for verification */ + * it can be used for verification */ struct ck_info info; }; @@ -511,8 +511,8 @@ gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t obj, ret = 0; cleanup: - pkcs11_close_session(&sinfo); - return ret; + pkcs11_close_session(&sinfo); + return ret; } /** @@ -1341,14 +1341,12 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input, } if (info != NULL) { - if (!p11_kit_uri_match_token_info - (info, &l_tinfo) - || !p11_kit_uri_match_module_info(info, - &providers + if (!p11_kit_uri_match_token_info(info, &l_tinfo) || + !p11_kit_uri_match_module_info(info, &providers [x].info)) { continue; - } - } + } + } rv = (module)->C_OpenSession(slots[z], ((flags & SESSION_WRITE) ? CKF_RW_SESSION : 0) @@ -1772,7 +1770,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; a[0].type = CKA_UNWRAP; a[0].value = &b; @@ -1780,7 +1778,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP; a[0].type = CKA_PRIVATE; a[0].value = &b; @@ -1788,7 +1786,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; a[0].type = CKA_TRUSTED; a[0].value = &b; @@ -1796,7 +1794,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; a[0].type = CKA_SENSITIVE; a[0].value = &b; @@ -1804,7 +1802,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE; a[0].type = CKA_EXTRACTABLE; a[0].value = &b; @@ -1812,7 +1810,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE; a[0].type = CKA_NEVER_EXTRACTABLE; a[0].value = &b; @@ -1820,7 +1818,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE; a[0].type = CKA_CERTIFICATE_CATEGORY; a[0].value = &category; @@ -1828,7 +1826,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && category == 2) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA; a[0].type = CKA_ALWAYS_AUTHENTICATE; a[0].value = &b; @@ -1836,7 +1834,7 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1); if (rv == CKR_OK && b != 0) - pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH; + pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH; /* now recover the object label/id */ a[0].type = CKA_LABEL; @@ -1902,8 +1900,8 @@ pkcs11_import_object(ck_object_handle_t ctx, ck_object_class_t class, ret = 0; cleanup: - gnutls_free(data.data); - return ret; + gnutls_free(data.data); + return ret; } static int @@ -2059,8 +2057,8 @@ gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj, const char *url, static int find_token_num_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, - struct ck_token_info *tinfo, - struct ck_info *lib_info, void *input) + struct ck_token_info *tinfo, + struct ck_info *lib_info, void *input) { struct find_token_num *find_data = input; @@ -2860,8 +2858,8 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, while (pkcs11_find_objects (sinfo->module, sinfo->pks, ctx, OBJECTS_A_TIME, &count) == CKR_OK && count > 0) { - unsigned j; - gnutls_datum_t id; + unsigned j; + gnutls_datum_t id; find_data->p_list = gnutls_realloc_fast(find_data->p_list, (find_data->current+count)*sizeof(find_data->p_list[0])); if (find_data->p_list == NULL) { @@ -2869,7 +2867,7 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, goto fail; } - for (j=0;j<count;j++) { + for (j=0;j<count;j++) { a[0].type = CKA_ID; a[0].value = certid_tmp; a[0].value_len = sizeof certid_tmp; @@ -2905,8 +2903,8 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, /* not found */ continue; } - } - } + } + } ret = gnutls_pkcs11_obj_init(&find_data->p_list @@ -2926,7 +2924,7 @@ find_objs_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, } find_data->current++; - } + } } pkcs11_find_objects_final(sinfo); diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 5acba77f58..bb9b286b1c 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -47,18 +47,18 @@ int retries = 0; \ int rret; \ ret = find_object (&key->sinfo, &key->pin, &key->ref, key->uinfo, \ - SESSION_LOGIN); \ + SESSION_LOGIN); \ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { \ if (_gnutls_token_func) \ { \ rret = pkcs11_call_token_func (key->uinfo, retries++); \ if (rret == 0) continue; \ - } \ + } \ return gnutls_assert_val(ret); \ } else if (ret < 0) { \ - return gnutls_assert_val(ret); \ - } \ - break; \ + return gnutls_assert_val(ret); \ + } \ + break; \ } while (1); struct gnutls_pkcs11_privkey_st { @@ -85,7 +85,7 @@ struct gnutls_pkcs11_privkey_st { **/ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key) { - FAIL_IF_LIB_ERROR; + FAIL_IF_LIB_ERROR; *key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st)); if (*key == NULL) { @@ -273,7 +273,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, if (key->reauth) { ret = pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0, 1); + key->uinfo, 0, 1); if (ret < 0) { gnutls_assert(); _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); @@ -480,8 +480,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, p11_kit_uri_free(pkey->uinfo); pkey->uinfo = NULL; } - gnutls_free(pkey->url); - pkey->url = NULL; + gnutls_free(pkey->url); + pkey->url = NULL; return ret; } @@ -531,7 +531,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, if (key->reauth) { ret = pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0, 1); + key->uinfo, 0, 1); if (ret < 0) { gnutls_assert(); _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); @@ -1081,7 +1081,7 @@ static int load_pubkey_obj(gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t pub) ret = gnutls_pubkey_import_x509(pub, crt, 0); cleanup: - gnutls_x509_crt_deinit(crt); + gnutls_x509_crt_deinit(crt); return ret; } @@ -1173,8 +1173,8 @@ _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, **/ int gnutls_pkcs11_privkey_export_pubkey(gnutls_pkcs11_privkey_t pkey, - gnutls_x509_crt_fmt_t fmt, - gnutls_datum_t * data, + gnutls_x509_crt_fmt_t fmt, + gnutls_datum_t * data, unsigned int flags) { int ret; diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 5732a8e373..79c1f93c9e 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -162,12 +162,12 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, id_size = sizeof(id); ret = gnutls_x509_crt_get_subject_key_id(crt, id, &id_size, NULL); if (ret < 0) { - id_size = sizeof(id); + id_size = sizeof(id); ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size); if (ret < 0) { gnutls_assert(); goto cleanup; - } + } } a[1].value = id; @@ -494,7 +494,7 @@ gnutls_pkcs11_copy_pubkey(const char *token_url, ret = 0; cleanup: - clean_pubkey(a, a_val); + clean_pubkey(a, a_val); pkcs11_close_session(&sinfo); return ret; @@ -980,8 +980,8 @@ struct delete_data_st { static int delete_obj_url_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, - struct ck_token_info *tinfo, - struct ck_info *lib_info, void *input) + struct ck_token_info *tinfo, + struct ck_info *lib_info, void *input) { struct delete_data_st *find_data = input; struct ck_attribute a[4]; diff --git a/lib/pkcs11x.c b/lib/pkcs11x.c index eb7b9a0595..b12918a47a 100644 --- a/lib/pkcs11x.c +++ b/lib/pkcs11x.c @@ -149,12 +149,12 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t ret = 0; cleanup: - if (crt != NULL) - gnutls_x509_crt_deinit(crt); + if (crt != NULL) + gnutls_x509_crt_deinit(crt); if (finalize != 0) pkcs11_find_objects_final(sinfo); - gnutls_free(ext_data); - return ret; + gnutls_free(ext_data); + return ret; } @@ -225,7 +225,7 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, ret = 0; cleanup: - pkcs11_find_objects_final(sinfo); + pkcs11_find_objects_final(sinfo); return ret; } @@ -292,8 +292,8 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, ret = 0; cleanup: - if (deinit_spki) - gnutls_free(spki.data); + if (deinit_spki) + gnutls_free(spki.data); return ret; } @@ -127,9 +127,9 @@ P_hash(gnutls_mac_algorithm_t algorithm, */ static int _gnutls_PRF_raw(gnutls_mac_algorithm_t mac, - const uint8_t * secret, unsigned int secret_size, - const char *label, int label_size, const uint8_t * seed, - int seed_size, int total_bytes, void *ret) + const uint8_t * secret, unsigned int secret_size, + const char *label, int label_size, const uint8_t * seed, + int seed_size, int total_bytes, void *ret) { int l_s, s_seed_size; const uint8_t *s1, *s2; @@ -155,7 +155,7 @@ _gnutls_PRF_raw(gnutls_mac_algorithm_t mac, if (mac != GNUTLS_MAC_UNKNOWN) { result = P_hash(mac, secret, secret_size, - s_seed, s_seed_size, + s_seed, s_seed_size, total_bytes, ret); if (result < 0) { gnutls_assert(); @@ -230,10 +230,10 @@ _gnutls_PRF(gnutls_session_t session, #ifdef ENABLE_FIPS140 int _gnutls_prf_raw(gnutls_mac_algorithm_t mac, - size_t master_size, const void *master, - size_t label_size, const char *label, - size_t seed_size, const char *seed, size_t outsize, - char *out); + size_t master_size, const void *master, + size_t label_size, const char *label, + size_t seed_size, const char *seed, size_t outsize, + char *out); /*- * _gnutls_prf_raw: @@ -254,10 +254,10 @@ _gnutls_prf_raw(gnutls_mac_algorithm_t mac, -*/ int _gnutls_prf_raw(gnutls_mac_algorithm_t mac, - size_t master_size, const void *master, - size_t label_size, const char *label, - size_t seed_size, const char *seed, size_t outsize, - char *out) + size_t master_size, const void *master, + size_t label_size, const char *label, + size_t seed_size, const char *seed, size_t outsize, + char *out) { return _gnutls_PRF_raw(mac, master, master_size, diff --git a/lib/privkey.c b/lib/privkey.c index 4782454d07..030d72cb0c 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -495,7 +495,7 @@ int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, uns */ int gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey, - gnutls_pkcs11_privkey_t *key) + gnutls_pkcs11_privkey_t *key) { int ret; @@ -756,7 +756,7 @@ gnutls_privkey_import_x509(gnutls_privkey_t pkey, */ int gnutls_privkey_export_x509(gnutls_privkey_t pkey, - gnutls_x509_privkey_t *key) + gnutls_x509_privkey_t *key) { int ret; @@ -1011,7 +1011,7 @@ int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey, */ int gnutls_privkey_export_openpgp(gnutls_privkey_t pkey, - gnutls_openpgp_privkey_t *key) + gnutls_openpgp_privkey_t *key) { int ret; @@ -1383,7 +1383,7 @@ gnutls_privkey_import_url(gnutls_privkey_t key, const char *url, ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); cleanup: - return ret; + return ret; } /** diff --git a/lib/record.c b/lib/record.c index 746e7c2b8b..69cd6c2871 100644 --- a/lib/record.c +++ b/lib/record.c @@ -626,8 +626,7 @@ get_packet_from_buffers(gnutls_session_t session, content_type_t type, if (_gnutls_record_buffer_get_size(session) > 0) { int ret; ret = - _gnutls_record_buffer_get_packet(type, session, - packet); + _gnutls_record_buffer_get_packet(type, session, packet); if (ret < 0) { if (IS_DTLS(session)) { if (ret == GNUTLS_E_UNEXPECTED_PACKET) { @@ -1404,7 +1403,7 @@ check_session_status(gnutls_session_t session) * prior to anything else. */ if (session->security_parameters.entity == GNUTLS_CLIENT && (session->internals.flags & GNUTLS_ENABLE_FALSE_START)) { - /* Attempt to complete handshake */ + /* Attempt to complete handshake */ session->internals.recv_state = RECV_STATE_FALSE_START_HANDLING; ret = gnutls_handshake(session); @@ -1558,7 +1557,7 @@ gnutls_record_discard_queued(gnutls_session_t session) **/ ssize_t gnutls_record_recv_packet(gnutls_session_t session, - gnutls_packet_t *packet) + gnutls_packet_t *packet) { int ret; @@ -1574,7 +1573,7 @@ gnutls_record_recv_packet(gnutls_session_t session, return ret; ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, - session->internals.record_timeout_ms); + session->internals.record_timeout_ms); if (ret < 0 && ret != GNUTLS_E_SESSION_EOF) return gnutls_assert_val(ret); diff --git a/lib/session_pack.c b/lib/session_pack.c index 5833eb0eaf..39f0737042 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -274,7 +274,7 @@ _gnutls_session_unpack(gnutls_session_t session, /* Format: * 1 byte the credentials type * 4 bytes the size of the whole structure - * DH stuff + * DH stuff * 2 bytes the size of secret key in bits * 4 bytes the size of the prime * x bytes the prime @@ -282,12 +282,12 @@ _gnutls_session_unpack(gnutls_session_t session, * x bytes the generator * 4 bytes the size of the public key * x bytes the public key - * RSA stuff + * RSA stuff * 4 bytes the size of the modulus * x bytes the modulus * 4 bytes the size of the exponent * x bytes the exponent - * CERTIFICATES + * CERTIFICATES * 4 bytes the length of the certificate list * 4 bytes the size of first certificate * x bytes the certificate @@ -712,8 +712,8 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) * * 4 bytes the new record padding flag * 4 bytes the ECC curve - * ------------------- - * MAX: 169 bytes + * ------------------- + * MAX: 169 bytes * */ static int @@ -475,7 +475,7 @@ char *_gnutls_bin2hex(const void *_old, size_t oldlen, * @hex_size: size of hex data * @bin_data: output array with binary data * @bin_size: when calling should hold maximum size of @bin_data, - * on return will hold actual length of @bin_data. + * on return will hold actual length of @bin_data. * * Convert a buffer with hex data to binary data. This function * unlike gnutls_hex_decode() can parse hex data with separators @@ -129,93 +129,93 @@ int _gnutls_hostname_compare(const char *certname, size_t certnamesize, #define MAX_DN 1024 #define BUFFER_APPEND(b, x, s) { \ - ret = _gnutls_buffer_append_data(b, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data(b, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } /* append data prefixed with 4-bytes length field*/ #define BUFFER_APPEND_PFX4(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_PFX3(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_PFX2(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_PFX1(b, x, s) { \ - ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_APPEND_NUM(b, s) { \ - ret = _gnutls_buffer_append_prefix(b, 32, s); \ - if (ret < 0) { \ - gnutls_assert(); \ - return ret; \ - } \ + ret = _gnutls_buffer_append_prefix(b, 32, s); \ + if (ret < 0) { \ + gnutls_assert(); \ + return ret; \ + } \ } #define BUFFER_POP(b, x, s) { \ - size_t is = s; \ - _gnutls_buffer_pop_data(b, x, &is); \ - if (is != s) { \ - ret = GNUTLS_E_PARSING_ERROR; \ - gnutls_assert(); \ - goto error; \ - } \ + size_t is = s; \ + _gnutls_buffer_pop_data(b, x, &is); \ + if (is != s) { \ + ret = GNUTLS_E_PARSING_ERROR; \ + gnutls_assert(); \ + goto error; \ + } \ } #define BUFFER_POP_DATUM(b, o) { \ - gnutls_datum_t d; \ - ret = _gnutls_buffer_pop_datum_prefix(b, &d); \ - if (ret >= 0) \ - ret = _gnutls_set_datum (o, d.data, d.size); \ - if (ret < 0) { \ - gnutls_assert(); \ - goto error; \ - } \ + gnutls_datum_t d; \ + ret = _gnutls_buffer_pop_datum_prefix(b, &d); \ + if (ret >= 0) \ + ret = _gnutls_set_datum (o, d.data, d.size); \ + if (ret < 0) { \ + gnutls_assert(); \ + goto error; \ + } \ } #define BUFFER_POP_NUM(b, o) { \ - size_t s; \ - ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ - if (ret < 0) { \ - gnutls_assert(); \ - goto error; \ - } \ - o = s; \ + size_t s; \ + ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ + if (ret < 0) { \ + gnutls_assert(); \ + goto error; \ + } \ + o = s; \ } #define BUFFER_POP_CAST_NUM(b, o) { \ - size_t s; \ - ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ - if (ret < 0) { \ - gnutls_assert(); \ - goto error; \ - } \ - o = (void *) (intptr_t)(s); \ + size_t s; \ + ret = _gnutls_buffer_pop_prefix(b, &s, 0); \ + if (ret < 0) { \ + gnutls_assert(); \ + goto error; \ + } \ + o = (void *) (intptr_t)(s); \ } #endif diff --git a/lib/supplemental.c b/lib/supplemental.c index 4e2df85abd..6ab5b42978 100644 --- a/lib/supplemental.c +++ b/lib/supplemental.c @@ -267,7 +267,7 @@ _gnutls_supplemental_register(gnutls_supplemental_entry *entry) **/ int gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_type_t type, - gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func) + gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func) { gnutls_supplemental_entry tmp_entry; int ret; diff --git a/lib/system-keys.h b/lib/system-keys.h index b5969c3b51..bc755e4c5b 100644 --- a/lib/system-keys.h +++ b/lib/system-keys.h @@ -32,7 +32,7 @@ _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url); int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, - const char *url); + const char *url); void _gnutls_system_key_deinit(void); int _gnutls_system_key_init(void); diff --git a/lib/system/inet_ntop.c b/lib/system/inet_ntop.c index 69920cd772..87760ebf11 100644 --- a/lib/system/inet_ntop.c +++ b/lib/system/inet_ntop.c @@ -79,7 +79,7 @@ static const char *inet_ntop6 (const unsigned char *src, char *dst, unsigned siz */ const char * inet_ntop (int af, const void *restrict src, - char *restrict dst, unsigned cnt) + char *restrict dst, unsigned cnt) { switch (af) { @@ -171,26 +171,26 @@ inet_ntop6 (const unsigned char *src, char *dst, unsigned size) for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) { if (words[i] == 0) - { - if (cur.base == -1) - cur.base = i, cur.len = 1; - else - cur.len++; - } + { + if (cur.base == -1) + cur.base = i, cur.len = 1; + else + cur.len++; + } else - { - if (cur.base != -1) - { - if (best.base == -1 || cur.len > best.len) - best = cur; - cur.base = -1; - } - } + { + if (cur.base != -1) + { + if (best.base == -1 || cur.len > best.len) + best = cur; + cur.base = -1; + } + } } if (cur.base != -1) { if (best.base == -1 || cur.len > best.len) - best = cur; + best = cur; } if (best.base != -1 && best.len < 2) best.base = -1; @@ -203,28 +203,28 @@ inet_ntop6 (const unsigned char *src, char *dst, unsigned size) { /* Are we inside the best run of 0x00's? */ if (best.base != -1 && i >= best.base && i < (best.base + best.len)) - { - if (i == best.base) - *tp++ = ':'; - continue; - } + { + if (i == best.base) + *tp++ = ':'; + continue; + } /* Are we following an initial run of 0x00s or any real hex? */ if (i != 0) - *tp++ = ':'; + *tp++ = ':'; /* Is this address an encapsulated IPv4? */ if (i == 6 && best.base == 0 && - (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) - { - if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp))) - return (NULL); - tp += strlen (tp); - break; - } + (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) + { + if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp))) + return (NULL); + tp += strlen (tp); + break; + } { - int len = sprintf (tp, "%x", words[i]); - if (len < 0) - return NULL; - tp += len; + int len = sprintf (tp, "%x", words[i]); + if (len < 0) + return NULL; + tp += len; } } /* Was it a trailing run of 0x00's? */ diff --git a/lib/system/keys-dummy.c b/lib/system/keys-dummy.c index 269af8038c..31acb4eccf 100644 --- a/lib/system/keys-dummy.c +++ b/lib/system/keys-dummy.c @@ -35,12 +35,12 @@ void gnutls_system_key_iter_deinit(gnutls_system_key_iter_t iter) int gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter, - unsigned cert_type, - char **cert_url, - char **key_url, - char **label, - gnutls_datum_t *der, - unsigned int flags) + unsigned cert_type, + char **cert_url, + char **key_url, + char **label, + gnutls_datum_t *der, + unsigned int flags) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } @@ -58,7 +58,7 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, - const char *url) + const char *url) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c index 1f5ffad4a2..0df8540aa5 100644 --- a/lib/system/keys-win.c +++ b/lib/system/keys-win.c @@ -26,7 +26,6 @@ #define _WIN32_WINNT 0x600 #endif - #include "gnutls_int.h" #include "errors.h" #include <gnutls/gnutls.h> @@ -39,7 +38,7 @@ #include <urls.h> #if !defined(_WIN32) -# error should not be included +#error should not be included #endif #include <wincrypt.h> @@ -51,22 +50,22 @@ // MinGW headers may not have these defines #ifndef NCRYPT_SHA1_ALGORITHM -#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM +#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM #endif #ifndef NCRYPT_SHA256_ALGORITHM -#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM +#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM #endif #ifndef NCRYPT_SHA384_ALGORITHM -#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM +#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM #endif #ifndef NCRYPT_SHA512_ALGORITHM -#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM +#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM #endif #ifndef NCRYPT_PAD_PKCS1_FLAG #define NCRYPT_PAD_PKCS1_FLAG 2 #endif #ifndef NCRYPT_ALGORITHM_PROPERTY -#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name" +#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name" #endif #ifndef CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID #define CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID 99 @@ -83,49 +82,62 @@ struct system_key_iter_st { }; typedef struct priv_st { - DWORD dwKeySpec; /* CAPI key */ - HCRYPTPROV hCryptProv; /* CAPI keystore*/ - NCRYPT_KEY_HANDLE nc; /* CNG Keystore*/ + DWORD dwKeySpec; /* CAPI key */ + HCRYPTPROV hCryptProv; /* CAPI keystore */ + NCRYPT_KEY_HANDLE nc; /* CNG Keystore */ gnutls_pk_algorithm_t pk; gnutls_sign_algorithm_t sign_algo; } priv_st; - -typedef SECURITY_STATUS (WINAPI *NCryptDeleteKeyFunc)( - NCRYPT_KEY_HANDLE hKey,DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptOpenStorageProviderFunc)( - NCRYPT_PROV_HANDLE *phProvider, LPCWSTR pszProviderName, - DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptOpenKeyFunc)( - NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey, - LPCWSTR pszKeyName, DWORD dwLegacyKeySpec, - DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptGetPropertyFunc)( - NCRYPT_HANDLE hObject, LPCWSTR pszProperty, - PBYTE pbOutput, DWORD cbOutput, - DWORD *pcbResult, DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptFreeObjectFunc)( - NCRYPT_HANDLE hObject); - -typedef SECURITY_STATUS (WINAPI *NCryptDecryptFunc)( - NCRYPT_KEY_HANDLE hKey, PBYTE pbInput, - DWORD cbInput, VOID *pPaddingInfo, - PBYTE pbOutput, DWORD cbOutput, - DWORD *pcbResult, DWORD dwFlags); - -typedef SECURITY_STATUS (WINAPI *NCryptSignHashFunc)( - NCRYPT_KEY_HANDLE hKey, VOID* pPaddingInfo, - PBYTE pbHashValue, DWORD cbHashValue, - PBYTE pbSignature, DWORD cbSignature, - DWORD* pcbResult, DWORD dwFlags); - -static int StrCmpW(const WCHAR *str1, const WCHAR *str2 ) +typedef SECURITY_STATUS(WINAPI * NCryptDeleteKeyFunc) (NCRYPT_KEY_HANDLE hKey, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * + NCryptOpenStorageProviderFunc) (NCRYPT_PROV_HANDLE * + phProvider, + LPCWSTR pszProviderName, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * + NCryptOpenKeyFunc) (NCRYPT_PROV_HANDLE hProvider, + NCRYPT_KEY_HANDLE * phKey, + LPCWSTR pszKeyName, + DWORD dwLegacyKeySpec, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * NCryptGetPropertyFunc) (NCRYPT_HANDLE hObject, + LPCWSTR pszProperty, + PBYTE pbOutput, + DWORD cbOutput, + DWORD * pcbResult, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * NCryptFreeObjectFunc) (NCRYPT_HANDLE hObject); + +typedef SECURITY_STATUS(WINAPI * NCryptDecryptFunc) (NCRYPT_KEY_HANDLE hKey, + PBYTE pbInput, + DWORD cbInput, + VOID * pPaddingInfo, + PBYTE pbOutput, + DWORD cbOutput, + DWORD * pcbResult, + DWORD dwFlags); + +typedef SECURITY_STATUS(WINAPI * NCryptSignHashFunc) (NCRYPT_KEY_HANDLE hKey, + VOID * pPaddingInfo, + PBYTE pbHashValue, + DWORD cbHashValue, + PBYTE pbSignature, + DWORD cbSignature, + DWORD * pcbResult, + DWORD dwFlags); + +static int StrCmpW(const WCHAR * str1, const WCHAR * str2) { - while (*str1 && (*str1 == *str2)) { str1++; str2++; } + while (*str1 && (*str1 == *str2)) { + str1++; + str2++; + } return *str1 - *str2; } @@ -154,7 +166,7 @@ static HMODULE ncrypt_lib; #define WIN_URL_SIZE 11 static int -get_id(const char *url, uint8_t *bin, size_t *bin_size, unsigned cert) +get_id(const char *url, uint8_t * bin, size_t * bin_size, unsigned cert) { int ret; unsigned url_size = strlen(url); @@ -162,10 +174,12 @@ get_id(const char *url, uint8_t *bin, size_t *bin_size, unsigned cert) gnutls_datum_t tmp; if (cert != 0) { - if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) + if (url_size < sizeof(WIN_URL) + || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } else { - if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) + if (url_size < sizeof(WIN_URL) + || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } @@ -198,7 +212,7 @@ void *memrev(unsigned char *pvData, DWORD cbData) char t; DWORD i; - for (i = 0; i < cbData / 2; i++){ + for (i = 0; i < cbData / 2; i++) { t = pvData[i]; pvData[i] = pvData[cbData - 1 - i]; pvData[cbData - 1 - i] = t; @@ -208,17 +222,16 @@ void *memrev(unsigned char *pvData, DWORD cbData) static int capi_sign(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *raw_data, - gnutls_datum_t *signature) + const gnutls_datum_t * raw_data, gnutls_datum_t * signature) { - priv_st *priv = (priv_st*)userdata; - ALG_ID Algid; + priv_st *priv = (priv_st *) userdata; + ALG_ID Algid; HCRYPTHASH hHash = NULL; uint8_t digest[MAX_HASH_SIZE]; unsigned int digest_size; gnutls_digest_algorithm_t algo; DWORD size1 = 0, sizesize = sizeof(DWORD); - DWORD ret_sig = 0; + DWORD ret_sig = 0; int ret; signature->data = NULL; @@ -226,51 +239,78 @@ int capi_sign(gnutls_privkey_t key, void *userdata, digest_size = raw_data->size; - switch (digest_size) { - case 16: Algid = CALG_MD5; break; - //case 35: size=20; // DigestInfo SHA1 - case 20: Algid = CALG_SHA1; break; - //case 51: size=32; // DigestInto SHA-256 - case 32: Algid = CALG_SHA_256; break; - case 36: Algid = CALG_SSL3_SHAMD5; break; - case 48: Algid = CALG_SHA_384; break; - case 64: Algid = CALG_SHA_512; break; - default: - digest_size = sizeof(digest); - ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size); - if (ret < 0) - return gnutls_assert_val(ret); + switch (digest_size) { + case 16: + Algid = CALG_MD5; + break; + //case 35: size=20; // DigestInfo SHA1 + case 20: + Algid = CALG_SHA1; + break; + //case 51: size=32; // DigestInto SHA-256 + case 32: + Algid = CALG_SHA_256; + break; + case 36: + Algid = CALG_SSL3_SHAMD5; + break; + case 48: + Algid = CALG_SHA_384; + break; + case 64: + Algid = CALG_SHA_512; + break; + default: + digest_size = sizeof(digest); + ret = + decode_ber_digest_info(raw_data, &algo, digest, + &digest_size); + if (ret < 0) + return gnutls_assert_val(ret); - switch (algo) { - case GNUTLS_DIG_SHA1: Algid = CALG_SHA1; break; + switch (algo) { + case GNUTLS_DIG_SHA1: + Algid = CALG_SHA1; + break; #ifdef NCRYPT_SHA224_ALGORITHM - case GNUTLS_DIG_SHA224: Algid = CALG_SHA_224; break; + case GNUTLS_DIG_SHA224: + Algid = CALG_SHA_224; + break; #endif - case GNUTLS_DIG_SHA256: Algid = CALG_SHA_256; break; - case GNUTLS_DIG_SHA384: Algid = CALG_SHA_384; break; - case GNUTLS_DIG_SHA512: Algid = CALG_SHA_512; break; - default: - return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); - } + case GNUTLS_DIG_SHA256: + Algid = CALG_SHA_256; + break; + case GNUTLS_DIG_SHA384: + Algid = CALG_SHA_384; + break; + case GNUTLS_DIG_SHA512: + Algid = CALG_SHA_512; + break; + default: + return + gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); + } } if (!CryptCreateHash(priv->hCryptProv, Algid, 0, 0, &hHash)) { gnutls_assert(); - _gnutls_debug_log("error in create hash: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in create hash: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } if (!CryptSetHashParam(hHash, HP_HASHVAL, digest, 0)) { gnutls_assert(); - _gnutls_debug_log("error in set hash val: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in set hash val: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } - - if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&size1, &sizesize, 0) || - digest_size != size1) { + if (!CryptGetHashParam + (hHash, HP_HASHSIZE, (BYTE *) & size1, &sizesize, 0) + || digest_size != size1) { gnutls_assert(); _gnutls_debug_log("error in hash size: %d\n", (int)size1); ret = GNUTLS_E_PK_SIGN_FAILED; @@ -279,20 +319,23 @@ int capi_sign(gnutls_privkey_t key, void *userdata, if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, NULL, &ret_sig)) { gnutls_assert(); - _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in pre-signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } signature->size = ret_sig; - signature->data = (unsigned char*)gnutls_malloc(signature->size); + signature->data = (unsigned char *)gnutls_malloc(signature->size); if (signature->data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) { + if (!CryptSignHash + (hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) { gnutls_assert(); - _gnutls_debug_log("error in signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } @@ -303,7 +346,7 @@ int capi_sign(gnutls_privkey_t key, void *userdata, signature->size = ret_sig; return 0; -fail: + fail: if (hHash != 0) CryptDestroyHash(hHash); gnutls_free(signature->data); @@ -312,10 +355,9 @@ fail: static int capi_decrypt(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *ciphertext, - gnutls_datum_t *plaintext) + const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext) { - priv_st *priv = (priv_st*)userdata; + priv_st *priv = (priv_st *) userdata; DWORD size = 0; int ret; @@ -327,22 +369,23 @@ int capi_decrypt(gnutls_privkey_t key, void *userdata, } plaintext->size = size = ciphertext->size; - plaintext->data = (unsigned char*)gnutls_malloc(plaintext->size); + plaintext->data = (unsigned char *)gnutls_malloc(plaintext->size); if (plaintext->data == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } memcpy(plaintext->data, ciphertext->data, size); - if (0 == CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data, &size)) - { + if (0 == + CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data, + &size)) { gnutls_assert(); ret = GNUTLS_E_PK_DECRYPTION_FAILED; goto fail; } return 0; -fail: + fail: gnutls_free(plaintext->data); return ret; } @@ -350,14 +393,14 @@ fail: static void capi_deinit(gnutls_privkey_t key, void *userdata) { - priv_st *priv = (priv_st*)userdata; + priv_st *priv = (priv_st *) userdata; CryptReleaseContext(priv->hCryptProv, 0); gnutls_free(priv); } static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata) { - priv_st *priv = (priv_st*)userdata; + priv_st *priv = (priv_st *) userdata; if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO) return priv->pk; @@ -368,8 +411,7 @@ static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata) static int cng_sign(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *raw_data, - gnutls_datum_t *signature) + const gnutls_datum_t * raw_data, gnutls_datum_t * signature) { priv_st *priv = userdata; BCRYPT_PKCS1_PADDING_INFO _info; @@ -377,7 +419,7 @@ int cng_sign(gnutls_privkey_t key, void *userdata, DWORD ret_sig = 0; int ret; DWORD flags = 0; - gnutls_datum_t data = {raw_data->data, raw_data->size}; + gnutls_datum_t data = { raw_data->data, raw_data->size }; uint8_t digest[MAX_HASH_SIZE]; unsigned int digest_size; gnutls_digest_algorithm_t algo; @@ -391,34 +433,38 @@ int cng_sign(gnutls_privkey_t key, void *userdata, flags = BCRYPT_PAD_PKCS1; info = &_info; - if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */ + if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */ _info.pszAlgId = NULL; } else { digest_size = sizeof(digest); - ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size); + ret = + decode_ber_digest_info(raw_data, &algo, digest, + &digest_size); if (ret < 0) return gnutls_assert_val(ret); - switch(algo) { - case GNUTLS_DIG_SHA1: - _info.pszAlgId = NCRYPT_SHA1_ALGORITHM; - break; + switch (algo) { + case GNUTLS_DIG_SHA1: + _info.pszAlgId = NCRYPT_SHA1_ALGORITHM; + break; #ifdef NCRYPT_SHA224_ALGORITHM - case GNUTLS_DIG_SHA224: - _info.pszAlgId = NCRYPT_SHA224_ALGORITHM; - break; + case GNUTLS_DIG_SHA224: + _info.pszAlgId = NCRYPT_SHA224_ALGORITHM; + break; #endif - case GNUTLS_DIG_SHA256: - _info.pszAlgId = NCRYPT_SHA256_ALGORITHM; - break; - case GNUTLS_DIG_SHA384: - _info.pszAlgId = NCRYPT_SHA384_ALGORITHM; - break; - case GNUTLS_DIG_SHA512: - _info.pszAlgId = NCRYPT_SHA512_ALGORITHM; - break; - default: - return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); + case GNUTLS_DIG_SHA256: + _info.pszAlgId = NCRYPT_SHA256_ALGORITHM; + break; + case GNUTLS_DIG_SHA384: + _info.pszAlgId = NCRYPT_SHA384_ALGORITHM; + break; + case GNUTLS_DIG_SHA512: + _info.pszAlgId = NCRYPT_SHA512_ALGORITHM; + break; + default: + return + gnutls_assert_val + (GNUTLS_E_UNKNOWN_HASH_ALGORITHM); } data.data = digest; data.size = digest_size; @@ -429,7 +475,8 @@ int cng_sign(gnutls_privkey_t key, void *userdata, NULL, 0, &ret_sig, flags); if (FAILED(r)) { gnutls_assert(); - _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in pre-signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } @@ -440,11 +487,11 @@ int cng_sign(gnutls_privkey_t key, void *userdata, return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); r = pNCryptSignHash(priv->nc, info, data.data, data.size, - signature->data, signature->size, - &ret_sig, flags); + signature->data, signature->size, &ret_sig, flags); if (FAILED(r)) { gnutls_assert(); - _gnutls_debug_log("error in signing: %d\n", (int)GetLastError()); + _gnutls_debug_log("error in signing: %d\n", + (int)GetLastError()); ret = GNUTLS_E_PK_SIGN_FAILED; goto fail; } @@ -459,8 +506,7 @@ int cng_sign(gnutls_privkey_t key, void *userdata, static int cng_decrypt(gnutls_privkey_t key, void *userdata, - const gnutls_datum_t *ciphertext, - gnutls_datum_t *plaintext) + const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext) { priv_st *priv = userdata; SECURITY_STATUS r; @@ -475,7 +521,7 @@ int cng_decrypt(gnutls_privkey_t key, void *userdata, } r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size, - NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG); + NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG); if (FAILED(r)) { gnutls_assert(); return GNUTLS_E_PK_DECRYPTION_FAILED; @@ -489,8 +535,8 @@ int cng_decrypt(gnutls_privkey_t key, void *userdata, } r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size, - NULL, plaintext->data, plaintext->size, - &ret_dec, NCRYPT_PAD_PKCS1_FLAG); + NULL, plaintext->data, plaintext->size, + &ret_dec, NCRYPT_PAD_PKCS1_FLAG); if (FAILED(r)) { gnutls_assert(); ret = GNUTLS_E_PK_DECRYPTION_FAILED; @@ -537,9 +583,7 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata) * Since: 3.4.0 * -*/ -int -_gnutls_privkey_import_system_url(gnutls_privkey_t pkey, - const char *url) +int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) { uint8_t id[MAX_WID_SIZE]; HCERTSTORE store = NULL; @@ -556,8 +600,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, WCHAR algo_str[64]; DWORD algo_str_size = 0; priv_st *priv; - DWORD i,dwErrCode = 0; - + DWORD i, dwErrCode = 0; if (ncrypt_init == 0) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -585,17 +628,16 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, } cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_KEY_IDENTIFIER, - &blob, - NULL); + X509_ASN_ENCODING, + 0, + CERT_FIND_KEY_IDENTIFIER, + &blob, NULL); if (cert == NULL) { char buf[64]; _gnutls_debug_log("cannot find ID: %s from %s\n", - _gnutls_bin2hex(id, id_size, - buf, sizeof(buf), NULL), url); + _gnutls_bin2hex(id, id_size, + buf, sizeof(buf), NULL), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -605,7 +647,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, NULL, &kpi_size); if (r == 0) { _gnutls_debug_log("error in getting context: %d from %s\n", - (int)GetLastError(), url); + (int)GetLastError(), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -621,26 +663,29 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, kpi, &kpi_size); if (r == 0) { _gnutls_debug_log("error in getting context: %d from %s\n", - (int)GetLastError(), url); + (int)GetLastError(), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0); - if (!FAILED(r)) /* if this works carry on with CNG*/ - { + if (!FAILED(r)) { /* if this works carry on with CNG */ r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0); if (FAILED(r)) { - ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY, - (BYTE*)algo_str, sizeof(algo_str), - &algo_str_size, 0); + (BYTE *) algo_str, sizeof(algo_str), + &algo_str_size, 0); if (FAILED(r)) { - ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -661,36 +706,39 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, priv->pk = GNUTLS_PK_EC; priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512; } else { - _gnutls_debug_log("unknown key algorithm: %ls\n", algo_str); + _gnutls_debug_log("unknown key algorithm: %ls\n", + algo_str); ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); goto cleanup; } priv->nc = nc; ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign, - (enc_too!=0)?cng_decrypt:NULL, - cng_deinit, - cng_info, 0); + (enc_too != + 0) ? cng_decrypt : NULL, + cng_deinit, cng_info, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { - /* this should be CAPI*/ - _gnutls_debug_log("error in opening CNG keystore: %x from %ls\n", - (int) r, kpi->pwszProvName); + /* this should be CAPI */ + _gnutls_debug_log + ("error in opening CNG keystore: %x from %ls\n", (int)r, + kpi->pwszProvName); if (CryptAcquireContextW(&hCryptProv, - kpi->pwszContainerName, - kpi->pwszProvName, - kpi->dwProvType, - kpi->dwFlags)) { + kpi->pwszContainerName, + kpi->pwszProvName, + kpi->dwProvType, kpi->dwFlags)) { for (i = 0; i < kpi->cProvParam; i++) if (!CryptSetProvParam(hCryptProv, - kpi->rgProvParam[i].dwParam, - kpi->rgProvParam[i].pbData, - kpi->rgProvParam[i].dwFlags)) - { + kpi->rgProvParam[i]. + dwParam, + kpi->rgProvParam[i]. + pbData, + kpi->rgProvParam[i]. + dwFlags)) { dwErrCode = GetLastError(); break; }; @@ -699,45 +747,59 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, } if (ERROR_SUCCESS != dwErrCode) { - _gnutls_debug_log("error in getting cryptprov: %d from %s\n", - (int)GetLastError(), url); - ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + _gnutls_debug_log + ("error in getting cryptprov: %d from %s\n", + (int)GetLastError(), url); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } { BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2]; - PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *)buf; + PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf; DWORD len = sizeof(buf); - if (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_FIRST)) { + if (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_FIRST)) { DWORD hash = 0; do { switch (pAlgo->aiAlgid) { - case CALG_RSA_SIGN: - priv->pk = GNUTLS_PK_RSA; - enc_too = 1; - break; - case CALG_DSS_SIGN: - priv->pk = priv->pk == GNUTLS_PK_RSA ? GNUTLS_PK_RSA : GNUTLS_PK_DSA; - break; - case CALG_SHA1: - hash = 1; - break; - case CALG_SHA_256: - hash = 256; - break; - default: - break; + case CALG_RSA_SIGN: + priv->pk = GNUTLS_PK_RSA; + enc_too = 1; + break; + case CALG_DSS_SIGN: + priv->pk = + priv->pk == + GNUTLS_PK_RSA ? + GNUTLS_PK_RSA : + GNUTLS_PK_DSA; + break; + case CALG_SHA1: + hash = 1; + break; + case CALG_SHA_256: + hash = 256; + break; + default: + break; } - len = sizeof(buf); // reset the buffer size - } while (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_NEXT)); + len = sizeof(buf); // reset the buffer size + } while (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_NEXT)); if (priv->pk == GNUTLS_PK_DSA) priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; else - priv->sign_algo = (hash > 1) ? GNUTLS_SIGN_RSA_SHA256 : GNUTLS_SIGN_RSA_SHA1; + priv->sign_algo = + (hash > + 1) ? GNUTLS_SIGN_RSA_SHA256 : + GNUTLS_SIGN_RSA_SHA1; } } @@ -745,9 +807,9 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, priv->dwKeySpec = kpi->dwKeySpec; ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign, - (enc_too != 0) ? capi_decrypt : NULL, - capi_deinit, - capi_info, 0); + (enc_too != + 0) ? capi_decrypt : NULL, + capi_deinit, capi_info, 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -774,8 +836,7 @@ _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, return ret; } -int -_gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) +int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) { uint8_t id[MAX_WID_SIZE]; HCERTSTORE store = NULL; @@ -804,18 +865,16 @@ _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) } cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_KEY_IDENTIFIER, - &blob, - NULL); + X509_ASN_ENCODING, + 0, + CERT_FIND_KEY_IDENTIFIER, + &blob, NULL); if (cert == NULL) { char buf[64]; _gnutls_debug_log("cannot find ID: %s from %s\n", - _gnutls_bin2hex(id, id_size, - buf, sizeof(buf), NULL), - url); + _gnutls_bin2hex(id, id_size, + buf, sizeof(buf), NULL), url); ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -856,15 +915,15 @@ void gnutls_system_key_iter_deinit(gnutls_system_key_iter_t iter) } static -int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, - char **label, gnutls_datum_t *der) +int get_win_urls(const CERT_CONTEXT * cert, char **cert_url, char **key_url, + char **label, gnutls_datum_t * der) { BOOL r; int ret; DWORD tl_size; - gnutls_datum_t tmp_label = {NULL, 0}; - char name[MAX_CN*2]; - char hex[MAX_WID_SIZE*2+1]; + gnutls_datum_t tmp_label = { NULL, 0 }; + char name[MAX_CN * 2]; + char hex[MAX_WID_SIZE * 2 + 1]; gnutls_buffer_st str; #ifdef WORDS_BIGENDIAN const unsigned bigendian = 1; @@ -892,18 +951,18 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, if (cert_url) *cert_url = NULL; - tl_size = sizeof(name); r = CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, name, &tl_size); - if (r != 0) { /* optional */ - ret = _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian); + if (r != 0) { /* optional */ + ret = + _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian); if (ret < 0) { gnutls_assert(); goto fail; } if (label) - *label = (char*)tmp_label.data; + *label = (char *)tmp_label.data; } tl_size = sizeof(name); @@ -920,7 +979,8 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, goto fail; } - ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=cert", hex); + ret = + _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=cert", hex); if (ret < 0) { gnutls_assert(); goto fail; @@ -933,7 +993,9 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, goto fail; } - ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " "); + ret = + _gnutls_buffer_append_escape(&str, tmp_label.data, + tmp_label.size, " "); if (ret < 0) { gnutls_assert(); goto fail; @@ -947,10 +1009,12 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, } if (cert_url) - *cert_url = (char*)str.data; + *cert_url = (char *)str.data; _gnutls_buffer_init(&str); - ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=privkey", hex); + ret = + _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=privkey", + hex); if (ret < 0) { gnutls_assert(); goto fail; @@ -963,7 +1027,9 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, goto fail; } - ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " "); + ret = + _gnutls_buffer_append_escape(&str, tmp_label.data, + tmp_label.size, " "); if (ret < 0) { gnutls_assert(); goto fail; @@ -977,24 +1043,24 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, } if (key_url) - *key_url = (char*)str.data; + *key_url = (char *)str.data; _gnutls_buffer_init(&str); ret = 0; goto cleanup; fail: - if (der) - gnutls_free(der->data); - if (cert_url) - gnutls_free(*cert_url); - if (key_url) - gnutls_free(*key_url); - if (label) - gnutls_free(*label); + if (der) + gnutls_free(der->data); + if (cert_url) + gnutls_free(*cert_url); + if (key_url) + gnutls_free(*key_url); + if (label) + gnutls_free(*label); cleanup: - _gnutls_buffer_clear(&str); - return ret; + _gnutls_buffer_clear(&str); + return ret; } /** @@ -1022,13 +1088,12 @@ int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url, * Since: 3.4.0 **/ int -gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter, - unsigned cert_type, - char **cert_url, - char **key_url, - char **label, - gnutls_datum_t *der, - unsigned int flags) +gnutls_system_key_iter_get_info(gnutls_system_key_iter_t * iter, + unsigned cert_type, + char **cert_url, + char **key_url, + char **label, + gnutls_datum_t * der, unsigned int flags) { if (ncrypt_init == 0) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -1044,18 +1109,26 @@ gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter, if ((*iter)->store == NULL) { gnutls_free(*iter); *iter = NULL; - return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); } - (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, NULL); + (*iter)->cert = + CertEnumCertificatesInStore((*iter)->store, NULL); - return get_win_urls((*iter)->cert, cert_url, key_url, label, der); + return get_win_urls((*iter)->cert, cert_url, key_url, label, + der); } else { if ((*iter)->cert == NULL) - return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, (*iter)->cert); - return get_win_urls((*iter)->cert, cert_url, key_url, label, der); + (*iter)->cert = + CertEnumCertificatesInStore((*iter)->store, (*iter)->cert); + return get_win_urls((*iter)->cert, cert_url, key_url, label, + der); } } @@ -1109,16 +1182,17 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url) if (store != NULL) { do { cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_KEY_IDENTIFIER, - &blob, - cert); + X509_ASN_ENCODING, + 0, + CERT_FIND_KEY_IDENTIFIER, + &blob, cert); if (cert && key_url) { nc_size = sizeof(nc); - r = CertGetCertificateContextProperty(cert, CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID, - &nc, &nc_size); + r = CertGetCertificateContextProperty(cert, + CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID, + &nc, + &nc_size); if (r != 0) { pNCryptDeleteKey(nc, 0); pNCryptFreeObject(nc); @@ -1129,7 +1203,7 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url) if (cert && cert_url) CertDeleteCertificateFromStore(cert); - } while(cert != NULL); + } while (cert != NULL); CertCloseStore(store, 0); } @@ -1152,12 +1226,13 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url) * * Since: 3.4.0 **/ -int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t privkey, - const char *label, char **cert_url, char **key_url) +int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, + gnutls_x509_privkey_t privkey, const char *label, + char **cert_url, char **key_url) { HCERTSTORE store = NULL; CRYPT_DATA_BLOB pfx; - gnutls_datum_t _pfx = {NULL, 0}; + gnutls_datum_t _pfx = { NULL, 0 }; gnutls_pkcs12_t p12 = NULL; gnutls_pkcs12_bag_t bag1 = NULL, bag2 = NULL; uint8_t id[MAX_WID_SIZE]; @@ -1273,7 +1348,9 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv goto cleanup; } - ret = gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size, sha); + ret = + gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size, + sha); gnutls_free(data.data); if (ret < 0) { gnutls_assert(); @@ -1284,11 +1361,10 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv blob.pbData = sha; cert = CertFindCertificateInStore(store, - X509_ASN_ENCODING, - 0, - CERT_FIND_SHA1_HASH, - &blob, - NULL); + X509_ASN_ENCODING, + 0, + CERT_FIND_SHA1_HASH, + &blob, NULL); if (cert == NULL) { gnutls_assert(); @@ -1306,13 +1382,13 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv ret = 0; cleanup: - if (p12 != NULL) - gnutls_pkcs12_deinit(p12); - if (bag1 != NULL) - gnutls_pkcs12_bag_deinit(bag1); - if (bag2 != NULL) - gnutls_pkcs12_bag_deinit(bag2); - if (store != NULL) + if (p12 != NULL) + gnutls_pkcs12_deinit(p12); + if (bag1 != NULL) + gnutls_pkcs12_bag_deinit(bag1); + if (bag2 != NULL) + gnutls_pkcs12_bag_deinit(bag2); + if (store != NULL) CertCloseStore(store, 0); gnutls_free(_pfx.data); return ret; @@ -1328,43 +1404,53 @@ int _gnutls_system_key_init(void) return gnutls_assert_val(GNUTLS_E_CRYPTO_INIT_FAILED); } - pNCryptDeleteKey = (NCryptDeleteKeyFunc)GetProcAddress(ncrypt_lib, "NCryptDeleteKey"); + pNCryptDeleteKey = + (NCryptDeleteKeyFunc) GetProcAddress(ncrypt_lib, "NCryptDeleteKey"); if (pNCryptDeleteKey == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptOpenStorageProvider = (NCryptOpenStorageProviderFunc)GetProcAddress(ncrypt_lib, "NCryptOpenStorageProvider"); + pNCryptOpenStorageProvider = + (NCryptOpenStorageProviderFunc) GetProcAddress(ncrypt_lib, + "NCryptOpenStorageProvider"); if (pNCryptOpenStorageProvider == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptOpenKey = (NCryptOpenKeyFunc)GetProcAddress(ncrypt_lib, "NCryptOpenKey"); + pNCryptOpenKey = + (NCryptOpenKeyFunc) GetProcAddress(ncrypt_lib, "NCryptOpenKey"); if (pNCryptOpenKey == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptGetProperty = (NCryptGetPropertyFunc)GetProcAddress(ncrypt_lib, "NCryptGetProperty"); + pNCryptGetProperty = + (NCryptGetPropertyFunc) GetProcAddress(ncrypt_lib, + "NCryptGetProperty"); if (pNCryptGetProperty == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptFreeObject = (NCryptFreeObjectFunc)GetProcAddress(ncrypt_lib, "NCryptFreeObject"); + pNCryptFreeObject = + (NCryptFreeObjectFunc) GetProcAddress(ncrypt_lib, + "NCryptFreeObject"); if (pNCryptFreeObject == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptDecrypt = (NCryptDecryptFunc)GetProcAddress(ncrypt_lib, "NCryptDecrypt"); + pNCryptDecrypt = + (NCryptDecryptFunc) GetProcAddress(ncrypt_lib, "NCryptDecrypt"); if (pNCryptDecrypt == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } - pNCryptSignHash = (NCryptSignHashFunc)GetProcAddress(ncrypt_lib, "NCryptSignHash"); + pNCryptSignHash = + (NCryptSignHashFunc) GetProcAddress(ncrypt_lib, "NCryptSignHash"); if (pNCryptSignHash == NULL) { ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index b81d255183..788ca9ac80 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -211,7 +211,7 @@ static int parse_commitment_line(char *line, /* hash and hex encode */ ret = _gnutls_hash_fast((gnutls_digest_algorithm_t)hash_algo->id, - skey->data, skey->size, phash); + skey->data, skey->size, phash); if (ret < 0) return gnutls_assert_val(ret); @@ -728,8 +728,8 @@ int gnutls_tdb_init(gnutls_tdb_t * tdb) * trust storage structure. The function is of the following form. * * int gnutls_tdb_store_func(const char* db_name, const char* host, - * const char* service, time_t expiration, - * const gnutls_datum_t* pubkey); + * const char* service, time_t expiration, + * const gnutls_datum_t* pubkey); * * The @db_name should be used to pass any private data to this function. * @@ -749,8 +749,8 @@ void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, * trust storage structure. The function is of the following form. * * int gnutls_tdb_store_commitment_func(const char* db_name, const char* host, - * const char* service, time_t expiration, - * gnutls_digest_algorithm_t, const gnutls_datum_t* hash); + * const char* service, time_t expiration, + * gnutls_digest_algorithm_t, const gnutls_datum_t* hash); * * The @db_name should be used to pass any private data to this function. * @@ -771,7 +771,7 @@ void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb, * trust storage structure. The function is of the following form. * * int gnutls_tdb_verify_func(const char* db_name, const char* host, - * const char* service, const gnutls_datum_t* pubkey); + * const char* service, const gnutls_datum_t* pubkey); * * The verify function should return zero on a match, %GNUTLS_E_CERTIFICATE_KEY_MISMATCH * if there is a mismatch and any other negative error code otherwise. diff --git a/lib/x509.c b/lib/x509.c index e6d58de15b..07508258de 100644 --- a/lib/x509.c +++ b/lib/x509.c @@ -364,8 +364,8 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, } ret = - check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers, - cand_issuers_size, &resp, &ocsp_status); + check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers, + cand_issuers_size, &resp, &ocsp_status); if (ret < 0) { CLEAR_CERTS; @@ -820,11 +820,11 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url) /* Try to load the whole certificate chain from the PKCS #11 token */ for (i=0;i<MAX_PKCS11_CERT_CHAIN;i++) { - ret = gnutls_x509_crt_check_issuer(crt, crt); - if (i > 0 && ret != 0) { - /* self signed */ - break; - } + ret = gnutls_x509_crt_check_issuer(crt, crt); + if (i > 0 && ret != 0) { + /* self signed */ + break; + } ret = gnutls_pcert_import_x509(&ccert[i], crt, 0); if (ret < 0) { @@ -1149,8 +1149,8 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, } ret = - gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size, - GNUTLS_X509_CRT_LIST_SORT); + gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size, + GNUTLS_X509_CRT_LIST_SORT); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1174,7 +1174,7 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, return 0; cleanup: - gnutls_free(pcerts); + gnutls_free(pcerts); _gnutls_str_array_clear(&names); return ret; } @@ -1203,8 +1203,8 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_x509_privkey_t *key) + unsigned index, + gnutls_x509_privkey_t *key) { if (index >= res->ncerts) { gnutls_assert(); @@ -1242,9 +1242,9 @@ gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, */ int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, - unsigned index, - gnutls_x509_crt_t **crt_list, - unsigned *crt_list_size) + unsigned index, + gnutls_x509_crt_t **crt_list, + unsigned *crt_list_size) { int ret; unsigned i; @@ -1433,7 +1433,7 @@ gnutls_certificate_set_trust_list(gnutls_certificate_credentials_t res, **/ void gnutls_certificate_get_trust_list(gnutls_certificate_credentials_t res, - gnutls_x509_trust_list_t *tlist) + gnutls_x509_trust_list_t *tlist) { *tlist = res->tlist; } diff --git a/lib/x509.h b/lib/x509.h index bc11f7b93f..8048416691 100644 --- a/lib/x509.h +++ b/lib/x509.h @@ -25,7 +25,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session, gnutls_typed_vdata_st * data, - unsigned int elements, + unsigned int elements, unsigned int *status); #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" diff --git a/lib/x509/common.c b/lib/x509/common.c index dab7fbb582..6d72338d42 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1624,7 +1624,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, unsigned _gnutls_check_valid_key_id(gnutls_datum_t *key_id, - gnutls_x509_crt_t cert, time_t now) + gnutls_x509_crt_t cert, time_t now) { uint8_t id[MAX_KEY_ID_SIZE]; size_t id_size; diff --git a/lib/x509/common.h b/lib/x509/common.h index b2413c4511..6716939255 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -241,7 +241,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t * rpubkey); int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, - gnutls_datum_t * rpubkey); + gnutls_datum_t * rpubkey); typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t); diff --git a/lib/x509/crl.c b/lib/x509/crl.c index ebda949fde..5f0abe301e 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -651,8 +651,8 @@ void gnutls_x509_crl_iter_deinit(gnutls_x509_crl_iter_t iter) int gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, gnutls_x509_crl_iter_t *iter, - unsigned char *serial, - size_t * serial_size, time_t * t) + unsigned char *serial, + size_t * serial_size, time_t * t) { int result, _serial_size; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 51c0e17969..6a9cccaa5e 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -1690,7 +1690,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, ret = 0; cleanup: asn1_delete_structure(&c2); - gnutls_free(extensions); + gnutls_free(extensions); return ret; } diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c index 1b0da2e3df..e6a3b1773c 100644 --- a/lib/x509/email-verify.c +++ b/lib/x509/email-verify.c @@ -159,8 +159,8 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, */ ret = 0; cleanup: - if (a_email != email) { - idn_free(a_email); + if (a_email != email) { + idn_free(a_email); } - return ret; + return ret; } diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 8a92849db9..751c2986e6 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -904,6 +904,6 @@ _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, ret = 0; cleanup: - gnutls_x509_aki_deinit(aki); - return ret; + gnutls_x509_aki_deinit(aki); + return ret; } diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c index 06a8d42c05..fcbb987e64 100644 --- a/lib/x509/hostname-verify.c +++ b/lib/x509/hostname-verify.c @@ -118,7 +118,7 @@ static int has_embedded_null(const char *str, unsigned size) **/ unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, - const char *hostname, unsigned int flags) + const char *hostname, unsigned int flags) { char dnsname[MAX_CN]; size_t dnsnamesize; @@ -262,8 +262,8 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, */ ret = 0; cleanup: - if (a_hostname != hostname) { - idn_free(a_hostname); + if (a_hostname != hostname) { + idn_free(a_hostname); } - return ret; + return ret; } diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c index 1021a37914..dc8351f6fe 100644 --- a/lib/x509/krb5.c +++ b/lib/x509/krb5.c @@ -41,19 +41,19 @@ typedef struct krb5_principal_data { extern const asn1_static_node krb5_asn1_tab[]; -static void cleanup_principal(krb5_principal_data *princ) +static void cleanup_principal(krb5_principal_data * princ) { - unsigned i; - if (princ) { - gnutls_free(princ->realm); - for (i=0;i<princ->length;i++) - gnutls_free(princ->data[i]); + unsigned i; + if (princ) { + gnutls_free(princ->realm); + for (i = 0; i < princ->length; i++) + gnutls_free(princ->data[i]); memset(princ, 0, sizeof(*princ)); gnutls_free(princ); - } + } } -static krb5_principal_data* name_to_principal(const char *_name) +static krb5_principal_data *name_to_principal(const char *_name) { krb5_principal_data *princ; char *p, *p2, *sp; @@ -78,7 +78,7 @@ static krb5_principal_data* name_to_principal(const char *_name) goto fail; } - princ->realm = gnutls_strdup(p+1); + princ->realm = gnutls_strdup(p + 1); if (princ->realm == NULL) { gnutls_assert(); goto fail; @@ -87,9 +87,11 @@ static krb5_principal_data* name_to_principal(const char *_name) if (p == p2) { p = strtok_r(name, "/", &sp); - while(p) { + while (p) { if (pos == MAX_COMPONENTS) { - _gnutls_debug_log("%s: Cannot parse names with more than %d components\n", __func__, MAX_COMPONENTS); + _gnutls_debug_log + ("%s: Cannot parse names with more than %d components\n", + __func__, MAX_COMPONENTS); goto fail; } @@ -105,12 +107,13 @@ static krb5_principal_data* name_to_principal(const char *_name) p = strtok_r(NULL, "/", &sp); } - if ((princ->length == 2) && (strcmp (princ->data[0], "krbtgt") == 0)) { - princ->type = 2; /* KRB_NT_SRV_INST */ + if ((princ->length == 2) + && (strcmp(princ->data[0], "krbtgt") == 0)) { + princ->type = 2; /* KRB_NT_SRV_INST */ } else { - princ->type = 1; /* KRB_NT_PRINCIPAL */ + princ->type = 1; /* KRB_NT_PRINCIPAL */ } - } else { /* enterprise */ + } else { /* enterprise */ princ->data[0] = gnutls_strdup(name); if (princ->data[0] == NULL) { gnutls_assert(); @@ -118,13 +121,13 @@ static krb5_principal_data* name_to_principal(const char *_name) } princ->length++; - princ->type = 10; /* KRB_NT_ENTERPRISE */ + princ->type = 10; /* KRB_NT_ENTERPRISE */ } goto cleanup; fail: - cleanup_principal(princ); - princ = NULL; + cleanup_principal(princ); + princ = NULL; cleanup: gnutls_free(name); @@ -135,7 +138,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) { int ret, result; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - krb5_principal_data * princ; + krb5_principal_data *princ; unsigned i; princ = name_to_principal(name); @@ -145,7 +148,9 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) goto cleanup; } - result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2); + result = + asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.KRB5PrincipalName", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -161,8 +166,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) } result = - asn1_write_value(c2, "principalName.name-type", &princ->type, - 1); + asn1_write_value(c2, "principalName.name-type", &princ->type, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -171,8 +175,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) for (i = 0; i < princ->length; i++) { result = - asn1_write_value(c2, "principalName.name-string", - "NEW", 1); + asn1_write_value(c2, "principalName.name-string", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -203,10 +206,10 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) return ret; } -static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) +static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st * str) { - gnutls_datum_t realm = {NULL, 0}; - gnutls_datum_t component = {NULL, 0}; + gnutls_datum_t realm = { NULL, 0 }; + gnutls_datum_t component = { NULL, 0 }; unsigned char name_type[2]; int ret, result, len; unsigned i; @@ -219,29 +222,33 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) } len = sizeof(name_type); - result = asn1_read_value(c2, "principalName.name-type", name_type, &len); + result = + asn1_read_value(c2, "principalName.name-type", name_type, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - if (len != 1 || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) { + if (len != 1 + || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) { ret = GNUTLS_E_INVALID_REQUEST; goto cleanup; } - for (i=0;;i++) { - snprintf(val, sizeof(val), "principalName.name-string.?%u", i+1); + for (i = 0;; i++) { + snprintf(val, sizeof(val), "principalName.name-string.?%u", + i + 1); ret = _gnutls_x509_read_value(c2, val, &component); - if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) + if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND + || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) break; if (ret < 0) { gnutls_assert(); goto cleanup; } - if (i>0) { + if (i > 0) { ret = _gnutls_buffer_append_data(str, "/", 1); if (ret < 0) { gnutls_assert(); @@ -249,7 +256,9 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) } } - ret = _gnutls_buffer_append_data(str, component.data, component.size); + ret = + _gnutls_buffer_append_data(str, component.data, + component.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -273,11 +282,12 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str) ret = 0; cleanup: _gnutls_free_datum(&component); - gnutls_free(realm.data); - return ret; + gnutls_free(realm.data); + return ret; } -int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *name) +int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, + gnutls_datum_t * name) { int ret, result; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -285,7 +295,9 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na _gnutls_buffer_init(&str); - result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2); + result = + asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.KRB5PrincipalName", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -318,7 +330,7 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na return _gnutls_buffer_to_datum(&str, name, 1); cleanup: - _gnutls_buffer_clear(&str); + _gnutls_buffer_clear(&str); asn1_delete_structure(&c2); return ret; } diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index 776e209825..98c0f0297d 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -40,8 +40,8 @@ // for documentation see the implementation static int name_constraints_intersect_nodes(name_constraints_node_st * nc1, - name_constraints_node_st * nc2, - name_constraints_node_st ** intersection); + name_constraints_node_st * nc2, + name_constraints_node_st ** intersection); /*- * is_nc_empty: @@ -92,7 +92,7 @@ static unsigned is_nc_empty(struct gnutls_name_constraints_st* nc, unsigned type * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. -*/ static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t* name) + const gnutls_datum_t* name) { if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME && type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI && @@ -209,8 +209,8 @@ void _gnutls_name_constraints_node_free(name_constraints_node_st *node) * Returns: Pointer to newly allocated node or NULL in case of memory error. -*/ static name_constraints_node_st* name_constraints_node_new(unsigned type, - unsigned char *data, - unsigned int size) + unsigned char *data, + unsigned int size) { name_constraints_node_st *tmp = gnutls_malloc(sizeof(struct name_constraints_node_st)); if (tmp == NULL) @@ -250,8 +250,8 @@ static name_constraints_node_st* name_constraints_node_new(unsigned type, -*/ static int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, - name_constraints_node_st * _nc2, - name_constraints_node_st ** _nc_excluded) + name_constraints_node_st * _nc2, + name_constraints_node_st ** _nc_excluded) { name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL, *prev = NULL; int ret, type, used; @@ -335,7 +335,7 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, } // if the node from nc2 was not used for intersection, copy it to DEST // Beware: also copies nodes other than DNS, email, IP, - // since their counterpart may have been moved in phase 1. + // since their counterpart may have been moved in phase 1. if (!used) { tmp = name_constraints_node_new(nc2->type, nc2->name.data, nc2->name.size); if (tmp == NULL) { @@ -451,9 +451,9 @@ static int _gnutls_name_constraints_append(name_constraints_node_st **_nc, * Since: 3.3.0 **/ int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt, - gnutls_x509_name_constraints_t nc, - unsigned int flags, - unsigned int *critical) + gnutls_x509_name_constraints_t nc, + unsigned int flags, + unsigned int *critical) { int ret; gnutls_datum_t der = { NULL, 0 }; @@ -526,9 +526,9 @@ int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc) static int name_constraints_add(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name, - unsigned permitted) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name, + unsigned permitted) { struct name_constraints_node_st * tmp, *prev = NULL; int ret; @@ -581,7 +581,7 @@ int name_constraints_add(gnutls_x509_name_constraints_t nc, * Since: 3.5.0 -*/ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc, - gnutls_x509_name_constraints_t nc2) + gnutls_x509_name_constraints_t nc2) { int ret; @@ -621,8 +621,8 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc, * Since: 3.3.0 **/ int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name) { return name_constraints_add(nc, type, name, 1); } @@ -645,8 +645,8 @@ int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc * Since: 3.3.0 **/ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name) { return name_constraints_add(nc, type, name, 0); } @@ -666,8 +666,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc, * Since: 3.3.0 **/ int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt, - gnutls_x509_name_constraints_t nc, - unsigned int critical) + gnutls_x509_name_constraints_t nc, + unsigned int critical) { int ret; gnutls_datum_t der; @@ -760,7 +760,7 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t * * @nc1: name constraints node 1 * @nc2: name constraints node 2 * @_intersection: newly allocated node with intersected constraints, - * NULL if the intersection is empty + * NULL if the intersection is empty * * Inspect 2 name constraints nodes (of possibly different types) and allocate * a new node with intersection of given constraints. @@ -769,8 +769,8 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t * -*/ static int name_constraints_intersect_nodes(name_constraints_node_st * nc1, - name_constraints_node_st * nc2, - name_constraints_node_st ** _intersection) + name_constraints_node_st * nc2, + name_constraints_node_st ** _intersection) { // presume empty intersection name_constraints_node_st *intersection = NULL; @@ -1029,8 +1029,8 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, * Since: 3.3.0 **/ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t * name) { if (type == GNUTLS_SAN_DNSNAME) return check_dns_constraints(nc, name); @@ -1049,8 +1049,8 @@ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc, * is present in the CA, _and_ the name in the end certificate contains * the constrained element. */ static int check_unsupported_constraint2(gnutls_x509_crt_t cert, - gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type) + gnutls_x509_name_constraints_t nc, + gnutls_x509_subject_alt_name_t type) { unsigned idx, found_one; char name[MAX_CN]; @@ -1102,8 +1102,8 @@ static int check_unsupported_constraint2(gnutls_x509_crt_t cert, * Since: 3.3.0 **/ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - gnutls_x509_crt_t cert) + gnutls_x509_subject_alt_name_t type, + gnutls_x509_crt_t cert) { char name[MAX_CN]; size_t name_size; @@ -1212,7 +1212,7 @@ unsigned found_one; /* ensure there is only a single CN, according to rfc6125 */ name_size = sizeof(name); ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, - 1, 0, name, &name_size); + 1, 0, name, &name_size); if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) return gnutls_assert_val(0); @@ -1300,8 +1300,8 @@ unsigned found_one; * Since: 3.3.0 **/ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc, - unsigned idx, - unsigned *type, gnutls_datum_t * name) + unsigned idx, + unsigned *type, gnutls_datum_t * name) { unsigned int i; struct name_constraints_node_st * tmp = nc->permitted; @@ -1344,8 +1344,8 @@ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc * Since: 3.3.0 **/ int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc, - unsigned idx, - unsigned *type, gnutls_datum_t * name) + unsigned idx, + unsigned *type, gnutls_datum_t * name) { unsigned int i; struct name_constraints_node_st * tmp = nc->excluded; diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 597827a58e..eb41fcb295 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -406,11 +406,11 @@ int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req) * corresponds to the CertID structure: * * <informalexample><programlisting> - * CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key - * serialNumber CertificateSerialNumber } + * CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key + * serialNumber CertificateSerialNumber } * </programlisting></informalexample> * * Each of the pointers to output variables may be NULL to indicate @@ -522,11 +522,11 @@ gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req, * The information needed corresponds to the CertID structure: * * <informalexample><programlisting> - * CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key - * serialNumber CertificateSerialNumber } + * CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key + * serialNumber CertificateSerialNumber } * </programlisting></informalexample> * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a diff --git a/lib/x509/output.c b/lib/x509/output.c index 917cad0e5b..8f8521285b 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -580,7 +580,7 @@ static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t *der) print_name(str, "\t\t\t", type, &dist, 0); } cleanup: - gnutls_x509_crl_dist_points_deinit(dp); + gnutls_x509_crl_dist_points_deinit(dp); } static void diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 765d982440..9b280ba857 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1403,9 +1403,9 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, * @chain: the corresponding to key certificate chain (may be %NULL) * @chain_len: will be updated with the number of additional (may be %NULL) * @extra_certs: optional pointer to receive an array of additional - * certificates found in the PKCS12 structure (may be %NULL). + * certificates found in the PKCS12 structure (may be %NULL). * @extra_certs_len: will be updated with the number of additional - * certs (may be %NULL). + * certs (may be %NULL). * @crl: an optional structure to store the parsed CRL (may be %NULL). * @flags: should be zero or one of GNUTLS_PKCS12_SP_* * diff --git a/lib/x509/pkcs7-attrs.c b/lib/x509/pkcs7-attrs.c index 9bfbe2f329..c948bca224 100644 --- a/lib/x509/pkcs7-attrs.c +++ b/lib/x509/pkcs7-attrs.c @@ -51,7 +51,8 @@ * Since: 3.4.2 **/ int -gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_t *data, unsigned flags) +gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid, + gnutls_datum_t * data, unsigned flags) { int ret; gnutls_pkcs7_attrs_st *r; @@ -62,7 +63,8 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_ if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) { ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, - data->data, data->size, &r->data); + data->data, data->size, + &r->data); } else { ret = _gnutls_set_datum(&r->data, data->data, data->size); } @@ -78,12 +80,12 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_ return 0; fail: - if (r) { - gnutls_free(r->data.data); - gnutls_free(r); + if (r) { + gnutls_free(r->data.data); + gnutls_free(r); } - gnutls_pkcs7_attrs_deinit(*list); - return GNUTLS_E_MEMORY_ERROR; + gnutls_pkcs7_attrs_deinit(*list); + return GNUTLS_E_MEMORY_ERROR; } @@ -106,13 +108,14 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_ * Since: 3.4.2 **/ int -gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutls_datum_t *data, unsigned flags) +gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, + gnutls_datum_t * data, unsigned flags) { unsigned i; gnutls_pkcs7_attrs_st *p = list; int ret; - for (i=0;i<idx;i++) { + for (i = 0; i < idx; i++) { p = p->next; if (p == NULL) break; @@ -125,7 +128,8 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) { ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - p->data.data, p->data.size, data, 1); + p->data.data, p->data.size, + data, 1); } else { ret = _gnutls_set_datum(data, p->data.data, p->data.size); } @@ -143,12 +147,11 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl * * Since: 3.4.2 **/ -void -gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list) +void gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list) { gnutls_pkcs7_attrs_st *r = list, *next; - while(r) { + while (r) { next = r->next; gnutls_free(r->data.data); diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index a4bb551662..7f67376ce0 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -53,107 +53,97 @@ #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1" #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6" -static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = -{ +static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = { { - .schema = PBES1_DES_MD5, - .name = "PBES1-DES-CBC-MD5", - .flag = GNUTLS_PKCS_PBES1_DES_MD5, - .cipher = GNUTLS_CIPHER_DES_CBC, - .pbes2 = 0, - .cipher_oid = PBES1_DES_MD5_OID, - .write_oid = PBES1_DES_MD5_OID, - .desc = NULL, - .decrypt_only = 1 - }, + .schema = PBES1_DES_MD5, + .name = "PBES1-DES-CBC-MD5", + .flag = GNUTLS_PKCS_PBES1_DES_MD5, + .cipher = GNUTLS_CIPHER_DES_CBC, + .pbes2 = 0, + .cipher_oid = PBES1_DES_MD5_OID, + .write_oid = PBES1_DES_MD5_OID, + .desc = NULL, + .decrypt_only = 1}, { - .schema = PBES2_3DES, - .name = "PBES2-3DES-CBC", - .flag = GNUTLS_PKCS_PBES2_3DES, - .cipher = GNUTLS_CIPHER_3DES_CBC, - .pbes2 = 1, - .cipher_oid = DES_EDE3_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_3DES, + .name = "PBES2-3DES-CBC", + .flag = GNUTLS_PKCS_PBES2_3DES, + .cipher = GNUTLS_CIPHER_3DES_CBC, + .pbes2 = 1, + .cipher_oid = DES_EDE3_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_DES, - .name = "PBES2-DES-CBC", - .flag = GNUTLS_PKCS_PBES2_DES, - .cipher = GNUTLS_CIPHER_DES_CBC, - .pbes2 = 1, - .cipher_oid = DES_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-des-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_DES, + .name = "PBES2-DES-CBC", + .flag = GNUTLS_PKCS_PBES2_DES, + .cipher = GNUTLS_CIPHER_DES_CBC, + .pbes2 = 1, + .cipher_oid = DES_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-des-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_AES_128, - .name = "PBES2-AES128-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_128, - .cipher = GNUTLS_CIPHER_AES_128_CBC, - .pbes2 = 1, - .cipher_oid = AES_128_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes128-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_AES_128, + .name = "PBES2-AES128-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_128, + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .pbes2 = 1, + .cipher_oid = AES_128_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes128-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_AES_192, - .name = "PBES2-AES192-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_192, - .cipher = GNUTLS_CIPHER_AES_192_CBC, - .pbes2 = 1, - .cipher_oid = AES_192_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes192-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_AES_192, + .name = "PBES2-AES192-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_192, + .cipher = GNUTLS_CIPHER_AES_192_CBC, + .pbes2 = 1, + .cipher_oid = AES_192_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes192-CBC-params", + .decrypt_only = 0}, { - .schema = PBES2_AES_256, - .name = "PBES2-AES256-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_256, - .cipher = GNUTLS_CIPHER_AES_256_CBC, - .pbes2 = 1, - .cipher_oid = AES_256_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes256-CBC-params", - .decrypt_only = 0 - }, + .schema = PBES2_AES_256, + .name = "PBES2-AES256-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_256, + .cipher = GNUTLS_CIPHER_AES_256_CBC, + .pbes2 = 1, + .cipher_oid = AES_256_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes256-CBC-params", + .decrypt_only = 0}, { - .schema = PKCS12_ARCFOUR_SHA1, - .name = "PKCS12-ARCFOUR-SHA1", - .flag = GNUTLS_PKCS_PKCS12_ARCFOUR, - .cipher = GNUTLS_CIPHER_ARCFOUR, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, - .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, - .desc = NULL, - .decrypt_only = 0 - }, + .schema = PKCS12_ARCFOUR_SHA1, + .name = "PKCS12-ARCFOUR-SHA1", + .flag = GNUTLS_PKCS_PKCS12_ARCFOUR, + .cipher = GNUTLS_CIPHER_ARCFOUR, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, + .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, + .desc = NULL, + .decrypt_only = 0}, { - .schema = PKCS12_RC2_40_SHA1, - .name = "PKCS12-RC2-40-SHA1", - .flag = GNUTLS_PKCS_PKCS12_RC2_40, - .cipher = GNUTLS_CIPHER_RC2_40_CBC, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID, - .write_oid = PKCS12_PBE_RC2_40_SHA1_OID, - .desc = NULL, - .decrypt_only = 0 - }, + .schema = PKCS12_RC2_40_SHA1, + .name = "PKCS12-RC2-40-SHA1", + .flag = GNUTLS_PKCS_PKCS12_RC2_40, + .cipher = GNUTLS_CIPHER_RC2_40_CBC, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID, + .write_oid = PKCS12_PBE_RC2_40_SHA1_OID, + .desc = NULL, + .decrypt_only = 0}, { - .schema = PKCS12_3DES_SHA1, - .name = "PKCS12-3DES-SHA1", - .flag = GNUTLS_PKCS_PKCS12_3DES, - .cipher = GNUTLS_CIPHER_3DES_CBC, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_3DES_SHA1_OID, - .write_oid = PKCS12_PBE_3DES_SHA1_OID, - .desc = NULL, - .decrypt_only = 0 - }, + .schema = PKCS12_3DES_SHA1, + .name = "PKCS12-3DES-SHA1", + .flag = GNUTLS_PKCS_PKCS12_3DES, + .cipher = GNUTLS_CIPHER_3DES_CBC, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_3DES_SHA1_OID, + .write_oid = PKCS12_PBE_3DES_SHA1_OID, + .desc = NULL, + .decrypt_only = 0}, {0, 0, 0, 0, 0} }; @@ -167,12 +157,13 @@ static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = int _gnutls_pkcs_flags_to_schema(unsigned int flags) { - PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;); + PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema; + ); gnutls_assert(); _gnutls_debug_log ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", - flags); + flags); return PKCS12_3DES_SHA1; } @@ -189,11 +180,11 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags) */ const char *gnutls_pkcs_schema_get_name(unsigned int schema) { - PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;); + PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name; + ); return NULL; } - /** * gnutls_pkcs_schema_get_oid: * @schema: Holds the PKCS #12 or PBES2 schema (%gnutls_pkcs_encrypt_flags_t) @@ -207,16 +198,17 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema) */ const char *gnutls_pkcs_schema_get_oid(unsigned int schema) { - PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;); + PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid; + ); return NULL; } -static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned cipher) +static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned + cipher) { - PBES2_SCHEMA_LOOP( - if (_p->cipher == cipher && _p->pbes2 != 0) { - return _p; - }); + PBES2_SCHEMA_LOOP(if (_p->cipher == cipher && _p->pbes2 != 0) { + return _p;} + ) ; gnutls_assert(); return NULL; @@ -227,9 +219,11 @@ static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned int _gnutls_check_pkcs_cipher_schema(const char *oid) { if (strcmp(oid, PBES2_OID) == 0) - return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */ + return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */ - PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {return _p->schema;}); + PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) { + return _p->schema;} + ) ; _gnutls_debug_log ("PKCS #12 encryption schema OID '%s' is unsupported.\n", oid); @@ -238,7 +232,7 @@ int _gnutls_check_pkcs_cipher_schema(const char *oid) const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema) { - PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;); + PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;) ; gnutls_assert(); return NULL; @@ -247,22 +241,19 @@ const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema) /* Converts an OID to a gnutls cipher type. */ static int -pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t *algo) +pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t * algo) { *algo = 0; - PBES2_SCHEMA_LOOP(if (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) { - *algo = _p->cipher; - return 0; - } - ); + PBES2_SCHEMA_LOOP(if + (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) { + *algo = _p->cipher; return 0;} + ) ; - _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", - oid); + _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid); return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } - /* Decrypts a PKCS #7 encryptedData. The output is allocated * and stored in dec. */ @@ -288,8 +279,7 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, goto error; } - result = - asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); + result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -330,8 +320,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, result = _gnutls_read_pkcs_schema_params(&schema, password, - &data->data[params_start], - params_len, &kdf_params, &enc_params); + &data->data[params_start], + params_len, &kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -343,8 +334,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, result = _gnutls_pkcs_raw_decrypt_data(schema, pkcs7_asn, - "encryptedContentInfo.encryptedContent", password, - &kdf_params, &enc_params, &tmp); + "encryptedContentInfo.encryptedContent", + password, &kdf_params, &enc_params, + &tmp); if (result < 0) { gnutls_assert(); goto error; @@ -356,15 +348,16 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, return 0; - error: + error: asn1_delete_structure(&pasn); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; } int -_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_cipher_schema_st **p, - struct pbkdf2_params *kdf_params, char **oid) +_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, + const struct pkcs_cipher_schema_st **p, + struct pbkdf2_params *kdf_params, char **oid) { int result, len; char enc_oid[MAX_OID_SIZE]; @@ -382,8 +375,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe goto error; } - result = - asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); + result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -428,8 +420,9 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe result = _gnutls_read_pkcs_schema_params(&schema, NULL, - &data->data[params_start], - params_len, kdf_params, &enc_params); + &data->data[params_start], + params_len, kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -446,7 +439,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe return 0; - error: + error: asn1_delete_structure(&pasn); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; @@ -497,15 +490,16 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, */ result = - _gnutls_pkcs_generate_key(schema, password, &kdf_params, &enc_params, &key); + _gnutls_pkcs_generate_key(schema, password, &kdf_params, + &enc_params, &key); if (result < 0) { gnutls_assert(); goto error; } result = _gnutls_pkcs_write_schema_params(schema, pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - &kdf_params, &enc_params); + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + &kdf_params, &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -571,8 +565,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, goto error; } - - error: + error: _gnutls_free_key_datum(&key); _gnutls_free_datum(&tmp); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); @@ -583,8 +576,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, */ static int read_pbkdf2_params(ASN1_TYPE pasn, - const gnutls_datum_t * der, - struct pbkdf2_params *params) + const gnutls_datum_t * der, struct pbkdf2_params *params) { int params_start, params_end; int params_len, len, result; @@ -599,8 +591,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, */ len = sizeof(oid); result = - asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, - &len); + asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -610,8 +601,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, if (strcmp(oid, PBKDF2_OID) != 0) { gnutls_assert(); _gnutls_debug_log - ("PKCS #8 key derivation OID '%s' is unsupported.\n", - oid); + ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); return _gnutls_asn2err(result); } @@ -638,7 +628,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, result = _asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start], - params_len, NULL); + params_len, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -671,17 +661,14 @@ read_pbkdf2_params(ASN1_TYPE pasn, /* read the keylength, if it is set. */ result = - _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", - ¶ms->key_size); + _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", ¶ms->key_size); if (result < 0) { params->key_size = 0; } _gnutls_hard_log("keyLength: %d\n", params->key_size); len = sizeof(oid); - result = - asn1_read_value(pbkdf2_asn, "prf.algorithm", - oid, &len); + result = asn1_read_value(pbkdf2_asn, "prf.algorithm", oid, &len); if (result != ASN1_SUCCESS) { /* use the default MAC */ result = 0; @@ -698,7 +685,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbkdf2_asn); return result; @@ -706,8 +693,7 @@ read_pbkdf2_params(ASN1_TYPE pasn, /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA). */ -static int -read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) +static int read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) { int result; @@ -716,8 +702,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) /* read the salt */ params->salt_size = sizeof(params->salt); result = - asn1_read_value(pasn, "salt", params->salt, - ¶ms->salt_size); + asn1_read_value(pasn, "salt", params->salt, ¶ms->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -728,8 +713,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) /* read the iteration count */ result = - _gnutls_x509_read_uint(pasn, "iterations", - ¶ms->iter_count); + _gnutls_x509_read_uint(pasn, "iterations", ¶ms->iter_count); if (result < 0) { gnutls_assert(); goto error; @@ -740,7 +724,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) return 0; - error: + error: return result; } @@ -748,8 +732,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params) /* Writes the PBE parameters for PKCS-12 schemas. */ static int -write_pkcs12_kdf_params(ASN1_TYPE pasn, - const struct pbkdf2_params *kdf_params) +write_pkcs12_kdf_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params) { int result; @@ -778,15 +761,14 @@ write_pkcs12_kdf_params(ASN1_TYPE pasn, return 0; - error: + error: return result; } static int read_pbes2_enc_params(ASN1_TYPE pasn, - const gnutls_datum_t * der, - struct pbe_enc_params *params) + const gnutls_datum_t * der, struct pbe_enc_params *params) { int params_start, params_end; int params_len, len, result; @@ -799,9 +781,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, /* Check the encryption algorithm */ len = sizeof(oid); - result = - asn1_read_value(pasn, "encryptionScheme.algorithm", oid, - &len); + result = asn1_read_value(pasn, "encryptionScheme.algorithm", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -840,7 +820,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, result = _asn1_strict_der_decode(&pbe_asn, &der->data[params_start], - params_len, NULL); + params_len, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -849,8 +829,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, /* read the IV */ params->iv_size = sizeof(params->iv); - result = - asn1_read_value(pbe_asn, "", params->iv, ¶ms->iv_size); + result = asn1_read_value(pbe_asn, "", params->iv, ¶ms->iv_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -860,7 +839,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbe_asn); return result; } @@ -871,9 +850,9 @@ read_pbes2_enc_params(ASN1_TYPE pasn, */ int _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, - const uint8_t * data, int data_size, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params) + const uint8_t * data, int data_size, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params) { ASN1_TYPE pasn = ASN1_TYPE_EMPTY; int result; @@ -895,8 +874,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, /* Decode the parameters. */ - result = - _asn1_strict_der_decode(&pasn, data, data_size, NULL); + result = _asn1_strict_der_decode(&pasn, data, data_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -930,8 +908,9 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, *schema = p->schema; return 0; } else if (*schema == PBES1_DES_MD5) { - return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, enc_params); - } else { /* PKCS #12 schema */ + return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, + enc_params); + } else { /* PKCS #12 schema */ memset(enc_params, 0, sizeof(*enc_params)); p = _gnutls_pkcs_schema_get(*schema); @@ -954,8 +933,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, /* Decode the parameters. */ - result = - _asn1_strict_der_decode(&pasn, data, data_size, NULL); + result = _asn1_strict_der_decode(&pasn, data, data_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -970,16 +948,14 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, if (enc_params->iv_size) { result = - _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 2 /*IV*/, + _gnutls_pkcs12_string_to_key(mac_to_entry + (GNUTLS_MAC_SHA1), + 2 /*IV*/, kdf_params->salt, - kdf_params-> - salt_size, - kdf_params-> - iter_count, + kdf_params->salt_size, + kdf_params->iter_count, password, - enc_params-> - iv_size, + enc_params->iv_size, enc_params->iv); if (result < 0) { gnutls_assert(); @@ -1000,13 +976,13 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, int _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, - const char *root, const char *password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t *decrypted_data) + const char *root, const char *password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * decrypted_data) { int result; - gnutls_datum_t enc = {NULL, 0}; + gnutls_datum_t enc = { NULL, 0 }; uint8_t *key = NULL; gnutls_datum_t dkey, d_iv; cipher_hd_st ch; @@ -1026,8 +1002,9 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, if (schema == PBES1_DES_MD5) { return _gnutls_decrypt_pbes1_des_md5_data(password, pass_len, - kdf_params, enc_params, - &enc, decrypted_data); + kdf_params, + enc_params, &enc, + decrypted_data); } if (kdf_params->key_size == 0) { @@ -1045,22 +1022,24 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, /* generate the key */ p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ if (kdf_params->mac == GNUTLS_MAC_SHA1) - pbkdf2_hmac_sha1(pass_len, (uint8_t*)password, + pbkdf2_hmac_sha1(pass_len, (uint8_t *) password, kdf_params->iter_count, - kdf_params->salt_size, kdf_params->salt, - key_size, key); + kdf_params->salt_size, + kdf_params->salt, key_size, key); else if (kdf_params->mac == GNUTLS_MAC_SHA256) - pbkdf2_hmac_sha256(pass_len, (uint8_t*)password, - kdf_params->iter_count, - kdf_params->salt_size, kdf_params->salt, - key_size, key); - else return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); - } else if (p != NULL) { /* PKCS 12 schema */ + pbkdf2_hmac_sha256(pass_len, (uint8_t *) password, + kdf_params->iter_count, + kdf_params->salt_size, + kdf_params->salt, key_size, key); + else + return + gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); + } else if (p != NULL) { /* PKCS 12 schema */ result = _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 1 /*KEY*/, + 1 /*KEY*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, @@ -1114,7 +1093,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, return 0; - error: + error: gnutls_free(enc.data); gnutls_free(key); if (ch_init != 0) @@ -1122,12 +1101,10 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, return result; } - /* Writes the PBKDF2 parameters. */ static int -write_pbkdf2_params(ASN1_TYPE pasn, - const struct pbkdf2_params *kdf_params) +write_pbkdf2_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params) { int result; ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; @@ -1171,8 +1148,7 @@ write_pbkdf2_params(ASN1_TYPE pasn, result = _gnutls_asn2err(result); goto error; } - _gnutls_hard_log("salt.specified.size: %d\n", - kdf_params->salt_size); + _gnutls_hard_log("salt.specified.size: %d\n", kdf_params->salt_size); /* write the iteration count */ @@ -1218,16 +1194,14 @@ write_pbkdf2_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbkdf2_asn); return result; } - static int -write_pbes2_enc_params(ASN1_TYPE pasn, - const struct pbe_enc_params *params) +write_pbes2_enc_params(ASN1_TYPE pasn, const struct pbe_enc_params *params) { int result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; @@ -1260,8 +1234,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn, } /* read the salt */ - result = - asn1_write_value(pbe_asn, "", params->iv, params->iv_size); + result = asn1_write_value(pbe_asn, "", params->iv, params->iv_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1283,7 +1256,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn, result = 0; - error: + error: asn1_delete_structure(&pbe_asn); return result; @@ -1293,9 +1266,10 @@ write_pbes2_enc_params(ASN1_TYPE pasn, */ int _gnutls_pkcs_generate_key(schema_id schema, - const char *password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, gnutls_datum_t * key) + const char *password, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, + gnutls_datum_t * key) { unsigned char rnd[2]; unsigned int pass_len = 0; @@ -1313,10 +1287,10 @@ _gnutls_pkcs_generate_key(schema_id schema, /* generate salt */ kdf_params->salt_size = - MIN(sizeof(kdf_params->salt), (unsigned) (12 + (rnd[1] % 10))); + MIN(sizeof(kdf_params->salt), (unsigned)(12 + (rnd[1] % 10))); p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ enc_params->cipher = p->cipher; } else if (p != NULL) { /* non PBES2 algorithms */ @@ -1334,12 +1308,11 @@ _gnutls_pkcs_generate_key(schema_id schema, return GNUTLS_E_RANDOM_FAILED; } - kdf_params->iter_count = 5*1024 + rnd[0]; + kdf_params->iter_count = 5 * 1024 + rnd[0]; key->size = kdf_params->key_size = gnutls_cipher_get_key_size(enc_params->cipher); - enc_params->iv_size = - gnutls_cipher_get_iv_size(enc_params->cipher); + enc_params->iv_size = gnutls_cipher_get_iv_size(enc_params->cipher); key->data = gnutls_malloc(key->size); if (key->data == NULL) { gnutls_assert(); @@ -1349,25 +1322,24 @@ _gnutls_pkcs_generate_key(schema_id schema, /* now generate the key. */ - if (p->pbes2 != 0) { - pbkdf2_hmac_sha1(pass_len, (uint8_t*)password, + if (p->pbes2 != 0) { + pbkdf2_hmac_sha1(pass_len, (uint8_t *) password, kdf_params->iter_count, kdf_params->salt_size, kdf_params->salt, kdf_params->key_size, key->data); if (enc_params->iv_size) { ret = _gnutls_rnd(GNUTLS_RND_NONCE, - enc_params->iv, - enc_params->iv_size); + enc_params->iv, enc_params->iv_size); if (ret < 0) { gnutls_assert(); return ret; } } - } else { /* PKCS 12 schema */ + } else { /* PKCS 12 schema */ ret = _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 1 /*KEY*/, + 1 /*KEY*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, @@ -1383,16 +1355,14 @@ _gnutls_pkcs_generate_key(schema_id schema, */ if (enc_params->iv_size) { ret = - _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), + _gnutls_pkcs12_string_to_key(mac_to_entry + (GNUTLS_MAC_SHA1), 2 /*IV*/, kdf_params->salt, - kdf_params-> - salt_size, - kdf_params-> - iter_count, + kdf_params->salt_size, + kdf_params->iter_count, password, - enc_params-> - iv_size, + enc_params->iv_size, enc_params->iv); if (ret < 0) { gnutls_assert(); @@ -1401,19 +1371,17 @@ _gnutls_pkcs_generate_key(schema_id schema, } } - return 0; } - /* Encodes the parameters to be written in the encryptionAlgorithm.parameters * part. */ int _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params) + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params) { int result; ASN1_TYPE pasn = ASN1_TYPE_EMPTY; @@ -1421,7 +1389,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-5-PBES2-params", @@ -1443,8 +1411,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, } result = _gnutls_x509_der_encode_and_copy(pasn, "", - pkcs8_asn, where, - 0); + pkcs8_asn, where, 0); if (result < 0) { gnutls_assert(); goto error; @@ -1452,7 +1419,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, asn1_delete_structure(&pasn); - } else if (p != NULL) { /* PKCS #12 */ + } else if (p != NULL) { /* PKCS #12 */ if ((result = asn1_create_element(_gnutls_get_pkix(), @@ -1470,8 +1437,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, } result = _gnutls_x509_der_encode_and_copy(pasn, "", - pkcs8_asn, where, - 0); + pkcs8_asn, where, 0); if (result < 0) { gnutls_assert(); goto error; @@ -1482,7 +1448,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, return 0; - error: + error: asn1_delete_structure(&pasn); return result; @@ -1490,8 +1456,8 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, int _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * key, gnutls_datum_t * encrypted) + const struct pbe_enc_params *enc_params, + gnutls_datum_t * key, gnutls_datum_t * encrypted) { int result; int data_size; @@ -1550,10 +1516,9 @@ _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, return 0; - error: + error: gnutls_free(data); if (ch_init != 0) _gnutls_cipher_deinit(&ch); return result; } - diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 15a1e17c25..997b51763a 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -49,12 +49,11 @@ static const uint8_t one = 1; * which holds them. If raw is non null then the raw decoded * data are copied (they are locally allocated) there. */ -static int -_decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) +static int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) { char oid[MAX_OID_SIZE]; ASN1_TYPE c2; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; int len, result; len = sizeof(oid) - 1; @@ -102,16 +101,20 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) /* read the encapsulated content */ len = sizeof(oid) - 1; - result = asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len); + result = + asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if (strcmp(oid, PLAIN_DATA_OID) != 0 && strcmp(oid, DIGESTED_DATA_OID) != 0) { + if (strcmp(oid, PLAIN_DATA_OID) != 0 + && strcmp(oid, DIGESTED_DATA_OID) != 0) { gnutls_assert(); - _gnutls_debug_log("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", oid); + _gnutls_debug_log + ("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", + oid); result = GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; goto cleanup; } @@ -121,7 +124,7 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) gnutls_free(tmp.data); return 0; - cleanup: + cleanup: if (c2) asn1_delete_structure(&c2); gnutls_free(tmp.data); @@ -135,8 +138,7 @@ static int pkcs7_reinit(gnutls_pkcs7_t pkcs7) asn1_delete_structure(&pkcs7->pkcs7); result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-ContentInfo", - &pkcs7->pkcs7); + "PKIX1.pkcs-7-ContentInfo", &pkcs7->pkcs7); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -245,8 +247,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, } pkcs7->expanded = 1; - result = - asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL); + result = asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -263,7 +264,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, result = 0; - cleanup: + cleanup: if (need_free) _gnutls_free_datum(&_data); return result; @@ -290,7 +291,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, **/ int gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, - unsigned indx, gnutls_datum_t *cert) + unsigned indx, gnutls_datum_t * cert) { int result, len; char root2[ASN1_MAX_NAME_SIZE]; @@ -330,8 +331,9 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, goto cleanup; } - result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size, - root2, &start, &end); + result = + asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, + tmp.size, root2, &start, &end); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -346,7 +348,7 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } - cleanup: + cleanup: _gnutls_free_datum(&tmp); return result; } @@ -376,13 +378,13 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, size_t * certificate_size) { int ret; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; ret = gnutls_pkcs7_get_crt_raw2(pkcs7, indx, &tmp); if (ret < 0) return gnutls_assert_val(ret); - if ((unsigned) tmp.size > *certificate_size) { + if ((unsigned)tmp.size > *certificate_size) { *certificate_size = tmp.size; ret = GNUTLS_E_SHORT_MEMORY_BUFFER; goto cleanup; @@ -392,12 +394,11 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, if (certificate) memcpy(certificate, tmp.data, tmp.size); - cleanup: + cleanup: _gnutls_free_datum(&tmp); return ret; } - /** * gnutls_pkcs7_get_crt_count: * @pkcs7: should contain a #gnutls_pkcs7_t type @@ -417,7 +418,8 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) /* Step 2. Count the CertificateSet */ - result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); + result = + asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); if (result != ASN1_SUCCESS) { gnutls_assert(); return 0; /* no certificates */ @@ -435,7 +437,7 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) * * Since: 3.4.2 **/ -void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info) +void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st * info) { gnutls_free(info->sig.data); gnutls_free(info->issuer_dn.data); @@ -478,8 +480,8 @@ static time_t parse_time(gnutls_pkcs7_t pkcs7, const char *root) ret = _gnutls_x509_get_time(c2, "", 0); cleanup: - asn1_delete_structure(&c2); - return ret; + asn1_delete_structure(&c2); + return ret; } /** @@ -501,7 +503,8 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7) if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); if (ret != ASN1_SUCCESS) { gnutls_assert(); return 0; @@ -525,14 +528,15 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7) * * Since: 3.4.2 **/ -int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_pkcs7_signature_info_st *info) +int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, + gnutls_pkcs7_signature_info_st * info) { int ret, count, len; char root[256]; char oid[MAX_OID_SIZE]; gnutls_pk_algorithm_t pk; gnutls_sign_algorithm_t sig; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; unsigned i; if (pkcs7 == NULL) @@ -541,14 +545,16 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p memset(info, 0, sizeof(*info)); info->signing_time = -1; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - snprintf(root, sizeof(root), "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1); - len = sizeof(oid)-1; + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { gnutls_assert(); @@ -565,9 +571,10 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* use the digests algorithm */ - snprintf(root, sizeof(root), "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1); - len = sizeof(oid)-1; + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { gnutls_assert(); @@ -598,21 +605,32 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* read the issuer info */ - snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", + idx + 1); /* read the signature */ - ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, root, &info->issuer_dn); + ret = + _gnutls_x509_get_raw_field(pkcs7->signed_data, root, + &info->issuer_dn); if (ret >= 0) { - snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", idx + 1); + snprintf(root, sizeof(root), + "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", + idx + 1); /* read the signature */ - ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->signer_serial); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, root, + &info->signer_serial); if (ret < 0) { gnutls_assert(); goto fail; } - } else { /* keyid */ - snprintf(root, sizeof(root), "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1); + } else { /* keyid */ + snprintf(root, sizeof(root), + "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1); /* read the signature */ - ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->issuer_keyid); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, root, + &info->issuer_keyid); if (ret < 0) { gnutls_assert(); } @@ -624,15 +642,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* read the signing time */ - for (i=0;;i++) { - snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.type", idx+1, i+1); - len = sizeof(oid)-1; + for (i = 0;; i++) { + snprintf(root, sizeof(root), + "signerInfos.?%u.signedAttrs.?%u.type", idx + 1, + i + 1); + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { break; } - snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.values.?1", idx+1, i+1); + snprintf(root, sizeof(root), + "signerInfos.?%u.signedAttrs.?%u.values.?1", idx + 1, + i + 1); ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp); if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { tmp.data = NULL; @@ -657,15 +679,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } /* read the unsigned attrs */ - for (i=0;;i++) { - snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.type", idx+1, i+1); - len = sizeof(oid)-1; + for (i = 0;; i++) { + snprintf(root, sizeof(root), + "signerInfos.?%u.unsignedAttrs.?%u.type", idx + 1, + i + 1); + len = sizeof(oid) - 1; ret = asn1_read_value(pkcs7->signed_data, root, oid, &len); if (ret != ASN1_SUCCESS) { break; } - snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx+1, i+1); + snprintf(root, sizeof(root), + "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx + 1, + i + 1); ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp); if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { tmp.data = NULL; @@ -675,7 +701,8 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p goto fail; } - ret = gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0); + ret = + gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0); gnutls_free(tmp.data); tmp.data = NULL; @@ -685,11 +712,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p } } - return 0; + return 0; fail: gnutls_free(tmp.data); gnutls_pkcs7_signature_info_deinit(info); - return ret; + return ret; unsupp_algo: return GNUTLS_E_UNKNOWN_ALGORITHM; } @@ -698,11 +725,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p * and matches our calculated hash */ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, gnutls_sign_algorithm_t algo, - const gnutls_datum_t *data) + const gnutls_datum_t * data) { unsigned hash; - gnutls_datum_t tmp = {NULL, 0}; - gnutls_datum_t tmp2 = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; + gnutls_datum_t tmp2 = { NULL, 0 }; uint8_t hash_output[MAX_HASH_SIZE]; unsigned hash_size, i; char oid[MAX_OID_SIZE]; @@ -720,7 +747,9 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, hash_size = gnutls_hash_get_len(hash); if (data == NULL || data->data == NULL) { - ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", &tmp); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, + "encapContentInfo.eContent", &tmp); if (ret < 0) { if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -739,11 +768,13 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, return gnutls_assert_val(ret); /* now verify that hash matches */ - for (i=0;;i++) { - snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i+1); + for (i = 0;; i++) { + snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i + 1); ret = _gnutls_x509_decode_and_read_attribute(pkcs7->signed_data, - name, oid, sizeof(oid), &tmp, 1, 0); + name, oid, + sizeof(oid), &tmp, + 1, 0); if (ret < 0) { if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) break; @@ -751,14 +782,17 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, } if (strcmp(oid, ATTR_MESSAGE_DIGEST) == 0) { - ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - tmp.data, tmp.size, &tmp2, 0); + ret = + _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, + tmp.data, tmp.size, + &tmp2, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - if (tmp2.size == hash_size && memcmp(hash_output, tmp2.data, tmp2.size) == 0) { + if (tmp2.size == hash_size + && memcmp(hash_output, tmp2.data, tmp2.size) == 0) { msg_digest_ok = 1; } } else if (strcmp(oid, ATTR_CONTENT_TYPE) == 0) { @@ -771,22 +805,26 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, num_cont_types++; /* check if it matches */ - ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, "encapContentInfo.eContentType", &tmp2); + ret = + _gnutls_x509_get_raw_field(pkcs7->signed_data, + "encapContentInfo.eContentType", + &tmp2); if (ret < 0) { gnutls_assert(); goto cleanup; } - if (tmp2.size != tmp.size || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) { + if (tmp2.size != tmp.size + || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) { gnutls_assert(); ret = GNUTLS_E_PARSING_ERROR; goto cleanup; } } - gnutls_free(tmp.data); - tmp.data = NULL; - gnutls_free(tmp2.data); - tmp2.data = NULL; + gnutls_free(tmp.data); + tmp.data = NULL; + gnutls_free(tmp2.data); + tmp2.data = NULL; } if (msg_digest_ok) @@ -795,19 +833,18 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR); cleanup: - gnutls_free(tmp.data); - gnutls_free(tmp2.data); - return ret; + gnutls_free(tmp.data); + gnutls_free(tmp2.data); + return ret; } - /* Returns the data to be used for signature verification. PKCS #7 * decided that this should not be an easy task. */ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, - const gnutls_datum_t *data, + const gnutls_datum_t * data, gnutls_sign_algorithm_t algo, - gnutls_datum_t *sigdata) + gnutls_datum_t * sigdata) { int ret; char name[256]; @@ -829,7 +866,10 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, /* We have no signedAttrs. Use the provided data, or the encapsulated */ if (data == NULL || data->data == NULL) { - ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", sigdata); + ret = + _gnutls_x509_read_value(pkcs7->signed_data, + "encapContentInfo.eContent", + sigdata); if (ret < 0) { gnutls_assert(); return gnutls_assert_val(ret); @@ -860,10 +900,11 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, * Since: 3.4.8 **/ int -gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_t *data) +gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, + gnutls_datum_t * data) { int count, ret; - gnutls_datum_t tmpdata = {NULL, 0}; + gnutls_datum_t tmpdata = { NULL, 0 }; gnutls_pkcs7_signature_info_st info; char root[128]; @@ -872,8 +913,9 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_ if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -921,15 +963,14 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_ * Since: 3.4.2 **/ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_t signer, - unsigned idx, - const gnutls_datum_t *data, - unsigned flags) + gnutls_x509_crt_t signer, + unsigned idx, + const gnutls_datum_t * data, unsigned flags) { int count, ret; - gnutls_datum_t tmpdata = {NULL, 0}; + gnutls_datum_t tmpdata = { NULL, 0 }; gnutls_pkcs7_signature_info_st info; - gnutls_datum_t sigdata = {NULL, 0}; + gnutls_datum_t sigdata = { NULL, 0 }; char root[128]; memset(&info, 0, sizeof(info)); @@ -937,8 +978,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -956,7 +998,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, goto cleanup; } - ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig); + ret = + gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, + &info.sig); if (ret < 0) { gnutls_assert(); } @@ -971,18 +1015,22 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, static gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, - gnutls_typed_vdata_st *vdata, unsigned vdata_size, - gnutls_pkcs7_signature_info_st *info) + gnutls_typed_vdata_st * vdata, + unsigned vdata_size, + gnutls_pkcs7_signature_info_st * info) { gnutls_x509_crt_t issuer = NULL, crt = NULL; int ret, count; uint8_t serial[128]; size_t serial_size; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; unsigned i, vtmp; if (info->issuer_dn.data) { - ret = gnutls_x509_trust_list_get_issuer_by_dn(tl, &info->issuer_dn, &issuer, 0); + ret = + gnutls_x509_trust_list_get_issuer_by_dn(tl, + &info->issuer_dn, + &issuer, 0); if (ret < 0) { gnutls_assert(); issuer = NULL; @@ -990,7 +1038,13 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, } if (info->issuer_keyid.data && issuer == NULL) { - ret = gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, NULL, &info->issuer_keyid, &issuer, 0); + ret = + gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, + NULL, + &info-> + issuer_keyid, + &issuer, + 0); if (ret < 0) { gnutls_assert(); issuer = NULL; @@ -1003,9 +1057,11 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, } /* check issuer's key purpose */ - for (i=0;i<vdata_size;i++) { + for (i = 0; i < vdata_size; i++) { if (vdata[i].type == GNUTLS_DT_KEY_PURPOSE_OID) { - ret = _gnutls_check_key_purpose(issuer, (char*)vdata[i].data, 0); + ret = + _gnutls_check_key_purpose(issuer, + (char *)vdata[i].data, 0); if (ret == 0) { gnutls_assert(); goto fail; @@ -1025,7 +1081,9 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, goto fail; } - if (serial_size == info->signer_serial.size && memcmp(info->signer_serial.data, serial, serial_size) == 0) { + if (serial_size == info->signer_serial.size + && memcmp(info->signer_serial.data, serial, + serial_size) == 0) { /* issuer == signer */ return issuer; } @@ -1037,7 +1095,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, goto fail; } - for (i=0;i<(unsigned)count;i++) { + for (i = 0; i < (unsigned)count; i++) { /* Try to find the signer in the appended list. */ ret = gnutls_pkcs7_get_crt_raw2(pkcs7, 0, &tmp); if (ret < 0) { @@ -1064,14 +1122,19 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, goto fail; } - if (serial_size != info->signer_serial.size || memcmp(info->signer_serial.data, serial, serial_size) != 0) { + if (serial_size != info->signer_serial.size + || memcmp(info->signer_serial.data, serial, + serial_size) != 0) { gnutls_assert(); goto skip; } - ret = gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, vdata_size, 0, &vtmp, NULL); + ret = + gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, + vdata_size, 0, &vtmp, + NULL); if (ret < 0 || vtmp != 0) { - gnutls_assert(); /* maybe next one is trusted */ + gnutls_assert(); /* maybe next one is trusted */ skip: gnutls_x509_crt_deinit(crt); crt = NULL; @@ -1097,7 +1160,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, gnutls_free(tmp.data); if (issuer) gnutls_x509_crt_deinit(issuer); - + return crt; } @@ -1128,14 +1191,13 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, gnutls_typed_vdata_st * vdata, unsigned int vdata_size, unsigned idx, - const gnutls_datum_t *data, - unsigned flags) + const gnutls_datum_t * data, unsigned flags) { int count, ret; - gnutls_datum_t tmpdata = {NULL, 0}; + gnutls_datum_t tmpdata = { NULL, 0 }; gnutls_pkcs7_signature_info_st info; gnutls_x509_crt_t signer; - gnutls_datum_t sigdata = {NULL, 0}; + gnutls_datum_t sigdata = { NULL, 0 }; char root[128]; memset(&info, 0, sizeof(info)); @@ -1143,8 +1205,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); - if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) { + ret = + asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1165,7 +1228,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, signer = find_signer(pkcs7, tl, vdata, vdata_size, &info); if (signer) { - ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig); + ret = + gnutls_x509_crt_verify_data2(signer, info.algo, flags, + &sigdata, &info.sig); if (ret < 0) { gnutls_assert(); } @@ -1175,7 +1240,6 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; } - cleanup: gnutls_free(tmpdata.data); gnutls_free(sigdata.data); @@ -1195,7 +1259,8 @@ static void disable_opt_fields(gnutls_pkcs7_t pkcs7) asn1_write_value(pkcs7->signed_data, "crls", NULL, 0); } - result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); + result = + asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); if (result != ASN1_SUCCESS || count == 0) { asn1_write_value(pkcs7->signed_data, "certificates", NULL, 0); } @@ -1213,8 +1278,9 @@ static int reencode(gnutls_pkcs7_t pkcs7) /* Replace the old content with the new */ result = - _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", pkcs7->pkcs7, - "content", 0); + _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", + pkcs7->pkcs7, "content", + 0); if (result < 0) { return gnutls_assert_val(result); } @@ -1222,7 +1288,8 @@ static int reencode(gnutls_pkcs7_t pkcs7) /* Write the content type of the signed data */ result = - asn1_write_value(pkcs7->pkcs7, "contentType", SIGNED_DATA_OID, 1); + asn1_write_value(pkcs7->pkcs7, "contentType", + SIGNED_DATA_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1296,8 +1363,7 @@ gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7, if ((ret = reencode(pkcs7)) < 0) return gnutls_assert_val(ret); - return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7, - out); + return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7, out); } /* Creates an empty signed data structure in the pkcs7 @@ -1339,8 +1405,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) goto cleanup; } - result = - asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0); + result = asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1356,10 +1421,9 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) /* Add no signerInfos. */ - return 0; - cleanup: + cleanup: asn1_delete_structure(sdata); return result; @@ -1376,8 +1440,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) +int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) { int result; @@ -1391,7 +1454,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) /* The pkcs7 structure is new, so create the * signedData. */ - result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); + result = + create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); if (result < 0) { gnutls_assert(); return result; @@ -1409,7 +1473,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) } result = - asn1_write_value(pkcs7->signed_data, "certificates.?LAST", "certificate", 1); + asn1_write_value(pkcs7->signed_data, "certificates.?LAST", + "certificate", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1417,18 +1482,18 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) } result = - asn1_write_value(pkcs7->signed_data, "certificates.?LAST.certificate", - crt->data, crt->size); + asn1_write_value(pkcs7->signed_data, + "certificates.?LAST.certificate", crt->data, + crt->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = 0; - cleanup: + cleanup: return result; } @@ -1470,7 +1535,6 @@ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) return 0; } - /** * gnutls_pkcs7_delete_crt: * @pkcs7: The pkcs7 type @@ -1504,7 +1568,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) return 0; - cleanup: + cleanup: return result; } @@ -1527,7 +1591,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) **/ int gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, - unsigned indx, gnutls_datum_t *crl) + unsigned indx, gnutls_datum_t * crl) { int result; char root2[ASN1_MAX_NAME_SIZE]; @@ -1550,8 +1614,9 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, /* Get the raw CRL */ - result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size, - root2, &start, &end); + result = + asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size, + root2, &start, &end); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -1563,7 +1628,7 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, result = _gnutls_set_datum(crl, &tmp.data[start], end); - cleanup: + cleanup: _gnutls_free_datum(&tmp); return result; } @@ -1588,13 +1653,13 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, unsigned indx, void *crl, size_t * crl_size) { int ret; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; ret = gnutls_pkcs7_get_crl_raw2(pkcs7, indx, &tmp); if (ret < 0) return gnutls_assert_val(ret); - if ((unsigned) tmp.size > *crl_size) { + if ((unsigned)tmp.size > *crl_size) { *crl_size = tmp.size; ret = GNUTLS_E_SHORT_MEMORY_BUFFER; goto cleanup; @@ -1604,7 +1669,7 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, if (crl) memcpy(crl, tmp.data, tmp.size); - cleanup: + cleanup: _gnutls_free_datum(&tmp); return ret; } @@ -1648,8 +1713,7 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) +int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) { int result; @@ -1663,7 +1727,8 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) /* The pkcs7 structure is new, so create the * signedData. */ - result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); + result = + create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); if (result < 0) { gnutls_assert(); return result; @@ -1680,7 +1745,9 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) goto cleanup; } - result = asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, crl->size); + result = + asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, + crl->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1689,7 +1756,7 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) result = 0; - cleanup: + cleanup: return result; } @@ -1763,11 +1830,12 @@ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx) return 0; - cleanup: + cleanup: return result; } -static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t signer, unsigned flags) +static int write_signer_id(ASN1_TYPE c2, const char *root, + gnutls_x509_crt_t signer, unsigned flags) { int result; size_t serial_size; @@ -1778,8 +1846,7 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig const uint8_t ver = 3; snprintf(name, sizeof(name), "%s.version", root); - result = - asn1_write_value(c2, name, &ver, 1); + result = asn1_write_value(c2, name, &ver, 1); snprintf(name, sizeof(name), "%s.sid", root); result = asn1_write_value(c2, name, "subjectKeyIdentifier", 1); @@ -1789,7 +1856,9 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig } serial_size = sizeof(serial); - result = gnutls_x509_crt_get_subject_key_id(signer, serial, &serial_size, NULL); + result = + gnutls_x509_crt_get_subject_key_id(signer, serial, + &serial_size, NULL); if (result < 0) return gnutls_assert_val(result); @@ -1801,7 +1870,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig } } else { serial_size = sizeof(serial); - result = gnutls_x509_crt_get_serial(signer, serial, &serial_size); + result = + gnutls_x509_crt_get_serial(signer, serial, &serial_size); if (result < 0) return gnutls_assert_val(result); @@ -1812,15 +1882,19 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig return _gnutls_asn2err(result); } - snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.serialNumber", root); + snprintf(name, sizeof(name), + "%s.sid.issuerAndSerialNumber.serialNumber", root); result = asn1_write_value(c2, name, serial, serial_size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.issuer", root); - result = asn1_copy_node(c2, name, signer->cert, "tbsCertificate.issuer"); + snprintf(name, sizeof(name), + "%s.sid.issuerAndSerialNumber.issuer", root); + result = + asn1_copy_node(c2, name, signer->cert, + "tbsCertificate.issuer"); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1830,7 +1904,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig return 0; } -static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, unsigned already_set) +static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, + unsigned already_set) { char name[256]; gnutls_pkcs7_attrs_st *p = attrs; @@ -1841,7 +1916,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, if (already_set == 0) asn1_write_value(c2, root, NULL, 0); } else { - while(p != NULL) { + while (p != NULL) { result = asn1_write_value(c2, root, "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -1849,8 +1924,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, } snprintf(name, sizeof(name), "%s.?LAST.type", root); - result = - asn1_write_value(c2, name, p->oid, 1); + result = asn1_write_value(c2, name, p->oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1863,8 +1937,11 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, return _gnutls_asn2err(result); } - snprintf(name, sizeof(name), "%s.?LAST.values.?1", root); - result = asn1_write_value(c2, name, p->data.data, p->data.size); + snprintf(name, sizeof(name), "%s.?LAST.values.?1", + root); + result = + asn1_write_value(c2, name, p->data.data, + p->data.size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1877,14 +1954,15 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, return 0; } -static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t *data, - const mac_entry_st *me, gnutls_pkcs7_attrs_t other_attrs, - unsigned flags) +static int write_attributes(ASN1_TYPE c2, const char *root, + const gnutls_datum_t * data, + const mac_entry_st * me, + gnutls_pkcs7_attrs_t other_attrs, unsigned flags) { char name[256]; int result, ret; uint8_t digest[MAX_HASH_SIZE]; - gnutls_datum_t tmp = {NULL, 0}; + gnutls_datum_t tmp = { NULL, 0 }; unsigned digest_size; unsigned already_set = 0; @@ -1903,8 +1981,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t } snprintf(name, sizeof(name), "%s.?LAST.type", root); - result = - asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1); + result = asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1930,7 +2007,6 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t already_set = 1; } - ret = add_attrs(c2, root, other_attrs, already_set); if (ret < 0) { gnutls_assert(); @@ -1947,8 +2023,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t } snprintf(name, sizeof(name), "%s.?LAST.type", root); - result = - asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1); + result = asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1963,7 +2038,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t return ret; } - ret = _gnutls_x509_get_raw_field(c2, "encapContentInfo.eContentType", &tmp); + ret = + _gnutls_x509_get_raw_field(c2, + "encapContentInfo.eContentType", + &tmp); if (ret < 0) { gnutls_assert(); return ret; @@ -1998,9 +2076,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t } snprintf(name, sizeof(name), "%s.?LAST", root); - ret = _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST, - c2, name, - digest, digest_size, 1); + ret = + _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST, + c2, name, digest, + digest_size, 1); if (ret < 0) { gnutls_assert(); return ret; @@ -2038,15 +2117,14 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer, gnutls_privkey_t signer_key, - const gnutls_datum_t *data, + const gnutls_datum_t * data, gnutls_pkcs7_attrs_t signed_attrs, gnutls_pkcs7_attrs_t unsigned_attrs, - gnutls_digest_algorithm_t dig, - unsigned flags) + gnutls_digest_algorithm_t dig, unsigned flags) { int ret, result; - gnutls_datum_t sigdata = {NULL, 0}; - gnutls_datum_t signature = {NULL, 0}; + gnutls_datum_t sigdata = { NULL, 0 }; + gnutls_datum_t signature = { NULL, 0 }; const mac_entry_st *me = hash_to_entry(dig); unsigned pk, sigalgo; @@ -2054,7 +2132,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, return GNUTLS_E_INVALID_REQUEST; if (pkcs7->signed_data == ASN1_TYPE_EMPTY) { - result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", &pkcs7->signed_data); + result = + asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-SignedData", + &pkcs7->signed_data); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2062,20 +2143,27 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } if (!(flags & GNUTLS_PKCS7_EMBED_DATA)) { - asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", NULL, 0); + asn1_write_value(pkcs7->signed_data, + "encapContentInfo.eContent", NULL, 0); } } asn1_write_value(pkcs7->signed_data, "version", &one, 1); - result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContentType", PLAIN_DATA_OID, 0); + result = + asn1_write_value(pkcs7->signed_data, + "encapContentInfo.eContentType", PLAIN_DATA_OID, + 0); if (result != ASN1_SUCCESS) { ret = _gnutls_asn2err(result); goto cleanup; } - if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */ - result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", data->data, data->size); + if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */ + result = + asn1_write_value(pkcs7->signed_data, + "encapContentInfo.eContent", data->data, + data->size); if (result != ASN1_SUCCESS) { ret = _gnutls_asn2err(result); goto cleanup; @@ -2091,7 +2179,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } /* append digest info algorithm */ - result = asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1); + result = + asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2099,13 +2188,16 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } result = - asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.algorithm", _gnutls_x509_digest_to_oid(me), 1); + asn1_write_value(pkcs7->signed_data, + "digestAlgorithms.?LAST.algorithm", + _gnutls_x509_digest_to_oid(me), 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.parameters", NULL, 0); + asn1_write_value(pkcs7->signed_data, + "digestAlgorithms.?LAST.parameters", NULL, 0); /* append signer's info */ result = asn1_write_value(pkcs7->signed_data, "signerInfos", "NEW", 1); @@ -2116,7 +2208,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", &one, 1); + asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", + &one, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2124,27 +2217,38 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.algorithm", _gnutls_x509_digest_to_oid(me), 1); + asn1_write_value(pkcs7->signed_data, + "signerInfos.?LAST.digestAlgorithm.algorithm", + _gnutls_x509_digest_to_oid(me), 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.parameters", NULL, 0); + asn1_write_value(pkcs7->signed_data, + "signerInfos.?LAST.digestAlgorithm.parameters", NULL, + 0); - ret = write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, flags); + ret = + write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, + flags); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", unsigned_attrs, 0); + ret = + add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", + unsigned_attrs, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = write_attributes(pkcs7->signed_data, "signerInfos.?LAST.signedAttrs", data, me, signed_attrs, flags); + ret = + write_attributes(pkcs7->signed_data, + "signerInfos.?LAST.signedAttrs", data, me, + signed_attrs, flags); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2160,7 +2264,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, * that a generic RSA OID should be used. We switch to this "unexpected" value * because some implementations cannot cope with the "expected" signature values. */ - ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig, 1); + ret = + _gnutls_x509_write_sig_params(pkcs7->signed_data, + "signerInfos.?LAST.signatureAlgorithm", + pk, dig, 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2174,20 +2281,24 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } /* sign the data */ - ret = figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, &sigdata); + ret = + figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, + &sigdata); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature); + ret = + gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature); if (ret < 0) { gnutls_assert(); goto cleanup; } result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", signature.data, signature.size); + asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", + signature.data, signature.size); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2201,4 +2312,3 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, gnutls_free(signature.data); return ret; } - diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index a3dc9ac7b6..73fdc5df4b 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -555,8 +555,8 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, if (key->pk_algorithm == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) { if (memcmp(ptr, PEM_KEY_PKCS8, sizeof(PEM_KEY_PKCS8)-1) == 0) { result = - _gnutls_fbase64_decode(PEM_KEY_PKCS8, begin_ptr, - left, &_data); + _gnutls_fbase64_decode(PEM_KEY_PKCS8, + begin_ptr, left, &_data); if (result >= 0) { /* signal for PKCS #8 keys */ key->pk_algorithm = -1; @@ -758,7 +758,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, if (memcmp(ptr, PEM_KEY_RSA, sizeof(PEM_KEY_RSA)-1) == 0 || memcmp(ptr, PEM_KEY_ECC, sizeof(PEM_KEY_ECC)-1) == 0 || memcmp(ptr, PEM_KEY_DSA, sizeof(PEM_KEY_DSA)-1) == 0) { - head_enc = 0; + head_enc = 0; } } } @@ -788,7 +788,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, /* use the callback if any */ ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin)); if (ret == 0) { - password = pin; + password = pin; } ret = @@ -1784,17 +1784,17 @@ int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) ret = 0; cleanup: - gnutls_free(m1.data); - gnutls_free(e1.data); - gnutls_free(d1.data); - gnutls_free(p1.data); - gnutls_free(q1.data); - gnutls_free(m2.data); - gnutls_free(e2.data); - gnutls_free(d2.data); - gnutls_free(p2.data); - gnutls_free(q2.data); - return ret; + gnutls_free(m1.data); + gnutls_free(e1.data); + gnutls_free(d1.data); + gnutls_free(p1.data); + gnutls_free(q1.data); + gnutls_free(m2.data); + gnutls_free(e2.data); + gnutls_free(d2.data); + gnutls_free(p2.data); + gnutls_free(q2.data); + return ret; } static @@ -1836,13 +1836,13 @@ int cmp_dsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) ret = 0; cleanup: - gnutls_free(g1.data); - gnutls_free(p1.data); - gnutls_free(q1.data); - gnutls_free(g2.data); - gnutls_free(p2.data); - gnutls_free(q2.data); - return ret; + gnutls_free(g1.data); + gnutls_free(p1.data); + gnutls_free(q1.data); + gnutls_free(g2.data); + gnutls_free(p2.data); + gnutls_free(q2.data); + return ret; } /** @@ -1909,7 +1909,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg ret = cmp_dsa_key(key, okey); cleanup: - gnutls_x509_privkey_deinit(okey); + gnutls_x509_privkey_deinit(okey); return ret; } @@ -2224,7 +2224,7 @@ void gnutls_x509_privkey_set_pin_function(gnutls_x509_privkey_t privkey, * **/ void gnutls_x509_privkey_set_flags(gnutls_x509_privkey_t key, - unsigned int flags) + unsigned int flags) { key->flags |= flags; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index bebc82afc4..74bb466c65 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -70,7 +70,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) case GNUTLS_PK_EC: ret = gnutls_x509_privkey_export2(pkey, GNUTLS_X509_FMT_DER, - raw); + raw); if (ret < 0) { gnutls_assert(); goto error; diff --git a/lib/x509/time.c b/lib/x509/time.c index 9ae270e10e..5ae6be01ee 100644 --- a/lib/x509/time.c +++ b/lib/x509/time.c @@ -64,7 +64,7 @@ static const int MONTHDAYS[] = { /* Whether a given year is a leap year. */ #define ISLEAP(year) \ - (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0)) + (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0)) /* ** Given a struct tm representing a calendar time in UTC, convert it to @@ -234,10 +234,10 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig || gtime >= 253402210800 #endif ) { - if (tag) - *tag = ASN1_TAG_GENERALIZEDTime; - snprintf(str_time, str_time_size, "99991231235959Z"); - return 0; + if (tag) + *tag = ASN1_TAG_GENERALIZEDTime; + snprintf(str_time, str_time_size, "99991231235959Z"); + return 0; } if (!gmtime_r(>ime, &_tm)) { @@ -247,11 +247,11 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig if (_tm.tm_year >= 150) { if (tag) - *tag = ASN1_TAG_GENERALIZEDTime; + *tag = ASN1_TAG_GENERALIZEDTime; ret = strftime(str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm); } else { if (tag) - *tag = ASN1_TAG_UTCTime; + *tag = ASN1_TAG_UTCTime; ret = strftime(str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm); } if (!ret) { @@ -273,8 +273,8 @@ gtime_to_generalTime(time_t gtime, char *str_time, size_t str_time_size) || gtime >= 253402210800 #endif ) { - snprintf(str_time, str_time_size, "99991231235959Z"); - return 0; + snprintf(str_time, str_time_size, "99991231235959Z"); + return 0; } if (!gmtime_r(>ime, &_tm)) { diff --git a/lib/x509/tls_features.c b/lib/x509/tls_features.c index af5bb06a51..d6055fa28a 100644 --- a/lib/x509/tls_features.c +++ b/lib/x509/tls_features.c @@ -214,7 +214,7 @@ int gnutls_x509_crt_set_tlsfeatures(gnutls_x509_crt_t crt, * Since: 3.5.1 **/ unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat, - gnutls_x509_crt_t cert) + gnutls_x509_crt_t cert) { int ret; gnutls_x509_tlsfeatures_t cfeat; diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 6aa732c7d9..e7484ff439 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -346,7 +346,7 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, static int advance_iter(gnutls_x509_trust_list_t list, - gnutls_x509_trust_list_iter_t iter) + gnutls_x509_trust_list_iter_t iter) { int ret; @@ -408,8 +408,8 @@ advance_iter(gnutls_x509_trust_list_t list, **/ int gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list, - gnutls_x509_trust_list_iter_t *iter, - gnutls_x509_crt_t *crt) + gnutls_x509_trust_list_iter_t *iter, + gnutls_x509_crt_t *crt) { int ret; @@ -745,9 +745,9 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, if (gnutls_x509_crl_get_this_update(crl_list[i]) >= gnutls_x509_crl_get_this_update(list->node[hash].crls[x])) { - gnutls_x509_crl_deinit(list->node[hash].crls[x]); - list->node[hash].crls[x] = crl_list[i]; - goto next; + gnutls_x509_crl_deinit(list->node[hash].crls[x]); + list->node[hash].crls[x] = crl_list[i]; + goto next; } else { /* The new is older, discard it */ gnutls_x509_crl_deinit(crl_list[i]); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 3a0fbe04b7..ecd2369b1c 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -660,8 +660,8 @@ verify_crt(gnutls_x509_crt_t cert, if (issuer_version < 0) { MARK_INVALID(0); } else if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && - ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) - || issuer_version != 1)) { + ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) + || issuer_version != 1)) { if (check_if_ca(cert, issuer, &vparams->max_path, flags) != 1) { MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_CA); } @@ -687,11 +687,11 @@ verify_crt(gnutls_x509_crt_t cert, if (me == NULL) { MARK_INVALID(0); } else if (cert_signed_data.data != NULL && - cert_signature.data != NULL) { + cert_signature.data != NULL) { ret = _gnutls_x509_verify_data(me, &cert_signed_data, - &cert_signature, + &cert_signature, issuer); if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) { MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE); @@ -1123,8 +1123,8 @@ _gnutls_pkcs11_verify_crt_status(const char* url, /* check against issuer */ ret = gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1], - &raw_issuer, GNUTLS_X509_FMT_DER, - GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); + &raw_issuer, GNUTLS_X509_FMT_DER, + GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); if (ret < 0) { gnutls_assert(); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && clist_size > 2) { @@ -1132,7 +1132,7 @@ _gnutls_pkcs11_verify_crt_status(const char* url, /* check if the last certificate in the chain is present * in our trusted list, and if yes, verify against it. */ ret = gnutls_pkcs11_crt_is_known(url, certificate_list[clist_size - 1], - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE); + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE); if (ret != 0) { return _gnutls_verify_crt_status(certificate_list, clist_size, &certificate_list[clist_size - 1], 1, flags, diff --git a/lib/x509/x509.c b/lib/x509/x509.c index a781d2e098..25f1d2691a 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -73,7 +73,7 @@ static int crt_reinit(gnutls_x509_crt_t crt) * Since: 3.5.0 **/ unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1, - gnutls_x509_crt_t cert2) + gnutls_x509_crt_t cert2) { int ret; bool result; @@ -305,12 +305,12 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) /* handle equally empty parameters with missing parameters */ if (sp1.size == 2 && memcmp(sp1.data, "\x05\x00", 2) == 0) { empty1 = 1; - _gnutls_free_datum(&sp1); + _gnutls_free_datum(&sp1); } if (sp2.size == 2 && memcmp(sp2.data, "\x05\x00", 2) == 0) { empty2 = 1; - _gnutls_free_datum(&sp2); + _gnutls_free_datum(&sp2); } if (empty1 != empty2 || @@ -322,9 +322,9 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) ret = 0; cleanup: - _gnutls_free_datum(&sp1); - _gnutls_free_datum(&sp2); - return ret; + _gnutls_free_datum(&sp1); + _gnutls_free_datum(&sp2); + return ret; } /** @@ -889,8 +889,8 @@ gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, ret = 0; cleanup: - gnutls_free(dsig.data); - return ret; + gnutls_free(dsig.data); + return ret; } /** @@ -1225,10 +1225,10 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, ret = 0; cleanup: - if (aki != NULL) - gnutls_x509_aki_deinit(aki); - gnutls_free(der.data); - return ret; + if (aki != NULL) + gnutls_x509_aki_deinit(aki); + gnutls_free(der.data); + return ret; } /** @@ -1311,10 +1311,10 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, ret = 0; cleanup: - if (aki != NULL) - gnutls_x509_aki_deinit(aki); - gnutls_free(der.data); - return ret; + if (aki != NULL) + gnutls_x509_aki_deinit(aki); + gnutls_free(der.data); + return ret; } /** @@ -2139,8 +2139,8 @@ gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx, ret = 0; cleanup: - if (policies != NULL) - gnutls_x509_policies_deinit(policies); + if (policies != NULL) + gnutls_x509_policies_deinit(policies); _gnutls_free_datum(&tmpd); return ret; @@ -2846,8 +2846,8 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, return 0; /* not revoked. */ fail: - gnutls_x509_crl_iter_deinit(iter); - return ret; + gnutls_x509_crl_iter_deinit(iter); + return ret; } @@ -2919,7 +2919,7 @@ gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } @@ -3090,9 +3090,9 @@ gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, ret = 0; cleanup: - gnutls_free(ext.data); - if (p!=NULL) - gnutls_x509_key_purpose_deinit(p); + gnutls_free(ext.data); + if (p!=NULL) + gnutls_x509_key_purpose_deinit(p); return ret; } @@ -3137,7 +3137,7 @@ gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } @@ -3186,7 +3186,7 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } @@ -3234,7 +3234,7 @@ gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, } cleanup: - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); return ret; } diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index dc51e4b68b..d503d5d394 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -2665,7 +2665,7 @@ static int parse_aia(ASN1_TYPE c2, gnutls_x509_aia_t aia) result = asn1_read_value(c2, nptr, tmpoid, &len); if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { - ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; break; } @@ -3141,7 +3141,7 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out) ret = 0; goto cleanup; fail: - memset(out, 0, sizeof(*out)); + memset(out, 0, sizeof(*out)); cleanup: asn1_delete_structure(&c2); return ret; diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 86b9280950..bf6cba155e 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -335,8 +335,8 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, - gnutls_x509_crq_t crq, const char *oid, - unsigned flags) + gnutls_x509_crq_t crq, const char *oid, + unsigned flags) { size_t i; @@ -835,10 +835,9 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, /* generate the extension. */ result = - _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, - encoded_data.data, encoded_data.size, - &prev_der_data, - &der_data); + _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, + encoded_data.data, encoded_data.size, + &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); @@ -926,11 +925,9 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, /* generate the extension. */ result = - _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, - encoded_data.data, encoded_data.size, - &prev_der_data, - &der_data); - + _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, + encoded_data.data, encoded_data.size, + &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); goto finish; @@ -1818,9 +1815,9 @@ gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt, goto cleanup; } - cleanup: - if (aia_ctx != NULL) - gnutls_x509_aia_deinit(aia_ctx); + cleanup: + if (aia_ctx != NULL) + gnutls_x509_aia_deinit(aia_ctx); _gnutls_free_datum(&new_der); _gnutls_free_datum(&der); @@ -1899,8 +1896,8 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, &der_data, 0); cleanup: - if (policies != NULL) - gnutls_x509_policies_deinit(policies); + if (policies != NULL) + gnutls_x509_policies_deinit(policies); _gnutls_free_datum(&prev_der_data); _gnutls_free_datum(&der_data); diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 45640f4233..925e43d1fd 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -94,7 +94,7 @@ AC_MSG_ERROR([[ GMP_LIBS="" else if test x$GMP_LIBS = x; then - AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[ + AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[ *** *** gmp was not found. ]])]) diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index d149021bcb..f4f5ca3045 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -73,7 +73,7 @@ struct cfg_options { unsigned type; /* used when parsing */ - unsigned found; + unsigned found; }; static struct cfg_options available_options[] = { @@ -237,12 +237,12 @@ void cfg_init(void) i = 0; \ s_name = malloc(sizeof(char*)*MAX_ENTRIES); \ do { \ - if (val && !strcmp(val->pzName, name)==0) \ - continue; \ - s_name[i] = strdup(val->v.strVal); \ - i++; \ - if (i>=MAX_ENTRIES) \ - break; \ + if (val && !strcmp(val->pzName, name)==0) \ + continue; \ + s_name[i] = strdup(val->v.strVal); \ + i++; \ + if (i>=MAX_ENTRIES) \ + break; \ } while((val = optionNextValue(pov, val)) != NULL); \ s_name[i] = NULL; \ } \ @@ -259,31 +259,31 @@ void cfg_init(void) i = 0; \ s_name = malloc(sizeof(char*)*MAX_ENTRIES); \ do { \ - if (val && !strcmp(val->pzName, name)==0) \ - continue; \ - len = strlen(val->v.strVal); \ - if (sizeof(str) > len) { \ - strcpy(str, val->v.strVal); \ + if (val && !strcmp(val->pzName, name)==0) \ + continue; \ + len = strlen(val->v.strVal); \ + if (sizeof(str) > len) { \ + strcpy(str, val->v.strVal); \ } else { \ - memcpy(str, val->v.strVal, sizeof(str)-1); \ - str[sizeof(str)-1] = 0; \ + memcpy(str, val->v.strVal, sizeof(str)-1); \ + str[sizeof(str)-1] = 0; \ } \ - if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \ - fprintf(stderr, "Error parsing %s\n", name); \ - exit(1); \ - } \ - p[0] = 0; \ - p++; \ - s_name[i] = strdup(str); \ - while(*p==' ' || *p == '\t') p++; \ - if (p[0] == 0) { \ - fprintf(stderr, "Error (2) parsing %s\n", name); \ - exit(1); \ - } \ - s_name[i+1] = strdup(p); \ - i+=2; \ - if (i>=MAX_ENTRIES) \ - break; \ + if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \ + fprintf(stderr, "Error parsing %s\n", name); \ + exit(1); \ + } \ + p[0] = 0; \ + p++; \ + s_name[i] = strdup(str); \ + while(*p==' ' || *p == '\t') p++; \ + if (p[0] == 0) { \ + fprintf(stderr, "Error (2) parsing %s\n", name); \ + exit(1); \ + } \ + s_name[i+1] = strdup(p); \ + i+=2; \ + if (i>=MAX_ENTRIES) \ + break; \ } while((val = optionNextValue(pov, val)) != NULL); \ s_name[i] = NULL; \ } \ @@ -299,8 +299,8 @@ void cfg_init(void) /* READ_NUMERIC only returns a long */ #define CHECK_LONG_OVERFLOW(x) \ if (x == LONG_MAX) { \ - fprintf(stderr, "overflow in number\n"); \ - exit(1); \ + fprintf(stderr, "overflow in number\n"); \ + exit(1); \ } #define READ_NUMERIC(name, s_name) \ @@ -308,9 +308,9 @@ void cfg_init(void) if (val != NULL) \ { \ if (val->valType == OPARG_TYPE_NUMERIC) \ - s_name = val->v.longVal; \ + s_name = val->v.longVal; \ else if (val->valType == OPARG_TYPE_STRING) \ - s_name = strtol(val->v.strVal, NULL, 10); \ + s_name = strtol(val->v.strVal, NULL, 10); \ } #define HEX_DECODE(hex, output, output_size) \ @@ -339,7 +339,7 @@ unsigned len, cmp; cmp = strcasecmp(val->pzName, available_options[j].name); if (cmp == 0) { - if (available_options[j].type != OPTION_MULTI_LINE && + if (available_options[j].type != OPTION_MULTI_LINE && available_options[j].found != 0) { fprintf(stderr, "Warning: multiple options found for '%s'; only the first will be taken into account.\n", available_options[j].name); } @@ -1463,18 +1463,18 @@ time_t get_date(const char* date) struct timespec r; if (date==NULL || parse_datetime(&r, date, NULL) == 0) { - fprintf(stderr, "Cannot parse date: %s\n", date); - exit(1); - } - - return r.tv_sec; + fprintf(stderr, "Cannot parse date: %s\n", date); + exit(1); + } + + return r.tv_sec; } time_t get_activation_date(void) { if (batch && cfg.activation_date != NULL) { - return get_date(cfg.activation_date); + return get_date(cfg.activation_date); } return time(NULL); @@ -1484,7 +1484,7 @@ time_t get_crl_revocation_date(void) { if (batch && cfg.revocation_date != NULL) { - return get_date(cfg.revocation_date); + return get_date(cfg.revocation_date); } return time(NULL); @@ -1494,7 +1494,7 @@ time_t get_crl_this_update_date(void) { if (batch && cfg.this_update_date != NULL) { - return get_date(cfg.this_update_date); + return get_date(cfg.this_update_date); } return time(NULL); @@ -1506,26 +1506,26 @@ time_t days_to_secs(int days) time_t secs = days; time_t now = time(NULL); - if (secs != (time_t)-1) { - if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) { - goto overflow; - } else { - secs *= 24*60*60; - } - } - - if (secs != (time_t)-1) { - if (INT_ADD_OVERFLOW(secs, now)) { - goto overflow; - } else { - secs += now; - } - } - - return secs; + if (secs != (time_t)-1) { + if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) { + goto overflow; + } else { + secs *= 24*60*60; + } + } + + if (secs != (time_t)-1) { + if (INT_ADD_OVERFLOW(secs, now)) { + goto overflow; + } else { + secs += now; + } + } + + return secs; overflow: - fprintf(stderr, "Overflow while parsing days\n"); - exit(1); + fprintf(stderr, "Overflow while parsing days\n"); + exit(1); } static @@ -1533,13 +1533,13 @@ time_t get_int_date(const char *txt_val, int int_val, const char *msg) { if (batch) { if (txt_val == NULL) { - time_t secs; - - if (int_val == 0 || int_val < -2) - secs = days_to_secs(365); - else { - secs = days_to_secs(int_val); - } + time_t secs; + + if (int_val == 0 || int_val < -2) + secs = days_to_secs(365); + else { + secs = days_to_secs(int_val); + } return secs; } else diff --git a/src/certtool.c b/src/certtool.c index e6563ea8b8..e27f055093 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -58,7 +58,7 @@ void pkcs7_info(common_info_st *); void pkcs7_sign(common_info_st *, unsigned embed); void pkcs7_generate(common_info_st *); void pkcs8_info(void); -void pkcs8_info_int(gnutls_datum_t *data, unsigned format, +void pkcs8_info_int(gnutls_datum_t *data, unsigned format, unsigned ignore_err, FILE *out, const char *tab); void crq_info(void); void smime_to_pkcs7(void); @@ -2324,14 +2324,14 @@ static gnutls_x509_trust_list_t load_tl(common_info_st * cinfo) } ret = - gnutls_x509_trust_list_add_trust_mem(list, &tmp, - tmp2.data?&tmp2:NULL, - cinfo->incert_format, - 0, 0); + gnutls_x509_trust_list_add_trust_mem(list, &tmp, + tmp2.data?&tmp2:NULL, + cinfo->incert_format, + 0, 0); if (ret < 0) { int ret2 = - gnutls_x509_trust_list_add_trust_mem(list, &tmp, - tmp2.data?&tmp2:NULL, + gnutls_x509_trust_list_add_trust_mem(list, &tmp, + tmp2.data?&tmp2:NULL, GNUTLS_X509_FMT_PEM, 0, 0); if (ret2 >= 0) @@ -2519,7 +2519,7 @@ _verify_x509_mem(const void *cert, int cert_size, const void *ca, vflags, &output, detailed_verification); - } else { + } else { ret = gnutls_x509_trust_list_verify_crt(list, x509_cert_list, x509_ncerts, @@ -2595,7 +2595,7 @@ static void verify_chain(void) buf[size] = 0; _verify_x509_mem(buf, size, NULL, 0, 0, OPT_ARG(VERIFY_PURPOSE), - OPT_ARG(VERIFY_HOSTNAME), OPT_ARG(VERIFY_EMAIL)); + OPT_ARG(VERIFY_HOSTNAME), OPT_ARG(VERIFY_EMAIL)); free(buf); } @@ -2736,8 +2736,8 @@ static void print_dn(const char *prefix, const gnutls_datum_t *raw) fprintf(outfile, "%s: %s\n", prefix, str.data); cleanup: - gnutls_x509_dn_deinit(dn); - gnutls_free(str.data); + gnutls_x509_dn_deinit(dn); + gnutls_free(str.data); } static void print_raw(const char *prefix, const gnutls_datum_t *raw) @@ -3448,7 +3448,7 @@ void pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, FILE *out) const char *str; char *oid = NULL; - ret = gnutls_pkcs12_bag_enc_info(bag, + ret = gnutls_pkcs12_bag_enc_info(bag, &schema, &cipher, salt, &salt_size, &iter_count, &oid); if (ret == GNUTLS_E_UNKNOWN_CIPHER_TYPE) { fprintf(out, "\tSchema: unsupported (%s)\n", oid); @@ -3623,7 +3623,7 @@ void pkcs12_info(common_info_st * cinfo) } } -void pkcs8_info_int(gnutls_datum_t *data, unsigned format, +void pkcs8_info_int(gnutls_datum_t *data, unsigned format, unsigned ignore_err, FILE *out, const char *tab) { int ret; @@ -751,21 +751,21 @@ gnutls_session_t init_tls_session(const char *host) GNUTLS_HB_PEER_ALLOWED_TO_SEND); #ifdef ENABLE_DTLS_SRTP - if (HAVE_OPT(SRTP_PROFILES)) { - ret = - gnutls_srtp_set_profile_direct(session, - OPT_ARG(SRTP_PROFILES), - &err); - if (ret == GNUTLS_E_INVALID_REQUEST) - fprintf(stderr, "Syntax error at: %s\n", err); - else if (ret != 0) - fprintf(stderr, "Error in profiles: %s\n", - gnutls_strerror(ret)); - else fprintf(stderr,"DTLS profile set to %s\n", - OPT_ARG(SRTP_PROFILES)); - - if (ret != 0) exit(1); - } + if (HAVE_OPT(SRTP_PROFILES)) { + ret = + gnutls_srtp_set_profile_direct(session, + OPT_ARG(SRTP_PROFILES), + &err); + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Syntax error at: %s\n", err); + else if (ret != 0) + fprintf(stderr, "Error in profiles: %s\n", + gnutls_strerror(ret)); + else fprintf(stderr,"DTLS profile set to %s\n", + OPT_ARG(SRTP_PROFILES)); + + if (ret != 0) exit(1); + } #endif diff --git a/src/danetool.c b/src/danetool.c index d5883569a3..0334d94c5e 100644 --- a/src/danetool.c +++ b/src/danetool.c @@ -372,8 +372,8 @@ static void dane_check(const char *host, const char *proto, cstr = dane_match_type_name(match); if (cstr == NULL) cstr= "Unknown"; - fprintf(outfile, "Contents: %s (%.2x)\n", cstr, match); - fprintf(outfile, "Data: %s\n", lbuffer); + fprintf(outfile, "Contents: %s (%.2x)\n", cstr, match); + fprintf(outfile, "Data: %s\n", lbuffer); } /* Verify the DANE data */ diff --git a/src/list.h b/src/list.h index 0cccd25857..138f6d476d 100644 --- a/src/list.h +++ b/src/list.h @@ -288,7 +288,7 @@ struct list { memset (__t, 0, (l).item_size); \ __t->prev = (void *) p; \ __t->next = (void *) q; \ - q->prev = (void *) __t; \ + q->prev = (void *) __t; \ p->next = (void *) __t; \ (l).length++; \ } diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c index 19c5af7fa7..654cda08ae 100644 --- a/src/ocsptool-common.c +++ b/src/ocsptool-common.c @@ -409,7 +409,7 @@ check_ocsp_response(gnutls_x509_crt_t cert, } if (nonce) { - gnutls_datum_t rnonce; + gnutls_datum_t rnonce; ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { @@ -430,7 +430,7 @@ check_ocsp_response(gnutls_x509_crt_t cert, exit(1); } - gnutls_free(rnonce.data); + gnutls_free(rnonce.data); } finish_ok: diff --git a/src/ocsptool.c b/src/ocsptool.c index 5e38410429..c7610e9a5c 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -323,7 +323,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, } if (nonce) { - gnutls_datum_t rnonce; + gnutls_datum_t rnonce; ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce); if (ret < 0) { @@ -338,7 +338,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, exit(1); } - gnutls_free(rnonce.data); + gnutls_free(rnonce.data); } if (HAVE_OPT(LOAD_TRUST)) { diff --git a/src/pkcs11.c b/src/pkcs11.c index 4bc7c985e9..62f0be6b91 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -377,16 +377,16 @@ pkcs11_export(FILE * outfile, const char *url, unsigned int flags, ret = gnutls_pkcs11_obj_export3(obj, info->outcert_format, &t); if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + exit(1); + } fwrite(t.data, 1, t.size, outfile); gnutls_free(t.data); if (info->outcert_format == GNUTLS_X509_FMT_PEM) - fputs("\n\n", outfile); + fputs("\n\n", outfile); gnutls_pkcs11_obj_deinit(obj); @@ -432,62 +432,62 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags, ret = gnutls_x509_crt_import_pkcs11(xcrt, obj); if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + exit(1); + } ret = gnutls_pkcs11_obj_export3(obj, GNUTLS_X509_FMT_PEM, &t); if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + exit(1); + } fwrite(t.data, 1, t.size, outfile); - fputs("\n\n", outfile); - gnutls_free(t.data); - - gnutls_pkcs11_obj_deinit(obj); - - do { - ret = gnutls_pkcs11_get_raw_issuer(url, xcrt, &t, GNUTLS_X509_FMT_PEM, 0); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, - __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fwrite(t.data, 1, t.size, outfile); - fputs("\n\n", outfile); - - gnutls_x509_crt_deinit(xcrt); - - ret = gnutls_x509_crt_init(&xcrt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, - __LINE__, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, - __LINE__, gnutls_strerror(ret)); - exit(1); - } - - gnutls_free(t.data); - - ret = gnutls_x509_crt_check_issuer(xcrt, xcrt); - if (ret != 0) { - /* self signed */ - break; - } - - } while(1); - + fputs("\n\n", outfile); + gnutls_free(t.data); + + gnutls_pkcs11_obj_deinit(obj); + + do { + ret = gnutls_pkcs11_get_raw_issuer(url, xcrt, &t, GNUTLS_X509_FMT_PEM, 0); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fwrite(t.data, 1, t.size, outfile); + fputs("\n\n", outfile); + + gnutls_x509_crt_deinit(xcrt); + + ret = gnutls_x509_crt_init(&xcrt); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(t.data); + + ret = gnutls_x509_crt_check_issuer(xcrt, xcrt); + if (ret != 0) { + /* self signed */ + break; + } + + } while(1); + UNFIX; return; } @@ -840,8 +840,8 @@ pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int ret = gnutls_pkcs11_privkey_export_pubkey(pkey, - GNUTLS_X509_FMT_PEM, &pubkey, - flags); + GNUTLS_X509_FMT_PEM, &pubkey, + flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); diff --git a/src/serv.c b/src/serv.c index 1695725f55..37851a8450 100644 --- a/src/serv.c +++ b/src/serv.c @@ -470,21 +470,21 @@ gnutls_session_t initialize_session(int dtls) GNUTLS_HB_PEER_ALLOWED_TO_SEND); #ifdef ENABLE_DTLS_SRTP - if (HAVE_OPT(SRTP_PROFILES)) { - ret = - gnutls_srtp_set_profile_direct(session, - OPT_ARG(SRTP_PROFILES), - &err); - if (ret == GNUTLS_E_INVALID_REQUEST) - fprintf(stderr, "Syntax error at: %s\n", err); - else if (ret != 0) - fprintf(stderr, "Error in profiles: %s\n", - gnutls_strerror(ret)); - else fprintf(stderr,"DTLS profile set to %s\n", - OPT_ARG(SRTP_PROFILES)); - - if (ret != 0) exit(1); - } + if (HAVE_OPT(SRTP_PROFILES)) { + ret = + gnutls_srtp_set_profile_direct(session, + OPT_ARG(SRTP_PROFILES), + &err); + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Syntax error at: %s\n", err); + else if (ret != 0) + fprintf(stderr, "Error in profiles: %s\n", + gnutls_strerror(ret)); + else fprintf(stderr,"DTLS profile set to %s\n", + OPT_ARG(SRTP_PROFILES)); + + if (ret != 0) exit(1); + } #endif @@ -739,7 +739,7 @@ const char *human_addr(const struct sockaddr *sa, socklen_t salen, if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != 0) { return "(error)"; - } + } l = strlen(buf); buf += l; @@ -755,7 +755,7 @@ const char *human_addr(const struct sockaddr *sa, socklen_t salen, if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != 0) { snprintf(buf, buflen, "%s", " unknown"); - } + } return save_buf; } @@ -1485,7 +1485,7 @@ static void tcp_server(const char *name, int port) if (r == GNUTLS_E_HEARTBEAT_PING_RECEIVED) { gnutls_heartbeat_pong(j->tls_session, 0); } else if (r == GNUTLS_E_REHANDSHAKE) { - try_rehandshake(j); + try_rehandshake(j); } else { j->http_state = HTTP_STATE_CLOSING; if (r < 0) { diff --git a/src/tests.c b/src/tests.c index aa5cf18917..b235f0c383 100644 --- a/src/tests.c +++ b/src/tests.c @@ -465,7 +465,7 @@ test_code_t test_dhe_group(gnutls_session_t session) print = raw_to_string(prime.data, prime.size); if (print) { fprintf(fp, " Prime [%d bits]: %s\n", prime.size * 8, - print); + print); } gnutls_dh_get_pubkey(session, &pubkey2); diff --git a/tests/auto-verify.c b/tests/auto-verify.c index afd489105d..069ea73919 100644 --- a/tests/auto-verify.c +++ b/tests/auto-verify.c @@ -216,7 +216,7 @@ void test_failure(void) ret = gnutls_x509_privkey_import(pkey, &server_key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); exit(1); @@ -232,7 +232,7 @@ void test_failure(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL:-CIPHER-ALL:+AES-128-GCM", NULL); @@ -252,15 +252,15 @@ void test_failure(void) exit(1); ret = gnutls_certificate_set_x509_key_mem(clientx509cred, - &cli_cert, &cli_key, - GNUTLS_X509_FMT_PEM); + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); ret = gnutls_init(&client, GNUTLS_CLIENT); if (ret < 0) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -341,7 +341,7 @@ void test_success1(void) ret = gnutls_x509_privkey_import(pkey, &server_key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); exit(1); @@ -357,7 +357,7 @@ void test_success1(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL:-CIPHER-ALL:+AES-128-GCM", NULL); @@ -377,15 +377,15 @@ void test_success1(void) exit(1); ret = gnutls_certificate_set_x509_key_mem(clientx509cred, - &cli_cert, &cli_key, - GNUTLS_X509_FMT_PEM); + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); ret = gnutls_init(&client, GNUTLS_CLIENT); if (ret < 0) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -465,7 +465,7 @@ void test_success2(void) ret = gnutls_x509_privkey_import(pkey, &server_key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); exit(1); @@ -481,7 +481,7 @@ void test_success2(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL:-CIPHER-ALL:+AES-128-GCM", NULL); @@ -501,15 +501,15 @@ void test_success2(void) exit(1); ret = gnutls_certificate_set_x509_key_mem(clientx509cred, - &cli_cert, &cli_key, - GNUTLS_X509_FMT_PEM); + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); ret = gnutls_init(&client, GNUTLS_CLIENT); if (ret < 0) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/cert-key-exchange.c b/tests/cert-key-exchange.c index 138744207c..64c0d30b0c 100644 --- a/tests/cert-key-exchange.c +++ b/tests/cert-key-exchange.c @@ -95,7 +95,7 @@ static void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); gnutls_priority_set_direct(server, @@ -131,7 +131,7 @@ static void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t gnutls_anon_allocate_client_credentials(&c_anoncred); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index e66c7ff995..a5b38cab71 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -98,7 +98,7 @@ TESTS = $(dist_check_SCRIPTS) TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ LC_ALL="C" \ - VALGRIND="$(VALGRIND)" \ + VALGRIND="$(VALGRIND)" \ LIBTOOL="$(LIBTOOL)" \ top_builddir="$(top_builddir)" \ srcdir="$(srcdir)" diff --git a/tests/certificate_set_x509_crl.c b/tests/certificate_set_x509_crl.c index eebfff7557..ff4d5c81c6 100644 --- a/tests/certificate_set_x509_crl.c +++ b/tests/certificate_set_x509_crl.c @@ -81,21 +81,21 @@ int main(void) rc = gnutls_x509_crl_init(&crl); if (rc) { printf("gnutls_x509_crl_init rc %d: %s\n", rc, - gnutls_strerror(rc)); + gnutls_strerror(rc)); return 1; } rc = gnutls_x509_crl_import(crl, &crldatum, GNUTLS_X509_FMT_PEM); if (rc) { printf("gnutls_x509_crl_import rc %d: %s\n", rc, - gnutls_strerror(rc)); + gnutls_strerror(rc)); return 1; } rc = gnutls_certificate_set_x509_crl(crt, &crl, 1); if (rc < 0) { printf("gnutls_certificate_set_x509_crl rc %d: %s\n", - rc, gnutls_strerror(rc)); + rc, gnutls_strerror(rc)); return 1; } diff --git a/tests/chainverify.c b/tests/chainverify.c index 1630d32d2f..a43f3bd7d8 100644 --- a/tests/chainverify.c +++ b/tests/chainverify.c @@ -122,7 +122,7 @@ void doit(void) GNUTLS_CRT_PRINT_ONELINE, &tmp); if (debug) printf("\tCertificate %d: %.*s\n", (int)j, - tmp.size, tmp.data); + tmp.size, tmp.data); gnutls_free(tmp.data); } @@ -217,11 +217,11 @@ void doit(void) ret = gnutls_x509_trust_list_verify_crt2(tl, certs, j, - vdata, 1, - chains - [i].verify_flags, - &verify_status1, - NULL); + vdata, 1, + chains + [i].verify_flags, + &verify_status1, + NULL); } else { ret = gnutls_x509_trust_list_verify_crt(tl, certs, j, diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c index 507ff36941..5e0e92ee7c 100644 --- a/tests/common-cert-key-exchange.c +++ b/tests/common-cert-key-exchange.c @@ -96,7 +96,7 @@ void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t client gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); gnutls_priority_set_direct(server, @@ -132,7 +132,7 @@ void try(const char *name, const char *client_prio, gnutls_kx_algorithm_t client gnutls_anon_allocate_client_credentials(&c_anoncred); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -258,7 +258,7 @@ void dtls_try(const char *name, const char *client_prio, gnutls_kx_algorithm_t c gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); gnutls_priority_set_direct(server, @@ -295,7 +295,7 @@ void dtls_try(const char *name, const char *client_prio, gnutls_kx_algorithm_t c gnutls_anon_allocate_client_credentials(&c_anoncred); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/conv-utf8.c b/tests/conv-utf8.c index ce93a4e2e9..205c55ac58 100644 --- a/tests/conv-utf8.c +++ b/tests/conv-utf8.c @@ -38,7 +38,7 @@ int _gnutls_utf8_to_ucs2(const void *data, size_t size, gnutls_datum_t * output); int _gnutls_ucs2_to_utf8(const void *data, size_t size, - gnutls_datum_t * output, unsigned be); + gnutls_datum_t * output, unsigned be); #define DEBUG diff --git a/tests/crl-basic.c b/tests/crl-basic.c index 5701562f99..a65c7a8396 100644 --- a/tests/crl-basic.c +++ b/tests/crl-basic.c @@ -158,7 +158,7 @@ void doit(void) if (debug) printf("Chain '%s' (%d)...\n", crl_list[i].name, - (int) i); + (int) i); if (debug > 2) printf("\tAdding CRL..."); @@ -193,7 +193,7 @@ void doit(void) &tmp); if (debug) printf("\tCRL: %.*s\n", - tmp.size, tmp.data); + tmp.size, tmp.data); gnutls_free(tmp.data); ret = gnutls_x509_crl_get_signature_algorithm(crl); diff --git a/tests/crlverify.c b/tests/crlverify.c index 66e621e5da..c586011da0 100644 --- a/tests/crlverify.c +++ b/tests/crlverify.c @@ -242,7 +242,7 @@ void doit(void) if (debug) printf("Chain '%s' (%d)...\n", crl_list[i].name, - (int) i); + (int) i); if (debug > 2) printf("\tAdding CRL..."); @@ -277,7 +277,7 @@ void doit(void) &tmp); if (debug) printf("\tCRL: %.*s\n", - tmp.size, tmp.data); + tmp.size, tmp.data); gnutls_free(tmp.data); if (debug > 2) @@ -307,7 +307,7 @@ void doit(void) gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); if (debug) printf("\tCA Certificate: %.*s\n", tmp.size, - tmp.data); + tmp.data); gnutls_free(tmp.data); if (debug) diff --git a/tests/crq-basic.c b/tests/crq-basic.c index 780153e306..26927e9248 100644 --- a/tests/crq-basic.c +++ b/tests/crq-basic.c @@ -130,7 +130,7 @@ void doit(void) if (debug) printf("Chain '%s' (%d)...\n", crq_list[i].name, - (int) i); + (int) i); if (debug > 2) printf("\tAdding CRL..."); @@ -165,7 +165,7 @@ void doit(void) &tmp); if (debug) printf("\tCRL: %.*s\n", - tmp.size, tmp.data); + tmp.size, tmp.data); gnutls_free(tmp.data); ret = gnutls_x509_crq_get_signature_algorithm(crq); diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c index c729c7a7fb..077f182dd1 100644 --- a/tests/crq_key_id.c +++ b/tests/crq_key_id.c @@ -144,7 +144,7 @@ void doit(void) crq_key_id_len = 0; ret = gnutls_x509_crq_get_key_id(crq, 0, crq_key_id, - &crq_key_id_len); + &crq_key_id_len); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret)); } @@ -153,7 +153,7 @@ void doit(void) malloc(sizeof(unsigned char) * crq_key_id_len); ret = gnutls_x509_crq_get_key_id(crq, 0, crq_key_id, - &crq_key_id_len); + &crq_key_id_len); if (ret != GNUTLS_E_SUCCESS) { fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret)); } diff --git a/tests/custom-urls-override.c b/tests/custom-urls-override.c index 2209fe8edd..e6e936ae85 100644 --- a/tests/custom-urls-override.c +++ b/tests/custom-urls-override.c @@ -154,7 +154,7 @@ static void server(int fd) gnutls_certificate_allocate_credentials(&x509_cred); ret = gnutls_certificate_set_x509_key_file(x509_cred, "system:cert", "system:key", - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) { fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n", gnutls_strerror(ret)); diff --git a/tests/custom-urls.c b/tests/custom-urls.c index 0827d3c2d8..28768121d6 100644 --- a/tests/custom-urls.c +++ b/tests/custom-urls.c @@ -150,7 +150,7 @@ static void server(int fd) */ gnutls_certificate_allocate_credentials(&x509_cred); ret = gnutls_certificate_set_x509_key_file(x509_cred, "nomyurl:cert", "nomyurl:key", - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret != GNUTLS_E_FILE_ERROR) { fail("server: gnutls_certificate_set_x509_key_file unexpected error (%s)\n\n", gnutls_strerror(ret)); @@ -158,7 +158,7 @@ static void server(int fd) } ret = gnutls_certificate_set_x509_key_file(x509_cred, "myurl:cert", "myurl:key", - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) { fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n", gnutls_strerror(ret)); diff --git a/tests/dane.c b/tests/dane.c index 941b2b58f9..e9ed4011ef 100644 --- a/tests/dane.c +++ b/tests/dane.c @@ -44,469 +44,432 @@ struct data_entry_st { int bogus; const char *cert; const char *ca; - unsigned expected_status; /* if cert is non-null */ - int expected_verify_ret; /* if cert is non-null */ + unsigned expected_status; /* if cert is non-null */ + int expected_verify_ret; /* if cert is non-null */ }; const struct data_entry_st data_entries[] = { { - .name = "Entry parsing", - .queries = { - (char *) - "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", - (char *) - "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", - (char *) - "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88", - NULL}, - .q_size = { - 35, - 35, - 35, - 0}, - .expected_ret = 0, - .no_queries = 3, - .secure = 1, - .bogus = 0 - }, - { /* as the previous but with first byte invalid */ - .name = "Cert verification (single entry)", - .queries = { - (char *) - "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", - NULL}, - .q_size = { - 35, - 35, - 35, - 0}, - .expected_ret = 0, - .no_queries = 1, - .secure = 1, - .bogus = 0, - .expected_verify_ret = 0, - .expected_status = 0, - .cert = "-----BEGIN CERTIFICATE-----\n" - "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" - "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" - "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" - "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" - "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" - "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" - "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" - "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" - "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" - "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" - "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" - "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" - "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" - "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" - "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" - "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" - "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" - "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" - "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" - "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" - "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" - "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" - "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" - "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" - "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" - "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" - "-----END CERTIFICATE-----\n" - }, + .name = "Entry parsing", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", + (char *) + "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88", + NULL}, + .q_size = {35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 3, + .secure = 1, + .bogus = 0}, + { /* as the previous but with first byte invalid */ + .name = "Cert verification (single entry)", + .queries = { + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + NULL}, + .q_size = {35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, { - .name = "Cert verification (multi entries)", - .queries = { - (char *) - "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", - (char *) - "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", - (char *) - "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", - NULL}, - .q_size = { - 35, - 35, - 35, - 0}, - .expected_ret = 0, - .no_queries = 3, - .secure = 1, - .bogus = 0, - .expected_verify_ret = 0, - .expected_status = 0, - .cert = "-----BEGIN CERTIFICATE-----\n" - "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" - "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" - "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" - "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" - "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" - "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" - "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" - "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" - "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" - "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" - "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" - "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" - "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" - "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" - "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" - "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" - "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" - "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" - "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" - "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" - "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" - "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" - "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" - "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" - "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" - "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" - "-----END CERTIFICATE-----\n" - }, + .name = "Cert verification (multi entries)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + (char *) + "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", + NULL}, + .q_size = { 35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 3, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, { - .name = "Cert verification (invalid hash)", - .queries = { - (char *) - "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", - NULL}, - .q_size = { - 35, - 0}, - .expected_ret = 0, - .no_queries = 1, - .secure = 1, - .bogus = 0, - .expected_verify_ret = 0, - .expected_status = DANE_VERIFY_CERT_DIFFERS, - .cert = "-----BEGIN CERTIFICATE-----\n" - "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" - "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" - "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" - "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" - "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" - "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" - "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" - "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" - "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" - "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" - "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" - "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" - "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" - "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" - "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" - "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" - "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" - "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" - "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" - "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" - "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" - "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" - "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" - "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" - "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" - "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" - "-----END CERTIFICATE-----\n" - }, + .name = "Cert verification (invalid hash)", + .queries = { + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = DANE_VERIFY_CERT_DIFFERS, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, { - .name = "Cert verification (bogus data)", - .queries = { - (char *) - "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", - NULL}, - .q_size = { - 35, - 0}, - .expected_ret = 0, - .no_queries = 1, - .secure = 1, - .bogus = 0, - .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE, - .expected_status = -1, - .cert = "-----BEGIN CERTIFICATE-----\n" - "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" - "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" - "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" - "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" - "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" - "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" - "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" - "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" - "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" - "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" - "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" - "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" - "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" - "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" - "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" - "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" - "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" - "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" - "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" - "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" - "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" - "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" - "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" - "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" - "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" - "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" - "-----END CERTIFICATE-----\n" - }, + .name = "Cert verification (bogus data)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE, + .expected_status = -1, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, { - .name = "CA verification (valid)", - .queries = { - (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", - NULL}, - .q_size = { - 35, - 0}, - .expected_ret = 0, - .no_queries = 1, - .secure = 1, - .bogus = 0, - .expected_verify_ret = 0, - .expected_status = 0, - .cert = "-----BEGIN CERTIFICATE-----\n" - "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" - "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" - "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" - "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" - "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" - "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" - "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" - "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" - "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" - "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" - "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" - "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" - "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" - "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" - "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" - "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" - "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" - "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" - "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" - "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" - "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" - "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" - "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" - "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" - "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" - "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" - "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" - "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" - "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" - "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" - "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" - "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" - "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" - "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" - "hrA=\n" - "-----END CERTIFICATE-----\n", - .ca = "-----BEGIN CERTIFICATE-----\n" - "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" - "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" - "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" - "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" - "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" - "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" - "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" - "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" - "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" - "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" - "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" - "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" - "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" - "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" - "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" - "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" - "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" - "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" - "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" - "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" - "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" - "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" - "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" - "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" - "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" - "cPUeybQ=\n" - "-----END CERTIFICATE-----\n" - }, + .name = "CA verification (valid)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" + "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" + "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" + "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" + "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" + "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" + "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" + "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" + "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" + "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" + "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" + "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" + "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" + "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" + "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" + "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" + "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" + "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" + "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" + "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" + "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" + "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" + "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" + "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" + "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" + "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" + "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" + "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" + "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" + "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" + "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" + "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" + "hrA=\n" "-----END CERTIFICATE-----\n", + .ca = "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" + "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" + "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" + "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" + "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" + "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" + "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" + "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" + "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" + "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" + "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" + "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" + "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" + "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" + "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" + "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" + "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" + "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" + "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" + "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" + "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" + "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" + "cPUeybQ=\n" "-----END CERTIFICATE-----\n"}, { - .name = "CA verification (invalid)", - .queries = { - (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", - NULL}, - .q_size = { - 35, - 0}, - .expected_ret = 0, - .no_queries = 1, - .secure = 1, - .bogus = 0, - .expected_verify_ret = 0, - .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED, - .cert = "-----BEGIN CERTIFICATE-----\n" - "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" - "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" - "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" - "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" - "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" - "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" - "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" - "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" - "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" - "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" - "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" - "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" - "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" - "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" - "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" - "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" - "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" - "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" - "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" - "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" - "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" - "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" - "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" - "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" - "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" - "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" - "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" - "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" - "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" - "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" - "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" - "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" - "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" - "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" - "hrA=\n" - "-----END CERTIFICATE-----\n", - .ca = "-----BEGIN CERTIFICATE-----\n" - "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" - "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" - "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" - "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" - "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" - "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" - "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" - "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" - "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" - "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" - "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" - "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" - "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" - "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" - "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" - "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" - "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" - "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" - "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" - "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" - "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" - "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" - "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" - "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" - "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" - "cPUeybQ=\n" - "-----END CERTIFICATE-----\n" - }, - { /* as the previous but with first byte invalid */ - .name = "CA verification (multiple entries)", - .queries = { - (char *) - "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", - (char *) - "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", - (char *) - "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", - (char*) - "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", - NULL}, - .q_size = { - 35, - 35, - 35, - 35, - 0}, - .expected_ret = 0, - .no_queries = 4, - .secure = 1, - .bogus = 0, - .expected_verify_ret = 0, - .expected_status = 0, - .cert = "-----BEGIN CERTIFICATE-----\n" - "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" - "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" - "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" - "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" - "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" - "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" - "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" - "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" - "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" - "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" - "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" - "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" - "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" - "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" - "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" - "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" - "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" - "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" - "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" - "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" - "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" - "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" - "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" - "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" - "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" - "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" - "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" - "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" - "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" - "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" - "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" - "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" - "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" - "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" - "hrA=\n" - "-----END CERTIFICATE-----\n", - .ca = "-----BEGIN CERTIFICATE-----\n" - "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" - "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" - "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" - "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" - "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" - "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" - "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" - "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" - "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" - "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" - "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" - "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" - "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" - "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" - "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" - "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" - "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" - "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" - "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" - "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" - "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" - "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" - "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" - "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" - "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" - "cPUeybQ=\n" - "-----END CERTIFICATE-----\n" - } + .name = "CA verification (invalid)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" + "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" + "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" + "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" + "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" + "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" + "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" + "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" + "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" + "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" + "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" + "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" + "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" + "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" + "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" + "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" + "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" + "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" + "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" + "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" + "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" + "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" + "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" + "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" + "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" + "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" + "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" + "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" + "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" + "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" + "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" + "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" + "hrA=\n" "-----END CERTIFICATE-----\n", + .ca = "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" + "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" + "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" + "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" + "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" + "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" + "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" + "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" + "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" + "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" + "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" + "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" + "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" + "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" + "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" + "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" + "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" + "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" + "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" + "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" + "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" + "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" + "cPUeybQ=\n" "-----END CERTIFICATE-----\n"}, + { /* as the previous but with first byte invalid */ + .name = "CA verification (multiple entries)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", + NULL}, + .q_size = { 35, 35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 4, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" + "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" + "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" + "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" + "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" + "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" + "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" + "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" + "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" + "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" + "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" + "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" + "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" + "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" + "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" + "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" + "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" + "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" + "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" + "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" + "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" + "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" + "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" + "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" + "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" + "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" + "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" + "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" + "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" + "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" + "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" + "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" + "hrA=\n" "-----END CERTIFICATE-----\n", + .ca = "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" + "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" + "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" + "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" + "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" + "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" + "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" + "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" + "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" + "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" + "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" + "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" + "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" + "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" + "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" + "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" + "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" + "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" + "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" + "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" + "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" + "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" + "cPUeybQ=\n" "-----END CERTIFICATE-----\n"} }; static time_t mytime(time_t * t) @@ -519,11 +482,11 @@ static time_t mytime(time_t * t) return then; } -static void crt_to_der(gnutls_datum_t *chain, const char *pem, unsigned size) +static void crt_to_der(gnutls_datum_t * chain, const char *pem, unsigned size) { int ret; gnutls_x509_crt_t crt; - gnutls_datum_t input = {(void*)pem, size}; + gnutls_datum_t input = { (void *)pem, size }; gnutls_x509_crt_init(&crt); @@ -562,21 +525,25 @@ static void dane_raw_check(void) for (j = 0; j < sizeof(data_entries) / sizeof(data_entries[0]); j++) { if (debug) - success("running test[%d]: %s\n", j, data_entries[j].name); + success("running test[%d]: %s\n", j, + data_entries[j].name); ret = dane_raw_tlsa(s, &r, data_entries[j].queries, - data_entries[j].q_size, data_entries[j].secure, + data_entries[j].q_size, + data_entries[j].secure, data_entries[j].bogus); if (ret != data_entries[j].expected_ret) { - fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret)); + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); } ret = dane_query_to_raw_tlsa(r, &entries, &r_data, &r_data_len, &secure, &bogus); if (ret < 0) { - fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret)); + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); } if (entries != data_entries[j].no_queries) @@ -590,33 +557,41 @@ static void dane_raw_check(void) for (i = 0; i < entries; i++) { if (r_data_len[i] != data_entries[j].q_size[i]) - fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret)); + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); if (memcmp (r_data[i], data_entries[j].queries[i], r_data_len[i]) != 0) - fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret)); + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); } - if (data_entries[j].cert) { /* verify cert */ + if (data_entries[j].cert) { /* verify cert */ gnutls_datum_t chain[2]; unsigned status = 0; unsigned chain_size = 1; - crt_to_der(&chain[0], data_entries[j].cert, strlen(data_entries[j].cert)); + crt_to_der(&chain[0], data_entries[j].cert, + strlen(data_entries[j].cert)); if (data_entries[j].ca) { - crt_to_der(&chain[1], data_entries[j].ca, strlen(data_entries[j].ca)); + crt_to_der(&chain[1], data_entries[j].ca, + strlen(data_entries[j].ca)); chain_size++; } - ret = dane_verify_crt_raw(NULL, chain, chain_size, GNUTLS_CRT_X509, r, - 0, 0, &status); + ret = + dane_verify_crt_raw(NULL, chain, chain_size, + GNUTLS_CRT_X509, r, 0, 0, + &status); if (ret != data_entries[j].expected_verify_ret) - fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret)); + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); - if (ret >= 0 && status != data_entries[j].expected_status) { + if (ret >= 0 + && status != data_entries[j].expected_status) { fail("tests[%d]: expected verif. status %x, got %x\n", j, data_entries[j].expected_status, status); } free(chain[0].data); @@ -625,7 +600,8 @@ static void dane_raw_check(void) } if (debug) - success("completed test[%d]: %s\n", j, data_entries[j].name); + success("completed test[%d]: %s\n", j, + data_entries[j].name); gnutls_free(r_data); gnutls_free(r_data_len); diff --git a/tests/dtls-handshake-versions.c b/tests/dtls-handshake-versions.c index c373d9d862..507aa065dc 100644 --- a/tests/dtls-handshake-versions.c +++ b/tests/dtls-handshake-versions.c @@ -73,7 +73,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2) gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -99,7 +99,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/dtls-max-record.c b/tests/dtls-max-record.c index 10664cf7c9..e0cee44608 100644 --- a/tests/dtls-max-record.c +++ b/tests/dtls-max-record.c @@ -75,7 +75,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -101,7 +101,7 @@ void doit(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/dtls-rehandshake-anon.c b/tests/dtls-rehandshake-anon.c index bef4f30643..e102a54b3e 100644 --- a/tests/dtls-rehandshake-anon.c +++ b/tests/dtls-rehandshake-anon.c @@ -306,7 +306,7 @@ static void server(int fd, int server_init) ret = gnutls_handshake(session); } while (ret < 0 - && gnutls_error_is_fatal(ret) == 0); + && gnutls_error_is_fatal(ret) == 0); if (ret == 0) break; } @@ -319,7 +319,7 @@ static void server(int fd, int server_init) do { ret = gnutls_record_send(session, buffer, - strlen(buffer)); + strlen(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } diff --git a/tests/dtls-rehandshake-cert-2.c b/tests/dtls-rehandshake-cert-2.c index 039b79c178..dad82ee6bf 100644 --- a/tests/dtls-rehandshake-cert-2.c +++ b/tests/dtls-rehandshake-cert-2.c @@ -317,7 +317,7 @@ static void server(int fd, int server_init) ret = gnutls_handshake(session); } while (ret < 0 - && gnutls_error_is_fatal(ret) == 0); + && gnutls_error_is_fatal(ret) == 0); if (ret == 0) break; } @@ -330,7 +330,7 @@ static void server(int fd, int server_init) do { ret = gnutls_record_send(session, buffer, - strlen(buffer)); + strlen(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } diff --git a/tests/dtls-rehandshake-cert-3.c b/tests/dtls-rehandshake-cert-3.c index d1c0399890..f1d298c339 100644 --- a/tests/dtls-rehandshake-cert-3.c +++ b/tests/dtls-rehandshake-cert-3.c @@ -322,7 +322,7 @@ static void server(int fd) do { ret = gnutls_record_send(session, buffer, - strlen(buffer)); + strlen(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } diff --git a/tests/dtls-rehandshake-cert.c b/tests/dtls-rehandshake-cert.c index b12b792669..cad962641c 100644 --- a/tests/dtls-rehandshake-cert.c +++ b/tests/dtls-rehandshake-cert.c @@ -107,7 +107,7 @@ static void client(int fd, int server_init) NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_transport_set_int(session, fd); gnutls_transport_set_push_function(session, push); @@ -237,7 +237,7 @@ static void server(int fd, int server_init) NULL) >= 0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_transport_set_int(session, fd); gnutls_transport_set_push_function(session, push); @@ -310,7 +310,7 @@ static void server(int fd, int server_init) ret = gnutls_handshake(session); } while (ret < 0 - && gnutls_error_is_fatal(ret) == 0); + && gnutls_error_is_fatal(ret) == 0); if (ret == 0) break; } @@ -323,7 +323,7 @@ static void server(int fd, int server_init) do { ret = gnutls_record_send(session, buffer, - strlen(buffer)); + strlen(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } diff --git a/tests/dtls-sliding-window.c b/tests/dtls-sliding-window.c index c6a5e3d554..80be2cf4f0 100644 --- a/tests/dtls-sliding-window.c +++ b/tests/dtls-sliding-window.c @@ -42,7 +42,7 @@ struct record_parameters_st { }; typedef struct { - unsigned char i[8]; + unsigned char i[8]; } uint64; #define gnutls_assert_val(x) x diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c index a07af8cc91..c9493afffe 100644 --- a/tests/dtls/dtls-stress.c +++ b/tests/dtls/dtls-stress.c @@ -25,27 +25,27 @@ * * **** Available parameters **** * - * -nb enable nonblocking operations on sessions - * -batch read test identifiers from stdin and run them - * -d increase debug level by one - * -r replay messages (very crude replay mechanism) - * -d <n> set debug level to <n> - * -die don't start new tests after the first detected failure - * -timeout <n> set handshake timeout to <n> seconds. Tests that don't make progress - * within twice this time will be forcibly killed. (default: 120) + * -nb enable nonblocking operations on sessions + * -batch read test identifiers from stdin and run them + * -d increase debug level by one + * -r replay messages (very crude replay mechanism) + * -d <n> set debug level to <n> + * -die don't start new tests after the first detected failure + * -timeout <n> set handshake timeout to <n> seconds. Tests that don't make progress + * within twice this time will be forcibly killed. (default: 120) * -retransmit <n> set retransmit timeout to <n> milliseconds (default: 100) - * -j <n> run up to <n> tests in parallel - * -full use full handshake with mutual certificate authentication - * -resume use resumed handshake + * -j <n> run up to <n> tests in parallel + * -full use full handshake with mutual certificate authentication + * -resume use resumed handshake * -shello <perm> run only one test, with the server hello flight permuted as <perm> * -sfinished <perm> run only one test, with the server finished flight permuted as <perm> * -cfinished <perm> run only one test, with the client finished flight permuted as <perm> * <packet name> run only one test, drop <packet name> three times - * valid values for <packet name> are: - * SHello, SCertificate, SKeyExchange, SCertificateRequest, SHelloDone, - * CCertificate, CKeyExchange, CCertificateVerify, CChangeCipherSpec, - * CFinished, SChangeCipherSpec, SFinished - * using *Certificate* without -full will yield unexpected results + * valid values for <packet name> are: + * SHello, SCertificate, SKeyExchange, SCertificateRequest, SHelloDone, + * CCertificate, CKeyExchange, CCertificateVerify, CChangeCipherSpec, + * CFinished, SChangeCipherSpec, SFinished + * using *Certificate* without -full will yield unexpected results * * * **** Permutation handling **** diff --git a/tests/eagain-common.h b/tests/eagain-common.h index 5f904b80de..4e9a0ff206 100644 --- a/tests/eagain-common.h +++ b/tests/eagain-common.h @@ -7,17 +7,17 @@ extern const char *side; do \ { \ if (cret == GNUTLS_E_AGAIN) \ - { \ - side = "client"; \ - cret = gnutls_handshake (c); \ - if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \ - } \ + { \ + side = "client"; \ + cret = gnutls_handshake (c); \ + if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \ + } \ if (sret == GNUTLS_E_AGAIN) \ - { \ - side = "server"; \ - sret = gnutls_handshake (s); \ - if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \ - } \ + { \ + side = "server"; \ + sret = gnutls_handshake (s); \ + if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \ + } \ } \ while ((cret == GNUTLS_E_AGAIN || (cret == 0 && sret == GNUTLS_E_AGAIN)) && (sret == GNUTLS_E_AGAIN || (sret == 0 && cret == GNUTLS_E_AGAIN))); \ if (cret != clierr || sret != serverr) \ @@ -36,25 +36,25 @@ extern const char *side; do \ { \ if (cret == GNUTLS_E_LARGE_PACKET) \ - { \ - unsigned int mtu = gnutls_dtls_get_mtu(s); \ - gnutls_dtls_set_mtu(s, mtu/2); \ - } \ + { \ + unsigned int mtu = gnutls_dtls_get_mtu(s); \ + gnutls_dtls_set_mtu(s, mtu/2); \ + } \ if (cret < 0 && gnutls_error_is_fatal(cret) == 0) \ - { \ - side = "client"; \ - cret = gnutls_handshake (c); \ - } \ + { \ + side = "client"; \ + cret = gnutls_handshake (c); \ + } \ if (sret == GNUTLS_E_LARGE_PACKET) \ - { \ - unsigned int mtu = gnutls_dtls_get_mtu(s); \ - gnutls_dtls_set_mtu(s, mtu/2); \ - } \ + { \ + unsigned int mtu = gnutls_dtls_get_mtu(s); \ + gnutls_dtls_set_mtu(s, mtu/2); \ + } \ if (sret < 0 && gnutls_error_is_fatal(sret) == 0) \ - { \ - side = "server"; \ - sret = gnutls_handshake (s); \ - } \ + { \ + side = "server"; \ + sret = gnutls_handshake (s); \ + } \ } \ while (((gnutls_error_is_fatal(cret) == 0 && gnutls_error_is_fatal(sret) == 0)) && (cret < 0 || sret < 0)); \ if (cret != clierr || sret != serverr) \ @@ -80,54 +80,54 @@ extern const char *side; do \ { \ do \ - { \ - side = "server"; \ - ret = gnutls_record_recv (s, buf, buflen); \ - } \ + { \ + side = "server"; \ + ret = gnutls_record_recv (s, buf, buflen); \ + } \ while(ret == GNUTLS_E_AGAIN); \ if (ret == 0) \ - fail ("server: didn't receive any data\n"); \ + fail ("server: didn't receive any data\n"); \ else if (ret < 0) \ - { \ - fail ("server: error: %s\n", gnutls_strerror (ret)); \ - } \ + { \ + fail ("server: error: %s\n", gnutls_strerror (ret)); \ + } \ else \ - { \ - transferred += ret; \ - } \ + { \ + transferred += ret; \ + } \ side = "server"; \ ns = record_send_loop (server, msg, msglen, retry_send_with_null); \ if (ns < 0) fail ("server send error: %s\n", gnutls_strerror (ret)); \ do \ - { \ - side = "client"; \ - ret = gnutls_record_recv (client, buf, buflen); \ - } \ + { \ + side = "client"; \ + ret = gnutls_record_recv (client, buf, buflen); \ + } \ while(ret == GNUTLS_E_AGAIN); \ if (ret == 0) \ - { \ - fail ("client: Peer has closed the TLS connection\n"); \ - } \ + { \ + fail ("client: Peer has closed the TLS connection\n"); \ + } \ else if (ret < 0) \ - { \ - if (debug) \ - fputs ("!", stdout); \ - fail ("client: Error: %s\n", gnutls_strerror (ret)); \ - } \ + { \ + if (debug) \ + fputs ("!", stdout); \ + fail ("client: Error: %s\n", gnutls_strerror (ret)); \ + } \ else \ - { \ - if (msglen != ret || memcmp (buf, msg, msglen) != 0) \ - { \ - fail ("client: Transmitted data do not match\n"); \ - } \ - /* echo back */ \ - side = "client"; \ - ns = record_send_loop (client, buf, msglen, retry_send_with_null); \ - if (ns < 0) fail ("client send error: %s\n", gnutls_strerror (ret)); \ - transferred += ret; \ - if (debug) \ - fputs (".", stdout); \ - } \ + { \ + if (msglen != ret || memcmp (buf, msg, msglen) != 0) \ + { \ + fail ("client: Transmitted data do not match\n"); \ + } \ + /* echo back */ \ + side = "client"; \ + ns = record_send_loop (client, buf, msglen, retry_send_with_null); \ + if (ns < 0) fail ("client send error: %s\n", gnutls_strerror (ret)); \ + transferred += ret; \ + if (debug) \ + fputs (".", stdout); \ + } \ } \ while (transferred < 70000) @@ -325,7 +325,7 @@ inline static int record_send_loop(gnutls_session_t session, while (ret == GNUTLS_E_AGAIN) { ret = gnutls_record_send(session, retry_data, - retry_sizeofdata); + retry_sizeofdata); } return ret; diff --git a/tests/fallback-scsv.c b/tests/fallback-scsv.c index 0774e403c2..d307fe78a8 100644 --- a/tests/fallback-scsv.c +++ b/tests/fallback-scsv.c @@ -272,7 +272,7 @@ static void server(int fd, const char *prio, unsigned expect_fail) do { ret = gnutls_record_send(session, buffer, - sizeof(buffer)); + sizeof(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); diff --git a/tests/handshake-false-start.c b/tests/handshake-false-start.c index 11366aebc5..cd1240a54d 100644 --- a/tests/handshake-false-start.c +++ b/tests/handshake-false-start.c @@ -175,7 +175,7 @@ static void try(const char *name, unsigned testno, unsigned fs, gnutls_record_send(client, TESTDATA, sizeof(TESTDATA) - 1); if (ret < 0) { myfail("%d: error sending false start data: %s\n", - __LINE__, gnutls_strerror(ret)); + __LINE__, gnutls_strerror(ret)); exit(1); } @@ -184,7 +184,7 @@ static void try(const char *name, unsigned testno, unsigned fs, ret = gnutls_record_recv(server, buffer, sizeof(buffer)); if (ret < 0) { myfail("%d: error receiving data: %s\n", __LINE__, - gnutls_strerror(ret)); + gnutls_strerror(ret)); } if (ret != sizeof(TESTDATA) - 1) { @@ -200,7 +200,7 @@ static void try(const char *name, unsigned testno, unsigned fs, gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1); if (ret < 0) { myfail("%d: error sending false start data: %s\n", - __LINE__, gnutls_strerror(ret)); + __LINE__, gnutls_strerror(ret)); exit(1); } @@ -211,7 +211,7 @@ static void try(const char *name, unsigned testno, unsigned fs, } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (ret < 0) { myfail("%d: error receiving data: %s\n", __LINE__, - gnutls_strerror(ret)); + gnutls_strerror(ret)); } } else if (testno == TEST_RECV_SEND) { side = "server"; @@ -219,7 +219,7 @@ static void try(const char *name, unsigned testno, unsigned fs, gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1); if (ret < 0) { myfail("%d: error sending false start data: %s\n", - __LINE__, gnutls_strerror(ret)); + __LINE__, gnutls_strerror(ret)); exit(1); } @@ -228,7 +228,7 @@ static void try(const char *name, unsigned testno, unsigned fs, ret = gnutls_record_recv(client, buffer, sizeof(buffer)); if (ret < 0) { myfail("%d: error receiving data: %s\n", __LINE__, - gnutls_strerror(ret)); + gnutls_strerror(ret)); } if (ret != sizeof(TESTDATA) - 1) { @@ -255,14 +255,14 @@ static void try(const char *name, unsigned testno, unsigned fs, ret = gnutls_bye(server, GNUTLS_SHUT_WR); if (ret < 0) { myfail("%d: error in server bye: %s\n", __LINE__, - gnutls_strerror(ret)); + gnutls_strerror(ret)); } side = "client"; ret = gnutls_bye(client, GNUTLS_SHUT_RDWR); if (ret < 0) { myfail("%d: error in client bye: %s\n", __LINE__, - gnutls_strerror(ret)); + gnutls_strerror(ret)); } success("%5s%s \tok\n", dtls?"dtls-":"", name); diff --git a/tests/handshake-versions.c b/tests/handshake-versions.c index b12fb58ce9..a558f38f23 100644 --- a/tests/handshake-versions.c +++ b/tests/handshake-versions.c @@ -72,7 +72,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -96,7 +96,7 @@ static void try(unsigned char major, unsigned char minor, int ret1, int ret2) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/hostname-check.c b/tests/hostname-check.c index 670248ac28..4c0ff93d40 100644 --- a/tests/hostname-check.c +++ b/tests/hostname-check.c @@ -65,47 +65,47 @@ char wildcards[] = "-----BEGIN CERTIFICATE-----" /* Certificate with no SAN nor CN. */ char pem1[] = "X.509 Certificate Information:\n" - " Version: 3\n" - " Serial Number (hex): 00\n" - " Issuer: O=GnuTLS hostname check test CA\n" - " Validity:\n" - " Not Before: Fri Feb 16 12:59:09 UTC 2007\n" - " Not After: Fri Mar 30 12:59:13 UTC 2007\n" - " Subject: O=GnuTLS hostname check test CA\n" - " Subject Public Key Algorithm: RSA\n" - " Modulus (bits 1024):\n" - " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" - " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" - " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" - " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" - " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" - " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" - " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" - " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" - " Exponent:\n" - " 01:00:01\n" - " Extensions:\n" - " Basic Constraints (critical):\n" - " Certificate Authority (CA): TRUE\n" - " Subject Key Identifier (not critical):\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" - " Signature Algorithm: RSA-SHA\n" - " Signature:\n" - " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n" - " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n" - " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n" - " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n" - " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n" - " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n" - " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n" - " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: O=GnuTLS hostname check test CA\n" + " Validity:\n" + " Not Before: Fri Feb 16 12:59:09 UTC 2007\n" + " Not After: Fri Mar 30 12:59:13 UTC 2007\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n" + " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n" + " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n" + " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n" + " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n" + " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n" + " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n" + " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n" "Other Information:\n" - " MD5 fingerprint:\n" - " fd845ded8c28ba5e78d6c1844ceafd24\n" - " SHA-1 fingerprint:\n" - " 0bae431dda3cae76012b82276e4cd92ad7961798\n" - " Public Key ID:\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " MD5 fingerprint:\n" + " fd845ded8c28ba5e78d6c1844ceafd24\n" + " SHA-1 fingerprint:\n" + " 0bae431dda3cae76012b82276e4cd92ad7961798\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" @@ -123,47 +123,47 @@ char pem1[] = /* Certificate with CN but no SAN. */ char pem2[] = "X.509 Certificate Information:\n" - " Version: 3\n" - " Serial Number (hex): 00\n" - " Issuer: CN=www.example.org\n" - " Validity:\n" - " Not Before: Fri Feb 16 13:30:30 UTC 2007\n" - " Not After: Fri Mar 30 13:30:32 UTC 2007\n" - " Subject: CN=www.example.org\n" - " Subject Public Key Algorithm: RSA\n" - " Modulus (bits 1024):\n" - " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" - " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" - " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" - " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" - " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" - " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" - " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" - " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" - " Exponent:\n" - " 01:00:01\n" - " Extensions:\n" - " Basic Constraints (critical):\n" - " Certificate Authority (CA): TRUE\n" - " Subject Key Identifier (not critical):\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" - " Signature Algorithm: RSA-SHA\n" - " Signature:\n" - " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n" - " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n" - " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n" - " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n" - " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n" - " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n" - " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n" - " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: CN=www.example.org\n" + " Validity:\n" + " Not Before: Fri Feb 16 13:30:30 UTC 2007\n" + " Not After: Fri Mar 30 13:30:32 UTC 2007\n" + " Subject: CN=www.example.org\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n" + " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n" + " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n" + " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n" + " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n" + " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n" + " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n" + " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n" "Other Information:\n" - " MD5 fingerprint:\n" - " 30cda7de4f0360892547974f45111ac1\n" - " SHA-1 fingerprint:\n" - " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n" - " Public Key ID:\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " MD5 fingerprint:\n" + " 30cda7de4f0360892547974f45111ac1\n" + " SHA-1 fingerprint:\n" + " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n" @@ -181,51 +181,51 @@ char pem2[] = /* Certificate with SAN but no CN. */ char pem3[] = "X.509 Certificate Information:" - " Version: 3\n" - " Serial Number (hex): 00\n" - " Issuer: O=GnuTLS hostname check test CA\n" - " Validity:\n" - " Not Before: Fri Feb 16 13:36:27 UTC 2007\n" - " Not After: Fri Mar 30 13:36:29 UTC 2007\n" - " Subject: O=GnuTLS hostname check test CA\n" - " Subject Public Key Algorithm: RSA\n" - " Modulus (bits 1024):\n" - " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" - " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" - " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" - " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" - " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" - " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" - " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" - " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" - " Exponent:\n" - " 01:00:01\n" - " Extensions:\n" - " Basic Constraints (critical):\n" - " Certificate Authority (CA): TRUE\n" - " Subject Alternative Name (not critical):\n" - " DNSname: www.example.org\n" - " Key Purpose (not critical):\n" - " TLS WWW Server.\n" - " Subject Key Identifier (not critical):\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" - " Signature Algorithm: RSA-SHA\n" - " Signature:\n" - " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n" - " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n" - " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n" - " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n" - " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n" - " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n" - " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n" - " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: O=GnuTLS hostname check test CA\n" + " Validity:\n" + " Not Before: Fri Feb 16 13:36:27 UTC 2007\n" + " Not After: Fri Mar 30 13:36:29 UTC 2007\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: www.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n" + " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n" + " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n" + " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n" + " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n" + " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n" + " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n" + " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n" "Other Information:\n" - " MD5 fingerprint:\n" - " df3f57d00c8149bd826b177d6ea4f369\n" - " SHA-1 fingerprint:\n" - " e95e56e2acac305f72ea6f698c11624663a595bd\n" - " Public Key ID:\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " MD5 fingerprint:\n" + " df3f57d00c8149bd826b177d6ea4f369\n" + " SHA-1 fingerprint:\n" + " e95e56e2acac305f72ea6f698c11624663a595bd\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" @@ -244,51 +244,51 @@ char pem3[] = /* Certificate with wildcard SAN but no CN. */ char pem4[] = "X.509 Certificate Information:\n" - " Version: 3\n" - " Serial Number (hex): 00\n" - " Issuer:\n" - " Validity:\n" - " Not Before: Fri Feb 16 13:40:10 UTC 2007\n" - " Not After: Fri Mar 30 13:40:12 UTC 2007\n" - " Subject:\n" - " Subject Public Key Algorithm: RSA\n" - " Modulus (bits 1024):\n" - " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" - " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" - " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" - " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" - " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" - " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" - " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" - " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" - " Exponent:\n" - " 01:00:01\n" - " Extensions:\n" - " Basic Constraints (critical):\n" - " Certificate Authority (CA): TRUE\n" - " Subject Alternative Name (not critical):\n" - " DNSname: *.example.org\n" - " Key Purpose (not critical):\n" - " TLS WWW Server.\n" - " Subject Key Identifier (not critical):\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" - " Signature Algorithm: RSA-SHA\n" - " Signature:\n" - " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n" - " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n" - " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n" - " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n" - " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n" - " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n" - " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n" - " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer:\n" + " Validity:\n" + " Not Before: Fri Feb 16 13:40:10 UTC 2007\n" + " Not After: Fri Mar 30 13:40:12 UTC 2007\n" + " Subject:\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: *.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n" + " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n" + " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n" + " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n" + " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n" + " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n" + " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n" + " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n" "Other Information:\n" - " MD5 fingerprint:\n" - " a411da7b0fa064d214116d5f94e06c24\n" - " SHA-1 fingerprint:\n" - " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n" - " Public Key ID:\n" - " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " MD5 fingerprint:\n" + " a411da7b0fa064d214116d5f94e06c24\n" + " SHA-1 fingerprint:\n" + " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n" @@ -307,36 +307,36 @@ char pem4[] = /* Certificate with multiple wildcards SAN but no CN. */ char pem6[] = "X.509 Certificate Information:\n" - " Version: 3\n" - " Serial Number (hex): 00\n" - " Validity:\n" - " Not Before: Sat May 3 11:00:51 UTC 2008\n" - " Not After: Sat May 17 11:00:54 UTC 2008\n" - " Subject: O=GnuTLS hostname check test CA\n" - " Subject Public Key Algorithm: RSA\n" - " Modulus (bits 1024):\n" - " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" - " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" - " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" - " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" - " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" - " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" - " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" - " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" - " Exponent:\n" - " 01:00:01\n" - " Extensions:\n" - " Basic Constraints (critical):\n" - " Certificate Authority (CA): TRUE\n" - " Subject Alternative Name (not critical):\n" - " DNSname: *.*.example.org\n" - " Key Purpose (not critical):\n" - " TLS WWW Server.\n" - " Subject Key Identifier (not critical):\n" - " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Validity:\n" + " Not Before: Sat May 3 11:00:51 UTC 2008\n" + " Not After: Sat May 17 11:00:54 UTC 2008\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" + " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" + " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" + " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" + " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" + " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" + " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" + " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: *.*.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" "Other Information:\n" - " Public Key ID:\n" - " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + " Public Key ID:\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" @@ -355,36 +355,36 @@ char pem6[] = /* Certificate with prefixed and suffixed wildcard SAN but no CN. */ char pem7[] = "X.509 Certificate Information:\n" - " Version: 3\n" - " Serial Number (hex): 00\n" - " Validity:\n" - " Not Before: Sat May 3 11:02:43 UTC 2008\n" - " Not After: Sat May 17 11:02:45 UTC 2008\n" - " Subject: O=GnuTLS hostname check test CA\n" - " Subject Public Key Algorithm: RSA\n" - " Modulus (bits 1024):\n" - " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" - " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" - " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" - " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" - " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" - " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" - " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" - " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" - " Exponent:\n" - " 01:00:01\n" - " Extensions:\n" - " Basic Constraints (critical):\n" - " Certificate Authority (CA): TRUE\n" - " Subject Alternative Name (not critical):\n" - " DNSname: foo*bar.example.org\n" - " Key Purpose (not critical):\n" - " TLS WWW Server.\n" - " Subject Key Identifier (not critical):\n" - " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Validity:\n" + " Not Before: Sat May 3 11:02:43 UTC 2008\n" + " Not After: Sat May 17 11:02:45 UTC 2008\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" + " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" + " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" + " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" + " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" + " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" + " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" + " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: foo*bar.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" "Other Information:\n" - " Public Key ID:\n" - " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + " Public Key ID:\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" @@ -404,36 +404,36 @@ char pem7[] = /* Certificate with ending wildcard SAN but no CN. */ char pem8[] = "X.509 Certificate Information:\n" - " Version: 3\n" - " Serial Number (hex): 00\n" - " Validity:\n" - " Not Before: Sat May 3 11:24:38 UTC 2008\n" - " Not After: Sat May 17 11:24:40 UTC 2008\n" - " Subject: O=GnuTLS hostname check test CA\n" - " Subject Public Key Algorithm: RSA\n" - " Modulus (bits 1024):\n" - " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" - " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" - " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" - " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" - " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" - " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" - " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" - " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" - " Exponent:\n" - " 01:00:01\n" - " Extensions:\n" - " Basic Constraints (critical):\n" - " Certificate Authority (CA): TRUE\n" - " Subject Alternative Name (not critical):\n" - " DNSname: www.example.*\n" - " Key Purpose (not critical):\n" - " TLS WWW Server.\n" - " Subject Key Identifier (not critical):\n" - " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Validity:\n" + " Not Before: Sat May 3 11:24:38 UTC 2008\n" + " Not After: Sat May 17 11:24:40 UTC 2008\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" + " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" + " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" + " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" + " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" + " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" + " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" + " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: www.example.*\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" "Other Information:\n" - " Public Key ID:\n" - " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + " Public Key ID:\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" "\n" "-----BEGIN CERTIFICATE-----\n" "MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" @@ -728,12 +728,12 @@ char pem_ips[] = "\n" " bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n" " Public key's random art:\n" " +--[ RSA 2048]----+\n" - " | |\n" - " | . |\n" - " | . + |\n" + " | |\n" + " | . |\n" + " | . + |\n" " | . .= . |\n" - " | .S+oo |\n" - " | E+.+ |\n" + " | .S+oo |\n" + " | E+.+ |\n" " | . +. *.o |\n" " | . oo.=..+ o |\n" " | ooo.+Bo . |\n" diff --git a/tests/key-material-dtls.c b/tests/key-material-dtls.c index f7660a49e1..a9ea96083c 100644 --- a/tests/key-material-dtls.c +++ b/tests/key-material-dtls.c @@ -170,7 +170,7 @@ static void client(int fd) block_size = 2*hash_size + 2*key_size + 2 *iv_size; ret = gnutls_prf(session, 13, "key expansion", 1, 0, NULL, block_size, - (void*)key_material); + (void*)key_material); if (ret < 0) { fprintf(stderr, "error in %d\n", __LINE__); gnutls_perror(ret); diff --git a/tests/key-usage.c b/tests/key-usage.c index eb8932ad69..e04b813dab 100644 --- a/tests/key-usage.c +++ b/tests/key-usage.c @@ -172,7 +172,7 @@ void server_check(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL:-KX-ALL:+RSA", NULL); @@ -194,7 +194,7 @@ void server_check(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -296,7 +296,7 @@ void client_check(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL:-KX-ALL:+RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS", NULL); @@ -318,7 +318,7 @@ void client_check(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/mini-cert-status.c b/tests/mini-cert-status.c index e6be43f4b7..eaf80f4dcd 100644 --- a/tests/mini-cert-status.c +++ b/tests/mini-cert-status.c @@ -134,8 +134,8 @@ static void client(int fd) /* Use default priorities */ ret = gnutls_priority_set_direct(session, - "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", - &p); + "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", + &p); if (ret < 0) { fail("error in setting priority: %s\n", p); exit(1); diff --git a/tests/mini-chain-unsorted.c b/tests/mini-chain-unsorted.c index a16a673765..2ac949ee1a 100644 --- a/tests/mini-chain-unsorted.c +++ b/tests/mini-chain-unsorted.c @@ -138,7 +138,7 @@ static unsigned char server_cert_pem[] = const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) + sizeof(server_cert_pem) }; static unsigned char server_key_pem[] = @@ -204,8 +204,8 @@ static void client(int fd) /* Use default priorities */ ret = gnutls_priority_set_direct(session, - "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", - &p); + "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", + &p); if (ret < 0) { fail("error in setting priority: %s\n", p); exit(1); diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c index 927708593b..bb6fa7e528 100644 --- a/tests/mini-dtls-heartbeat.c +++ b/tests/mini-dtls-heartbeat.c @@ -131,7 +131,7 @@ static void client(int fd, int server_init) do { ret = gnutls_record_recv(session, buffer, - sizeof(buffer)); + sizeof(buffer)); if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) { if (debug) @@ -146,7 +146,7 @@ static void client(int fd, int server_init) } } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED - || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED); + || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED); if (ret < 0) { fail("recv: %s\n", gnutls_strerror(ret)); @@ -162,7 +162,7 @@ static void client(int fd, int server_init) success("Ping sent.\n"); } while (ret == GNUTLS_E_AGAIN - || ret == GNUTLS_E_INTERRUPTED); + || ret == GNUTLS_E_INTERRUPTED); if (ret < 0) { fail("ping: %s\n", gnutls_strerror(ret)); @@ -258,7 +258,7 @@ static void server(int fd, int server_init) do { ret = gnutls_record_recv(session, buffer, - sizeof(buffer)); + sizeof(buffer)); if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) { if (debug) @@ -273,7 +273,7 @@ static void server(int fd, int server_init) } } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED - || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED); + || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED); } else { do { ret = @@ -284,7 +284,7 @@ static void server(int fd, int server_init) success("Ping sent.\n"); } while (ret == GNUTLS_E_AGAIN - || ret == GNUTLS_E_INTERRUPTED); + || ret == GNUTLS_E_INTERRUPTED); if (ret < 0) { fail("ping: %s\n", gnutls_strerror(ret)); diff --git a/tests/mini-dtls-large.c b/tests/mini-dtls-large.c index da32f4e8ab..8ae5c6905b 100644 --- a/tests/mini-dtls-large.c +++ b/tests/mini-dtls-large.c @@ -210,7 +210,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session) + 12); + gnutls_dtls_get_data_mtu(session) + 12); if (ret != GNUTLS_E_LARGE_PACKET) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -218,7 +218,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session) + 5048); + gnutls_dtls_get_data_mtu(session) + 5048); if (ret != GNUTLS_E_LARGE_PACKET) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -226,7 +226,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session)); + gnutls_dtls_get_data_mtu(session)); if (ret < 0) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -235,7 +235,7 @@ static void server(int fd) gnutls_dtls_set_mtu(session, MAX_MTU); ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session) + 12); + gnutls_dtls_get_data_mtu(session) + 12); if (ret != GNUTLS_E_LARGE_PACKET) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -243,7 +243,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session) + 5048); + gnutls_dtls_get_data_mtu(session) + 5048); if (ret != GNUTLS_E_LARGE_PACKET) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -251,7 +251,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session)); + gnutls_dtls_get_data_mtu(session)); if (ret > 16384 || ret < 0) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -262,7 +262,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session)); + gnutls_dtls_get_data_mtu(session)); if (ret < 0) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -278,7 +278,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session) - 16); + gnutls_dtls_get_data_mtu(session) - 16); if (ret < 0) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); @@ -286,7 +286,7 @@ static void server(int fd) ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session)); + gnutls_dtls_get_data_mtu(session)); if (ret != GNUTLS_E_LARGE_PACKET) { terminate(); fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); diff --git a/tests/mini-dtls-lowmtu.c b/tests/mini-dtls-lowmtu.c index 93a645f6f5..a04d6227ef 100644 --- a/tests/mini-dtls-lowmtu.c +++ b/tests/mini-dtls-lowmtu.c @@ -264,7 +264,7 @@ static void server(int fd, const char *prio) do { ret = gnutls_record_send(session, buffer, - gnutls_dtls_get_data_mtu(session)); + gnutls_dtls_get_data_mtu(session)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (ret < 0) { diff --git a/tests/mini-dtls-mtu.c b/tests/mini-dtls-mtu.c index dda02a1d44..33dfedd2bc 100644 --- a/tests/mini-dtls-mtu.c +++ b/tests/mini-dtls-mtu.c @@ -95,32 +95,32 @@ const gnutls_datum_t server_key = { server_key_pem, static int client_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms) { - fd_set rfds; - struct timeval tv; - int ret; - int fd = (long int)ptr; + fd_set rfds; + struct timeval tv; + int ret; + int fd = (long int)ptr; - FD_ZERO(&rfds); - FD_SET(fd, &rfds); + FD_ZERO(&rfds); + FD_SET(fd, &rfds); - tv.tv_sec = 0; - tv.tv_usec = ms * 1000; + tv.tv_sec = 0; + tv.tv_usec = ms * 1000; - while (tv.tv_usec >= 1000000) { - tv.tv_usec -= 1000000; - tv.tv_sec++; - } + while (tv.tv_usec >= 1000000) { + tv.tv_usec -= 1000000; + tv.tv_sec++; + } - ret = select(fd + 1, &rfds, NULL, NULL, &tv); - if (ret <= 0) - return ret; + ret = select(fd + 1, &rfds, NULL, NULL, &tv); + if (ret <= 0) + return ret; - return ret; + return ret; } static ssize_t client_pull(gnutls_transport_ptr_t ptr, void *data, size_t len) { - int fd = (long int)ptr; + int fd = (long int)ptr; ssize_t ret; ret = recv(fd, data, len, 0); @@ -165,7 +165,7 @@ static void client(int fd) gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); - gnutls_transport_set_pull_function(session, client_pull); + gnutls_transport_set_pull_function(session, client_pull); gnutls_transport_set_pull_timeout_function(session, client_pull_timeout); /* Perform the TLS handshake diff --git a/tests/mini-eagain-dtls.c b/tests/mini-eagain-dtls.c index 8b1a501916..c3654f9e19 100644 --- a/tests/mini-eagain-dtls.c +++ b/tests/mini-eagain-dtls.c @@ -77,8 +77,8 @@ void doit(void) GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); ret = gnutls_priority_set_direct(server, - "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); if (ret < 0) exit(1); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); @@ -94,8 +94,8 @@ void doit(void) GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); cret = gnutls_priority_set_direct(client, - "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); if (cret < 0) exit(1); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c index 8f913e66b2..f74092d058 100644 --- a/tests/mini-eagain.c +++ b/tests/mini-eagain.c @@ -78,8 +78,8 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); ret = gnutls_priority_set_direct(server, - "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); + "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); if (ret < 0) exit(1); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); @@ -92,8 +92,8 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); ret = gnutls_priority_set_direct(client, - "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); + "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); if (ret < 0) exit(1); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); diff --git a/tests/mini-emsgsize-dtls.c b/tests/mini-emsgsize-dtls.c index d69122f83e..0d4a1e4443 100644 --- a/tests/mini-emsgsize-dtls.c +++ b/tests/mini-emsgsize-dtls.c @@ -126,8 +126,8 @@ void doit(void) GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); ret = gnutls_priority_set_direct(server, - "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); + "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); if (ret < 0) exit(1); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); @@ -143,8 +143,8 @@ void doit(void) GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); cret = gnutls_priority_set_direct(client, - "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); + "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); if (cret < 0) exit(1); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); diff --git a/tests/mini-etm.c b/tests/mini-etm.c index daccb826c8..1270b531ae 100644 --- a/tests/mini-etm.c +++ b/tests/mini-etm.c @@ -301,7 +301,7 @@ static void server(int fd, const char *prio, unsigned etm) do { ret = gnutls_record_send(session, buffer, - sizeof(buffer)); + sizeof(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); diff --git a/tests/mini-extension.c b/tests/mini-extension.c index c90ac515ab..e298b6bed9 100644 --- a/tests/mini-extension.c +++ b/tests/mini-extension.c @@ -142,7 +142,7 @@ static void client(int sd) /* put the anonymous credentials to the current session */ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_transport_set_int(session, sd); @@ -260,7 +260,7 @@ static void server(int sd) NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_ext_register("ext_server", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); diff --git a/tests/mini-global-load.c b/tests/mini-global-load.c index f10814e7fa..1d01da3798 100644 --- a/tests/mini-global-load.c +++ b/tests/mini-global-load.c @@ -107,7 +107,7 @@ void doit(void) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL:-CIPHER-ALL:+AES-128-CBC", NULL); @@ -119,7 +119,7 @@ void doit(void) gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); diff --git a/tests/mini-key-material.c b/tests/mini-key-material.c index 15c79f0ef6..9fb266f23b 100644 --- a/tests/mini-key-material.c +++ b/tests/mini-key-material.c @@ -169,7 +169,7 @@ static void client(int fd) block_size = 2*hash_size + 2*key_size + 2 *iv_size; ret = gnutls_prf(session, 13, "key expansion", 1, 0, NULL, block_size, - (void*)key_material); + (void*)key_material); if (ret < 0) { fprintf(stderr, "error in %d\n", __LINE__); gnutls_perror(ret); diff --git a/tests/mini-record.c b/tests/mini-record.c index dcf8dfc7e4..f6d9c61a5d 100644 --- a/tests/mini-record.c +++ b/tests/mini-record.c @@ -329,7 +329,7 @@ static void server(int fd, const char *prio) do { ret = gnutls_record_send(session, buffer, - sizeof(buffer)); + sizeof(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); diff --git a/tests/mini-rsa-psk.c b/tests/mini-rsa-psk.c index cb33e1070d..445efce610 100644 --- a/tests/mini-rsa-psk.c +++ b/tests/mini-rsa-psk.c @@ -100,7 +100,7 @@ static void client(int sd) */ gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_transport_set_int(session, sd); @@ -253,7 +253,7 @@ static void server(int sd) gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_transport_set_int(session, sd); ret = gnutls_handshake(session); diff --git a/tests/mini-session-verify-function.c b/tests/mini-session-verify-function.c index 19358f284a..30baf4b4c1 100644 --- a/tests/mini-session-verify-function.c +++ b/tests/mini-session-verify-function.c @@ -137,26 +137,26 @@ void test_success(void) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); gnutls_session_set_verify_function(server, - server_callback); + server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); /* Init client */ gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); gnutls_session_set_verify_function(client, - client_callback); + client_callback); HANDSHAKE(client, server); @@ -204,26 +204,26 @@ void test_failure_client(void) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); gnutls_session_set_verify_function(server, - server_callback); + server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); /* Init client */ gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); gnutls_session_set_verify_function(client, - client_callback); + client_callback); HANDSHAKE_EXPECT(client, server, GNUTLS_E_CERTIFICATE_ERROR, GNUTLS_E_AGAIN); @@ -265,26 +265,26 @@ void test_failure_server(void) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); gnutls_session_set_verify_function(server, - server_callback); + server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); /* Init client */ gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); gnutls_session_set_verify_function(client, - client_callback); + client_callback); HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_CERTIFICATE_ERROR); diff --git a/tests/mini-supplementaldata.c b/tests/mini-supplementaldata.c index b960f2cdb9..8ddb89a513 100644 --- a/tests/mini-supplementaldata.c +++ b/tests/mini-supplementaldata.c @@ -143,7 +143,7 @@ static void client(int sd) /* put the anonymous credentials to the current session */ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_transport_set_int(session, sd); @@ -256,7 +256,7 @@ static void server(int sd) NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_supplemental_recv(session, 1); gnutls_supplemental_send(session, 1); diff --git a/tests/mini-x509-2.c b/tests/mini-x509-2.c index 8555b195b1..66db99ddae 100644 --- a/tests/mini-x509-2.c +++ b/tests/mini-x509-2.c @@ -216,7 +216,7 @@ void doit(void) ret = gnutls_x509_privkey_import(pkey, &server_key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); exit(1); @@ -232,7 +232,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL:-CIPHER-ALL:+AES-128-GCM", NULL); @@ -252,15 +252,15 @@ void doit(void) exit(1); ret = gnutls_certificate_set_x509_key_mem(clientx509cred, - &cli_cert, &cli_key, - GNUTLS_X509_FMT_PEM); + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); ret = gnutls_init(&client, GNUTLS_CLIENT); if (ret < 0) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/mini-x509-callbacks-intr.c b/tests/mini-x509-callbacks-intr.c index 955e31863b..0342121e3a 100644 --- a/tests/mini-x509-callbacks-intr.c +++ b/tests/mini-x509-callbacks-intr.c @@ -142,13 +142,13 @@ void doit(void) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); gnutls_certificate_set_verify_function(serverx509cred, - server_callback); + server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_handshake_set_post_client_hello_function(server, post_client_hello_callback); @@ -157,13 +157,13 @@ void doit(void) gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); gnutls_certificate_set_verify_function(clientx509cred, - client_callback); + client_callback); HANDSHAKE(client, server); diff --git a/tests/mini-x509-callbacks.c b/tests/mini-x509-callbacks.c index c6410c327e..59205eb7c0 100644 --- a/tests/mini-x509-callbacks.c +++ b/tests/mini-x509-callbacks.c @@ -231,13 +231,13 @@ void doit(void) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); gnutls_certificate_set_verify_function(serverx509cred, - server_callback); + server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_handshake_set_post_client_hello_function(server, post_client_hello_callback); @@ -250,13 +250,13 @@ void doit(void) gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); gnutls_certificate_set_verify_function(clientx509cred, - client_callback); + client_callback); append_alpn(client); HANDSHAKE(client, server); diff --git a/tests/mini-x509-cas.c b/tests/mini-x509-cas.c index c8f095f5cf..3866239c60 100644 --- a/tests/mini-x509-cas.c +++ b/tests/mini-x509-cas.c @@ -82,7 +82,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); @@ -93,7 +93,7 @@ void doit(void) gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); diff --git a/tests/mini-x509-default-prio.c b/tests/mini-x509-default-prio.c index 30f235e147..62ef5b55ff 100644 --- a/tests/mini-x509-default-prio.c +++ b/tests/mini-x509-default-prio.c @@ -167,7 +167,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); ret = gnutls_set_default_priority(server); if (ret < 0) exit(1); @@ -190,7 +190,7 @@ void doit(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/mini-x509-dual.c b/tests/mini-x509-dual.c index 75bca268a8..0bfd614d32 100644 --- a/tests/mini-x509-dual.c +++ b/tests/mini-x509-dual.c @@ -178,7 +178,7 @@ static void try(const char *client_prio, gnutls_kx_algorithm_t client_kx) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); gnutls_priority_set_direct(server, @@ -205,7 +205,7 @@ static void try(const char *client_prio, gnutls_kx_algorithm_t client_kx) gnutls_anon_allocate_client_credentials(&c_anoncred); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 13d93cb3b4..28fae45afe 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -79,7 +79,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, #ifndef ENABLE_FIPS140 "NORMAL:-CIPHER-ALL:+ARCFOUR-128", @@ -105,7 +105,7 @@ void doit(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/name-constraints-ip.c b/tests/name-constraints-ip.c index 626c64d5c9..60958292ed 100644 --- a/tests/name-constraints-ip.c +++ b/tests/name-constraints-ip.c @@ -271,7 +271,7 @@ static void check_simple_intersection(void **glob_state) /* 4: simple intersection * --------P:203.0.113.0/24-------- * --P:203.0.113.0/26-- - * A B C + * A B C */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; @@ -307,8 +307,8 @@ static void check_empty_intersection(void **glob_state) { /* 5: empty intersection * --P:127.0.113.0/24-- - * --P:255.0.113.0/24-- - * A B C + * --P:255.0.113.0/24-- + * A B C */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; @@ -344,8 +344,8 @@ static void check_mediocre_intersection(void **glob_state) { /* 6: mediocre intersection * --------P:127.0.113.0/24-------- - * --P:127.0.113.0/26-- --P:255.0.113.0/24-- - * A B C D + * --P:127.0.113.0/26-- --P:255.0.113.0/24-- + * A B C D */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; @@ -390,7 +390,7 @@ static void check_difficult_intersection(void **glob_state) /* 7: difficult intersection * --------P:0.0.0.0/3--------------- --P:88.0.0.0/5-- * --P:0.0.0.0/5-- --P:16.0.0.0/5-- ----P:64.0.0.0/3---- - * A B C D E F G H + * A B C D E F G H */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; @@ -461,7 +461,7 @@ static void check_ipv6_intersection(void **glob_state) /* 8: IPv6 intersection * --------P:affb::/16----- --P:affd:0000::/20-- * --P:affb:aa00::/24-- - * A B C D E F G + * A B C D E F G */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; @@ -521,11 +521,11 @@ static void check_empty_ipv4_intersection_ipv6_remains(void **glob_state) /* 9: IPv4 and IPv6 in a common test case * IPv4 with empty intersection, but IPv6 gets restricted as well * --P:127.0.113.0/24-- - * --P:255.0.113.0/24-- - * A B C + * --P:255.0.113.0/24-- + * A B C * * --P:bfa6::/16-- - * D E + * D E */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; @@ -575,12 +575,12 @@ static void check_empty_ipv4v6_intersections(void **glob_state) /* 10: IPv4 and IPv6 in a common test case * both IPv4 and IPv6 have empty intersection * --P:127.0.113.0/24-- - * --P:255.0.113.0/24-- - * A B C + * --P:255.0.113.0/24-- + * A B C * * --P:bfa6::/16-- - * --P:cfa6::/16-- - * D E F + * --P:cfa6::/16-- + * D E F */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; @@ -638,10 +638,10 @@ static void check_ipv4v6_single_constraint_each(void **glob_state) /* 11: 1 IPv4 range and 1 IPv6 range in a common test case * (no overlap) * --P:127.0.113.0/24-- - * A B + * A B * * --P:bfa6::/16-- - * C D + * C D */ int ret; gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; diff --git a/tests/ocsp-tests/Makefile.am b/tests/ocsp-tests/Makefile.am index e91ca9b610..e839c737d3 100644 --- a/tests/ocsp-tests/Makefile.am +++ b/tests/ocsp-tests/Makefile.am @@ -33,10 +33,10 @@ endif TESTS = $(dist_check_SCRIPTS) TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ - LC_ALL="C" \ - VALGRIND="$(VALGRIND)" \ - LIBTOOL="$(LIBTOOL)" \ - top_builddir="$(top_builddir)" \ + LC_ALL="C" \ + VALGRIND="$(VALGRIND)" \ + LIBTOOL="$(LIBTOOL)" \ + top_builddir="$(top_builddir)" \ srcdir="$(srcdir)" if WINDOWS diff --git a/tests/ocsp.c b/tests/ocsp.c index d7ed212d85..9748b85870 100644 --- a/tests/ocsp.c +++ b/tests/ocsp.c @@ -899,8 +899,8 @@ static void req_parse(void) if (strlen(REQ1INFO) != d.size || memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) { printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", - strlen(REQ1INFO), REQ1INFO, (int) d.size, - (int) d.size, d.data); + strlen(REQ1INFO), REQ1INFO, (int) d.size, + (int) d.size, d.data); fail("ocsp request print failed\n"); exit(1); } @@ -1093,8 +1093,8 @@ static void req_addcert_id(void) if (strlen(REQ1INFO) != d.size || memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) { printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", - strlen(REQ1INFO), REQ1INFO, (int) d.size, - (int) d.size, d.data); + strlen(REQ1INFO), REQ1INFO, (int) d.size, + (int) d.size, d.data); fail("ocsp request print failed\n"); exit(1); } @@ -1185,7 +1185,7 @@ static void req_addcert(void) } ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, - issuer, subject); + issuer, subject); if (ret != 0) { fail("gnutls_ocsp_add_cert %d\n", ret); exit(1); @@ -1206,8 +1206,8 @@ static void req_addcert(void) if (strlen(REQ1INFO) != d.size || memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) { printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", - strlen(REQ1INFO), REQ1INFO, (int) d.size, - (int) d.size, d.data); + strlen(REQ1INFO), REQ1INFO, (int) d.size, + (int) d.size, d.data); fail("ocsp request print failed\n"); exit(1); } @@ -1308,8 +1308,8 @@ static void resp_import(void) if (strlen(RESP1INFO) != d.size || memcmp(RESP1INFO, d.data, strlen(RESP1INFO)) != 0) { printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", - strlen(RESP1INFO), RESP1INFO, (int) d.size, - (int) d.size, d.data); + strlen(RESP1INFO), RESP1INFO, (int) d.size, + (int) d.size, d.data); fail("ocsp response print failed\n"); exit(1); } @@ -1334,8 +1334,8 @@ static void resp_import(void) if (memcmp(RESP2INFO, d.data, strlen(RESP2INFO)) != 0) { printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", - strlen(RESP2INFO), RESP2INFO, (int) d.size, - (int) d.size, d.data); + strlen(RESP2INFO), RESP2INFO, (int) d.size, + (int) d.size, d.data); fail("ocsp response print failed\n"); exit(1); } @@ -1369,8 +1369,8 @@ static void resp_import(void) if (memcmp(RESP3INFO, d.data, strlen(RESP3INFO)) != 0) { printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", - strlen(RESP3INFO), RESP3INFO, (int) d.size, - (int) d.size, d.data); + strlen(RESP3INFO), RESP3INFO, (int) d.size, + (int) d.size, d.data); fail("ocsp response 3 print failed\n"); exit(1); } diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c index 1836f0777c..86cf910363 100644 --- a/tests/openpgp-auth.c +++ b/tests/openpgp-auth.c @@ -217,7 +217,7 @@ void doit(void) sent = gnutls_record_send(session, message, - sizeof(message)); + sizeof(message)); if (sent != sizeof(message)) fail("client sent %li vs. %li\n", (long) sent, (long) sizeof(message)); @@ -248,7 +248,7 @@ void doit(void) if (debug) printf("server process %i (child %i)\n", - getpid(), child); + getpid(), child); err = gnutls_init(&session, GNUTLS_SERVER); if (err != 0) @@ -317,14 +317,14 @@ void doit(void) stored_cli_cert.data = gnutls_malloc(d[0].size); memcpy(stored_cli_cert.data, - d[0].data, d[0].size); + d[0].data, d[0].size); stored_cli_cert.size = d[0].size; } } received = gnutls_record_recv(session, greetings, - sizeof(greetings)); + sizeof(greetings)); if (received != sizeof(message) || memcmp(greetings, message, sizeof(message))) fail("server received %li vs. %li\n", diff --git a/tests/openpgp-auth2.c b/tests/openpgp-auth2.c index 5cfcac6b7e..a742eaf5a0 100644 --- a/tests/openpgp-auth2.c +++ b/tests/openpgp-auth2.c @@ -177,7 +177,7 @@ void doit(void) if (debug) printf("server process %i (child %i)\n", getpid(), - child); + child); err = gnutls_init(&session, GNUTLS_SERVER); if (err != 0) @@ -229,7 +229,7 @@ void doit(void) received = gnutls_record_recv(session, greetings, - sizeof(greetings)); + sizeof(greetings)); if (received != sizeof(g_message) || memcmp(greetings, g_message, sizeof(g_message))) fail("server received %li vs. %li\n", diff --git a/tests/openpgpself.c b/tests/openpgpself.c index 52768c6526..d255a80704 100644 --- a/tests/openpgpself.c +++ b/tests/openpgpself.c @@ -179,7 +179,7 @@ static void client(int sds[]) /* put the x509 credentials to the current session */ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - xcred); + xcred); gnutls_transport_set_int(session, sd); diff --git a/tests/pgps2kgnu.c b/tests/pgps2kgnu.c index a8ae98231c..38c1796062 100644 --- a/tests/pgps2kgnu.c +++ b/tests/pgps2kgnu.c @@ -4,8 +4,8 @@ * Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> * pgps2kgnu: test GNU extensions to the OpenPGP S2K specification. - * at the moment, we just test the "GNU dummy" S2K - * extension. + * at the moment, we just test the "GNU dummy" S2K + * extension. * * This file is part of GnuTLS. @@ -66,7 +66,7 @@ static char dummy_key[] = /* Test capability of reading the gnu-dummy OpenPGP S2K extension. See: doc/DETAILS from gnupg - http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00023.html + http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00023.html */ static void tls_log_func(int level, const char *str) @@ -95,7 +95,7 @@ int main(int argc, char **argv) rc = gnutls_openpgp_privkey_init(&key); if (rc) { printf("gnutls_openpgp_privkey_init rc %d: %s\n", - rc, gnutls_strerror(rc)); + rc, gnutls_strerror(rc)); return 1; } @@ -104,7 +104,7 @@ int main(int argc, char **argv) 0); if (rc) { printf("gnutls_openpgp_privkey_import rc %d: %s\n", - rc, gnutls_strerror(rc)); + rc, gnutls_strerror(rc)); return 1; } diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c index 847aa9a4f3..7301f293f5 100644 --- a/tests/pkcs12_s2k.c +++ b/tests/pkcs12_s2k.c @@ -135,9 +135,9 @@ void doit(void) if (debug) printf("ij: %d.%d: %s\n", i, j, - _gnutls_bin2hex(key, sizeof(key), - tmp, sizeof(tmp), - NULL)); + _gnutls_bin2hex(key, sizeof(key), + tmp, sizeof(tmp), + NULL)); x++; } } @@ -159,8 +159,8 @@ void doit(void) if (debug) printf("tv[%d]: %s\n", i, - _gnutls_bin2hex(key, tv[i].keylen, tmp, - sizeof(tmp), NULL)); + _gnutls_bin2hex(key, tv[i].keylen, tmp, + sizeof(tmp), NULL)); } if (debug) printf("\n"); diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c index 35b8947ed6..dc5093ccc4 100644 --- a/tests/pkcs12_s2k_pem.c +++ b/tests/pkcs12_s2k_pem.c @@ -267,14 +267,14 @@ int main(void) tmp.size = strlen((char *) tmp.data); ret = gnutls_x509_privkey_import_pkcs8(key, &tmp, - GNUTLS_X509_FMT_PEM, - keys[i].password, - 0); + GNUTLS_X509_FMT_PEM, + keys[i].password, + 0); gnutls_x509_privkey_deinit(key); if (ret != keys[i].expected_result) { printf("fail[%d]: %d: %s\n", (int) i, ret, - gnutls_strerror(ret)); + gnutls_strerror(ret)); return 1; } diff --git a/tests/pkcs12_simple.c b/tests/pkcs12_simple.c index 98c0577ab4..7c5a6a33d0 100644 --- a/tests/pkcs12_simple.c +++ b/tests/pkcs12_simple.c @@ -85,8 +85,8 @@ void doit(void) ret = gnutls_pkcs12_simple_parse(pkcs12, password, &pkey, &chain, - &chain_size, &extras, &extras_size, - NULL, 0); + &chain_size, &extras, &extras_size, + NULL, 0); if (ret < 0) fail("pkcs12_simple_parse failed %d: %s\n", ret, gnutls_strerror(ret)); diff --git a/tests/pkcs8-key-decode.c b/tests/pkcs8-key-decode.c index a36c4af8ea..1c462abdbe 100644 --- a/tests/pkcs8-key-decode.c +++ b/tests/pkcs8-key-decode.c @@ -26,8 +26,8 @@ #include <string.h> #include <stdlib.h> -# define PRIVATE_KEY \ - "-----BEGIN PRIVATE KEY-----\n" \ +# define PRIVATE_KEY \ + "-----BEGIN PRIVATE KEY-----\n" \ "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n" \ "BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE\n" \ "Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9\n" \ @@ -43,7 +43,7 @@ "L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd\n" \ "a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W\n" \ "nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp\n" \ - "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \ + "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \ "-----END PRIVATE KEY-----\n" diff --git a/tests/prf.c b/tests/prf.c index 5be9d420ca..78526cfba8 100644 --- a/tests/prf.c +++ b/tests/prf.c @@ -165,7 +165,7 @@ static gnutls_datum_t sess_id = #define TRY(label_size, label, extra_size, extra, size, exp) \ { \ ret = gnutls_prf_rfc5705(session, label_size, label, extra_size, extra, size, \ - (void*)key_material); \ + (void*)key_material); \ if (ret < 0) { \ fprintf(stderr, "gnutls_prf_rfc5705: error in %d\n", __LINE__); \ gnutls_perror(ret); \ @@ -182,7 +182,7 @@ static gnutls_datum_t sess_id = #define TRY_OLD(label_size, label, extra_size, extra, size, exp) \ { \ ret = gnutls_prf(session, label_size, label, 1, extra_size, extra, size, \ - (void*)key_material); \ + (void*)key_material); \ if (ret < 0) { \ fprintf(stderr, "gnutls_prf: error in %d\n", __LINE__); \ gnutls_perror(ret); \ @@ -211,7 +211,7 @@ static void check_prfs(gnutls_session_t session) /* check whether gnutls_prf matches gnutls_prf_rfc5705 when no context is given */ ret = gnutls_prf(session, 4, "aaaa", 0, 0, NULL, 64, - (void*)key_material); + (void*)key_material); if (ret < 0) { fprintf(stderr, "gnutls_prf: error in %d\n", __LINE__); gnutls_perror(ret); @@ -219,7 +219,7 @@ static void check_prfs(gnutls_session_t session) } ret = gnutls_prf_rfc5705(session, 4, "aaaa", 0, NULL, 64, - (void*)key_material2); + (void*)key_material2); if (ret < 0) { fprintf(stderr, "gnutls_prf_rfc5705: error in %d\n", __LINE__); gnutls_perror(ret); @@ -275,7 +275,7 @@ static void client(int fd) } ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -379,7 +379,7 @@ static void server(int fd) &server_cert, &server_key, GNUTLS_X509_FMT_PEM); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_handshake_set_random(session, &hsrnd); gnutls_transport_set_int(session, fd); diff --git a/tests/rehandshake-ext-secret.c b/tests/rehandshake-ext-secret.c index f0fe578355..86d269d4b2 100644 --- a/tests/rehandshake-ext-secret.c +++ b/tests/rehandshake-ext-secret.c @@ -72,7 +72,7 @@ static void try(unsigned onclient) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -82,7 +82,7 @@ static void try(unsigned onclient) gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); diff --git a/tests/rehandshake-switch-cert-allow.c b/tests/rehandshake-switch-cert-allow.c index fc365d149d..a31597e5f1 100644 --- a/tests/rehandshake-switch-cert-allow.c +++ b/tests/rehandshake-switch-cert-allow.c @@ -81,7 +81,7 @@ static void try(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -105,7 +105,7 @@ static void try(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -126,7 +126,7 @@ static void try(void) /* switch server's certificate and rehandshake */ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred2); + serverx509cred2); HANDSHAKE(client, server); diff --git a/tests/rehandshake-switch-cert-client-allow.c b/tests/rehandshake-switch-cert-client-allow.c index c4b0bf38b8..367fda8c58 100644 --- a/tests/rehandshake-switch-cert-client-allow.c +++ b/tests/rehandshake-switch-cert-client-allow.c @@ -78,7 +78,7 @@ static void try(void) gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -118,7 +118,7 @@ static void try(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -139,7 +139,7 @@ static void try(void) /* switch server's certificate and rehandshake */ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred2); + clientx509cred2); HANDSHAKE(client, server); diff --git a/tests/rehandshake-switch-cert-client.c b/tests/rehandshake-switch-cert-client.c index d79db49ef4..7c28a2fa96 100644 --- a/tests/rehandshake-switch-cert-client.c +++ b/tests/rehandshake-switch-cert-client.c @@ -78,7 +78,7 @@ static void try(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -118,7 +118,7 @@ static void try(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -139,7 +139,7 @@ static void try(void) /* switch server's certificate and rehandshake */ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred2); + clientx509cred2); HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SESSION_USER_ID_CHANGED); diff --git a/tests/rehandshake-switch-cert.c b/tests/rehandshake-switch-cert.c index 45f4666b76..bb71e620e5 100644 --- a/tests/rehandshake-switch-cert.c +++ b/tests/rehandshake-switch-cert.c @@ -81,7 +81,7 @@ static void try(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -105,7 +105,7 @@ static void try(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); @@ -126,7 +126,7 @@ static void try(void) /* switch server's certificate and rehandshake */ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred2); + serverx509cred2); HANDSHAKE_EXPECT(client, server, GNUTLS_E_SESSION_USER_ID_CHANGED, GNUTLS_E_AGAIN); diff --git a/tests/rehandshake-switch-psk-id.c b/tests/rehandshake-switch-psk-id.c index 4b2a50e2e0..ebe4c10eed 100644 --- a/tests/rehandshake-switch-psk-id.c +++ b/tests/rehandshake-switch-psk-id.c @@ -96,7 +96,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang else gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_PSK, - serverpskcred); + serverpskcred); gnutls_priority_set_direct(server, prio, @@ -126,7 +126,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK, - clientpskcred); + clientpskcred); if (ret < 0) exit(1); @@ -149,7 +149,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang /* switch client's username and rehandshake */ ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK, - clientpskcred2); + clientpskcred2); if (ret < 0) exit(1); diff --git a/tests/rehandshake-switch-srp-id.c b/tests/rehandshake-switch-srp-id.c index c4202bce88..91de6fc96e 100644 --- a/tests/rehandshake-switch-srp-id.c +++ b/tests/rehandshake-switch-srp-id.c @@ -173,9 +173,9 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang else gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_SRP, - server_srp_cred); + server_srp_cred); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - server_x509_cred); + server_x509_cred); gnutls_priority_set_direct(server, prio, @@ -209,7 +209,7 @@ static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_chang exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - client_x509_cred); + client_x509_cred); if (ret < 0) exit(1); diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c index df818ae3dd..9e6327c7fe 100644 --- a/tests/resume-dtls.c +++ b/tests/resume-dtls.c @@ -539,14 +539,14 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key) return res; memcpy(res.data, cache_db[i].session_data, - res.size); + res.size); if (debug) { unsigned j; printf("data:\n"); for (j = 0; j < res.size; j++) { printf("%02x ", - res.data[j] & 0xFF); + res.data[j] & 0xFF); if ((j + 1) % 16 == 0) printf("\n"); } diff --git a/tests/resume-with-false-start.c b/tests/resume-with-false-start.c index 6c5eecd8d6..b0093b09e0 100644 --- a/tests/resume-with-false-start.c +++ b/tests/resume-with-false-start.c @@ -81,7 +81,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_set_default_priority(server); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -101,7 +101,7 @@ void doit(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/resume.c b/tests/resume.c index 21455a4f2d..1bcd3b8d04 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -168,7 +168,7 @@ static void tls_log_func(int level, const char *str) } static int hsk_hook_cb(gnutls_session_t session, unsigned int htype, unsigned post, - unsigned int incoming, const gnutls_datum_t *_msg) + unsigned int incoming, const gnutls_datum_t *_msg) { unsigned size; gnutls_datum msg = {_msg->data, _msg->size}; @@ -823,7 +823,7 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key) return res; memcpy(res.data, cache_db[i].session_data, - res.size); + res.size); #ifdef DEBUG_CACHE if (debug) { @@ -831,7 +831,7 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key) printf("data:\n"); for (j = 0; j < res.size; j++) { printf("%02x ", - res.data[j] & 0xFF); + res.data[j] & 0xFF); if ((j + 1) % 16 == 0) printf("\n"); } diff --git a/tests/rsa-encrypt-decrypt.c b/tests/rsa-encrypt-decrypt.c index c303b53d04..374684388c 100644 --- a/tests/rsa-encrypt-decrypt.c +++ b/tests/rsa-encrypt-decrypt.c @@ -117,7 +117,7 @@ void doit(void) ret = gnutls_x509_privkey_import(key, &key_dat[i], - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) fail("gnutls_x509_privkey_import\n"); @@ -150,7 +150,7 @@ void doit(void) ret = gnutls_pubkey_encrypt_data(pubkey, 0, &hash_data, - &out); + &out); if (ret < 0) fail("gnutls_pubkey_encrypt_data\n"); diff --git a/tests/send-client-cert.c b/tests/send-client-cert.c index 048628b6b5..33cce4a861 100644 --- a/tests/send-client-cert.c +++ b/tests/send-client-cert.c @@ -103,7 +103,7 @@ static void try(unsigned expect, unsigned ca_type) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -138,7 +138,7 @@ static void try(unsigned expect, unsigned ca_type) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/session-export-funcs.c b/tests/session-export-funcs.c index 3fe4a80fd1..65b554277f 100644 --- a/tests/session-export-funcs.c +++ b/tests/session-export-funcs.c @@ -77,7 +77,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -103,7 +103,7 @@ void doit(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/simple.c b/tests/simple.c index 9d4c98f2c4..ef37e3689e 100644 --- a/tests/simple.c +++ b/tests/simple.c @@ -48,7 +48,7 @@ void doit(void) if (debug) { printf("GnuTLS header version %s.\n", GNUTLS_VERSION); printf("GnuTLS library version %s.\n", - gnutls_check_version(NULL)); + gnutls_check_version(NULL)); } if (!gnutls_check_version_numeric(GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH)) { @@ -79,11 +79,11 @@ void doit(void) for (i = 0; algs[i]; i++) { if (debug) printf("pk_list[%d] = %d = %s = %d\n", - (int) i, algs[i], - gnutls_pk_algorithm_get_name(algs + (int) i, algs[i], + gnutls_pk_algorithm_get_name(algs [i]), - gnutls_pk_get_id - (gnutls_pk_algorithm_get_name + gnutls_pk_get_id + (gnutls_pk_algorithm_get_name (algs[i]))); if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name(algs[i])) @@ -111,11 +111,11 @@ void doit(void) for (i = 0; algs[i]; i++) { if (debug) printf("sign_list[%d] = %d = %s = %d\n", - (int) i, algs[i], - gnutls_sign_algorithm_get_name(algs + (int) i, algs[i], + gnutls_sign_algorithm_get_name(algs [i]), - gnutls_sign_get_id - (gnutls_sign_algorithm_get_name + gnutls_sign_get_id + (gnutls_sign_algorithm_get_name (algs[i]))); if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name(algs[i])) != diff --git a/tests/slow/cipher-override.c b/tests/slow/cipher-override.c index a980b8b8a7..fd5d0c990b 100644 --- a/tests/slow/cipher-override.c +++ b/tests/slow/cipher-override.c @@ -145,11 +145,11 @@ static void myaes_gcm_deinit(void *_ctx) static int myaes_gcm_encrypt(void *_ctx, - const void *nonce, size_t nonce_size, - const void *auth, size_t auth_size, - size_t tag_size, - const void *plain, size_t plain_size, - void *encr, size_t encr_size) + const void *nonce, size_t nonce_size, + const void *auth, size_t auth_size, + size_t tag_size, + const void *plain, size_t plain_size, + void *encr, size_t encr_size) { /* proper AEAD cipher */ struct myaes_gcm_ctx *ctx = _ctx; @@ -168,11 +168,11 @@ myaes_gcm_encrypt(void *_ctx, static int myaes_gcm_decrypt(void *_ctx, - const void *nonce, size_t nonce_size, - const void *auth, size_t auth_size, - size_t tag_size, - const void *encr, size_t encr_size, - void *plain, size_t plain_size) + const void *nonce, size_t nonce_size, + const void *auth, size_t auth_size, + size_t tag_size, + const void *encr, size_t encr_size, + void *plain, size_t plain_size) { uint8_t tag[16]; struct myaes_gcm_ctx *ctx = _ctx; diff --git a/tests/slow/cipher-override2.c b/tests/slow/cipher-override2.c index 1f9319f4c2..3ed71186ae 100644 --- a/tests/slow/cipher-override2.c +++ b/tests/slow/cipher-override2.c @@ -96,22 +96,22 @@ static void myaes_gcm_deinit(void *_ctx) static int myaes_gcm_encrypt(void *_ctx, - const void *nonce, size_t nonce_size, - const void *auth, size_t auth_size, - size_t tag_size, - const void *plain, size_t plain_size, - void *encr, size_t encr_size) + const void *nonce, size_t nonce_size, + const void *auth, size_t auth_size, + size_t tag_size, + const void *plain, size_t plain_size, + void *encr, size_t encr_size) { abort(); } static int myaes_gcm_decrypt(void *_ctx, - const void *nonce, size_t nonce_size, - const void *auth, size_t auth_size, - size_t tag_size, - const void *encr, size_t encr_size, - void *plain, size_t plain_size) + const void *nonce, size_t nonce_size, + const void *auth, size_t auth_size, + size_t tag_size, + const void *encr, size_t encr_size, + void *plain, size_t plain_size) { abort(); } diff --git a/tests/srp.c b/tests/srp.c index 6925855311..e0c1b8a8e6 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -190,7 +190,7 @@ static gnutls_session_t initialize_tls_session(const char *prio) gnutls_credentials_set(session, GNUTLS_CRD_SRP, s_srp_cred); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - s_x509_cred); + s_x509_cred); return session; } @@ -220,7 +220,7 @@ static void server(int fd, const char *prio) gnutls_srp_allocate_server_credentials(&s_srp_cred); gnutls_srp_set_server_credentials_file(s_srp_cred, "tpasswd", - "tpasswd.conf"); + "tpasswd.conf"); gnutls_certificate_allocate_credentials(&s_x509_cred); gnutls_certificate_set_x509_key_mem(s_x509_cred, diff --git a/tests/test-chains.h b/tests/test-chains.h index 1398110b08..59b82d30fe 100644 --- a/tests/test-chains.h +++ b/tests/test-chains.h @@ -954,7 +954,7 @@ static const char *nc_good0[] = { "-----END CERTIFICATE-----\n", NULL, /* Name constraints (critical): - Permitted: DNSname: example.com */ + Permitted: DNSname: example.com */ "-----BEGIN CERTIFICATE-----\n" "MIIC/zCCAeegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" "MCIYDzIwMTUwMzI1MDc1ODQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" @@ -2788,9 +2788,9 @@ static struct { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH), 0, NULL}, { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB128), 0, NULL}, { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA), - GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB192), - GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, { "name constraints: empty CN, empty SAN, permitted dns range", nc_good0, &nc_good0[2], 0, 0, 0, 1427270515}, { "name constraints: dns in permitted range", nc_good1, &nc_good1[4], 0, 0, NULL, 1412850586}, { "name constraints: ipv6 in permitted range", nc_good2, &nc_good2[4], 0, 0, NULL, 1467193927}, diff --git a/tests/tls-max-record.c b/tests/tls-max-record.c index 4e074e658c..fb4076edf1 100644 --- a/tests/tls-max-record.c +++ b/tests/tls-max-record.c @@ -74,7 +74,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", @@ -100,7 +100,7 @@ void doit(void) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/tls-rehandshake-cert-2.c b/tests/tls-rehandshake-cert-2.c index c352a11acb..c096519210 100644 --- a/tests/tls-rehandshake-cert-2.c +++ b/tests/tls-rehandshake-cert-2.c @@ -177,7 +177,7 @@ static void client(int fd, unsigned test) do { ret = gnutls_record_recv(session, buffer, - MAX_BUF); + MAX_BUF); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } while (ret > 0); @@ -193,7 +193,7 @@ static void client(int fd, unsigned test) do { ret = gnutls_record_recv(session, buffer, - MAX_BUF); + MAX_BUF); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } while (ret > 0); @@ -313,7 +313,7 @@ static void server(int fd, unsigned test) do { ret = gnutls_record_recv(session, buffer, - MAX_BUF); + MAX_BUF); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } while (ret > 0); @@ -363,7 +363,7 @@ static void server(int fd, unsigned test) do { ret = gnutls_record_recv(session, buffer, - MAX_BUF); + MAX_BUF); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } while (ret > 0); diff --git a/tests/tls-rehandshake-cert.c b/tests/tls-rehandshake-cert.c index 5cba8f1b00..88370b801d 100644 --- a/tests/tls-rehandshake-cert.c +++ b/tests/tls-rehandshake-cert.c @@ -107,7 +107,7 @@ void doit(void) GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -117,7 +117,7 @@ void doit(void) gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); diff --git a/tests/tlsfeature-crt.c b/tests/tlsfeature-crt.c index 02288d5d0b..fa68816303 100644 --- a/tests/tlsfeature-crt.c +++ b/tests/tlsfeature-crt.c @@ -61,39 +61,39 @@ void doit(void) if (ret < 0) fail("init %d\n", ret); - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - assert(gnutls_x509_crt_init(&crt) >= 0); + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + assert(gnutls_x509_crt_init(&crt) >= 0); - assert(gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM) >= 0); - assert(gnutls_x509_crt_get_tlsfeatures(crt, feat, 0, &critical) >= 0); - assert(critical == 0); + assert(gnutls_x509_crt_get_tlsfeatures(crt, feat, 0, &critical) >= 0); + assert(critical == 0); - assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0); - assert(out == 5); + assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0); + assert(out == 5); - assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) != 0); + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) != 0); - /* append more features */ - assert(gnutls_x509_tlsfeatures_add(feat, 6) >= 0); - assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); + /* append more features */ + assert(gnutls_x509_tlsfeatures_add(feat, 6) >= 0); + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); - assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0); - assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); + assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0); + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); - gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_tlsfeatures_deinit(feat); - /* check whether a single TLSFeat with another value will fail verification */ - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + /* check whether a single TLSFeat with another value will fail verification */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0); - assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); + assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0); + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); - gnutls_x509_tlsfeatures_deinit(feat); - gnutls_x509_crt_deinit(crt); + gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_crt_deinit(crt); gnutls_global_deinit(); } diff --git a/tests/tlsfeature-ext.c b/tests/tlsfeature-ext.c index 0c313b4716..ce028cd202 100644 --- a/tests/tlsfeature-ext.c +++ b/tests/tlsfeature-ext.c @@ -71,80 +71,80 @@ void doit(void) if (ret < 0) fail("init %d\n", ret); - /* init and write >1 features - */ - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + /* init and write >1 features + */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - assert(gnutls_x509_tlsfeatures_add(feat, 2) >= 0); - assert(gnutls_x509_tlsfeatures_add(feat, 3) >= 0); - assert(gnutls_x509_tlsfeatures_add(feat, 5) >= 0); - assert(gnutls_x509_tlsfeatures_add(feat, 7) >= 0); - assert(gnutls_x509_tlsfeatures_add(feat, 11) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 2) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 3) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 5) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 7) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 11) >= 0); - assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0); + assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0); - gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_tlsfeatures_deinit(feat); - /* re-load and read - */ - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + /* re-load and read + */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0); + assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0); - assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0); - assert(out == 2); + assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0); + assert(out == 2); - assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) >= 0); - assert(out == 3); + assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) >= 0); + assert(out == 3); - assert(gnutls_x509_tlsfeatures_get(feat, 2, &out) >= 0); - assert(out == 5); + assert(gnutls_x509_tlsfeatures_get(feat, 2, &out) >= 0); + assert(out == 5); - assert(gnutls_x509_tlsfeatures_get(feat, 3, &out) >= 0); - assert(out == 7); + assert(gnutls_x509_tlsfeatures_get(feat, 3, &out) >= 0); + assert(out == 7); - assert(gnutls_x509_tlsfeatures_get(feat, 4, &out) >= 0); - assert(out == 11); + assert(gnutls_x509_tlsfeatures_get(feat, 4, &out) >= 0); + assert(out == 11); - gnutls_x509_tlsfeatures_deinit(feat); - gnutls_free(der.data); + gnutls_x509_tlsfeatures_deinit(feat); + gnutls_free(der.data); - /* check whether no feature is acceptable */ - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + /* check whether no feature is acceptable */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0); + assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0); - gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_tlsfeatures_deinit(feat); - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0); + assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0); - assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_tlsfeatures_deinit(feat); - gnutls_free(der.data); + gnutls_free(der.data); - /* check whether we can add a reasonable number of features */ - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + /* check whether we can add a reasonable number of features */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - for (i=0;i<128;i++) { - ret = gnutls_x509_tlsfeatures_add(feat, i); - if (ret < 0) { - assert(i>=32); - assert(ret == GNUTLS_E_INTERNAL_ERROR); - } - } + for (i=0;i<128;i++) { + ret = gnutls_x509_tlsfeatures_add(feat, i); + if (ret < 0) { + assert(i>=32); + assert(ret == GNUTLS_E_INTERNAL_ERROR); + } + } - gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_tlsfeatures_deinit(feat); - /* check whether we can import a very long list */ - assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + /* check whether we can import a very long list */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); - assert(gnutls_x509_ext_import_tlsfeatures(&der_long, feat, 0) == GNUTLS_E_INTERNAL_ERROR); + assert(gnutls_x509_ext_import_tlsfeatures(&der_long, feat, 0) == GNUTLS_E_INTERNAL_ERROR); - gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_tlsfeatures_deinit(feat); gnutls_global_deinit(); } diff --git a/tests/utils-adv.c b/tests/utils-adv.c index 9e6ffdb9f3..8dbc441560 100644 --- a/tests/utils-adv.c +++ b/tests/utils-adv.c @@ -40,7 +40,7 @@ void test_cli_serv(gnutls_certificate_credentials_t server_cred, gnutls_certificate_credentials_t client_cred, const char *prio, const char *host, - void *priv, callback_func *client_cb, callback_func *server_cb) + void *priv, callback_func *client_cb, callback_func *server_cb) { int exit_code = EXIT_SUCCESS; int ret; @@ -57,7 +57,7 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred, /* Init server */ gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - server_cred); + server_cred); gnutls_priority_set_direct(server, prio, NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -71,7 +71,7 @@ test_cli_serv(gnutls_certificate_credentials_t server_cred, assert(gnutls_server_name_set(client, GNUTLS_NAME_DNS, host, strlen(host))>=0); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - client_cred); + client_cred); if (ret < 0) exit(1); diff --git a/tests/utils.c b/tests/utils.c index 16649a79da..21ef9d641d 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -215,14 +215,14 @@ void binprint(const void *_str, size_t len) printf("\t;; "); for (i = 0; i < len; i++) { printf("%d%d%d%d%d%d%d%d ", - (str[i] & 0xFF) & 0x80 ? 1 : 0, - (str[i] & 0xFF) & 0x40 ? 1 : 0, - (str[i] & 0xFF) & 0x20 ? 1 : 0, - (str[i] & 0xFF) & 0x10 ? 1 : 0, - (str[i] & 0xFF) & 0x08 ? 1 : 0, - (str[i] & 0xFF) & 0x04 ? 1 : 0, - (str[i] & 0xFF) & 0x02 ? 1 : 0, - (str[i] & 0xFF) & 0x01 ? 1 : 0); + (str[i] & 0xFF) & 0x80 ? 1 : 0, + (str[i] & 0xFF) & 0x40 ? 1 : 0, + (str[i] & 0xFF) & 0x20 ? 1 : 0, + (str[i] & 0xFF) & 0x10 ? 1 : 0, + (str[i] & 0xFF) & 0x08 ? 1 : 0, + (str[i] & 0xFF) & 0x04 ? 1 : 0, + (str[i] & 0xFF) & 0x02 ? 1 : 0, + (str[i] & 0xFF) & 0x01 ? 1 : 0); if ((i + 1) % 3 == 0) printf(" "); if ((i + 1) % 6 == 0 && i + 1 < len) @@ -254,7 +254,7 @@ int main(int argc, char *argv[]) if (debug || error_count > 0) printf("Self test `%s' finished with %d errors\n", argv[0], - error_count); + error_count); return error_count ? 1 : 0; } diff --git a/tests/version-checks.c b/tests/version-checks.c index 64755b556f..588d5776e2 100644 --- a/tests/version-checks.c +++ b/tests/version-checks.c @@ -84,7 +84,7 @@ static void try(const char *client_prio, int expected) gnutls_init(&server, GNUTLS_SERVER|flags); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + serverx509cred); assert(gnutls_priority_set_direct(server, server_prio, @@ -109,7 +109,7 @@ static void try(const char *client_prio, int expected) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); diff --git a/tests/windows/cng-windows.c b/tests/windows/cng-windows.c index e92f7b037e..3c3edf6f6d 100644 --- a/tests/windows/cng-windows.c +++ b/tests/windows/cng-windows.c @@ -151,7 +151,7 @@ void test_sig(void) /* test the raw interface DigestInfo */ - ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info); + ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info); assert(ret >= 0); ret = diff --git a/tests/windows/crypt32.c b/tests/windows/crypt32.c index 9d51a2938f..11325f7beb 100644 --- a/tests/windows/crypt32.c +++ b/tests/windows/crypt32.c @@ -67,7 +67,7 @@ __declspec(dllexport) PCCERT_CONTEXT WINAPI CertFindCertificateInStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, - const void *pvFindPara, PCCERT_CONTEXT pPrevCertContext) + const void *pvFindPara, PCCERT_CONTEXT pPrevCertContext) { //CRYPT_HASH_BLOB *blob = (void*)pvFindPara; @@ -163,7 +163,7 @@ BOOL WINAPI CryptAcquireContextW(HCRYPTPROV *phProv, LPCWSTR szContainer, __declspec(dllexport) BOOL WINAPI CryptDecrypt(HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, - DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen) + DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen) { return 0; } diff --git a/tests/x509-extensions.c b/tests/x509-extensions.c index c7c821cbe0..d480f83646 100644 --- a/tests/x509-extensions.c +++ b/tests/x509-extensions.c @@ -725,7 +725,7 @@ void doit(void) oid_len = sizeof(oid); ret = gnutls_x509_crt_get_extension_info(cert, i, oid, &oid_len, - &critical); + &critical); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (i != 9) { fail("unexpected number of extensions: %d\n", diff --git a/tests/x509cert-tl.c b/tests/x509cert-tl.c index fef0158b49..e636ccc0a9 100644 --- a/tests/x509cert-tl.c +++ b/tests/x509cert-tl.c @@ -320,7 +320,7 @@ void doit(void) vdata.size = NAME_SIZE; ret = gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1, - 0, &status, NULL); + 0, &status, NULL); if (ret < 0 || status != 0) fail("gnutls_x509_trust_list_verify_crt2 - 1: status: %x\n", status); @@ -329,7 +329,7 @@ void doit(void) vdata.size = NAME_SIZE-2; ret = gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1, - 0, &status, NULL); + 0, &status, NULL); if (ret < 0 || status == 0) fail("gnutls_x509_trust_list_verify_crt2 - 2: status: %x\n", status); diff --git a/tests/x509cert.c b/tests/x509cert.c index 32360bd2c4..13f0ed3aaf 100644 --- a/tests/x509cert.c +++ b/tests/x509cert.c @@ -144,8 +144,8 @@ void doit(void) ret = gnutls_x509_privkey_export2(get_key, - GNUTLS_X509_FMT_PEM, - &get_datum); + GNUTLS_X509_FMT_PEM, + &get_datum); if (ret < 0) fail("gnutls_x509_privkey_export2"); @@ -190,13 +190,13 @@ void doit(void) n_get_ca_crts = 0; trust_iter = NULL; while (gnutls_x509_trust_list_iter_get_ca(trust_list, - &trust_iter, - &get_ca_crt) != - GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + &trust_iter, + &get_ca_crt) != + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { ret = gnutls_x509_crt_export2(get_ca_crt, - GNUTLS_X509_FMT_PEM, - &get_datum); + GNUTLS_X509_FMT_PEM, + &get_datum); if (ret < 0) fail("gnutls_x509_crt_export2"); diff --git a/tests/x509dn.c b/tests/x509dn.c index f9b5a7be6d..d84151149a 100644 --- a/tests/x509dn.c +++ b/tests/x509dn.c @@ -85,7 +85,7 @@ cert_callback(gnutls_session_t session, if (nreqs != 1) { fail("client: invoked to provide client cert, but %d CAs are requested by server.\n", - nreqs); + nreqs); return -1; } @@ -111,7 +111,7 @@ cert_callback(gnutls_session_t session, if (val.value.size == strlen(EXPECT_RDN0) && strncmp((char *) val.value.data, - EXPECT_RDN0, val.value.size) == 0) { + EXPECT_RDN0, val.value.size) == 0) { if (debug) success ("client: RND 0 correct.\n"); diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c index c5850e03b1..5379f36841 100644 --- a/tests/x509sign-verify.c +++ b/tests/x509sign-verify.c @@ -174,7 +174,7 @@ void doit(void) ret = gnutls_x509_privkey_import(key, &key_dat[i], - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) fail("gnutls_x509_privkey_import\n"); @@ -191,12 +191,12 @@ void doit(void) fail("gnutls_privkey_import_x509\n"); ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0, - &hash_data, &signature2); + &hash_data, &signature2); if (ret < 0) fail("gnutls_privkey_sign_hash\n"); ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, - &raw_data, &signature); + &raw_data, &signature); if (ret < 0) fail("gnutls_x509_privkey_sign_hash\n"); @@ -245,15 +245,15 @@ void doit(void) ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0, - &hash_data, &signature2); + &hash_data, &signature2); if (ret < 0) fail("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n"); /* should fail */ ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0, - &invalid_hash_data, - &signature2); + &invalid_hash_data, + &signature2); if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) fail("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n"); @@ -280,9 +280,9 @@ void doit(void) ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, - GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, - &hash_data, - &signature); + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + &hash_data, + &signature); if (ret < 0) fail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n"); @@ -290,17 +290,17 @@ void doit(void) /* test the legacy API */ ret = gnutls_privkey_sign_raw_data(privkey, 0, - &hash_data, - &signature); + &hash_data, + &signature); if (ret < 0) fail("gnutls_privkey_sign_raw_data: %s\n", gnutls_strerror(ret)); ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, - GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, - &hash_data, - &signature); + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + &hash_data, + &signature); if (ret < 0) fail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n"); } diff --git a/tests/x509sign-verify2.c b/tests/x509sign-verify2.c index 157305e60f..dd54cfed18 100644 --- a/tests/x509sign-verify2.c +++ b/tests/x509sign-verify2.c @@ -125,17 +125,17 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits) ret = gnutls_pubkey_verify_hash2(pubkey, - sign_algo, 0, - hash_data, &signature); + sign_algo, 0, + hash_data, &signature); if (ret < 0) ERR(__LINE__); /* should fail */ ret = gnutls_pubkey_verify_hash2(pubkey, - sign_algo, 0, - &invalid_hash_data, - &signature); + sign_algo, 0, + &invalid_hash_data, + &signature); if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) ERR(__LINE__); @@ -145,15 +145,15 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits) ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0, - hash_data, &signature); + hash_data, &signature); if (ret < 0) ERR(__LINE__); /* should fail */ ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0, - &invalid_hash_data, - &signature); + &invalid_hash_data, + &signature); if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) ERR(__LINE__); @@ -178,10 +178,10 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits) ret = gnutls_pubkey_verify_hash2(pubkey, - sign_algo, - GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, - hash_data, - &signature); + sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); if (ret < 0) ERR(__LINE__); |