diff options
Diffstat (limited to 'lib/pubkey.c')
-rw-r--r-- | lib/pubkey.c | 641 |
1 files changed, 289 insertions, 352 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index a396e56f26..a783371b16 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -38,19 +38,18 @@ #include "urls.h" #include <ecc.h> -static int -pubkey_verify_hashed_data(const gnutls_sign_entry_st * se, - const mac_entry_st * me, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_params_st * params, - gnutls_x509_spki_st * sign_params, unsigned flags); - -static -int pubkey_supports_sig(gnutls_pubkey_t pubkey, - const gnutls_sign_entry_st * se); - -unsigned pubkey_to_bits(const gnutls_pk_params_st * params) +static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se, + const mac_entry_st *me, + const gnutls_datum_t *hash, + const gnutls_datum_t *signature, + gnutls_pk_params_st *params, + gnutls_x509_spki_st *sign_params, + unsigned flags); + +static int pubkey_supports_sig(gnutls_pubkey_t pubkey, + const gnutls_sign_entry_st *se); + +unsigned pubkey_to_bits(const gnutls_pk_params_st *params) { switch (params->algo) { case GNUTLS_PK_RSA: @@ -125,7 +124,7 @@ int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage) * * Since: 2.12.0 **/ -int gnutls_pubkey_init(gnutls_pubkey_t * key) +int gnutls_pubkey_init(gnutls_pubkey_t *key) { *key = NULL; FAIL_IF_LIB_ERROR; @@ -169,9 +168,8 @@ void gnutls_pubkey_deinit(gnutls_pubkey_t key) * * Since: 2.12.0 **/ -int -gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt, - unsigned int flags) +int gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt, + unsigned int flags) { int ret; @@ -211,9 +209,8 @@ gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt, * * Since: 3.1.5 **/ -int -gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq, - unsigned int flags) +int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq, + unsigned int flags) { int ret; @@ -253,9 +250,8 @@ gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq, * * Since: 2.12.0 **/ -int -gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey, - unsigned int usage, unsigned int flags) +int gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey, + unsigned int usage, unsigned int flags) { gnutls_pk_params_release(&key->params); gnutls_pk_params_init(&key->params); @@ -284,10 +280,9 @@ gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey, * * Since: 2.12.0 **/ -int -gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) +int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, + gnutls_digest_algorithm_t *hash, + unsigned int *mand) { int ret; const mac_entry_st *me; @@ -309,7 +304,7 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, me = _gnutls_dsa_q_to_hash(&key->params, NULL); if (hash) - *hash = (gnutls_digest_algorithm_t) me->id; + *hash = (gnutls_digest_algorithm_t)me->id; ret = 0; break; @@ -343,18 +338,16 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, if (key->params.spki.rsa_pss_dig) { *hash = key->params.spki.rsa_pss_dig; } else { - *hash = - _gnutls_pk_bits_to_sha_hash(pubkey_to_bits - (&key->params)); + *hash = _gnutls_pk_bits_to_sha_hash( + pubkey_to_bits(&key->params)); } } ret = 0; break; case GNUTLS_PK_RSA: if (hash) - *hash = - _gnutls_pk_bits_to_sha_hash(pubkey_to_bits - (&key->params)); + *hash = _gnutls_pk_bits_to_sha_hash( + pubkey_to_bits(&key->params)); ret = 0; break; @@ -371,8 +364,8 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, /* The EC_PARAMS attribute can contain either printable string with curve name * or OID defined in RFC 8410 */ static int -gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t * parameters, - gnutls_ecc_curve_t * outcurve) +gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters, + gnutls_ecc_curve_t *outcurve) { gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID; asn1_node asn1 = NULL; @@ -427,8 +420,8 @@ gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t * parameters, curve = gnutls_oid_to_ecc_curve(str); if (curve != GNUTLS_ECC_CURVE_ED25519 && curve != GNUTLS_ECC_CURVE_ED448) { - _gnutls_debug_log - ("Curve %s is not supported for EdDSA\n", str); + _gnutls_debug_log( + "Curve %s is not supported for EdDSA\n", str); gnutls_assert(); curve = GNUTLS_ECC_CURVE_INVALID; ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE; @@ -467,16 +460,15 @@ gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t * parameters, break; } - cleanup: +cleanup: asn1_delete_structure(&asn1); *outcurve = curve; return ret; } -static int -gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key, - const gnutls_datum_t * parameters, - const gnutls_datum_t * ecpoint) +static int gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key, + const gnutls_datum_t *parameters, + const gnutls_datum_t *ecpoint) { int ret; @@ -488,9 +480,8 @@ gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key, return gnutls_assert_val(ret); } - ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - ecpoint->data, ecpoint->size, - &raw_point, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, ecpoint->data, + ecpoint->size, &raw_point, 0); if (ret < 0) { gnutls_assert(); gnutls_free(raw_point.data); @@ -503,9 +494,8 @@ gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key, } /* Same as above, but for Edwards key agreement */ -static int -gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t * parameters, - gnutls_ecc_curve_t * outcurve) +static int gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t *parameters, + gnutls_ecc_curve_t *outcurve) { gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID; asn1_node asn1 = NULL; @@ -560,9 +550,9 @@ gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t * parameters, curve = gnutls_oid_to_ecc_curve(str); if (curve != GNUTLS_ECC_CURVE_X25519 && curve != GNUTLS_ECC_CURVE_X448) { - _gnutls_debug_log - ("Curve %s is not supported for Edwards-based key agreement\n", - str); + _gnutls_debug_log( + "Curve %s is not supported for Edwards-based key agreement\n", + str); gnutls_assert(); curve = GNUTLS_ECC_CURVE_INVALID; ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE; @@ -601,16 +591,15 @@ gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t * parameters, break; } - cleanup: +cleanup: asn1_delete_structure(&asn1); *outcurve = curve; return ret; } -static int -gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key, - const gnutls_datum_t * parameters, - const gnutls_datum_t * ecpoint) +static int gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key, + const gnutls_datum_t *parameters, + const gnutls_datum_t *ecpoint) { int ret; @@ -622,9 +611,8 @@ gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key, return gnutls_assert_val(ret); } - ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - ecpoint->data, ecpoint->size, - &raw_point, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, ecpoint->data, + ecpoint->size, &raw_point, 0); if (ret < 0) { gnutls_assert(); gnutls_free(raw_point.data); @@ -650,15 +638,14 @@ gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key, * * Since: 2.12.0 **/ -int -gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, - gnutls_pkcs11_obj_t obj, unsigned int flags) +int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, gnutls_pkcs11_obj_t obj, + unsigned int flags) { int ret, type; type = gnutls_pkcs11_obj_get_type(obj); - if (type != GNUTLS_PKCS11_OBJ_PUBKEY - && type != GNUTLS_PKCS11_OBJ_X509_CRT) { + if (type != GNUTLS_PKCS11_OBJ_PUBKEY && + type != GNUTLS_PKCS11_OBJ_X509_CRT) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } @@ -668,8 +655,7 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, ret = gnutls_x509_crt_init(&xcrt); if (ret < 0) { - gnutls_assert() - return ret; + gnutls_assert() return ret; } ret = gnutls_x509_crt_import_pkcs11(xcrt, obj); @@ -684,13 +670,13 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, goto cleanup_crt; } - ret = - gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL); + ret = gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, + NULL); if (ret < 0) key->key_usage = 0; ret = 0; - cleanup_crt: + cleanup_crt: gnutls_x509_crt_deinit(xcrt); return ret; } @@ -734,7 +720,7 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, return 0; } -#endif /* ENABLE_PKCS11 */ +#endif /* ENABLE_PKCS11 */ /** * gnutls_pubkey_export: @@ -760,10 +746,8 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, * * Since: 2.12.0 **/ -int -gnutls_pubkey_export(gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_pubkey_export(gnutls_pubkey_t key, gnutls_x509_crt_fmt_t format, + void *output_data, size_t *output_data_size) { int result; asn1_node spk = NULL; @@ -773,9 +757,9 @@ gnutls_pubkey_export(gnutls_pubkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.SubjectPublicKeyInfo", + &spk)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -786,8 +770,7 @@ gnutls_pubkey_export(gnutls_pubkey_t key, goto cleanup; } - result = _gnutls_x509_export_int_named(spk, "", - format, PEM_PK, + result = _gnutls_x509_export_int_named(spk, "", format, PEM_PK, output_data, output_data_size); if (result < 0) { gnutls_assert(); @@ -796,7 +779,7 @@ gnutls_pubkey_export(gnutls_pubkey_t key, result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return result; @@ -822,9 +805,8 @@ gnutls_pubkey_export(gnutls_pubkey_t key, * * Since: 3.1.3 **/ -int -gnutls_pubkey_export2(gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_pubkey_export2(gnutls_pubkey_t key, gnutls_x509_crt_fmt_t format, + gnutls_datum_t *out) { int result; asn1_node spk = NULL; @@ -834,9 +816,9 @@ gnutls_pubkey_export2(gnutls_pubkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.SubjectPublicKeyInfo", + &spk)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -855,7 +837,7 @@ gnutls_pubkey_export2(gnutls_pubkey_t key, result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return result; @@ -883,9 +865,9 @@ gnutls_pubkey_export2(gnutls_pubkey_t key, * * Since: 2.12.0 **/ -int -gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, size_t *output_data_size) +int gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags, + unsigned char *output_data, + size_t *output_data_size) { int ret = 0; @@ -894,9 +876,8 @@ gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags, return GNUTLS_E_INVALID_REQUEST; } - ret = - _gnutls_get_key_id(&key->params, - output_data, output_data_size, flags); + ret = _gnutls_get_key_id(&key->params, output_data, output_data_size, + flags); if (ret < 0) { gnutls_assert(); return ret; @@ -922,10 +903,8 @@ gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags, * * Since: 3.6.0 **/ -int -gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - unsigned flags) +int gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key, gnutls_datum_t *m, + gnutls_datum_t *e, unsigned flags) { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; @@ -979,9 +958,8 @@ gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key, * * Since: 3.3.0 **/ -int -gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e) +int gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key, gnutls_datum_t *m, + gnutls_datum_t *e) { return gnutls_pubkey_export_rsa_raw2(key, m, e, 0); } @@ -1004,10 +982,9 @@ gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key, * * Since: 3.3.0 **/ -int -gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) +int gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key, gnutls_datum_t *p, + gnutls_datum_t *q, gnutls_datum_t *g, + gnutls_datum_t *y) { return gnutls_pubkey_export_dsa_raw2(key, p, q, g, y, 0); } @@ -1031,11 +1008,9 @@ gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key, * * Since: 3.6.0 **/ -int -gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, - unsigned flags) +int gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key, gnutls_datum_t *p, + gnutls_datum_t *q, gnutls_datum_t *g, + gnutls_datum_t *y, unsigned flags) { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; @@ -1118,10 +1093,8 @@ gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key, * * Since: 3.0 **/ -int -gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, - gnutls_ecc_curve_t * curve, - gnutls_datum_t * x, gnutls_datum_t * y) +int gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t *curve, + gnutls_datum_t *x, gnutls_datum_t *y) { return gnutls_pubkey_export_ecc_raw2(key, curve, x, y, 0); } @@ -1147,11 +1120,9 @@ gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, * * Since: 3.6.0 **/ -int -gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, - gnutls_ecc_curve_t * curve, - gnutls_datum_t * x, gnutls_datum_t * y, - unsigned int flags) +int gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, + gnutls_ecc_curve_t *curve, gnutls_datum_t *x, + gnutls_datum_t *y, unsigned int flags) { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; @@ -1177,9 +1148,8 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, key->params.algo == GNUTLS_PK_ECDH_X25519 || key->params.algo == GNUTLS_PK_ECDH_X448) { if (x) { - ret = - _gnutls_set_datum(x, key->params.raw_pub.data, - key->params.raw_pub.size); + ret = _gnutls_set_datum(x, key->params.raw_pub.data, + key->params.raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); } @@ -1229,8 +1199,8 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, * Since: 3.3.0 **/ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, - gnutls_datum_t * parameters, - gnutls_datum_t * ecpoint) + gnutls_datum_t *parameters, + gnutls_datum_t *ecpoint) { int ret; gnutls_datum_t raw_point = { NULL, 0 }; @@ -1258,7 +1228,7 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, } ret = 0; - cleanup: +cleanup: gnutls_free(raw_point.data); return ret; } @@ -1284,13 +1254,12 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, * * Since: 3.6.3 **/ -int -gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key, - gnutls_ecc_curve_t * curve, - gnutls_digest_algorithm_t * digest, - gnutls_gost_paramset_t * paramset, - gnutls_datum_t * x, gnutls_datum_t * y, - unsigned int flags) +int gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key, + gnutls_ecc_curve_t *curve, + gnutls_digest_algorithm_t *digest, + gnutls_gost_paramset_t *paramset, + gnutls_datum_t *x, gnutls_datum_t *y, + unsigned int flags) { int ret; @@ -1356,9 +1325,8 @@ gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key, * * Since: 2.12.0 **/ -int -gnutls_pubkey_import(gnutls_pubkey_t key, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format) +int gnutls_pubkey_import(gnutls_pubkey_t key, const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -1376,9 +1344,8 @@ gnutls_pubkey_import(gnutls_pubkey_t key, */ if (format == GNUTLS_X509_FMT_PEM) { /* Try the first header */ - result = - _gnutls_fbase64_decode(PEM_PK, data->data, - data->size, &_data); + result = _gnutls_fbase64_decode(PEM_PK, data->data, data->size, + &_data); if (result < 0) { gnutls_assert(); @@ -1388,9 +1355,9 @@ gnutls_pubkey_import(gnutls_pubkey_t key, need_free = 1; } - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.SubjectPublicKeyInfo", + &spk)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -1412,7 +1379,7 @@ gnutls_pubkey_import(gnutls_pubkey_t key, key->bits = pubkey_to_bits(&key->params); result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); if (need_free) @@ -1442,9 +1409,8 @@ int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key) return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - &key->params); + result = _gnutls_x509_encode_and_copy_PKI_params( + crt->cert, "tbsCertificate.subjectPublicKeyInfo", &key->params); if (result < 0) { gnutls_assert(); @@ -1479,8 +1445,9 @@ int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key) return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_encode_and_copy_PKI_params - (crq->crq, "certificationRequestInfo.subjectPKInfo", &key->params); + result = _gnutls_x509_encode_and_copy_PKI_params( + crq->crq, "certificationRequestInfo.subjectPKInfo", + &key->params); if (result < 0) { gnutls_assert(); @@ -1516,7 +1483,7 @@ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage) #ifdef ENABLE_PKCS11 -# if 0 +#if 0 /** * gnutls_pubkey_import_pkcs11_url: * @key: A key of type #gnutls_pubkey_t @@ -1537,11 +1504,10 @@ gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, { int x; } -# endif +#endif -static int -_gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, - unsigned int flags) +static int _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, + const char *url, unsigned int flags) { gnutls_pkcs11_obj_t pcrt; int ret; @@ -1556,10 +1522,8 @@ _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb, key->pin.data); - ret = - gnutls_pkcs11_obj_import_url(pcrt, url, - flags | - GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY); + ret = gnutls_pkcs11_obj_import_url( + pcrt, url, flags | GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1572,14 +1536,14 @@ _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, } ret = 0; - cleanup: +cleanup: gnutls_pkcs11_obj_deinit(pcrt); return ret; } -#endif /* ENABLE_PKCS11 */ +#endif /* ENABLE_PKCS11 */ /** * gnutls_pubkey_import_url: @@ -1594,20 +1558,17 @@ _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, * * Since: 3.1.0 **/ -int -gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url, - unsigned int flags) +int gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url, + unsigned int flags) { unsigned i; for (i = 0; i < _gnutls_custom_urls_size; i++) { - if (strncmp - (url, _gnutls_custom_urls[i].name, - _gnutls_custom_urls[i].name_size) == 0) { + if (strncmp(url, _gnutls_custom_urls[i].name, + _gnutls_custom_urls[i].name_size) == 0) { if (_gnutls_custom_urls[i].import_pubkey) - return _gnutls_custom_urls[i].import_pubkey(key, - url, - flags); + return _gnutls_custom_urls[i].import_pubkey( + key, url, flags); } } @@ -1642,9 +1603,8 @@ gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url, * * Since: 2.12.0 **/ -int -gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, - const gnutls_datum_t * m, const gnutls_datum_t * e) +int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *m, + const gnutls_datum_t *e) { if (key == NULL) { gnutls_assert(); @@ -1654,12 +1614,14 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, gnutls_pk_params_release(&key->params); gnutls_pk_params_init(&key->params); - if (_gnutls_mpi_init_scan_nz(&key->params.params[0], m->data, m->size)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[0], m->data, + m->size)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_init_scan_nz(&key->params.params[1], e->data, e->size)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[1], e->data, + e->size)) { gnutls_assert(); _gnutls_mpi_release(&key->params.params[0]); return GNUTLS_E_MPI_SCAN_FAILED; @@ -1690,10 +1652,9 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, * * Since: 3.0 **/ -int -gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, - gnutls_ecc_curve_t curve, - const gnutls_datum_t * x, const gnutls_datum_t * y) +int gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve, + const gnutls_datum_t *x, + const gnutls_datum_t *y) { int ret; @@ -1742,16 +1703,16 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, key->params.curve = curve; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[ECC_X], x->data, x->size)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[ECC_X], x->data, + x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[ECC_Y], y->data, y->size)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[ECC_Y], y->data, + y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -1762,7 +1723,7 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, return 0; - cleanup: +cleanup: gnutls_pk_params_release(&key->params); return ret; } @@ -1781,10 +1742,9 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, * * Since: 3.0 **/ -int -gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, - const gnutls_datum_t * parameters, - const gnutls_datum_t * ecpoint) +int gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, + const gnutls_datum_t *parameters, + const gnutls_datum_t *ecpoint) { int ret; gnutls_datum_t raw_point = { NULL, 0 }; @@ -1799,17 +1759,15 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, key->params.params_nr = 0; - ret = - _gnutls_x509_read_ecc_params(parameters->data, - parameters->size, &key->params.curve); + ret = _gnutls_x509_read_ecc_params(parameters->data, parameters->size, + &key->params.curve); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - ecpoint->data, ecpoint->size, - &raw_point, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, ecpoint->data, + ecpoint->size, &raw_point, 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1828,7 +1786,7 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, gnutls_free(raw_point.data); return 0; - cleanup: +cleanup: gnutls_pk_params_release(&key->params); gnutls_free(raw_point.data); return ret; @@ -1857,13 +1815,11 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, * * Since: 3.6.3 **/ -int -gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, - gnutls_ecc_curve_t curve, - gnutls_digest_algorithm_t digest, - gnutls_gost_paramset_t paramset, - const gnutls_datum_t * x, - const gnutls_datum_t * y) +int gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve, + gnutls_digest_algorithm_t digest, + gnutls_gost_paramset_t paramset, + const gnutls_datum_t *x, + const gnutls_datum_t *y) { int ret; gnutls_pk_algorithm_t pk_algo; @@ -1886,16 +1842,16 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, key->params.curve = curve; key->params.gost_params = paramset; - if (_gnutls_mpi_init_scan_le - (&key->params.params[GOST_X], x->data, x->size)) { + if (_gnutls_mpi_init_scan_le(&key->params.params[GOST_X], x->data, + x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; } key->params.params_nr++; - if (_gnutls_mpi_init_scan_le - (&key->params.params[GOST_Y], y->data, y->size)) { + if (_gnutls_mpi_init_scan_le(&key->params.params[GOST_Y], y->data, + y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -1905,7 +1861,7 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, return 0; - cleanup: +cleanup: gnutls_pk_params_release(&key->params); return ret; } @@ -1927,11 +1883,10 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, * * Since: 2.12.0 **/ -int -gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, const gnutls_datum_t * y) +int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *p, + const gnutls_datum_t *q, + const gnutls_datum_t *g, + const gnutls_datum_t *y) { size_t siz = 0; @@ -1978,16 +1933,15 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, key->bits = pubkey_to_bits(&key->params); return 0; - } /* Updates the gnutls_x509_spki_st parameters based on the signature * information, and reports any incompatibilities between the existing * parameters (if any) with the signature algorithm */ -static -int fixup_spki_params(const gnutls_pk_params_st * key_params, - const gnutls_sign_entry_st * se, const mac_entry_st * me, - gnutls_x509_spki_st * params) +static int fixup_spki_params(const gnutls_pk_params_st *key_params, + const gnutls_sign_entry_st *se, + const mac_entry_st *me, + gnutls_x509_spki_st *params) { unsigned bits; @@ -2008,8 +1962,8 @@ int fixup_spki_params(const gnutls_pk_params_st * key_params, /* The requested sign algorithm is RSA-PSS, while the * pubkey doesn't include parameter information. Fill * it with the same way as gnutls_privkey_sign*. */ - if (key_params->algo == GNUTLS_PK_RSA - || params->rsa_pss_dig == 0) { + if (key_params->algo == GNUTLS_PK_RSA || + params->rsa_pss_dig == 0) { bits = pubkey_to_bits(key_params); params->rsa_pss_dig = se->hash; ret = _gnutls_find_rsa_pss_salt_size(bits, me, 0); @@ -2021,7 +1975,8 @@ int fixup_spki_params(const gnutls_pk_params_st * key_params, if (params->rsa_pss_dig != se->hash) return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); - } else if (params->pk == GNUTLS_PK_DSA || params->pk == GNUTLS_PK_ECDSA) { + } else if (params->pk == GNUTLS_PK_DSA || + params->pk == GNUTLS_PK_ECDSA) { params->dsa_dig = se->hash; } @@ -2046,12 +2001,10 @@ int fixup_spki_params(const gnutls_pk_params_st * key_params, * * Since: 3.0 **/ -int -gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, - gnutls_sign_algorithm_t algo, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +int gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, + gnutls_sign_algorithm_t algo, unsigned int flags, + const gnutls_datum_t *data, + const gnutls_datum_t *signature) { int ret; const mac_entry_st *me; @@ -2115,12 +2068,10 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, * * Since: 3.0 **/ -int -gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, - gnutls_sign_algorithm_t algo, - unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) +int gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, + gnutls_sign_algorithm_t algo, unsigned int flags, + const gnutls_datum_t *hash, + const gnutls_datum_t *signature) { const mac_entry_st *me; gnutls_x509_spki_st params; @@ -2140,9 +2091,8 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, if (flags & GNUTLS_VERIFY_USE_TLS1_RSA) { if (!GNUTLS_PK_IS_RSA(key->params.algo)) - return - gnutls_assert_val - (GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); + return gnutls_assert_val( + GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); params.pk = GNUTLS_PK_RSA; /* we do not check for insecure algorithms with this flag */ return _gnutls_pk_verify(params.pk, hash, signature, @@ -2188,46 +2138,45 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, * * Since: 3.0 **/ -int -gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * plaintext, - gnutls_datum_t * ciphertext) +int gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags, + const gnutls_datum_t *plaintext, + gnutls_datum_t *ciphertext) { if (key == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_pk_encrypt(key->params.algo, ciphertext, - plaintext, &key->params); + return _gnutls_pk_encrypt(key->params.algo, ciphertext, plaintext, + &key->params); } -static -int pubkey_supports_sig(gnutls_pubkey_t pubkey, const gnutls_sign_entry_st * se) +static int pubkey_supports_sig(gnutls_pubkey_t pubkey, + const gnutls_sign_entry_st *se) { if (pubkey->params.algo == GNUTLS_PK_ECDSA && se->curve) { gnutls_ecc_curve_t curve = pubkey->params.curve; if (curve != se->curve) { - _gnutls_handshake_log - ("have key: ECDSA with %s/%d, with sign %s/%d\n", - gnutls_ecc_curve_get_name(curve), (int)curve, - se->name, se->id); - return - gnutls_assert_val - (GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); + _gnutls_handshake_log( + "have key: ECDSA with %s/%d, with sign %s/%d\n", + gnutls_ecc_curve_get_name(curve), (int)curve, + se->name, se->id); + return gnutls_assert_val( + GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); } } - if (se->pk != pubkey->params.algo) { /* if the PK algorithm of the signature differs to the one on the pubkey */ + if (se->pk != + pubkey->params + .algo) { /* if the PK algorithm of the signature differs to the one on the pubkey */ if (!sign_supports_priv_pk_algorithm(se, pubkey->params.algo)) { - _gnutls_handshake_log - ("have key: %s/%d, with sign %s/%d\n", - gnutls_pk_get_name(pubkey->params.algo), - pubkey->params.algo, se->name, se->id); - return - gnutls_assert_val - (GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); + _gnutls_handshake_log( + "have key: %s/%d, with sign %s/%d\n", + gnutls_pk_get_name(pubkey->params.algo), + pubkey->params.algo, se->name, se->id); + return gnutls_assert_val( + GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); } } @@ -2240,7 +2189,7 @@ int pubkey_supports_sig(gnutls_pubkey_t pubkey, const gnutls_sign_entry_st * se) */ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, gnutls_pubkey_t pubkey, - const version_entry_st * ver, + const version_entry_st *ver, gnutls_sign_algorithm_t sign) { unsigned int hash_size = 0; @@ -2264,22 +2213,21 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */ if (!_gnutls_version_has_selectable_sighash(ver)) { if (me->id != GNUTLS_MAC_SHA1) - return - gnutls_assert_val - (GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL); + return gnutls_assert_val( + GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL); } else if (se != NULL) { me = hash_to_entry(se->hash); sig_hash_size = _gnutls_hash_get_algo_len(me); if (sig_hash_size < hash_size) - _gnutls_audit_log(session, - "The hash size used in signature (%u) is less than the expected (%u)\n", - sig_hash_size, hash_size); + _gnutls_audit_log( + session, + "The hash size used in signature (%u) is less than the expected (%u)\n", + sig_hash_size, hash_size); } } else if (pubkey->params.algo == GNUTLS_PK_ECDSA) { - if (_gnutls_version_has_selectable_sighash(ver) - && se != NULL) { + if (_gnutls_version_has_selectable_sighash(ver) && se != NULL) { _gnutls_dsa_q_to_hash(&pubkey->params, &hash_size); me = hash_to_entry(se->hash); @@ -2287,26 +2235,26 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, sig_hash_size = _gnutls_hash_get_algo_len(me); if (sig_hash_size < hash_size) - _gnutls_audit_log(session, - "The hash size used in signature (%u) is less than the expected (%u)\n", - sig_hash_size, hash_size); + _gnutls_audit_log( + session, + "The hash size used in signature (%u) is less than the expected (%u)\n", + sig_hash_size, hash_size); } } else if (pubkey->params.algo == GNUTLS_PK_GOST_01 || pubkey->params.algo == GNUTLS_PK_GOST_12_256 || pubkey->params.algo == GNUTLS_PK_GOST_12_512) { - if (_gnutls_version_has_selectable_sighash(ver) - && se != NULL) { + if (_gnutls_version_has_selectable_sighash(ver) && se != NULL) { if (_gnutls_gost_digest(pubkey->params.algo) != se->hash) { - _gnutls_audit_log(session, - "The hash algo used in signature (%u) is not expected (%u)\n", - se->hash, - _gnutls_gost_digest - (pubkey->params.algo)); - return - gnutls_assert_val - (GNUTLS_E_CONSTRAINT_ERROR); + _gnutls_audit_log( + session, + "The hash algo used in signature (%u) is not expected (%u)\n", + se->hash, + _gnutls_gost_digest( + pubkey->params.algo)); + return gnutls_assert_val( + GNUTLS_E_CONSTRAINT_ERROR); } } @@ -2317,8 +2265,8 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, /* RSA PSS public keys are restricted to a single digest, i.e., signature */ - if (pubkey->params.spki.rsa_pss_dig - && pubkey->params.spki.rsa_pss_dig != se->hash) { + if (pubkey->params.spki.rsa_pss_dig && + pubkey->params.spki.rsa_pss_dig != se->hash) { return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); } } @@ -2328,7 +2276,7 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, /* Returns the public key. */ -int _gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params) +int _gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st *params) { return _gnutls_pk_params_copy(params, &key->params); } @@ -2338,14 +2286,13 @@ int _gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params) * params[0] is modulus * params[1] is public key */ -static int -_pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, - const mac_entry_st * me, - const gnutls_datum_t * text, - const gnutls_datum_t * prehash, - const gnutls_datum_t * signature, - gnutls_pk_params_st * params, - gnutls_x509_spki_st * sign_params) +static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, + const mac_entry_st *me, + const gnutls_datum_t *text, + const gnutls_datum_t *prehash, + const gnutls_datum_t *signature, + gnutls_pk_params_st *params, + gnutls_x509_spki_st *sign_params) { int ret; uint8_t md[MAX_HASH_SIZE], *cmp; @@ -2367,7 +2314,7 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_hash_fast((gnutls_digest_algorithm_t) me->id, + ret = _gnutls_hash_fast((gnutls_digest_algorithm_t)me->id, text->data, text->size, md); if (ret < 0) { gnutls_assert(); @@ -2391,8 +2338,8 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, case GNUTLS_MAC_SHA224: break; default: - _gnutls_switch_fips_state - (GNUTLS_FIPS140_OP_NOT_APPROVED); + _gnutls_switch_fips_state( + GNUTLS_FIPS140_OP_NOT_APPROVED); } /* decrypted is a BER encoded data of type DigestInfo @@ -2413,13 +2360,12 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, /* Hashes input data and verifies a signature. */ -static int -dsa_verify_hashed_data(gnutls_pk_algorithm_t pk, - const mac_entry_st * algo, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_params_st * params, - gnutls_x509_spki_st * sign_params) +static int dsa_verify_hashed_data(gnutls_pk_algorithm_t pk, + const mac_entry_st *algo, + const gnutls_datum_t *hash, + const gnutls_datum_t *signature, + gnutls_pk_params_st *params, + gnutls_x509_spki_st *sign_params) { gnutls_datum_t digest; unsigned int hash_len; @@ -2432,11 +2378,11 @@ dsa_verify_hashed_data(gnutls_pk_algorithm_t pk, /* SHA1 or better allowed */ if (!hash->data || hash->size < hash_len) { gnutls_assert(); - _gnutls_debug_log - ("Hash size (%d) does not correspond to hash %s(%d) or better.\n", - (int)hash->size, _gnutls_mac_get_name(algo), hash_len); + _gnutls_debug_log( + "Hash size (%d) does not correspond to hash %s(%d) or better.\n", + (int)hash->size, _gnutls_mac_get_name(algo), hash_len); - if (hash->size != 20) /* SHA1 is allowed */ + if (hash->size != 20) /* SHA1 is allowed */ return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); } @@ -2446,12 +2392,11 @@ dsa_verify_hashed_data(gnutls_pk_algorithm_t pk, return _gnutls_pk_verify(pk, &digest, signature, params, sign_params); } -static int -dsa_verify_data(gnutls_pk_algorithm_t pk, - const mac_entry_st * algo, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, - gnutls_pk_params_st * params, gnutls_x509_spki_st * sign_params) +static int dsa_verify_data(gnutls_pk_algorithm_t pk, const mac_entry_st *algo, + const gnutls_datum_t *data, + const gnutls_datum_t *signature, + gnutls_pk_params_st *params, + gnutls_x509_spki_st *sign_params) { int ret; uint8_t _digest[MAX_HASH_SIZE]; @@ -2460,8 +2405,8 @@ dsa_verify_data(gnutls_pk_algorithm_t pk, if (algo == NULL) algo = _gnutls_dsa_q_to_hash(params, NULL); - ret = _gnutls_hash_fast((gnutls_digest_algorithm_t) algo->id, - data->data, data->size, _digest); + ret = _gnutls_hash_fast((gnutls_digest_algorithm_t)algo->id, data->data, + data->size, _digest); if (ret < 0) return gnutls_assert_val(ret); @@ -2474,13 +2419,13 @@ dsa_verify_data(gnutls_pk_algorithm_t pk, /* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if * not verified, or 1 otherwise. */ -static int -pubkey_verify_hashed_data(const gnutls_sign_entry_st * se, - const mac_entry_st * me, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_params_st * params, - gnutls_x509_spki_st * sign_params, unsigned flags) +static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se, + const mac_entry_st *me, + const gnutls_datum_t *hash, + const gnutls_datum_t *signature, + gnutls_pk_params_st *params, + gnutls_x509_spki_st *sign_params, + unsigned flags) { int ret; @@ -2495,9 +2440,8 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se, case GNUTLS_PK_RSA: case GNUTLS_PK_RSA_PSS: - if (_pkcs1_rsa_verify_sig - (se->pk, me, NULL, hash, signature, params, - sign_params) != 0) { + if (_pkcs1_rsa_verify_sig(se->pk, me, NULL, hash, signature, + params, sign_params) != 0) { gnutls_assert(); return GNUTLS_E_PK_SIG_VERIFY_FAILED; } @@ -2509,8 +2453,8 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se, case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: case GNUTLS_PK_DSA: - if (dsa_verify_hashed_data - (se->pk, me, hash, signature, params, sign_params) != 0) { + if (dsa_verify_hashed_data(se->pk, me, hash, signature, params, + sign_params) != 0) { gnutls_assert(); return GNUTLS_E_PK_SIG_VERIFY_FAILED; } @@ -2519,11 +2463,10 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se, default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; - } - if (_gnutls_sign_is_secure2(se, 0) == 0 - && _gnutls_is_broken_sig_allowed(se, flags) == 0) { + if (_gnutls_sign_is_secure2(se, 0) == 0 && + _gnutls_is_broken_sig_allowed(se, flags) == 0) { return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY); } @@ -2533,13 +2476,11 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se, /* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if * not verified, or 1 otherwise. */ -int -pubkey_verify_data(const gnutls_sign_entry_st * se, - const mac_entry_st * me, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, - gnutls_pk_params_st * params, - gnutls_x509_spki_st * sign_params, unsigned flags) +int pubkey_verify_data(const gnutls_sign_entry_st *se, const mac_entry_st *me, + const gnutls_datum_t *data, + const gnutls_datum_t *signature, + gnutls_pk_params_st *params, + gnutls_x509_spki_st *sign_params, unsigned flags) { int ret; @@ -2553,9 +2494,8 @@ pubkey_verify_data(const gnutls_sign_entry_st * se, switch (se->pk) { case GNUTLS_PK_RSA: case GNUTLS_PK_RSA_PSS: - if (_pkcs1_rsa_verify_sig - (se->pk, me, data, NULL, signature, params, - sign_params) != 0) { + if (_pkcs1_rsa_verify_sig(se->pk, me, data, NULL, signature, + params, sign_params) != 0) { gnutls_assert(); return GNUTLS_E_PK_SIG_VERIFY_FAILED; } @@ -2564,8 +2504,8 @@ pubkey_verify_data(const gnutls_sign_entry_st * se, case GNUTLS_PK_EDDSA_ED25519: case GNUTLS_PK_EDDSA_ED448: - if (_gnutls_pk_verify - (se->pk, data, signature, params, sign_params) != 0) { + if (_gnutls_pk_verify(se->pk, data, signature, params, + sign_params) != 0) { gnutls_assert(); return GNUTLS_E_PK_SIG_VERIFY_FAILED; } @@ -2577,8 +2517,8 @@ pubkey_verify_data(const gnutls_sign_entry_st * se, case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: - if (dsa_verify_data - (se->pk, me, data, signature, params, sign_params) != 0) { + if (dsa_verify_data(se->pk, me, data, signature, params, + sign_params) != 0) { gnutls_assert(); return GNUTLS_E_PK_SIG_VERIFY_FAILED; } @@ -2587,19 +2527,18 @@ pubkey_verify_data(const gnutls_sign_entry_st * se, default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; - } - if (_gnutls_sign_is_secure2(se, 0) == 0 - && _gnutls_is_broken_sig_allowed(se, flags) == 0) { + if (_gnutls_sign_is_secure2(se, 0) == 0 && + _gnutls_is_broken_sig_allowed(se, flags) == 0) { return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY); } return 1; } -const mac_entry_st *_gnutls_dsa_q_to_hash(const gnutls_pk_params_st * - params, unsigned int *hash_len) +const mac_entry_st *_gnutls_dsa_q_to_hash(const gnutls_pk_params_st *params, + unsigned int *hash_len) { int bits = 0; int ret; @@ -2677,7 +2616,7 @@ void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key, * Since: 3.1.3 **/ int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey, - const gnutls_datum_t * data, + const gnutls_datum_t *data, gnutls_x509_crt_fmt_t format, unsigned int flags) { @@ -2702,7 +2641,7 @@ int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey, ret = 0; - cleanup: +cleanup: gnutls_x509_crt_deinit(xpriv); return ret; @@ -2746,9 +2685,8 @@ int gnutls_pubkey_verify_params(gnutls_pubkey_t key) * * Since: 3.6.0 **/ -int -gnutls_pubkey_get_spki(gnutls_pubkey_t pubkey, gnutls_x509_spki_t spki, - unsigned int flags) +int gnutls_pubkey_get_spki(gnutls_pubkey_t pubkey, gnutls_x509_spki_t spki, + unsigned int flags) { gnutls_x509_spki_t p = &pubkey->params.spki; @@ -2779,9 +2717,8 @@ gnutls_pubkey_get_spki(gnutls_pubkey_t pubkey, gnutls_x509_spki_t spki, * * Since: 3.6.0 **/ -int -gnutls_pubkey_set_spki(gnutls_pubkey_t pubkey, const gnutls_x509_spki_t spki, - unsigned int flags) +int gnutls_pubkey_set_spki(gnutls_pubkey_t pubkey, + const gnutls_x509_spki_t spki, unsigned int flags) { if (pubkey == NULL) { gnutls_assert(); |