summaryrefslogtreecommitdiff
path: root/lib/x509
diff options
context:
space:
mode:
Diffstat (limited to 'lib/x509')
-rw-r--r--lib/x509/common.c2
-rw-r--r--lib/x509/common.h2
-rw-r--r--lib/x509/crl.c4
-rw-r--r--lib/x509/crq.c2
-rw-r--r--lib/x509/email-verify.c6
-rw-r--r--lib/x509/extensions.c4
-rw-r--r--lib/x509/hostname-verify.c8
-rw-r--r--lib/x509/krb5.c90
-rw-r--r--lib/x509/name_constraints.c70
-rw-r--r--lib/x509/ocsp.c20
-rw-r--r--lib/x509/output.c2
-rw-r--r--lib/x509/pkcs12.c4
-rw-r--r--lib/x509/pkcs7-attrs.c29
-rw-r--r--lib/x509/pkcs7-crypt.c465
-rw-r--r--lib/x509/pkcs7.c494
-rw-r--r--lib/x509/privkey.c48
-rw-r--r--lib/x509/privkey_pkcs8.c2
-rw-r--r--lib/x509/time.c18
-rw-r--r--lib/x509/tls_features.c2
-rw-r--r--lib/x509/verify-high.c12
-rw-r--r--lib/x509/verify.c14
-rw-r--r--lib/x509/x509.c54
-rw-r--r--lib/x509/x509_ext.c4
-rw-r--r--lib/x509/x509_write.c29
24 files changed, 736 insertions, 649 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c
index dab7fbb582..6d72338d42 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1624,7 +1624,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert,
unsigned
_gnutls_check_valid_key_id(gnutls_datum_t *key_id,
- gnutls_x509_crt_t cert, time_t now)
+ gnutls_x509_crt_t cert, time_t now)
{
uint8_t id[MAX_KEY_ID_SIZE];
size_t id_size;
diff --git a/lib/x509/common.h b/lib/x509/common.h
index b2413c4511..6716939255 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -241,7 +241,7 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert,
gnutls_datum_t * rpubkey);
int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt,
- gnutls_datum_t * rpubkey);
+ gnutls_datum_t * rpubkey);
typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t);
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index ebda949fde..5f0abe301e 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -651,8 +651,8 @@ void gnutls_x509_crl_iter_deinit(gnutls_x509_crl_iter_t iter)
int
gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl,
gnutls_x509_crl_iter_t *iter,
- unsigned char *serial,
- size_t * serial_size, time_t * t)
+ unsigned char *serial,
+ size_t * serial_size, time_t * t)
{
int result, _serial_size;
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 51c0e17969..6a9cccaa5e 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -1690,7 +1690,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq,
ret = 0;
cleanup:
asn1_delete_structure(&c2);
- gnutls_free(extensions);
+ gnutls_free(extensions);
return ret;
}
diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c
index 1b0da2e3df..e6a3b1773c 100644
--- a/lib/x509/email-verify.c
+++ b/lib/x509/email-verify.c
@@ -159,8 +159,8 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
*/
ret = 0;
cleanup:
- if (a_email != email) {
- idn_free(a_email);
+ if (a_email != email) {
+ idn_free(a_email);
}
- return ret;
+ return ret;
}
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 8a92849db9..751c2986e6 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -904,6 +904,6 @@ _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
ret = 0;
cleanup:
- gnutls_x509_aki_deinit(aki);
- return ret;
+ gnutls_x509_aki_deinit(aki);
+ return ret;
}
diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c
index 06a8d42c05..fcbb987e64 100644
--- a/lib/x509/hostname-verify.c
+++ b/lib/x509/hostname-verify.c
@@ -118,7 +118,7 @@ static int has_embedded_null(const char *str, unsigned size)
**/
unsigned
gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
- const char *hostname, unsigned int flags)
+ const char *hostname, unsigned int flags)
{
char dnsname[MAX_CN];
size_t dnsnamesize;
@@ -262,8 +262,8 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
*/
ret = 0;
cleanup:
- if (a_hostname != hostname) {
- idn_free(a_hostname);
+ if (a_hostname != hostname) {
+ idn_free(a_hostname);
}
- return ret;
+ return ret;
}
diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c
index 1021a37914..dc8351f6fe 100644
--- a/lib/x509/krb5.c
+++ b/lib/x509/krb5.c
@@ -41,19 +41,19 @@ typedef struct krb5_principal_data {
extern const asn1_static_node krb5_asn1_tab[];
-static void cleanup_principal(krb5_principal_data *princ)
+static void cleanup_principal(krb5_principal_data * princ)
{
- unsigned i;
- if (princ) {
- gnutls_free(princ->realm);
- for (i=0;i<princ->length;i++)
- gnutls_free(princ->data[i]);
+ unsigned i;
+ if (princ) {
+ gnutls_free(princ->realm);
+ for (i = 0; i < princ->length; i++)
+ gnutls_free(princ->data[i]);
memset(princ, 0, sizeof(*princ));
gnutls_free(princ);
- }
+ }
}
-static krb5_principal_data* name_to_principal(const char *_name)
+static krb5_principal_data *name_to_principal(const char *_name)
{
krb5_principal_data *princ;
char *p, *p2, *sp;
@@ -78,7 +78,7 @@ static krb5_principal_data* name_to_principal(const char *_name)
goto fail;
}
- princ->realm = gnutls_strdup(p+1);
+ princ->realm = gnutls_strdup(p + 1);
if (princ->realm == NULL) {
gnutls_assert();
goto fail;
@@ -87,9 +87,11 @@ static krb5_principal_data* name_to_principal(const char *_name)
if (p == p2) {
p = strtok_r(name, "/", &sp);
- while(p) {
+ while (p) {
if (pos == MAX_COMPONENTS) {
- _gnutls_debug_log("%s: Cannot parse names with more than %d components\n", __func__, MAX_COMPONENTS);
+ _gnutls_debug_log
+ ("%s: Cannot parse names with more than %d components\n",
+ __func__, MAX_COMPONENTS);
goto fail;
}
@@ -105,12 +107,13 @@ static krb5_principal_data* name_to_principal(const char *_name)
p = strtok_r(NULL, "/", &sp);
}
- if ((princ->length == 2) && (strcmp (princ->data[0], "krbtgt") == 0)) {
- princ->type = 2; /* KRB_NT_SRV_INST */
+ if ((princ->length == 2)
+ && (strcmp(princ->data[0], "krbtgt") == 0)) {
+ princ->type = 2; /* KRB_NT_SRV_INST */
} else {
- princ->type = 1; /* KRB_NT_PRINCIPAL */
+ princ->type = 1; /* KRB_NT_PRINCIPAL */
}
- } else { /* enterprise */
+ } else { /* enterprise */
princ->data[0] = gnutls_strdup(name);
if (princ->data[0] == NULL) {
gnutls_assert();
@@ -118,13 +121,13 @@ static krb5_principal_data* name_to_principal(const char *_name)
}
princ->length++;
- princ->type = 10; /* KRB_NT_ENTERPRISE */
+ princ->type = 10; /* KRB_NT_ENTERPRISE */
}
goto cleanup;
fail:
- cleanup_principal(princ);
- princ = NULL;
+ cleanup_principal(princ);
+ princ = NULL;
cleanup:
gnutls_free(name);
@@ -135,7 +138,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
{
int ret, result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- krb5_principal_data * princ;
+ krb5_principal_data *princ;
unsigned i;
princ = name_to_principal(name);
@@ -145,7 +148,9 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
goto cleanup;
}
- result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2);
+ result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.KRB5PrincipalName", &c2);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -161,8 +166,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
}
result =
- asn1_write_value(c2, "principalName.name-type", &princ->type,
- 1);
+ asn1_write_value(c2, "principalName.name-type", &princ->type, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -171,8 +175,7 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
for (i = 0; i < princ->length; i++) {
result =
- asn1_write_value(c2, "principalName.name-string",
- "NEW", 1);
+ asn1_write_value(c2, "principalName.name-string", "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -203,10 +206,10 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der)
return ret;
}
-static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
+static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st * str)
{
- gnutls_datum_t realm = {NULL, 0};
- gnutls_datum_t component = {NULL, 0};
+ gnutls_datum_t realm = { NULL, 0 };
+ gnutls_datum_t component = { NULL, 0 };
unsigned char name_type[2];
int ret, result, len;
unsigned i;
@@ -219,29 +222,33 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
}
len = sizeof(name_type);
- result = asn1_read_value(c2, "principalName.name-type", name_type, &len);
+ result =
+ asn1_read_value(c2, "principalName.name-type", name_type, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- if (len != 1 || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) {
+ if (len != 1
+ || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) {
ret = GNUTLS_E_INVALID_REQUEST;
goto cleanup;
}
- for (i=0;;i++) {
- snprintf(val, sizeof(val), "principalName.name-string.?%u", i+1);
+ for (i = 0;; i++) {
+ snprintf(val, sizeof(val), "principalName.name-string.?%u",
+ i + 1);
ret = _gnutls_x509_read_value(c2, val, &component);
- if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND
+ || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
break;
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (i>0) {
+ if (i > 0) {
ret = _gnutls_buffer_append_data(str, "/", 1);
if (ret < 0) {
gnutls_assert();
@@ -249,7 +256,9 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
}
}
- ret = _gnutls_buffer_append_data(str, component.data, component.size);
+ ret =
+ _gnutls_buffer_append_data(str, component.data,
+ component.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -273,11 +282,12 @@ static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
ret = 0;
cleanup:
_gnutls_free_datum(&component);
- gnutls_free(realm.data);
- return ret;
+ gnutls_free(realm.data);
+ return ret;
}
-int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *name)
+int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der,
+ gnutls_datum_t * name)
{
int ret, result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
@@ -285,7 +295,9 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na
_gnutls_buffer_init(&str);
- result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2);
+ result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.KRB5PrincipalName", &c2);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -318,7 +330,7 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *na
return _gnutls_buffer_to_datum(&str, name, 1);
cleanup:
- _gnutls_buffer_clear(&str);
+ _gnutls_buffer_clear(&str);
asn1_delete_structure(&c2);
return ret;
}
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index 776e209825..98c0f0297d 100644
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -40,8 +40,8 @@
// for documentation see the implementation
static int name_constraints_intersect_nodes(name_constraints_node_st * nc1,
- name_constraints_node_st * nc2,
- name_constraints_node_st ** intersection);
+ name_constraints_node_st * nc2,
+ name_constraints_node_st ** intersection);
/*-
* is_nc_empty:
@@ -92,7 +92,7 @@ static unsigned is_nc_empty(struct gnutls_name_constraints_st* nc, unsigned type
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
-*/
static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t* name)
+ const gnutls_datum_t* name)
{
if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI &&
@@ -209,8 +209,8 @@ void _gnutls_name_constraints_node_free(name_constraints_node_st *node)
* Returns: Pointer to newly allocated node or NULL in case of memory error.
-*/
static name_constraints_node_st* name_constraints_node_new(unsigned type,
- unsigned char *data,
- unsigned int size)
+ unsigned char *data,
+ unsigned int size)
{
name_constraints_node_st *tmp = gnutls_malloc(sizeof(struct name_constraints_node_st));
if (tmp == NULL)
@@ -250,8 +250,8 @@ static name_constraints_node_st* name_constraints_node_new(unsigned type,
-*/
static
int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc,
- name_constraints_node_st * _nc2,
- name_constraints_node_st ** _nc_excluded)
+ name_constraints_node_st * _nc2,
+ name_constraints_node_st ** _nc_excluded)
{
name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL, *prev = NULL;
int ret, type, used;
@@ -335,7 +335,7 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc,
}
// if the node from nc2 was not used for intersection, copy it to DEST
// Beware: also copies nodes other than DNS, email, IP,
- // since their counterpart may have been moved in phase 1.
+ // since their counterpart may have been moved in phase 1.
if (!used) {
tmp = name_constraints_node_new(nc2->type, nc2->name.data, nc2->name.size);
if (tmp == NULL) {
@@ -451,9 +451,9 @@ static int _gnutls_name_constraints_append(name_constraints_node_st **_nc,
* Since: 3.3.0
**/
int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt,
- gnutls_x509_name_constraints_t nc,
- unsigned int flags,
- unsigned int *critical)
+ gnutls_x509_name_constraints_t nc,
+ unsigned int flags,
+ unsigned int *critical)
{
int ret;
gnutls_datum_t der = { NULL, 0 };
@@ -526,9 +526,9 @@ int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc)
static
int name_constraints_add(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name,
- unsigned permitted)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name,
+ unsigned permitted)
{
struct name_constraints_node_st * tmp, *prev = NULL;
int ret;
@@ -581,7 +581,7 @@ int name_constraints_add(gnutls_x509_name_constraints_t nc,
* Since: 3.5.0
-*/
int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
- gnutls_x509_name_constraints_t nc2)
+ gnutls_x509_name_constraints_t nc2)
{
int ret;
@@ -621,8 +621,8 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
return name_constraints_add(nc, type, name, 1);
}
@@ -645,8 +645,8 @@ int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
return name_constraints_add(nc, type, name, 0);
}
@@ -666,8 +666,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
* Since: 3.3.0
**/
int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt,
- gnutls_x509_name_constraints_t nc,
- unsigned int critical)
+ gnutls_x509_name_constraints_t nc,
+ unsigned int critical)
{
int ret;
gnutls_datum_t der;
@@ -760,7 +760,7 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t *
* @nc1: name constraints node 1
* @nc2: name constraints node 2
* @_intersection: newly allocated node with intersected constraints,
- * NULL if the intersection is empty
+ * NULL if the intersection is empty
*
* Inspect 2 name constraints nodes (of possibly different types) and allocate
* a new node with intersection of given constraints.
@@ -769,8 +769,8 @@ static unsigned email_matches(const gnutls_datum_t *name, const gnutls_datum_t *
-*/
static int
name_constraints_intersect_nodes(name_constraints_node_st * nc1,
- name_constraints_node_st * nc2,
- name_constraints_node_st ** _intersection)
+ name_constraints_node_st * nc2,
+ name_constraints_node_st ** _intersection)
{
// presume empty intersection
name_constraints_node_st *intersection = NULL;
@@ -1029,8 +1029,8 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc,
* Since: 3.3.0
**/
unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
if (type == GNUTLS_SAN_DNSNAME)
return check_dns_constraints(nc, name);
@@ -1049,8 +1049,8 @@ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc,
* is present in the CA, _and_ the name in the end certificate contains
* the constrained element. */
static int check_unsupported_constraint2(gnutls_x509_crt_t cert,
- gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type)
+ gnutls_x509_name_constraints_t nc,
+ gnutls_x509_subject_alt_name_t type)
{
unsigned idx, found_one;
char name[MAX_CN];
@@ -1102,8 +1102,8 @@ static int check_unsupported_constraint2(gnutls_x509_crt_t cert,
* Since: 3.3.0
**/
unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- gnutls_x509_crt_t cert)
+ gnutls_x509_subject_alt_name_t type,
+ gnutls_x509_crt_t cert)
{
char name[MAX_CN];
size_t name_size;
@@ -1212,7 +1212,7 @@ unsigned found_one;
/* ensure there is only a single CN, according to rfc6125 */
name_size = sizeof(name);
ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
- 1, 0, name, &name_size);
+ 1, 0, name, &name_size);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
return gnutls_assert_val(0);
@@ -1300,8 +1300,8 @@ unsigned found_one;
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc,
- unsigned idx,
- unsigned *type, gnutls_datum_t * name)
+ unsigned idx,
+ unsigned *type, gnutls_datum_t * name)
{
unsigned int i;
struct name_constraints_node_st * tmp = nc->permitted;
@@ -1344,8 +1344,8 @@ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc,
- unsigned idx,
- unsigned *type, gnutls_datum_t * name)
+ unsigned idx,
+ unsigned *type, gnutls_datum_t * name)
{
unsigned int i;
struct name_constraints_node_st * tmp = nc->excluded;
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index 597827a58e..eb41fcb295 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -406,11 +406,11 @@ int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req)
* corresponds to the CertID structure:
*
* <informalexample><programlisting>
- * CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- * serialNumber CertificateSerialNumber }
+ * CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ * serialNumber CertificateSerialNumber }
* </programlisting></informalexample>
*
* Each of the pointers to output variables may be NULL to indicate
@@ -522,11 +522,11 @@ gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
* The information needed corresponds to the CertID structure:
*
* <informalexample><programlisting>
- * CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- * serialNumber CertificateSerialNumber }
+ * CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ * serialNumber CertificateSerialNumber }
* </programlisting></informalexample>
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 917cad0e5b..8f8521285b 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -580,7 +580,7 @@ static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t *der)
print_name(str, "\t\t\t", type, &dist, 0);
}
cleanup:
- gnutls_x509_crl_dist_points_deinit(dp);
+ gnutls_x509_crl_dist_points_deinit(dp);
}
static void
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 765d982440..9b280ba857 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1403,9 +1403,9 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len,
* @chain: the corresponding to key certificate chain (may be %NULL)
* @chain_len: will be updated with the number of additional (may be %NULL)
* @extra_certs: optional pointer to receive an array of additional
- * certificates found in the PKCS12 structure (may be %NULL).
+ * certificates found in the PKCS12 structure (may be %NULL).
* @extra_certs_len: will be updated with the number of additional
- * certs (may be %NULL).
+ * certs (may be %NULL).
* @crl: an optional structure to store the parsed CRL (may be %NULL).
* @flags: should be zero or one of GNUTLS_PKCS12_SP_*
*
diff --git a/lib/x509/pkcs7-attrs.c b/lib/x509/pkcs7-attrs.c
index 9bfbe2f329..c948bca224 100644
--- a/lib/x509/pkcs7-attrs.c
+++ b/lib/x509/pkcs7-attrs.c
@@ -51,7 +51,8 @@
* Since: 3.4.2
**/
int
-gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_t *data, unsigned flags)
+gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid,
+ gnutls_datum_t * data, unsigned flags)
{
int ret;
gnutls_pkcs7_attrs_st *r;
@@ -62,7 +63,8 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_
if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) {
ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING,
- data->data, data->size, &r->data);
+ data->data, data->size,
+ &r->data);
} else {
ret = _gnutls_set_datum(&r->data, data->data, data->size);
}
@@ -78,12 +80,12 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_
return 0;
fail:
- if (r) {
- gnutls_free(r->data.data);
- gnutls_free(r);
+ if (r) {
+ gnutls_free(r->data.data);
+ gnutls_free(r);
}
- gnutls_pkcs7_attrs_deinit(*list);
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_pkcs7_attrs_deinit(*list);
+ return GNUTLS_E_MEMORY_ERROR;
}
@@ -106,13 +108,14 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_
* Since: 3.4.2
**/
int
-gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutls_datum_t *data, unsigned flags)
+gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid,
+ gnutls_datum_t * data, unsigned flags)
{
unsigned i;
gnutls_pkcs7_attrs_st *p = list;
int ret;
- for (i=0;i<idx;i++) {
+ for (i = 0; i < idx; i++) {
p = p->next;
if (p == NULL)
break;
@@ -125,7 +128,8 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl
if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) {
ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- p->data.data, p->data.size, data, 1);
+ p->data.data, p->data.size,
+ data, 1);
} else {
ret = _gnutls_set_datum(data, p->data.data, p->data.size);
}
@@ -143,12 +147,11 @@ gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutl
*
* Since: 3.4.2
**/
-void
-gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list)
+void gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list)
{
gnutls_pkcs7_attrs_st *r = list, *next;
- while(r) {
+ while (r) {
next = r->next;
gnutls_free(r->data.data);
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
index a4bb551662..7f67376ce0 100644
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -53,107 +53,97 @@
#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
-static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] =
-{
+static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = {
{
- .schema = PBES1_DES_MD5,
- .name = "PBES1-DES-CBC-MD5",
- .flag = GNUTLS_PKCS_PBES1_DES_MD5,
- .cipher = GNUTLS_CIPHER_DES_CBC,
- .pbes2 = 0,
- .cipher_oid = PBES1_DES_MD5_OID,
- .write_oid = PBES1_DES_MD5_OID,
- .desc = NULL,
- .decrypt_only = 1
- },
+ .schema = PBES1_DES_MD5,
+ .name = "PBES1-DES-CBC-MD5",
+ .flag = GNUTLS_PKCS_PBES1_DES_MD5,
+ .cipher = GNUTLS_CIPHER_DES_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PBES1_DES_MD5_OID,
+ .write_oid = PBES1_DES_MD5_OID,
+ .desc = NULL,
+ .decrypt_only = 1},
{
- .schema = PBES2_3DES,
- .name = "PBES2-3DES-CBC",
- .flag = GNUTLS_PKCS_PBES2_3DES,
- .cipher = GNUTLS_CIPHER_3DES_CBC,
- .pbes2 = 1,
- .cipher_oid = DES_EDE3_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_3DES,
+ .name = "PBES2-3DES-CBC",
+ .flag = GNUTLS_PKCS_PBES2_3DES,
+ .cipher = GNUTLS_CIPHER_3DES_CBC,
+ .pbes2 = 1,
+ .cipher_oid = DES_EDE3_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_DES,
- .name = "PBES2-DES-CBC",
- .flag = GNUTLS_PKCS_PBES2_DES,
- .cipher = GNUTLS_CIPHER_DES_CBC,
- .pbes2 = 1,
- .cipher_oid = DES_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-des-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_DES,
+ .name = "PBES2-DES-CBC",
+ .flag = GNUTLS_PKCS_PBES2_DES,
+ .cipher = GNUTLS_CIPHER_DES_CBC,
+ .pbes2 = 1,
+ .cipher_oid = DES_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-des-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_128,
- .name = "PBES2-AES128-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_128,
- .cipher = GNUTLS_CIPHER_AES_128_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_128_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes128-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_128,
+ .name = "PBES2-AES128-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_128,
+ .cipher = GNUTLS_CIPHER_AES_128_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_128_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes128-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_192,
- .name = "PBES2-AES192-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_192,
- .cipher = GNUTLS_CIPHER_AES_192_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_192_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes192-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_192,
+ .name = "PBES2-AES192-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_192,
+ .cipher = GNUTLS_CIPHER_AES_192_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_192_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes192-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_256,
- .name = "PBES2-AES256-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_256,
- .cipher = GNUTLS_CIPHER_AES_256_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_256_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes256-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_256,
+ .name = "PBES2-AES256-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_256,
+ .cipher = GNUTLS_CIPHER_AES_256_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_256_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes256-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PKCS12_ARCFOUR_SHA1,
- .name = "PKCS12-ARCFOUR-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_ARCFOUR,
- .cipher = GNUTLS_CIPHER_ARCFOUR,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
- .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_ARCFOUR_SHA1,
+ .name = "PKCS12-ARCFOUR-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_ARCFOUR,
+ .cipher = GNUTLS_CIPHER_ARCFOUR,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
+ .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{
- .schema = PKCS12_RC2_40_SHA1,
- .name = "PKCS12-RC2-40-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_RC2_40,
- .cipher = GNUTLS_CIPHER_RC2_40_CBC,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID,
- .write_oid = PKCS12_PBE_RC2_40_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_RC2_40_SHA1,
+ .name = "PKCS12-RC2-40-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_RC2_40,
+ .cipher = GNUTLS_CIPHER_RC2_40_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID,
+ .write_oid = PKCS12_PBE_RC2_40_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{
- .schema = PKCS12_3DES_SHA1,
- .name = "PKCS12-3DES-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_3DES,
- .cipher = GNUTLS_CIPHER_3DES_CBC,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_3DES_SHA1_OID,
- .write_oid = PKCS12_PBE_3DES_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_3DES_SHA1,
+ .name = "PKCS12-3DES-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_3DES,
+ .cipher = GNUTLS_CIPHER_3DES_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_3DES_SHA1_OID,
+ .write_oid = PKCS12_PBE_3DES_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{0, 0, 0, 0, 0}
};
@@ -167,12 +157,13 @@ static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] =
int _gnutls_pkcs_flags_to_schema(unsigned int flags)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;
+ );
gnutls_assert();
_gnutls_debug_log
("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
- flags);
+ flags);
return PKCS12_3DES_SHA1;
}
@@ -189,11 +180,11 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags)
*/
const char *gnutls_pkcs_schema_get_name(unsigned int schema)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;
+ );
return NULL;
}
-
/**
* gnutls_pkcs_schema_get_oid:
* @schema: Holds the PKCS #12 or PBES2 schema (%gnutls_pkcs_encrypt_flags_t)
@@ -207,16 +198,17 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema)
*/
const char *gnutls_pkcs_schema_get_oid(unsigned int schema)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;
+ );
return NULL;
}
-static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned cipher)
+static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned
+ cipher)
{
- PBES2_SCHEMA_LOOP(
- if (_p->cipher == cipher && _p->pbes2 != 0) {
- return _p;
- });
+ PBES2_SCHEMA_LOOP(if (_p->cipher == cipher && _p->pbes2 != 0) {
+ return _p;}
+ ) ;
gnutls_assert();
return NULL;
@@ -227,9 +219,11 @@ static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned
int _gnutls_check_pkcs_cipher_schema(const char *oid)
{
if (strcmp(oid, PBES2_OID) == 0)
- return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */
+ return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */
- PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {return _p->schema;});
+ PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {
+ return _p->schema;}
+ ) ;
_gnutls_debug_log
("PKCS #12 encryption schema OID '%s' is unsupported.\n", oid);
@@ -238,7 +232,7 @@ int _gnutls_check_pkcs_cipher_schema(const char *oid)
const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema)
{
- PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;);
+ PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;) ;
gnutls_assert();
return NULL;
@@ -247,22 +241,19 @@ const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema)
/* Converts an OID to a gnutls cipher type.
*/
static int
-pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t *algo)
+pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t * algo)
{
*algo = 0;
- PBES2_SCHEMA_LOOP(if (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) {
- *algo = _p->cipher;
- return 0;
- }
- );
+ PBES2_SCHEMA_LOOP(if
+ (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) {
+ *algo = _p->cipher; return 0;}
+ ) ;
- _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n",
- oid);
+ _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
-
/* Decrypts a PKCS #7 encryptedData. The output is allocated
* and stored in dec.
*/
@@ -288,8 +279,7 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
goto error;
}
- result =
- asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -330,8 +320,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
result =
_gnutls_read_pkcs_schema_params(&schema, password,
- &data->data[params_start],
- params_len, &kdf_params, &enc_params);
+ &data->data[params_start],
+ params_len, &kdf_params,
+ &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
@@ -343,8 +334,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
result =
_gnutls_pkcs_raw_decrypt_data(schema, pkcs7_asn,
- "encryptedContentInfo.encryptedContent", password,
- &kdf_params, &enc_params, &tmp);
+ "encryptedContentInfo.encryptedContent",
+ password, &kdf_params, &enc_params,
+ &tmp);
if (result < 0) {
gnutls_assert();
goto error;
@@ -356,15 +348,16 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
return result;
}
int
-_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_cipher_schema_st **p,
- struct pbkdf2_params *kdf_params, char **oid)
+_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data,
+ const struct pkcs_cipher_schema_st **p,
+ struct pbkdf2_params *kdf_params, char **oid)
{
int result, len;
char enc_oid[MAX_OID_SIZE];
@@ -382,8 +375,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe
goto error;
}
- result =
- asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -428,8 +420,9 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe
result =
_gnutls_read_pkcs_schema_params(&schema, NULL,
- &data->data[params_start],
- params_len, kdf_params, &enc_params);
+ &data->data[params_start],
+ params_len, kdf_params,
+ &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
@@ -446,7 +439,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_ciphe
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
return result;
@@ -497,15 +490,16 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
*/
result =
- _gnutls_pkcs_generate_key(schema, password, &kdf_params, &enc_params, &key);
+ _gnutls_pkcs_generate_key(schema, password, &kdf_params,
+ &enc_params, &key);
if (result < 0) {
gnutls_assert();
goto error;
}
result = _gnutls_pkcs_write_schema_params(schema, pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
@@ -571,8 +565,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
goto error;
}
-
- error:
+ error:
_gnutls_free_key_datum(&key);
_gnutls_free_datum(&tmp);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
@@ -583,8 +576,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
*/
static int
read_pbkdf2_params(ASN1_TYPE pasn,
- const gnutls_datum_t * der,
- struct pbkdf2_params *params)
+ const gnutls_datum_t * der, struct pbkdf2_params *params)
{
int params_start, params_end;
int params_len, len, result;
@@ -599,8 +591,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
*/
len = sizeof(oid);
result =
- asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid,
- &len);
+ asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -610,8 +601,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
if (strcmp(oid, PBKDF2_OID) != 0) {
gnutls_assert();
_gnutls_debug_log
- ("PKCS #8 key derivation OID '%s' is unsupported.\n",
- oid);
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
return _gnutls_asn2err(result);
}
@@ -638,7 +628,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
result =
_asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start],
- params_len, NULL);
+ params_len, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -671,17 +661,14 @@ read_pbkdf2_params(ASN1_TYPE pasn,
/* read the keylength, if it is set.
*/
result =
- _gnutls_x509_read_uint(pbkdf2_asn, "keyLength",
- &params->key_size);
+ _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", &params->key_size);
if (result < 0) {
params->key_size = 0;
}
_gnutls_hard_log("keyLength: %d\n", params->key_size);
len = sizeof(oid);
- result =
- asn1_read_value(pbkdf2_asn, "prf.algorithm",
- oid, &len);
+ result = asn1_read_value(pbkdf2_asn, "prf.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
/* use the default MAC */
result = 0;
@@ -698,7 +685,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbkdf2_asn);
return result;
@@ -706,8 +693,7 @@ read_pbkdf2_params(ASN1_TYPE pasn,
/* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
*/
-static int
-read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
+static int read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
{
int result;
@@ -716,8 +702,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
/* read the salt */
params->salt_size = sizeof(params->salt);
result =
- asn1_read_value(pasn, "salt", params->salt,
- &params->salt_size);
+ asn1_read_value(pasn, "salt", params->salt, &params->salt_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -728,8 +713,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
/* read the iteration count
*/
result =
- _gnutls_x509_read_uint(pasn, "iterations",
- &params->iter_count);
+ _gnutls_x509_read_uint(pasn, "iterations", &params->iter_count);
if (result < 0) {
gnutls_assert();
goto error;
@@ -740,7 +724,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
return 0;
- error:
+ error:
return result;
}
@@ -748,8 +732,7 @@ read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
/* Writes the PBE parameters for PKCS-12 schemas.
*/
static int
-write_pkcs12_kdf_params(ASN1_TYPE pasn,
- const struct pbkdf2_params *kdf_params)
+write_pkcs12_kdf_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params)
{
int result;
@@ -778,15 +761,14 @@ write_pkcs12_kdf_params(ASN1_TYPE pasn,
return 0;
- error:
+ error:
return result;
}
static int
read_pbes2_enc_params(ASN1_TYPE pasn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params)
+ const gnutls_datum_t * der, struct pbe_enc_params *params)
{
int params_start, params_end;
int params_len, len, result;
@@ -799,9 +781,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
/* Check the encryption algorithm
*/
len = sizeof(oid);
- result =
- asn1_read_value(pasn, "encryptionScheme.algorithm", oid,
- &len);
+ result = asn1_read_value(pasn, "encryptionScheme.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -840,7 +820,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
result =
_asn1_strict_der_decode(&pbe_asn, &der->data[params_start],
- params_len, NULL);
+ params_len, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -849,8 +829,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
/* read the IV */
params->iv_size = sizeof(params->iv);
- result =
- asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
+ result = asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -860,7 +839,7 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbe_asn);
return result;
}
@@ -871,9 +850,9 @@ read_pbes2_enc_params(ASN1_TYPE pasn,
*/
int
_gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
- const uint8_t * data, int data_size,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params)
+ const uint8_t * data, int data_size,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params)
{
ASN1_TYPE pasn = ASN1_TYPE_EMPTY;
int result;
@@ -895,8 +874,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
/* Decode the parameters.
*/
- result =
- _asn1_strict_der_decode(&pasn, data, data_size, NULL);
+ result = _asn1_strict_der_decode(&pasn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -930,8 +908,9 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
*schema = p->schema;
return 0;
} else if (*schema == PBES1_DES_MD5) {
- return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, enc_params);
- } else { /* PKCS #12 schema */
+ return _gnutls_read_pbkdf1_params(data, data_size, kdf_params,
+ enc_params);
+ } else { /* PKCS #12 schema */
memset(enc_params, 0, sizeof(*enc_params));
p = _gnutls_pkcs_schema_get(*schema);
@@ -954,8 +933,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
/* Decode the parameters.
*/
- result =
- _asn1_strict_der_decode(&pasn, data, data_size, NULL);
+ result = _asn1_strict_der_decode(&pasn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -970,16 +948,14 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
if (enc_params->iv_size) {
result =
- _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 2 /*IV*/,
+ _gnutls_pkcs12_string_to_key(mac_to_entry
+ (GNUTLS_MAC_SHA1),
+ 2 /*IV*/,
kdf_params->salt,
- kdf_params->
- salt_size,
- kdf_params->
- iter_count,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
password,
- enc_params->
- iv_size,
+ enc_params->iv_size,
enc_params->iv);
if (result < 0) {
gnutls_assert();
@@ -1000,13 +976,13 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
int
_gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *root, const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t *decrypted_data)
+ const char *root, const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data)
{
int result;
- gnutls_datum_t enc = {NULL, 0};
+ gnutls_datum_t enc = { NULL, 0 };
uint8_t *key = NULL;
gnutls_datum_t dkey, d_iv;
cipher_hd_st ch;
@@ -1026,8 +1002,9 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
if (schema == PBES1_DES_MD5) {
return _gnutls_decrypt_pbes1_des_md5_data(password, pass_len,
- kdf_params, enc_params,
- &enc, decrypted_data);
+ kdf_params,
+ enc_params, &enc,
+ decrypted_data);
}
if (kdf_params->key_size == 0) {
@@ -1045,22 +1022,24 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
/* generate the key
*/
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
if (kdf_params->mac == GNUTLS_MAC_SHA1)
- pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+ pbkdf2_hmac_sha1(pass_len, (uint8_t *) password,
kdf_params->iter_count,
- kdf_params->salt_size, kdf_params->salt,
- key_size, key);
+ kdf_params->salt_size,
+ kdf_params->salt, key_size, key);
else if (kdf_params->mac == GNUTLS_MAC_SHA256)
- pbkdf2_hmac_sha256(pass_len, (uint8_t*)password,
- kdf_params->iter_count,
- kdf_params->salt_size, kdf_params->salt,
- key_size, key);
- else return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
- } else if (p != NULL) { /* PKCS 12 schema */
+ pbkdf2_hmac_sha256(pass_len, (uint8_t *) password,
+ kdf_params->iter_count,
+ kdf_params->salt_size,
+ kdf_params->salt, key_size, key);
+ else
+ return
+ gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+ } else if (p != NULL) { /* PKCS 12 schema */
result =
_gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 1 /*KEY*/,
+ 1 /*KEY*/,
kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count,
@@ -1114,7 +1093,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
return 0;
- error:
+ error:
gnutls_free(enc.data);
gnutls_free(key);
if (ch_init != 0)
@@ -1122,12 +1101,10 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
return result;
}
-
/* Writes the PBKDF2 parameters.
*/
static int
-write_pbkdf2_params(ASN1_TYPE pasn,
- const struct pbkdf2_params *kdf_params)
+write_pbkdf2_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params)
{
int result;
ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
@@ -1171,8 +1148,7 @@ write_pbkdf2_params(ASN1_TYPE pasn,
result = _gnutls_asn2err(result);
goto error;
}
- _gnutls_hard_log("salt.specified.size: %d\n",
- kdf_params->salt_size);
+ _gnutls_hard_log("salt.specified.size: %d\n", kdf_params->salt_size);
/* write the iteration count
*/
@@ -1218,16 +1194,14 @@ write_pbkdf2_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbkdf2_asn);
return result;
}
-
static int
-write_pbes2_enc_params(ASN1_TYPE pasn,
- const struct pbe_enc_params *params)
+write_pbes2_enc_params(ASN1_TYPE pasn, const struct pbe_enc_params *params)
{
int result;
ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
@@ -1260,8 +1234,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn,
}
/* read the salt */
- result =
- asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
+ result = asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1283,7 +1256,7 @@ write_pbes2_enc_params(ASN1_TYPE pasn,
result = 0;
- error:
+ error:
asn1_delete_structure(&pbe_asn);
return result;
@@ -1293,9 +1266,10 @@ write_pbes2_enc_params(ASN1_TYPE pasn,
*/
int
_gnutls_pkcs_generate_key(schema_id schema,
- const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+ const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key)
{
unsigned char rnd[2];
unsigned int pass_len = 0;
@@ -1313,10 +1287,10 @@ _gnutls_pkcs_generate_key(schema_id schema,
/* generate salt */
kdf_params->salt_size =
- MIN(sizeof(kdf_params->salt), (unsigned) (12 + (rnd[1] % 10)));
+ MIN(sizeof(kdf_params->salt), (unsigned)(12 + (rnd[1] % 10)));
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
enc_params->cipher = p->cipher;
} else if (p != NULL) {
/* non PBES2 algorithms */
@@ -1334,12 +1308,11 @@ _gnutls_pkcs_generate_key(schema_id schema,
return GNUTLS_E_RANDOM_FAILED;
}
- kdf_params->iter_count = 5*1024 + rnd[0];
+ kdf_params->iter_count = 5 * 1024 + rnd[0];
key->size = kdf_params->key_size =
gnutls_cipher_get_key_size(enc_params->cipher);
- enc_params->iv_size =
- gnutls_cipher_get_iv_size(enc_params->cipher);
+ enc_params->iv_size = gnutls_cipher_get_iv_size(enc_params->cipher);
key->data = gnutls_malloc(key->size);
if (key->data == NULL) {
gnutls_assert();
@@ -1349,25 +1322,24 @@ _gnutls_pkcs_generate_key(schema_id schema,
/* now generate the key.
*/
- if (p->pbes2 != 0) {
- pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+ if (p->pbes2 != 0) {
+ pbkdf2_hmac_sha1(pass_len, (uint8_t *) password,
kdf_params->iter_count,
kdf_params->salt_size, kdf_params->salt,
kdf_params->key_size, key->data);
if (enc_params->iv_size) {
ret = _gnutls_rnd(GNUTLS_RND_NONCE,
- enc_params->iv,
- enc_params->iv_size);
+ enc_params->iv, enc_params->iv_size);
if (ret < 0) {
gnutls_assert();
return ret;
}
}
- } else { /* PKCS 12 schema */
+ } else { /* PKCS 12 schema */
ret =
_gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 1 /*KEY*/,
+ 1 /*KEY*/,
kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count,
@@ -1383,16 +1355,14 @@ _gnutls_pkcs_generate_key(schema_id schema,
*/
if (enc_params->iv_size) {
ret =
- _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
+ _gnutls_pkcs12_string_to_key(mac_to_entry
+ (GNUTLS_MAC_SHA1),
2 /*IV*/,
kdf_params->salt,
- kdf_params->
- salt_size,
- kdf_params->
- iter_count,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
password,
- enc_params->
- iv_size,
+ enc_params->iv_size,
enc_params->iv);
if (ret < 0) {
gnutls_assert();
@@ -1401,19 +1371,17 @@ _gnutls_pkcs_generate_key(schema_id schema,
}
}
-
return 0;
}
-
/* Encodes the parameters to be written in the encryptionAlgorithm.parameters
* part.
*/
int
_gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params)
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
{
int result;
ASN1_TYPE pasn = ASN1_TYPE_EMPTY;
@@ -1421,7 +1389,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
if ((result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.pkcs-5-PBES2-params",
@@ -1443,8 +1411,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
}
result = _gnutls_x509_der_encode_and_copy(pasn, "",
- pkcs8_asn, where,
- 0);
+ pkcs8_asn, where, 0);
if (result < 0) {
gnutls_assert();
goto error;
@@ -1452,7 +1419,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
asn1_delete_structure(&pasn);
- } else if (p != NULL) { /* PKCS #12 */
+ } else if (p != NULL) { /* PKCS #12 */
if ((result =
asn1_create_element(_gnutls_get_pkix(),
@@ -1470,8 +1437,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
}
result = _gnutls_x509_der_encode_and_copy(pasn, "",
- pkcs8_asn, where,
- 0);
+ pkcs8_asn, where, 0);
if (result < 0) {
gnutls_assert();
goto error;
@@ -1482,7 +1448,7 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
return result;
@@ -1490,8 +1456,8 @@ _gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
int
_gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted)
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted)
{
int result;
int data_size;
@@ -1550,10 +1516,9 @@ _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain,
return 0;
- error:
+ error:
gnutls_free(data);
if (ch_init != 0)
_gnutls_cipher_deinit(&ch);
return result;
}
-
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 15a1e17c25..997b51763a 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -49,12 +49,11 @@ static const uint8_t one = 1;
* which holds them. If raw is non null then the raw decoded
* data are copied (they are locally allocated) there.
*/
-static int
-_decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
+static int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
{
char oid[MAX_OID_SIZE];
ASN1_TYPE c2;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
int len, result;
len = sizeof(oid) - 1;
@@ -102,16 +101,20 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
/* read the encapsulated content */
len = sizeof(oid) - 1;
- result = asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len);
+ result =
+ asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
- if (strcmp(oid, PLAIN_DATA_OID) != 0 && strcmp(oid, DIGESTED_DATA_OID) != 0) {
+ if (strcmp(oid, PLAIN_DATA_OID) != 0
+ && strcmp(oid, DIGESTED_DATA_OID) != 0) {
gnutls_assert();
- _gnutls_debug_log("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", oid);
+ _gnutls_debug_log
+ ("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n",
+ oid);
result = GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
goto cleanup;
}
@@ -121,7 +124,7 @@ _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
gnutls_free(tmp.data);
return 0;
- cleanup:
+ cleanup:
if (c2)
asn1_delete_structure(&c2);
gnutls_free(tmp.data);
@@ -135,8 +138,7 @@ static int pkcs7_reinit(gnutls_pkcs7_t pkcs7)
asn1_delete_structure(&pkcs7->pkcs7);
result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-7-ContentInfo",
- &pkcs7->pkcs7);
+ "PKIX1.pkcs-7-ContentInfo", &pkcs7->pkcs7);
if (result != ASN1_SUCCESS) {
result = _gnutls_asn2err(result);
gnutls_assert();
@@ -245,8 +247,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
}
pkcs7->expanded = 1;
- result =
- asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
+ result = asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
if (result != ASN1_SUCCESS) {
result = _gnutls_asn2err(result);
gnutls_assert();
@@ -263,7 +264,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
result = 0;
- cleanup:
+ cleanup:
if (need_free)
_gnutls_free_datum(&_data);
return result;
@@ -290,7 +291,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
**/
int
gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
- unsigned indx, gnutls_datum_t *cert)
+ unsigned indx, gnutls_datum_t * cert)
{
int result, len;
char root2[ASN1_MAX_NAME_SIZE];
@@ -330,8 +331,9 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
goto cleanup;
}
- result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
- root2, &start, &end);
+ result =
+ asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data,
+ tmp.size, root2, &start, &end);
if (result != ASN1_SUCCESS) {
gnutls_assert();
@@ -346,7 +348,7 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return result;
}
@@ -376,13 +378,13 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7,
size_t * certificate_size)
{
int ret;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
ret = gnutls_pkcs7_get_crt_raw2(pkcs7, indx, &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
- if ((unsigned) tmp.size > *certificate_size) {
+ if ((unsigned)tmp.size > *certificate_size) {
*certificate_size = tmp.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto cleanup;
@@ -392,12 +394,11 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7,
if (certificate)
memcpy(certificate, tmp.data, tmp.size);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return ret;
}
-
/**
* gnutls_pkcs7_get_crt_count:
* @pkcs7: should contain a #gnutls_pkcs7_t type
@@ -417,7 +418,8 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7)
/* Step 2. Count the CertificateSet */
- result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
+ result =
+ asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return 0; /* no certificates */
@@ -435,7 +437,7 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7)
*
* Since: 3.4.2
**/
-void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info)
+void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st * info)
{
gnutls_free(info->sig.data);
gnutls_free(info->issuer_dn.data);
@@ -478,8 +480,8 @@ static time_t parse_time(gnutls_pkcs7_t pkcs7, const char *root)
ret = _gnutls_x509_get_time(c2, "", 0);
cleanup:
- asn1_delete_structure(&c2);
- return ret;
+ asn1_delete_structure(&c2);
+ return ret;
}
/**
@@ -501,7 +503,8 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7)
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
return 0;
@@ -525,14 +528,15 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7)
*
* Since: 3.4.2
**/
-int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_pkcs7_signature_info_st *info)
+int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx,
+ gnutls_pkcs7_signature_info_st * info)
{
int ret, count, len;
char root[256];
char oid[MAX_OID_SIZE];
gnutls_pk_algorithm_t pk;
gnutls_sign_algorithm_t sig;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned i;
if (pkcs7 == NULL)
@@ -541,14 +545,16 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
memset(info, 0, sizeof(*info));
info->signing_time = -1;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1);
- len = sizeof(oid)-1;
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
@@ -565,9 +571,10 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* use the digests algorithm */
- snprintf(root, sizeof(root), "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1);
- len = sizeof(oid)-1;
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
@@ -598,21 +605,32 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* read the issuer info */
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence",
+ idx + 1);
/* read the signature */
- ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, root, &info->issuer_dn);
+ ret =
+ _gnutls_x509_get_raw_field(pkcs7->signed_data, root,
+ &info->issuer_dn);
if (ret >= 0) {
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber",
+ idx + 1);
/* read the signature */
- ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->signer_serial);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data, root,
+ &info->signer_serial);
if (ret < 0) {
gnutls_assert();
goto fail;
}
- } else { /* keyid */
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1);
+ } else { /* keyid */
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1);
/* read the signature */
- ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->issuer_keyid);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data, root,
+ &info->issuer_keyid);
if (ret < 0) {
gnutls_assert();
}
@@ -624,15 +642,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* read the signing time */
- for (i=0;;i++) {
- snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.type", idx+1, i+1);
- len = sizeof(oid)-1;
+ for (i = 0;; i++) {
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signedAttrs.?%u.type", idx + 1,
+ i + 1);
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
break;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.values.?1", idx+1, i+1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signedAttrs.?%u.values.?1", idx + 1,
+ i + 1);
ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp);
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
tmp.data = NULL;
@@ -657,15 +679,19 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
/* read the unsigned attrs */
- for (i=0;;i++) {
- snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.type", idx+1, i+1);
- len = sizeof(oid)-1;
+ for (i = 0;; i++) {
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.unsignedAttrs.?%u.type", idx + 1,
+ i + 1);
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
break;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx+1, i+1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx + 1,
+ i + 1);
ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp);
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
tmp.data = NULL;
@@ -675,7 +701,8 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
goto fail;
}
- ret = gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
+ ret =
+ gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
gnutls_free(tmp.data);
tmp.data = NULL;
@@ -685,11 +712,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
}
}
- return 0;
+ return 0;
fail:
gnutls_free(tmp.data);
gnutls_pkcs7_signature_info_deinit(info);
- return ret;
+ return ret;
unsupp_algo:
return GNUTLS_E_UNKNOWN_ALGORITHM;
}
@@ -698,11 +725,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_p
* and matches our calculated hash */
static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
gnutls_sign_algorithm_t algo,
- const gnutls_datum_t *data)
+ const gnutls_datum_t * data)
{
unsigned hash;
- gnutls_datum_t tmp = {NULL, 0};
- gnutls_datum_t tmp2 = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
+ gnutls_datum_t tmp2 = { NULL, 0 };
uint8_t hash_output[MAX_HASH_SIZE];
unsigned hash_size, i;
char oid[MAX_OID_SIZE];
@@ -720,7 +747,9 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
hash_size = gnutls_hash_get_len(hash);
if (data == NULL || data->data == NULL) {
- ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", &tmp);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", &tmp);
if (ret < 0) {
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
@@ -739,11 +768,13 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
return gnutls_assert_val(ret);
/* now verify that hash matches */
- for (i=0;;i++) {
- snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i+1);
+ for (i = 0;; i++) {
+ snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i + 1);
ret = _gnutls_x509_decode_and_read_attribute(pkcs7->signed_data,
- name, oid, sizeof(oid), &tmp, 1, 0);
+ name, oid,
+ sizeof(oid), &tmp,
+ 1, 0);
if (ret < 0) {
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
break;
@@ -751,14 +782,17 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
}
if (strcmp(oid, ATTR_MESSAGE_DIGEST) == 0) {
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- tmp.data, tmp.size, &tmp2, 0);
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
+ tmp.data, tmp.size,
+ &tmp2, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (tmp2.size == hash_size && memcmp(hash_output, tmp2.data, tmp2.size) == 0) {
+ if (tmp2.size == hash_size
+ && memcmp(hash_output, tmp2.data, tmp2.size) == 0) {
msg_digest_ok = 1;
}
} else if (strcmp(oid, ATTR_CONTENT_TYPE) == 0) {
@@ -771,22 +805,26 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
num_cont_types++;
/* check if it matches */
- ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, "encapContentInfo.eContentType", &tmp2);
+ ret =
+ _gnutls_x509_get_raw_field(pkcs7->signed_data,
+ "encapContentInfo.eContentType",
+ &tmp2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (tmp2.size != tmp.size || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) {
+ if (tmp2.size != tmp.size
+ || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) {
gnutls_assert();
ret = GNUTLS_E_PARSING_ERROR;
goto cleanup;
}
}
- gnutls_free(tmp.data);
- tmp.data = NULL;
- gnutls_free(tmp2.data);
- tmp2.data = NULL;
+ gnutls_free(tmp.data);
+ tmp.data = NULL;
+ gnutls_free(tmp2.data);
+ tmp2.data = NULL;
}
if (msg_digest_ok)
@@ -795,19 +833,18 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
cleanup:
- gnutls_free(tmp.data);
- gnutls_free(tmp2.data);
- return ret;
+ gnutls_free(tmp.data);
+ gnutls_free(tmp2.data);
+ return ret;
}
-
/* Returns the data to be used for signature verification. PKCS #7
* decided that this should not be an easy task.
*/
static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root,
- const gnutls_datum_t *data,
+ const gnutls_datum_t * data,
gnutls_sign_algorithm_t algo,
- gnutls_datum_t *sigdata)
+ gnutls_datum_t * sigdata)
{
int ret;
char name[256];
@@ -829,7 +866,10 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root,
/* We have no signedAttrs. Use the provided data, or the encapsulated */
if (data == NULL || data->data == NULL) {
- ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", sigdata);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data,
+ "encapContentInfo.eContent",
+ sigdata);
if (ret < 0) {
gnutls_assert();
return gnutls_assert_val(ret);
@@ -860,10 +900,11 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root,
* Since: 3.4.8
**/
int
-gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_t *data)
+gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx,
+ gnutls_datum_t * data)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
char root[128];
@@ -872,8 +913,9 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -921,15 +963,14 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_
* Since: 3.4.2
**/
int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_t signer,
- unsigned idx,
- const gnutls_datum_t *data,
- unsigned flags)
+ gnutls_x509_crt_t signer,
+ unsigned idx,
+ const gnutls_datum_t * data, unsigned flags)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
- gnutls_datum_t sigdata = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
char root[128];
memset(&info, 0, sizeof(info));
@@ -937,8 +978,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -956,7 +998,9 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
goto cleanup;
}
- ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig);
+ ret =
+ gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata,
+ &info.sig);
if (ret < 0) {
gnutls_assert();
}
@@ -971,18 +1015,22 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
static
gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
- gnutls_typed_vdata_st *vdata, unsigned vdata_size,
- gnutls_pkcs7_signature_info_st *info)
+ gnutls_typed_vdata_st * vdata,
+ unsigned vdata_size,
+ gnutls_pkcs7_signature_info_st * info)
{
gnutls_x509_crt_t issuer = NULL, crt = NULL;
int ret, count;
uint8_t serial[128];
size_t serial_size;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned i, vtmp;
if (info->issuer_dn.data) {
- ret = gnutls_x509_trust_list_get_issuer_by_dn(tl, &info->issuer_dn, &issuer, 0);
+ ret =
+ gnutls_x509_trust_list_get_issuer_by_dn(tl,
+ &info->issuer_dn,
+ &issuer, 0);
if (ret < 0) {
gnutls_assert();
issuer = NULL;
@@ -990,7 +1038,13 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
}
if (info->issuer_keyid.data && issuer == NULL) {
- ret = gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, NULL, &info->issuer_keyid, &issuer, 0);
+ ret =
+ gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl,
+ NULL,
+ &info->
+ issuer_keyid,
+ &issuer,
+ 0);
if (ret < 0) {
gnutls_assert();
issuer = NULL;
@@ -1003,9 +1057,11 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
}
/* check issuer's key purpose */
- for (i=0;i<vdata_size;i++) {
+ for (i = 0; i < vdata_size; i++) {
if (vdata[i].type == GNUTLS_DT_KEY_PURPOSE_OID) {
- ret = _gnutls_check_key_purpose(issuer, (char*)vdata[i].data, 0);
+ ret =
+ _gnutls_check_key_purpose(issuer,
+ (char *)vdata[i].data, 0);
if (ret == 0) {
gnutls_assert();
goto fail;
@@ -1025,7 +1081,9 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
goto fail;
}
- if (serial_size == info->signer_serial.size && memcmp(info->signer_serial.data, serial, serial_size) == 0) {
+ if (serial_size == info->signer_serial.size
+ && memcmp(info->signer_serial.data, serial,
+ serial_size) == 0) {
/* issuer == signer */
return issuer;
}
@@ -1037,7 +1095,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
goto fail;
}
- for (i=0;i<(unsigned)count;i++) {
+ for (i = 0; i < (unsigned)count; i++) {
/* Try to find the signer in the appended list. */
ret = gnutls_pkcs7_get_crt_raw2(pkcs7, 0, &tmp);
if (ret < 0) {
@@ -1064,14 +1122,19 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
goto fail;
}
- if (serial_size != info->signer_serial.size || memcmp(info->signer_serial.data, serial, serial_size) != 0) {
+ if (serial_size != info->signer_serial.size
+ || memcmp(info->signer_serial.data, serial,
+ serial_size) != 0) {
gnutls_assert();
goto skip;
}
- ret = gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, vdata_size, 0, &vtmp, NULL);
+ ret =
+ gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata,
+ vdata_size, 0, &vtmp,
+ NULL);
if (ret < 0 || vtmp != 0) {
- gnutls_assert(); /* maybe next one is trusted */
+ gnutls_assert(); /* maybe next one is trusted */
skip:
gnutls_x509_crt_deinit(crt);
crt = NULL;
@@ -1097,7 +1160,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
gnutls_free(tmp.data);
if (issuer)
gnutls_x509_crt_deinit(issuer);
-
+
return crt;
}
@@ -1128,14 +1191,13 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
gnutls_typed_vdata_st * vdata,
unsigned int vdata_size,
unsigned idx,
- const gnutls_datum_t *data,
- unsigned flags)
+ const gnutls_datum_t * data, unsigned flags)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
gnutls_x509_crt_t signer;
- gnutls_datum_t sigdata = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
char root[128];
memset(&info, 0, sizeof(info));
@@ -1143,8 +1205,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -1165,7 +1228,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
signer = find_signer(pkcs7, tl, vdata, vdata_size, &info);
if (signer) {
- ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig);
+ ret =
+ gnutls_x509_crt_verify_data2(signer, info.algo, flags,
+ &sigdata, &info.sig);
if (ret < 0) {
gnutls_assert();
}
@@ -1175,7 +1240,6 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
-
cleanup:
gnutls_free(tmpdata.data);
gnutls_free(sigdata.data);
@@ -1195,7 +1259,8 @@ static void disable_opt_fields(gnutls_pkcs7_t pkcs7)
asn1_write_value(pkcs7->signed_data, "crls", NULL, 0);
}
- result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
+ result =
+ asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
if (result != ASN1_SUCCESS || count == 0) {
asn1_write_value(pkcs7->signed_data, "certificates", NULL, 0);
}
@@ -1213,8 +1278,9 @@ static int reencode(gnutls_pkcs7_t pkcs7)
/* Replace the old content with the new
*/
result =
- _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", pkcs7->pkcs7,
- "content", 0);
+ _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "",
+ pkcs7->pkcs7, "content",
+ 0);
if (result < 0) {
return gnutls_assert_val(result);
}
@@ -1222,7 +1288,8 @@ static int reencode(gnutls_pkcs7_t pkcs7)
/* Write the content type of the signed data
*/
result =
- asn1_write_value(pkcs7->pkcs7, "contentType", SIGNED_DATA_OID, 1);
+ asn1_write_value(pkcs7->pkcs7, "contentType",
+ SIGNED_DATA_OID, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1296,8 +1363,7 @@ gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
if ((ret = reencode(pkcs7)) < 0)
return gnutls_assert_val(ret);
- return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7,
- out);
+ return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7, out);
}
/* Creates an empty signed data structure in the pkcs7
@@ -1339,8 +1405,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
goto cleanup;
}
- result =
- asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
+ result = asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1356,10 +1421,9 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
/* Add no signerInfos.
*/
-
return 0;
- cleanup:
+ cleanup:
asn1_delete_structure(sdata);
return result;
@@ -1376,8 +1440,7 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
+int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
{
int result;
@@ -1391,7 +1454,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
/* The pkcs7 structure is new, so create the
* signedData.
*/
- result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
+ result =
+ create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
if (result < 0) {
gnutls_assert();
return result;
@@ -1409,7 +1473,8 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
}
result =
- asn1_write_value(pkcs7->signed_data, "certificates.?LAST", "certificate", 1);
+ asn1_write_value(pkcs7->signed_data, "certificates.?LAST",
+ "certificate", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1417,18 +1482,18 @@ gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
}
result =
- asn1_write_value(pkcs7->signed_data, "certificates.?LAST.certificate",
- crt->data, crt->size);
+ asn1_write_value(pkcs7->signed_data,
+ "certificates.?LAST.certificate", crt->data,
+ crt->size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
-
result = 0;
- cleanup:
+ cleanup:
return result;
}
@@ -1470,7 +1535,6 @@ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
return 0;
}
-
/**
* gnutls_pkcs7_delete_crt:
* @pkcs7: The pkcs7 type
@@ -1504,7 +1568,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx)
return 0;
- cleanup:
+ cleanup:
return result;
}
@@ -1527,7 +1591,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx)
**/
int
gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
- unsigned indx, gnutls_datum_t *crl)
+ unsigned indx, gnutls_datum_t * crl)
{
int result;
char root2[ASN1_MAX_NAME_SIZE];
@@ -1550,8 +1614,9 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
/* Get the raw CRL
*/
- result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
- root2, &start, &end);
+ result =
+ asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
+ root2, &start, &end);
if (result != ASN1_SUCCESS) {
gnutls_assert();
@@ -1563,7 +1628,7 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
result = _gnutls_set_datum(crl, &tmp.data[start], end);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return result;
}
@@ -1588,13 +1653,13 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
unsigned indx, void *crl, size_t * crl_size)
{
int ret;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
ret = gnutls_pkcs7_get_crl_raw2(pkcs7, indx, &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
- if ((unsigned) tmp.size > *crl_size) {
+ if ((unsigned)tmp.size > *crl_size) {
*crl_size = tmp.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto cleanup;
@@ -1604,7 +1669,7 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
if (crl)
memcpy(crl, tmp.data, tmp.size);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return ret;
}
@@ -1648,8 +1713,7 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
+int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
{
int result;
@@ -1663,7 +1727,8 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
/* The pkcs7 structure is new, so create the
* signedData.
*/
- result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
+ result =
+ create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
if (result < 0) {
gnutls_assert();
return result;
@@ -1680,7 +1745,9 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
goto cleanup;
}
- result = asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, crl->size);
+ result =
+ asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data,
+ crl->size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -1689,7 +1756,7 @@ gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
result = 0;
- cleanup:
+ cleanup:
return result;
}
@@ -1763,11 +1830,12 @@ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx)
return 0;
- cleanup:
+ cleanup:
return result;
}
-static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t signer, unsigned flags)
+static int write_signer_id(ASN1_TYPE c2, const char *root,
+ gnutls_x509_crt_t signer, unsigned flags)
{
int result;
size_t serial_size;
@@ -1778,8 +1846,7 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
const uint8_t ver = 3;
snprintf(name, sizeof(name), "%s.version", root);
- result =
- asn1_write_value(c2, name, &ver, 1);
+ result = asn1_write_value(c2, name, &ver, 1);
snprintf(name, sizeof(name), "%s.sid", root);
result = asn1_write_value(c2, name, "subjectKeyIdentifier", 1);
@@ -1789,7 +1856,9 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
}
serial_size = sizeof(serial);
- result = gnutls_x509_crt_get_subject_key_id(signer, serial, &serial_size, NULL);
+ result =
+ gnutls_x509_crt_get_subject_key_id(signer, serial,
+ &serial_size, NULL);
if (result < 0)
return gnutls_assert_val(result);
@@ -1801,7 +1870,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
}
} else {
serial_size = sizeof(serial);
- result = gnutls_x509_crt_get_serial(signer, serial, &serial_size);
+ result =
+ gnutls_x509_crt_get_serial(signer, serial, &serial_size);
if (result < 0)
return gnutls_assert_val(result);
@@ -1812,15 +1882,19 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.serialNumber", root);
+ snprintf(name, sizeof(name),
+ "%s.sid.issuerAndSerialNumber.serialNumber", root);
result = asn1_write_value(c2, name, serial, serial_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.issuer", root);
- result = asn1_copy_node(c2, name, signer->cert, "tbsCertificate.issuer");
+ snprintf(name, sizeof(name),
+ "%s.sid.issuerAndSerialNumber.issuer", root);
+ result =
+ asn1_copy_node(c2, name, signer->cert,
+ "tbsCertificate.issuer");
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1830,7 +1904,8 @@ static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t sig
return 0;
}
-static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, unsigned already_set)
+static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
+ unsigned already_set)
{
char name[256];
gnutls_pkcs7_attrs_st *p = attrs;
@@ -1841,7 +1916,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
if (already_set == 0)
asn1_write_value(c2, root, NULL, 0);
} else {
- while(p != NULL) {
+ while (p != NULL) {
result = asn1_write_value(c2, root, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
@@ -1849,8 +1924,7 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, p->oid, 1);
+ result = asn1_write_value(c2, name, p->oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1863,8 +1937,11 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.?LAST.values.?1", root);
- result = asn1_write_value(c2, name, p->data.data, p->data.size);
+ snprintf(name, sizeof(name), "%s.?LAST.values.?1",
+ root);
+ result =
+ asn1_write_value(c2, name, p->data.data,
+ p->data.size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -1877,14 +1954,15 @@ static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
return 0;
}
-static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t *data,
- const mac_entry_st *me, gnutls_pkcs7_attrs_t other_attrs,
- unsigned flags)
+static int write_attributes(ASN1_TYPE c2, const char *root,
+ const gnutls_datum_t * data,
+ const mac_entry_st * me,
+ gnutls_pkcs7_attrs_t other_attrs, unsigned flags)
{
char name[256];
int result, ret;
uint8_t digest[MAX_HASH_SIZE];
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned digest_size;
unsigned already_set = 0;
@@ -1903,8 +1981,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1);
+ result = asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -1930,7 +2007,6 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
already_set = 1;
}
-
ret = add_attrs(c2, root, other_attrs, already_set);
if (ret < 0) {
gnutls_assert();
@@ -1947,8 +2023,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1);
+ result = asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -1963,7 +2038,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
return ret;
}
- ret = _gnutls_x509_get_raw_field(c2, "encapContentInfo.eContentType", &tmp);
+ ret =
+ _gnutls_x509_get_raw_field(c2,
+ "encapContentInfo.eContentType",
+ &tmp);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1998,9 +2076,10 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
}
snprintf(name, sizeof(name), "%s.?LAST", root);
- ret = _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST,
- c2, name,
- digest, digest_size, 1);
+ ret =
+ _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST,
+ c2, name, digest,
+ digest_size, 1);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -2038,15 +2117,14 @@ static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t
int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_t signer,
gnutls_privkey_t signer_key,
- const gnutls_datum_t *data,
+ const gnutls_datum_t * data,
gnutls_pkcs7_attrs_t signed_attrs,
gnutls_pkcs7_attrs_t unsigned_attrs,
- gnutls_digest_algorithm_t dig,
- unsigned flags)
+ gnutls_digest_algorithm_t dig, unsigned flags)
{
int ret, result;
- gnutls_datum_t sigdata = {NULL, 0};
- gnutls_datum_t signature = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
+ gnutls_datum_t signature = { NULL, 0 };
const mac_entry_st *me = hash_to_entry(dig);
unsigned pk, sigalgo;
@@ -2054,7 +2132,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
return GNUTLS_E_INVALID_REQUEST;
if (pkcs7->signed_data == ASN1_TYPE_EMPTY) {
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", &pkcs7->signed_data);
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-SignedData",
+ &pkcs7->signed_data);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2062,20 +2143,27 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
if (!(flags & GNUTLS_PKCS7_EMBED_DATA)) {
- asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", NULL, 0);
}
}
asn1_write_value(pkcs7->signed_data, "version", &one, 1);
- result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContentType", PLAIN_DATA_OID, 0);
+ result =
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContentType", PLAIN_DATA_OID,
+ 0);
if (result != ASN1_SUCCESS) {
ret = _gnutls_asn2err(result);
goto cleanup;
}
- if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */
- result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", data->data, data->size);
+ if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */
+ result =
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", data->data,
+ data->size);
if (result != ASN1_SUCCESS) {
ret = _gnutls_asn2err(result);
goto cleanup;
@@ -2091,7 +2179,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
/* append digest info algorithm */
- result = asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1);
+ result =
+ asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2099,13 +2188,16 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
result =
- asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.algorithm", _gnutls_x509_digest_to_oid(me), 1);
+ asn1_write_value(pkcs7->signed_data,
+ "digestAlgorithms.?LAST.algorithm",
+ _gnutls_x509_digest_to_oid(me), 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.parameters", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "digestAlgorithms.?LAST.parameters", NULL, 0);
/* append signer's info */
result = asn1_write_value(pkcs7->signed_data, "signerInfos", "NEW", 1);
@@ -2116,7 +2208,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", &one, 1);
+ asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version",
+ &one, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2124,27 +2217,38 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.algorithm", _gnutls_x509_digest_to_oid(me), 1);
+ asn1_write_value(pkcs7->signed_data,
+ "signerInfos.?LAST.digestAlgorithm.algorithm",
+ _gnutls_x509_digest_to_oid(me), 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.parameters", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "signerInfos.?LAST.digestAlgorithm.parameters", NULL,
+ 0);
- ret = write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, flags);
+ ret =
+ write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer,
+ flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", unsigned_attrs, 0);
+ ret =
+ add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs",
+ unsigned_attrs, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = write_attributes(pkcs7->signed_data, "signerInfos.?LAST.signedAttrs", data, me, signed_attrs, flags);
+ ret =
+ write_attributes(pkcs7->signed_data,
+ "signerInfos.?LAST.signedAttrs", data, me,
+ signed_attrs, flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -2160,7 +2264,10 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
* that a generic RSA OID should be used. We switch to this "unexpected" value
* because some implementations cannot cope with the "expected" signature values.
*/
- ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig, 1);
+ ret =
+ _gnutls_x509_write_sig_params(pkcs7->signed_data,
+ "signerInfos.?LAST.signatureAlgorithm",
+ pk, dig, 1);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -2174,20 +2281,24 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
}
/* sign the data */
- ret = figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, &sigdata);
+ ret =
+ figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo,
+ &sigdata);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature);
+ ret =
+ gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", signature.data, signature.size);
+ asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature",
+ signature.data, signature.size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
@@ -2201,4 +2312,3 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
gnutls_free(signature.data);
return ret;
}
-
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index a3dc9ac7b6..73fdc5df4b 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -555,8 +555,8 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
if (key->pk_algorithm == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) {
if (memcmp(ptr, PEM_KEY_PKCS8, sizeof(PEM_KEY_PKCS8)-1) == 0) {
result =
- _gnutls_fbase64_decode(PEM_KEY_PKCS8, begin_ptr,
- left, &_data);
+ _gnutls_fbase64_decode(PEM_KEY_PKCS8,
+ begin_ptr, left, &_data);
if (result >= 0) {
/* signal for PKCS #8 keys */
key->pk_algorithm = -1;
@@ -758,7 +758,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
if (memcmp(ptr, PEM_KEY_RSA, sizeof(PEM_KEY_RSA)-1) == 0 ||
memcmp(ptr, PEM_KEY_ECC, sizeof(PEM_KEY_ECC)-1) == 0 ||
memcmp(ptr, PEM_KEY_DSA, sizeof(PEM_KEY_DSA)-1) == 0) {
- head_enc = 0;
+ head_enc = 0;
}
}
}
@@ -788,7 +788,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
/* use the callback if any */
ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin));
if (ret == 0) {
- password = pin;
+ password = pin;
}
ret =
@@ -1784,17 +1784,17 @@ int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2)
ret = 0;
cleanup:
- gnutls_free(m1.data);
- gnutls_free(e1.data);
- gnutls_free(d1.data);
- gnutls_free(p1.data);
- gnutls_free(q1.data);
- gnutls_free(m2.data);
- gnutls_free(e2.data);
- gnutls_free(d2.data);
- gnutls_free(p2.data);
- gnutls_free(q2.data);
- return ret;
+ gnutls_free(m1.data);
+ gnutls_free(e1.data);
+ gnutls_free(d1.data);
+ gnutls_free(p1.data);
+ gnutls_free(q1.data);
+ gnutls_free(m2.data);
+ gnutls_free(e2.data);
+ gnutls_free(d2.data);
+ gnutls_free(p2.data);
+ gnutls_free(q2.data);
+ return ret;
}
static
@@ -1836,13 +1836,13 @@ int cmp_dsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2)
ret = 0;
cleanup:
- gnutls_free(g1.data);
- gnutls_free(p1.data);
- gnutls_free(q1.data);
- gnutls_free(g2.data);
- gnutls_free(p2.data);
- gnutls_free(q2.data);
- return ret;
+ gnutls_free(g1.data);
+ gnutls_free(p1.data);
+ gnutls_free(q1.data);
+ gnutls_free(g2.data);
+ gnutls_free(p2.data);
+ gnutls_free(q2.data);
+ return ret;
}
/**
@@ -1909,7 +1909,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg
ret = cmp_dsa_key(key, okey);
cleanup:
- gnutls_x509_privkey_deinit(okey);
+ gnutls_x509_privkey_deinit(okey);
return ret;
}
@@ -2224,7 +2224,7 @@ void gnutls_x509_privkey_set_pin_function(gnutls_x509_privkey_t privkey,
*
**/
void gnutls_x509_privkey_set_flags(gnutls_x509_privkey_t key,
- unsigned int flags)
+ unsigned int flags)
{
key->flags |= flags;
}
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index bebc82afc4..74bb466c65 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -70,7 +70,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
case GNUTLS_PK_EC:
ret =
gnutls_x509_privkey_export2(pkey, GNUTLS_X509_FMT_DER,
- raw);
+ raw);
if (ret < 0) {
gnutls_assert();
goto error;
diff --git a/lib/x509/time.c b/lib/x509/time.c
index 9ae270e10e..5ae6be01ee 100644
--- a/lib/x509/time.c
+++ b/lib/x509/time.c
@@ -64,7 +64,7 @@ static const int MONTHDAYS[] = {
/* Whether a given year is a leap year. */
#define ISLEAP(year) \
- (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
+ (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
/*
** Given a struct tm representing a calendar time in UTC, convert it to
@@ -234,10 +234,10 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig
|| gtime >= 253402210800
#endif
) {
- if (tag)
- *tag = ASN1_TAG_GENERALIZEDTime;
- snprintf(str_time, str_time_size, "99991231235959Z");
- return 0;
+ if (tag)
+ *tag = ASN1_TAG_GENERALIZEDTime;
+ snprintf(str_time, str_time_size, "99991231235959Z");
+ return 0;
}
if (!gmtime_r(&gtime, &_tm)) {
@@ -247,11 +247,11 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig
if (_tm.tm_year >= 150) {
if (tag)
- *tag = ASN1_TAG_GENERALIZEDTime;
+ *tag = ASN1_TAG_GENERALIZEDTime;
ret = strftime(str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm);
} else {
if (tag)
- *tag = ASN1_TAG_UTCTime;
+ *tag = ASN1_TAG_UTCTime;
ret = strftime(str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm);
}
if (!ret) {
@@ -273,8 +273,8 @@ gtime_to_generalTime(time_t gtime, char *str_time, size_t str_time_size)
|| gtime >= 253402210800
#endif
) {
- snprintf(str_time, str_time_size, "99991231235959Z");
- return 0;
+ snprintf(str_time, str_time_size, "99991231235959Z");
+ return 0;
}
if (!gmtime_r(&gtime, &_tm)) {
diff --git a/lib/x509/tls_features.c b/lib/x509/tls_features.c
index af5bb06a51..d6055fa28a 100644
--- a/lib/x509/tls_features.c
+++ b/lib/x509/tls_features.c
@@ -214,7 +214,7 @@ int gnutls_x509_crt_set_tlsfeatures(gnutls_x509_crt_t crt,
* Since: 3.5.1
**/
unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat,
- gnutls_x509_crt_t cert)
+ gnutls_x509_crt_t cert)
{
int ret;
gnutls_x509_tlsfeatures_t cfeat;
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 6aa732c7d9..e7484ff439 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -346,7 +346,7 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
static int
advance_iter(gnutls_x509_trust_list_t list,
- gnutls_x509_trust_list_iter_t iter)
+ gnutls_x509_trust_list_iter_t iter)
{
int ret;
@@ -408,8 +408,8 @@ advance_iter(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list,
- gnutls_x509_trust_list_iter_t *iter,
- gnutls_x509_crt_t *crt)
+ gnutls_x509_trust_list_iter_t *iter,
+ gnutls_x509_crt_t *crt)
{
int ret;
@@ -745,9 +745,9 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
if (gnutls_x509_crl_get_this_update(crl_list[i]) >=
gnutls_x509_crl_get_this_update(list->node[hash].crls[x])) {
- gnutls_x509_crl_deinit(list->node[hash].crls[x]);
- list->node[hash].crls[x] = crl_list[i];
- goto next;
+ gnutls_x509_crl_deinit(list->node[hash].crls[x]);
+ list->node[hash].crls[x] = crl_list[i];
+ goto next;
} else {
/* The new is older, discard it */
gnutls_x509_crl_deinit(crl_list[i]);
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 3a0fbe04b7..ecd2369b1c 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -660,8 +660,8 @@ verify_crt(gnutls_x509_crt_t cert,
if (issuer_version < 0) {
MARK_INVALID(0);
} else if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
- ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
- || issuer_version != 1)) {
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1)) {
if (check_if_ca(cert, issuer, &vparams->max_path, flags) != 1) {
MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_CA);
}
@@ -687,11 +687,11 @@ verify_crt(gnutls_x509_crt_t cert,
if (me == NULL) {
MARK_INVALID(0);
} else if (cert_signed_data.data != NULL &&
- cert_signature.data != NULL) {
+ cert_signature.data != NULL) {
ret =
_gnutls_x509_verify_data(me,
&cert_signed_data,
- &cert_signature,
+ &cert_signature,
issuer);
if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE);
@@ -1123,8 +1123,8 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
/* check against issuer */
ret = gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1],
- &raw_issuer, GNUTLS_X509_FMT_DER,
- GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
+ &raw_issuer, GNUTLS_X509_FMT_DER,
+ GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
if (ret < 0) {
gnutls_assert();
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && clist_size > 2) {
@@ -1132,7 +1132,7 @@ _gnutls_pkcs11_verify_crt_status(const char* url,
/* check if the last certificate in the chain is present
* in our trusted list, and if yes, verify against it. */
ret = gnutls_pkcs11_crt_is_known(url, certificate_list[clist_size - 1],
- GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE);
+ GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE);
if (ret != 0) {
return _gnutls_verify_crt_status(certificate_list, clist_size,
&certificate_list[clist_size - 1], 1, flags,
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index a781d2e098..25f1d2691a 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -73,7 +73,7 @@ static int crt_reinit(gnutls_x509_crt_t crt)
* Since: 3.5.0
**/
unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1,
- gnutls_x509_crt_t cert2)
+ gnutls_x509_crt_t cert2)
{
int ret;
bool result;
@@ -305,12 +305,12 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert)
/* handle equally empty parameters with missing parameters */
if (sp1.size == 2 && memcmp(sp1.data, "\x05\x00", 2) == 0) {
empty1 = 1;
- _gnutls_free_datum(&sp1);
+ _gnutls_free_datum(&sp1);
}
if (sp2.size == 2 && memcmp(sp2.data, "\x05\x00", 2) == 0) {
empty2 = 1;
- _gnutls_free_datum(&sp2);
+ _gnutls_free_datum(&sp2);
}
if (empty1 != empty2 ||
@@ -322,9 +322,9 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert)
ret = 0;
cleanup:
- _gnutls_free_datum(&sp1);
- _gnutls_free_datum(&sp2);
- return ret;
+ _gnutls_free_datum(&sp1);
+ _gnutls_free_datum(&sp2);
+ return ret;
}
/**
@@ -889,8 +889,8 @@ gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
- gnutls_free(dsig.data);
- return ret;
+ gnutls_free(dsig.data);
+ return ret;
}
/**
@@ -1225,10 +1225,10 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
- if (aki != NULL)
- gnutls_x509_aki_deinit(aki);
- gnutls_free(der.data);
- return ret;
+ if (aki != NULL)
+ gnutls_x509_aki_deinit(aki);
+ gnutls_free(der.data);
+ return ret;
}
/**
@@ -1311,10 +1311,10 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id,
ret = 0;
cleanup:
- if (aki != NULL)
- gnutls_x509_aki_deinit(aki);
- gnutls_free(der.data);
- return ret;
+ if (aki != NULL)
+ gnutls_x509_aki_deinit(aki);
+ gnutls_free(der.data);
+ return ret;
}
/**
@@ -2139,8 +2139,8 @@ gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx,
ret = 0;
cleanup:
- if (policies != NULL)
- gnutls_x509_policies_deinit(policies);
+ if (policies != NULL)
+ gnutls_x509_policies_deinit(policies);
_gnutls_free_datum(&tmpd);
return ret;
@@ -2846,8 +2846,8 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
return 0; /* not revoked. */
fail:
- gnutls_x509_crl_iter_deinit(iter);
- return ret;
+ gnutls_x509_crl_iter_deinit(iter);
+ return ret;
}
@@ -2919,7 +2919,7 @@ gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
@@ -3090,9 +3090,9 @@ gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
- gnutls_free(ext.data);
- if (p!=NULL)
- gnutls_x509_key_purpose_deinit(p);
+ gnutls_free(ext.data);
+ if (p!=NULL)
+ gnutls_x509_key_purpose_deinit(p);
return ret;
}
@@ -3137,7 +3137,7 @@ gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
@@ -3186,7 +3186,7 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
@@ -3234,7 +3234,7 @@ gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt,
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index dc51e4b68b..d503d5d394 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -2665,7 +2665,7 @@ static int parse_aia(ASN1_TYPE c2, gnutls_x509_aia_t aia)
result = asn1_read_value(c2, nptr, tmpoid, &len);
if (result == ASN1_VALUE_NOT_FOUND
|| result == ASN1_ELEMENT_NOT_FOUND) {
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
break;
}
@@ -3141,7 +3141,7 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out)
ret = 0;
goto cleanup;
fail:
- memset(out, 0, sizeof(*out));
+ memset(out, 0, sizeof(*out));
cleanup:
asn1_delete_structure(&c2);
return ret;
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 86b9280950..bf6cba155e 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -335,8 +335,8 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
**/
int
gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq, const char *oid,
- unsigned flags)
+ gnutls_x509_crq_t crq, const char *oid,
+ unsigned flags)
{
size_t i;
@@ -835,10 +835,9 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt,
/* generate the extension.
*/
result =
- _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
- encoded_data.data, encoded_data.size,
- &prev_der_data,
- &der_data);
+ _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
+ encoded_data.data, encoded_data.size,
+ &prev_der_data, &der_data);
if (result < 0) {
gnutls_assert();
@@ -926,11 +925,9 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt,
/* generate the extension.
*/
result =
- _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
- encoded_data.data, encoded_data.size,
- &prev_der_data,
- &der_data);
-
+ _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
+ encoded_data.data, encoded_data.size,
+ &prev_der_data, &der_data);
if (result < 0) {
gnutls_assert();
goto finish;
@@ -1818,9 +1815,9 @@ gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt,
goto cleanup;
}
- cleanup:
- if (aia_ctx != NULL)
- gnutls_x509_aia_deinit(aia_ctx);
+ cleanup:
+ if (aia_ctx != NULL)
+ gnutls_x509_aia_deinit(aia_ctx);
_gnutls_free_datum(&new_der);
_gnutls_free_datum(&der);
@@ -1899,8 +1896,8 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt,
&der_data, 0);
cleanup:
- if (policies != NULL)
- gnutls_x509_policies_deinit(policies);
+ if (policies != NULL)
+ gnutls_x509_policies_deinit(policies);
_gnutls_free_datum(&prev_der_data);
_gnutls_free_datum(&der_data);
View Lorry Controller Status