int i, j;
const char *desc;
const char *_name;
- error_name names_to_sort[400]; /* up to 400 names */
+ error_name names_to_sort[400]; /* up to 400 names */
printf ("@table @code\n");
{
_name = gnutls_strerror_name (i);
if (_name == NULL)
- continue;
+ continue;
strcpy (names_to_sort[j].name, _name);
names_to_sort[j].error_index = i;
_name = names_to_sort[i].name;
desc = gnutls_strerror (names_to_sort[i].error_index);
if (desc == NULL || _name == NULL)
- continue;
+ continue;
printf ("@item %s:\n%s\n\n", _name, desc);
}
* a server, and we had requested a rehandshake.
*/
if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
- printf ("* Received NO_RENEGOTIATION alert. "
- "Client Does not support renegotiation.\n");
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
+ printf ("* Received NO_RENEGOTIATION alert. "
+ "Client Does not support renegotiation.\n");
else
- printf ("* Received alert '%d': %s.\n", last_alert,
- gnutls_alert_get_name (last_alert));
+ printf ("* Received alert '%d': %s.\n", last_alert,
+ gnutls_alert_get_name (last_alert));
}
}
extern void tcp_close (int sd);
static int cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st);
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st);
gnutls_x509_crt_t crt;
gnutls_pkcs11_privkey_t key;
/* some tokens require login to read data */
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
ret = gnutls_x509_crt_import_pkcs11_url (crt, CERT_URL,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
static int
pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max)
{
const char *password;
int len;
printf ("PIN required for token '%s' with URL '%s'\n", token_label,
- token_url);
+ token_url);
if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
printf ("*** This is the final try before locking!\n");
if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
static int
cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st)
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st)
{
char issuer_dn[256];
int i, ret;
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
- }
+ {
+ printf (" [%d]: ", i);
+ printf ("%s\n", issuer_dn);
+ }
}
/* Select a certificate and return it.
ret = gnutls_x509_crt_get_signature_algorithm (crt);
if (ret < 0)
- {
- /* error reading signature algorithm
- */
- return -1;
- }
+ {
+ /* error reading signature algorithm
+ */
+ return -1;
+ }
cert_algo = ret;
i = 0;
do
- {
- ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo);
- if (ret >= 0 && cert_algo == req_algo)
- {
- match = 1;
- break;
- }
-
- /* server has not requested anything specific */
- if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- match = 1;
- break;
- }
- i++;
- }
+ {
+ ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo);
+ if (ret >= 0 && cert_algo == req_algo)
+ {
+ match = 1;
+ break;
+ }
+
+ /* server has not requested anything specific */
+ if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ match = 1;
+ break;
+ }
+ i++;
+ }
while (ret >= 0);
if (match == 0)
- {
- printf
- ("- Could not find a suitable certificate to send to server\n");
- return -1;
- }
+ {
+ printf
+ ("- Could not find a suitable certificate to send to server\n");
+ return -1;
+ }
st->cert_type = type;
st->ncerts = 1;
extern void tcp_close (int sd);
static int cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st);
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st);
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
static int
cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st)
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st)
{
char issuer_dn[256];
int i, ret;
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
- }
+ {
+ printf (" [%d]: ", i);
+ printf ("%s\n", issuer_dn);
+ }
}
/* Select a certificate and return it.
ret = gnutls_x509_crt_get_signature_algorithm (crt);
if (ret < 0)
- {
- /* error reading signature algorithm
- */
- return -1;
- }
+ {
+ /* error reading signature algorithm
+ */
+ return -1;
+ }
cert_algo = ret;
i = 0;
do
- {
- ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo);
- if (ret >= 0 && cert_algo == req_algo)
- {
- match = 1;
- break;
- }
-
- /* server has not requested anything specific */
- if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- match = 1;
- break;
- }
- i++;
- }
+ {
+ ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo);
+ if (ret >= 0 && cert_algo == req_algo)
+ {
+ match = 1;
+ break;
+ }
+
+ /* server has not requested anything specific */
+ if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ match = 1;
+ break;
+ }
+ i++;
+ }
while (ret >= 0);
if (match == 0)
- {
- printf
- ("- Could not find a suitable certificate to send to server\n");
- return -1;
- }
+ {
+ printf
+ ("- Could not find a suitable certificate to send to server\n");
+ return -1;
+ }
st->cert_type = type;
st->ncerts = 1;
gnutls_psk_allocate_client_credentials (&pskcred);
gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
+ GNUTLS_PSK_KEY_HEX);
/* Initialize TLS session
*/
if (ret < 0)
{
if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
- }
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ }
exit (1);
}
gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
for (t = 0; t < 2; t++)
- { /* connect 2 times to the server */
+ { /* connect 2 times to the server */
sd = tcp_connect ();
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
if (t > 0)
- {
- /* if this is not the first time we connect */
- gnutls_session_set_data (session, session_data, session_data_size);
- free (session_data);
- }
+ {
+ /* if this is not the first time we connect */
+ gnutls_session_set_data (session, session_data, session_data_size);
+ free (session_data);
+ }
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
+ {
+ fprintf (stderr, "*** Handshake failed\n");
+ gnutls_perror (ret);
+ goto end;
+ }
else
- {
- printf ("- Handshake was completed\n");
- }
+ {
+ printf ("- Handshake was completed\n");
+ }
if (t == 0)
- { /* the first time we connect */
- /* get the session data size */
- gnutls_session_get_data (session, NULL, &session_data_size);
- session_data = malloc (session_data_size);
+ { /* the first time we connect */
+ /* get the session data size */
+ gnutls_session_get_data (session, NULL, &session_data_size);
+ session_data = malloc (session_data_size);
- /* put session data to the session variable */
- gnutls_session_get_data (session, session_data, &session_data_size);
+ /* put session data to the session variable */
+ gnutls_session_get_data (session, session_data, &session_data_size);
- }
+ }
else
- { /* the second time we connect */
-
- /* check if we actually resumed the previous session */
- if (gnutls_session_is_resumed (session) != 0)
- {
- printf ("- Previous session was resumed\n");
- }
- else
- {
- fprintf (stderr, "*** Previous session was NOT resumed\n");
- }
- }
+ { /* the second time we connect */
+
+ /* check if we actually resumed the previous session */
+ if (gnutls_session_is_resumed (session) != 0)
+ {
+ printf ("- Previous session was resumed\n");
+ }
+ else
+ {
+ fprintf (stderr, "*** Previous session was NOT resumed\n");
+ }
+ }
/* This function was defined in a previous example
*/
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
+ {
+ printf ("- Peer has closed the TLS connection\n");
+ goto end;
+ }
else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
+ {
+ fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
+ goto end;
+ }
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
gnutls_bye (session, GNUTLS_SHUT_RDWR);
gnutls_deinit (session);
- } /* for() */
+ } /* for() */
gnutls_certificate_free_credentials (xcred);
gnutls_certificate_allocate_credentials (&cert_cred);
gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
gnutls_srp_set_client_credentials (srp_cred, USERNAME, PASSWORD);
/* connects to server
if (gnutls_error_is_fatal (ret) == 1 || ret == 0)
{
if (ret == 0)
- {
- printf ("- Peer has closed the GnuTLS connection\n");
- goto end;
- }
+ {
+ printf ("- Peer has closed the GnuTLS connection\n");
+ goto end;
+ }
else
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
+ {
+ fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
+ goto end;
+ }
}
else
check_alert (session, ret);
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
}
gnutls_bye (session, GNUTLS_SHUT_RDWR);
static int
client_avp (gnutls_session_t session, void *ptr,
- const char *last, size_t lastlen, char **new, size_t * newlen)
+ const char *last, size_t lastlen, char **new, size_t * newlen)
{
if (last)
printf ("- received %d bytes AVP: `%.*s'\n",
- (int) lastlen, (int) lastlen, last);
+ (int) lastlen, (int) lastlen, last);
else
printf ("- new application phase\n");
ret = gnutls_ia_handshake (session);
if (ret < 0)
- {
- fprintf (stderr, "*** TLS/IA handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
+ {
+ fprintf (stderr, "*** TLS/IA handshake failed\n");
+ gnutls_perror (ret);
+ goto end;
+ }
else
- {
- printf ("- TLS/IA Handshake was completed\n");
- }
+ {
+ printf ("- TLS/IA Handshake was completed\n");
+ }
}
/* Use default priorities */
gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-DH:!ARCFOUR-128",
- NULL);
+ NULL);
/* put the anonymous credentials to the current session
*/
if (ret < 0)
{
if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
- }
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ }
exit (1);
}
/* Add stuff to the distinguished name
*/
gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME,
- 0, "GR", 2);
+ 0, "GR", 2);
gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
- 0, "Nikos", strlen ("Nikos"));
+ 0, "Nikos", strlen ("Nikos"));
/* Set the request version.
*/
*/
int
write_pkcs12 (const gnutls_datum_t * cert,
- const gnutls_datum_t * pkcs8_key, const char *password)
+ const gnutls_datum_t * pkcs8_key, const char *password)
{
gnutls_pkcs12_t pkcs12;
int ret, bag_index;
*/
ret = gnutls_pkcs12_bag_set_data (key_bag,
- GNUTLS_BAG_PKCS8_ENCRYPTED_KEY,
- pkcs8_key);
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY,
+ pkcs8_key);
if (ret < 0)
{
fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
pkcs12_struct_size = sizeof (pkcs12_struct);
ret =
gnutls_pkcs12_export (pkcs12, GNUTLS_X509_FMT_DER, pkcs12_struct,
- &pkcs12_struct_size);
+ &pkcs12_struct_size);
if (ret < 0)
{
fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
if (!gnutls_x509_crt_check_hostname (cert, hostname))
{
printf ("The certificate's owner does not match hostname '%s'\n",
- hostname);
+ hostname);
return GNUTLS_E_CERTIFICATE_ERROR;
}
gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_function (xcred, verify_certificate_callback);
gnutls_certificate_set_verify_flags (xcred,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
/* Initialize TLS session
*/
if (ret < 0)
{
if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
- }
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ }
exit (1);
}
#define SA struct sockaddr
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
SOCKET_ERR (err, "bind");
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
+ {
+ close (sd);
+ gnutls_deinit (session);
+ fprintf (stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ continue;
+ }
printf ("- Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ printf ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fprintf (stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n", ret);
+ break;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
+ }
printf ("\n");
/* do not wait for the peer to close the connection.
*/
#define SA struct sockaddr
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
gnutls_certificate_allocate_credentials (&cred);
gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE,
- GNUTLS_OPENPGP_FMT_BASE64);
+ GNUTLS_OPENPGP_FMT_BASE64);
gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE,
- GNUTLS_OPENPGP_FMT_BASE64);
+ GNUTLS_OPENPGP_FMT_BASE64);
generate_dh_params ();
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
SOCKET_ERR (err, "bind");
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
+ {
+ close (sd);
+ gnutls_deinit (session);
+ fprintf (stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ continue;
+ }
printf ("- Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ printf ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fprintf (stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n", ret);
+ break;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
+ }
printf ("\n");
/* do not wait for the peer to close the connection.
*/
#define SA struct sockaddr
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
gnutls_certificate_allocate_credentials (&x509_cred);
gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
gnutls_psk_allocate_server_credentials (&psk_cred);
gnutls_psk_set_server_credentials_function (psk_cred, pskfunc);
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
SOCKET_ERR (err, "bind");
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
+ {
+ close (sd);
+ gnutls_deinit (session);
+ fprintf (stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ continue;
+ }
printf ("- Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ printf ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fprintf (stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n", ret);
+ break;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
+ }
printf ("\n");
/* do not wait for the peer to close the connection.
*/
#define SA struct sockaddr
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
/* These are global */
gnutls_srp_server_credentials_t srp_cred;
/* these must be called once in the program
*/
gnutls_global_init ();
- gnutls_global_init_extra (); /* for SRP */
+ gnutls_global_init_extra (); /* for SRP */
/* SRP_PASSWD a password file (created with the included srptool utility)
*/
gnutls_srp_allocate_server_credentials (&srp_cred);
gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD,
- SRP_PASSWD_CONF);
+ SRP_PASSWD_CONF);
gnutls_certificate_allocate_credentials (&cert_cred);
gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
/* TCP socket operations
*/
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
SOCKET_ERR (err, "bind");
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
+ {
+ close (sd);
+ gnutls_deinit (session);
+ fprintf (stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ continue;
+ }
printf ("- Handshake was completed\n");
/* print_info(session); */
for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ printf ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fprintf (stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n", ret);
+ break;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
+ }
printf ("\n");
/* do not wait for the peer to close the connection. */
gnutls_bye (session, GNUTLS_SHUT_WR);
#define SA struct sockaddr
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
gnutls_certificate_allocate_credentials (&x509_cred);
gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
generate_dh_params ();
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
SOCKET_ERR (err, "bind");
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
+ {
+ close (sd);
+ gnutls_deinit (session);
+ fprintf (stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ continue;
+ }
printf ("- Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ printf ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fprintf (stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n", ret);
+ break;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
+ }
printf ("\n");
/* do not wait for the peer to close the connection.
*/
#ifdef ENABLE_SRP
case GNUTLS_CRD_SRP:
printf ("- SRP session with username %s\n",
- gnutls_srp_server_get_username (session));
+ gnutls_srp_server_get_username (session));
break;
#endif
/* This returns NULL in server side.
*/
if (gnutls_psk_client_get_hint (session) != NULL)
- printf ("- PSK authentication. PSK hint '%s'\n",
- gnutls_psk_client_get_hint (session));
+ printf ("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint (session));
/* This returns NULL in client side.
*/
if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
+ printf ("- PSK authentication. Connected as '%s'\n",
+ gnutls_psk_server_get_username (session));
break;
- case GNUTLS_CRD_ANON: /* anonymous authentication */
+ case GNUTLS_CRD_ANON: /* anonymous authentication */
printf ("- Anonymous DH using prime of %d bits\n",
- gnutls_dh_get_prime_bits (session));
+ gnutls_dh_get_prime_bits (session));
break;
- case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */
+ case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */
/* Check if we have been using ephemeral Diffie-Hellman.
*/
if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- {
- printf ("\n- Ephemeral DH using prime of %d bits\n",
- gnutls_dh_get_prime_bits (session));
- }
+ {
+ printf ("\n- Ephemeral DH using prime of %d bits\n",
+ gnutls_dh_get_prime_bits (session));
+ }
/* if the certificate list is available, then
* print some information about it.
*/
print_x509_certificate_info (session);
- } /* switch */
+ } /* switch */
/* print the protocol's name (ie TLS 1.0)
*/
int ca_list_size;
static void verify_cert2 (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crl_t * crl_list, int crl_list_size);
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crl_t * crl_list, int crl_list_size);
static void verify_last_cert (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t * ca_list, int ca_list_size,
- gnutls_x509_crl_t * crl_list,
- int crl_list_size);
+ gnutls_x509_crt_t * ca_list, int ca_list_size,
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size);
/* This function will try to verify the peer's certificate chain, and
*/
void
verify_certificate_chain (gnutls_session_t session,
- const char *hostname,
- const gnutls_datum_t * cert_chain,
- int cert_chain_length)
+ const char *hostname,
+ const gnutls_datum_t * cert_chain,
+ int cert_chain_length)
{
int i;
gnutls_x509_crt_t *cert;
* list.
*/
if (gnutls_x509_crt_check_issuer (cert[cert_chain_length - 1],
- cert[cert_chain_length - 1]) > 0
+ cert[cert_chain_length - 1]) > 0
&& cert_chain_length > 0)
{
cert_chain_length--;
* our trusted CA list.
*/
verify_last_cert (cert[cert_chain_length - 1],
- ca_list, ca_list_size, crl_list, crl_list_size);
+ ca_list, ca_list_size, crl_list, crl_list_size);
/* Check if the name in the first certificate matches our destination!
*/
if (!gnutls_x509_crt_check_hostname (cert[0], hostname))
{
printf ("The certificate's owner does not match hostname '%s'\n",
- hostname);
+ hostname);
}
for (i = 0; i < cert_chain_length; i++)
*/
static void
verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_crl_t * crl_list, int crl_list_size)
+ gnutls_x509_crl_t * crl_list, int crl_list_size)
{
unsigned int output;
int ret;
fprintf (stderr, "Not trusted");
if (output & GNUTLS_CERT_SIGNER_NOT_FOUND)
- fprintf (stderr, ": no issuer was found");
+ fprintf (stderr, ": no issuer was found");
if (output & GNUTLS_CERT_SIGNER_NOT_CA)
- fprintf (stderr, ": issuer is not a CA");
+ fprintf (stderr, ": issuer is not a CA");
if (output & GNUTLS_CERT_NOT_ACTIVATED)
- fprintf (stderr, ": not yet activated\n");
+ fprintf (stderr, ": not yet activated\n");
if (output & GNUTLS_CERT_EXPIRED)
- fprintf (stderr, ": expired\n");
+ fprintf (stderr, ": expired\n");
fprintf (stderr, "\n");
}
*/
ret = gnutls_x509_crt_check_revocation (crt, crl_list, crl_list_size);
if (ret == 1)
- { /* revoked */
+ { /* revoked */
fprintf (stderr, "Revoked\n");
}
}
*/
static void
verify_last_cert (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t * ca_list, int ca_list_size,
- gnutls_x509_crl_t * crl_list, int crl_list_size)
+ gnutls_x509_crt_t * ca_list, int ca_list_size,
+ gnutls_x509_crl_t * crl_list, int crl_list_size)
{
unsigned int output;
int ret;
/* Do the actual verification.
*/
gnutls_x509_crt_verify (crt, ca_list, ca_list_size,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &output);
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &output);
if (output & GNUTLS_CERT_INVALID)
{
fprintf (stderr, "Not trusted");
if (output & GNUTLS_CERT_SIGNER_NOT_CA)
- fprintf (stderr, ": Issuer is not a CA\n");
+ fprintf (stderr, ": Issuer is not a CA\n");
if (output & GNUTLS_CERT_NOT_ACTIVATED)
- fprintf (stderr, ": Not yet activated\n");
+ fprintf (stderr, ": Not yet activated\n");
if (output & GNUTLS_CERT_EXPIRED)
- fprintf (stderr, ": Expired\n");
+ fprintf (stderr, ": Expired\n");
fprintf (stderr, "\n");
}
else
*/
ret = gnutls_x509_crt_check_revocation (crt, crl_list, crl_list_size);
if (ret == 1)
- { /* revoked */
+ { /* revoked */
fprintf (stderr, "Revoked\n");
}
}
ret = gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
if (ret == 0)
- {
- printf ("\t%s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
+ {
+ printf ("\t%s\n", cinfo.data);
+ gnutls_free (cinfo.data);
+ }
/* If you want to extract fields manually for some other reason,
below are popular example calls. */
algo = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
printf ("Certificate public key: %s",
- gnutls_pk_algorithm_get_name (algo));
+ gnutls_pk_algorithm_get_name (algo));
/* Print the version of the X.509
* certificate.
*/
printf ("\tCertificate version: #%d\n",
- gnutls_x509_crt_get_version (cert));
+ gnutls_x509_crt_get_version (cert));
size = sizeof (dn);
gnutls_x509_crt_get_dn (cert, dn, &size);
int
write_pkcs12 (const gnutls_datum_t * cert,
- const gnutls_datum_t * pkcs8_key, const char *password);
+ const gnutls_datum_t * pkcs8_key, const char *password);
void verify_certificate (gnutls_session_t session, const char *hostname);
void
verify_certificate_chain (gnutls_session_t session,
- const char *hostname,
- const gnutls_datum_t * cert_chain,
- int cert_chain_length);
+ const char *hostname,
+ const gnutls_datum_t * cert_chain,
+ int cert_chain_length);
#endif /* EXAMPLES_H */
extern void
tcp_close (int sd)
{
- shutdown (sd, SHUT_RDWR); /* no more receptions */
+ shutdown (sd, SHUT_RDWR); /* no more receptions */
close (sd);
}
printf ("Available cipher suites:\n");
printf ("@multitable @columnfractions .60 .20 .20\n");
for (i = 0; (name = gnutls_cipher_suite_info
- (i, id, &kx, &cipher, &mac, &version)); i++)
+ (i, id, &kx, &cipher, &mac, &version)); i++)
{
- printf ("@item %s\n@tab 0x%02x 0x%02x\n@tab %s\n",
- name,
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
+ printf ("@item %s\n@tab 0x%02x 0x%02x\n@tab %s\n",
+ name,
+ (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name (version));
}
printf ("@end multitable\n");
}
printf ("\n\nAvailable certificate types:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_certificate_type_get_name (*p));
+ printf ("@item %s\n", gnutls_certificate_type_get_name (*p));
}
printf ("@end itemize\n");
}
printf ("\nAvailable protocols:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_protocol_get_name (*p));
+ printf ("@item %s\n", gnutls_protocol_get_name (*p));
}
printf ("@end itemize\n");
}
printf ("\nAvailable ciphers:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_cipher_get_name (*p));
+ printf ("@item %s\n", gnutls_cipher_get_name (*p));
}
printf ("@end itemize\n");
}
printf ("\nAvailable MAC algorithms:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_mac_get_name (*p));
+ printf ("@item %s\n", gnutls_mac_get_name (*p));
}
printf ("@end itemize\n");
}
printf ("\nAvailable key exchange methods:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_kx_get_name (*p));
+ printf ("@item %s\n", gnutls_kx_get_name (*p));
}
printf ("@end itemize\n");
}
printf ("\nAvailable public key algorithms:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_pk_get_name (*p));
+ printf ("@item %s\n", gnutls_pk_get_name (*p));
}
printf ("@end itemize\n");
}
printf ("\nAvailable public key signature algorithms:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_sign_get_name (*p));
+ printf ("@item %s\n", gnutls_sign_get_name (*p));
}
printf ("@end itemize\n");
}
printf ("\nAvailable compression methods:\n@itemize\n");
for (; *p; p++)
{
- printf ("@item %s\n", gnutls_compression_get_name (*p));
+ printf ("@item %s\n", gnutls_compression_get_name (*p));
}
printf ("@end itemize\n");
}
}
SCM_DEFINE (scm_gnutls_version, "gnutls-version", 0, 0, 0,
- (void),
- "Return a string denoting the version number of the underlying "
- "GnuTLS library, e.g., @code{\"1.7.2\"}.")
+ (void),
+ "Return a string denoting the version number of the underlying "
+ "GnuTLS library, e.g., @code{\"1.7.2\"}.")
#define FUNC_NAME s_scm_gnutls_version
{
return (scm_from_locale_string (gnutls_check_version (NULL)));
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_make_session, "make-session", 1, 0, 0,
- (SCM end),
- "Return a new session for connection end @var{end}, either "
- "@code{connection-end/server} or @code{connection-end/client}.")
+ (SCM end),
+ "Return a new session for connection end @var{end}, either "
+ "@code{connection-end/server} or @code{connection-end/client}.")
#define FUNC_NAME s_scm_gnutls_make_session
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_bye, "bye", 2, 0, 0,
- (SCM session, SCM how),
- "Close @var{session} according to @var{how}.")
+ (SCM session, SCM how),
+ "Close @var{session} according to @var{how}.")
#define FUNC_NAME s_scm_gnutls_bye
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_handshake, "handshake", 1, 0, 0,
- (SCM session), "Perform a handshake for @var{session}.")
+ (SCM session), "Perform a handshake for @var{session}.")
#define FUNC_NAME s_scm_gnutls_handshake
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_rehandshake, "rehandshake", 1, 0, 0,
- (SCM session), "Perform a re-handshaking for @var{session}.")
+ (SCM session), "Perform a re-handshaking for @var{session}.")
#define FUNC_NAME s_scm_gnutls_rehandshake
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_alert_get, "alert-get", 1, 0, 0,
- (SCM session), "Get an aleter from @var{session}.")
+ (SCM session), "Get an aleter from @var{session}.")
#define FUNC_NAME s_scm_gnutls_alert_get
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_alert_send, "alert-send", 3, 0, 0,
- (SCM session, SCM level, SCM alert),
- "Send @var{alert} via @var{session}.")
+ (SCM session, SCM level, SCM alert),
+ "Send @var{alert} via @var{session}.")
#define FUNC_NAME s_scm_gnutls_alert_send
{
int err;
/* Session accessors. */
SCM_DEFINE (scm_gnutls_session_cipher, "session-cipher", 1, 0, 0,
- (SCM session), "Return @var{session}'s cipher.")
+ (SCM session), "Return @var{session}'s cipher.")
#define FUNC_NAME s_scm_gnutls_session_cipher
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_kx, "session-kx", 1, 0, 0,
- (SCM session), "Return @var{session}'s kx.")
+ (SCM session), "Return @var{session}'s kx.")
#define FUNC_NAME s_scm_gnutls_session_kx
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_mac, "session-mac", 1, 0, 0,
- (SCM session), "Return @var{session}'s MAC.")
+ (SCM session), "Return @var{session}'s MAC.")
#define FUNC_NAME s_scm_gnutls_session_mac
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_compression_method,
- "session-compression-method", 1, 0, 0,
- (SCM session), "Return @var{session}'s compression method.")
+ "session-compression-method", 1, 0, 0,
+ (SCM session), "Return @var{session}'s compression method.")
#define FUNC_NAME s_scm_gnutls_session_compression_method
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_certificate_type,
- "session-certificate-type", 1, 0, 0,
- (SCM session), "Return @var{session}'s certificate type.")
+ "session-certificate-type", 1, 0, 0,
+ (SCM session), "Return @var{session}'s certificate type.")
#define FUNC_NAME s_scm_gnutls_session_certificate_type
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_protocol, "session-protocol", 1, 0, 0,
- (SCM session), "Return the protocol used by @var{session}.")
+ (SCM session), "Return the protocol used by @var{session}.")
#define FUNC_NAME s_scm_gnutls_session_protocol
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_authentication_type,
- "session-authentication-type",
- 1, 0, 0,
- (SCM session),
- "Return the authentication type (a @code{credential-type} value) "
- "used by @var{session}.")
+ "session-authentication-type",
+ 1, 0, 0,
+ (SCM session),
+ "Return the authentication type (a @code{credential-type} value) "
+ "used by @var{session}.")
#define FUNC_NAME s_scm_gnutls_session_authentication_type
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_server_authentication_type,
- "session-server-authentication-type",
- 1, 0, 0,
- (SCM session),
- "Return the server authentication type (a "
- "@code{credential-type} value) used in @var{session}.")
+ "session-server-authentication-type",
+ 1, 0, 0,
+ (SCM session),
+ "Return the server authentication type (a "
+ "@code{credential-type} value) used in @var{session}.")
#define FUNC_NAME s_scm_gnutls_session_server_authentication_type
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_client_authentication_type,
- "session-client-authentication-type",
- 1, 0, 0,
- (SCM session),
- "Return the client authentication type (a "
- "@code{credential-type} value) used in @var{session}.")
+ "session-client-authentication-type",
+ 1, 0, 0,
+ (SCM session),
+ "Return the client authentication type (a "
+ "@code{credential-type} value) used in @var{session}.")
#define FUNC_NAME s_scm_gnutls_session_client_authentication_type
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_peer_certificate_chain,
- "session-peer-certificate-chain",
- 1, 0, 0,
- (SCM session),
- "Return the a list of certificates in raw format (u8vectors) "
- "where the first one is the peer's certificate. In the case "
- "of OpenPGP, there is always exactly one certificate. In the "
- "case of X.509, subsequent certificates indicate form a "
- "certificate chain. Return the empty list if no certificate "
- "was sent.")
+ "session-peer-certificate-chain",
+ 1, 0, 0,
+ (SCM session),
+ "Return the a list of certificates in raw format (u8vectors) "
+ "where the first one is the peer's certificate. In the case "
+ "of OpenPGP, there is always exactly one certificate. In the "
+ "case of X.509, subsequent certificates indicate form a "
+ "certificate chain. Return the empty list if no certificate "
+ "was sent.")
#define FUNC_NAME s_scm_gnutls_session_peer_certificate_chain
{
SCM result;
result = scm_make_list (scm_from_uint (c_list_size), SCM_UNSPECIFIED);
for (i = 0, pair = result; i < c_list_size; i++, pair = SCM_CDR (pair))
- {
- unsigned char *c_cert_copy;
+ {
+ unsigned char *c_cert_copy;
- c_cert_copy = (unsigned char *) malloc (c_cert[i].size);
- if (EXPECT_FALSE (c_cert_copy == NULL))
- scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
+ c_cert_copy = (unsigned char *) malloc (c_cert[i].size);
+ if (EXPECT_FALSE (c_cert_copy == NULL))
+ scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
- memcpy (c_cert_copy, c_cert[i].data, c_cert[i].size);
+ memcpy (c_cert_copy, c_cert[i].data, c_cert[i].size);
- SCM_SETCAR (pair, scm_take_u8vector (c_cert_copy, c_cert[i].size));
- }
+ SCM_SETCAR (pair, scm_take_u8vector (c_cert_copy, c_cert[i].size));
+ }
}
return result;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_session_our_certificate_chain,
- "session-our-certificate-chain",
- 1, 0, 0,
- (SCM session),
- "Return our certificate chain for @var{session} (as sent to "
- "the peer) in raw format (a u8vector). In the case of OpenPGP "
- "there is exactly one certificate. Return the empty list "
- "if no certificate was used.")
+ "session-our-certificate-chain",
+ 1, 0, 0,
+ (SCM session),
+ "Return our certificate chain for @var{session} (as sent to "
+ "the peer) in raw format (a u8vector). In the case of OpenPGP "
+ "there is exactly one certificate. Return the empty list "
+ "if no certificate was used.")
#define FUNC_NAME s_scm_gnutls_session_our_certificate_chain
{
SCM result;
{
c_cert_copy = (unsigned char *) malloc (c_cert->size);
if (EXPECT_FALSE (c_cert_copy == NULL))
- scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
+ scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
memcpy (c_cert_copy, c_cert->data, c_cert->size);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_server_session_certificate_request_x,
- "set-server-session-certificate-request!",
- 2, 0, 0,
- (SCM session, SCM request),
- "Tell how @var{session}, a server-side session, should deal "
- "with certificate requests. @var{request} should be either "
- "@code{certificate-request/request} or "
- "@code{certificate-request/require}.")
+ "set-server-session-certificate-request!",
+ 2, 0, 0,
+ (SCM session, SCM request),
+ "Tell how @var{session}, a server-side session, should deal "
+ "with certificate requests. @var{request} should be either "
+ "@code{certificate-request/request} or "
+ "@code{certificate-request/require}.")
#define FUNC_NAME s_scm_gnutls_set_server_session_certificate_request_x
{
gnutls_session_t c_session;
#include "priorities.i.c"
SCM_DEFINE (scm_gnutls_set_default_priority_x,
- "set-session-default-priority!", 1, 0, 0,
- (SCM session), "Have @var{session} use the default priorities.")
+ "set-session-default-priority!", 1, 0, 0,
+ (SCM session), "Have @var{session} use the default priorities.")
#define FUNC_NAME s_scm_gnutls_set_default_priority_x
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_default_export_priority_x,
- "set-session-default-export-priority!", 1, 0, 0,
- (SCM session),
- "Have @var{session} use the default export priorities.")
+ "set-session-default-export-priority!", 1, 0, 0,
+ (SCM session),
+ "Have @var{session} use the default export priorities.")
#define FUNC_NAME s_scm_gnutls_set_default_export_priority_x
{
gnutls_session_t c_session;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_cipher_suite_to_string, "cipher-suite->string",
- 3, 0, 0,
- (SCM kx, SCM cipher, SCM mac),
- "Return the name of the given cipher suite.")
+ 3, 0, 0,
+ (SCM kx, SCM cipher, SCM mac),
+ "Return the name of the given cipher suite.")
#define FUNC_NAME s_scm_gnutls_cipher_suite_to_string
{
gnutls_kx_algorithm_t c_kx;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_session_credentials_x, "set-session-credentials!",
- 2, 0, 0,
- (SCM session, SCM cred),
- "Use @var{cred} as @var{session}'s credentials.")
+ 2, 0, 0,
+ (SCM session, SCM cred),
+ "Use @var{cred} as @var{session}'s credentials.")
#define FUNC_NAME s_scm_gnutls_set_session_credentials_x
{
int err = 0;
c_cred = scm_to_gnutls_certificate_credentials (cred, 2, FUNC_NAME);
err =
- gnutls_credentials_set (c_session, GNUTLS_CRD_CERTIFICATE, c_cred);
+ gnutls_credentials_set (c_session, GNUTLS_CRD_CERTIFICATE, c_cred);
}
else
if (SCM_SMOB_PREDICATE
- (scm_tc16_gnutls_anonymous_client_credentials, cred))
+ (scm_tc16_gnutls_anonymous_client_credentials, cred))
{
gnutls_anon_client_credentials_t c_cred;
c_cred = scm_to_gnutls_anonymous_client_credentials (cred, 2,
- FUNC_NAME);
+ FUNC_NAME);
err = gnutls_credentials_set (c_session, GNUTLS_CRD_ANON, c_cred);
}
else if (SCM_SMOB_PREDICATE (scm_tc16_gnutls_anonymous_server_credentials,
- cred))
+ cred))
{
gnutls_anon_server_credentials_t c_cred;
c_cred = scm_to_gnutls_anonymous_server_credentials (cred, 2,
- FUNC_NAME);
+ FUNC_NAME);
err = gnutls_credentials_set (c_session, GNUTLS_CRD_ANON, c_cred);
}
#ifdef ENABLE_SRP
/* Record layer. */
SCM_DEFINE (scm_gnutls_record_send, "record-send", 2, 0, 0,
- (SCM session, SCM array),
- "Send the record constituted by @var{array} through "
- "@var{session}.")
+ (SCM session, SCM array),
+ "Send the record constituted by @var{array} through "
+ "@var{session}.")
#define FUNC_NAME s_scm_gnutls_record_send
{
SCM result;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_record_receive_x, "record-receive!", 2, 0, 0,
- (SCM session, SCM array),
- "Receive data from @var{session} into @var{array}, a uniform "
- "homogeneous array. Return the number of bytes actually "
- "received.")
+ (SCM session, SCM array),
+ "Receive data from @var{session} into @var{array}, a uniform "
+ "homogeneous array. Return the number of bytes actually "
+ "received.")
#define FUNC_NAME s_scm_gnutls_record_receive_x
{
SCM result;
SCM_VALIDATE_ARRAY (2, array);
c_array = scm_gnutls_get_writable_array (array, &c_handle, &c_len,
- FUNC_NAME);
+ FUNC_NAME);
c_result = gnutls_record_recv (c_session, c_array, c_len);
/* Free the input buffer of PORT. */
c_port = SCM_PTAB_ENTRY (port);
scm_gc_free (c_port->read_buf, c_port->read_buf_size,
- session_record_port_gc_hint);
+ session_record_port_gc_hint);
return 0;
}
c_port = args->c_port;
result = gnutls_record_recv (args->c_session,
- c_port->read_buf, c_port->read_buf_size);
+ c_port->read_buf, c_port->read_buf_size);
if (EXPECT_TRUE (result > 0))
{
c_port->read_pos = c_port->read_buf;
c_args.c_port = c_port;
if (SCM_GNUTLS_SESSION_TRANSPORT_IS_FD (c_session))
- /* SESSION's underlying transport is a raw file descriptor, so we
- must leave "Guile mode" to allow the GC to run. */
- chr = (intptr_t) scm_without_guile (do_fill_port, &c_args);
+ /* SESSION's underlying transport is a raw file descriptor, so we
+ must leave "Guile mode" to allow the GC to run. */
+ chr = (intptr_t) scm_without_guile (do_fill_port, &c_args);
else
- /* SESSION's underlying transport is a port, so don't leave "Guile
- mode". */
- chr = (intptr_t) do_fill_port (&c_args);
+ /* SESSION's underlying transport is a port, so don't leave "Guile
+ mode". */
+ chr = (intptr_t) do_fill_port (&c_args);
}
else
chr = (int) *c_port->read_pos;
while (c_sent < size)
{
c_result = gnutls_record_send (c_session, (char *) data + c_sent,
- size - c_sent);
+ size - c_sent);
if (EXPECT_FALSE (c_result < 0))
- scm_gnutls_error (c_result, FUNC_NAME);
+ scm_gnutls_error (c_result, FUNC_NAME);
else
- c_sent += c_result;
+ c_sent += c_result;
}
}
}
SCM_DEFINE (scm_gnutls_session_record_port, "session-record-port", 1, 0, 0,
- (SCM session),
- "Return a read-write port that may be used to communicate over "
- "@var{session}. All invocations of @code{session-port} on a "
- "given session return the same object (in the sense of "
- "@code{eq?}).")
+ (SCM session),
+ "Return a read-write port that may be used to communicate over "
+ "@var{session}. All invocations of @code{session-port} on a "
+ "given session return the same object (in the sense of "
+ "@code{eq?}).")
#define FUNC_NAME s_scm_gnutls_session_record_port
{
SCM port;
{
session_record_port_type =
scm_make_port_type ("gnutls-session-port",
- fill_session_record_port_input,
- write_to_session_record_port);
+ fill_session_record_port_input,
+ write_to_session_record_port);
/* Guile >= 1.9.3 doesn't need a custom mark procedure, and doesn't need a
finalizer (since memory associated with the port is automatically
/* Transport. */
SCM_DEFINE (scm_gnutls_set_session_transport_fd_x,
- "set-session-transport-fd!", 2, 0, 0, (SCM session, SCM fd),
- "Use file descriptor @var{fd} as the underlying transport for "
- "@var{session}.")
+ "set-session-transport-fd!", 2, 0, 0, (SCM session, SCM fd),
+ "Use file descriptor @var{fd} as the underlying transport for "
+ "@var{session}.")
#define FUNC_NAME s_scm_gnutls_set_session_transport_fd_x
{
gnutls_session_t c_session;
c_fd = (int) scm_to_uint (fd);
gnutls_transport_set_ptr (c_session,
- (gnutls_transport_ptr_t) (intptr_t) c_fd);
+ (gnutls_transport_ptr_t) (intptr_t) c_fd);
SCM_GNUTLS_SET_SESSION_TRANSPORT_IS_FD (c_session, 1);
}
SCM_DEFINE (scm_gnutls_set_session_transport_port_x,
- "set-session-transport-port!",
- 2, 0, 0,
- (SCM session, SCM port),
- "Use @var{port} as the input/output port for @var{session}.")
+ "set-session-transport-port!",
+ 2, 0, 0,
+ (SCM session, SCM port),
+ "Use @var{port} as the input/output port for @var{session}.")
#define FUNC_NAME s_scm_gnutls_set_session_transport_port_x
{
gnutls_session_t c_session;
when they wish to do it. */
gnutls_transport_set_ptr (c_session,
- (gnutls_transport_ptr_t) SCM_UNPACK (port));
+ (gnutls_transport_ptr_t) SCM_UNPACK (port));
gnutls_transport_set_push_function (c_session, push_to_port);
gnutls_transport_set_pull_function (c_session, pull_from_port);
/* Diffie-Hellman. */
typedef int (*pkcs_export_function_t) (void *, gnutls_x509_crt_fmt_t,
- unsigned char *, size_t *);
+ unsigned char *, size_t *);
/* Hint for the `scm_gc' functions. */
static const char pkcs_export_gc_hint[] = "gnutls-pkcs-export";
Return a `u8vector'. */
static inline SCM
pkcs_export_parameters (pkcs_export_function_t export,
- void *params, gnutls_x509_crt_fmt_t format,
- const char *func_name)
+ void *params, gnutls_x509_crt_fmt_t format,
+ const char *func_name)
#define FUNC_NAME func_name
{
int err;
size_t output_len, output_total_len = 4096;
output = (unsigned char *) scm_gc_malloc (output_total_len,
- pkcs_export_gc_hint);
+ pkcs_export_gc_hint);
do
{
output_len = output_total_len;
err = export (params, format, output, &output_len);
if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- output = scm_gc_realloc (output, output_total_len,
- output_total_len * 2, pkcs_export_gc_hint);
- output_total_len *= 2;
- }
+ {
+ output = scm_gc_realloc (output, output_total_len,
+ output_total_len * 2, pkcs_export_gc_hint);
+ output_total_len *= 2;
+ }
}
while (err == GNUTLS_E_SHORT_MEMORY_BUFFER);
if (output_len != output_total_len)
/* Shrink the output buffer. */
output = scm_gc_realloc (output, output_total_len,
- output_len, pkcs_export_gc_hint);
+ output_len, pkcs_export_gc_hint);
return (scm_take_u8vector (output, output_len));
}
SCM_DEFINE (scm_gnutls_make_dh_parameters, "make-dh-parameters", 1, 0, 0,
- (SCM bits), "Return new Diffie-Hellman parameters.")
+ (SCM bits), "Return new Diffie-Hellman parameters.")
#define FUNC_NAME s_scm_gnutls_make_dh_parameters
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_pkcs3_import_dh_parameters,
- "pkcs3-import-dh-parameters",
- 2, 0, 0,
- (SCM array, SCM format),
- "Import Diffie-Hellman parameters in PKCS3 format (further "
- "specified by @var{format}, an @code{x509-certificate-format} "
- "value) from @var{array} (a homogeneous array) and return a "
- "new @code{dh-params} object.")
+ "pkcs3-import-dh-parameters",
+ 2, 0, 0,
+ (SCM array, SCM format),
+ "Import Diffie-Hellman parameters in PKCS3 format (further "
+ "specified by @var{format}, an @code{x509-certificate-format} "
+ "value) from @var{array} (a homogeneous array) and return a "
+ "new @code{dh-params} object.")
#define FUNC_NAME s_scm_gnutls_pkcs3_import_dh_parameters
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_pkcs3_export_dh_parameters,
- "pkcs3-export-dh-parameters",
- 2, 0, 0,
- (SCM dh_params, SCM format),
- "Export Diffie-Hellman parameters @var{dh_params} in PKCS3 "
- "format according for @var{format} (an "
- "@code{x509-certificate-format} value). Return a "
- "@code{u8vector} containing the result.")
+ "pkcs3-export-dh-parameters",
+ 2, 0, 0,
+ (SCM dh_params, SCM format),
+ "Export Diffie-Hellman parameters @var{dh_params} in PKCS3 "
+ "format according for @var{format} (an "
+ "@code{x509-certificate-format} value). Return a "
+ "@code{u8vector} containing the result.")
#define FUNC_NAME s_scm_gnutls_pkcs3_export_dh_parameters
{
SCM result;
c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME);
result = pkcs_export_parameters ((pkcs_export_function_t)
- gnutls_dh_params_export_pkcs3,
- (void *) c_dh_params, c_format, FUNC_NAME);
+ gnutls_dh_params_export_pkcs3,
+ (void *) c_dh_params, c_format, FUNC_NAME);
return (result);
}
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_session_dh_prime_bits_x,
- "set-session-dh-prime-bits!", 2, 0, 0,
- (SCM session, SCM bits),
- "Use @var{bits} DH prime bits for @var{session}.")
+ "set-session-dh-prime-bits!", 2, 0, 0,
+ (SCM session, SCM bits),
+ "Use @var{bits} DH prime bits for @var{session}.")
#define FUNC_NAME s_scm_gnutls_set_session_dh_prime_bits_x
{
unsigned int c_bits;
/* Anonymous credentials. */
SCM_DEFINE (scm_gnutls_make_anon_server_credentials,
- "make-anonymous-server-credentials",
- 0, 0, 0, (void), "Return anonymous server credentials.")
+ "make-anonymous-server-credentials",
+ 0, 0, 0, (void), "Return anonymous server credentials.")
#define FUNC_NAME s_scm_gnutls_make_anon_server_credentials
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_make_anon_client_credentials,
- "make-anonymous-client-credentials",
- 0, 0, 0, (void), "Return anonymous client credentials.")
+ "make-anonymous-client-credentials",
+ 0, 0, 0, (void), "Return anonymous client credentials.")
#define FUNC_NAME s_scm_gnutls_make_anon_client_credentials
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_anonymous_server_dh_parameters_x,
- "set-anonymous-server-dh-parameters!", 2, 0, 0,
- (SCM cred, SCM dh_params),
- "Set the Diffie-Hellman parameters of anonymous server "
- "credentials @var{cred}.")
+ "set-anonymous-server-dh-parameters!", 2, 0, 0,
+ (SCM cred, SCM dh_params),
+ "Set the Diffie-Hellman parameters of anonymous server "
+ "credentials @var{cred}.")
#define FUNC_NAME s_scm_gnutls_set_anonymous_server_dh_parameters_x
{
gnutls_dh_params_t c_dh_params;
/* RSA parameters. */
SCM_DEFINE (scm_gnutls_make_rsa_parameters, "make-rsa-parameters", 1, 0, 0,
- (SCM bits), "Return new RSA parameters.")
+ (SCM bits), "Return new RSA parameters.")
#define FUNC_NAME s_scm_gnutls_make_rsa_parameters
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_pkcs1_import_rsa_parameters,
- "pkcs1-import-rsa-parameters",
- 2, 0, 0,
- (SCM array, SCM format),
- "Import Diffie-Hellman parameters in PKCS1 format (further "
- "specified by @var{format}, an @code{x509-certificate-format} "
- "value) from @var{array} (a homogeneous array) and return a "
- "new @code{rsa-params} object.")
+ "pkcs1-import-rsa-parameters",
+ 2, 0, 0,
+ (SCM array, SCM format),
+ "Import Diffie-Hellman parameters in PKCS1 format (further "
+ "specified by @var{format}, an @code{x509-certificate-format} "
+ "value) from @var{array} (a homogeneous array) and return a "
+ "new @code{rsa-params} object.")
#define FUNC_NAME s_scm_gnutls_pkcs1_import_rsa_parameters
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_pkcs1_export_rsa_parameters,
- "pkcs1-export-rsa-parameters",
- 2, 0, 0,
- (SCM rsa_params, SCM format),
- "Export Diffie-Hellman parameters @var{rsa_params} in PKCS1 "
- "format according for @var{format} (an "
- "@code{x509-certificate-format} value). Return a "
- "@code{u8vector} containing the result.")
+ "pkcs1-export-rsa-parameters",
+ 2, 0, 0,
+ (SCM rsa_params, SCM format),
+ "Export Diffie-Hellman parameters @var{rsa_params} in PKCS1 "
+ "format according for @var{format} (an "
+ "@code{x509-certificate-format} value). Return a "
+ "@code{u8vector} containing the result.")
#define FUNC_NAME s_scm_gnutls_pkcs1_export_rsa_parameters
{
SCM result;
c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME);
result = pkcs_export_parameters ((pkcs_export_function_t)
- gnutls_rsa_params_export_pkcs1,
- (void *) c_rsa_params,
- c_format, FUNC_NAME);
+ gnutls_rsa_params_export_pkcs1,
+ (void *) c_rsa_params,
+ c_format, FUNC_NAME);
return (result);
}
typedef
int (*certificate_set_file_function_t) (gnutls_certificate_credentials_t,
- const char *,
- gnutls_x509_crt_fmt_t);
+ const char *,
+ gnutls_x509_crt_fmt_t);
typedef
int (*certificate_set_data_function_t) (gnutls_certificate_credentials_t,
- const gnutls_datum_t *,
- gnutls_x509_crt_fmt_t);
+ const gnutls_datum_t *,
+ gnutls_x509_crt_fmt_t);
/* Helper function to implement the `set-file!' functions. */
static unsigned int
set_certificate_file (certificate_set_file_function_t set_file,
- SCM cred, SCM file, SCM format, const char *func_name)
+ SCM cred, SCM file, SCM format, const char *func_name)
#define FUNC_NAME func_name
{
int err;
/* Helper function implementing the `set-data!' functions. */
static inline unsigned int
set_certificate_data (certificate_set_data_function_t set_data,
- SCM cred, SCM data, SCM format, const char *func_name)
+ SCM cred, SCM data, SCM format, const char *func_name)
#define FUNC_NAME func_name
{
int err;
SCM_DEFINE (scm_gnutls_make_certificate_credentials,
- "make-certificate-credentials",
- 0, 0, 0,
- (void),
- "Return new certificate credentials (i.e., for use with "
- "either X.509 or OpenPGP certificates.")
+ "make-certificate-credentials",
+ 0, 0, 0,
+ (void),
+ "Return new certificate credentials (i.e., for use with "
+ "either X.509 or OpenPGP certificates.")
#define FUNC_NAME s_scm_gnutls_make_certificate_credentials
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_dh_params_x,
- "set-certificate-credentials-dh-parameters!",
- 2, 0, 0,
- (SCM cred, SCM dh_params),
- "Use Diffie-Hellman parameters @var{dh_params} for "
- "certificate credentials @var{cred}.")
+ "set-certificate-credentials-dh-parameters!",
+ 2, 0, 0,
+ (SCM cred, SCM dh_params),
+ "Use Diffie-Hellman parameters @var{dh_params} for "
+ "certificate credentials @var{cred}.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_dh_params_x
{
gnutls_dh_params_t c_dh_params;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_rsa_export_params_x,
- "set-certificate-credentials-rsa-export-parameters!",
- 2, 0, 0,
- (SCM cred, SCM rsa_params),
- "Use RSA parameters @var{rsa_params} for certificate "
- "credentials @var{cred}.")
+ "set-certificate-credentials-rsa-export-parameters!",
+ 2, 0, 0,
+ (SCM cred, SCM rsa_params),
+ "Use RSA parameters @var{rsa_params} for certificate "
+ "credentials @var{cred}.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_rsa_export_params_x
{
gnutls_rsa_params_t c_rsa_params;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_files_x,
- "set-certificate-credentials-x509-key-files!",
- 4, 0, 0,
- (SCM cred, SCM cert_file, SCM key_file, SCM format),
- "Use @var{file} as the password file for PSK server "
- "credentials @var{cred}.")
+ "set-certificate-credentials-x509-key-files!",
+ 4, 0, 0,
+ (SCM cred, SCM cert_file, SCM key_file, SCM format),
+ "Use @var{file} as the password file for PSK server "
+ "credentials @var{cred}.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_key_files_x
{
int err;
c_key_file = (char *) alloca (c_key_file_len + 1);
(void) scm_to_locale_stringbuf (cert_file, c_cert_file,
- c_cert_file_len + 1);
+ c_cert_file_len + 1);
c_cert_file[c_cert_file_len] = '\0';
(void) scm_to_locale_stringbuf (key_file, c_key_file, c_key_file_len + 1);
c_key_file[c_key_file_len] = '\0';
err = gnutls_certificate_set_x509_key_file (c_cred, c_cert_file, c_key_file,
- c_format);
+ c_format);
if (EXPECT_FALSE (err))
scm_gnutls_error (err, FUNC_NAME);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_trust_file_x,
- "set-certificate-credentials-x509-trust-file!",
- 3, 0, 0,
- (SCM cred, SCM file, SCM format),
- "Use @var{file} as the X.509 trust file for certificate "
- "credentials @var{cred}. On success, return the number of "
- "certificates processed.")
+ "set-certificate-credentials-x509-trust-file!",
+ 3, 0, 0,
+ (SCM cred, SCM file, SCM format),
+ "Use @var{file} as the X.509 trust file for certificate "
+ "credentials @var{cred}. On success, return the number of "
+ "certificates processed.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_trust_file_x
{
unsigned int count;
count = set_certificate_file (gnutls_certificate_set_x509_trust_file,
- cred, file, format, FUNC_NAME);
+ cred, file, format, FUNC_NAME);
return scm_from_uint (count);
}
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_crl_file_x,
- "set-certificate-credentials-x509-crl-file!",
- 3, 0, 0,
- (SCM cred, SCM file, SCM format),
- "Use @var{file} as the X.509 CRL (certificate revocation list) "
- "file for certificate credentials @var{cred}. On success, "
- "return the number of CRLs processed.")
+ "set-certificate-credentials-x509-crl-file!",
+ 3, 0, 0,
+ (SCM cred, SCM file, SCM format),
+ "Use @var{file} as the X.509 CRL (certificate revocation list) "
+ "file for certificate credentials @var{cred}. On success, "
+ "return the number of CRLs processed.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_crl_file_x
{
unsigned int count;
count = set_certificate_file (gnutls_certificate_set_x509_crl_file,
- cred, file, format, FUNC_NAME);
+ cred, file, format, FUNC_NAME);
return scm_from_uint (count);
}
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_trust_data_x,
- "set-certificate-credentials-x509-trust-data!",
- 3, 0, 0,
- (SCM cred, SCM data, SCM format),
- "Use @var{data} (a uniform array) as the X.509 trust "
- "database for @var{cred}. On success, return the number "
- "of certificates processed.")
+ "set-certificate-credentials-x509-trust-data!",
+ 3, 0, 0,
+ (SCM cred, SCM data, SCM format),
+ "Use @var{data} (a uniform array) as the X.509 trust "
+ "database for @var{cred}. On success, return the number "
+ "of certificates processed.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_trust_data_x
{
unsigned int count;
count = set_certificate_data (gnutls_certificate_set_x509_trust_mem,
- cred, data, format, FUNC_NAME);
+ cred, data, format, FUNC_NAME);
return scm_from_uint (count);
}
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_crl_data_x,
- "set-certificate-credentials-x509-crl-data!",
- 3, 0, 0,
- (SCM cred, SCM data, SCM format),
- "Use @var{data} (a uniform array) as the X.509 CRL "
- "(certificate revocation list) database for @var{cred}. "
- "On success, return the number of CRLs processed.")
+ "set-certificate-credentials-x509-crl-data!",
+ 3, 0, 0,
+ (SCM cred, SCM data, SCM format),
+ "Use @var{data} (a uniform array) as the X.509 CRL "
+ "(certificate revocation list) database for @var{cred}. "
+ "On success, return the number of CRLs processed.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_crl_data_x
{
unsigned int count;
count = set_certificate_data (gnutls_certificate_set_x509_crl_mem,
- cred, data, format, FUNC_NAME);
+ cred, data, format, FUNC_NAME);
return scm_from_uint (count);
}
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_data_x,
- "set-certificate-credentials-x509-key-data!",
- 4, 0, 0,
- (SCM cred, SCM cert, SCM key, SCM format),
- "Use X.509 certificate @var{cert} and private key @var{key}, "
- "both uniform arrays containing the X.509 certificate and key "
- "in format @var{format}, for certificate credentials "
- "@var{cred}.")
+ "set-certificate-credentials-x509-key-data!",
+ 4, 0, 0,
+ (SCM cred, SCM cert, SCM key, SCM format),
+ "Use X.509 certificate @var{cert} and private key @var{key}, "
+ "both uniform arrays containing the X.509 certificate and key "
+ "in format @var{format}, for certificate credentials "
+ "@var{cred}.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_key_data_x
{
int err;
/* FIXME: If the second call fails, an exception is raised and
C_CERT_HANDLE is not released. */
c_cert = scm_gnutls_get_array (cert, &c_cert_handle, &c_cert_len,
- FUNC_NAME);
+ FUNC_NAME);
c_key = scm_gnutls_get_array (key, &c_key_handle, &c_key_len, FUNC_NAME);
c_cert_d.data = (unsigned char *) c_cert;
c_key_d.size = c_key_len;
err = gnutls_certificate_set_x509_key_mem (c_cred, &c_cert_d, &c_key_d,
- c_format);
+ c_format);
scm_gnutls_release_array (&c_cert_handle);
scm_gnutls_release_array (&c_key_handle);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_keys_x,
- "set-certificate-credentials-x509-keys!",
- 3, 0, 0,
- (SCM cred, SCM certs, SCM privkey),
- "Have certificate credentials @var{cred} use the X.509 "
- "certificates listed in @var{certs} and X.509 private key "
- "@var{privkey}.")
+ "set-certificate-credentials-x509-keys!",
+ 3, 0, 0,
+ (SCM cred, SCM certs, SCM privkey),
+ "Have certificate credentials @var{cred} use the X.509 "
+ "certificates listed in @var{certs} and X.509 private key "
+ "@var{privkey}.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_keys_x
{
int err;
for (i = 0; scm_is_pair (certs); certs = SCM_CDR (certs), i++)
{
c_certs[i] = scm_to_gnutls_x509_certificate (SCM_CAR (certs),
- 2, FUNC_NAME);
+ 2, FUNC_NAME);
}
err = gnutls_certificate_set_x509_key (c_cred, c_certs, c_cert_count,
- c_key);
+ c_key);
if (EXPECT_FALSE (err))
scm_gnutls_error (err, FUNC_NAME);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_verify_limits_x,
- "set-certificate-credentials-verify-limits!",
- 3, 0, 0,
- (SCM cred, SCM max_bits, SCM max_depth),
- "Set the verification limits of @code{peer-certificate-status} "
- "for certificate credentials @var{cred} to @var{max_bits} "
- "bits for an acceptable certificate and @var{max_depth} "
- "as the maximum depth of a certificate chain.")
+ "set-certificate-credentials-verify-limits!",
+ 3, 0, 0,
+ (SCM cred, SCM max_bits, SCM max_depth),
+ "Set the verification limits of @code{peer-certificate-status} "
+ "for certificate credentials @var{cred} to @var{max_bits} "
+ "bits for an acceptable certificate and @var{max_depth} "
+ "as the maximum depth of a certificate chain.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_verify_limits_x
{
gnutls_certificate_credentials_t c_cred;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_certificate_credentials_verify_flags_x,
- "set-certificate-credentials-verify-flags!",
- 1, 0, 1,
- (SCM cred, SCM flags),
- "Set the certificate verification flags to @var{flags}, a "
- "series of @code{certificate-verify} values.")
+ "set-certificate-credentials-verify-flags!",
+ 1, 0, 1,
+ (SCM cred, SCM flags),
+ "Set the certificate verification flags to @var{flags}, a "
+ "series of @code{certificate-verify} values.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_verify_flags_x
{
unsigned int c_flags, c_pos;
!scm_is_null (flags); flags = SCM_CDR (flags), c_pos++)
{
c_flags |= (unsigned int)
- scm_to_gnutls_certificate_verify (SCM_CAR (flags), c_pos, FUNC_NAME);
+ scm_to_gnutls_certificate_verify (SCM_CAR (flags), c_pos, FUNC_NAME);
}
gnutls_certificate_set_verify_flags (c_cred, c_flags);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_peer_certificate_status, "peer-certificate-status",
- 1, 0, 0,
- (SCM session),
- "Verify the peer certificate for @var{session} and return "
- "a list of @code{certificate-status} values (such as "
- "@code{certificate-status/revoked}), or the empty list if "
- "the certificate is valid.")
+ 1, 0, 0,
+ (SCM session),
+ "Verify the peer certificate for @var{session} and return "
+ "a list of @code{certificate-status} values (such as "
+ "@code{certificate-status/revoked}), or the empty list if "
+ "the certificate is valid.")
#define FUNC_NAME s_scm_gnutls_peer_certificate_status
{
int err;
#ifdef ENABLE_SRP
SCM_DEFINE (scm_gnutls_make_srp_server_credentials,
- "make-srp-server-credentials",
- 0, 0, 0, (void), "Return new SRP server credentials.")
+ "make-srp-server-credentials",
+ 0, 0, 0, (void), "Return new SRP server credentials.")
#define FUNC_NAME s_scm_gnutls_make_srp_server_credentials
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_srp_server_credentials_files_x,
- "set-srp-server-credentials-files!",
- 3, 0, 0,
- (SCM cred, SCM password_file, SCM password_conf_file),
- "Set the credentials files for @var{cred}, an SRP server "
- "credentials object.")
+ "set-srp-server-credentials-files!",
+ 3, 0, 0,
+ (SCM cred, SCM password_file, SCM password_conf_file),
+ "Set the credentials files for @var{cred}, an SRP server "
+ "credentials object.")
#define FUNC_NAME s_scm_gnutls_set_srp_server_credentials_files_x
{
int err;
c_password_conf_file = (char *) alloca (c_password_conf_file_len + 1);
(void) scm_to_locale_stringbuf (password_file, c_password_file,
- c_password_file_len + 1);
+ c_password_file_len + 1);
c_password_file[c_password_file_len] = '\0';
(void) scm_to_locale_stringbuf (password_conf_file, c_password_conf_file,
- c_password_conf_file_len + 1);
+ c_password_conf_file_len + 1);
c_password_conf_file[c_password_conf_file_len] = '\0';
err = gnutls_srp_set_server_credentials_file (c_cred, c_password_file,
- c_password_conf_file);
+ c_password_conf_file);
if (EXPECT_FALSE (err))
scm_gnutls_error (err, FUNC_NAME);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_make_srp_client_credentials,
- "make-srp-client-credentials",
- 0, 0, 0, (void), "Return new SRP client credentials.")
+ "make-srp-client-credentials",
+ 0, 0, 0, (void), "Return new SRP client credentials.")
#define FUNC_NAME s_scm_gnutls_make_srp_client_credentials
{
int err;
SCM_DEFINE (scm_gnutls_set_srp_client_credentials_x,
- "set-srp-client-credentials!",
- 3, 0, 0,
- (SCM cred, SCM username, SCM password),
- "Use @var{username} and @var{password} as the credentials "
- "for @var{cred}, a client-side SRP credentials object.")
+ "set-srp-client-credentials!",
+ 3, 0, 0,
+ (SCM cred, SCM username, SCM password),
+ "Use @var{username} and @var{password} as the credentials "
+ "for @var{cred}, a client-side SRP credentials object.")
#define FUNC_NAME s_scm_gnutls_make_srp_client_credentials
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_server_session_srp_username,
- "server-session-srp-username",
- 1, 0, 0,
- (SCM session),
- "Return the SRP username used in @var{session} (a server-side "
- "session).")
+ "server-session-srp-username",
+ 1, 0, 0,
+ (SCM session),
+ "Return the SRP username used in @var{session} (a server-side "
+ "session).")
#define FUNC_NAME s_scm_gnutls_server_session_srp_username
{
SCM result;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_srp_base64_encode, "srp-base64-encode",
- 1, 0, 0,
- (SCM str),
- "Encode @var{str} using SRP's base64 algorithm. Return "
- "the encoded string.")
+ 1, 0, 0,
+ (SCM str),
+ "Encode @var{str} using SRP's base64 algorithm. Return "
+ "the encoded string.")
#define FUNC_NAME s_scm_gnutls_srp_base64_encode
{
int err;
{
c_result_actual_len = c_result_len;
err = gnutls_srp_base64_encode (&c_str_d, c_result,
- &c_result_actual_len);
+ &c_result_actual_len);
if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- char *c_new_buf;
-
- c_new_buf = scm_realloc (c_result, c_result_len * 2);
- if (EXPECT_FALSE (c_new_buf == NULL))
- {
- free (c_result);
- scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
- }
- else
- c_result = c_new_buf, c_result_len *= 2;
- }
+ {
+ char *c_new_buf;
+
+ c_new_buf = scm_realloc (c_result, c_result_len * 2);
+ if (EXPECT_FALSE (c_new_buf == NULL))
+ {
+ free (c_result);
+ scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
+ }
+ else
+ c_result = c_new_buf, c_result_len *= 2;
+ }
}
while (EXPECT_FALSE (err == GNUTLS_E_SHORT_MEMORY_BUFFER));
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_srp_base64_decode, "srp-base64-decode",
- 1, 0, 0,
- (SCM str),
- "Decode @var{str}, an SRP-base64 encoded string, and return "
- "the decoded string.")
+ 1, 0, 0,
+ (SCM str),
+ "Decode @var{str}, an SRP-base64 encoded string, and return "
+ "the decoded string.")
#define FUNC_NAME s_scm_gnutls_srp_base64_decode
{
int err;
/* PSK credentials. */
SCM_DEFINE (scm_gnutls_make_psk_server_credentials,
- "make-psk-server-credentials",
- 0, 0, 0, (void), "Return new PSK server credentials.")
+ "make-psk-server-credentials",
+ 0, 0, 0, (void), "Return new PSK server credentials.")
#define FUNC_NAME s_scm_gnutls_make_psk_server_credentials
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_psk_server_credentials_file_x,
- "set-psk-server-credentials-file!",
- 2, 0, 0,
- (SCM cred, SCM file),
- "Use @var{file} as the password file for PSK server "
- "credentials @var{cred}.")
+ "set-psk-server-credentials-file!",
+ 2, 0, 0,
+ (SCM cred, SCM file),
+ "Use @var{file} as the password file for PSK server "
+ "credentials @var{cred}.")
#define FUNC_NAME s_scm_gnutls_set_psk_server_credentials_file_x
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_make_psk_client_credentials,
- "make-psk-client-credentials",
- 0, 0, 0, (void), "Return a new PSK client credentials object.")
+ "make-psk-client-credentials",
+ 0, 0, 0, (void), "Return a new PSK client credentials object.")
#define FUNC_NAME s_scm_gnutls_make_psk_client_credentials
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_psk_client_credentials_x,
- "set-psk-client-credentials!",
- 4, 0, 0,
- (SCM cred, SCM username, SCM key, SCM key_format),
- "Set the client credentials for @var{cred}, a PSK client "
- "credentials object.")
+ "set-psk-client-credentials!",
+ 4, 0, 0,
+ (SCM cred, SCM username, SCM key, SCM key_format),
+ "Set the client credentials for @var{cred}, a PSK client "
+ "credentials object.")
#define FUNC_NAME s_scm_gnutls_set_psk_client_credentials_x
{
int err;
c_datum.size = c_key_len;
err = gnutls_psk_set_client_credentials (c_cred, c_username,
- &c_datum, c_key_format);
+ &c_datum, c_key_format);
scm_gnutls_release_array (&c_handle);
if (EXPECT_FALSE (err))
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_server_session_psk_username,
- "server-session-psk-username",
- 1, 0, 0,
- (SCM session),
- "Return the username associated with PSK server session "
- "@var{session}.")
+ "server-session-psk-username",
+ 1, 0, 0,
+ (SCM session),
+ "Return the username associated with PSK server session "
+ "@var{session}.")
#define FUNC_NAME s_scm_gnutls_server_session_psk_username
{
SCM result;
/* X.509 certificates. */
SCM_DEFINE (scm_gnutls_import_x509_certificate, "import-x509-certificate",
- 2, 0, 0,
- (SCM data, SCM format),
- "Return a new X.509 certificate object resulting from the "
- "import of @var{data} (a uniform array) according to "
- "@var{format}.")
+ 2, 0, 0,
+ (SCM data, SCM format),
+ "Return a new X.509 certificate object resulting from the "
+ "import of @var{data} (a uniform array) according to "
+ "@var{format}.")
#define FUNC_NAME s_scm_gnutls_import_x509_certificate
{
int err;
c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME);
c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len,
- FUNC_NAME);
+ FUNC_NAME);
c_data_d.data = (unsigned char *) c_data;
c_data_d.size = c_data_len;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_import_x509_private_key, "import-x509-private-key",
- 2, 0, 0,
- (SCM data, SCM format),
- "Return a new X.509 private key object resulting from the "
- "import of @var{data} (a uniform array) according to "
- "@var{format}.")
+ 2, 0, 0,
+ (SCM data, SCM format),
+ "Return a new X.509 private key object resulting from the "
+ "import of @var{data} (a uniform array) according to "
+ "@var{format}.")
#define FUNC_NAME s_scm_gnutls_import_x509_private_key
{
int err;
c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME);
c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len,
- FUNC_NAME);
+ FUNC_NAME);
c_data_d.data = (unsigned char *) c_data;
c_data_d.size = c_data_len;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_pkcs8_import_x509_private_key,
- "pkcs8-import-x509-private-key",
- 2, 2, 0,
- (SCM data, SCM format, SCM pass, SCM encrypted),
- "Return a new X.509 private key object resulting from the "
- "import of @var{data} (a uniform array) according to "
- "@var{format}. Optionally, if @var{pass} is not @code{#f}, "
- "it should be a string denoting a passphrase. "
- "@var{encrypted} tells whether the private key is encrypted "
- "(@code{#t} by default).")
+ "pkcs8-import-x509-private-key",
+ 2, 2, 0,
+ (SCM data, SCM format, SCM pass, SCM encrypted),
+ "Return a new X.509 private key object resulting from the "
+ "import of @var{data} (a uniform array) according to "
+ "@var{format}. Optionally, if @var{pass} is not @code{#f}, "
+ "it should be a string denoting a passphrase. "
+ "@var{encrypted} tells whether the private key is encrypted "
+ "(@code{#t} by default).")
#define FUNC_NAME s_scm_gnutls_pkcs8_import_x509_private_key
{
int err;
{
SCM_VALIDATE_BOOL (4, encrypted);
if (scm_is_true (encrypted))
- c_flags = 0;
+ c_flags = 0;
else
- c_flags = GNUTLS_PKCS8_PLAIN;
+ c_flags = GNUTLS_PKCS8_PLAIN;
}
c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len,
- FUNC_NAME);
+ FUNC_NAME);
c_data_d.data = (unsigned char *) c_data;
c_data_d.size = c_data_len;
}
err = gnutls_x509_privkey_import_pkcs8 (c_key, &c_data_d, c_format, c_pass,
- c_flags);
+ c_flags);
scm_gnutls_release_array (&c_data_handle);
if (EXPECT_FALSE (err))
return (scm_from_locale_string (c_dn));
SCM_DEFINE (scm_gnutls_x509_certificate_dn, "x509-certificate-dn",
- 1, 0, 0,
- (SCM cert),
- "Return the distinguished name (DN) of X.509 certificate "
- "@var{cert}. The form of the DN is as described in @uref{"
- "http://tools.ietf.org/html/rfc2253, RFC 2253}.")
+ 1, 0, 0,
+ (SCM cert),
+ "Return the distinguished name (DN) of X.509 certificate "
+ "@var{cert}. The form of the DN is as described in @uref{"
+ "http://tools.ietf.org/html/rfc2253, RFC 2253}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_dn
{
X509_CERTIFICATE_DN_FUNCTION_BODY (gnutls_x509_crt_get_dn);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_issuer_dn,
- "x509-certificate-issuer-dn",
- 1, 0, 0,
- (SCM cert),
- "Return the distinguished name (DN) of X.509 certificate "
- "@var{cert}.")
+ "x509-certificate-issuer-dn",
+ 1, 0, 0,
+ (SCM cert),
+ "Return the distinguished name (DN) of X.509 certificate "
+ "@var{cert}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_issuer_dn
{
X509_CERTIFICATE_DN_FUNCTION_BODY (gnutls_x509_crt_get_issuer_dn);
return result;
SCM_DEFINE (scm_gnutls_x509_certificate_dn_oid, "x509-certificate-dn-oid",
- 2, 0, 0,
- (SCM cert, SCM index),
- "Return OID (a string) at @var{index} from @var{cert}. "
- "Return @code{#f} if no OID is available at @var{index}.")
+ 2, 0, 0,
+ (SCM cert, SCM index),
+ "Return OID (a string) at @var{index} from @var{cert}. "
+ "Return @code{#f} if no OID is available at @var{index}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_dn_oid
{
X509_CERTIFICATE_DN_OID_FUNCTION_BODY (gnutls_x509_crt_get_dn_oid);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_issuer_dn_oid,
- "x509-certificate-issuer-dn-oid",
- 2, 0, 0,
- (SCM cert, SCM index),
- "Return the OID (a string) at @var{index} from @var{cert}'s "
- "issuer DN. Return @code{#f} if no OID is available at "
- "@var{index}.")
+ "x509-certificate-issuer-dn-oid",
+ 2, 0, 0,
+ (SCM cert, SCM index),
+ "Return the OID (a string) at @var{index} from @var{cert}'s "
+ "issuer DN. Return @code{#f} if no OID is available at "
+ "@var{index}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_issuer_dn_oid
{
X509_CERTIFICATE_DN_OID_FUNCTION_BODY (gnutls_x509_crt_get_issuer_dn_oid);
SCM_DEFINE (scm_gnutls_x509_certificate_matches_hostname_p,
- "x509-certificate-matches-hostname?",
- 2, 0, 0,
- (SCM cert, SCM hostname),
- "Return true if @var{cert} matches @var{hostname}, a string "
- "denoting a DNS host name. This is the basic implementation "
- "of @uref{http://tools.ietf.org/html/rfc2818, RFC 2818} (aka. "
- "HTTPS).")
+ "x509-certificate-matches-hostname?",
+ 2, 0, 0,
+ (SCM cert, SCM hostname),
+ "Return true if @var{cert} matches @var{hostname}, a string "
+ "denoting a DNS host name. This is the basic implementation "
+ "of @uref{http://tools.ietf.org/html/rfc2818, RFC 2818} (aka. "
+ "HTTPS).")
#define FUNC_NAME s_scm_gnutls_x509_certificate_matches_hostname_p
{
SCM result;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_signature_algorithm,
- "x509-certificate-signature-algorithm",
- 1, 0, 0,
- (SCM cert),
- "Return the signature algorithm used by @var{cert} (i.e., "
- "one of the @code{sign-algorithm/} values).")
+ "x509-certificate-signature-algorithm",
+ 1, 0, 0,
+ (SCM cert),
+ "Return the signature algorithm used by @var{cert} (i.e., "
+ "one of the @code{sign-algorithm/} values).")
#define FUNC_NAME s_scm_gnutls_x509_certificate_signature_algorithm
{
int c_result;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_public_key_algorithm,
- "x509-certificate-public-key-algorithm",
- 1, 0, 0,
- (SCM cert),
- "Return two values: the public key algorithm (i.e., "
- "one of the @code{pk-algorithm/} values) of @var{cert} "
- "and the number of bits used.")
+ "x509-certificate-public-key-algorithm",
+ 1, 0, 0,
+ (SCM cert),
+ "Return two values: the public key algorithm (i.e., "
+ "one of the @code{pk-algorithm/} values) of @var{cert} "
+ "and the number of bits used.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_public_key_algorithm
{
gnutls_x509_crt_t c_cert;
c_pk = gnutls_x509_crt_get_pk_algorithm (c_cert, &c_bits);
return (scm_values (scm_list_2 (scm_from_gnutls_pk_algorithm (c_pk),
- scm_from_uint (c_bits))));
+ scm_from_uint (c_bits))));
}
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_key_usage,
- "x509-certificate-key-usage",
- 1, 0, 0,
- (SCM cert),
- "Return the key usage of @var{cert} (i.e., a list of "
- "@code{key-usage/} values), or the empty list if @var{cert} "
- "does not contain such information.")
+ "x509-certificate-key-usage",
+ 1, 0, 0,
+ (SCM cert),
+ "Return the key usage of @var{cert} (i.e., a list of "
+ "@code{key-usage/} values), or the empty list if @var{cert} "
+ "does not contain such information.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_key_usage
{
int err;
if (EXPECT_FALSE (err))
{
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- usage = SCM_EOL;
+ usage = SCM_EOL;
else
- scm_gnutls_error (err, FUNC_NAME);
+ scm_gnutls_error (err, FUNC_NAME);
}
else
usage = scm_from_gnutls_key_usage_flags (c_usage);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_version, "x509-certificate-version",
- 1, 0, 0, (SCM cert), "Return the version of @var{cert}.")
+ 1, 0, 0, (SCM cert), "Return the version of @var{cert}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_version
{
int c_result;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_key_id, "x509-certificate-key-id",
- 1, 0, 0,
- (SCM cert),
- "Return a statistically unique ID (a u8vector) for @var{cert} "
- "that depends on its public key parameters. This is normally "
- "a 20-byte SHA-1 hash.")
+ 1, 0, 0,
+ (SCM cert),
+ "Return a statistically unique ID (a u8vector) for @var{cert} "
+ "that depends on its public key parameters. This is normally "
+ "a 20-byte SHA-1 hash.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_key_id
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_authority_key_id,
- "x509-certificate-authority-key-id",
- 1, 0, 0,
- (SCM cert),
- "Return the key ID (a u8vector) of the X.509 certificate "
- "authority of @var{cert}.")
+ "x509-certificate-authority-key-id",
+ 1, 0, 0,
+ (SCM cert),
+ "Return the key ID (a u8vector) of the X.509 certificate "
+ "authority of @var{cert}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_authority_key_id
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_subject_key_id,
- "x509-certificate-subject-key-id",
- 1, 0, 0,
- (SCM cert),
- "Return the subject key ID (a u8vector) for @var{cert}.")
+ "x509-certificate-subject-key-id",
+ 1, 0, 0,
+ (SCM cert),
+ "Return the subject key ID (a u8vector) for @var{cert}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_subject_key_id
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_x509_certificate_subject_alternative_name,
- "x509-certificate-subject-alternative-name",
- 2, 0, 0,
- (SCM cert, SCM index),
- "Return two values: the alternative name type for @var{cert} "
- "(i.e., one of the @code{x509-subject-alternative-name/} values) "
- "and the actual subject alternative name (a string) at "
- "@var{index}. Both values are @code{#f} if no alternative name "
- "is available at @var{index}.")
+ "x509-certificate-subject-alternative-name",
+ 2, 0, 0,
+ (SCM cert, SCM index),
+ "Return two values: the alternative name type for @var{cert} "
+ "(i.e., one of the @code{x509-subject-alternative-name/} values) "
+ "and the actual subject alternative name (a string) at "
+ "@var{index}. Both values are @code{#f} if no alternative name "
+ "is available at @var{index}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_subject_alternative_name
{
int err;
{
c_name_actual_len = c_name_len;
err = gnutls_x509_crt_get_subject_alt_name (c_cert, c_index,
- c_name, &c_name_actual_len,
- NULL);
+ c_name, &c_name_actual_len,
+ NULL);
if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- c_name = scm_realloc (c_name, c_name_len * 2);
- c_name_len *= 2;
- }
+ {
+ c_name = scm_realloc (c_name, c_name_len * 2);
+ c_name_len *= 2;
+ }
}
while (err == GNUTLS_E_SHORT_MEMORY_BUFFER);
free (c_name);
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- result = scm_values (scm_list_2 (SCM_BOOL_F, SCM_BOOL_F));
+ result = scm_values (scm_list_2 (SCM_BOOL_F, SCM_BOOL_F));
else
- scm_gnutls_error (err, FUNC_NAME);
+ scm_gnutls_error (err, FUNC_NAME);
}
else
{
if (c_name_actual_len < c_name_len)
- c_name = scm_realloc (c_name, c_name_actual_len);
+ c_name = scm_realloc (c_name, c_name_actual_len);
result =
- scm_values (scm_list_2
- (scm_from_gnutls_x509_subject_alternative_name (err),
- scm_take_locale_string (c_name)));
+ scm_values (scm_list_2
+ (scm_from_gnutls_x509_subject_alternative_name (err),
+ scm_take_locale_string (c_name)));
}
return result;
{
if (scm_is_true (log_procedure))
(void) scm_call_2 (log_procedure, scm_from_int (level),
- scm_from_locale_string (str));
+ scm_from_locale_string (str));
}
SCM_DEFINE (scm_gnutls_set_log_procedure_x, "set-log-procedure!",
- 1, 0, 0,
- (SCM proc),
- "Use @var{proc} (a two-argument procedure) as the global "
- "GnuTLS log procedure.")
+ 1, 0, 0,
+ (SCM proc),
+ "Use @var{proc} (a two-argument procedure) as the global "
+ "GnuTLS log procedure.")
#define FUNC_NAME s_scm_gnutls_set_log_procedure_x
{
SCM_VALIDATE_PROC (1, proc);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_set_log_level_x, "set-log-level!", 1, 0, 0,
- (SCM level),
- "Enable GnuTLS logging up to @var{level} (an integer).")
+ (SCM level),
+ "Enable GnuTLS logging up to @var{level} (an integer).")
#define FUNC_NAME s_scm_gnutls_set_log_level_x
{
unsigned int c_level;
#define GUILE_GNUTLS_MAX_OPENPGP_NAME_LENGTH 2048
SCM_DEFINE (scm_gnutls_import_openpgp_certificate,
- "import-openpgp-certificate", 2, 0, 0, (SCM data, SCM format),
- "Return a new OpenPGP certificate object resulting from the "
- "import of @var{data} (a uniform array) according to "
- "@var{format}.")
+ "import-openpgp-certificate", 2, 0, 0, (SCM data, SCM format),
+ "Return a new OpenPGP certificate object resulting from the "
+ "import of @var{data} (a uniform array) according to "
+ "@var{format}.")
#define FUNC_NAME s_scm_gnutls_import_openpgp_certificate
{
int err;
c_format = scm_to_gnutls_openpgp_certificate_format (format, 2, FUNC_NAME);
c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len,
- FUNC_NAME);
+ FUNC_NAME);
c_data_d.data = (unsigned char *) c_data;
c_data_d.size = c_data_len;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_import_openpgp_private_key,
- "import-openpgp-private-key", 2, 1, 0, (SCM data, SCM format,
- SCM pass),
- "Return a new OpenPGP private key object resulting from the "
- "import of @var{data} (a uniform array) according to "
- "@var{format}. Optionally, a passphrase may be provided.")
+ "import-openpgp-private-key", 2, 1, 0, (SCM data, SCM format,
+ SCM pass),
+ "Return a new OpenPGP private key object resulting from the "
+ "import of @var{data} (a uniform array) according to "
+ "@var{format}. Optionally, a passphrase may be provided.")
#define FUNC_NAME s_scm_gnutls_import_openpgp_private_key
{
int err;
}
c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len,
- FUNC_NAME);
+ FUNC_NAME);
c_data_d.data = (unsigned char *) c_data;
c_data_d.size = c_data_len;
}
err = gnutls_openpgp_privkey_import (c_key, &c_data_d, c_format, c_pass,
- 0 /* currently unused */ );
+ 0 /* currently unused */ );
scm_gnutls_release_array (&c_data_handle);
if (EXPECT_FALSE (err))
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_id, "openpgp-certificate-id",
- 1, 0, 0,
- (SCM key),
- "Return the ID (an 8-element u8vector) of certificate "
- "@var{key}.")
+ 1, 0, 0,
+ (SCM key),
+ "Return the ID (an 8-element u8vector) of certificate "
+ "@var{key}.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_id
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_id_x, "openpgp-certificate-id!",
- 2, 0, 0,
- (SCM key, SCM id),
- "Store the ID (an 8 byte sequence) of certificate "
- "@var{key} in @var{id} (a u8vector).")
+ 2, 0, 0,
+ (SCM key, SCM id),
+ "Store the ID (an 8 byte sequence) of certificate "
+ "@var{key} in @var{id} (a u8vector).")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_id_x
{
int err;
c_key = scm_to_gnutls_openpgp_certificate (key, 1, FUNC_NAME);
c_id = scm_gnutls_get_writable_array (id, &c_id_handle, &c_id_size,
- FUNC_NAME);
+ FUNC_NAME);
if (EXPECT_FALSE (c_id_size < 8))
{
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerpint_x,
- "openpgp-certificate-fingerprint!",
- 2, 0, 0,
- (SCM key, SCM fpr),
- "Store in @var{fpr} (a u8vector) the fingerprint of @var{key}. "
- "Return the number of bytes stored in @var{fpr}.")
+ "openpgp-certificate-fingerprint!",
+ 2, 0, 0,
+ (SCM key, SCM fpr),
+ "Store in @var{fpr} (a u8vector) the fingerprint of @var{key}. "
+ "Return the number of bytes stored in @var{fpr}.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_fingerpint_x
{
int err;
SCM_VALIDATE_ARRAY (2, fpr);
c_fpr = scm_gnutls_get_writable_array (fpr, &c_fpr_handle, &c_fpr_len,
- FUNC_NAME);
+ FUNC_NAME);
err = gnutls_openpgp_crt_get_fingerprint (c_key, c_fpr, &c_actual_len);
scm_gnutls_release_array (&c_fpr_handle);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerprint,
- "openpgp-certificate-fingerprint",
- 1, 0, 0,
- (SCM key),
- "Return a new u8vector denoting the fingerprint of " "@var{key}.")
+ "openpgp-certificate-fingerprint",
+ 1, 0, 0,
+ (SCM key),
+ "Return a new u8vector denoting the fingerprint of " "@var{key}.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_fingerprint
{
int err;
c_actual_len = 0;
err = gnutls_openpgp_crt_get_fingerprint (c_key, c_fpr, &c_actual_len);
if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- /* Grow C_FPR. */
- unsigned char *c_new;
-
- c_new = (unsigned char *) realloc (c_fpr, c_fpr_len * 2);
- if (EXPECT_FALSE (c_new == NULL))
- {
- free (c_fpr);
- scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
- }
- else
- {
- c_fpr_len *= 2;
- c_fpr = c_new;
- }
- }
+ {
+ /* Grow C_FPR. */
+ unsigned char *c_new;
+
+ c_new = (unsigned char *) realloc (c_fpr, c_fpr_len * 2);
+ if (EXPECT_FALSE (c_new == NULL))
+ {
+ free (c_fpr);
+ scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME);
+ }
+ else
+ {
+ c_fpr_len *= 2;
+ c_fpr = c_new;
+ }
+ }
}
while (err == GNUTLS_E_SHORT_MEMORY_BUFFER);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_name, "openpgp-certificate-name",
- 2, 0, 0,
- (SCM key, SCM index),
- "Return the @var{index}th name of @var{key}.")
+ 2, 0, 0,
+ (SCM key, SCM index),
+ "Return the @var{index}th name of @var{key}.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_name
{
int err;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_names, "openpgp-certificate-names",
- 1, 0, 0, (SCM key), "Return the list of names for @var{key}.")
+ 1, 0, 0, (SCM key), "Return the list of names for @var{key}.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_names
{
int err;
{
err = gnutls_openpgp_crt_get_name (c_key, c_index, c_name, &c_name_len);
if (!err)
- {
- result = scm_cons (scm_from_locale_string (c_name), result);
- c_index++;
- }
+ {
+ result = scm_cons (scm_from_locale_string (c_name), result);
+ c_index++;
+ }
}
while (!err);
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_algorithm,
- "openpgp-certificate-algorithm",
- 1, 0, 0,
- (SCM key),
- "Return two values: the certificate algorithm used by "
- "@var{key} and the number of bits used.")
+ "openpgp-certificate-algorithm",
+ 1, 0, 0,
+ (SCM key),
+ "Return two values: the certificate algorithm used by "
+ "@var{key} and the number of bits used.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_algorithm
{
gnutls_openpgp_crt_t c_key;
c_algo = gnutls_openpgp_crt_get_pk_algorithm (c_key, &c_bits);
return (scm_values (scm_list_2 (scm_from_gnutls_pk_algorithm (c_algo),
- scm_from_uint (c_bits))));
+ scm_from_uint (c_bits))));
}
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_version,
- "openpgp-certificate-version",
- 1, 0, 0,
- (SCM key),
- "Return the version of the OpenPGP message format (RFC2440) "
- "honored by @var{key}.")
+ "openpgp-certificate-version",
+ 1, 0, 0,
+ (SCM key),
+ "Return the version of the OpenPGP message format (RFC2440) "
+ "honored by @var{key}.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_version
{
int c_version;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_certificate_usage, "openpgp-certificate-usage",
- 1, 0, 0,
- (SCM key),
- "Return a list of values denoting the key usage of @var{key}.")
+ 1, 0, 0,
+ (SCM key),
+ "Return a list of values denoting the key usage of @var{key}.")
#define FUNC_NAME s_scm_gnutls_openpgp_certificate_usage
{
int err;
/* OpenPGP keyrings. */
SCM_DEFINE (scm_gnutls_import_openpgp_keyring, "import-openpgp-keyring",
- 2, 0, 0,
- (SCM data, SCM format),
- "Import @var{data} (a u8vector) according to @var{format} "
- "and return the imported keyring.")
+ 2, 0, 0,
+ (SCM data, SCM format),
+ "Import @var{data} (a u8vector) according to @var{format} "
+ "and return the imported keyring.")
#define FUNC_NAME s_scm_gnutls_import_openpgp_keyring
{
int err;
c_format = scm_to_gnutls_openpgp_certificate_format (format, 2, FUNC_NAME);
c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len,
- FUNC_NAME);
+ FUNC_NAME);
c_data_d.data = (unsigned char *) c_data;
c_data_d.size = c_data_len;
#undef FUNC_NAME
SCM_DEFINE (scm_gnutls_openpgp_keyring_contains_key_id_p,
- "openpgp-keyring-contains-key-id?",
- 2, 0, 0,
- (SCM keyring, SCM id),
- "Return @code{#f} if key ID @var{id} is in @var{keyring}, "
- "@code{#f} otherwise.")
+ "openpgp-keyring-contains-key-id?",
+ 2, 0, 0,
+ (SCM keyring, SCM id),
+ "Return @code{#f} if key ID @var{id} is in @var{keyring}, "
+ "@code{#f} otherwise.")
#define FUNC_NAME s_scm_gnutls_openpgp_keyring_contains_key_id_p
{
int c_result;
}
c_result = gnutls_openpgp_keyring_check_id (c_keyring,
- (unsigned char *) c_id,
- 0 /* unused */ );
+ (unsigned char *) c_id,
+ 0 /* unused */ );
scm_gnutls_release_array (&c_id_handle);
/* Certificates. */
SCM_DEFINE (scm_gnutls_set_certificate_credentials_openpgp_keys_x,
- "set-certificate-credentials-openpgp-keys!",
- 3, 0, 0,
- (SCM cred, SCM pub, SCM sec),
- "Use certificate @var{pub} and secret key @var{sec} in "
- "certificate credentials @var{cred}.")
+ "set-certificate-credentials-openpgp-keys!",
+ 3, 0, 0,
+ (SCM cred, SCM pub, SCM sec),
+ "Use certificate @var{pub} and secret key @var{sec} in "
+ "certificate credentials @var{cred}.")
#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_openpgp_keys_x
{
int err;
corresponding to ARRAY. */
static inline const char *
scm_gnutls_get_array (SCM array, scm_t_array_handle * c_handle,
- size_t * c_len, const char *func_name)
+ size_t * c_len, const char *func_name)
{
const char *c_array = NULL;
const scm_t_array_dim *c_dims;
{
scm_array_handle_release (c_handle);
scm_misc_error (func_name, scm_gnutls_array_error_message,
- scm_list_1 (array));
+ scm_list_1 (array));
}
else
{
corresponding to ARRAY. The returned array can be written to. */
static inline char *
scm_gnutls_get_writable_array (SCM array, scm_t_array_handle * c_handle,
- size_t * c_len, const char *func_name)
+ size_t * c_len, const char *func_name)
{
char *c_array = NULL;
const scm_t_array_dim *c_dims;
{
scm_array_handle_release (c_handle);
scm_misc_error (func_name, scm_gnutls_array_error_message,
- scm_list_1 (array));
+ scm_list_1 (array));
}
else
{
*c_len = c_elem_size * (c_dims->ubnd - c_dims->lbnd + 1);
c_array =
- (char *) scm_array_handle_uniform_writable_elements (c_handle);
+ (char *) scm_array_handle_uniform_writable_elements (c_handle);
}
return (c_array);
#include <gnutls/abstract.h>
-int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
- bigint_t * params, int *params_size);
-
+int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
+ bigint_t * params, int *params_size);
+
#endif
NULL,
NULL,
gen_anon_server_kx,
- _gnutls_gen_dh_common_client_kx, /* this can be shared */
+ _gnutls_gen_dh_common_client_kx, /* this can be shared */
NULL,
NULL,
NULL,
- NULL, /* certificate */
+ NULL, /* certificate */
proc_anon_server_kx,
proc_anon_client_kx,
NULL,
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
+ sizeof (anon_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
static int
proc_anon_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
gnutls_anon_server_credentials_t cred;
int ret;
int
proc_anon_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
int ret;
/* set auth_info */
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
+ sizeof (anon_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
#include "openpgp/gnutls_openpgp.h"
static gnutls_privkey_t alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
- key, int deinit);
+ key, int deinit);
static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
#endif
static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
- unsigned);
+ unsigned);
static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key,
- int deinit);
+ int deinit);
static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t
- key, int deinit);
+ key, int deinit);
/* Copies data from a internal certificate struct (gnutls_cert) to
*/
static int
_gnutls_copy_certificate_auth_info (cert_auth_info_t info,
- gnutls_cert * cert, size_t ncerts)
+ gnutls_cert * cert, size_t ncerts)
{
/* Copy peer's information to auth_info_t
*/
if (info->raw_certificate_list != NULL)
{
for (j = 0; j < info->ncerts; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
+ _gnutls_free_datum (&info->raw_certificate_list[j]);
gnutls_free (info->raw_certificate_list);
}
for (i = 0; i < ncerts; i++)
{
if (cert->raw.size > 0)
- {
- ret =
- _gnutls_set_datum (&info->raw_certificate_list[i],
- cert[i].raw.data, cert[i].raw.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto clear;
- }
- }
+ {
+ ret =
+ _gnutls_set_datum (&info->raw_certificate_list[i],
+ cert[i].raw.data, cert[i].raw.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto clear;
+ }
+ }
}
info->ncerts = ncerts;
*/
inline static int
_gnutls_check_pk_algo_in_list (const gnutls_pk_algorithm_t *
- pk_algos, int pk_algos_length,
- gnutls_pk_algorithm_t algo_to_check)
+ pk_algos, int pk_algos_length,
+ gnutls_pk_algorithm_t algo_to_check)
{
int i;
for (i = 0; i < pk_algos_length; i++)
{
if (algo_to_check == pk_algos[i])
- {
- return 0;
- }
+ {
+ return 0;
+ }
}
return -1;
}
}
result = asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size,
- "tbsCertificate.issuer", &start, &end);
+ "tbsCertificate.issuer", &start, &end);
if (result != ASN1_SUCCESS)
{
*/
static int
_find_x509_cert (const gnutls_certificate_credentials_t cred,
- opaque * _data, size_t _data_size,
- const gnutls_pk_algorithm_t * pk_algos,
- int pk_algos_length, int *indx)
+ opaque * _data, size_t _data_size,
+ const gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
{
unsigned size;
gnutls_datum_t odn = { NULL, 0 };
data += 2;
for (i = 0; i < cred->ncerts; i++)
- {
- for (j = 0; j < cred->cert_list_length[i]; j++)
- {
- if ((result =
- _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j],
- &odn)) < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (odn.size != size)
- continue;
-
- /* If the DN matches and
- * the *_SIGN algorithm matches
- * the cert is our cert!
- */
- cert_pk = cred->cert_list[i][0].subject_pk_algorithm;
-
- if ((memcmp (odn.data, data, size) == 0) &&
- (_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length, cert_pk) == 0))
- {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
- }
+ {
+ for (j = 0; j < cred->cert_list_length[i]; j++)
+ {
+ if ((result =
+ _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j],
+ &odn)) < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (odn.size != size)
+ continue;
+
+ /* If the DN matches and
+ * the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ cert_pk = cred->cert_list[i][0].subject_pk_algorithm;
+
+ if ((memcmp (odn.data, data, size) == 0) &&
+ (_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length, cert_pk) == 0))
+ {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
if (*indx != -1)
- break;
+ break;
/* move to next record */
data += size;
*/
static int
_find_openpgp_cert (const gnutls_certificate_credentials_t cred,
- gnutls_pk_algorithm_t * pk_algos,
- int pk_algos_length, int *indx)
+ gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
{
unsigned i, j;
for (i = 0; i < cred->ncerts; i++)
{
for (j = 0; j < cred->cert_list_length[i]; j++)
- {
-
- /* If the *_SIGN algorithm matches
- * the cert is our cert!
- */
- if ((_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length,
- cred->cert_list[i][0].subject_pk_algorithm) == 0)
- && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP))
- {
- *indx = i;
- break;
- }
- }
+ {
+
+ /* If the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ if ((_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length,
+ cred->cert_list[i][0].subject_pk_algorithm) == 0)
+ && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP))
+ {
+ *indx = i;
+ break;
+ }
+ }
if (*indx != -1)
- break;
+ break;
}
return 0;
if (data_size > 0)
do
{
- /* This works like DECR_LEN()
- */
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM (data_size, 2, goto error);
- size = _gnutls_read_uint16 (data);
+ /* This works like DECR_LEN()
+ */
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM (data_size, 2, goto error);
+ size = _gnutls_read_uint16 (data);
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM (data_size, size, goto error);
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM (data_size, size, goto error);
- data += 2;
+ data += 2;
- if (size > 0)
- {
- issuers_dn_len++;
- data += size;
- }
+ if (size > 0)
+ {
+ issuers_dn_len++;
+ data += size;
+ }
- if (data_size == 0)
- break;
+ if (data_size == 0)
+ break;
}
while (1);
*/
static int
get_issuers (gnutls_session_t session,
- gnutls_datum_t * issuers_dn, int issuers_len,
- opaque * data, size_t data_size)
+ gnutls_datum_t * issuers_dn, int issuers_len,
+ opaque * data, size_t data_size)
{
int i;
unsigned size;
{
for (i = 0; i < issuers_len; i++)
- {
- /* The checks here for the buffer boundaries
- * are not needed since the buffer has been
- * parsed above.
- */
- data_size -= 2;
+ {
+ /* The checks here for the buffer boundaries
+ * are not needed since the buffer has been
+ * parsed above.
+ */
+ data_size -= 2;
- size = _gnutls_read_uint16 (data);
+ size = _gnutls_read_uint16 (data);
- data += 2;
+ data += 2;
- issuers_dn[i].data = data;
- issuers_dn[i].size = size;
+ issuers_dn[i].data = data;
+ issuers_dn[i].size = size;
- data += size;
- }
+ data += size;
+ }
}
return 0;
*/
static int
call_get_cert_callback (gnutls_session_t session,
- const gnutls_datum_t * issuers_dn,
- int issuers_dn_length,
- gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+ const gnutls_datum_t * issuers_dn,
+ int issuers_dn_length,
+ gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
unsigned i;
gnutls_cert *local_certs = NULL;
if (cred->get_cert_callback)
{
ret = cred->get_cert_callback (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length, &st2);
+ pk_algos, pk_algos_length, &st2);
}
else
- { /* compatibility mode */
+ { /* compatibility mode */
gnutls_retr_st st;
memset (&st, 0, sizeof (st));
if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (cred->server_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->server_get_cert_callback (session, &st);
- if (ret >= 0)
- st_to_st2 (&st2, &st);
- }
+ {
+ if (cred->server_get_cert_callback == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->server_get_cert_callback (session, &st);
+ if (ret >= 0)
+ st_to_st2 (&st2, &st);
+ }
else
- { /* CLIENT */
-
- if (cred->client_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->client_get_cert_callback (session,
- issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length,
- &st);
- if (ret >= 0)
- st_to_st2 (&st2, &st);
- }
+ { /* CLIENT */
+
+ if (cred->client_get_cert_callback == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->client_get_cert_callback (session,
+ issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length,
+ &st);
+ if (ret >= 0)
+ st_to_st2 (&st2, &st);
+ }
}
if (ret < 0)
}
if (st2.ncerts == 0)
- return 0; /* no certificate was selected */
+ return 0; /* no certificate was selected */
if (type != st2.cert_type)
{
local_certs = alloc_and_load_x509_certs (st2.cert.x509, st2.ncerts);
}
else
- { /* PGP */
+ { /* PGP */
if (st2.ncerts > 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
#ifdef ENABLE_OPENPGP
{
- local_certs = alloc_and_load_pgp_certs (st2.cert.pgp);
+ local_certs = alloc_and_load_pgp_certs (st2.cert.pgp);
}
#else
ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
case GNUTLS_PRIVKEY_OPENPGP:
#ifdef ENABLE_OPENPGP
if (st2.key.pgp != NULL)
- {
- local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
+ {
+ local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
break;
#endif
case GNUTLS_PRIVKEY_PKCS11:
if (st2.key.pkcs11 != NULL)
- {
- local_key =
- alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
+ {
+ local_key =
+ alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
break;
case GNUTLS_PRIVKEY_X509:
if (st2.key.x509 != NULL)
- {
- local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
+ {
+ local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
break;
}
_gnutls_selected_certs_set (session, local_certs,
- (local_certs != NULL) ? st2.ncerts : 0,
- local_key, 1);
+ (local_certs != NULL) ? st2.ncerts : 0,
+ local_key, 1);
ret = 0;
if (st2.cert_type == GNUTLS_CRT_X509)
{
if (st2.deinit_all)
- {
- for (i = 0; i < st2.ncerts; i++)
- {
- gnutls_x509_crt_deinit (st2.cert.x509[i]);
- }
- }
+ {
+ for (i = 0; i < st2.ncerts; i++)
+ {
+ gnutls_x509_crt_deinit (st2.cert.x509[i]);
+ }
+ }
}
else
{
#ifdef ENABLE_OPENPGP
if (st2.deinit_all)
- {
- gnutls_openpgp_crt_deinit (st2.cert.pgp);
- }
+ {
+ gnutls_openpgp_crt_deinit (st2.cert.pgp);
+ }
#endif
}
if (ret < 0)
{
if (local_key != NULL)
- gnutls_privkey_deinit (local_key);
+ gnutls_privkey_deinit (local_key);
}
return ret;
*/
static int
_select_client_cert (gnutls_session_t session,
- opaque * _data, size_t _data_size,
- gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+ opaque * _data, size_t _data_size,
+ gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
int result;
int indx = -1;
/* use a callback to get certificate
*/
if (session->security_parameters.cert_type != GNUTLS_CRT_X509)
- issuers_dn_length = 0;
+ issuers_dn_length = 0;
else
- {
- issuers_dn_length = get_issuers_num (session, data, data_size);
- if (issuers_dn_length < 0)
- {
- gnutls_assert ();
- return issuers_dn_length;
- }
-
- if (issuers_dn_length > 0)
- {
- issuers_dn =
- gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length);
- if (issuers_dn == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result =
- get_issuers (session, issuers_dn, issuers_dn_length,
- data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- }
+ {
+ issuers_dn_length = get_issuers_num (session, data, data_size);
+ if (issuers_dn_length < 0)
+ {
+ gnutls_assert ();
+ return issuers_dn_length;
+ }
+
+ if (issuers_dn_length > 0)
+ {
+ issuers_dn =
+ gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length);
+ if (issuers_dn == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ get_issuers (session, issuers_dn, issuers_dn_length,
+ data, data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ }
result =
- call_get_cert_callback (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length);
+ call_get_cert_callback (session, issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length);
goto cleanup;
}
result = 0;
if (session->security_parameters.cert_type == GNUTLS_CRT_X509)
- result =
- _find_x509_cert (cred, _data, _data_size,
- pk_algos, pk_algos_length, &indx);
+ result =
+ _find_x509_cert (cred, _data, _data_size,
+ pk_algos, pk_algos_length, &indx);
#ifdef ENABLE_OPENPGP
if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP)
- result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
+ result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
#endif
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
if (indx >= 0)
- {
- _gnutls_selected_certs_set (session,
- &cred->cert_list[indx][0],
- cred->cert_list_length[indx],
- cred->pkey[indx], 0);
- }
+ {
+ _gnutls_selected_certs_set (session,
+ &cred->cert_list[indx][0],
+ cred->cert_list_length[indx],
+ cred->pkey[indx], 0);
+ }
else
- {
- _gnutls_selected_certs_set (session, NULL, 0, NULL, 0);
- }
+ {
+ _gnutls_selected_certs_set (session, NULL, 0, NULL, 0);
+ }
result = 0;
}
*/
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
+ &apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
+ &apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
if (apr_cert_list_length > 0)
{
if (apr_cert_list[0].use_subkey != 0)
- ret += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */
+ ret += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */
ret += apr_cert_list[0].raw.size;
}
if (apr_cert_list_length > 0)
{
if (apr_cert_list[0].use_subkey != 0)
- {
- *pdata = PGP_KEY_SUBKEY;
- pdata++;
- *pdata = sizeof (apr_cert_list[0].subkey_id);
- pdata++;
- memcpy (pdata, apr_cert_list[0].subkey_id,
- sizeof (apr_cert_list[0].subkey_id));
- pdata += sizeof (apr_cert_list[0].subkey_id);
- }
+ {
+ *pdata = PGP_KEY_SUBKEY;
+ pdata++;
+ *pdata = sizeof (apr_cert_list[0].subkey_id);
+ pdata++;
+ memcpy (pdata, apr_cert_list[0].subkey_id,
+ sizeof (apr_cert_list[0].subkey_id));
+ pdata += sizeof (apr_cert_list[0].subkey_id);
+ }
else
- {
- *pdata = PGP_KEY;
- pdata++;
- }
+ {
+ *pdata = PGP_KEY;
+ pdata++;
+ }
_gnutls_write_datum24 (pdata, apr_cert_list[0].raw);
pdata += (3 + apr_cert_list[0].raw.size);
}
- else /* empty - no certificate */
+ else /* empty - no certificate */
{
*pdata = PGP_KEY;
pdata++;
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
+ &apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
packet_size = 3 + 1;
if (apr_cert_list[0].use_subkey)
- packet_size += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */
+ packet_size += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */
/* Only v4 fingerprints are sent
*/
if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4)
packet_size += 20 + 1;
- else /* empty certificate case */
+ else /* empty certificate case */
return _gnutls_gen_openpgp_certificate (session, data);
(*data) = gnutls_malloc (packet_size);
*pdata = sizeof (apr_cert_list[0].subkey_id);
pdata++;
memcpy (pdata, apr_cert_list[0].subkey_id,
- sizeof (apr_cert_list[0].subkey_id));
+ sizeof (apr_cert_list[0].subkey_id));
pdata += sizeof (apr_cert_list[0].subkey_id);
}
else
{
- *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */
+ *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */
pdata++;
}
if ((ret =
_gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata,
- &fpr_size)) < 0)
+ &fpr_size)) < 0)
{
gnutls_assert ();
return ret;
#ifdef ENABLE_OPENPGP
case GNUTLS_CRT_OPENPGP:
if (_gnutls_openpgp_send_fingerprint (session) == 0)
- return _gnutls_gen_openpgp_certificate (session, data);
+ return _gnutls_gen_openpgp_certificate (session, data);
else
- return _gnutls_gen_openpgp_certificate_fpr (session, data);
+ return _gnutls_gen_openpgp_certificate_fpr (session, data);
#endif
case GNUTLS_CRT_X509:
return _gnutls_gen_x509_crt (session, data);
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x])
static int
_gnutls_proc_x509_server_certificate (gnutls_session_t session,
- opaque * data, size_t data_size)
+ opaque * data, size_t data_size)
{
int size, len, ret;
opaque *p = data;
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1)) < 0)
+ sizeof (cert_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
return GNUTLS_E_MEMORY_ERROR;
}
memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
- peer_certificate_list_size);
+ peer_certificate_list_size);
p = data + 3;
tmp.data = p;
if ((ret =
- _gnutls_x509_raw_cert_to_gcert (&peer_certificate_list
- [j], &tmp,
- CERT_ONLY_EXTENSIONS)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ _gnutls_x509_raw_cert_to_gcert (&peer_certificate_list
+ [j], &tmp,
+ CERT_ONLY_EXTENSIONS)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
/* check if signature algorithm is supported */
ret =
- _gnutls_session_sign_algo_enabled (session,
- peer_certificate_list
- [j].sign_algo);
+ _gnutls_session_sign_algo_enabled (session,
+ peer_certificate_list
+ [j].sign_algo);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
p += len;
}
if ((ret =
_gnutls_copy_certificate_auth_info (info,
- peer_certificate_list,
- peer_certificate_list_size)) < 0)
+ peer_certificate_list,
+ peer_certificate_list_size)) < 0)
{
gnutls_assert ();
goto cleanup;
if ((ret =
_gnutls_check_key_usage (&peer_certificate_list[0],
- gnutls_kx_get (session))) < 0)
+ gnutls_kx_get (session))) < 0)
{
gnutls_assert ();
goto cleanup;
#ifdef ENABLE_OPENPGP
static int
_gnutls_proc_openpgp_server_certificate (gnutls_session_t session,
- opaque * data, size_t data_size)
+ opaque * data, size_t data_size)
{
int size, ret, len;
opaque *p = data;
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1)) < 0)
+ sizeof (cert_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
{
/* check size */
if (*p != sizeof (subkey_id))
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
DECR_LEN (dsize, 1);
p++;
/* read the actual key or fingerprint */
if (key_type == PGP_KEY_FINGERPRINT
|| key_type == PGP_KEY_FINGERPRINT_SUBKEY)
- { /* the fingerprint */
+ { /* the fingerprint */
DECR_LEN (dsize, 1);
len = (uint8_t) * p;
p++;
if (len != 20)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
+ }
DECR_LEN (dsize, 20);
* a key server or anything.
*/
if ((ret =
- _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
tmp = akey;
peer_certificate_list_size++;
}
else if (key_type == PGP_KEY || key_type == PGP_KEY_SUBKEY)
- { /* the whole key */
+ { /* the whole key */
/* Read the actual certificate */
DECR_LEN (dsize, 3);
p += 3;
if (len == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ {
+ gnutls_assert ();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
DECR_LEN (dsize, len);
peer_certificate_list_size++;
goto cleanup;
}
memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
- peer_certificate_list_size);
+ peer_certificate_list_size);
if ((ret =
_gnutls_openpgp_raw_crt_to_gcert (&peer_certificate_list[0],
- &tmp,
- subkey_id_set ? subkey_id : NULL)) <
+ &tmp,
+ subkey_id_set ? subkey_id : NULL)) <
0)
{
gnutls_assert ();
if ((ret =
_gnutls_copy_certificate_auth_info (info,
- peer_certificate_list,
- peer_certificate_list_size)) < 0)
+ peer_certificate_list,
+ peer_certificate_list_size)) < 0)
{
gnutls_assert ();
goto cleanup;
if ((ret =
_gnutls_check_key_usage (&peer_certificate_list[0],
- gnutls_kx_get (session))) < 0)
+ gnutls_kx_get (session))) < 0)
{
gnutls_assert ();
goto cleanup;
int
_gnutls_proc_cert_server_certificate (gnutls_session_t session,
- opaque * data, size_t data_size)
+ opaque * data, size_t data_size)
{
int ret;
gnutls_certificate_credentials_t cred;
cred =
(gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
if (cred == NULL)
{
gnutls_assert ();
#ifdef ENABLE_OPENPGP
case GNUTLS_CRT_OPENPGP:
ret = _gnutls_proc_openpgp_server_certificate (session,
- data, data_size);
+ data, data_size);
break;
#endif
case GNUTLS_CRT_X509:
{
ret = cred->verify_callback (session);
if (ret != 0)
- ret = GNUTLS_E_CERTIFICATE_ERROR;
+ ret = GNUTLS_E_CERTIFICATE_ERROR;
}
return ret;
int
_gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data,
- size_t data_size)
+ size_t data_size)
{
int size, ret;
opaque *p;
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
+ sizeof (cert_auth_info_st), 0)) < 0)
{
gnutls_assert ();
return ret;
{
DECR_LEN (dsize, 1);
if ((ret = _gnutls_check_supported_sign_algo (*p)) > 0)
- {
- if (j < MAX_SIGN_ALGOS)
- {
- pk_algos[j++] = ret;
- pk_algos_length++;
- }
- }
+ {
+ if (j < MAX_SIGN_ALGOS)
+ {
+ pk_algos[j++] = ret;
+ pk_algos_length++;
+ }
+ }
}
if (pk_algos_length == 0)
ret = _gnutls_sign_algorithm_parse_data (session, p, hash_num);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
p += hash_num;
}
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
+ &apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
if (apr_cert_list_length > 0)
{
if ((ret =
- _gnutls_handshake_sign_cert_vrfy (session,
- &apr_cert_list[0],
- apr_pkey, &signature)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_handshake_sign_cert_vrfy (session,
+ &apr_cert_list[0],
+ apr_pkey, &signature)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
sign_algo = ret;
}
else
int
_gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session,
- opaque * data, size_t data_size)
+ opaque * data, size_t data_size)
{
int size, ret;
ssize_t dsize = data_size;
sign_algo = _gnutls_tls_aid_to_sign (&aid);
if (sign_algo == GNUTLS_PK_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
pdata += 2;
}
sig.size = size;
ret = _gnutls_get_auth_info_gcert (&peer_cert,
- session->security_parameters.cert_type,
- info, CERT_NO_COPY);
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY);
if (ret < 0)
{
if ((ret =
_gnutls_handshake_verify_cert_vrfy (session, &peer_cert, &sig,
- sign_algo)) < 0)
+ sign_algo)) < 0)
{
gnutls_assert ();
_gnutls_gcert_deinit (&peer_cert);
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq
- */
+ size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq
+ */
if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
session->internals.ignore_rdn_sequence == 0)
pdata[0] = CERTTYPE_SIZE - 1;
pdata[1] = RSA_SIGN;
- pdata[2] = DSA_SIGN; /* only these for now */
+ pdata[2] = DSA_SIGN; /* only these for now */
pdata += CERTTYPE_SIZE;
if (_gnutls_version_has_selectable_sighash (ver))
{
ret =
- _gnutls_sign_algorithm_write_params (session, pdata, signalgosize);
+ _gnutls_sign_algorithm_write_params (session, pdata, signalgosize);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* recalculate size */
size = size - signalgosize + ret;
*/
int
_gnutls_get_selected_cert (gnutls_session_t session,
- gnutls_cert ** apr_cert_list,
- int *apr_cert_list_length,
- gnutls_privkey_t * apr_pkey)
+ gnutls_cert ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey)
{
if (session->security_parameters.entity == GNUTLS_SERVER)
{
*apr_cert_list_length = session->internals.selected_cert_list_length;
if (*apr_cert_list_length == 0 || *apr_cert_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
}
else
- { /* CLIENT SIDE
- */
+ { /* CLIENT SIDE
+ */
/* we have already decided which certificate
* to send.
{
ret = _gnutls_x509_crt_to_gcert (&local_certs[i], certs[i], 0);
if (ret < 0)
- break;
+ break;
}
if (ret < 0)
{
gnutls_assert ();
for (j = 0; j < i; j++)
- {
- _gnutls_gcert_deinit (&local_certs[j]);
- }
+ {
+ _gnutls_gcert_deinit (&local_certs[j]);
+ }
gnutls_free (local_certs);
return NULL;
}
ret =
gnutls_privkey_import_x509 (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
- 0);
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
+ 0);
if (ret < 0)
{
gnutls_assert ();
ret =
gnutls_privkey_import_openpgp (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
- : 0);
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
if (ret < 0)
{
gnutls_assert ();
ret =
gnutls_privkey_import_pkcs11 (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
- : 0);
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
if (ret < 0)
{
gnutls_assert ();
int i;
for (i = 0; i < session->internals.selected_cert_list_length; i++)
- {
- _gnutls_gcert_deinit (&session->internals.selected_cert_list[i]);
- }
+ {
+ _gnutls_gcert_deinit (&session->internals.selected_cert_list[i]);
+ }
gnutls_free (session->internals.selected_cert_list);
session->internals.selected_cert_list = NULL;
session->internals.selected_cert_list_length = 0;
void
_gnutls_selected_certs_set (gnutls_session_t session,
- gnutls_cert * certs, int ncerts,
- gnutls_privkey_t key, int need_free)
+ gnutls_cert * certs, int ncerts,
+ gnutls_privkey_t key, int need_free)
{
_gnutls_selected_certs_deinit (session);
*/
int
_gnutls_server_select_cert (gnutls_session_t session,
- gnutls_pk_algorithm_t requested_algo)
+ gnutls_pk_algorithm_t requested_algo)
{
unsigned i;
int idx;
/* Otherwise... */
- idx = -1; /* default is use no certificate */
+ idx = -1; /* default is use no certificate */
for (i = 0; i < cred->ncerts; i++)
/* find one compatible certificate
*/
if (requested_algo == GNUTLS_PK_ANY ||
- requested_algo == cred->cert_list[i][0].subject_pk_algorithm)
- {
- /* if cert type and signature algorithm matches
- */
+ requested_algo == cred->cert_list[i][0].subject_pk_algorithm)
+ {
+ /* if cert type and signature algorithm matches
+ */
/* *INDENT-OFF* */
if (session->security_parameters.cert_type
== cred->cert_list[i][0].cert_type
break;
}
/* *INDENT-ON* */
- }
+ }
}
/* store the certificate pointer for future use, in the handshake.
if (idx >= 0)
{
_gnutls_selected_certs_set (session,
- &cred->cert_list[idx][0],
- cred->cert_list_length[idx],
- cred->pkey[idx], 0);
+ &cred->cert_list[idx][0],
+ cred->cert_list_length[idx],
+ cred->pkey[idx], 0);
}
else
/* Certificate does not support REQUESTED_ALGO. */
/* contains the number of the certificates in a
* row (should be 1 for OpenPGP keys).
*/
- unsigned ncerts; /* contains the number of columns in cert_list.
- * This is the same with the number of pkeys.
- */
+ unsigned ncerts; /* contains the number of columns in cert_list.
+ * This is the same with the number of pkeys.
+ */
gnutls_privkey_t *pkey;
/* private keys. It contains ncerts private
/* X509 specific stuff */
gnutls_x509_crt_t *x509_ca_list;
- unsigned x509_ncas; /* number of CAs in the ca_list
- */
+ unsigned x509_ncas; /* number of CAs in the ca_list
+ */
gnutls_x509_crl_t *x509_crl_list;
- unsigned x509_ncrls; /* number of CRLs in the crl_list
- */
+ unsigned x509_ncrls; /* number of CRLs in the crl_list
+ */
- unsigned int verify_flags; /* flags to be used at
- * certificate verification.
- */
+ unsigned int verify_flags; /* flags to be used at
+ * certificate verification.
+ */
unsigned int verify_depth;
unsigned int verify_bits;
*/
gnutls_datum_t x509_rdn_sequence;
- gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
- gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
+ gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
+ gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
gnutls_certificate_verify_function *verify_callback;
gnutls_certificate_retrieve_function *get_cert_callback;
dh_info_st dh;
rsa_info_st rsa_export;
- gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
- * peer.
- */
- unsigned int ncerts; /* holds the size of the list above */
+ gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
+ * peer.
+ */
+ unsigned int ncerts; /* holds the size of the list above */
gnutls_certificate_type_t cert_type;
gnutls_sign_algorithm_t sign_algo;
int _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t, opaque *, size_t);
int _gnutls_proc_cert_server_certificate (gnutls_session_t, opaque *, size_t);
int _gnutls_get_selected_cert (gnutls_session_t session,
- gnutls_cert ** apr_cert_list,
- int *apr_cert_list_length,
- gnutls_privkey_t * apr_pkey);
+ gnutls_cert ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey);
int _gnutls_server_select_cert (struct gnutls_session_int *,
- gnutls_pk_algorithm_t);
+ gnutls_pk_algorithm_t);
void _gnutls_selected_certs_deinit (gnutls_session_t session);
void _gnutls_selected_certs_set (gnutls_session_t session,
- gnutls_cert * certs, int ncerts,
- gnutls_privkey_t key, int need_free);
+ gnutls_cert * certs, int ncerts,
+ gnutls_privkey_t key, int need_free);
#define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t
- rsa_params,
- gnutls_params_function
- * func,
- gnutls_session_t);
+ rsa_params,
+ gnutls_params_function
+ * func,
+ gnutls_session_t);
int _gnutls_get_auth_info_gcert (gnutls_cert * gcert,
- gnutls_certificate_type_t type,
- cert_auth_info_t info,
- int flags /* OR of ConvFlags */ );
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info,
+ int flags /* OR of ConvFlags */ );
int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
- res, gnutls_cert * crt, int nr);
+ res, gnutls_cert * crt, int nr);
int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
- gnutls_privkey_t pkey);
+ gnutls_privkey_t pkey);
#endif
int
_gnutls_proc_dh_common_client_kx (gnutls_session_t session,
- opaque * data, size_t _data_size,
- bigint_t g, bigint_t p)
+ opaque * data, size_t _data_size,
+ bigint_t g, bigint_t p)
{
uint16_t n_Y;
size_t _n_Y;
{
ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
}
- else /* In DHE_PSK the key is set differently */
+ else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
_gnutls_free_datum (&tmp_dh_key);
*data = NULL;
X = gnutls_calc_dh_secret (&x, session->key->client_g,
- session->key->client_p);
+ session->key->client_p);
if (X == NULL || x == NULL)
{
gnutls_assert ();
{
ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
}
- else /* In DHE_PSK the key is set differently */
+ else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
_gnutls_free_datum (&tmp_dh_key);
int
_gnutls_proc_dh_common_server_kx (gnutls_session_t session,
- opaque * data, size_t _data_size, int psk)
+ opaque * data, size_t _data_size, int psk)
{
uint16_t n_Y, n_g, n_p;
size_t _n_Y, _n_g, _n_p;
}
_gnutls_dh_set_group (session, session->key->client_g,
- session->key->client_p);
+ session->key->client_p);
_gnutls_dh_set_peer_public (session, session->key->client_Y);
ret = n_Y + n_p + n_g + 6;
* be inserted */
int
_gnutls_dh_common_print_server_kx (gnutls_session_t session,
- bigint_t g, bigint_t p, opaque ** data,
- int psk)
+ bigint_t g, bigint_t p, opaque ** data,
+ int psk)
{
bigint_t x, X;
size_t n_X, n_g, n_p;
void _gnutls_free_dh_info (dh_info_st * dh);
int _gnutls_gen_dh_common_client_kx (gnutls_session_t, opaque **);
int _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
- opaque * data, size_t _data_size,
- bigint_t p, bigint_t g);
+ opaque * data, size_t _data_size,
+ bigint_t p, bigint_t g);
int _gnutls_dh_common_print_server_kx (gnutls_session_t, bigint_t g,
- bigint_t p, opaque ** data, int psk);
+ bigint_t p, opaque ** data, int psk);
int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size, int psk);
+ size_t _data_size, int psk);
#endif
_gnutls_gen_cert_client_certificate,
gen_dhe_server_kx,
_gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
_gnutls_proc_cert_server_certificate,
_gnutls_proc_cert_client_certificate,
proc_dhe_server_kx,
proc_dhe_client_kx,
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
const mod_auth_st dhe_dss_auth_struct = {
_gnutls_gen_cert_client_certificate,
gen_dhe_server_kx,
_gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
_gnutls_proc_cert_server_certificate,
_gnutls_proc_cert_client_certificate,
proc_dhe_server_kx,
proc_dhe_client_kx,
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
+ &apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
g = mpis[1];
if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
+ sizeof (cert_auth_info_st), 0)) < 0)
{
gnutls_assert ();
return ret;
if (apr_cert_list_length > 0)
{
if ((ret =
- _gnutls_handshake_sign_data (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature,
- &sign_algo)) < 0)
- {
- gnutls_assert ();
- gnutls_free (*data);
- return ret;
- }
+ _gnutls_handshake_sign_data (session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (*data);
+ return ret;
+ }
}
else
{
gnutls_assert ();
- return data_size; /* do not put a signature - ILLEGAL! */
+ return data_size; /* do not put a signature - ILLEGAL! */
}
*data = gnutls_realloc_fast (*data, data_size + signature.size + 4);
sign_algorithm_st aid;
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- _gnutls_free_datum (&signature);
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
+ {
+ _gnutls_free_datum (&signature);
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
aid = _gnutls_sign_to_tls_aid (sign_algo);
(*data)[data_size++] = aid.hash_algorithm;
static int
proc_dhe_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
int sigsize;
opaque *sigdata;
aid.sign_algorithm = *sigdata++;
sign_algo = _gnutls_tls_aid_to_sign (&aid);
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
}
DECR_LEN (data_size, 2);
sigsize = _gnutls_read_uint16 (sigdata);
if ((ret =
_gnutls_get_auth_info_gcert (&peer_cert,
- session->security_parameters.cert_type,
- info, CERT_NO_COPY)) < 0)
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY)) < 0)
{
gnutls_assert ();
return ret;
ret =
_gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
- sign_algo);
+ sign_algo);
_gnutls_gcert_deinit (&peer_cert);
if (ret < 0)
static int
proc_dhe_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
gnutls_certificate_credentials_t cred;
int ret;
NULL,
NULL,
- NULL, /* certificate */
+ NULL, /* certificate */
proc_psk_server_kx,
proc_psk_client_kx,
NULL,
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
+ sizeof (psk_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
static int
proc_psk_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
int ret;
bigint_t p, g;
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
+ sizeof (psk_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
int
proc_psk_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
int ret;
/* set auth_info */
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
+ sizeof (psk_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
int _gnutls_proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
int _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size);
+ size_t _data_size);
const mod_auth_st psk_auth_struct = {
"PSK",
NULL,
NULL,
- NULL, /* certificate */
+ NULL, /* certificate */
_gnutls_proc_psk_server_kx,
_gnutls_proc_psk_client_kx,
NULL,
*/
int
_gnutls_set_psk_session_key (gnutls_session_t session,
- gnutls_datum_t * dh_secret)
+ gnutls_datum_t * dh_secret)
{
gnutls_datum_t pwd_psk = { NULL, 0 };
gnutls_datum_t *ppsk;
gnutls_psk_client_credentials_t cred;
cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
ppsk = &cred->key;
}
else
- { /* SERVER side */
+ { /* SERVER side */
psk_auth_info_t info;
info = _gnutls_get_auth_info (session);
*/
ret = _gnutls_psk_pwd_find_entry (session, info->username, &pwd_psk);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ppsk = &pwd_psk;
}
ret = cred->get_function (session, &username, &key);
if (ret)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = _gnutls_set_datum (&cred->username, username, strlen (username));
gnutls_free (username);
if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&key);
- return ret;
- }
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&key);
+ return ret;
+ }
ret = _gnutls_set_datum (&cred->key, key.data, key.size);
_gnutls_free_datum (&key);
if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
}
else if (cred->username.data == NULL || cred->key.data == NULL)
{
*/
int
_gnutls_proc_psk_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
ssize_t data_size = _data_size;
int ret;
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
+ sizeof (psk_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
*/
int
_gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
ssize_t data_size = _data_size;
int ret;
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
+ sizeof (psk_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
*/
int
_gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username,
- gnutls_datum_t * psk)
+ gnutls_datum_t * psk)
{
gnutls_psk_server_credentials_t cred;
FILE *fd;
ret = cred->pwd_callback (session, username, psk);
if (ret == 1)
- { /* the user does not exist */
- ret = _randomize_psk (psk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
+ { /* the user does not exist */
+ ret = _randomize_psk (psk);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
return 0;
}
/* move to first ':' */
i = 0;
while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
+ {
+ i++;
+ }
if (strncmp (username, line, MAX (i, len)) == 0)
- {
- ret = pwd_put_values (psk, line);
- fclose (fd);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
- return 0;
- }
+ {
+ ret = pwd_put_values (psk, line);
+ fclose (fd);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ return 0;
+ }
}
fclose (fd);
/* this is locally allocated. It should be freed using the provided function */
int _gnutls_psk_pwd_find_entry (gnutls_session_t, char *username,
- gnutls_datum_t * key);
+ gnutls_datum_t * key);
#endif /* ENABLE_SRP */
"RSA",
_gnutls_gen_cert_server_certificate,
_gnutls_gen_cert_client_certificate,
- NULL, /* gen server kx */
+ NULL, /* gen server kx */
_gnutls_gen_rsa_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
_gnutls_proc_cert_server_certificate,
_gnutls_proc_cert_client_certificate,
- NULL, /* proc server kx */
- proc_rsa_client_kx, /* proc client kx */
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ NULL, /* proc server kx */
+ proc_rsa_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
/* This function reads the RSA parameters from peer's certificate;
*/
static int
_gnutls_get_public_rsa_params (gnutls_session_t session,
- bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
- int *params_len)
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
+ int *params_len)
{
int ret;
cert_auth_info_t info;
ret =
_gnutls_get_auth_info_gcert (&peer_cert,
- session->security_parameters.cert_type,
- info, CERT_ONLY_PUBKEY | CERT_NO_COPY);
+ session->security_parameters.cert_type,
+ info, CERT_ONLY_PUBKEY | CERT_NO_COPY);
if (ret < 0)
{
_gnutls_gcert_deinit (&peer_cert);
if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
if (*params_len < 2)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
*params_len = 2;
for (i = 0; i < *params_len; i++)
- {
- params[i] = _gnutls_mpi_copy (session->key->rsa[i]);
- }
+ {
+ params[i] = _gnutls_mpi_copy (session->key->rsa[i]);
+ }
return 0;
}
static int
proc_rsa_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
gnutls_datum_t plaintext;
gnutls_datum_t ciphertext;
dsize = _gnutls_read_uint16 (data);
if (dsize != data_size)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
ciphertext.size = dsize;
}
ret =
gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
- &ciphertext, &plaintext);
+ &ciphertext, &plaintext);
if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
{
* check the version number.
*/
if (_gnutls_get_adv_version_major (session) != plaintext.data[0]
- || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
- {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert ();
- _gnutls_x509_log
- ("auth_rsa: Possible PKCS #1 version check format attack\n");
- }
+ || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
+ {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
}
if (randomize_key != 0)
session->key->key.size = GNUTLS_MASTER_SIZE;
session->key->key.data = gnutls_malloc (session->key->key.size);
if (session->key->key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
/* we do not need strong random numbers here.
*/
ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
- session->key->key.size);
+ session->key->key.size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
else
_gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data)
{
cert_auth_info_t auth = session->key->auth_info;
- gnutls_datum_t sdata; /* data to send */
+ gnutls_datum_t sdata; /* data to send */
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
int params_len = MAX_PUBLIC_PARAMS_SIZE;
int ret, i;
}
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data,
- session->key->key.size);
+ session->key->key.size);
if (ret < 0)
{
gnutls_assert ();
session->key->key.data[1] = _gnutls_version_get_minor (ver);
}
else
- { /* use the version provided */
+ { /* use the version provided */
session->key->key.data[0] = session->internals.rsa_pms_version[0];
session->key->key.data[1] = session->internals.rsa_pms_version[1];
}
if ((ret =
_gnutls_pkcs1_rsa_encrypt (&sdata, &session->key->key,
- params, params_len, 2)) < 0)
+ params, params_len, 2)) < 0)
{
gnutls_assert ();
return ret;
return sdata.size;
}
else
- { /* TLS 1 */
+ { /* TLS 1 */
*data = gnutls_malloc (sdata.size + 2);
if (*data == NULL)
- {
- _gnutls_free_datum (&sdata);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ _gnutls_free_datum (&sdata);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
_gnutls_write_datum16 (*data, sdata);
ret = sdata.size + 2;
_gnutls_free_datum (&sdata);
static int gen_rsa_export_server_kx (gnutls_session_t, opaque **);
static int proc_rsa_export_server_kx (gnutls_session_t, opaque *, size_t);
static int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size);
+ size_t _data_size);
const mod_auth_st rsa_export_auth_struct = {
"RSA EXPORT",
_gnutls_gen_cert_client_certificate,
gen_rsa_export_server_kx,
_gnutls_gen_rsa_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
_gnutls_proc_cert_server_certificate,
_gnutls_proc_cert_client_certificate,
proc_rsa_export_server_kx,
- proc_rsa_export_client_kx, /* proc client kx */
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ proc_rsa_export_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
/* This function reads the RSA parameters from the private key
*/
static int
_gnutls_get_private_rsa_params (gnutls_session_t session,
- bigint_t ** params, int *params_size)
+ bigint_t ** params, int *params_size)
{
int bits;
gnutls_certificate_credentials_t cred;
bits =
_gnutls_mpi_get_nbits (session->internals.
- selected_cert_list[0].params[0]);
+ selected_cert_list[0].params[0]);
if (_gnutls_cipher_suite_get_kx_algo
(&session->security_parameters.current_cipher_suite)
rsa_params =
_gnutls_certificate_get_rsa_params (cred->rsa_params,
- cred->params_func, session);
+ cred->params_func, session);
/* EXPORT case: */
if (rsa_params == NULL)
{
int
proc_rsa_export_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
gnutls_datum_t plaintext;
gnutls_datum_t ciphertext;
dsize = _gnutls_read_uint16 (data);
if (dsize != data_size)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
ciphertext.size = dsize;
}
return ret;
}
- ret = _gnutls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */
+ ret = _gnutls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */
if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
{
* check the version number.
*/
if (_gnutls_get_adv_version_major (session) != plaintext.data[0]
- || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
- {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert ();
- _gnutls_x509_log
- ("auth_rsa: Possible PKCS #1 version check format attack\n");
- }
+ || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
+ {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
}
if (randomize_key != 0)
session->key->key.size = GNUTLS_MASTER_SIZE;
session->key->key.data = gnutls_malloc (session->key->key.size);
if (session->key->key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
/* we do not need strong random numbers here.
*/
ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
- session->key->key.size);
+ session->key->key.size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
else
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
+ &apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
rsa_params =
_gnutls_certificate_get_rsa_params (cred->rsa_params, cred->params_func,
- session);
+ session);
rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params);
if (rsa_mpis == NULL)
{
}
if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
+ sizeof (cert_auth_info_st), 0)) < 0)
{
gnutls_assert ();
return ret;
if (apr_cert_list_length > 0)
{
if ((ret =
- _gnutls_handshake_sign_data (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature,
- &sign_algo)) < 0)
- {
- gnutls_assert ();
- gnutls_free (*data);
- *data = NULL;
- return ret;
- }
+ _gnutls_handshake_sign_data (session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (*data);
+ *data = NULL;
+ return ret;
+ }
}
else
{
gnutls_assert ();
- return data_size; /* do not put a signature - ILLEGAL! */
+ return data_size; /* do not put a signature - ILLEGAL! */
}
*data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
if ((ret =
_gnutls_get_auth_info_gcert (&peer_cert,
- session->security_parameters.cert_type,
- info, CERT_NO_COPY)) < 0)
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY)) < 0)
{
gnutls_assert ();
return 0;
static int
proc_rsa_export_server_kx (gnutls_session_t session,
- opaque * data, size_t _data_size)
+ opaque * data, size_t _data_size)
{
uint16_t n_m, n_e;
size_t _n_m, _n_e;
}
_gnutls_rsa_export_set_pubkey (session, session->key->rsa[1],
- session->key->rsa[0]);
+ session->key->rsa[0]);
/* VERIFY SIGNATURE */
if ((ret =
_gnutls_get_auth_info_gcert (&peer_cert,
- session->security_parameters.cert_type,
- info, CERT_NO_COPY)) < 0)
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY)) < 0)
{
gnutls_assert ();
return ret;
ret =
_gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
- GNUTLS_SIGN_UNKNOWN);
+ GNUTLS_SIGN_UNKNOWN);
_gnutls_gcert_deinit (&peer_cert);
if (ret < 0)
NULL,
NULL,
- NULL, /* certificate */
+ NULL, /* certificate */
_gnutls_proc_srp_server_kx,
_gnutls_proc_srp_client_kx,
NULL,
srp_ext_st *priv;
ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
+ if (ret < 0) /* peer didn't send a username */
{
gnutls_assert ();
return GNUTLS_E_UNKNOWN_SRP_USERNAME;
if ((ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
- sizeof (srp_server_auth_info_st), 1)) < 0)
+ sizeof (srp_server_auth_info_st), 1)) < 0)
{
gnutls_assert ();
return ret;
*/
data_size = (pwd_entry->n.size + 2 + pwd_entry->g.size + 2 +
- pwd_entry->salt.size + 1) + (n_b + 2);
+ pwd_entry->salt.size + 1) + (n_b + 2);
(*data) = gnutls_malloc (data_size);
if ((*data) == NULL)
_gnutls_write_uint16 (n_b, data_b);
_gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b,
- _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf),
- NULL));
+ _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf),
+ NULL));
_gnutls_srp_entry_free (pwd_entry);
srp_ext_st *priv;
ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
+ if (ret < 0) /* peer didn't send a username */
{
gnutls_assert ();
return GNUTLS_E_UNKNOWN_SRP_USERNAME;
}
_gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a,
- _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf),
- NULL));
+ _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf),
+ NULL));
_gnutls_mpi_release (&A);
/* just read A and put it to session */
int
_gnutls_proc_srp_client_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
size_t _n_A;
ssize_t data_size = _data_size;
int ret;
if (_gnutls_mpi_get_nbits (n) < (session->internals.srp_prime_bits
- ? session->internals.srp_prime_bits
- : 2048))
+ ? session->internals.srp_prime_bits
+ : 2048))
{
gnutls_assert ();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
*/
int
_gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
uint8_t n_s;
uint16_t n_g, n_n, n_b;
{
_gnutls_x509_log ("Checking the SRP group parameters.\n");
if ((ret = group_check_g_n (session, G, N)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
/* Checks if b % n == 0
*/
if ((ret =
_gnutls_calc_srp_x (username, password, (opaque *) data_s, n_s,
- &_n_g, hd)) < 0)
+ &_n_g, hd)) < 0)
{
gnutls_assert ();
return ret;
}
- return i; /* return the processed data
- * needed in auth_srp_rsa.
- */
+ return i; /* return the processed data
+ * needed in auth_srp_rsa.
+ */
}
#endif /* ENABLE_SRP */
#ifdef ENABLE_SRP
int _gnutls_proc_srp_server_hello (gnutls_session_t state,
- const opaque * data, size_t data_size);
+ const opaque * data, size_t data_size);
int _gnutls_gen_srp_server_hello (gnutls_session_t state, opaque * data,
- size_t data_size);
+ size_t data_size);
int _gnutls_gen_srp_server_kx (gnutls_session_t, opaque **);
int _gnutls_gen_srp_client_kx (gnutls_session_t, opaque **);
size_t verifier_size;
int indx;
- p = strrchr (str, ':'); /* we have index */
+ p = strrchr (str, ':'); /* we have index */
if (p == NULL)
{
gnutls_assert ();
}
/* now go for salt */
- p = strrchr (str, ':'); /* we have salt */
+ p = strrchr (str, ':'); /* we have salt */
if (p == NULL)
{
gnutls_assert ();
}
/* now go for verifier */
- p = strrchr (str, ':'); /* we have verifier */
+ p = strrchr (str, ':'); /* we have verifier */
if (p == NULL)
{
_gnutls_free_datum (&entry->salt);
opaque *tmp;
int ret;
- p = strrchr (str, ':'); /* we have g */
+ p = strrchr (str, ':'); /* we have g */
if (p == NULL)
{
gnutls_assert ();
entry->g.size = ret;
/* now go for n - modulo */
- p = strrchr (str, ':'); /* we have n */
+ p = strrchr (str, ':'); /* we have n */
if (p == NULL)
{
_gnutls_free_datum (&entry->g);
unsigned i, len;
char indexstr[10];
- sprintf (indexstr, "%d", idx); /* Flawfinder: ignore */
+ sprintf (indexstr, "%d", idx); /* Flawfinder: ignore */
fd = fopen (pconf_file, "r");
if (fd == NULL)
/* move to first ':' */
i = 0;
while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
+ {
+ i++;
+ }
if (strncmp (indexstr, line, MAX (i, len)) == 0)
- {
- if ((idx = pwd_put_values2 (entry, line)) >= 0)
- return 0;
- else
- {
- return GNUTLS_E_SRP_PWD_ERROR;
- }
- }
+ {
+ if ((idx = pwd_put_values2 (entry, line)) >= 0)
+ return 0;
+ else
+ {
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ }
}
return GNUTLS_E_SRP_PWD_ERROR;
int
_gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
- SRP_PWD_ENTRY ** _entry)
+ SRP_PWD_ENTRY ** _entry)
{
gnutls_srp_server_credentials_t cred;
FILE *fd;
if (cred->pwd_callback != NULL)
{
ret = cred->pwd_callback (state, username, &entry->salt,
- &entry->v, &entry->g, &entry->n);
+ &entry->v, &entry->g, &entry->n);
if (ret == 1)
- { /* the user does not exist */
- if (entry->g.size != 0 && entry->n.size != 0)
- {
- ret = _randomize_pwd_entry (entry);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_srp_entry_free (entry);
- return ret;
- }
- return 0;
- }
- else
- {
- gnutls_assert ();
- ret = -1; /* error in the callback */
- }
- }
+ { /* the user does not exist */
+ if (entry->g.size != 0 && entry->n.size != 0)
+ {
+ ret = _randomize_pwd_entry (entry);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return ret;
+ }
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ ret = -1; /* error in the callback */
+ }
+ }
if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_srp_entry_free (entry);
- return GNUTLS_E_SRP_PWD_ERROR;
- }
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
return 0;
}
return GNUTLS_E_SRP_PWD_ERROR;
}
- last_idx = 1; /* a default value */
+ last_idx = 1; /* a default value */
len = strlen (username);
while (fgets (line, sizeof (line), fd) != NULL)
/* move to first ':' */
i = 0;
while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
+ {
+ i++;
+ }
if (strncmp (username, line, MAX (i, len)) == 0)
- {
- if ((idx = pwd_put_values (entry, line)) >= 0)
- {
- /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
- * when the user does not exist.
- */
- /* XXX: last_idx will not be read as both if block branches return. */
- last_idx = idx;
- if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
- {
- return 0;
- }
- else
- {
- gnutls_assert ();
- _gnutls_srp_entry_free (entry);
- return GNUTLS_E_SRP_PWD_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- _gnutls_srp_entry_free (entry);
- return GNUTLS_E_SRP_PWD_ERROR;
- }
- }
+ {
+ if ((idx = pwd_put_values (entry, line)) >= 0)
+ {
+ /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
+ * when the user does not exist.
+ */
+ /* XXX: last_idx will not be read as both if block branches return. */
+ last_idx = idx;
+ if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
+ {
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ }
}
/* user was not found. Fake him. Actually read the g,n values from
{
ret = _randomize_pwd_entry (entry);
if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_srp_entry_free (entry);
- return ret;
- }
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return ret;
+ }
return 0;
}
/* this is locally allocated. It should be freed using the provided function */
int _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
- SRP_PWD_ENTRY **);
+ SRP_PWD_ENTRY **);
void _gnutls_srp_entry_free (SRP_PWD_ENTRY * entry);
int _gnutls_sbase64_decode (uint8_t * data, size_t data_size,
- uint8_t ** result);
+ uint8_t ** result);
#endif /* ENABLE_SRP */
NULL,
_gnutls_proc_cert_server_certificate,
- NULL, /* certificate */
+ NULL, /* certificate */
proc_srp_cert_server_kx,
_gnutls_proc_srp_client_kx,
NULL,
NULL,
_gnutls_proc_cert_server_certificate,
- NULL, /* certificate */
+ NULL, /* certificate */
proc_srp_cert_server_kx,
_gnutls_proc_srp_client_kx,
NULL,
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
+ &apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
if ((ret =
_gnutls_handshake_sign_data (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature,
- &sign_algo)) < 0)
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
{
gnutls_assert ();
gnutls_free (*data);
static int
proc_srp_cert_server_kx (gnutls_session_t session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
ssize_t ret;
int sigsize;
/* VERIFY SIGNATURE */
- vparams.size = ret; /* all the data minus the signature */
+ vparams.size = ret; /* all the data minus the signature */
vparams.data = data;
p = &data[vparams.size];
ret =
_gnutls_get_auth_info_gcert (&peer_cert,
- session->security_parameters.cert_type,
- info, CERT_NO_COPY);
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY);
if (ret < 0)
{
ret =
_gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
- GNUTLS_SIGN_UNKNOWN);
+ GNUTLS_SIGN_UNKNOWN);
_gnutls_gcert_deinit (&peer_cert);
if (ret < 0)
case 3:
result[0] = b64table[((data[0] & 0xfc) >> 2)];
result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
- ((data[1] & 0xf0) >> 4))];
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ ((data[1] & 0xf0) >> 4))];
result[2] =
- b64table[((((data[1] & 0x0f) << 2) & 0xff) |
- ((data[2] & 0xc0) >> 6))];
+ b64table[((((data[1] & 0x0f) << 2) & 0xff) |
+ ((data[2] & 0xc0) >> 6))];
result[3] = b64table[(data[2] & 0x3f) & 0xff];
break;
case 2:
if ((c = ((data[0] & 0xf0) >> 4)) != 0)
- {
- result[0] = b64table[c];
- result[1] =
- b64table[((((data[0] & 0x0f) << 2) & 0xff) |
- ((data[1] & 0xc0) >> 6))];
- result[2] = b64table[(data[1] & 0x3f) & 0xff];
- result[3] = '\0';
- ret -= 1;
- }
+ {
+ result[0] = b64table[c];
+ result[1] =
+ b64table[((((data[0] & 0x0f) << 2) & 0xff) |
+ ((data[1] & 0xc0) >> 6))];
+ result[2] = b64table[(data[1] & 0x3f) & 0xff];
+ result[3] = '\0';
+ ret -= 1;
+ }
else
- {
- if ((c = ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> 6)) != 0)
- {
- result[0] = b64table[c];
- result[1] = b64table[data[1] & 0x3f];
- result[2] = '\0';
- result[3] = '\0';
- ret -= 2;
- }
- else
- {
- result[0] = b64table[data[0] & 0x3f];
- result[1] = '\0';
- result[2] = '\0';
- result[3] = '\0';
- ret -= 3;
- }
- }
+ {
+ if ((c = ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> 6)) != 0)
+ {
+ result[0] = b64table[c];
+ result[1] = b64table[data[1] & 0x3f];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ }
+ else
+ {
+ result[0] = b64table[data[0] & 0x3f];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
+ }
break;
case 1:
if ((c = ((data[0] & 0xc0) >> 6)) != 0)
- {
- result[0] = b64table[c];
- result[1] = b64table[(data[0] & 0x3f) & 0xff];
- result[2] = '\0';
- result[3] = '\0';
- ret -= 2;
- }
+ {
+ result[0] = b64table[c];
+ result[1] = b64table[(data[0] & 0x3f) & 0xff];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ }
else
- {
- result[0] = b64table[(data[0] & 0x3f) & 0xff];
- result[1] = '\0';
- result[2] = '\0';
- result[3] = '\0';
- ret -= 3;
- }
+ {
+ result[0] = b64table[(data[0] & 0x3f) & 0xff];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
break;
default:
return -1;
{
tmp = encode (tmpres, &data[0], mod);
if (tmp < 0)
- {
- gnutls_free ((*result));
- return tmp;
- }
+ {
+ gnutls_free ((*result));
+ return tmp;
+ }
memcpy (&(*result)[0], tmpres, tmp);
i = mod;
{
tmp = encode (tmpres, &data[i], data_size - i);
if (tmp < 0)
- {
- gnutls_free ((*result));
- return tmp;
- }
+ {
+ gnutls_free ((*result));
+ return tmp;
+ }
memcpy (&(*result)[j], tmpres, tmp);
}
tmp = decode (tmpres, datrev);
if (tmp < 0)
- {
- gnutls_free ((*result));
- *result = NULL;
- return tmp;
- }
+ {
+ gnutls_free ((*result));
+ *result = NULL;
+ return tmp;
+ }
memcpy (*result, &tmpres[3 - tmp], tmp);
if (tmp < 3)
- ret -= (3 - tmp);
+ ret -= (3 - tmp);
}
/* rest data */
{
tmp = decode (tmpres, &data[i]);
if (tmp < 0)
- {
- gnutls_free ((*result));
- *result = NULL;
- return tmp;
- }
+ {
+ gnutls_free ((*result));
+ *result = NULL;
+ return tmp;
+ }
memcpy (&(*result)[j], tmpres, tmp);
if (tmp < 3)
- ret -= (3 - tmp);
+ ret -= (3 - tmp);
j += 3;
}
**/
int
gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size)
+ size_t * result_size)
{
opaque *ret;
int size;
**/
int
gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
- gnutls_datum_t * result)
+ gnutls_datum_t * result)
{
opaque *ret;
int size;
**/
int
gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
- size_t * result_size)
+ size_t * result_size)
{
opaque *ret;
int size;
**/
int
gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
- gnutls_datum_t * result)
+ gnutls_datum_t * result)
{
opaque *ret;
int size;
**/
int
gnutls_cipher_init (gnutls_cipher_hd_t * handle,
- gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key, const gnutls_datum_t * iv)
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv)
{
*handle = gnutls_malloc (sizeof (cipher_hd_st));
if (*handle == NULL)
**/
int
gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
- size_t ciphertextlen)
+ size_t ciphertextlen)
{
return _gnutls_cipher_decrypt ((cipher_hd_st *) handle, ciphertext,
- ciphertextlen);
+ ciphertextlen);
}
/**
**/
int
gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen,
- void *ciphertext, size_t ciphertextlen)
+ void *ciphertext, size_t ciphertextlen)
{
return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen,
- ciphertext, ciphertextlen);
+ ciphertext, ciphertextlen);
}
/**
**/
int
gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
- size_t ciphertextlen, void *text, size_t textlen)
+ size_t ciphertextlen, void *text, size_t textlen)
{
return _gnutls_cipher_decrypt2 ((cipher_hd_st *) handle, ciphertext,
- ciphertextlen, text, textlen);
+ ciphertextlen, text, textlen);
}
/**
**/
int
gnutls_hmac_init (gnutls_hmac_hd_t * dig,
- gnutls_digest_algorithm_t algorithm,
- const void *key, size_t keylen)
+ gnutls_digest_algorithm_t algorithm,
+ const void *key, size_t keylen)
{
*dig = gnutls_malloc (sizeof (digest_hd_st));
if (*dig == NULL)
**/
int
gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
- const void *key, size_t keylen,
- const void *text, size_t textlen, void *digest)
+ const void *key, size_t keylen,
+ const void *text, size_t textlen, void *digest)
{
return _gnutls_hmac_fast (algorithm, key, keylen, text, textlen, digest);
}
**/
int
gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest)
+ const void *text, size_t textlen, void *digest)
{
return _gnutls_hash_fast (algorithm, text, textlen, digest);
}
while (cl && cl->alg_data)
{
if (cl->algorithm == algorithm)
- {
- if (cl->priority < priority)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
- }
- else
- {
- /* the current has higher priority -> overwrite */
- cl->algorithm = algorithm;
- cl->priority = priority;
- cl->alg_data = s;
- return 0;
- }
- }
+ {
+ if (cl->priority < priority)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ }
+ else
+ {
+ /* the current has higher priority -> overwrite */
+ cl->algorithm = algorithm;
+ cl->priority = priority;
+ cl->alg_data = s;
+ return 0;
+ }
+ }
cl = cl->next;
if (cl)
- last_cl = cl;
+ last_cl = cl;
}
cl = gnutls_calloc (1, sizeof (cipher_list));
while (cl && cl->alg_data)
{
if (cl->algorithm == algo)
- {
- return cl->alg_data;
- }
+ {
+ return cl->alg_data;
+ }
cl = cl->next;
}
**/
int
gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
- int priority, int version,
- const gnutls_crypto_cipher_st * s)
+ int priority, int version,
+ const gnutls_crypto_cipher_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_rnd_register2 (int priority, int version,
- const gnutls_crypto_rnd_st * s)
+ const gnutls_crypto_rnd_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
- int priority, int version,
- const gnutls_crypto_mac_st * s)
+ int priority, int version,
+ const gnutls_crypto_mac_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
- int priority, int version,
- const gnutls_crypto_digest_st * s)
+ int priority, int version,
+ const gnutls_crypto_digest_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_bigint_register2 (int priority, int version,
- const gnutls_crypto_bigint_st * s)
+ const gnutls_crypto_bigint_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_pk_register2 (int priority, int version,
- const gnutls_crypto_pk_st * s)
+ const gnutls_crypto_pk_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_cipher_register2 (int priority, int version,
- const gnutls_crypto_cipher_st * s)
+ const gnutls_crypto_cipher_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_mac_register2 (int priority, int version,
- const gnutls_crypto_mac_st * s)
+ const gnutls_crypto_mac_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
**/
int
gnutls_crypto_digest_register2 (int priority, int version,
- const gnutls_crypto_digest_st * s)
+ const gnutls_crypto_digest_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
const gnutls_crypto_digest_st
* _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo);
const gnutls_crypto_mac_st *_gnutls_get_crypto_mac (gnutls_mac_algorithm_t
- algo);
+ algo);
void _gnutls_crypto_deregister (void);
#endif /* CRYPTO_H */
static int
cryptodev_encrypt (void *_ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize)
+ void *encr, size_t encrsize)
{
struct cryptodev_ctx *ctx = _ctx;
ctx->cryp.len = plainsize;
static int
cryptodev_decrypt (void *_ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize)
+ void *plain, size_t plainsize)
{
struct cryptodev_ctx *ctx = _ctx;
i++)
{
if (gnutls_cipher_map[i] == 0)
- continue;
+ continue;
/* test if a cipher is support it and if yes register it */
sess.cipher = gnutls_cipher_map[i];
sess.key = fake_key;
if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ {
+ continue;
+ }
ioctl (cfd, CIOCFSESSION, &sess);
_gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_cipher_get_name (i));
+ gnutls_cipher_get_name (i));
ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
/* Clone file descriptor */
if (ioctl (cryptodev_fd, CRIOGET, &cfd))
{
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
}
/* Set close-on-exec (not really neede here) */
if (fcntl (cfd, F_SETFD, 1) == -1)
{
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
}
close (cryptodev_fd);
{
ret = register_mac (cryptodev_fd);
if (ret < 0)
- gnutls_assert ();
+ gnutls_assert ();
}
if (ret < 0)
for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++)
{
if (gnutls_mac_map[i] == 0)
- continue;
+ continue;
sess.mac = gnutls_mac_map[i];
sess.keylen = 8;
sess.key = fake_key;
if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ {
+ continue;
+ }
ioctl (cfd, CIOCFSESSION, &sess);
_gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_mac_get_name (i));
+ gnutls_mac_get_name (i));
ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
size_t n = sizeof buf;
if (_gnutls_mpi_print (a, buf, &n))
- strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */
+ strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */
_gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
- _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex),
- NULL));
+ _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex),
+ NULL));
}
inline static int _gnutls_num2cert_type (int num);
inline static int _gnutls_cert_type2num (int record_size);
static int _gnutls_cert_type_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data,
+ size_t data_size);
static int _gnutls_cert_type_send_params (gnutls_session_t session,
- opaque * data, size_t);
+ opaque * data, size_t);
extension_entry_st ext_mod_cert_type = {
.name = "CERT TYPE",
static int
_gnutls_cert_type_recv_params (gnutls_session_t session,
- const opaque * data, size_t _data_size)
+ const opaque * data, size_t _data_size)
{
int new_type = -1, ret, i;
ssize_t data_size = _data_size;
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
if (data_size > 0)
- {
- if (data_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_type = _gnutls_num2cert_type (data[0]);
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return new_type;
- }
-
- /* Check if we support this cert_type */
- if ((ret =
- _gnutls_session_cert_type_supported (session, new_type)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_session_cert_type_set (session, new_type);
- }
+ {
+ if (data_size != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_type = _gnutls_num2cert_type (data[0]);
+
+ if (new_type < 0)
+ {
+ gnutls_assert ();
+ return new_type;
+ }
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported (session, new_type)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_session_cert_type_set (session, new_type);
+ }
}
else
- { /* SERVER SIDE - we must check if the sent cert type is the right one
- */
+ { /* SERVER SIDE - we must check if the sent cert type is the right one
+ */
if (data_size > 1)
- {
- uint8_t len;
-
- DECR_LEN (data_size, 1);
- len = data[0];
- DECR_LEN (data_size, len);
-
- for (i = 0; i < len; i++)
- {
- new_type = _gnutls_num2cert_type (data[i + 1]);
-
- if (new_type < 0)
- continue;
-
- /* Check if we support this cert_type */
- if ((ret =
- _gnutls_session_cert_type_supported (session,
- new_type)) < 0)
- {
- gnutls_assert ();
- continue;
- }
- else
- break;
- /* new_type is ok */
- }
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if ((ret =
- _gnutls_session_cert_type_supported (session, new_type)) < 0)
- {
- gnutls_assert ();
- /* The peer has requested unsupported certificate
- * types. Instead of failing, procceed normally.
- * (the ciphersuite selection would fail, or a
- * non certificate ciphersuite will be selected).
- */
- return 0;
- }
-
- _gnutls_session_cert_type_set (session, new_type);
- }
+ {
+ uint8_t len;
+
+ DECR_LEN (data_size, 1);
+ len = data[0];
+ DECR_LEN (data_size, len);
+
+ for (i = 0; i < len; i++)
+ {
+ new_type = _gnutls_num2cert_type (data[i + 1]);
+
+ if (new_type < 0)
+ continue;
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported (session,
+ new_type)) < 0)
+ {
+ gnutls_assert ();
+ continue;
+ }
+ else
+ break;
+ /* new_type is ok */
+ }
+
+ if (new_type < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if ((ret =
+ _gnutls_session_cert_type_supported (session, new_type)) < 0)
+ {
+ gnutls_assert ();
+ /* The peer has requested unsupported certificate
+ * types. Instead of failing, procceed normally.
+ * (the ciphersuite selection would fail, or a
+ * non certificate ciphersuite will be selected).
+ */
+ return 0;
+ }
+
+ _gnutls_session_cert_type_set (session, new_type);
+ }
}
*/
static int
_gnutls_cert_type_send_params (gnutls_session_t session, opaque * data,
- size_t data_size)
+ size_t data_size)
{
unsigned len, i;
{
if (session->internals.priorities.cert_type.algorithms > 0)
- {
-
- len = session->internals.priorities.cert_type.algorithms;
-
- if (len == 1 &&
- session->internals.priorities.cert_type.priority[0] ==
- GNUTLS_CRT_X509)
- {
- /* We don't use this extension if X.509 certificates
- * are used.
- */
- return 0;
- }
-
- if (data_size < len + 1)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- /* this is a vector!
- */
- data[0] = (uint8_t) len;
-
- for (i = 0; i < len; i++)
- {
- data[i + 1] =
- _gnutls_cert_type2num (session->internals.priorities.
- cert_type.priority[i]);
- }
- return len + 1;
- }
+ {
+
+ len = session->internals.priorities.cert_type.algorithms;
+
+ if (len == 1 &&
+ session->internals.priorities.cert_type.priority[0] ==
+ GNUTLS_CRT_X509)
+ {
+ /* We don't use this extension if X.509 certificates
+ * are used.
+ */
+ return 0;
+ }
+
+ if (data_size < len + 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ /* this is a vector!
+ */
+ data[0] = (uint8_t) len;
+
+ for (i = 0; i < len; i++)
+ {
+ data[i + 1] =
+ _gnutls_cert_type2num (session->internals.priorities.
+ cert_type.priority[i]);
+ }
+ return len + 1;
+ }
}
else
- { /* server side */
+ { /* server side */
if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE)
- {
- len = 1;
- if (data_size < len)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- data[0] =
- _gnutls_cert_type2num (session->security_parameters.cert_type);
- return len;
- }
+ {
+ len = 1;
+ if (data_size < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] =
+ _gnutls_cert_type2num (session->security_parameters.cert_type);
+ return len;
+ }
}
#include <ext_max_record.h>
static int _gnutls_max_record_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data,
+ size_t data_size);
static int _gnutls_max_record_send_params (gnutls_session_t session,
- opaque * data, size_t);
+ opaque * data, size_t);
static int _gnutls_max_record_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
+ extension_priv_data_t * _priv);
static int _gnutls_max_record_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
+ gnutls_buffer_st * ps);
/* Maps record size to numbers according to the
* extensions draft.
static int
_gnutls_max_record_recv_params (gnutls_session_t session,
- const opaque * data, size_t _data_size)
+ const opaque * data, size_t _data_size)
{
ssize_t new_size;
ssize_t data_size = _data_size;
if (session->security_parameters.entity == GNUTLS_SERVER)
{
if (data_size > 0)
- {
- DECR_LEN (data_size, 1);
+ {
+ DECR_LEN (data_size, 1);
- new_size = _gnutls_mre_num2record (data[0]);
+ new_size = _gnutls_mre_num2record (data[0]);
- if (new_size < 0)
- {
- gnutls_assert ();
- return new_size;
- }
+ if (new_size < 0)
+ {
+ gnutls_assert ();
+ return new_size;
+ }
- session->security_parameters.max_record_send_size = new_size;
- session->security_parameters.max_record_recv_size = new_size;
- }
+ session->security_parameters.max_record_send_size = new_size;
+ session->security_parameters.max_record_recv_size = new_size;
+ }
}
else
- { /* CLIENT SIDE - we must check if the sent record size is the right one
- */
+ { /* CLIENT SIDE - we must check if the sent record size is the right one
+ */
if (data_size > 0)
- {
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (data_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_size = _gnutls_mre_num2record (data[0]);
-
- if (new_size < 0 || new_size != epriv.num)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
- else
- {
- session->security_parameters.max_record_recv_size = epriv.num;
- }
-
- }
+ {
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (data_size != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_size = _gnutls_mre_num2record (data[0]);
+
+ if (new_size < 0 || new_size != epriv.num)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+ else
+ {
+ session->security_parameters.max_record_recv_size = epriv.num;
+ }
+
+ }
}
*/
static int
_gnutls_max_record_send_params (gnutls_session_t session, opaque * data,
- size_t data_size)
+ size_t data_size)
{
uint16_t len;
int ret;
extension_priv_data_t epriv;
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- &epriv);
- if (ret < 0) /* it is ok not to have it */
- {
- return 0;
- }
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0) /* it is ok not to have it */
+ {
+ return 0;
+ }
if (epriv.num != DEFAULT_MAX_RECORD_SIZE)
- {
- len = 1;
- if (data_size < len)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- data[0] = (uint8_t) _gnutls_mre_record2num (epriv.num);
- return len;
- }
+ {
+ len = 1;
+ if (data_size < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] = (uint8_t) _gnutls_mre_record2num (epriv.num);
+ return len;
+ }
}
else
- { /* server side */
+ { /* server side */
if (session->security_parameters.max_record_recv_size !=
- DEFAULT_MAX_RECORD_SIZE)
- {
- len = 1;
- if (data_size < len)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- data[0] =
- (uint8_t)
- _gnutls_mre_record2num
- (session->security_parameters.max_record_recv_size);
- return len;
- }
+ DEFAULT_MAX_RECORD_SIZE)
+ {
+ len = 1;
+ if (data_size < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] =
+ (uint8_t)
+ _gnutls_mre_record2num
+ (session->security_parameters.max_record_recv_size);
+ return len;
+ }
}
static int
_gnutls_max_record_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+ extension_priv_data_t * _priv)
{
extension_priv_data_t epriv;
int ret;
epriv.num = size;
_gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- epriv);
+ epriv);
return 0;
}
static int _gnutls_sr_recv_params (gnutls_session_t state,
- const opaque * data, size_t data_size);
+ const opaque * data, size_t data_size);
static int _gnutls_sr_send_params (gnutls_session_t state,
- opaque * data, size_t);
+ opaque * data, size_t);
static void _gnutls_sr_deinit_data (extension_priv_data_t priv);
extension_entry_st ext_mod_sr = {
int
_gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
- size_t vdata_size, int dir)
+ size_t vdata_size, int dir)
{
int ret;
sr_ext_st *priv;
}
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
}
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret >= 0)
priv = epriv.ptr;
if (priv && priv->safe_renegotiation_received)
{
if ((priv->ri_extension_data_len < priv->client_verify_data_len) ||
- (memcmp (priv->ri_extension_data,
- priv->client_verify_data, priv->client_verify_data_len)))
- {
- gnutls_assert ();
- _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
+ (memcmp (priv->ri_extension_data,
+ priv->client_verify_data, priv->client_verify_data_len)))
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if ((priv->ri_extension_data_len !=
- priv->client_verify_data_len + priv->server_verify_data_len) ||
- memcmp (priv->ri_extension_data + priv->client_verify_data_len,
- priv->server_verify_data,
- priv->server_verify_data_len) != 0)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [2]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
- else /* Make sure there are 0 extra bytes */
- {
- if (priv->ri_extension_data_len != priv->client_verify_data_len)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [3]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
+ {
+ if ((priv->ri_extension_data_len !=
+ priv->client_verify_data_len + priv->server_verify_data_len) ||
+ memcmp (priv->ri_extension_data + priv->client_verify_data_len,
+ priv->server_verify_data,
+ priv->server_verify_data_len) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [2]\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+ else /* Make sure there are 0 extra bytes */
+ {
+ if (priv->ri_extension_data_len != priv->client_verify_data_len)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [3]\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
_gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n",
- session);
+ session);
}
- else /* safe renegotiation not received... */
+ else /* safe renegotiation not received... */
{
if (priv && priv->connection_using_safe_renegotiation)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Peer previously asked for safe renegotiation\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Peer previously asked for safe renegotiation\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
/* Clients can't tell if it's an initial negotiation */
if (session->internals.initial_negotiation_completed)
- {
- if (session->internals.priorities.sr < SR_PARTIAL)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
- return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
- }
- }
+ {
+ if (session->internals.priorities.sr < SR_PARTIAL)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
+ return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
+ }
+ }
else
- {
- if (session->internals.priorities.sr < SR_SAFE)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe initial negotiation\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
+ {
+ if (session->internals.priorities.sr < SR_SAFE)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe initial negotiation\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
}
return 0;
extension_priv_data_t epriv;
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
set = 1;
{
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
}
else
if (set != 0)
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
return 0;
}
extension_priv_data_t epriv;
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
set = 1;
{
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
}
else
if (set != 0)
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
return 0;
}
static int
_gnutls_sr_recv_params (gnutls_session_t session,
- const opaque * data, size_t _data_size)
+ const opaque * data, size_t _data_size)
{
int len = data[0];
ssize_t data_size = _data_size;
}
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER)
{
set = 1;
{
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
}
else
if (set != 0)
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
return 0;
}
static int
_gnutls_sr_send_params (gnutls_session_t session,
- opaque * data, size_t _data_size)
+ opaque * data, size_t _data_size)
{
/* The format of this extension is a one-byte length of verify data followed
* by the verify data itself. Note that the length byte does not include
}
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
set = 1;
{
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
}
else
priv = epriv.ptr;
DECR_LEN (data_size, priv->client_verify_data_len);
if (priv->client_verify_data_len > 0)
- memcpy (&data[1], priv->client_verify_data,
- priv->client_verify_data_len);
+ memcpy (&data[1], priv->client_verify_data,
+ priv->client_verify_data_len);
if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- data[0] += priv->server_verify_data_len;
+ {
+ data[0] += priv->server_verify_data_len;
- DECR_LEN (data_size, priv->server_verify_data_len);
+ DECR_LEN (data_size, priv->server_verify_data_len);
- if (priv->server_verify_data_len > 0)
- memcpy (&data[1 + priv->client_verify_data_len],
- priv->server_verify_data, priv->server_verify_data_len);
- }
+ if (priv->server_verify_data_len > 0)
+ memcpy (&data[1 + priv->client_verify_data_len],
+ priv->server_verify_data, priv->server_verify_data_len);
+ }
}
else
return 0;
- return 1 + data[0]; /* don't forget the length byte */
+ return 1 + data[0]; /* don't forget the length byte */
}
static void
extension_priv_data_t epriv;
ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
size_t client_verify_data_len;
uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
size_t server_verify_data_len;
- uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
+ uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
size_t ri_extension_data_len;
int safe_renegotiation_received:1;
extern extension_entry_st ext_mod_sr;
int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
- size_t vdata_size, int dir);
+ size_t vdata_size, int dir);
int _gnutls_ext_sr_recv_cs (gnutls_session_t session);
int _gnutls_ext_sr_verify (gnutls_session_t session);
int _gnutls_ext_sr_send_cs (gnutls_session_t);
#include <ext_server_name.h>
static int _gnutls_server_name_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data,
+ size_t data_size);
static int _gnutls_server_name_send_params (gnutls_session_t session,
- opaque * data, size_t);
+ opaque * data, size_t);
static int _gnutls_server_name_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
+ extension_priv_data_t * _priv);
static int _gnutls_server_name_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
+ gnutls_buffer_st * ps);
static void _gnutls_server_name_deinit_data (extension_priv_data_t priv);
*/
static int
_gnutls_server_name_recv_params (gnutls_session_t session,
- const opaque * data, size_t _data_size)
+ const opaque * data, size_t _data_size)
{
int i;
const unsigned char *p;
len = _gnutls_read_uint16 (data);
if (len != data_size)
- {
- /* This is unexpected packet length, but
- * just ignore it, for now.
- */
- gnutls_assert ();
- return 0;
- }
+ {
+ /* This is unexpected packet length, but
+ * just ignore it, for now.
+ */
+ gnutls_assert ();
+ return 0;
+ }
p = data + 2;
/* Count all server_names in the packet. */
while (data_size > 0)
- {
- DECR_LENGTH_RET (data_size, 1, 0);
- p++;
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- if (len > 0)
- {
- DECR_LENGTH_RET (data_size, len, 0);
- server_names++;
- p += len;
- }
- else
- _gnutls_handshake_log
- ("HSK[%p]: Received zero size server name (under attack?)\n",
- session);
-
- }
+ {
+ DECR_LENGTH_RET (data_size, 1, 0);
+ p++;
+
+ DECR_LEN (data_size, 2);
+ len = _gnutls_read_uint16 (p);
+ p += 2;
+
+ if (len > 0)
+ {
+ DECR_LENGTH_RET (data_size, len, 0);
+ server_names++;
+ p += len;
+ }
+ else
+ _gnutls_handshake_log
+ ("HSK[%p]: Received zero size server name (under attack?)\n",
+ session);
+
+ }
/* we cannot accept more server names.
*/
if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Too many server names received (under attack?)\n",
- session);
- server_names = MAX_SERVER_NAME_EXTENSIONS;
- }
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Too many server names received (under attack?)\n",
+ session);
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+ }
if (server_names == 0)
- return 0; /* no names found */
+ return 0; /* no names found */
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
priv->server_names_size = server_names;
p = data + 2;
for (i = 0; i < server_names; i++)
- {
- type = *p;
- p++;
-
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- switch (type)
- {
- case 0: /* NAME_DNS */
- if (len <= MAX_SERVER_NAME_SIZE)
- {
- memcpy (priv->server_names[i].name, p, len);
- priv->server_names[i].name_length = len;
- priv->server_names[i].type = GNUTLS_NAME_DNS;
- break;
- }
- }
-
- /* move to next record */
- p += len;
- }
+ {
+ type = *p;
+ p++;
+
+ len = _gnutls_read_uint16 (p);
+ p += 2;
+
+ switch (type)
+ {
+ case 0: /* NAME_DNS */
+ if (len <= MAX_SERVER_NAME_SIZE)
+ {
+ memcpy (priv->server_names[i].name, p, len);
+ priv->server_names[i].name_length = len;
+ priv->server_names[i].type = GNUTLS_NAME_DNS;
+ break;
+ }
+ }
+
+ /* move to next record */
+ p += len;
+ }
epriv.ptr = priv;
_gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- epriv);
+ epriv);
}
*/
static int
_gnutls_server_name_send_params (gnutls_session_t session,
- opaque * data, size_t _data_size)
+ opaque * data, size_t _data_size)
{
uint16_t len;
opaque *p;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
+ &epriv);
if (ret < 0)
return 0;
priv = epriv.ptr;
if (priv->server_names_size == 0)
- return 0;
+ return 0;
/* uint16_t
*/
total_size = 2;
for (i = 0; i < priv->server_names_size; i++)
- {
- /* count the total size
- */
- len = priv->server_names[i].name_length;
+ {
+ /* count the total size
+ */
+ len = priv->server_names[i].name_length;
- /* uint8_t + uint16_t + size
- */
- total_size += 1 + 2 + len;
- }
+ /* uint8_t + uint16_t + size
+ */
+ total_size += 1 + 2 + len;
+ }
p = data;
_gnutls_write_uint16 (total_size - 2, p);
p += 2;
for (i = 0; i < priv->server_names_size; i++)
- {
-
- switch (priv->server_names[i].type)
- {
- case GNUTLS_NAME_DNS:
- len = priv->server_names[i].name_length;
- if (len == 0)
- break;
-
- /* UINT8: type of this extension
- * UINT16: size of the first name
- * LEN: the actual server name.
- */
- DECR_LENGTH_RET (data_size, len + 3,
- GNUTLS_E_SHORT_MEMORY_BUFFER);
-
- *p = 0; /* NAME_DNS type */
- p++;
-
- _gnutls_write_uint16 (len, p);
- p += 2;
-
- memcpy (p, priv->server_names[i].name, len);
- p += len;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
+ {
+
+ switch (priv->server_names[i].type)
+ {
+ case GNUTLS_NAME_DNS:
+ len = priv->server_names[i].name_length;
+ if (len == 0)
+ break;
+
+ /* UINT8: type of this extension
+ * UINT16: size of the first name
+ * LEN: the actual server name.
+ */
+ DECR_LENGTH_RET (data_size, len + 3,
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
+
+ *p = 0; /* NAME_DNS type */
+ p++;
+
+ _gnutls_write_uint16 (len, p);
+ p += 2;
+
+ memcpy (p, priv->server_names[i].name, len);
+ p += len;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
}
return total_size;
**/
int
gnutls_server_name_get (gnutls_session_t session, void *data,
- size_t * data_length,
- unsigned int *type, unsigned int indx)
+ size_t * data_length,
+ unsigned int *type, unsigned int indx)
{
char *_data = data;
server_name_ext_st *priv;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
*type = priv->server_names[indx].type;
- if (*data_length > /* greater since we need one extra byte for the null */
+ if (*data_length > /* greater since we need one extra byte for the null */
priv->server_names[indx].name_length)
{
*data_length = priv->server_names[indx].name_length;
memcpy (data, priv->server_names[indx].name, *data_length);
- if (*type == GNUTLS_NAME_DNS) /* null terminate */
- _data[(*data_length)] = 0;
+ if (*type == GNUTLS_NAME_DNS) /* null terminate */
+ _data[(*data_length)] = 0;
}
else
**/
int
gnutls_server_name_set (gnutls_session_t session,
- gnutls_server_name_type_t type,
- const void *name, size_t name_length)
+ gnutls_server_name_type_t type,
+ const void *name, size_t name_length)
{
int server_names, ret;
server_name_ext_st *priv;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
+ &epriv);
if (ret < 0)
{
set = 1;
{
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
}
else
if (set != 0)
_gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- epriv);
+ epriv);
return 0;
}
{
BUFFER_APPEND_NUM (ps, priv->server_names[i].type);
BUFFER_APPEND_PFX (ps, priv->server_names[i].name,
- priv->server_names[i].name_length);
+ priv->server_names[i].name_length);
}
return 0;
}
static int
_gnutls_server_name_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+ extension_priv_data_t * _priv)
{
server_name_ext_st *priv;
int i, ret;
BUFFER_POP_NUM (ps, priv->server_names[i].type);
BUFFER_POP_NUM (ps, priv->server_names[i].name_length);
if (priv->server_names[i].name_length >
- sizeof (priv->server_names[i].name))
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ sizeof (priv->server_names[i].name))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
BUFFER_POP (ps, priv->server_names[i].name,
- priv->server_names[i].name_length);
+ priv->server_names[i].name_length);
}
epriv.ptr = priv;
#define MAC_SIZE 32
static int session_ticket_recv_params (gnutls_session_t session,
- const opaque * data, size_t data_size);
+ const opaque * data, size_t data_size);
static int session_ticket_send_params (gnutls_session_t session,
- opaque * data, size_t data_size);
+ opaque * data, size_t data_size);
static int session_ticket_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
+ extension_priv_data_t * _priv);
static int session_ticket_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
+ gnutls_buffer_st * ps);
static void session_ticket_deinit_data (extension_priv_data_t priv);
extension_entry_st ext_mod_session_ticket = {
static int
digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
- opaque * digest)
+ opaque * digest)
{
digest_hd_st digest_hd;
uint16_t length16;
int ret;
ret = _gnutls_hmac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
- key->size);
+ key->size);
if (ret < 0)
{
gnutls_assert ();
length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len);
_gnutls_hmac (&digest_hd, &length16, 2);
_gnutls_hmac (&digest_hd, ticket->encrypted_state,
- ticket->encrypted_state_len);
+ ticket->encrypted_state_len);
_gnutls_hmac_deinit (&digest_hd, digest);
return 0;
static int
decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
- struct ticket *ticket)
+ struct ticket *ticket)
{
cipher_hd_st cipher_hd;
gnutls_datum_t key, IV, mac_secret, state;
return ret;
}
ret = _gnutls_cipher_decrypt (&cipher_hd, ticket->encrypted_state,
- ticket->encrypted_state_len);
+ ticket->encrypted_state_len);
_gnutls_cipher_deinit (&cipher_hd);
if (ret < 0)
{
static int
encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
- struct ticket *ticket)
+ struct ticket *ticket)
{
cipher_hd_st cipher_hd;
gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
}
ret = _gnutls_cipher_encrypt (&cipher_hd, encrypted_state.data,
- encrypted_state.size);
+ encrypted_state.size);
_gnutls_cipher_deinit (&cipher_hd);
if (ret < 0)
{
static int
session_ticket_recv_params (gnutls_session_t session,
- const opaque * data, size_t _data_size)
+ const opaque * data, size_t _data_size)
{
ssize_t data_size = _data_size;
session_ticket_ext_st *priv = NULL;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
+ &epriv);
if (ret < 0)
{
return 0;
/* The client requested a new session ticket. */
if (data_size == 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
DECR_LEN (data_size, KEY_NAME_SIZE);
memcpy (ticket.key_name, data, KEY_NAME_SIZE);
/* If the key name of the ticket does not match the one that we
hold, issue a new ticket. */
if (memcmp (ticket.key_name, priv->key.key_name, KEY_NAME_SIZE))
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
DECR_LEN (data_size, IV_SIZE);
memcpy (ticket.IV, data, IV_SIZE);
ticket.encrypted_state = gnutls_malloc (ticket.encrypted_state_len);
if (!ticket.encrypted_state)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
memcpy (ticket.encrypted_state, encrypted_state,
- ticket.encrypted_state_len);
+ ticket.encrypted_state_len);
ret = decrypt_ticket (session, priv, &ticket);
gnutls_free (ticket.encrypted_state);
if (ret < 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
}
- else /* Client */
+ else /* Client */
{
if (data_size == 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
}
return 0;
*/
static int
session_ticket_send_params (gnutls_session_t session,
- opaque * data, size_t _data_size)
+ opaque * data, size_t _data_size)
{
ssize_t data_size = _data_size;
session_ticket_ext_st *priv = NULL;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
+ &epriv);
if (ret >= 0)
priv = epriv.ptr;
if (session->security_parameters.entity == GNUTLS_SERVER)
{
if (priv && priv->session_ticket_renew)
- {
- return GNUTLS_E_INT_RET_0;
- }
+ {
+ return GNUTLS_E_INT_RET_0;
+ }
}
else
{
ret =
- _gnutls_ext_get_resumed_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
+ _gnutls_ext_get_resumed_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret >= 0)
- priv = epriv.ptr;
+ priv = epriv.ptr;
/* no previous data. Just advertize it */
if (ret < 0)
- return GNUTLS_E_INT_RET_0;
+ return GNUTLS_E_INT_RET_0;
/* previous data had session tickets disabled. Don't advertize. Ignore. */
if (!priv->session_ticket_enable)
- return 0;
+ return 0;
if (priv->session_ticket_len > 0)
- {
- DECR_LENGTH_RET (data_size, priv->session_ticket_len,
- GNUTLS_E_SHORT_MEMORY_BUFFER);
- memcpy (data, priv->session_ticket, priv->session_ticket_len);
+ {
+ DECR_LENGTH_RET (data_size, priv->session_ticket_len,
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
+ memcpy (data, priv->session_ticket, priv->session_ticket_len);
- return priv->session_ticket_len;
- }
+ return priv->session_ticket_len;
+ }
}
return 0;
}
epriv.ptr = priv;
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
return 0;
}
**/
int
gnutls_session_ticket_enable_server (gnutls_session_t session,
- const gnutls_datum_t * key)
+ const gnutls_datum_t * key)
{
int ret;
session_ticket_ext_st *priv = NULL;
priv->session_ticket_enable = 1;
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
return 0;
}
if (again == 0)
{
ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret < 0)
- return 0;
+ return 0;
priv = epriv.ptr;
if (!priv->session_ticket_renew)
- return 0;
+ return 0;
/* XXX: Temporarily set write algorithms to be used.
_gnutls_write_connection_state_init() does this job, but it also
triggers encryption, while NewSessionTicket should not be
encrypted in the record layer. */
ret =
- _gnutls_epoch_set_keys (session,
- session->security_parameters.epoch_next);
+ _gnutls_epoch_set_keys (session,
+ session->security_parameters.epoch_next);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
session->security_parameters.epoch_write =
- session->security_parameters.epoch_next;
+ session->security_parameters.epoch_next;
ret = encrypt_ticket (session, priv, &ticket);
session->security_parameters.epoch_write = epoch_saved;
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len
- + MAC_SIZE;
+ + MAC_SIZE;
bufel =
- _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len);
+ _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len);
if (!bufel)
- {
- gnutls_assert ();
- gnutls_free (ticket.encrypted_state);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (ticket.encrypted_state);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
data = _mbuffer_get_udata_ptr (bufel);
p = data;
data_size = p - data;
}
ret = _gnutls_send_handshake (session, data_size ? bufel : NULL,
- GNUTLS_HANDSHAKE_NEW_SESSION_TICKET);
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET);
return ret;
}
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
return 0;
ret = _gnutls_recv_handshake (session, &data, &data_size,
- GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
- MANDATORY_PACKET);
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
+ MANDATORY_PACKET);
if (ret < 0)
{
gnutls_assert ();
/* Discard the current session ID. (RFC5077 3.4) */
ret = _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
+ &session->
+ security_parameters.session_id_size);
if (ret < 0)
{
gnutls_assert ();
#include <gnutls_algorithms.h>
static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data,
+ size_t data_size);
static int _gnutls_signature_algorithm_send_params (gnutls_session_t session,
- opaque * data, size_t);
+ opaque * data, size_t);
static void signature_algorithms_deinit_data (extension_priv_data_t priv);
static int signature_algorithms_pack (extension_priv_data_t epriv,
- gnutls_buffer_st * ps);
+ gnutls_buffer_st * ps);
static int signature_algorithms_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
+ extension_priv_data_t * _priv);
extension_entry_st ext_mod_sig = {
.name = "SIGNATURE ALGORITHMS",
*/
int
_gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data,
- size_t max_data_size)
+ size_t max_data_size)
{
opaque *p = data;
int len, i, j;
for (i = j = 0; i < len; i += 2, j++)
{
aid =
- _gnutls_sign_to_tls_aid (session->internals.priorities.
- sign_algo.priority[j]);
+ _gnutls_sign_to_tls_aid (session->internals.priorities.
+ sign_algo.priority[j]);
*p = aid.hash_algorithm;
p++;
*p = aid.sign_algorithm;
*/
int
_gnutls_sign_algorithm_parse_data (gnutls_session_t session,
- const opaque * data, size_t data_size)
+ const opaque * data, size_t data_size)
{
int sig, i;
sig_ext_st *priv;
sig = _gnutls_tls_aid_to_sign (&aid);
if (sig != GNUTLS_SIGN_UNKNOWN)
- {
- priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
- if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS)
- break;
- }
+ {
+ priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
+ if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS)
+ break;
+ }
}
epriv.ptr = priv;
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv);
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv);
return 0;
}
static int
_gnutls_signature_algorithm_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t _data_size)
+ const opaque * data,
+ size_t _data_size)
{
ssize_t data_size = _data_size;
int ret;
/* SERVER SIDE - we must check if the sent cert type is the right one
*/
if (data_size > 2)
- {
- uint16_t len;
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16 (data);
- DECR_LEN (data_size, len);
-
- ret = _gnutls_sign_algorithm_parse_data (session, data + 2, len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ uint16_t len;
+
+ DECR_LEN (data_size, 2);
+ len = _gnutls_read_uint16 (data);
+ DECR_LEN (data_size, len);
+
+ ret = _gnutls_sign_algorithm_parse_data (session, data + 2, len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
}
return 0;
*/
static int
_gnutls_signature_algorithm_send_params (gnutls_session_t session,
- opaque * data, size_t data_size)
+ opaque * data, size_t data_size)
{
int ret;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
&& _gnutls_version_has_selectable_sighash (ver))
{
if (session->internals.priorities.sign_algo.algorithms > 0)
- {
- ret =
- _gnutls_sign_algorithm_write_params (session, data, data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return ret;
- }
+ {
+ ret =
+ _gnutls_sign_algorithm_write_params (session, data, data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return ret;
+ }
}
/* if we are here it means we don't send the extension */
*/
gnutls_sign_algorithm_t
_gnutls_session_get_sign_algo (gnutls_session_t session,
- gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t * hash)
+ gnutls_pk_algorithm_t pk,
+ gnutls_digest_algorithm_t * hash)
{
unsigned i;
int ret;
ret =
_gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
priv = epriv.ptr;
if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver)
for (i = 0; i < priv->sign_algorithms_size; i++)
{
if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == pk)
- {
- *hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]);
- return priv->sign_algorithms[i];
- }
+ {
+ *hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]);
+ return priv->sign_algorithms[i];
+ }
}
return GNUTLS_SIGN_UNKNOWN;
*/
int
_gnutls_session_sign_algo_requested (gnutls_session_t session,
- gnutls_sign_algorithm_t sig)
+ gnutls_sign_algorithm_t sig)
{
unsigned i;
int ret, hash;
ret =
_gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
/* extension not received allow SHA1 and SHA256 */
hash = _gnutls_sign_get_hash_algorithm (sig);
if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256)
- return 0;
+ return 0;
else
- return ret;
+ return ret;
}
priv = epriv.ptr;
for (i = 0; i < priv->sign_algorithms_size; i++)
{
if (priv->sign_algorithms[i] == sig)
- {
- return 0; /* ok */
- }
+ {
+ return 0; /* ok */
+ }
}
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
*/
int
_gnutls_session_sign_algo_enabled (gnutls_session_t session,
- gnutls_sign_algorithm_t sig)
+ gnutls_sign_algorithm_t sig)
{
unsigned i;
int ret;
ret =
_gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
for (i = 0; i < session->internals.priorities.sign_algo.algorithms; i++)
{
if (session->internals.priorities.sign_algo.priority[i] == sig)
- {
- return 0; /* ok */
- }
+ {
+ return 0; /* ok */
+ }
}
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
static int
signature_algorithms_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+ extension_priv_data_t * _priv)
{
sig_ext_st *priv;
int i, ret;
**/
int
gnutls_sign_algorithm_get_requested (gnutls_session_t session,
- size_t indx,
- gnutls_sign_algorithm_t * algo)
+ size_t indx,
+ gnutls_sign_algorithm_t * algo)
{
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
sig_ext_st *priv;
ret =
_gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
extern extension_entry_st ext_mod_sig;
int _gnutls_session_sign_algo_requested (gnutls_session_t session,
- gnutls_sign_algorithm_t sig);
+ gnutls_sign_algorithm_t sig);
gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t
- session,
- gnutls_pk_algorithm_t
- pk,
- gnutls_digest_algorithm_t
- * hash);
+ session,
+ gnutls_pk_algorithm_t
+ pk,
+ gnutls_digest_algorithm_t
+ * hash);
int _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
- const opaque * data, size_t data_size);
+ const opaque * data, size_t data_size);
int _gnutls_sign_algorithm_write_params (gnutls_session_t session,
- opaque * data, size_t max_data_size);
+ opaque * data, size_t max_data_size);
int _gnutls_session_sign_algo_enabled (gnutls_session_t session,
- gnutls_sign_algorithm_t sig);
+ gnutls_sign_algorithm_t sig);
#endif
#include <gnutls_extensions.h>
static int _gnutls_srp_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
+ extension_priv_data_t * _priv);
static int _gnutls_srp_pack (extension_priv_data_t epriv,
- gnutls_buffer_st * ps);
+ gnutls_buffer_st * ps);
static void _gnutls_srp_deinit_data (extension_priv_data_t epriv);
static int _gnutls_srp_recv_params (gnutls_session_t state,
- const opaque * data, size_t data_size);
+ const opaque * data, size_t data_size);
static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data,
- size_t);
+ size_t);
extension_entry_st ext_mod_srp = {
.name = "SRP",
static int
_gnutls_srp_recv_params (gnutls_session_t session, const opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
uint8_t len;
ssize_t data_size = _data_size;
if (session->security_parameters.entity == GNUTLS_SERVER)
{
if (data_size > 0)
- {
- len = data[0];
- DECR_LEN (data_size, len);
-
- if (MAX_USERNAME_SIZE < len)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- priv->username = gnutls_malloc (len + 1);
- if (priv->username)
- {
- memcpy (priv->username, &data[1], len);
- /* null terminated */
- priv->username[len] = 0;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
- }
+ {
+ len = data[0];
+ DECR_LEN (data_size, len);
+
+ if (MAX_USERNAME_SIZE < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->username = gnutls_malloc (len + 1);
+ if (priv->username)
+ {
+ memcpy (priv->username, &data[1], len);
+ /* null terminated */
+ priv->username[len] = 0;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
+ }
}
return 0;
}
*/
static int
_gnutls_srp_send_params (gnutls_session_t session, opaque * data,
- size_t data_size)
+ size_t data_size)
{
unsigned len;
extension_priv_data_t epriv;
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
+ _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
if (cred == NULL)
- return 0;
+ return 0;
if (cred->username != NULL)
- { /* send username */
- len = MIN (strlen (cred->username), 255);
-
- if (data_size < len + 1)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- data[0] = (uint8_t) len;
- memcpy (&data[1], cred->username, len);
- return len + 1;
- }
+ { /* send username */
+ len = MIN (strlen (cred->username), 255);
+
+ if (data_size < len + 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] = (uint8_t) len;
+ memcpy (&data[1], cred->username, len);
+ return len + 1;
+ }
else if (cred->get_function != NULL)
- {
- /* Try the callback
- */
- char *username = NULL, *password = NULL;
-
- if (cred->get_function (session, &username, &password) < 0
- || username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- len = MIN (strlen (username), 255);
-
- if (data_size < len + 1)
- {
- gnutls_free (username);
- gnutls_free (password);
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- priv = gnutls_malloc (sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- priv->username = username;
- priv->password = password;
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
-
- data[0] = (uint8_t) len;
- memcpy (&data[1], username, len);
- return len + 1;
- }
+ {
+ /* Try the callback
+ */
+ char *username = NULL, *password = NULL;
+
+ if (cred->get_function (session, &username, &password) < 0
+ || username == NULL || password == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ len = MIN (strlen (username), 255);
+
+ if (data_size < len + 1)
+ {
+ gnutls_free (username);
+ gnutls_free (password);
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ priv = gnutls_malloc (sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->username = username;
+ priv->password = password;
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
+
+ data[0] = (uint8_t) len;
+ memcpy (&data[1], username, len);
+ return len + 1;
+ }
}
return 0;
}
{
case GNUTLS_CIPHER_AES_128_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES128,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES128,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
case GNUTLS_CIPHER_AES_192_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES192,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES192,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
case GNUTLS_CIPHER_AES_256_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES256,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES256,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
case GNUTLS_CIPHER_3DES_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_3DES,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_3DES,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
case GNUTLS_CIPHER_DES_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_DES,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_DES,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_ARCFOUR,
- GCRY_CIPHER_MODE_STREAM, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_ARCFOUR,
+ GCRY_CIPHER_MODE_STREAM, 0);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_RFC2268_40,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_RFC2268_40,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
#ifdef ENABLE_CAMELLIA
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256,
- GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256,
+ GCRY_CIPHER_MODE_CBC, 0);
break;
#endif
default:
static int
wrap_gcry_cipher_decrypt (void *ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize)
+ void *plain, size_t plainsize)
{
int err;
static int
wrap_gcry_cipher_encrypt (void *ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize)
+ void *encr, size_t encrsize)
{
int err;
const char *p;
if (gnutls_mutex_init != NULL)
- {
- gct.mutex_init = gnutls_mutex_init;
- gct.mutex_destroy = gnutls_mutex_deinit;
- gct.mutex_lock = gnutls_mutex_lock;
- gct.mutex_unlock = gnutls_mutex_unlock;
+ {
+ gct.mutex_init = gnutls_mutex_init;
+ gct.mutex_destroy = gnutls_mutex_deinit;
+ gct.mutex_lock = gnutls_mutex_lock;
+ gct.mutex_unlock = gnutls_mutex_unlock;
- gcry_control (GCRYCTL_SET_THREAD_CBS, &gct);
- }
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gct);
+ }
p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION);
if (p == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n",
- gcry_check_version (NULL),
- GNUTLS_MIN_LIBGCRYPT_VERSION);
- return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
- }
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n",
+ gcry_check_version (NULL),
+ GNUTLS_MIN_LIBGCRYPT_VERSION);
+ return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
+ }
/* for gcrypt in order to be able to allocate memory */
gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);
unsigned int len = gcry_md_get_algo_dlen (gcry_md_get_algo (src_ctx));
if (len <= digestsize && digest != NULL)
- memcpy (digest, _digest, len);
+ memcpy (digest, _digest, len);
return 0;
}
*/
static bigint_t
wrap_gcry_mpi_scan (const void *buffer, size_t nbytes,
- gnutls_bigint_format_t format)
+ gnutls_bigint_format_t format)
{
gcry_mpi_t ret_mpi = NULL;
int ret;
static int
wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
- gnutls_bigint_format_t format)
+ gnutls_bigint_format_t format)
{
int ret;
size_t init_bytes = *nbytes;
if (!ret)
{
if (buffer == NULL || init_bytes < *nbytes)
- {
-
- /* in STD format we may want to include
- * an extra byte for zero. Sometimes the gcry_
- * function doesn't add it.
- */
- if (format == GNUTLS_MPI_FORMAT_STD)
- (*nbytes)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+
+ /* in STD format we may want to include
+ * an extra byte for zero. Sometimes the gcry_
+ * function doesn't add it.
+ */
+ if (format == GNUTLS_MPI_FORMAT_STD)
+ (*nbytes)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
return 0;
}
static bigint_t
wrap_gcry_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = _gnutls_mpi_alloc_like (m);
static bigint_t
wrap_gcry_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = _gnutls_mpi_alloc_like (m);
static bigint_t
wrap_gcry_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = _gnutls_mpi_alloc_like (m);
static bigint_t
wrap_gcry_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = _gnutls_mpi_alloc_like (m);
qbits = (bits / 40) + 105;
}
- if (qbits & 1) /* better have an even number */
+ if (qbits & 1) /* better have an even number */
qbits++;
/* find a prime number of size bits.
do
{
if (times)
- {
- gcry_mpi_release (prime);
- gcry_prime_release_factors (factors);
- }
+ {
+ gcry_mpi_release (prime);
+ gcry_prime_release_factors (factors);
+ }
err = gcry_prime_generate (&prime, bits, qbits, &factors,
- NULL, NULL, GCRY_STRONG_RANDOM,
- GCRY_PRIME_FLAG_SPECIAL_FACTOR);
+ NULL, NULL, GCRY_STRONG_RANDOM,
+ GCRY_PRIME_FLAG_SPECIAL_FACTOR);
if (err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
err = gcry_prime_check (prime, 0);
*/
int (*generate) (gnutls_pk_algorithm_t, unsigned int level /*bits */ ,
- gnutls_pk_params_st *);
+ gnutls_pk_params_st *);
static int
_wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pk_params)
+ gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pk_params)
{
gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL;
int rc = -1;
{
case GNUTLS_PK_RSA:
if (pk_params->params_nr >= 2)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pk_params->params[0], pk_params->params[1]);
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pk_params->params[0], pk_params->params[1]);
break;
default:
static int
_wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * pk_params)
+ gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * pk_params)
{
gcry_sexp_t s_plain = NULL, s_data = NULL, s_pkey = NULL;
int rc = -1;
{
case GNUTLS_PK_RSA:
if (pk_params->params_nr >= 6)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3],
- pk_params->params[4], pk_params->params[5]);
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3],
+ pk_params->params[4], pk_params->params[5]);
break;
default:
*/
static int
_wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
- const gnutls_datum_t * vdata,
- const gnutls_pk_params_st * pk_params)
+ const gnutls_datum_t * vdata,
+ const gnutls_pk_params_st * pk_params)
{
gcry_sexp_t s_hash = NULL, s_key = NULL, s_sig = NULL;
gcry_sexp_t list = NULL;
{
case GNUTLS_PK_DSA:
if (pk_params->params_nr >= 5)
- rc = gcry_sexp_build (&s_key, NULL,
- "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3],
- pk_params->params[4]);
+ rc = gcry_sexp_build (&s_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3],
+ pk_params->params[4]);
else
- {
- gnutls_assert ();
- }
+ {
+ gnutls_assert ();
+ }
break;
case GNUTLS_PK_RSA:
if (pk_params->params_nr >= 6)
- rc = gcry_sexp_build (&s_key, NULL,
- "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3],
- pk_params->params[4], pk_params->params[5]);
+ rc = gcry_sexp_build (&s_key, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3],
+ pk_params->params[4], pk_params->params[5]);
else
- {
- gnutls_assert ();
- }
+ {
+ gnutls_assert ();
+ }
break;
default:
{
case GNUTLS_PK_DSA:
{
- list = gcry_sexp_find_token (s_sig, "r", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- res[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (s_sig, "s", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- res[1] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ list = gcry_sexp_find_token (s_sig, "r", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ res[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (s_sig, "s", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ res[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
break;
case GNUTLS_PK_RSA:
{
- list = gcry_sexp_find_token (s_sig, "s", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- res[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- ret = _gnutls_mpi_dprint (res[0], signature);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ list = gcry_sexp_find_token (s_sig, "s", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ res[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ ret = _gnutls_mpi_dprint (res[0], signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
break;
static int
_wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
- const gnutls_datum_t * vdata,
- const gnutls_datum_t * signature,
- const gnutls_pk_params_st * pk_params)
+ const gnutls_datum_t * vdata,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pk_params)
{
gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
int rc = -1, ret;
{
case GNUTLS_PK_DSA:
if (pk_params->params_nr >= 4)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3]);
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3]);
break;
case GNUTLS_PK_RSA:
if (pk_params->params_nr >= 2)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pk_params->params[0], pk_params->params[1]);
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pk_params->params[0], pk_params->params[1]);
break;
default:
case GNUTLS_PK_DSA:
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
rc = gcry_sexp_build (&s_sig, NULL,
- "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]);
+ "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]);
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
break;
case GNUTLS_PK_RSA:
ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", tmp[0]);
_gnutls_mpi_release (&tmp[0]);
break;
static int
wrap_gcry_pk_generate_params (gnutls_pk_algorithm_t algo,
- unsigned int level /*bits */ ,
- gnutls_pk_params_st * params)
+ unsigned int level /*bits */ ,
+ gnutls_pk_params_st * params)
{
switch (algo)
case GNUTLS_PK_DSA:
params->params_nr = DSA_PRIVATE_PARAMS;
if (params->params_nr > GNUTLS_MAX_PK_PARAMS)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
return _dsa_generate_params (params->params, ¶ms->params_nr, level);
case GNUTLS_PK_RSA:
params->params_nr = RSA_PRIVATE_PARAMS;
if (params->params_nr > GNUTLS_MAX_PK_PARAMS)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
return _rsa_generate_params (params->params, ¶ms->params_nr, level);
default:
static int
wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo,
- gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+ gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
{
int ret, result;
_gnutls_mpi_release (¶ms->params[7]);
result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
ret =
- gcry_mpi_invm (params->params[5], params->params[3],
- params->params[4]);
+ gcry_mpi_invm (params->params[5], params->params[3],
+ params->params[4]);
params->params_nr = RSA_PRIVATE_PARAMS;
}
**/
int
gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
- gnutls_alert_description_t desc)
+ gnutls_alert_description_t desc)
{
uint8_t data[2];
int ret;
if (name == NULL)
name = "(unknown)";
_gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0],
- data[1], name);
+ data[1], name);
if ((ret =
_gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data,
- 2, MBUFFER_FLUSH)) >= 0)
+ 2, MBUFFER_FLUSH)) >= 0)
return 0;
else
return ret;
int ret, _level = -1;
switch (err)
- { /* send appropriate alert */
+ { /* send appropriate alert */
case GNUTLS_E_DECRYPTION_FAILED:
/* GNUTLS_A_DECRYPTION_FAILED is not sent, because
* it is not defined in SSL3. Note that we must
{
const char *name;
gnutls_sec_param_t sec_param;
- int bits; /* security level */
- int pk_bits; /* DH, RSA, SRP */
- int dsa_bits; /* bits for DSA. Handled differently since
- * choice of key size in DSA is political.
- */
- int subgroup_bits; /* subgroup bits */
- int ecc_bits; /* bits for ECC keys */
+ int bits; /* security level */
+ int pk_bits; /* DH, RSA, SRP */
+ int dsa_bits; /* bits for DSA. Handled differently since
+ * choice of key size in DSA is political.
+ */
+ int subgroup_bits; /* subgroup bits */
+ int ecc_bits; /* bits for ECC keys */
} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
{
gnutls_kx_algorithm_t algorithm;
gnutls_credentials_type_t client_type;
- gnutls_credentials_type_t server_type; /* The type of credentials a server
- * needs to set */
+ gnutls_credentials_type_t server_type; /* The type of credentials a server
+ * needs to set */
} gnutls_cred_map;
static const gnutls_cred_map cred_mappings[] = {
{
gnutls_kx_algorithm_t kx_algorithm;
gnutls_pk_algorithm_t pk_algorithm;
- enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
- * for encryption, CIPHER_SIGN if signature only,
- * CIPHER_IGN if this does not apply at all.
- *
- * This is useful to certificate cipher suites, which check
- * against the certificate key usage bits.
- */
+ enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
+ * for encryption, CIPHER_SIGN if signature only,
+ * CIPHER_IGN if this does not apply at all.
+ *
+ * This is useful to certificate cipher suites, which check
+ * against the certificate key usage bits.
+ */
} gnutls_pk_map;
/* This table maps the Key exchange algorithms to
typedef struct
{
const char *name;
- gnutls_protocol_t id; /* gnutls internal version number */
- int major; /* defined by the protocol */
- int minor; /* defined by the protocol */
- int supported; /* 0 not supported, > 0 is supported */
+ gnutls_protocol_t id; /* gnutls internal version number */
+ int major; /* defined by the protocol */
+ int minor; /* defined by the protocol */
+ int supported; /* 0 not supported, > 0 is supported */
} gnutls_version_entry;
static const gnutls_version_entry sup_versions[] = {
uint16_t keysize;
cipher_type_t block;
uint16_t iv;
- int export_flag; /* 0 non export */
+ int export_flag; /* 0 non export */
};
typedef struct gnutls_cipher_entry gnutls_cipher_entry;
const char *name;
const char *oid;
gnutls_mac_algorithm_t id;
- size_t key_size; /* in case of mac */
+ size_t key_size; /* in case of mac */
};
typedef struct gnutls_hash_entry gnutls_hash_entry;
{"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32},
{"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48},
{"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */
{"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
{"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0},
{0, 0, 0, 0}
gnutls_cipher_algorithm_t block_algorithm;
gnutls_kx_algorithm_t kx_algorithm;
gnutls_mac_algorithm_t mac_algorithm;
- gnutls_protocol_t min_version; /* this cipher suite is supported
- * from 'version' and above;
- */
- gnutls_protocol_t max_version; /* this cipher suite is not supported after that */
+ gnutls_protocol_t min_version; /* this cipher suite is supported
+ * from 'version' and above;
+ */
+ gnutls_protocol_t max_version; /* this cipher suite is not supported after that */
} gnutls_cipher_suite_entry;
/* RSA with NULL cipher and MD5 MAC
static const gnutls_cipher_suite_entry cs_algorithms[] = {
/* ANON_DH */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
- GNUTLS_SSL3, GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
/* PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
/* DHE-PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
/* SRP */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
/* DHE_DSS */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
/* DHE_RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
/* RSA-NULL */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA256,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
/* RSA-EXPORT */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
- GNUTLS_CIPHER_ARCFOUR_40,
- GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
- GNUTLS_SSL3, GNUTLS_TLS1_0),
+ GNUTLS_CIPHER_ARCFOUR_40,
+ GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_TLS1_0),
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST,
- GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN,
- GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN,
+ GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
{0, {{0, 0}}, 0, 0, 0, 0, 0}
};
int
_gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm)
-{ /* actually returns the priority */
+ gnutls_mac_algorithm_t algorithm)
+{ /* actually returns the priority */
unsigned int i;
for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
{
if (session->internals.priorities.mac.priority[i] == algorithm)
- return i;
+ return i;
}
return -1;
}
gnutls_mac_algorithm_t ret = 0;
GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = p->id; break;}
+ {
+ ret = p->id; break;}
);
if (ret == 0)
/* returns the priority */
int
_gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t algorithm)
+ gnutls_cipher_algorithm_t algorithm)
{
unsigned int i;
for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
{
if (session->internals.priorities.cipher.priority[i] == algorithm)
- return i;
+ return i;
}
return -1;
}
**/
size_t
gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
-{ /* In bytes */
+{ /* In bytes */
size_t ret = 0;
GNUTLS_ALG_LOOP (ret = p->keysize);
return ret;
int
_gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
-{ /* In bytes */
+{ /* In bytes */
size_t ret = 0;
GNUTLS_ALG_LOOP (ret = p->iv);
return ret;
int
_gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm)
-{ /* In bytes */
+{ /* In bytes */
size_t ret = 0;
GNUTLS_ALG_LOOP (ret = p->export_flag);
return ret;
int
_gnutls_kx_priority (gnutls_session_t session,
- gnutls_kx_algorithm_t algorithm)
+ gnutls_kx_algorithm_t algorithm)
{
unsigned int i;
for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
{
if (session->internals.priorities.kx.priority[i] == algorithm)
- return i;
+ return i;
}
return -1;
}
/* Version */
int
_gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
-{ /* actually returns the priority */
+{ /* actually returns the priority */
unsigned int i;
for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
{
if (session->internals.priorities.protocol.priority[i] == version)
- return i;
+ return i;
}
return -1;
}
gnutls_protocol_t
_gnutls_version_lowest (gnutls_session_t session)
-{ /* returns the lowest version supported */
+{ /* returns the lowest version supported */
unsigned int i, min = 0xff;
for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
{
if (session->internals.priorities.protocol.priority[i] < min)
- min = session->internals.priorities.protocol.priority[i];
+ min = session->internals.priorities.protocol.priority[i];
}
if (min == 0xff)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
return min;
}
gnutls_protocol_t
_gnutls_version_max (gnutls_session_t session)
-{ /* returns the maximum version supported */
+{ /* returns the maximum version supported */
unsigned int i, max = 0x00;
for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
{
if (session->internals.priorities.protocol.priority[i] > max)
- max = session->internals.priorities.protocol.priority[i];
+ max = session->internals.priorities.protocol.priority[i];
}
if (max == 0x00)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
return max;
}
int ret = -1;
GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
- ret = p->id);
+ ret = p->id);
return ret;
}
int
_gnutls_version_is_supported (gnutls_session_t session,
- const gnutls_protocol_t version)
+ const gnutls_protocol_t version)
{
int ret = 0;
return 0;
if (_gnutls_version_priority (session, version) < 0)
- return 0; /* disabled by the user */
+ return 0; /* disabled by the user */
else
return 1;
}
if (server)
{
GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->server_type);
+ p->server_type);
}
else
{
GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->client_type);
+ p->client_type);
}
return ret;
gnutls_protocol_t
_gnutls_cipher_suite_is_version_supported (const cipher_suite_st * suite,
- gnutls_protocol_t version)
+ gnutls_protocol_t version)
{
int ret = 0;
GNUTLS_CIPHER_SUITE_ALG_LOOP ((version >= p->min_version
- && version <= p->max_version) ? (ret =
- 1) : (ret =
- 0));
+ && version <= p->max_version) ? (ret =
+ 1) : (ret =
+ 0));
return ret;
}
gnutls_mac_algorithm_t
_gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite)
-{ /* In bytes */
+{ /* In bytes */
int ret = 0;
GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
return ret;
**/
const char *
gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm)
{
const char *ret = NULL;
/* avoid prefix */
GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm == p->kx_algorithm &&
- cipher_algorithm == p->block_algorithm &&
- mac_algorithm == p->mac_algorithm)
- ret = p->name + sizeof ("GNUTLS_") - 1);
+ cipher_algorithm == p->block_algorithm &&
+ mac_algorithm == p->mac_algorithm)
+ ret = p->name + sizeof ("GNUTLS_") - 1);
return ret;
}
**/
const char *
gnutls_cipher_suite_info (size_t idx,
- char *cs_id,
- gnutls_kx_algorithm_t * kx,
- gnutls_cipher_algorithm_t * cipher,
- gnutls_mac_algorithm_t * mac,
- gnutls_protocol_t * min_version)
+ char *cs_id,
+ gnutls_kx_algorithm_t * kx,
+ gnutls_cipher_algorithm_t * cipher,
+ gnutls_mac_algorithm_t * mac,
+ gnutls_protocol_t * min_version)
{
if (idx >= CIPHER_SUITES_COUNT)
return NULL;
#define MAX_ELEM_SIZE 4
static inline int
_gnutls_partition (gnutls_session_t session, void *_base,
- size_t nmemb, size_t size,
- int (*compar) (gnutls_session_t,
- const void *, const void *))
+ size_t nmemb, size_t size,
+ int (*compar) (gnutls_session_t,
+ const void *, const void *))
{
uint8_t *base = _base;
uint8_t tmp[MAX_ELEM_SIZE];
i = pivot = 0;
j = full = (nmemb - 1) * size;
- memcpy (ptmp, &base[0], size); /* set pivot item */
+ memcpy (ptmp, &base[0], size); /* set pivot item */
while (i < j)
{
while ((compar (session, &base[i], ptmp) <= 0) && (i < full))
- {
- i += size;
- }
+ {
+ i += size;
+ }
while ((compar (session, &base[j], ptmp) >= 0) && (j > 0))
- j -= size;
+ j -= size;
if (i < j)
- {
- SWAP (&base[j], &base[i]);
- }
+ {
+ SWAP (&base[j], &base[i]);
+ }
}
if (j > pivot)
static void
_gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb,
- size_t size, int (*compar) (gnutls_session_t, const void *,
- const void *))
+ size_t size, int (*compar) (gnutls_session_t, const void *,
+ const void *))
{
unsigned int pivot;
char *base = _base;
pivot = _gnutls_partition (session, _base, nmemb, size, compar);
_gnutls_qsort (session, base, pivot < nmemb ? pivot + 1 : pivot, size,
- compar);
+ compar);
_gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1,
- size, compar);
+ size, compar);
}
*/
static int
_gnutls_compare_algo (gnutls_session_t session, const void *i_A1,
- const void *i_A2)
+ const void *i_A2)
{
gnutls_kx_algorithm_t kA1 =
_gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1);
else
{
if (p1 == p2)
- {
- return 0;
- }
+ {
+ return 0;
+ }
return -1;
}
}
#ifdef SORT_DEBUG
static void
_gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb,
- size_t size, int (*compar) (gnutls_session_t, const void *,
- const void *))
+ size_t size, int (*compar) (gnutls_session_t, const void *,
+ const void *))
{
unsigned int i, j;
int full = nmemb * size;
for (i = 0; i < full; i += size)
{
for (j = 0; j < full; j += size)
- {
- if (compar (session, &base[i], &base[j]) < 0)
- {
- SWAP (&base[j], &base[i]);
- }
- }
+ {
+ if (compar (session, &base[i], &base[j]) < 0)
+ {
+ SWAP (&base[j], &base[i]);
+ }
+ }
}
}
int
_gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
- cipher_suite_st ** ciphers)
+ cipher_suite_st ** ciphers)
{
#ifdef SORT_DEBUG
_gnutls_debug_log ("Unsorted: \n");
for (i = 0; i < count; i++)
_gnutls_debug_log ("\t%d: %s\n", i,
- _gnutls_cipher_suite_get_name ((*ciphers)[i]));
+ _gnutls_cipher_suite_get_name ((*ciphers)[i]));
#endif
_gnutls_qsort (session, *ciphers, count,
- sizeof (cipher_suite_st), _gnutls_compare_algo);
+ sizeof (cipher_suite_st), _gnutls_compare_algo);
#ifdef SORT_DEBUG
_gnutls_debug_log ("Sorted: \n");
for (i = 0; i < count; i++)
_gnutls_debug_log ("\t%d: %s\n", i,
- _gnutls_cipher_suite_get_name ((*ciphers)[i]));
+ _gnutls_cipher_suite_get_name ((*ciphers)[i]));
#endif
return count;
int
_gnutls_supported_ciphersuites (gnutls_session_t session,
- cipher_suite_st ** _ciphers)
+ cipher_suite_st ** _ciphers)
{
unsigned int i, ret_count, j;
for (i = 0; i < count; i++)
{
memcpy (&tmp_ciphers[i], &cs_algorithms[i].id,
- sizeof (cipher_suite_st));
+ sizeof (cipher_suite_st));
}
for (i = j = 0; i < count; i++)
/* remove private cipher suites, if requested.
*/
if (tmp_ciphers[i].suite[0] == 0xFF &&
- session->internals.enable_private == 0)
- continue;
+ session->internals.enable_private == 0)
+ continue;
/* remove cipher suites which do not support the
* protocol version used.
*/
if (_gnutls_cipher_suite_is_version_supported (&tmp_ciphers[i], version)
- == 0)
- continue;
+ == 0)
+ continue;
if (_gnutls_kx_priority
- (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0)
- continue;
+ (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0)
+ continue;
if (_gnutls_mac_priority
- (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0)
- continue;
+ (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0)
+ continue;
if (_gnutls_cipher_priority
- (session,
- _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0)
- continue;
+ (session,
+ _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0)
+ continue;
memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st));
j++;
ret_count = j;
-#if 0 /* expensive */
+#if 0 /* expensive */
if (ret_count > 0 && ret_count != count)
{
ciphers =
- gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st));
+ gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st));
}
else
{
if (ret_count != count)
- {
- gnutls_free (ciphers);
- ciphers = NULL;
- }
+ {
+ gnutls_free (ciphers);
+ ciphers = NULL;
+ }
}
#endif
gnutls_sign_algorithm_t ret = 0;
GNUTLS_SIGN_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = p->id; break;}
+ {
+ ret = p->id; break;}
);
if (ret == 0)
gnutls_sign_algorithm_t ret = 0;
GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac)
- {
- ret = p->id; break;}
+ {
+ ret = p->id; break;}
);
if (ret == 0)
const char *
_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
- gnutls_mac_algorithm_t mac)
+ gnutls_mac_algorithm_t mac)
{
gnutls_sign_algorithm_t sign;
const char *ret = NULL;
gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm
- && p->aid.sign_algorithm == aid->sign_algorithm)
- {
- ret = p->id; break;}
+ && p->aid.sign_algorithm == aid->sign_algorithm)
+ {
+ ret = p->id; break;}
);
return ret;
/* having duplicate entries is ok, as long as the one
* we want to return OID from is first */
{"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
- {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
- {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
- {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
+ {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
+ {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
{"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
{"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
{"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
for (p = pk_algorithms; p->name != NULL; p++)
if (p->id == algorithm)
{
- ret = p->name;
- break;
+ ret = p->name;
+ break;
}
return ret;
for (p = pk_algorithms; p->name != NULL; p++)
if (name && strcmp (p->name, name) == 0)
{
- ret = p->id;
- break;
+ ret = p->id;
+ break;
}
return ret;
for (p = pk_algorithms; p->name != NULL; p++)
if (algorithm == p->id)
{
- ret = p->name;
- break;
+ ret = p->name;
+ break;
}
return ret;
for (p = pk_algorithms; p->name != NULL; p++)
if (p->oid && strcmp (p->oid, oid) == 0)
{
- ret = p->id;
- break;
+ ret = p->id;
+ break;
}
return ret;
for (p = pk_algorithms; p->name != NULL; p++)
if (p->id == algorithm)
{
- ret = p->oid;
- break;
+ ret = p->oid;
+ break;
}
return ret;
**/
unsigned int
gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
- gnutls_sec_param_t param)
+ gnutls_sec_param_t param)
{
unsigned int ret = 0;
if (algo == GNUTLS_PK_DSA)
{
GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- ret = p->dsa_bits; break;}
+ {
+ ret = p->dsa_bits; break;}
);
return ret;
}
GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- ret = p->pk_bits; break;}
+ {
+ ret = p->pk_bits; break;}
);
return ret;
unsigned int ret = 0;
GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits)
- {
- ret = p->subgroup_bits; break;}
+ {
+ ret = p->subgroup_bits; break;}
);
return ret;
const char *ret = "Unknown";
GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- ret = p->name; break;}
+ {
+ ret = p->name; break;}
);
return ret;
gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK;
GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits)
- {
- break;}
- ret = p->sec_param;);
+ {
+ break;}
+ ret = p->sec_param;);
return ret;
}
gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session);
gnutls_protocol_t _gnutls_version_max (gnutls_session_t session);
int _gnutls_version_priority (gnutls_session_t session,
- gnutls_protocol_t version);
+ gnutls_protocol_t version);
int _gnutls_version_is_supported (gnutls_session_t session,
- const gnutls_protocol_t version);
+ const gnutls_protocol_t version);
int _gnutls_version_get_major (gnutls_protocol_t ver);
int _gnutls_version_get_minor (gnutls_protocol_t ver);
gnutls_protocol_t _gnutls_version_get (int major, int minor);
/* Functions for cipher suites. */
int _gnutls_supported_ciphersuites (gnutls_session_t session,
- cipher_suite_st ** ciphers);
+ cipher_suite_st ** ciphers);
int _gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
- cipher_suite_st ** ciphers);
+ cipher_suite_st ** ciphers);
const char *_gnutls_cipher_suite_get_name (cipher_suite_st * algorithm);
gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo (const
- cipher_suite_st
- * algorithm);
+ cipher_suite_st
+ * algorithm);
gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
- * algorithm);
+ * algorithm);
gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
- cipher_suite_st *
- algorithm);
+ cipher_suite_st *
+ algorithm);
gnutls_protocol_t _gnutls_cipher_suite_is_version_supported (const
- cipher_suite_st *
- algorithm,
- gnutls_protocol_t);
+ cipher_suite_st *
+ algorithm,
+ gnutls_protocol_t);
cipher_suite_st _gnutls_cipher_suite_get_suite_name (cipher_suite_st *
- algorithm);
+ algorithm);
/* Functions for ciphers. */
int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm);
/* Type to KX mappings. */
gnutls_kx_algorithm_t _gnutls_map_kx_get_kx (gnutls_credentials_type_t type,
- int server);
+ int server);
gnutls_credentials_type_t _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t
- algorithm, int server);
+ algorithm, int server);
/* KX to PK mapping. */
gnutls_pk_algorithm_t _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t
- kx_algorithm);
+ kx_algorithm);
gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm (const char *oid);
const char *_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t pk);
/* Functions for sign algorithms. */
gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
- gnutls_mac_algorithm_t mac);
+ gnutls_mac_algorithm_t mac);
gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
- gnutls_mac_algorithm_t mac);
+ gnutls_mac_algorithm_t mac);
gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st *
- aid);
+ aid);
sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
gnutls_mac_algorithm_t
_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t);
gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
int _gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm);
+ gnutls_mac_algorithm_t algorithm);
int _gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t algorithm);
+ gnutls_cipher_algorithm_t algorithm);
int _gnutls_kx_priority (gnutls_session_t session,
- gnutls_kx_algorithm_t algorithm);
+ gnutls_kx_algorithm_t algorithm);
unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits);
**/
int
gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
- sc)
+ sc)
{
*sc = gnutls_calloc (1, sizeof (anon_server_credentials_st));
**/
int
gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t *
- sc)
+ sc)
{
/* anon_dummy is only there for *sc not to be null.
* it is not used at all;
**/
void
gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
- gnutls_dh_params_t dh_params)
+ gnutls_dh_params_t dh_params)
{
res->dh_params = dh_params;
}
**/
void
gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t res,
- gnutls_params_function * func)
+ gnutls_params_function * func)
{
res->params_func = func;
}
gnutls_credentials_clear (gnutls_session_t session)
{
if (session->key && session->key->cred)
- { /* beginning of the list */
+ { /* beginning of the list */
auth_cred_st *ccred, *ncred;
ccred = session->key->cred;
while (ccred != NULL)
- {
- ncred = ccred->next;
- gnutls_free (ccred);
- ccred = ncred;
- }
+ {
+ ncred = ccred->next;
+ gnutls_free (ccred);
+ ccred = ncred;
+ }
session->key->cred = NULL;
}
}
**/
int
gnutls_credentials_set (gnutls_session_t session,
- gnutls_credentials_type_t type, void *cred)
+ gnutls_credentials_type_t type, void *cred)
{
auth_cred_st *ccred = NULL, *pcred = NULL;
int exists = 0;
if (session->key->cred == NULL)
- { /* beginning of the list */
+ { /* beginning of the list */
session->key->cred = gnutls_malloc (sizeof (auth_cred_st));
if (session->key->cred == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
/* copy credentials locally */
session->key->cred->credentials = cred;
{
ccred = session->key->cred;
while (ccred != NULL)
- {
- if (ccred->algorithm == type)
- {
- exists = 1;
- break;
- }
- pcred = ccred;
- ccred = ccred->next;
- }
+ {
+ if (ccred->algorithm == type)
+ {
+ exists = 1;
+ break;
+ }
+ pcred = ccred;
+ ccred = ccred->next;
+ }
/* After this, pcred is not null.
*/
if (exists == 0)
- { /* new entry */
- pcred->next = gnutls_malloc (sizeof (auth_cred_st));
- if (pcred->next == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ { /* new entry */
+ pcred->next = gnutls_malloc (sizeof (auth_cred_st));
+ if (pcred->next == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- ccred = pcred->next;
+ ccred = pcred->next;
- /* copy credentials locally */
- ccred->credentials = cred;
+ /* copy credentials locally */
+ ccred->credentials = cred;
- ccred->next = NULL;
- ccred->algorithm = type;
- }
+ ccred->next = NULL;
+ ccred->algorithm = type;
+ }
else
- { /* modify existing entry */
- ccred->credentials = cred;
- }
+ { /* modify existing entry */
+ ccred->credentials = cred;
+ }
}
return 0;
return
_gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite),
- server);
+ (&session->
+ security_parameters.current_cipher_suite),
+ server);
}
/**
{
return
_gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite), 1);
+ (&session->
+ security_parameters.current_cipher_suite), 1);
}
/**
{
return
_gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite), 0);
+ (&session->
+ security_parameters.current_cipher_suite), 0);
}
*/
const void *
_gnutls_get_kx_cred (gnutls_session_t session,
- gnutls_kx_algorithm_t algo, int *err)
+ gnutls_kx_algorithm_t algo, int *err)
{
int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
return _gnutls_get_cred (session->key,
- _gnutls_map_kx_get_cred (algo, server), err);
+ _gnutls_map_kx_get_cred (algo, server), err);
}
const void *
while (ccred != NULL)
{
if (ccred->algorithm == type)
- {
- break;
- }
+ {
+ break;
+ }
ccred = ccred->next;
}
if (ccred == NULL)
break;
case GNUTLS_CRD_ANON:
{
- anon_auth_info_t info = _gnutls_get_auth_info (session);
+ anon_auth_info_t info = _gnutls_get_auth_info (session);
- if (info == NULL)
- break;
+ if (info == NULL)
+ break;
- dh_info = &info->dh;
- _gnutls_free_dh_info (dh_info);
+ dh_info = &info->dh;
+ _gnutls_free_dh_info (dh_info);
}
break;
case GNUTLS_CRD_PSK:
{
- psk_auth_info_t info = _gnutls_get_auth_info (session);
+ psk_auth_info_t info = _gnutls_get_auth_info (session);
- if (info == NULL)
- break;
+ if (info == NULL)
+ break;
- dh_info = &info->dh;
- _gnutls_free_dh_info (dh_info);
+ dh_info = &info->dh;
+ _gnutls_free_dh_info (dh_info);
}
break;
case GNUTLS_CRD_CERTIFICATE:
{
- unsigned int i;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
+ unsigned int i;
+ cert_auth_info_t info = _gnutls_get_auth_info (session);
- if (info == NULL)
- break;
+ if (info == NULL)
+ break;
- dh_info = &info->dh;
- rsa_info = &info->rsa_export;
- for (i = 0; i < info->ncerts; i++)
- {
- _gnutls_free_datum (&info->raw_certificate_list[i]);
- }
+ dh_info = &info->dh;
+ rsa_info = &info->rsa_export;
+ for (i = 0; i < info->ncerts; i++)
+ {
+ _gnutls_free_datum (&info->raw_certificate_list[i]);
+ }
- gnutls_free (info->raw_certificate_list);
- info->raw_certificate_list = NULL;
- info->ncerts = 0;
+ gnutls_free (info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
- _gnutls_free_dh_info (dh_info);
- _gnutls_free_rsa_info (rsa_info);
+ _gnutls_free_dh_info (dh_info);
+ _gnutls_free_rsa_info (rsa_info);
}
*/
int
_gnutls_auth_info_set (gnutls_session_t session,
- gnutls_credentials_type_t type, int size,
- int allow_change)
+ gnutls_credentials_type_t type, int size,
+ int allow_change)
{
if (session->key->auth_info == NULL)
{
session->key->auth_info = gnutls_calloc (1, size);
if (session->key->auth_info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
session->key->auth_info_type = type;
session->key->auth_info_size = size;
}
else
{
if (allow_change == 0)
- {
- /* If the credentials for the current authentication scheme,
- * are not the one we want to set, then it's an error.
- * This may happen if a rehandshake is performed an the
- * ciphersuite which is negotiated has different authentication
- * schema.
- */
- if (gnutls_auth_get_type (session) != session->key->auth_info_type)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
+ {
+ /* If the credentials for the current authentication scheme,
+ * are not the one we want to set, then it's an error.
+ * This may happen if a rehandshake is performed an the
+ * ciphersuite which is negotiated has different authentication
+ * schema.
+ */
+ if (gnutls_auth_get_type (session) != session->key->auth_info_type)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
else
- {
- /* The new behaviour: Here we reallocate the auth info structure
- * in order to be able to negotiate different authentication
- * types. Ie. perform an auth_anon and then authenticate again using a
- * certificate (in order to prevent revealing the certificate's contents,
- * to passive eavesdropers.
- */
- if (gnutls_auth_get_type (session) != session->key->auth_info_type)
- {
-
- _gnutls_free_auth_info (session);
-
- session->key->auth_info = calloc (1, size);
- if (session->key->auth_info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- session->key->auth_info_type = type;
- session->key->auth_info_size = size;
- }
- }
+ {
+ /* The new behaviour: Here we reallocate the auth info structure
+ * in order to be able to negotiate different authentication
+ * types. Ie. perform an auth_anon and then authenticate again using a
+ * certificate (in order to prevent revealing the certificate's contents,
+ * to passive eavesdropers.
+ */
+ if (gnutls_auth_get_type (session) != session->key->auth_info_type)
+ {
+
+ _gnutls_free_auth_info (session);
+
+ session->key->auth_info = calloc (1, size);
+ if (session->key->auth_info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->key->auth_info_type = type;
+ session->key->auth_info_size = size;
+ }
+ }
}
return 0;
}
typedef struct mod_auth_st_int
{
- const char *name; /* null terminated */
+ const char *name; /* null terminated */
int (*gnutls_generate_server_certificate) (gnutls_session_t, opaque **);
int (*gnutls_generate_client_certificate) (gnutls_session_t, opaque **);
int (*gnutls_generate_server_kx) (gnutls_session_t, opaque **);
- int (*gnutls_generate_client_kx) (gnutls_session_t, opaque **); /* used in SRP */
+ int (*gnutls_generate_client_kx) (gnutls_session_t, opaque **); /* used in SRP */
int (*gnutls_generate_client_cert_vrfy) (gnutls_session_t, opaque **);
int (*gnutls_generate_server_certificate_request) (gnutls_session_t,
- opaque **);
+ opaque **);
int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *,
- size_t);
+ size_t);
int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *,
- size_t);
+ size_t);
int (*gnutls_process_server_kx) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_client_kx) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_server_certificate_request) (gnutls_session_t,
- opaque *, size_t);
+ opaque *, size_t);
} mod_auth_st;
const void *_gnutls_get_cred (gnutls_key_st key,
- gnutls_credentials_type_t kx, int *err);
+ gnutls_credentials_type_t kx, int *err);
const void *_gnutls_get_kx_cred (gnutls_session_t session,
- gnutls_kx_algorithm_t algo, int *err);
+ gnutls_kx_algorithm_t algo, int *err);
void *_gnutls_get_auth_info (gnutls_session_t session);
int _gnutls_auth_info_set (gnutls_session_t session,
- gnutls_credentials_type_t type, int size,
- int allow_change);
+ gnutls_credentials_type_t type, int size,
+ int allow_change);
#endif
*/
int
_gnutls_record_buffer_put (content_type_t type,
- gnutls_session_t session, opaque * data,
- size_t length)
+ gnutls_session_t session, opaque * data,
+ size_t length)
{
gnutls_buffer_st *buf;
case GNUTLS_APPLICATION_DATA:
buf = &session->internals.application_data_buffer;
_gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n",
- (int) length, (int) type);
+ (int) length, (int) type);
break;
case GNUTLS_HANDSHAKE:
buf = &session->internals.handshake_data_buffer;
_gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n",
- (int) length, (int) type);
+ (int) length, (int) type);
break;
case GNUTLS_INNER_APPLICATION:
buf = &session->internals.ia_data_buffer;
_gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n",
- (int) length, (int) type);
+ (int) length, (int) type);
break;
default:
int
_gnutls_record_buffer_get (content_type_t type,
- gnutls_session_t session, opaque * data,
- size_t length)
+ gnutls_session_t session, opaque * data,
+ size_t length)
{
if (length == 0 || data == NULL)
{
{
case GNUTLS_APPLICATION_DATA:
_gnutls_buffer_pop_data (&session->internals.application_data_buffer,
- data, &length);
+ data, &length);
_gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n",
- (int) length, (int) type);
+ (int) length, (int) type);
break;
case GNUTLS_HANDSHAKE:
_gnutls_buffer_pop_data (&session->internals.handshake_data_buffer,
- data, &length);
+ data, &length);
_gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n",
- (int) length, (int) type);
+ (int) length, (int) type);
break;
case GNUTLS_INNER_APPLICATION:
_gnutls_buffer_pop_data (&session->internals.ia_data_buffer, data,
- &length);
+ &length);
_gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n",
- (int) length, (int) type);
+ (int) length, (int) type);
break;
default:
return session->internals.errnum;
else
return session->internals.errno_func (session->
- internals.transport_recv_ptr);
+ internals.transport_recv_ptr);
}
*/
static ssize_t
_gnutls_read (gnutls_session_t session, mbuffer_st ** bufel,
- size_t size, gnutls_pull_func pull_func)
+ size_t size, gnutls_pull_func pull_func)
{
size_t left;
ssize_t i = 0;
i = pull_func (fd, &ptr[size - left], left);
if (i < 0)
- {
- int err = get_errno (session);
-
- _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
- (int) i, fd, errno, session->internals.errnum);
-
- if (err == EAGAIN || err == EINTR)
- {
- if (size - left > 0)
- {
-
- _gnutls_read_log ("READ: returning %d bytes from %p\n",
- (int) (size - left), fd);
-
- goto finish;
- }
-
- if (err == EAGAIN)
- return GNUTLS_E_AGAIN;
- return GNUTLS_E_INTERRUPTED;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PULL_ERROR;
- }
- }
+ {
+ int err = get_errno (session);
+
+ _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
+ (int) i, fd, errno, session->internals.errnum);
+
+ if (err == EAGAIN || err == EINTR)
+ {
+ if (size - left > 0)
+ {
+
+ _gnutls_read_log ("READ: returning %d bytes from %p\n",
+ (int) (size - left), fd);
+
+ goto finish;
+ }
+
+ if (err == EAGAIN)
+ return GNUTLS_E_AGAIN;
+ return GNUTLS_E_INTERRUPTED;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PULL_ERROR;
+ }
+ }
else
- {
+ {
- _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd);
+ _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd);
- if (i == 0)
- break; /* EOF */
- }
+ if (i == 0)
+ break; /* EOF */
+ }
left -= i;
(*bufel)->msg.size += i;
if (_gnutls_log_level >= 7)
{
_gnutls_read_log ("READ: read %d bytes from %p\n",
- (int) (size - left), fd);
+ (int) (size - left), fd);
}
static ssize_t
_gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec,
- int giovec_cnt)
+ int giovec_cnt)
{
int ret, j = 0;
gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
ret = session->internals.push_func (fd, iptr, sizeOfPtr);
if (ret == -1)
- break;
+ break;
total += ret;
}
static ssize_t
_gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
- int giovec_cnt)
+ int giovec_cnt)
{
int i;
gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
int err = get_errno (session);
_gnutls_debug_log ("errno: %d\n", err);
if (err == EAGAIN)
- return GNUTLS_E_AGAIN;
+ return GNUTLS_E_AGAIN;
else if (err == EINTR)
- return GNUTLS_E_INTERRUPTED;
+ return GNUTLS_E_INTERRUPTED;
else
- {
- gnutls_assert ();
- return GNUTLS_E_PUSH_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PUSH_ERROR;
+ }
}
return i;
}
/* this was already read by using MSG_PEEK - so it shouldn't fail */
sum = 0;
do
- { /* we need this to finish now */
+ { /* we need this to finish now */
ret =
- _gnutls_read (session, &peekdata, RCVLOWAT - sum,
- session->internals.pull_func);
+ _gnutls_read (session, &peekdata, RCVLOWAT - sum,
+ session->internals.pull_func);
if (ret > 0)
- sum += ret;
+ sum += ret;
_mbuffer_xfree (&peekdata);
}
while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN
- || sum < RCVLOWAT);
+ || sum < RCVLOWAT);
if (ret < 0)
{
*/
ssize_t
_gnutls_io_read_buffered (gnutls_session_t session, size_t total,
- content_type_t recv_type)
+ content_type_t recv_type)
{
ssize_t ret = 0, ret2 = 0;
size_t min;
if (total > MAX_RECV_SIZE || total == 0)
{
- gnutls_assert (); /* internal error */
+ gnutls_assert (); /* internal error */
return GNUTLS_E_INVALID_REQUEST;
}
* data in gnutls session.
*/
if (recv_type != GNUTLS_APPLICATION_DATA
- && session->internals.have_peeked_data == 0)
- recvlowat = 0;
+ && session->internals.have_peeked_data == 0)
+ recvlowat = 0;
else
- recvlowat = RCVLOWAT;
+ recvlowat = RCVLOWAT;
}
* then just return them.
*/
if (min == total)
- {
- return min;
- }
+ {
+ return min;
+ }
}
/* min is over zero. recvdata is the data we must
if ((session->internals.record_recv_buffer.byte_length + recvdata) >
MAX_RECV_SIZE)
{
- gnutls_assert (); /* internal error */
+ gnutls_assert (); /* internal error */
return GNUTLS_E_INVALID_REQUEST;
}
if (readsize > 0)
{
ret =
- _gnutls_read (session, &bufel, readsize,
- session->internals.pull_func);
+ _gnutls_read (session, &bufel, readsize,
+ session->internals.pull_func);
/* return immediately if we got an interrupt or eagain
* error.
*/
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- _mbuffer_xfree (&bufel);
- return ret;
- }
+ {
+ _mbuffer_xfree (&bufel);
+ return ret;
+ }
}
/* copy fresh data to our buffer.
if (ret > 0)
{
_gnutls_read_log
- ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
- (int) session->internals.record_recv_buffer.byte_length, (int) ret);
+ ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
+ (int) session->internals.record_recv_buffer.byte_length, (int) ret);
_gnutls_read_log ("RB: Requested %d bytes\n", (int) total);
_mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
ret2 = _gnutls_read (session, &bufel, recvlowat, system_read_peek);
if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0)
- {
- _mbuffer_xfree (&bufel);
- return ret2;
- }
+ {
+ _mbuffer_xfree (&bufel);
+ return ret2;
+ }
if (ret2 > 0)
- {
- _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n",
- (int) ret2);
- _gnutls_read_log
- ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n",
- (int) session->internals.record_recv_buffer.byte_length,
- (int) ret2, (int) total);
- session->internals.have_peeked_data = 1;
- _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
- }
+ {
+ _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n",
+ (int) ret2);
+ _gnutls_read_log
+ ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n",
+ (int) session->internals.record_recv_buffer.byte_length,
+ (int) ret2, (int) total);
+ session->internals.have_peeked_data = 1;
+ _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
+ }
else
- _mbuffer_xfree (&bufel);
+ _mbuffer_xfree (&bufel);
}
if (ret < 0 || ret2 < 0)
}
if (ret == 0)
- { /* EOF */
+ { /* EOF */
gnutls_assert ();
return 0;
}
*/
ssize_t
_gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st * bufel, unsigned int mflag)
+ mbuffer_st * bufel, unsigned int mflag)
{
mbuffer_head_st *const send_buffer = &session->internals.record_send_buffer;
mbuffer_st *cur;
_gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n",
- (int) send_buffer->byte_length);
+ (int) send_buffer->byte_length);
for (cur = _mbuffer_get_first (send_buffer, &msg);
cur != NULL; cur = _mbuffer_get_next (cur, &msg))
/* we buffer up to MAX_QUEUE messages */
if (i >= sizeof (iovec) / sizeof (iovec[0]))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
ret = _gnutls_writev (session, iovec, i);
{
_mbuffer_remove_bytes (send_buffer, ret);
_gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
+ ret, (int) send_buffer->byte_length);
sent += ret;
}
else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)
{
_gnutls_write_log ("WRITE interrupted: %d bytes left.\n",
- (int) send_buffer->byte_length);
+ (int) send_buffer->byte_length);
return ret;
}
else
{
_gnutls_write_log ("WRITE error: code %d, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
+ ret, (int) send_buffer->byte_length);
gnutls_assert ();
return ret;
mbuffer_st *cur;
_gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
- (int) send_buffer->byte_length);
+ (int) send_buffer->byte_length);
for (cur = _mbuffer_get_first (send_buffer, &msg);
cur != NULL; cur = _mbuffer_get_first (send_buffer, &msg))
{
ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE,
- session->internals.handshake_send_buffer_htype,
- EPOCH_WRITE_CURRENT,
- msg.data, msg.size, 0 /* do not flush */ );
+ session->internals.handshake_send_buffer_htype,
+ EPOCH_WRITE_CURRENT,
+ msg.data, msg.size, 0 /* do not flush */ );
if (ret >= 0)
- {
- _mbuffer_remove_bytes (send_buffer, ret);
+ {
+ _mbuffer_remove_bytes (send_buffer, ret);
- _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
+ _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
- total += ret;
- }
+ total += ret;
+ }
else
- {
- _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
+ {
+ _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
- gnutls_assert ();
- return ret;
- }
+ gnutls_assert ();
+ return ret;
+ }
}
return _gnutls_io_write_flush (session);
*/
void
_gnutls_handshake_io_cache_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- mbuffer_st * bufel)
+ gnutls_handshake_description_t htype,
+ mbuffer_st * bufel)
{
mbuffer_head_st *const send_buffer =
&session->internals.handshake_send_buffer;
*/
ssize_t
_gnutls_handshake_io_recv_int (gnutls_session_t session,
- content_type_t type,
- gnutls_handshake_description_t htype,
- void *iptr, size_t sizeOfPtr)
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ void *iptr, size_t sizeOfPtr)
{
size_t left;
ssize_t i;
/* if we have already received some data */
if (sizeOfPtr <= session->internals.handshake_recv_buffer.length)
- {
- /* if requested less data then return it.
- */
- gnutls_assert ();
-
- tmp = sizeOfPtr;
- _gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer,
- iptr, &tmp);
- return tmp;
- }
+ {
+ /* if requested less data then return it.
+ */
+ gnutls_assert ();
+
+ tmp = sizeOfPtr;
+ _gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer,
+ iptr, &tmp);
+ return tmp;
+ }
gnutls_assert ();
tmp = sizeOfPtr;
_gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer,
- iptr, &tmp);
+ iptr, &tmp);
left -= tmp;
htype = session->internals.handshake_recv_buffer_htype;
dsize = sizeOfPtr - left;
i = _gnutls_recv_int (session, type, htype, &ptr[dsize], left);
if (i < 0)
- {
+ {
- if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN))
- {
- gnutls_assert ();
+ if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN))
+ {
+ gnutls_assert ();
- _gnutls_buffer_append_data (&session->internals.
- handshake_recv_buffer, iptr, dsize);
+ _gnutls_buffer_append_data (&session->internals.
+ handshake_recv_buffer, iptr, dsize);
- session->internals.handshake_recv_buffer_htype = htype;
- session->internals.handshake_recv_buffer_type = type;
- }
+ session->internals.handshake_recv_buffer_htype = htype;
+ session->internals.handshake_recv_buffer_type = type;
+ }
- return i;
- }
+ return i;
+ }
else
- {
- if (i == 0)
- break; /* EOF */
- }
+ {
+ if (i == 0)
+ break; /* EOF */
+ }
left -= i;
*/
int
_gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data,
- size_t length)
+ size_t length)
{
if (length == 0)
_gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int) length);
if (_gnutls_buffer_append_data (&session->internals.handshake_hash_buffer,
- data, length) < 0)
+ data, length) < 0)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
*/
int
_gnutls_handshake_buffer_get_ptr (gnutls_session_t session,
- opaque ** data_ptr, size_t * length)
+ opaque ** data_ptr, size_t * length)
{
if (length != NULL)
*length = session->internals.handshake_hash_buffer.length;
_gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n",
- (int) session->internals.handshake_hash_buffer.length);
+ (int) session->internals.handshake_hash_buffer.length);
if (data_ptr != NULL)
*data_ptr = session->internals.handshake_hash_buffer.data;
**/
void
gnutls_transport_set_pull_function (gnutls_session_t session,
- gnutls_pull_func pull_func)
+ gnutls_pull_func pull_func)
{
session->internals.pull_func = pull_func;
}
**/
void
gnutls_transport_set_push_function (gnutls_session_t session,
- gnutls_push_func push_func)
+ gnutls_push_func push_func)
{
session->internals.push_func = push_func;
session->internals.vec_push_func = NULL;
**/
void
gnutls_transport_set_push_function2 (gnutls_session_t session,
- gnutls_vec_push_func vec_func)
+ gnutls_vec_push_func vec_func)
{
session->internals.push_func = NULL;
session->internals.vec_push_func = vec_func;
**/
void
gnutls_transport_set_errno_function (gnutls_session_t session,
- gnutls_errno_func errno_func)
+ gnutls_errno_func errno_func)
{
session->internals.errno_func = errno_func;
}
#define MBUFFER_FLUSH 1
int _gnutls_record_buffer_put (content_type_t type,
- gnutls_session_t session, opaque * data,
- size_t length);
+ gnutls_session_t session, opaque * data,
+ size_t length);
int _gnutls_record_buffer_get_size (content_type_t type,
- gnutls_session_t session);
+ gnutls_session_t session);
int _gnutls_record_buffer_get (content_type_t type,
- gnutls_session_t session, opaque * data,
- size_t length);
+ gnutls_session_t session, opaque * data,
+ size_t length);
ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, content_type_t);
int _gnutls_io_clear_peeked_data (gnutls_session_t session);
ssize_t _gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st * bufel, unsigned int mflag);
+ mbuffer_st * bufel, unsigned int mflag);
int _gnutls_handshake_buffer_get_size (gnutls_session_t session);
int _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data,
- size_t length);
+ size_t length);
int _gnutls_handshake_buffer_clear (gnutls_session_t session);
int _gnutls_handshake_buffer_empty (gnutls_session_t session);
int _gnutls_handshake_buffer_get_ptr (gnutls_session_t session,
- opaque ** data_ptr, size_t * length);
+ opaque ** data_ptr, size_t * length);
#define _gnutls_handshake_io_buffer_clear( session) \
_mbuffer_clear( &session->internals.handshake_send_buffer); \
_gnutls_buffer_clear( &session->internals.handshake_recv_buffer);
ssize_t _gnutls_handshake_io_recv_int (gnutls_session_t, content_type_t,
- gnutls_handshake_description_t, void *,
- size_t);
+ gnutls_handshake_description_t, void *,
+ size_t);
void _gnutls_handshake_io_cache_int (gnutls_session_t,
- gnutls_handshake_description_t,
- mbuffer_st * bufel);
+ gnutls_handshake_description_t,
+ mbuffer_st * bufel);
ssize_t _gnutls_io_write_flush (gnutls_session_t session);
ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session);
for (i = 0; i < sc->ncerts; i++)
{
for (j = 0; j < sc->cert_list_length[i]; j++)
- {
- _gnutls_gcert_deinit (&sc->cert_list[i][j]);
- }
+ {
+ _gnutls_gcert_deinit (&sc->cert_list[i][j]);
+ }
gnutls_free (sc->cert_list[i]);
}
**/
void
gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
- gnutls_x509_crt_t ** x509_ca_list,
- unsigned int *ncas)
+ gnutls_x509_crt_t ** x509_ca_list,
+ unsigned int *ncas)
{
*x509_ca_list = sc->x509_ca_list;
*ncas = sc->x509_ncas;
**/
void
gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc,
- gnutls_x509_crl_t ** x509_crl_list,
- unsigned int *ncrls)
+ gnutls_x509_crl_t ** x509_crl_list,
+ unsigned int *ncrls)
{
*x509_crl_list = sc->x509_crl_list;
*ncrls = sc->x509_ncrls;
**/
void
gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t sc,
- gnutls_openpgp_keyring_t * keyring)
+ gnutls_openpgp_keyring_t * keyring)
{
*keyring = sc->keyring;
}
-*/
gnutls_rsa_params_t
_gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params,
- gnutls_params_function * func,
- gnutls_session_t session)
+ gnutls_params_function * func,
+ gnutls_session_t session)
{
gnutls_params_st params;
int ret;
{
ret = func (session, GNUTLS_PARAMS_RSA_EXPORT, ¶ms);
if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT)
- {
- session->internals.params.rsa_params = params.params.rsa_export;
- session->internals.params.free_rsa_params = params.deinit;
- }
+ {
+ session->internals.params.rsa_params = params.params.rsa_export;
+ session->internals.params.free_rsa_params = params.deinit;
+ }
}
return session->internals.params.rsa_params;
**/
int
gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t *
- res)
+ res)
{
*res = gnutls_calloc (1, sizeof (certificate_credentials_st));
*/
int
_gnutls_selected_cert_supported_kx (gnutls_session_t session,
- gnutls_kx_algorithm_t ** alg,
- int *alg_size)
+ gnutls_kx_algorithm_t ** alg,
+ int *alg_size)
{
gnutls_kx_algorithm_t kx;
gnutls_pk_algorithm_t pk;
{
pk = _gnutls_map_pk_get_pk (kx);
if (pk == cert->subject_pk_algorithm)
- {
- /* then check key usage */
- if (_gnutls_check_key_usage (cert, kx) == 0)
- {
- kxlist[i] = kx;
- i++;
- }
- }
+ {
+ /* then check key usage */
+ if (_gnutls_check_key_usage (cert, kx) == 0)
+ {
+ kxlist[i] = kx;
+ i++;
+ }
+ }
}
if (i == 0)
**/
void
gnutls_certificate_server_set_request (gnutls_session_t session,
- gnutls_certificate_request_t req)
+ gnutls_certificate_request_t req)
{
session->internals.send_cert_req = req;
}
-*/
static int
_gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
- unsigned int *status)
+ unsigned int *status)
{
cert_auth_info_t info;
gnutls_certificate_credentials_t cred;
*/
ret =
_gnutls_openpgp_verify_key (cred, &info->raw_certificate_list[0],
- peer_certificate_list_size, status);
+ peer_certificate_list_size, status);
if (ret < 0)
{
**/
int
gnutls_certificate_verify_peers2 (gnutls_session_t session,
- unsigned int *status)
+ unsigned int *status)
{
cert_auth_info_t info;
{
case GNUTLS_CRT_X509:
return
- _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list
- [0]);
+ _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list
+ [0]);
#ifdef ENABLE_OPENPGP
case GNUTLS_CRT_OPENPGP:
return
- _gnutls_openpgp_get_raw_key_expiration_time
- (&info->raw_certificate_list[0]);
+ _gnutls_openpgp_get_raw_key_expiration_time
+ (&info->raw_certificate_list[0]);
#endif
default:
return (time_t) - 1;
{
case GNUTLS_CRT_X509:
return
- _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list
- [0]);
+ _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list
+ [0]);
#ifdef ENABLE_OPENPGP
case GNUTLS_CRT_OPENPGP:
return
- _gnutls_openpgp_get_raw_key_creation_time (&info->raw_certificate_list
- [0]);
+ _gnutls_openpgp_get_raw_key_creation_time (&info->raw_certificate_list
+ [0]);
#endif
default:
return (time_t) - 1;
*/
int
_gnutls_get_auth_info_gcert (gnutls_cert * gcert,
- gnutls_certificate_type_t type,
- cert_auth_info_t info,
- int flags /* OR of ConvFlags */ )
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info,
+ int flags /* OR of ConvFlags */ )
{
switch (type)
{
case GNUTLS_CRT_X509:
return _gnutls_x509_raw_cert_to_gcert (gcert,
- &info->raw_certificate_list[0],
- flags);
+ &info->raw_certificate_list[0],
+ flags);
#ifdef ENABLE_OPENPGP
case GNUTLS_CRT_OPENPGP:
return _gnutls_openpgp_raw_crt_to_gcert (gcert,
- &info->raw_certificate_list[0],
- info->use_subkey ? info->
- subkey_id : NULL);
+ &info->raw_certificate_list[0],
+ info->use_subkey ? info->
+ subkey_id : NULL);
#endif
default:
gnutls_assert ();
*/
int
_gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
- const gnutls_datum_t * derCert,
- int flags /* OR of ConvFlags */ )
+ const gnutls_datum_t * derCert,
+ int flags /* OR of ConvFlags */ )
{
int ret;
gnutls_x509_crt_t cert;
*/
int
_gnutls_x509_crt_to_gcert (gnutls_cert * gcert,
- gnutls_x509_crt_t cert, unsigned int flags)
+ gnutls_x509_crt_t cert, unsigned int flags)
{
int ret = 0;
*/
der = gnutls_malloc (SMALL_DER);
if (der == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
ret =
- gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, &der_size);
+ gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, &der_size);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- gnutls_free (der);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (der);
+ return ret;
+ }
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- der = gnutls_realloc (der, der_size);
- if (der == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret =
- gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der,
- &der_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (der);
- return ret;
- }
- }
+ {
+ der = gnutls_realloc (der, der_size);
+ if (der == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (der);
+ return ret;
+ }
+ }
gcert->raw.data = der;
gcert->raw.size = der_size;
{
ret = gnutls_x509_crt_get_key_usage (cert, &gcert->key_usage, NULL);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- gcert->key_usage = 0;
+ gcert->key_usage = 0;
else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
gcert->version = gnutls_x509_crt_get_version (cert);
}
gcert->subject_pk_algorithm = gnutls_x509_crt_get_pk_algorithm (cert, NULL);
{
gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
ret =
- _gnutls_x509_crt_get_mpis (cert, gcert->params, &gcert->params_size);
+ _gnutls_x509_crt_get_mpis (cert, gcert->params, &gcert->params_size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
return 0;
**/
void
gnutls_sign_callback_set (gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata)
+ gnutls_sign_func sign_func, void *userdata)
{
session->internals.sign_func = sign_func;
session->internals.sign_func_userdata = userdata;
#include "x509/x509_int.h"
#include <gnutls/openpgp.h>
-#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
+#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PUBLIC_PARAMS 4
* [3] is public key
*/
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size; /* holds the size of MPI params */
+ int params_size; /* holds the size of MPI params */
gnutls_pk_algorithm_t subject_pk_algorithm;
- unsigned int key_usage; /* bits from KEY_*
- */
+ unsigned int key_usage; /* bits from KEY_*
+ */
unsigned int version;
/* holds the type (PGP, X509)
} ConvFlags;
int _gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
- const gnutls_datum_t * derCert,
- int flags);
+ const gnutls_datum_t * derCert,
+ int flags);
int _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert,
- unsigned int flags);
+ unsigned int flags);
void _gnutls_gcert_deinit (gnutls_cert * cert);
int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
- gnutls_kx_algorithm_t ** alg,
- int *alg_size);
+ gnutls_kx_algorithm_t ** alg,
+ int *alg_size);
#endif
*/
int
_gnutls_encrypt (gnutls_session_t session, const opaque * headers,
- size_t headers_size, const opaque * data,
- size_t data_size, opaque * ciphertext,
- size_t ciphertext_size, content_type_t type, int random_pad,
- record_parameters_st * params)
+ size_t headers_size, const opaque * data,
+ size_t data_size, opaque * ciphertext,
+ size_t ciphertext_size, content_type_t type, int random_pad,
+ record_parameters_st * params)
{
gnutls_datum_t plain;
gnutls_datum_t comp;
*/
ret = _gnutls_m_plaintext2compressed (session, &comp, &plain, params);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
ret = _gnutls_compressed2ciphertext (session, &ciphertext[headers_size],
- ciphertext_size - headers_size,
- comp, type, random_pad, params);
+ ciphertext_size - headers_size,
+ comp, type, random_pad, params);
if (free_comp)
_gnutls_free_datum (&comp);
*/
int
_gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
- size_t ciphertext_size, uint8_t * data,
- size_t max_data_size, content_type_t type,
- record_parameters_st * params)
+ size_t ciphertext_size, uint8_t * data,
+ size_t max_data_size, content_type_t type,
+ record_parameters_st * params)
{
gnutls_datum_t gtxt;
gnutls_datum_t gcipher;
ret =
_gnutls_ciphertext2compressed (session, data, max_data_size,
- gcipher, type, params);
+ gcipher, type, params);
if (ret < 0)
{
return ret;
gcomp.size = ret;
ret = _gnutls_m_compressed2plaintext (session, >xt, &gcomp, params);
if (ret < 0)
- {
- return ret;
- }
+ {
+ return ret;
+ }
if (gtxt.size > MAX_RECORD_RECV_SIZE)
- {
- gnutls_assert ();
- _gnutls_free_datum (>xt);
- /* This shouldn't have happen and
- * is a TLS fatal error.
- */
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (>xt);
+ /* This shouldn't have happen and
+ * is a TLS fatal error.
+ */
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
/* This check is not really needed */
if (max_data_size < MAX_RECORD_RECV_SIZE)
- {
- gnutls_assert ();
- _gnutls_free_datum (>xt);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (>xt);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
memcpy (data, gtxt.data, gtxt.size);
ret = gtxt.size;
static inline int
mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret,
- int secret_size, int ver)
+ int secret_size, int ver)
{
int ret = 0;
}
if (ver == GNUTLS_SSL3)
- { /* SSL 3.0 */
+ { /* SSL 3.0 */
ret = _gnutls_mac_init_ssl3 (td, mac, secret, secret_size);
}
else
- { /* TLS 1.x */
+ { /* TLS 1.x */
ret = _gnutls_hmac_init (td, mac, secret, secret_size);
}
mac_hash (digest_hd_st * td, void *data, int data_size, int ver)
{
if (ver == GNUTLS_SSL3)
- { /* SSL 3.0 */
+ { /* SSL 3.0 */
_gnutls_hash (td, data, data_size);
}
else
mac_deinit (digest_hd_st * td, opaque * res, int ver)
{
if (ver == GNUTLS_SSL3)
- { /* SSL 3.0 */
+ { /* SSL 3.0 */
_gnutls_mac_deinit_ssl3 (td, res);
}
else
inline static int
calc_enc_length (gnutls_session_t session, int data_size,
- int hash_size, uint8_t * pad, int random_pad,
- cipher_type_t block_algo, uint16_t blocksize)
+ int hash_size, uint8_t * pad, int random_pad,
+ cipher_type_t block_algo, uint16_t blocksize)
{
uint8_t rnd;
int length, ret;
case CIPHER_BLOCK:
ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* make rnd a multiple of blocksize */
if (session->security_parameters.version == GNUTLS_SSL3 ||
- random_pad == 0)
- {
- rnd = 0;
- }
+ random_pad == 0)
+ {
+ rnd = 0;
+ }
else
- {
- rnd = (rnd / blocksize) * blocksize;
- /* added to avoid the case of pad calculated 0
- * seen below for pad calculation.
- */
- if (rnd > blocksize)
- rnd -= blocksize;
- }
+ {
+ rnd = (rnd / blocksize) * blocksize;
+ /* added to avoid the case of pad calculated 0
+ * seen below for pad calculation.
+ */
+ if (rnd > blocksize)
+ rnd -= blocksize;
+ }
length = data_size + hash_size;
length += *pad;
if (_gnutls_version_has_explicit_iv
- (session->security_parameters.version))
- length += blocksize; /* for the IV */
+ (session->security_parameters.version))
+ length += blocksize; /* for the IV */
break;
default:
#define PREAMBLE_SIZE 16
static inline int
make_preamble (opaque * uint64_data, opaque type, uint16_t c_length,
- opaque ver, opaque * preamble)
+ opaque ver, opaque * preamble)
{
opaque minor = _gnutls_version_get_minor (ver);
opaque major = _gnutls_version_get_major (ver);
*p = type;
p++;
if (_gnutls_version_has_variable_padding (ver))
- { /* TLS 1.0 or higher */
+ { /* TLS 1.0 or higher */
*p = major;
p++;
*p = minor;
*/
int
_gnutls_compressed2ciphertext (gnutls_session_t session,
- opaque * cipher_data, int cipher_size,
- gnutls_datum_t compressed,
- content_type_t _type, int random_pad,
- record_parameters_st * params)
+ opaque * cipher_data, int cipher_size,
+ gnutls_datum_t compressed,
+ content_type_t _type, int random_pad,
+ record_parameters_st * params)
{
uint8_t MAC[MAX_HASH_SIZE];
uint16_t c_length;
c_length = _gnutls_conv_uint16 (compressed.size);
if (params->mac_algorithm != GNUTLS_MAC_NULL)
- { /* actually when the algorithm in not the NULL one */
+ { /* actually when the algorithm in not the NULL one */
digest_hd_st td;
ret = mac_init (&td, params->mac_algorithm,
- params->write.mac_secret.data,
- params->write.mac_secret.size, ver);
+ params->write.mac_secret.data,
+ params->write.mac_secret.size, ver);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
preamble_size =
- make_preamble (UINT64DATA
- (params->write.sequence_number),
- type, c_length, ver, preamble);
+ make_preamble (UINT64DATA
+ (params->write.sequence_number),
+ type, c_length, ver, preamble);
mac_hash (&td, preamble, preamble_size, ver);
mac_hash (&td, compressed.data, compressed.size, ver);
mac_deinit (&td, MAC, ver);
*/
length =
calc_enc_length (session, compressed.size, hash_size, &pad,
- random_pad, block_algo, blocksize);
+ random_pad, block_algo, blocksize);
if (length < 0)
{
gnutls_assert ();
*/
ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
data_ptr += blocksize;
}
*/
int
_gnutls_ciphertext2compressed (gnutls_session_t session,
- opaque * compress_data,
- int compress_size,
- gnutls_datum_t ciphertext, uint8_t type,
- record_parameters_st * params)
+ opaque * compress_data,
+ int compress_size,
+ gnutls_datum_t ciphertext, uint8_t type,
+ record_parameters_st * params)
{
uint8_t MAC[MAX_HASH_SIZE];
uint16_t c_length;
{
case CIPHER_STREAM:
if ((ret =
- _gnutls_cipher_decrypt (¶ms->read.cipher_state,
- ciphertext.data, ciphertext.size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_cipher_decrypt (¶ms->read.cipher_state,
+ ciphertext.data, ciphertext.size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
length = ciphertext.size - hash_size;
break;
case CIPHER_BLOCK:
if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0))
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
if ((ret =
- _gnutls_cipher_decrypt (¶ms->read.cipher_state,
- ciphertext.data, ciphertext.size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_cipher_decrypt (¶ms->read.cipher_state,
+ ciphertext.data, ciphertext.size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* ignore the IV in TLS 1.1.
*/
if (_gnutls_version_has_explicit_iv
- (session->security_parameters.version))
- {
- ciphertext.size -= blocksize;
- ciphertext.data += blocksize;
+ (session->security_parameters.version))
+ {
+ ciphertext.size -= blocksize;
+ ciphertext.data += blocksize;
- if (ciphertext.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
- }
+ if (ciphertext.size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+ }
- pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
+ pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
if ((int) pad > (int) ciphertext.size - hash_size)
- {
- gnutls_assert ();
- _gnutls_record_log
- ("REC[%p]: Short record length %d > %d - %d (under attack?)\n",
- session, pad, ciphertext.size, hash_size);
- /* We do not fail here. We check below for the
- * the pad_failed. If zero means success.
- */
- pad_failed = GNUTLS_E_DECRYPTION_FAILED;
- }
+ {
+ gnutls_assert ();
+ _gnutls_record_log
+ ("REC[%p]: Short record length %d > %d - %d (under attack?)\n",
+ session, pad, ciphertext.size, hash_size);
+ /* We do not fail here. We check below for the
+ * the pad_failed. If zero means success.
+ */
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ }
length = ciphertext.size - hash_size - pad;
/* Check the pading bytes (TLS 1.x)
*/
if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0)
- for (i = 2; i < pad; i++)
- {
- if (ciphertext.data[ciphertext.size - i] !=
- ciphertext.data[ciphertext.size - 1])
- pad_failed = GNUTLS_E_DECRYPTION_FAILED;
- }
+ for (i = 2; i < pad; i++)
+ {
+ if (ciphertext.data[ciphertext.size - i] !=
+ ciphertext.data[ciphertext.size - 1])
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ }
break;
default:
gnutls_assert ();
digest_hd_st td;
ret = mac_init (&td, params->mac_algorithm,
- params->read.mac_secret.data,
- params->read.mac_secret.size, ver);
+ params->read.mac_secret.data,
+ params->read.mac_secret.size, ver);
if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
preamble_size =
- make_preamble (UINT64DATA
- (params->read.sequence_number), type,
- c_length, ver, preamble);
+ make_preamble (UINT64DATA
+ (params->read.sequence_number), type,
+ c_length, ver, preamble);
mac_hash (&td, preamble, preamble_size, ver);
if (length > 0)
- mac_hash (&td, ciphertext.data, length, ver);
+ mac_hash (&td, ciphertext.data, length, ver);
mac_deinit (&td, MAC, ver);
}
*/
int _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
- size_t headers_size, const opaque * data,
- size_t data_size, opaque * ciphertext,
- size_t ciphertext_size, content_type_t type,
- int random_pad, record_parameters_st * params);
+ size_t headers_size, const opaque * data,
+ size_t data_size, opaque * ciphertext,
+ size_t ciphertext_size, content_type_t type,
+ int random_pad, record_parameters_st * params);
int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
- size_t ciphertext_size, uint8_t * data, size_t data_size,
- content_type_t type, record_parameters_st * params);
+ size_t ciphertext_size, uint8_t * data, size_t data_size,
+ content_type_t type, record_parameters_st * params);
int _gnutls_compressed2ciphertext (gnutls_session_t session,
- opaque * cipher_data, int cipher_size,
- gnutls_datum_t compressed,
- content_type_t _type, int random_pad,
- record_parameters_st * params);
+ opaque * cipher_data, int cipher_size,
+ gnutls_datum_t compressed,
+ content_type_t _type, int random_pad,
+ record_parameters_st * params);
int _gnutls_ciphertext2compressed (gnutls_session_t session,
- opaque * compress_data,
- int compress_size,
- gnutls_datum_t ciphertext, uint8_t type,
- record_parameters_st * params);
+ opaque * compress_data,
+ int compress_size,
+ gnutls_datum_t ciphertext, uint8_t type,
+ record_parameters_st * params);
int
_gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key, const gnutls_datum_t * iv)
+ const gnutls_datum_t * key, const gnutls_datum_t * iv)
{
int ret = GNUTLS_E_INTERNAL_ERROR;
const gnutls_crypto_cipher_st *cc = NULL;
handle->deinit = cc->deinit;
if (iv && iv->data && iv->size && cc->setiv)
- SR (cc->setiv (handle->handle, iv->data, iv->size), cc_cleanup);
+ SR (cc->setiv (handle->handle, iv->data, iv->size), cc_cleanup);
return 0;
}
int
_gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
- int ciphertextlen)
+ int ciphertextlen)
{
if (handle != NULL && handle->handle != NULL)
{
return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
- ciphertext, ciphertextlen);
+ ciphertext, ciphertextlen);
}
return 0;
}
int
_gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
- int textlen, void *ciphertext, int ciphertextlen)
+ int textlen, void *ciphertext, int ciphertextlen)
{
if (handle != NULL && handle->handle != NULL)
{
return handle->encrypt (handle->handle, text, textlen, ciphertext,
- ciphertextlen);
+ ciphertextlen);
}
return 0;
}
int
_gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext,
- int ciphertextlen, void *text, int textlen)
+ int ciphertextlen, void *text, int textlen)
{
if (handle != NULL && handle->handle != NULL)
{
return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
- text, textlen);
+ text, textlen);
}
return 0;
}
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext, size_t,
- void *ciphertext, size_t);
+ void *ciphertext, size_t);
typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext, size_t,
- void *plaintext, size_t);
+ void *plaintext, size_t);
typedef void (*cipher_deinit_func) (void *hd);
typedef struct
} cipher_hd_st;
int _gnutls_cipher_init (cipher_hd_st *, gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key,
- const gnutls_datum_t * iv);
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv);
int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text,
- int textlen);
+ int textlen);
int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
- int ciphertextlen);
+ int ciphertextlen);
int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
- int textlen, void *ciphertext,
- int ciphertextlen);
+ int textlen, void *ciphertext,
+ int ciphertextlen);
int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle,
- const void *ciphertext, int ciphertextlen,
- void *text, int textlen);
+ const void *ciphertext, int ciphertextlen,
+ void *text, int textlen);
void _gnutls_cipher_deinit (cipher_hd_st * handle);
#endif /* GNUTLS_CIPHER_INT */
*/
int
_gnutls_m_plaintext2compressed (gnutls_session_t session,
- gnutls_datum_t * compressed,
- const gnutls_datum_t * plaintext,
- const record_parameters_st * params)
+ gnutls_datum_t * compressed,
+ const gnutls_datum_t * plaintext,
+ const record_parameters_st * params)
{
int size;
opaque *data;
size =
_gnutls_compress (params->write.compression_state,
- plaintext->data, plaintext->size, &data,
- MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE);
+ plaintext->data, plaintext->size, &data,
+ MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE);
if (size < 0)
{
gnutls_assert ();
int
_gnutls_m_compressed2plaintext (gnutls_session_t session,
- gnutls_datum_t * plain,
- const gnutls_datum_t * compressed,
- const record_parameters_st * params)
+ gnutls_datum_t * plain,
+ const gnutls_datum_t * compressed,
+ const record_parameters_st * params)
{
int size;
opaque *data;
size =
_gnutls_decompress (params->read.compression_state,
- compressed->data, compressed->size, &data,
- MAX_RECORD_RECV_SIZE);
+ compressed->data, compressed->size, &data,
+ MAX_RECORD_RECV_SIZE);
if (size < 0)
{
gnutls_assert ();
gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
GNUTLS_COMPRESSION_LOOP (if
- (strcasecmp
- (p->name + sizeof ("GNUTLS_COMP_") - 1,
- name) == 0) ret = p->id);
+ (strcasecmp
+ (p->name + sizeof ("GNUTLS_COMP_") - 1,
+ name) == 0) ret = p->id);
return ret;
}
#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
int
_gnutls_supported_compression_methods (gnutls_session_t session,
- uint8_t ** comp)
+ uint8_t ** comp)
{
unsigned int i, j;
for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++)
{
int tmp =
- _gnutls_compression_get_num (session->internals.
- priorities.compression.priority[i]);
+ _gnutls_compression_get_num (session->internals.
+ priorities.compression.priority[i]);
/* remove private compression algorithms, if requested.
*/
if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
- session->internals.enable_private == 0))
- {
- gnutls_assert ();
- continue;
- }
+ session->internals.enable_private == 0))
+ {
+ gnutls_assert ();
+ continue;
+ }
(*comp)[j] = (uint8_t) tmp;
j++;
case GNUTLS_COMP_DEFLATE:
#ifdef HAVE_LIBZ
{
- int window_bits, mem_level;
- int comp_level;
- z_stream *zhandle;
- int err;
-
- window_bits = get_wbits (method);
- mem_level = get_mem_level (method);
- comp_level = get_comp_level (method);
-
- ret->handle = gnutls_malloc (sizeof (z_stream));
- if (ret->handle == NULL)
- {
- gnutls_assert ();
- goto cleanup_ret;
- }
-
- zhandle = ret->handle;
-
- zhandle->zalloc = (alloc_func) 0;
- zhandle->zfree = (free_func) 0;
- zhandle->opaque = (voidpf) 0;
-
- if (d)
- err = inflateInit2 (zhandle, window_bits);
- else
- {
- err = deflateInit2 (zhandle,
- comp_level, Z_DEFLATED,
- window_bits, mem_level, Z_DEFAULT_STRATEGY);
- }
- if (err != Z_OK)
- {
- gnutls_assert ();
- gnutls_free (ret->handle);
- goto cleanup_ret;
- }
+ int window_bits, mem_level;
+ int comp_level;
+ z_stream *zhandle;
+ int err;
+
+ window_bits = get_wbits (method);
+ mem_level = get_mem_level (method);
+ comp_level = get_comp_level (method);
+
+ ret->handle = gnutls_malloc (sizeof (z_stream));
+ if (ret->handle == NULL)
+ {
+ gnutls_assert ();
+ goto cleanup_ret;
+ }
+
+ zhandle = ret->handle;
+
+ zhandle->zalloc = (alloc_func) 0;
+ zhandle->zfree = (free_func) 0;
+ zhandle->opaque = (voidpf) 0;
+
+ if (d)
+ err = inflateInit2 (zhandle, window_bits);
+ else
+ {
+ err = deflateInit2 (zhandle,
+ comp_level, Z_DEFLATED,
+ window_bits, mem_level, Z_DEFAULT_STRATEGY);
+ }
+ if (err != Z_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (ret->handle);
+ goto cleanup_ret;
+ }
}
break;
#endif
#ifdef USE_LZO
/* LZO does not use memory on decompressor */
if (!d)
- {
- ret->handle = gnutls_malloc (LZO1X_1_MEM_COMPRESS);
-
- if (ret->handle == NULL)
- {
- gnutls_assert ();
- goto cleanup_ret;
- }
- }
+ {
+ ret->handle = gnutls_malloc (LZO1X_1_MEM_COMPRESS);
+
+ if (ret->handle == NULL)
+ {
+ gnutls_assert ();
+ goto cleanup_ret;
+ }
+ }
break;
#endif
case GNUTLS_COMP_NULL:
if (handle != NULL)
{
switch (handle->algo)
- {
+ {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- int err;
-
- if (d)
- err = inflateEnd (handle->handle);
- else
- err = deflateEnd (handle->handle);
- break;
- }
+ case GNUTLS_COMP_DEFLATE:
+ {
+ int err;
+
+ if (d)
+ err = inflateEnd (handle->handle);
+ else
+ err = deflateEnd (handle->handle);
+ break;
+ }
#endif
- default:
- break;
- }
+ default:
+ break;
+ }
gnutls_free (handle->handle);
gnutls_free (handle);
int
_gnutls_compress (comp_hd_t handle, const opaque * plain,
- size_t plain_size, opaque ** compressed,
- size_t max_comp_size)
+ size_t plain_size, opaque ** compressed,
+ size_t max_comp_size)
{
int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
#ifdef USE_LZO
case GNUTLS_COMP_LZO:
{
- lzo_uint out_len;
- size_t size;
- int err;
-
- if (_gnutls_lzo1x_1_compress == NULL)
- return GNUTLS_E_COMPRESSION_FAILED;
-
- size = plain_size + plain_size / 64 + 16 + 3;
- *compressed = gnutls_malloc (size);
- if (*compressed == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- err = _gnutls_lzo1x_1_compress (plain, plain_size, *compressed,
- &out_len, handle->handle);
-
- if (err != LZO_E_OK)
- {
- gnutls_assert ();
- gnutls_free (*compressed);
- *compressed = NULL;
- return GNUTLS_E_COMPRESSION_FAILED;
- }
-
- compressed_size = out_len;
- break;
+ lzo_uint out_len;
+ size_t size;
+ int err;
+
+ if (_gnutls_lzo1x_1_compress == NULL)
+ return GNUTLS_E_COMPRESSION_FAILED;
+
+ size = plain_size + plain_size / 64 + 16 + 3;
+ *compressed = gnutls_malloc (size);
+ if (*compressed == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ err = _gnutls_lzo1x_1_compress (plain, plain_size, *compressed,
+ &out_len, handle->handle);
+
+ if (err != LZO_E_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+
+ compressed_size = out_len;
+ break;
}
#endif
#ifdef HAVE_LIBZ
case GNUTLS_COMP_DEFLATE:
{
- uLongf size;
- z_stream *zhandle;
- int err;
-
- size = (plain_size + plain_size) + 10;
- *compressed = gnutls_malloc (size);
- if (*compressed == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) plain;
- zhandle->avail_in = plain_size;
- zhandle->next_out = (Bytef *) * compressed;
- zhandle->avail_out = size;
-
- err = deflate (zhandle, Z_SYNC_FLUSH);
-
- if (err != Z_OK || zhandle->avail_in != 0)
- {
- gnutls_assert ();
- gnutls_free (*compressed);
- *compressed = NULL;
- return GNUTLS_E_COMPRESSION_FAILED;
- }
-
- compressed_size = size - zhandle->avail_out;
- break;
+ uLongf size;
+ z_stream *zhandle;
+ int err;
+
+ size = (plain_size + plain_size) + 10;
+ *compressed = gnutls_malloc (size);
+ if (*compressed == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) plain;
+ zhandle->avail_in = plain_size;
+ zhandle->next_out = (Bytef *) * compressed;
+ zhandle->avail_out = size;
+
+ err = deflate (zhandle, Z_SYNC_FLUSH);
+
+ if (err != Z_OK || zhandle->avail_in != 0)
+ {
+ gnutls_assert ();
+ gnutls_free (*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+
+ compressed_size = size - zhandle->avail_out;
+ break;
}
#endif
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
+ } /* switch */
#ifdef COMPRESSION_DEBUG
_gnutls_debug_log ("Compression ratio: %f\n",
- (float) ((float) compressed_size / (float) plain_size));
+ (float) ((float) compressed_size / (float) plain_size));
#endif
if ((size_t) compressed_size > max_comp_size)
int
_gnutls_decompress (comp_hd_t handle, opaque * compressed,
- size_t compressed_size, opaque ** plain,
- size_t max_record_size)
+ size_t compressed_size, opaque ** plain,
+ size_t max_record_size)
{
int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
#ifdef USE_LZO
case GNUTLS_COMP_LZO:
{
- lzo_uint out_size;
- lzo_uint new_size;
- int err;
-
- if (_gnutls_lzo1x_decompress_safe == NULL)
- return GNUTLS_E_DECOMPRESSION_FAILED;
-
- *plain = NULL;
- out_size = compressed_size + compressed_size;
- plain_size = 0;
-
- do
- {
- out_size += 512;
- *plain = gnutls_realloc_fast (*plain, out_size);
- if (*plain == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- new_size = out_size;
- err =
- _gnutls_lzo1x_decompress_safe (compressed,
- compressed_size, *plain,
- &new_size, NULL);
-
- }
- while ((err == LZO_E_OUTPUT_OVERRUN && out_size < max_record_size));
-
- if (err != LZO_E_OK)
- {
- gnutls_assert ();
- gnutls_free (*plain);
- *plain = NULL;
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- plain_size = new_size;
- break;
+ lzo_uint out_size;
+ lzo_uint new_size;
+ int err;
+
+ if (_gnutls_lzo1x_decompress_safe == NULL)
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+
+ *plain = NULL;
+ out_size = compressed_size + compressed_size;
+ plain_size = 0;
+
+ do
+ {
+ out_size += 512;
+ *plain = gnutls_realloc_fast (*plain, out_size);
+ if (*plain == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ new_size = out_size;
+ err =
+ _gnutls_lzo1x_decompress_safe (compressed,
+ compressed_size, *plain,
+ &new_size, NULL);
+
+ }
+ while ((err == LZO_E_OUTPUT_OVERRUN && out_size < max_record_size));
+
+ if (err != LZO_E_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (*plain);
+ *plain = NULL;
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ plain_size = new_size;
+ break;
}
#endif
#ifdef HAVE_LIBZ
case GNUTLS_COMP_DEFLATE:
{
- uLongf out_size;
- z_stream *zhandle;
- int cur_pos;
- int err;
-
- *plain = NULL;
- out_size = compressed_size + compressed_size;
- plain_size = 0;
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) compressed;
- zhandle->avail_in = compressed_size;
-
- cur_pos = 0;
-
- do
- {
- out_size += 512;
- *plain = gnutls_realloc_fast (*plain, out_size);
- if (*plain == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- zhandle->next_out = (Bytef *) (*plain + cur_pos);
- zhandle->avail_out = out_size - cur_pos;
-
- err = inflate (zhandle, Z_SYNC_FLUSH);
-
- cur_pos = out_size - zhandle->avail_out;
-
- }
- while ((err == Z_BUF_ERROR && zhandle->avail_out == 0
- && out_size < max_record_size)
- || (err == Z_OK && zhandle->avail_in != 0));
-
- if (err != Z_OK)
- {
- gnutls_assert ();
- gnutls_free (*plain);
- *plain = NULL;
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- plain_size = out_size - zhandle->avail_out;
- break;
+ uLongf out_size;
+ z_stream *zhandle;
+ int cur_pos;
+ int err;
+
+ *plain = NULL;
+ out_size = compressed_size + compressed_size;
+ plain_size = 0;
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) compressed;
+ zhandle->avail_in = compressed_size;
+
+ cur_pos = 0;
+
+ do
+ {
+ out_size += 512;
+ *plain = gnutls_realloc_fast (*plain, out_size);
+ if (*plain == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ zhandle->next_out = (Bytef *) (*plain + cur_pos);
+ zhandle->avail_out = out_size - cur_pos;
+
+ err = inflate (zhandle, Z_SYNC_FLUSH);
+
+ cur_pos = out_size - zhandle->avail_out;
+
+ }
+ while ((err == Z_BUF_ERROR && zhandle->avail_out == 0
+ && out_size < max_record_size)
+ || (err == Z_OK && zhandle->avail_in != 0));
+
+ if (err != Z_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (*plain);
+ *plain = NULL;
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ plain_size = out_size - zhandle->avail_out;
+ break;
}
#endif
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
+ } /* switch */
if ((size_t) plain_size > max_record_size)
{
#define GNUTLS_COMPRESS_H
int _gnutls_m_plaintext2compressed (gnutls_session_t session,
- gnutls_datum_t * compressed,
- const gnutls_datum_t * plaintext,
- const record_parameters_st * params);
+ gnutls_datum_t * compressed,
+ const gnutls_datum_t * plaintext,
+ const record_parameters_st * params);
int _gnutls_m_compressed2plaintext (gnutls_session_t session,
- gnutls_datum_t * plain,
- const gnutls_datum_t * compressed,
- const record_parameters_st * params);
+ gnutls_datum_t * plain,
+ const gnutls_datum_t * compressed,
+ const record_parameters_st * params);
/* Algorithm handling. */
int _gnutls_supported_compression_methods (gnutls_session_t session,
- uint8_t ** comp);
+ uint8_t ** comp);
int _gnutls_compression_is_ok (gnutls_compression_method_t algorithm);
int _gnutls_compression_get_num (gnutls_compression_method_t algorithm);
gnutls_compression_method_t _gnutls_compression_get_id (int num);
void _gnutls_comp_deinit (comp_hd_t handle, int d);
int _gnutls_decompress (comp_hd_t handle, opaque * compressed,
- size_t compressed_size, opaque ** plain,
- size_t max_record_size);
+ size_t compressed_size, opaque ** plain,
+ size_t max_record_size);
int _gnutls_compress (comp_hd_t, const opaque * plain, size_t plain_size,
- opaque ** compressed, size_t max_comp_size);
+ opaque ** compressed, size_t max_comp_size);
struct gnutls_compression_entry
{
*/
static int
_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
- int hash_size, int IV_size, int key_size, int export_flag)
+ int hash_size, int IV_size, int key_size, int export_flag)
{
/* FIXME: This function is too long
*/
char buf[65];
/* avoid using malloc */
opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
- 2 * MAX_CIPHER_BLOCK_SIZE];
+ 2 * MAX_CIPHER_BLOCK_SIZE];
record_state_st *client_write, *server_write;
client_write =
block_size += 2 * IV_size;
memcpy (rnd, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
memcpy (rrnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
+ { /* SSL 3 */
ret =
- _gnutls_ssl3_generate_random
- (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
- 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
+ _gnutls_ssl3_generate_random
+ (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
+ 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
}
else
- { /* TLS 1.0 */
+ { /* TLS 1.0 */
ret =
- _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
- rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
+ _gnutls_PRF (session, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
+ rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
}
if (ret < 0)
return gnutls_assert_val (ret);
_gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
- _gnutls_bin2hex (key_block, block_size, buf,
- sizeof (buf), NULL));
+ _gnutls_bin2hex (key_block, block_size, buf,
+ sizeof (buf), NULL));
pos = 0;
if (hash_size > 0)
{
if (_gnutls_sset_datum
- (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
if (_gnutls_sset_datum
- (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
}
int client_write_key_size, server_write_key_size;
if (export_flag == 0)
- {
- client_write_key = &key_block[pos];
- client_write_key_size = key_size;
+ {
+ client_write_key = &key_block[pos];
+ client_write_key_size = key_size;
- pos += key_size;
+ pos += key_size;
- server_write_key = &key_block[pos];
- server_write_key_size = key_size;
+ server_write_key = &key_block[pos];
+ server_write_key_size = key_size;
- pos += key_size;
+ pos += key_size;
- }
+ }
else
- { /* export */
- client_write_key = key1;
- server_write_key = key2;
-
- /* generate the final keys */
-
- if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
- ret =
- _gnutls_ssl3_hash_md5 (&key_block[pos],
- key_size, rrnd,
- 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- client_write_key);
-
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_PRF (session, &key_block[pos], key_size,
- cliwrite, cliwrite_length,
- rrnd,
- 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE, client_write_key);
- }
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- client_write_key_size = EXPORT_FINAL_KEY_SIZE;
- pos += key_size;
-
- if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
- ret =
- _gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
- rnd, 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- server_write_key);
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_PRF (session, &key_block[pos], key_size,
- servwrite, servwrite_length,
- rrnd, 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE, server_write_key);
- }
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- server_write_key_size = EXPORT_FINAL_KEY_SIZE;
- pos += key_size;
- }
+ { /* export */
+ client_write_key = key1;
+ server_write_key = key2;
+
+ /* generate the final keys */
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5 (&key_block[pos],
+ key_size, rrnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ client_write_key);
+
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF (session, &key_block[pos], key_size,
+ cliwrite, cliwrite_length,
+ rrnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, client_write_key);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ client_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
+ rnd, 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ server_write_key);
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF (session, &key_block[pos], key_size,
+ servwrite, servwrite_length,
+ rrnd, 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, server_write_key);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ server_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
+ }
if (_gnutls_sset_datum
- (&client_write->key, client_write_key, client_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&client_write->key, client_write_key, client_write_key_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
- client_write_key_size,
- _gnutls_bin2hex (client_write_key,
- client_write_key_size, buf,
- sizeof (buf), NULL));
+ client_write_key_size,
+ _gnutls_bin2hex (client_write_key,
+ client_write_key_size, buf,
+ sizeof (buf), NULL));
if (_gnutls_sset_datum
- (&server_write->key, server_write_key, server_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->key, server_write_key, server_write_key_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
- server_write_key_size,
- _gnutls_bin2hex (server_write_key,
- server_write_key_size, buf,
- sizeof (buf), NULL));
+ server_write_key_size,
+ _gnutls_bin2hex (server_write_key,
+ server_write_key_size, buf,
+ sizeof (buf), NULL));
}
if (IV_size > 0 && export_flag == 0)
{
if (_gnutls_sset_datum
- (&client_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&client_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
if (_gnutls_sset_datum
- (&server_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2];
if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
- ret = _gnutls_ssl3_hash_md5 ("", 0,
- rrnd, GNUTLS_RANDOM_SIZE * 2,
- IV_size, iv_block);
+ { /* SSL 3 */
+ ret = _gnutls_ssl3_hash_md5 ("", 0,
+ rrnd, GNUTLS_RANDOM_SIZE * 2,
+ IV_size, iv_block);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
- ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
- GNUTLS_RANDOM_SIZE * 2,
- IV_size, &iv_block[IV_size]);
+ ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
+ GNUTLS_RANDOM_SIZE * 2,
+ IV_size, &iv_block[IV_size]);
- }
+ }
else
- { /* TLS 1.0 */
- ret = _gnutls_PRF (session, "", 0,
- ivblock, ivblock_length, rrnd,
- 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
- }
+ { /* TLS 1.0 */
+ ret = _gnutls_PRF (session, "", 0,
+ ivblock, ivblock_length, rrnd,
+ 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
+ }
if (ret < 0)
- return gnutls_assert_val (ret);
+ return gnutls_assert_val (ret);
if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
if (_gnutls_sset_datum
- (&server_write->IV, &iv_block[IV_size], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->IV, &iv_block[IV_size], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
}
return 0;
static int
_gnutls_init_record_state (record_parameters_st * params, int read,
- record_state_st * state)
+ record_state_st * state)
{
int ret;
ret = _gnutls_cipher_init (&state->cipher_state,
- params->cipher_algorithm,
- &state->key, &state->IV);
+ params->cipher_algorithm,
+ &state->key, &state->IV);
if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
return gnutls_assert_val (ret);
int
_gnutls_epoch_set_cipher_suite (gnutls_session_t session,
- int epoch_rel, cipher_suite_st * suite)
+ int epoch_rel, cipher_suite_st * suite)
{
gnutls_cipher_algorithm_t cipher_algo;
gnutls_mac_algorithm_t mac_algo;
int
_gnutls_epoch_set_compression (gnutls_session_t session,
- int epoch_rel,
- gnutls_compression_method_t comp_algo)
+ int epoch_rel,
+ gnutls_compression_method_t comp_algo)
{
record_parameters_st *params;
int ret;
void
_gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st * params)
+ record_parameters_st * params)
{
/* This is only called on startup. We are extra paranoid about this
because it may cause unencrypted application data to go out on
static int
_gnutls_check_algos (gnutls_session_t session,
- cipher_suite_st * suite,
- gnutls_compression_method_t comp_algo)
+ cipher_suite_st * suite,
+ gnutls_compression_method_t comp_algo)
{
gnutls_cipher_algorithm_t cipher_algo;
gnutls_mac_algorithm_t mac_algo;
if (session->internals.resumed == RESUME_FALSE)
{
ret = _gnutls_check_algos (session,
- &session->
- security_parameters.current_cipher_suite,
- session->internals.compression_method);
+ &session->
+ security_parameters.current_cipher_suite,
+ session->internals.compression_method);
if (ret < 0)
- return ret;
+ return ret;
ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite));
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
if (ret < 0)
- return ret;
+ return ret;
}
else if (session->security_parameters.entity == GNUTLS_CLIENT)
_gnutls_set_resumed_parameters (session);
return ret;
_gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
- session,
- _gnutls_cipher_suite_get_name
- (&session->
- security_parameters.current_cipher_suite));
+ session,
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
session->security_parameters.epoch_read = epoch_next;
_gnutls_epoch_gc (session);
if (session->internals.resumed == RESUME_FALSE)
{
ret = _gnutls_check_algos (session,
- &session->
- security_parameters.current_cipher_suite,
- session->internals.compression_method);
+ &session->
+ security_parameters.current_cipher_suite,
+ session->internals.compression_method);
if (ret < 0)
- return ret;
+ return ret;
ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite));
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
if (ret < 0)
- return ret;
+ return ret;
}
else if (session->security_parameters.entity == GNUTLS_SERVER)
_gnutls_set_resumed_parameters (session);
return gnutls_assert_val (ret);
_gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
- _gnutls_cipher_suite_get_name
- (&session->
- security_parameters.current_cipher_suite));
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
_gnutls_handshake_log
("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
static inline int
epoch_resolve (gnutls_session_t session,
- unsigned int epoch_rel, uint16_t * epoch_out)
+ unsigned int epoch_rel, uint16_t * epoch_out)
{
switch (epoch_rel)
{
default:
if (epoch_rel > 0xffffu)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
*epoch_out = epoch_rel;
return 0;
int
_gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st ** params_out)
+ record_parameters_st ** params_out)
{
uint16_t epoch;
record_parameters_st **params;
int
_gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
- record_parameters_st ** out)
+ record_parameters_st ** out)
{
record_parameters_st **slot;
/* DTLS will, in addition, need to check the epoch timeout value. */
return (params->epoch == sp->epoch_read
- || params->epoch == sp->epoch_write
- || params->epoch == sp->epoch_next);
+ || params->epoch == sp->epoch_write
+ || params->epoch == sp->epoch_next);
}
void
/* Free all dead cipher state */
for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL
- && !epoch_alive (session, session->record_parameters[i]))
+ && !epoch_alive (session, session->record_parameters[i]))
{
- _gnutls_epoch_free (session, session->record_parameters[i]);
- session->record_parameters[i] = NULL;
+ _gnutls_epoch_free (session, session->record_parameters[i]);
+ session->record_parameters[i] = NULL;
}
/* Look for contiguous NULLs at the start of the array */
#define GNUTLS_CONSTATE_H
int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel,
- cipher_suite_st * suite);
+ cipher_suite_st * suite);
int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel,
- gnutls_compression_method_t comp_algo);
+ gnutls_compression_method_t comp_algo);
void _gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st * params);
+ record_parameters_st * params);
int _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch);
int _gnutls_connection_state_init (gnutls_session_t session);
int _gnutls_read_connection_state_init (gnutls_session_t session);
int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo);
int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st ** params_out);
+ record_parameters_st ** params_out);
int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
- record_parameters_st ** out);
+ record_parameters_st ** out);
void _gnutls_epoch_gc (gnutls_session_t session);
void _gnutls_epoch_free (gnutls_session_t session,
- record_parameters_st * state);
+ record_parameters_st * state);
#endif
int
_gnutls_set_datum_m (gnutls_datum_t * dat, const void *data,
- size_t data_size, gnutls_alloc_function galloc_func)
+ size_t data_size, gnutls_alloc_function galloc_func)
{
if (data_size == 0 || data == NULL)
{
int
_gnutls_datum_append_m (gnutls_datum_t * dst, const void *data,
- size_t data_size,
- gnutls_realloc_function grealloc_func)
+ size_t data_size,
+ gnutls_realloc_function grealloc_func)
{
dst->data = grealloc_func (dst->data, data_size + dst->size);
void _gnutls_write_datum8 (opaque * dest, gnutls_datum_t dat);
int _gnutls_set_datum_m (gnutls_datum_t * dat, const void *data,
- size_t data_size, gnutls_alloc_function);
+ size_t data_size, gnutls_alloc_function);
#define _gnutls_set_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_malloc)
#define _gnutls_sset_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_secure_malloc)
int _gnutls_datum_append_m (gnutls_datum_t * dat, const void *data,
- size_t data_size, gnutls_realloc_function);
+ size_t data_size, gnutls_realloc_function);
#define _gnutls_datum_append(x,y,z) _gnutls_datum_append_m(x,y,z, gnutls_realloc)
void _gnutls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function);
**/
void
gnutls_db_set_retrieve_function (gnutls_session_t session,
- gnutls_db_retr_func retr_func)
+ gnutls_db_retr_func retr_func)
{
session->internals.db_retrieve_func = retr_func;
}
**/
void
gnutls_db_set_remove_function (gnutls_session_t session,
- gnutls_db_remove_func rem_func)
+ gnutls_db_remove_func rem_func)
{
session->internals.db_remove_func = rem_func;
}
**/
void
gnutls_db_set_store_function (gnutls_session_t session,
- gnutls_db_store_func store_func)
+ gnutls_db_store_func store_func)
{
session->internals.db_store_func = store_func;
}
if (session_entry.data != NULL)
if (timestamp -
- ((security_parameters_st *) (session_entry.data))->timestamp <=
- session->internals.expire_time
- || ((security_parameters_st *) (session_entry.data))->timestamp >
- timestamp
- || ((security_parameters_st *) (session_entry.data))->timestamp == 0)
+ ((security_parameters_st *) (session_entry.data))->timestamp <=
+ session->internals.expire_time
+ || ((security_parameters_st *) (session_entry.data))->timestamp >
+ timestamp
+ || ((security_parameters_st *) (session_entry.data))->timestamp == 0)
return GNUTLS_E_EXPIRED;
return 0;
int
_gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id, int session_id_size)
+ uint8_t * session_id, int session_id_size)
{
gnutls_datum_t data;
gnutls_datum_t key;
int
_gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
- int session_id_size)
+ int session_id_size)
{
gnutls_datum_t key;
*/
int
_gnutls_store_session (gnutls_session_t session,
- gnutls_datum_t session_id, gnutls_datum_t session_data)
+ gnutls_datum_t session_id, gnutls_datum_t session_data)
{
int ret = 0;
if (session->internals.db_store_func != NULL)
ret =
session->internals.db_store_func (session->internals.db_ptr,
- session_id, session_data);
+ session_id, session_data);
return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
if (session->internals.db_retrieve_func != NULL)
ret =
session->internals.db_retrieve_func (session->internals.db_ptr,
- session_id);
+ session_id);
return ret;
if (session->internals.db_remove_func != NULL)
ret =
session->internals.db_remove_func (session->internals.db_ptr,
- session_id);
+ session_id);
return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
gnutls_db_remove_session (gnutls_session_t session)
{
_gnutls_db_remove_session (session,
- session->security_parameters.session_id,
- session->security_parameters.session_id_size);
+ session->security_parameters.session_id,
+ session->security_parameters.session_id_size);
}
int _gnutls_server_register_current_session (gnutls_session_t session);
int _gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id,
- int session_id_size);
+ uint8_t * session_id,
+ int session_id_size);
int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
- int session_id_size);
+ int session_id_size);
int _gnutls_store_session (gnutls_session_t session,
- gnutls_datum_t session_id,
- gnutls_datum_t session_data);
+ gnutls_datum_t session_id,
+ gnutls_datum_t session_data);
gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session,
- gnutls_datum_t session_id);
+ gnutls_datum_t session_id);
int _gnutls_remove_session (gnutls_session_t session,
- gnutls_datum_t session_id);
+ gnutls_datum_t session_id);
{
gnutls_assert ();
if (ret_x)
- *ret_x = NULL;
+ *ret_x = NULL;
_gnutls_mpi_release (&x);
return NULL;
-*/
gnutls_dh_params_t
_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
- gnutls_params_function * func,
- gnutls_session_t session)
+ gnutls_params_function * func,
+ gnutls_session_t session)
{
gnutls_params_st params;
int ret;
{
ret = func (session, GNUTLS_PARAMS_DH, ¶ms);
if (ret == 0 && params.type == GNUTLS_PARAMS_DH)
- {
- session->internals.params.dh_params = params.params.dh;
- session->internals.params.free_dh_params = params.deinit;
- }
+ {
+ session->internals.params.dh_params = params.params.dh;
+ session->internals.params.free_dh_params = params.deinit;
+ }
}
return session->internals.params.dh_params;
gnutls_dh_params_t
_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
- gnutls_params_function * func,
- gnutls_session_t session);
+ gnutls_params_function * func,
+ gnutls_session_t session);
#endif
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_datum.h>
-#include <x509_b64.h> /* for PKCS3 PEM decoding */
+#include <x509_b64.h> /* for PKCS3 PEM decoding */
#include <gnutls_global.h>
#include <gnutls_dh.h>
#include <gnutls_pk.h>
**/
int
gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
- const gnutls_datum_t * prime,
- const gnutls_datum_t * generator)
+ const gnutls_datum_t * prime,
+ const gnutls_datum_t * generator)
{
bigint_t tmp_prime, tmp_g;
size_t siz;
**/
int
gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
- const gnutls_datum_t * pkcs3_params,
- gnutls_x509_crt_fmt_t format)
+ const gnutls_datum_t * pkcs3_params,
+ gnutls_x509_crt_fmt_t format)
{
ASN1_TYPE c2;
int result, need_free = 0;
opaque *out;
result = _gnutls_fbase64_decode ("DH PARAMETERS",
- pkcs3_params->data,
- pkcs3_params->size, &out);
+ pkcs3_params->data,
+ pkcs3_params->size, &out);
if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
_params.data = out;
_params.size = result;
{
gnutls_assert ();
if (need_free != 0)
- {
- gnutls_free (_params.data);
- _params.data = NULL;
- }
+ {
+ gnutls_free (_params.data);
+ _params.data = NULL;
+ }
return _gnutls_asn2err (result);
}
**/
int
gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size)
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
ASN1_TYPE c2;
int result, _params_data_size;
/* Write PRIME
*/
if ((result = asn1_write_value (c2, "prime",
- p_data, p_size)) != ASN1_SUCCESS)
+ p_data, p_size)) != ASN1_SUCCESS)
{
gnutls_assert ();
gnutls_free (all_data);
/* Write the GENERATOR
*/
if ((result = asn1_write_value (c2, "base",
- g_data, g_size)) != ASN1_SUCCESS)
+ g_data, g_size)) != ASN1_SUCCESS)
{
gnutls_assert ();
gnutls_free (all_data);
gnutls_free (all_data);
if ((result = asn1_write_value (c2, "privateValueLength",
- NULL, 0)) != ASN1_SUCCESS)
+ NULL, 0)) != ASN1_SUCCESS)
{
gnutls_assert ();
asn1_delete_structure (&c2);
if (format == GNUTLS_X509_FMT_DER)
{
if (params_data == NULL)
- *params_data_size = 0;
+ *params_data_size = 0;
_params_data_size = *params_data_size;
result =
- asn1_der_coding (c2, "", params_data, &_params_data_size, NULL);
+ asn1_der_coding (c2, "", params_data, &_params_data_size, NULL);
*params_data_size = _params_data_size;
asn1_delete_structure (&c2);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- if (result == ASN1_MEM_ERROR)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ {
+ gnutls_assert ();
+ if (result == ASN1_MEM_ERROR)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
- return _gnutls_asn2err (result);
- }
+ return _gnutls_asn2err (result);
+ }
}
else
- { /* PEM */
+ { /* PEM */
opaque *tmp;
opaque *out;
int len;
tmp = gnutls_malloc (len);
if (tmp == NULL)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
if ((result =
- asn1_der_coding (c2, "", tmp, &len, NULL)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
+ asn1_der_coding (c2, "", tmp, &len, NULL)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (tmp);
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
asn1_delete_structure (&c2);
gnutls_free (tmp);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
if (result == 0)
- { /* oooops */
- gnutls_assert ();
- gnutls_free (out);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ { /* oooops */
+ gnutls_assert ();
+ gnutls_free (out);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
if ((unsigned) result > *params_data_size)
- {
- gnutls_assert ();
- gnutls_free (out);
- *params_data_size = result;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (out);
+ *params_data_size = result;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
*params_data_size = result - 1;
if (params_data)
- memcpy (params_data, out, result);
+ memcpy (params_data, out, result);
gnutls_free (out);
**/
int
gnutls_dh_params_export_raw (gnutls_dh_params_t params,
- gnutls_datum_t * prime,
- gnutls_datum_t * generator, unsigned int *bits)
+ gnutls_datum_t * prime,
+ gnutls_datum_t * generator, unsigned int *bits)
{
int ret;
const char *desc;
const char *_name;
int number;
- int fatal; /* whether this error is fatal and the session for handshake
- * should be terminated.
- */
+ int fatal; /* whether this error is fatal and the session for handshake
+ * should be terminated.
+ */
};
typedef struct gnutls_error_entry gnutls_error_entry;
/* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
- GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
+ GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
ERROR_ENTRY (N_("The cipher type is unsupported."),
- GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
+ GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
ERROR_ENTRY (N_("The certificate and the given key do not match."),
- GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
+ GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
- GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
+ GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
- GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
+ GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
- GNUTLS_E_UNWANTED_ALGORITHM, 1),
+ GNUTLS_E_UNWANTED_ALGORITHM, 1),
ERROR_ENTRY (N_("A large TLS record packet was received."),
- GNUTLS_E_LARGE_PACKET, 1),
+ GNUTLS_E_LARGE_PACKET, 1),
ERROR_ENTRY (N_("A record packet with illegal version was received."),
- GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
+ GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
ERROR_ENTRY (N_
- ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
- GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
+ ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
+ GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
- GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
ERROR_ENTRY (N_
- ("The specified session has been invalidated for some reason."),
- GNUTLS_E_INVALID_SESSION, 1),
+ ("The specified session has been invalidated for some reason."),
+ GNUTLS_E_INVALID_SESSION, 1),
ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
ERROR_ENTRY (N_("An illegal TLS extension was received."),
- GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
+ GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
ERROR_ENTRY (N_("A TLS fatal alert has been received."),
- GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
+ GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
ERROR_ENTRY (N_("An unexpected TLS packet was received."),
- GNUTLS_E_UNEXPECTED_PACKET, 1),
+ GNUTLS_E_UNEXPECTED_PACKET, 1),
ERROR_ENTRY (N_("A TLS warning alert has been received."),
- GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
+ GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
ERROR_ENTRY (N_
- ("An error was encountered at the TLS Finished packet calculation."),
- GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
+ ("An error was encountered at the TLS Finished packet calculation."),
+ GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
ERROR_ENTRY (N_("The peer did not send any certificate."),
- GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
+ GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
- GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
+ GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
ERROR_ENTRY (N_("No temporary RSA parameters were found."),
- GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
+ GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
ERROR_ENTRY (N_("No temporary DH parameters were found."),
- GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
+ GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
- GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
ERROR_ENTRY (N_("The scanning of a large integer has failed."),
- GNUTLS_E_MPI_SCAN_FAILED, 1),
+ GNUTLS_E_MPI_SCAN_FAILED, 1),
ERROR_ENTRY (N_("Could not export a large integer."),
- GNUTLS_E_MPI_PRINT_FAILED, 1),
+ GNUTLS_E_MPI_PRINT_FAILED, 1),
ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
ERROR_ENTRY (N_("Public key decryption has failed."),
- GNUTLS_E_PK_DECRYPTION_FAILED, 1),
+ GNUTLS_E_PK_DECRYPTION_FAILED, 1),
ERROR_ENTRY (N_("Public key encryption has failed."),
- GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
+ GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
- 1),
+ 1),
ERROR_ENTRY (N_("Public key signature verification has failed."),
- GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
+ GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
- GNUTLS_E_DECOMPRESSION_FAILED, 1),
+ GNUTLS_E_DECOMPRESSION_FAILED, 1),
ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
- GNUTLS_E_COMPRESSION_FAILED, 1),
+ GNUTLS_E_COMPRESSION_FAILED, 1),
ERROR_ENTRY (N_("Internal error in memory allocation."),
- GNUTLS_E_MEMORY_ERROR, 1),
+ GNUTLS_E_MEMORY_ERROR, 1),
ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
- GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
+ GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
ERROR_ENTRY (N_("Insufficient credentials for that request."),
- GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
- 1),
+ 1),
ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
- 1),
+ 1),
ERROR_ENTRY (N_("Base64 unexpected header error."),
- GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
- 1),
+ GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
+ 1),
ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
- 1),
+ 1),
ERROR_ENTRY (N_("Parsing error in password file."),
- GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
+ GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
ERROR_ENTRY (N_("The requested data were not available."),
- GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
ERROR_ENTRY (N_
- ("The upper limit of record packet sequence numbers has been reached. Wow!"),
- GNUTLS_E_RECORD_LIMIT_REACHED, 1),
+ ("The upper limit of record packet sequence numbers has been reached. Wow!"),
+ GNUTLS_E_RECORD_LIMIT_REACHED, 1),
ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
- 1),
+ 1),
ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
- GNUTLS_E_X509_UNKNOWN_SAN, 1),
+ GNUTLS_E_X509_UNKNOWN_SAN, 1),
ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
- GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
+ GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
- GNUTLS_E_KEY_USAGE_VIOLATION, 1),
+ GNUTLS_E_KEY_USAGE_VIOLATION, 1),
ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
- GNUTLS_E_AGAIN, 0),
+ GNUTLS_E_AGAIN, 0),
ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
- GNUTLS_E_REHANDSHAKE, 0),
+ GNUTLS_E_REHANDSHAKE, 0),
ERROR_ENTRY (N_
- ("TLS Application data were received, while expecting handshake data."),
- GNUTLS_E_GOT_APPLICATION_DATA, 1),
+ ("TLS Application data were received, while expecting handshake data."),
+ GNUTLS_E_GOT_APPLICATION_DATA, 1),
ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
ERROR_ENTRY (N_("The certificate type is not supported."),
- GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
- GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
+ GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
ERROR_ENTRY (N_("An illegal parameter has been received."),
- GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
+ GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
- GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
+ GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
- GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
+ GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
- GNUTLS_E_ASN1_DER_ERROR, 1),
+ GNUTLS_E_ASN1_DER_ERROR, 1),
ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
- GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
+ GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
- GNUTLS_E_ASN1_GENERIC_ERROR, 1),
+ GNUTLS_E_ASN1_GENERIC_ERROR, 1),
ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
- GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
+ GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
- GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
+ GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
- GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
+ GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
- 1),
+ 1),
ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
- GNUTLS_E_ASN1_DER_OVERFLOW, 1),
+ GNUTLS_E_ASN1_DER_OVERFLOW, 1),
ERROR_ENTRY (N_("Too many empty record packets have been received."),
- GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
+ GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
- GNUTLS_E_INIT_LIBEXTRA, 1),
+ GNUTLS_E_INIT_LIBEXTRA, 1),
ERROR_ENTRY (N_
- ("The GnuTLS library version does not match the GnuTLS-extra library version."),
- GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
+ ("The GnuTLS library version does not match the GnuTLS-extra library version."),
+ GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
ERROR_ENTRY (N_("The gcrypt library version is too old."),
- GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
+ GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
ERROR_ENTRY (N_("The tasn1 library version is too old."),
- GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
+ GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
- GNUTLS_E_OPENPGP_UID_REVOKED, 1),
+ GNUTLS_E_OPENPGP_UID_REVOKED, 1),
ERROR_ENTRY (N_("Error loading the keyring."),
- GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
+ GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
ERROR_ENTRY (N_("The initialization of crypto backend has failed."),
- GNUTLS_E_CRYPTO_INIT_FAILED, 1),
+ GNUTLS_E_CRYPTO_INIT_FAILED, 1),
ERROR_ENTRY (N_("The initialization of LZO has failed."),
- GNUTLS_E_LZO_INIT_FAILED, 1),
+ GNUTLS_E_LZO_INIT_FAILED, 1),
ERROR_ENTRY (N_("No supported compression algorithms have been found."),
- GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
+ GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
ERROR_ENTRY (N_("No supported cipher suites have been found."),
- GNUTLS_E_NO_CIPHER_SUITES, 1),
+ GNUTLS_E_NO_CIPHER_SUITES, 1),
ERROR_ENTRY (N_("Could not get OpenPGP key."),
- GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
+ GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
- GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
+ GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
ERROR_ENTRY (N_("Safe renegotiation failed."),
- GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
+ GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
ERROR_ENTRY (N_("Unsafe renegotiation denied."),
- GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
ERROR_ENTRY (N_("The SRP username supplied is illegal."),
- GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
+ GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
ERROR_ENTRY (N_("The SRP username supplied is unknown."),
- GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
+ GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
- GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
+ GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
ERROR_ENTRY (N_("The signature algorithm is not supported."),
- GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
+ GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
ERROR_ENTRY (N_("The certificate has unsupported attributes."),
- GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
+ GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
- 1),
+ 1),
ERROR_ENTRY (N_("The hash algorithm is unknown."),
- GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
- GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
+ GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
- GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
+ GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
ERROR_ENTRY (N_("The given password contains invalid characters."),
- GNUTLS_E_INVALID_PASSWORD, 1),
+ GNUTLS_E_INVALID_PASSWORD, 1),
ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
- GNUTLS_E_MAC_VERIFY_FAILED, 1),
+ GNUTLS_E_MAC_VERIFY_FAILED, 1),
ERROR_ENTRY (N_("Some constraint limits were reached."),
- GNUTLS_E_CONSTRAINT_ERROR, 1),
+ GNUTLS_E_CONSTRAINT_ERROR, 1),
ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
- 1),
+ 1),
ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
- GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
+ GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
- GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
+ GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
- GNUTLS_E_IA_VERIFY_FAILED, 1),
+ GNUTLS_E_IA_VERIFY_FAILED, 1),
ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
- GNUTLS_E_UNKNOWN_ALGORITHM, 1),
+ GNUTLS_E_UNKNOWN_ALGORITHM, 1),
ERROR_ENTRY (N_("The handshake data size is too large (DoS?), "
- "check gnutls_handshake_set_max_packet_length()."),
- GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
+ "check gnutls_handshake_set_max_packet_length()."),
+ GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
ERROR_ENTRY (N_("Error opening /dev/crypto"),
- GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
+ GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
- GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
+ GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
ERROR_ENTRY (N_("Channel binding data not available"),
- GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
+ GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
ERROR_ENTRY (N_("PKCS #11 error."),
- GNUTLS_E_PKCS11_ERROR, 1),
+ GNUTLS_E_PKCS11_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 initialization error."),
- GNUTLS_E_PKCS11_LOAD_ERROR, 1),
+ GNUTLS_E_PKCS11_LOAD_ERROR, 1),
ERROR_ENTRY (N_("Error in parsing."),
- GNUTLS_E_PARSING_ERROR, 1),
+ GNUTLS_E_PARSING_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in PIN."),
- GNUTLS_E_PKCS11_PIN_ERROR, 1),
+ GNUTLS_E_PKCS11_PIN_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 PIN should be saved."),
- GNUTLS_E_PKCS11_ERROR, 1),
+ GNUTLS_E_PKCS11_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in slot"),
- GNUTLS_E_PKCS11_SLOT_ERROR, 1),
+ GNUTLS_E_PKCS11_SLOT_ERROR, 1),
ERROR_ENTRY (N_("Thread locking error"),
- GNUTLS_E_LOCKING_ERROR, 1),
+ GNUTLS_E_LOCKING_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in attribute"),
- GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
+ GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in device"),
- GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
+ GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in data"),
- GNUTLS_E_PKCS11_DATA_ERROR, 1),
+ GNUTLS_E_PKCS11_DATA_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 unsupported feature"),
- GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
+ GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in key"),
- GNUTLS_E_PKCS11_KEY_ERROR, 1),
+ GNUTLS_E_PKCS11_KEY_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 PIN expired"),
- GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
+ GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
ERROR_ENTRY (N_("PKCS #11 PIN locked"),
- GNUTLS_E_PKCS11_PIN_LOCKED, 1),
+ GNUTLS_E_PKCS11_PIN_LOCKED, 1),
ERROR_ENTRY (N_("PKCS #11 error in session"),
- GNUTLS_E_PKCS11_SESSION_ERROR, 1),
+ GNUTLS_E_PKCS11_SESSION_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in signature"),
- GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
+ GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error in token"),
- GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
+ GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 user error"),
- GNUTLS_E_PKCS11_USER_ERROR, 1),
+ GNUTLS_E_PKCS11_USER_ERROR, 1),
{NULL, NULL, 0, 0}
};
for (p = error_algorithms; p->desc != NULL; p++)
{
if (p->number == error)
- {
- ret = p->fatal;
- break;
- }
+ {
+ ret = p->fatal;
+ break;
+ }
}
return ret;
for (p = error_algorithms; p->desc != NULL; p++)
{
if (p->number == error)
- {
- ret = p->desc;
- break;
- }
+ {
+ ret = p->desc;
+ break;
+ }
}
/* avoid prefix */
for (p = error_algorithms; p->desc != NULL; p++)
{
if (p->number == error)
- {
- ret = p->_name;
- break;
- }
+ {
+ ret = p->_name;
+ break;
+ }
}
return ret;
{
gnutls_assert ();
_gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res,
- (int) binlen);
+ (int) binlen);
return;
}
{
gnutls_assert ();
_gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res,
- (int) binlen);
+ (int) binlen);
gnutls_free (binbuf);
return;
}
_gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen, NULL);
_gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
- hexbuf);
+ hexbuf);
gnutls_free (hexbuf);
gnutls_free (binbuf);
static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
- uint16_t type);
+ uint16_t type);
static size_t extfunc_size = 0;
for (i = 0; i < extfunc_size; i++)
{
if (extfunc[i].type == type)
- return extfunc[i].parse_type;
+ return extfunc[i].parse_type;
}
return GNUTLS_EXT_NONE;
for (i = 0; i < extfunc_size; i++)
if (extfunc[i].type == type)
if (parse_type == GNUTLS_EXT_ANY || extfunc[i].parse_type == parse_type)
- return extfunc[i].recv_func;
+ return extfunc[i].recv_func;
return NULL;
}
int i;
for (i = 0; i < session->internals.extensions_sent_size; i++)
- {
- if (type == session->internals.extensions_sent[i])
- return 0; /* ok found */
- }
+ {
+ if (type == session->internals.extensions_sent[i])
+ return 0; /* ok found */
+ }
return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
}
int
_gnutls_parse_extensions (gnutls_session_t session,
- gnutls_ext_parse_type_t parse_type,
- const opaque * data, int data_size)
+ gnutls_ext_parse_type_t parse_type,
+ const opaque * data, int data_size)
{
int next, ret;
int pos = 0;
if (session->security_parameters.entity == GNUTLS_CLIENT)
for (i = 0; i < session->internals.extensions_sent_size; i++)
{
- _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n",
- session,
- _gnutls_extension_get_name
- (session->internals.extensions_sent[i]));
+ _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n",
+ session,
+ _gnutls_extension_get_name
+ (session->internals.extensions_sent[i]));
}
#endif
#if 0
_gnutls_debug_log ("EXT[%p]: Found extension '%s/%d'\n", session,
- _gnutls_extension_get_name (type), type);
+ _gnutls_extension_get_name (type), type);
#endif
if ((ret = _gnutls_extension_list_check (session, type)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
DECR_LENGTH_RET (next, 2, 0);
size = _gnutls_read_uint16 (&data[pos]);
ext_recv = _gnutls_ext_func_recv (type, parse_type);
if (ext_recv == NULL)
- continue;
+ continue;
_gnutls_debug_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
- session, _gnutls_extension_get_name (type), type,
- size);
+ session, _gnutls_extension_get_name (type), type,
+ size);
if ((ret = ext_recv (session, sdata, size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
while (next > 2);
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
if (session->internals.extensions_sent_size < MAX_EXT_TYPES)
- {
- session->internals.extensions_sent[session->internals.
- extensions_sent_size] = type;
- session->internals.extensions_sent_size++;
- }
+ {
+ session->internals.extensions_sent[session->internals.
+ extensions_sent_size] = type;
+ session->internals.extensions_sent_size++;
+ }
else
- {
- _gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n");
- }
+ {
+ _gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n");
+ }
}
}
int
_gnutls_gen_extensions (gnutls_session_t session, opaque * data,
- size_t data_size, gnutls_ext_parse_type_t parse_type)
+ size_t data_size, gnutls_ext_parse_type_t parse_type)
{
int size;
uint16_t pos = 0;
extension_entry_st *p = &extfunc[i];
if (p->send_func == NULL)
- continue;
+ continue;
if (parse_type != GNUTLS_EXT_ANY && p->parse_type != parse_type)
- continue;
+ continue;
size = p->send_func (session, sdata, sdata_size);
if (size > 0 || size == GNUTLS_E_INT_RET_0)
- {
- if (size == GNUTLS_E_INT_RET_0)
- size = 0;
-
- if (data_size < pos + (size_t) size + 4)
- {
- gnutls_assert ();
- gnutls_free (sdata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* write extension type */
- _gnutls_write_uint16 (p->type, &data[pos]);
- pos += 2;
-
- /* write size */
- _gnutls_write_uint16 (size, &data[pos]);
- pos += 2;
-
- memcpy (&data[pos], sdata, size);
- pos += size;
-
- /* add this extension to the extension list
- */
- _gnutls_extension_list_add (session, p->type);
-
- _gnutls_debug_log ("EXT[%p]: Sending extension %s (%d bytes)\n",
- session, p->name, size);
- }
+ {
+ if (size == GNUTLS_E_INT_RET_0)
+ size = 0;
+
+ if (data_size < pos + (size_t) size + 4)
+ {
+ gnutls_assert ();
+ gnutls_free (sdata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* write extension type */
+ _gnutls_write_uint16 (p->type, &data[pos]);
+ pos += 2;
+
+ /* write size */
+ _gnutls_write_uint16 (size, &data[pos]);
+ pos += 2;
+
+ memcpy (&data[pos], sdata, size);
+ pos += size;
+
+ /* add this extension to the extension list
+ */
+ _gnutls_extension_list_add (session, p->type);
+
+ _gnutls_debug_log ("EXT[%p]: Sending extension %s (%d bytes)\n",
+ session, p->name, size);
+ }
else if (size < 0)
- {
- gnutls_assert ();
- gnutls_free (sdata);
- return size;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (sdata);
+ return size;
+ }
}
size = pos;
- pos -= 2; /* remove the size of the size header! */
+ pos -= 2; /* remove the size of the size header! */
_gnutls_write_uint16 (pos, data);
if (size == 2)
- { /* empty */
+ { /* empty */
size = 0;
}
**/
int
gnutls_ext_register (int type,
- const char *name,
- gnutls_ext_parse_type_t parse_type,
- gnutls_ext_recv_func recv_func,
- gnutls_ext_send_func send_func)
+ const char *name,
+ gnutls_ext_parse_type_t parse_type,
+ gnutls_ext_recv_func recv_func,
+ gnutls_ext_send_func send_func)
{
extension_entry_st ee;
{
ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data);
if (ret >= 0 && extfunc[i].pack_func != NULL)
- {
- BUFFER_APPEND_NUM (packed, extfunc[i].type);
-
- size_offset = packed->length;
- BUFFER_APPEND_NUM (packed, 0);
-
- cur_size = packed->length;
-
- ret = extfunc[i].pack_func (data, packed);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- exts++;
- /* write the actual size */
- _gnutls_write_uint32 (packed->length - cur_size,
- packed->data + size_offset);
- }
+ {
+ BUFFER_APPEND_NUM (packed, extfunc[i].type);
+
+ size_offset = packed->length;
+ BUFFER_APPEND_NUM (packed, 0);
+
+ cur_size = packed->length;
+
+ ret = extfunc[i].pack_func (data, packed);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ exts++;
+ /* write the actual size */
+ _gnutls_write_uint32 (packed->length - cur_size,
+ packed->data + size_offset);
+ }
}
_gnutls_write_uint32 (exts, packed->data + total_exts_pos);
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type (session->internals.
- extension_int_data[i].type) !=
- GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_unset_session_data (session,
- session->
- internals.extension_int_data[i].
- type);
- }
+ _gnutls_ext_parse_type (session->internals.
+ extension_int_data[i].type) !=
+ GNUTLS_EXT_MANDATORY)
+ {
+ _gnutls_ext_unset_session_data (session,
+ session->
+ internals.extension_int_data[i].
+ type);
+ }
}
/* copy resumed to main */
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.resumed_extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type (session->
- internals.resumed_extension_int_data[i].
- type) != GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_set_session_data (session,
- session->
- internals.resumed_extension_int_data
- [i].type,
- session->
- internals.resumed_extension_int_data
- [i].priv);
- session->internals.resumed_extension_int_data[i].set = 0;
- }
+ _gnutls_ext_parse_type (session->
+ internals.resumed_extension_int_data[i].
+ type) != GNUTLS_EXT_MANDATORY)
+ {
+ _gnutls_ext_set_session_data (session,
+ session->
+ internals.resumed_extension_int_data
+ [i].type,
+ session->
+ internals.resumed_extension_int_data
+ [i].priv);
+ session->internals.resumed_extension_int_data[i].set = 0;
+ }
}
}
static void
_gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+ extension_priv_data_t data)
{
int i;
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.resumed_extension_int_data[i].type == type
- || session->internals.resumed_extension_int_data[i].set == 0)
- {
+ || session->internals.resumed_extension_int_data[i].set == 0)
+ {
- if (session->internals.resumed_extension_int_data[i].set != 0)
- _gnutls_ext_unset_resumed_session_data (session, type);
+ if (session->internals.resumed_extension_int_data[i].set != 0)
+ _gnutls_ext_unset_resumed_session_data (session, type);
- session->internals.resumed_extension_int_data[i].type = type;
- session->internals.resumed_extension_int_data[i].priv = data;
- session->internals.resumed_extension_int_data[i].set = 1;
- return;
- }
+ session->internals.resumed_extension_int_data[i].type = type;
+ session->internals.resumed_extension_int_data[i].priv = data;
+ session->internals.resumed_extension_int_data[i].set = 1;
+ return;
+ }
}
}
unpack = _gnutls_ext_func_unpack (type);
if (unpack == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
ret = unpack (packed, &data);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* verify that unpack read the correct bytes */
cur_pos = cur_pos - packed->length;
if (cur_pos /* read length */ != size_for_type)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
_gnutls_ext_set_resumed_session_data (session, type, data);
}
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.extension_int_data[i].type == type)
- {
- session->internals.extension_int_data[i].set = 0;
- return;
- }
+ {
+ session->internals.extension_int_data[i].set = 0;
+ return;
+ }
}
}
static void
_gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
- uint16_t type)
+ uint16_t type)
{
gnutls_ext_deinit_data_func deinit;
extension_priv_data_t data;
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.resumed_extension_int_data[i].type == type)
- {
- session->internals.resumed_extension_int_data[i].set = 0;
- return;
- }
+ {
+ session->internals.resumed_extension_int_data[i].set = 0;
+ return;
+ }
}
}
*/
void
_gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+ extension_priv_data_t data)
{
int i;
gnutls_ext_deinit_data_func deinit;
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.extension_int_data[i].type == type
- || session->internals.extension_int_data[i].set == 0)
- {
- if (session->internals.extension_int_data[i].set != 0)
- {
- if (deinit)
- deinit (session->internals.extension_int_data[i].priv);
- }
- session->internals.extension_int_data[i].type = type;
- session->internals.extension_int_data[i].priv = data;
- session->internals.extension_int_data[i].set = 1;
- return;
- }
+ || session->internals.extension_int_data[i].set == 0)
+ {
+ if (session->internals.extension_int_data[i].set != 0)
+ {
+ if (deinit)
+ deinit (session->internals.extension_int_data[i].priv);
+ }
+ session->internals.extension_int_data[i].type = type;
+ session->internals.extension_int_data[i].priv = data;
+ session->internals.extension_int_data[i].set = 1;
+ return;
+ }
}
}
int
_gnutls_ext_get_session_data (gnutls_session_t session,
- uint16_t type, extension_priv_data_t * data)
+ uint16_t type, extension_priv_data_t * data)
{
int i;
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.extension_int_data[i].set != 0 &&
- session->internals.extension_int_data[i].type == type)
- {
- *data = session->internals.extension_int_data[i].priv;
- return 0;
- }
+ session->internals.extension_int_data[i].type == type)
+ {
+ *data = session->internals.extension_int_data[i].priv;
+ return 0;
+ }
}
return GNUTLS_E_INVALID_REQUEST;
}
int
_gnutls_ext_get_resumed_session_data (gnutls_session_t session,
- uint16_t type,
- extension_priv_data_t * data)
+ uint16_t type,
+ extension_priv_data_t * data)
{
int i;
for (i = 0; i < MAX_EXT_TYPES; i++)
{
if (session->internals.resumed_extension_int_data[i].set != 0 &&
- session->internals.resumed_extension_int_data[i].type == type)
- {
- *data = session->internals.resumed_extension_int_data[i].priv;
- return 0;
- }
+ session->internals.resumed_extension_int_data[i].type == type)
+ {
+ *data = session->internals.resumed_extension_int_data[i].priv;
+ return 0;
+ }
}
return GNUTLS_E_INVALID_REQUEST;
}
#define GNUTLS_EXTENSIONS_H
int _gnutls_parse_extensions (gnutls_session_t session,
- gnutls_ext_parse_type_t parse_type,
- const opaque * data, int data_size);
+ gnutls_ext_parse_type_t parse_type,
+ const opaque * data, int data_size);
int _gnutls_gen_extensions (gnutls_session_t session, opaque * data,
- size_t data_size, gnutls_ext_parse_type_t);
+ size_t data_size, gnutls_ext_parse_type_t);
int _gnutls_ext_init (void);
void _gnutls_ext_deinit (void);
typedef void (*gnutls_ext_deinit_data_func) (extension_priv_data_t data);
typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data,
- gnutls_buffer_st * packed_data);
+ gnutls_buffer_st * packed_data);
typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data,
- extension_priv_data_t * data);
+ extension_priv_data_t * data);
void _gnutls_ext_free_session_data (gnutls_session_t session);
*/
void _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type);
void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t);
+ extension_priv_data_t);
int _gnutls_ext_get_session_data (gnutls_session_t session,
- uint16_t type, extension_priv_data_t *);
+ uint16_t type, extension_priv_data_t *);
int _gnutls_ext_get_resumed_session_data (gnutls_session_t session,
- uint16_t type,
- extension_priv_data_t * data);
+ uint16_t type,
+ extension_priv_data_t * data);
void _gnutls_ext_restore_resumed_session (gnutls_session_t session);
*/
gnutls_ext_send_func send_func;
- gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
- * internal data
- */
- gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
- gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
+ gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
+ * internal data
+ */
+ gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
+ gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
} extension_entry_st;
#include <random.h>
#include <gnutls/pkcs11.h>
-#include <gnutls_extensions.h> /* for _gnutls_ext_init */
+#include <gnutls_extensions.h> /* for _gnutls_ext_init */
#include <gnutls_cryptodev.h>
#include <locks.h>
ASN1_TYPE _gnutls_gnutls_asn;
gnutls_log_func _gnutls_log_func;
-int _gnutls_log_level = 0; /* default log level */
+int _gnutls_log_level = 0; /* default log level */
/**
* gnutls_global_set_log_function:
**/
void
gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
- gnutls_alloc_function secure_alloc_func,
- gnutls_is_secure_function is_secure_func,
- gnutls_realloc_function realloc_func,
- gnutls_free_function free_func)
+ gnutls_alloc_function secure_alloc_func,
+ gnutls_is_secure_function is_secure_func,
+ gnutls_realloc_function realloc_func,
+ gnutls_free_function free_func)
{
gnutls_secure_malloc = secure_alloc_func;
gnutls_malloc = alloc_func;
gnutls_calloc = calloc;
}
else
- { /* use the included ones */
+ { /* use the included ones */
gnutls_calloc = _gnutls_calloc;
}
gnutls_strdup = _gnutls_strdup;
{
gnutls_assert ();
_gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n",
- asn1_check_version (NULL),
- GNUTLS_MIN_LIBTASN1_VERSION);
+ asn1_check_version (NULL),
+ GNUTLS_MIN_LIBTASN1_VERSION);
return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
}
#include <ext_srp.h>
#include <ext_session_ticket.h>
#include <ext_safe_renegotiation.h>
-#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */
-#include <auth_anon.h> /* for gnutls_anon_server_credentials_t */
-#include <auth_psk.h> /* for gnutls_psk_server_credentials_t */
+#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */
+#include <auth_anon.h> /* for gnutls_anon_server_credentials_t */
+#include <auth_psk.h> /* for gnutls_psk_server_credentials_t */
#include <random.h>
#ifdef HANDSHAKE_DEBUG
static int _gnutls_handshake_hash_init (gnutls_session_t session);
static int _gnutls_server_select_comp_method (gnutls_session_t session,
- opaque * data, int datalen);
+ opaque * data, int datalen);
static int
_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
- gnutls_handshake_description_t recv_type,
- opaque * header, uint16_t header_size,
- opaque * dataptr, uint32_t datalen);
+ gnutls_handshake_description_t recv_type,
+ opaque * header, uint16_t header_size,
+ opaque * dataptr, uint32_t datalen);
HANDSHAKE_MAC_TYPE_10)
{
_gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5,
- NULL);
+ NULL);
_gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.sha,
- NULL);
+ NULL);
}
else if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_12)
+ HANDSHAKE_MAC_TYPE_12)
{
_gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls12.
- sha256, NULL);
+ sha256, NULL);
_gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls12.
- sha1, NULL);
+ sha1, NULL);
}
session->security_parameters.handshake_mac_handle_type = 0;
session->internals.handshake_mac_handle_init = 0;
{
/* get the new random values */
memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
/* keep the ciphersuite and compression
* That is because the client must see these in our
* hello message.
*/
memcpy (session->security_parameters.current_cipher_suite.suite,
- session->internals.resumed_security_parameters.current_cipher_suite.
- suite, 2);
+ session->internals.resumed_security_parameters.current_cipher_suite.
+ suite, 2);
_gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- &session->
- internals.resumed_security_parameters.current_cipher_suite);
+ &session->
+ internals.resumed_security_parameters.current_cipher_suite);
_gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->
- internals.resumed_compression_method);
+ session->
+ internals.resumed_compression_method);
/* or write_compression_algorithm
* they are the same
session->internals.resumed_security_parameters.entity;
_gnutls_set_current_version (session,
- session->internals.resumed_security_parameters.
- version);
+ session->internals.resumed_security_parameters.
+ version);
session->security_parameters.cert_type =
session->internals.resumed_security_parameters.cert_type;
memcpy (session->security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id,
- sizeof (session->security_parameters.session_id));
+ session->internals.resumed_security_parameters.session_id,
+ sizeof (session->security_parameters.session_id));
session->security_parameters.session_id_size =
session->internals.resumed_security_parameters.session_id_size;
_gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd)
{
memcpy (session->security_parameters.server_random, rnd,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
}
void
_gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd)
{
memcpy (session->security_parameters.client_random, rnd,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
}
/* Calculate The SSL3 Finished message
HANDSHAKE_MAC_TYPE_10)
{
rc =
- _gnutls_hash_copy (&td_md5,
- &session->internals.handshake_mac_handle.tls10.
- md5);
+ _gnutls_hash_copy (&td_md5,
+ &session->internals.handshake_mac_handle.tls10.
+ md5);
if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
+ {
+ gnutls_assert ();
+ return rc;
+ }
rc =
- _gnutls_hash_copy (&td_sha,
- &session->internals.handshake_mac_handle.tls10.
- sha);
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls10.
+ sha);
if (rc < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td_md5, NULL);
- return rc;
- }
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return rc;
+ }
}
else
{
_gnutls_hash (&td_sha, mesg, siz);
_gnutls_mac_deinit_ssl3_handshake (&td_md5, ret,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
_gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
return 0;
}
HANDSHAKE_MAC_TYPE_10)
{
rc =
- _gnutls_hash_copy (&td_md5,
- &session->internals.handshake_mac_handle.tls10.
- md5);
+ _gnutls_hash_copy (&td_md5,
+ &session->internals.handshake_mac_handle.tls10.
+ md5);
if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
+ {
+ gnutls_assert ();
+ return rc;
+ }
rc =
- _gnutls_hash_copy (&td_sha,
- &session->internals.handshake_mac_handle.tls10.
- sha);
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls10.
+ sha);
if (rc < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td_md5, NULL);
- return rc;
- }
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return rc;
+ }
_gnutls_hash_deinit (&td_md5, concat);
_gnutls_hash_deinit (&td_sha, &concat[16]);
}
else if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_12)
+ HANDSHAKE_MAC_TYPE_12)
{
rc =
- _gnutls_hash_copy (&td_sha,
- &session->internals.handshake_mac_handle.tls12.
- sha256);
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls12.
+ sha256);
if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
+ {
+ gnutls_assert ();
+ return rc;
+ }
_gnutls_hash_deinit (&td_sha, concat);
len = _gnutls_hash_get_algo_len (td_sha.algorithm);
}
return _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret);
+ GNUTLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret);
}
/* this function will produce GNUTLS_RANDOM_SIZE==32 bytes of random data
*/
int
_gnutls_negotiate_version (gnutls_session_t session,
- gnutls_protocol_t adv_version)
+ gnutls_protocol_t adv_version)
{
int ret;
*/
ret = _gnutls_version_max (session);
if (ret == GNUTLS_VERSION_UNKNOWN)
- {
- /* this check is not really needed.
- */
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
+ {
+ /* this check is not really needed.
+ */
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
}
else
{
int
_gnutls_user_hello_func (gnutls_session_t session,
- gnutls_protocol_t adv_version)
+ gnutls_protocol_t adv_version)
{
int ret;
{
ret = session->internals.user_hello_func (session);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* Here we need to renegotiate the version since the callee might
* have disabled some TLS versions.
*/
ret = _gnutls_negotiate_version (session, adv_version);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
return 0;
}
*/
static int
_gnutls_read_client_hello (gnutls_session_t session, opaque * data,
- int datalen)
+ int datalen)
{
uint8_t session_id_len;
int pos = 0, ret;
opaque rnd[GNUTLS_RANDOM_SIZE], *suite_ptr, *comp_ptr, *session_id;
if (session->internals.v2_hello != 0)
- { /* version 2.0 */
+ { /* version 2.0 */
return _gnutls_read_client_hello_v2 (session, data, datalen);
}
DECR_LEN (len, 2);
_gnutls_handshake_log ("HSK[%p]: Client's version: %d.%d\n", session,
- data[pos], data[pos + 1]);
+ data[pos], data[pos + 1]);
adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
set_adv_version (session, data[pos], data[pos + 1]);
pos += session_id_len;
if (ret == 0)
- { /* resumed using default TLS resumption! */
+ { /* resumed using default TLS resumption! */
/* Parse only the safe renegotiation extension
* We don't want to parse any other extensions since
* we don't want new extension values to overwrite the
pos += suite_size;
DECR_LEN (len, 1);
- comp_size = data[pos++]; /* z is the number of compression methods */
+ comp_size = data[pos++]; /* z is the number of compression methods */
DECR_LEN (len, comp_size);
pos += comp_size;
ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
+ &data[pos], len);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
resume_copy_required_values (session);
session->internals.resumed = RESUME_TRUE;
else
{
_gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
+ &session->
+ security_parameters.session_id_size);
session->internals.resumed = RESUME_FALSE;
}
/* Point to the compression methods
*/
DECR_LEN (len, 1);
- comp_size = data[pos++]; /* z is the number of compression methods */
+ comp_size = data[pos++]; /* z is the number of compression methods */
DECR_LEN (len, comp_size);
comp_ptr = &data[pos];
* sslv3 and higher, even though sslv3 doesn't officially support them.
*/
ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION,
- &data[pos], len);
+ &data[pos], len);
/* len is the rest of the parsed length */
if (ret < 0)
{
}
ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
+ &data[pos], len);
if (ret < 0)
{
gnutls_assert ();
{
/* to indicate the client that the current session is resumed */
memcpy (session->internals.resumed_security_parameters.session_id,
- session_id, session_id_len);
+ session_id, session_id_len);
session->internals.resumed_security_parameters.session_id_size =
- session_id_len;
+ session_id_len;
session->internals.resumed_security_parameters.max_record_recv_size =
- session->security_parameters.max_record_recv_size;
+ session->security_parameters.max_record_recv_size;
session->internals.resumed_security_parameters.max_record_send_size =
- session->security_parameters.max_record_send_size;
+ session->security_parameters.max_record_send_size;
resume_copy_required_values (session);
if (siz > 0)
{
if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_10)
- {
- _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha,
- data, siz);
- _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5,
- data, siz);
- }
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha,
+ data, siz);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5,
+ data, siz);
+ }
else if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_12)
- {
- _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256,
- data, siz);
- _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1,
- data, siz);
- }
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256,
+ data, siz);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1,
+ data, siz);
+ }
}
_gnutls_handshake_buffer_empty (session);
if (again == 0)
{
bufel =
- _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE);
+ _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE);
if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
data = _mbuffer_get_udata_ptr (bufel);
/* This is needed in order to hash all the required
* messages.
*/
if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
- {
- ret =
- _gnutls_ssl3_finished (session,
- session->security_parameters.entity, data);
- _mbuffer_set_udata_size (bufel, 36);
- }
+ {
+ ret =
+ _gnutls_ssl3_finished (session,
+ session->security_parameters.entity, data);
+ _mbuffer_set_udata_size (bufel, 36);
+ }
else
- { /* TLS 1.0+ */
- ret = _gnutls_finished (session,
- session->security_parameters.entity, data);
- _mbuffer_set_udata_size (bufel, 12);
- }
+ { /* TLS 1.0+ */
+ ret = _gnutls_finished (session,
+ session->security_parameters.entity, data);
+ _mbuffer_set_udata_size (bufel, 12);
+ }
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
vdata_size = _mbuffer_get_udata_size (bufel);
if (session->internals.finished_func)
- session->internals.finished_func (session, data, vdata_size);
+ session->internals.finished_func (session, data, vdata_size);
ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if ((session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_CLIENT)
- || (session->internals.resumed == RESUME_TRUE
- && session->security_parameters.entity == GNUTLS_SERVER))
- {
- /* if we are a client not resuming - or we are a server resuming */
- _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n",
- session);
- memcpy (session->internals.cb_tls_unique, data, vdata_size);
- session->internals.cb_tls_unique_len = vdata_size;
- }
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_TRUE
+ && session->security_parameters.entity == GNUTLS_SERVER))
+ {
+ /* if we are a client not resuming - or we are a server resuming */
+ _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n",
+ session);
+ memcpy (session->internals.cb_tls_unique, data, vdata_size);
+ session->internals.cb_tls_unique_len = vdata_size;
+ }
ret =
- _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
+ _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
}
else
{
ret =
_gnutls_recv_handshake (session, &vrfy, &vrfysize,
- GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET);
+ GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET);
if (ret < 0)
{
ERR ("recv finished int", ret);
if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
{
ret =
- _gnutls_ssl3_finished (session,
- (session->security_parameters.entity + 1) % 2,
- data);
+ _gnutls_ssl3_finished (session,
+ (session->security_parameters.entity + 1) % 2,
+ data);
}
else
- { /* TLS 1.0 */
+ { /* TLS 1.0 */
ret =
- _gnutls_finished (session,
- (session->security_parameters.entity +
- 1) % 2, data);
+ _gnutls_finished (session,
+ (session->security_parameters.entity +
+ 1) % 2, data);
}
if (ret < 0)
if ((session->internals.resumed == RESUME_TRUE
&& session->security_parameters.entity == GNUTLS_CLIENT)
|| (session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_SERVER))
+ && session->security_parameters.entity == GNUTLS_SERVER))
{
/* if we are a client resuming - or we are a server not resuming */
_gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (recv)\n",
- session);
+ session);
memcpy (session->internals.cb_tls_unique, data, data_size);
session->internals.cb_tls_unique_len = data_size;
}
*/
static int
_gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
- data, unsigned int datalen)
+ data, unsigned int datalen)
{
unsigned int j;
gnutls_pk_algorithm_t algo = GNUTLS_PK_NONE, prev_algo = 0;
kx = _gnutls_cipher_suite_get_kx_algo (&cs);
if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE)
- {
- algo = _gnutls_map_pk_get_pk (kx);
+ {
+ algo = _gnutls_map_pk_get_pk (kx);
- if (algo != prev_algo && prev_algo != 0)
- return GNUTLS_PK_ANY;
- prev_algo = algo;
- }
+ if (algo != prev_algo && prev_algo != 0)
+ return GNUTLS_PK_ANY;
+ prev_algo = algo;
+ }
}
return algo;
*/
int
_gnutls_server_select_suite (gnutls_session_t session, opaque * data,
- int datalen)
+ int datalen)
{
int x, i, j;
cipher_suite_st *ciphers, cs;
int retval, err;
- gnutls_pk_algorithm_t pk_algo; /* will hold the pk algorithms
- * supported by the peer.
- */
+ gnutls_pk_algorithm_t pk_algo; /* will hold the pk algorithms
+ * supported by the peer.
+ */
/* First, check for safe renegotiation SCSV.
*/
int offset;
for (offset = 0; offset < datalen; offset += 2)
- {
- /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
- if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
- data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Received safe renegotiation CS\n", session);
- retval = _gnutls_ext_sr_recv_cs (session);
- if (retval < 0)
- {
- gnutls_assert ();
- return retval;
- }
- break;
- }
- }
+ {
+ /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
+ if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
+ data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Received safe renegotiation CS\n", session);
+ retval = _gnutls_ext_sr_recv_cs (session);
+ if (retval < 0)
+ {
+ gnutls_assert ();
+ return retval;
+ }
+ break;
+ }
+ }
}
pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
x = _gnutls_supported_ciphersuites (session, &ciphers);
if (x < 0)
- { /* the case x==0 is handled within the function. */
+ { /* the case x==0 is handled within the function. */
gnutls_assert ();
return x;
}
gnutls_assert ();
gnutls_free (ciphers);
if (x < 0)
- return x;
+ return x;
else
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
}
/* Data length should be zero mod 2 since
_gnutls_handshake_log ("HSK[%p]: Supported cipher suites: \n", session);
for (j = 0; j < x; j++)
_gnutls_handshake_log ("\t%s\n",
- _gnutls_cipher_suite_get_name (&ciphers[j]));
+ _gnutls_cipher_suite_get_name (&ciphers[j]));
#endif
memset (session->security_parameters.current_cipher_suite.suite, '\0', 2);
for (j = 0; j < datalen; j += 2)
{
for (i = 0; i < x; i++)
- {
- if (memcmp (ciphers[i].suite, &data[j], 2) == 0)
- {
- memcpy (&cs.suite, &data[j], 2);
+ {
+ if (memcmp (ciphers[i].suite, &data[j], 2) == 0)
+ {
+ memcpy (&cs.suite, &data[j], 2);
- _gnutls_handshake_log
- ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name (&cs));
- memcpy (session->security_parameters.current_cipher_suite.suite,
- ciphers[i].suite, 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- &session->
- security_parameters.current_cipher_suite);
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n", session,
+ _gnutls_cipher_suite_get_name (&cs));
+ memcpy (session->security_parameters.current_cipher_suite.suite,
+ ciphers[i].suite, 2);
+ _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
+ &session->
+ security_parameters.current_cipher_suite);
- retval = 0;
- goto finish;
- }
- }
+ retval = 0;
+ goto finish;
+ }
+ }
}
finish:
if (_gnutls_get_kx_cred
(session,
_gnutls_cipher_suite_get_kx_algo (&session->
- security_parameters.current_cipher_suite),
+ security_parameters.current_cipher_suite),
&err) == NULL && err != 0)
{
gnutls_assert ();
*/
session->internals.auth_struct =
_gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite));
+ (&session->
+ security_parameters.current_cipher_suite));
if (session->internals.auth_struct == NULL)
{
_gnutls_handshake_log
- ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
- session);
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
*/
static int
_gnutls_server_select_comp_method (gnutls_session_t session,
- opaque * data, int datalen)
+ opaque * data, int datalen)
{
int x, i, j;
uint8_t *comps;
}
memset (&session->internals.compression_method, 0,
- sizeof (gnutls_compression_method_t));
+ sizeof (gnutls_compression_method_t));
for (j = 0; j < datalen; j++)
{
for (i = 0; i < x; i++)
- {
- if (comps[i] == data[j])
- {
- gnutls_compression_method_t method =
- _gnutls_compression_get_id (comps[i]);
+ {
+ if (comps[i] == data[j])
+ {
+ gnutls_compression_method_t method =
+ _gnutls_compression_get_id (comps[i]);
- session->internals.compression_method = method;
- gnutls_free (comps);
+ session->internals.compression_method = method;
+ gnutls_free (comps);
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, method);
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT, method);
- _gnutls_handshake_log
- ("HSK[%p]: Selected Compression Method: %s\n", session,
- gnutls_compression_get_name (session->
- internals.compression_method));
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected Compression Method: %s\n", session,
+ gnutls_compression_get_name (session->
+ internals.compression_method));
- return 0;
- }
- }
+ return 0;
+ }
+ }
}
/* we were not able to find a compatible compression
*/
static int
_gnutls_send_empty_handshake (gnutls_session_t session,
- gnutls_handshake_description_t type, int again)
+ gnutls_handshake_description_t type, int again)
{
mbuffer_st *bufel;
{
bufel = _gnutls_handshake_alloc (0, 0);
if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
}
else
bufel = NULL;
*/
static int
_gnutls_handshake_hash_add_sent (gnutls_session_t session,
- gnutls_handshake_description_t type,
- opaque * dataptr, uint32_t datalen)
+ gnutls_handshake_description_t type,
+ opaque * dataptr, uint32_t datalen)
{
int ret;
{
/* do not hash immediatelly since the hash has not yet been initialized */
if ((ret =
- _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
return 0;
}
if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
{
if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_10)
- {
- _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha,
- dataptr, datalen);
- _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5,
- dataptr, datalen);
- }
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha,
+ dataptr, datalen);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5,
+ dataptr, datalen);
+ }
else if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_12)
- {
- _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256,
- dataptr, datalen);
- _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1,
- dataptr, datalen);
- }
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256,
+ dataptr, datalen);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1,
+ dataptr, datalen);
+ }
}
return 0;
*/
int
_gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
- gnutls_handshake_description_t type)
+ gnutls_handshake_description_t type)
{
int ret;
uint8_t *data;
pos += 3;
_gnutls_handshake_log ("HSK[%p]: %s was sent [%ld bytes]\n",
- session, _gnutls_handshake2str (type),
- (long) datasize);
+ session, _gnutls_handshake2str (type),
+ (long) datasize);
/* Here we keep the handshake messages in order to hash them...
*/
if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
if ((ret =
- _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0)
+ _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0)
{
- gnutls_assert ();
- gnutls_free (bufel);
- return ret;
+ gnutls_assert ();
+ gnutls_free (bufel);
+ return ret;
}
session->internals.last_handshake_out = type;
switch (type)
{
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
- * or ClientKeyExchange always.
- */
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
- case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
+ * or ClientKeyExchange always.
+ */
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
+ case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
/* now for client Certificate, ClientKeyExchange and
* CertificateVerify are always followed by ChangeCipherSpec
#define SSL2_HEADERS 1
static int
_gnutls_recv_handshake_header (gnutls_session_t session,
- gnutls_handshake_description_t type,
- gnutls_handshake_description_t * recv_type)
+ gnutls_handshake_description_t type,
+ gnutls_handshake_description_t * recv_type)
{
int ret;
uint32_t length32 = 0;
- uint8_t *dataptr = NULL; /* for realloc */
+ uint8_t *dataptr = NULL; /* for realloc */
size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
/* if we have data into the buffer then return them, do not read the next packet.
*/
if (session->internals.handshake_header_buffer.header_size ==
handshake_header_size || (session->internals.v2_hello != 0
- && type == GNUTLS_HANDSHAKE_CLIENT_HELLO
- && session->internals.handshake_header_buffer.
- packet_length > 0))
+ && type == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && session->internals.handshake_header_buffer.
+ packet_length > 0))
{
*recv_type = session->internals.handshake_header_buffer.recv_type;
if (*recv_type != type)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Handshake type mismatch (under attack?)\n", session);
- return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
- }
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Handshake type mismatch (under attack?)\n", session);
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
return session->internals.handshake_header_buffer.packet_length;
}
if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS)
{
ret =
- _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
- type, dataptr, SSL2_HEADERS);
+ _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
+ type, dataptr, SSL2_HEADERS);
if (ret < 0)
- {
- return ret;
- }
+ {
+ return ret;
+ }
/* The case ret==0 is caught here.
*/
if (ret != SSL2_HEADERS)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
session->internals.handshake_header_buffer.header_size = SSL2_HEADERS;
}
|| type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
{
ret =
- _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
- type,
- &dataptr
- [session->
- internals.handshake_header_buffer.
- header_size],
- HANDSHAKE_HEADER_SIZE -
- session->
- internals.handshake_header_buffer.
- header_size);
+ _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
+ type,
+ &dataptr
+ [session->
+ internals.handshake_header_buffer.
+ header_size],
+ HANDSHAKE_HEADER_SIZE -
+ session->
+ internals.handshake_header_buffer.
+ header_size);
if (ret <= 0)
- {
- gnutls_assert ();
- return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ {
+ gnutls_assert ();
+ return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
if ((size_t) ret !=
- HANDSHAKE_HEADER_SIZE -
- session->internals.handshake_header_buffer.header_size)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ HANDSHAKE_HEADER_SIZE -
+ session->internals.handshake_header_buffer.header_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
*recv_type = dataptr[0];
/* we do not use DECR_LEN because we know
handshake_header_size = HANDSHAKE_HEADER_SIZE;
_gnutls_handshake_log ("HSK[%p]: %s was received [%ld bytes]\n",
- session, _gnutls_handshake2str (dataptr[0]),
- (long int) (length32 + HANDSHAKE_HEADER_SIZE));
+ session, _gnutls_handshake2str (dataptr[0]),
+ (long int) (length32 + HANDSHAKE_HEADER_SIZE));
}
else
- { /* v2 hello */
- length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */
+ { /* v2 hello */
+ length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */
- handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
+ handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
*recv_type = dataptr[0];
_gnutls_handshake_log ("HSK[%p]: %s(v2) was received [%ld bytes]\n",
- session, _gnutls_handshake2str (*recv_type),
- (long int) (length32 + handshake_header_size));
+ session, _gnutls_handshake2str (*recv_type),
+ (long int) (length32 + handshake_header_size));
if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
- { /* it should be one or nothing */
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
- }
+ { /* it should be one or nothing */
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
}
/* put the packet into the buffer */
*/
static int
_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
- gnutls_handshake_description_t recv_type,
- opaque * header, uint16_t header_size,
- opaque * dataptr, uint32_t datalen)
+ gnutls_handshake_description_t recv_type,
+ opaque * header, uint16_t header_size,
+ opaque * dataptr, uint32_t datalen)
{
int ret;
if ((session->security_parameters.entity == GNUTLS_SERVER
|| recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO)
&& (session->security_parameters.entity == GNUTLS_CLIENT
- || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO))
+ || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO))
{
if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
/* here we buffer the handshake messages - needed at Finished message */
{
if ((ret =
- _gnutls_handshake_buffer_put (session, header, header_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_handshake_buffer_put (session, header, header_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (datalen > 0)
- {
- if ((ret =
- _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ if ((ret =
+ _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
}
return 0;
*/
int
_gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data,
- int *datalen, gnutls_handshake_description_t type,
- Optional optional)
+ int *datalen, gnutls_handshake_description_t type,
+ Optional optional)
{
int ret;
uint32_t length32 = 0;
{
if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
- && optional == OPTIONAL_PACKET)
- {
- if (datalen != NULL)
- *datalen = 0;
- if (data != NULL)
- *data = NULL;
- return 0; /* ok just ignore the packet */
- }
+ && optional == OPTIONAL_PACKET)
+ {
+ if (datalen != NULL)
+ *datalen = 0;
+ if (data != NULL)
+ *data = NULL;
+ return 0; /* ok just ignore the packet */
+ }
return ret;
}
if (length32 > 0)
{
ret =
- _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
- type, dataptr, length32);
+ _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
+ type, dataptr, length32);
if (ret <= 0)
- {
- gnutls_assert ();
- gnutls_free (dataptr);
- return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (dataptr);
+ return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret;
+ }
}
if (data != NULL && length32 > 0)
ret = _gnutls_handshake_hash_add_recvd (session, recv_type,
- session->
- internals.handshake_header_buffer.
- header,
- session->
- internals.handshake_header_buffer.
- header_size, dataptr, length32);
+ session->
+ internals.handshake_header_buffer.
+ header,
+ session->
+ internals.handshake_header_buffer.
+ header_size, dataptr, length32);
if (ret < 0)
{
gnutls_assert ();
* need it */
gnutls_free (dataptr);
if (data != NULL)
- *data = NULL;
+ *data = NULL;
if (ret < 0)
- break;
+ break;
/* initialize the hashes for both - (client will know server's version
* and server as well at this point) */
if ((ret = _gnutls_handshake_hash_init (session)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
if (length32 == 0)
- ret = 0;
+ ret = 0;
else
- ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
break;
case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
case GNUTLS_HANDSHAKE_FINISHED:
gnutls_assert ();
gnutls_free (dataptr);
if (data != NULL)
- *data = NULL;
+ *data = NULL;
ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
}
for (i = 0; i < cipher_suite_num; i++)
{
if (memcmp (&cipher_suites[i], suite, 2) == 0)
- {
- z = 0;
- break;
- }
+ {
+ z = 0;
+ break;
+ }
}
gnutls_free (cipher_suites);
memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2);
_gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- &session->
- security_parameters.current_cipher_suite);
+ &session->
+ security_parameters.current_cipher_suite);
_gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name
- (&session->
- security_parameters.current_cipher_suite));
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
/* check if the credentials (username, public key etc.) are ok.
*/
session->internals.auth_struct =
_gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite));
+ (&session->
+ security_parameters.current_cipher_suite));
if (session->internals.auth_struct == NULL)
{
_gnutls_handshake_log
- ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
- session);
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
int i;
comp_methods_num = _gnutls_supported_compression_methods (session,
- &compression_methods);
+ &compression_methods);
if (comp_methods_num < 0)
{
gnutls_assert ();
for (i = 0; i < comp_methods_num; i++)
{
if (compression_methods[i] == comp_method)
- {
- comp_methods_num = 0;
- break;
- }
+ {
+ comp_methods_num = 0;
+ break;
+ }
}
gnutls_free (compression_methods);
session->internals.compression_method =
_gnutls_compression_get_id (comp_method);
_gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->internals.compression_method);
+ session->internals.compression_method);
return 0;
}
*/
static int
_gnutls_client_check_if_resuming (gnutls_session_t session,
- opaque * session_id, int session_id_len)
+ opaque * session_id, int session_id_len)
{
opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
_gnutls_handshake_log ("HSK[%p]: SessionID length: %d\n", session,
- session_id_len);
+ session_id_len);
_gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
- _gnutls_bin2hex (session_id, session_id_len, buf,
- sizeof (buf), NULL));
+ _gnutls_bin2hex (session_id, session_id_len, buf,
+ sizeof (buf), NULL));
if (session_id_len > 0 &&
session->internals.resumed_security_parameters.session_id_size ==
session_id_len
&& memcmp (session_id,
- session->internals.resumed_security_parameters.session_id,
- session_id_len) == 0)
+ session->internals.resumed_security_parameters.session_id,
+ session_id_len) == 0)
{
/* resume session */
memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
_gnutls_epoch_set_cipher_suite
- (session, EPOCH_NEXT,
- &session->internals.
- resumed_security_parameters.current_cipher_suite);
+ (session, EPOCH_NEXT,
+ &session->internals.
+ resumed_security_parameters.current_cipher_suite);
_gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->
- internals.resumed_compression_method);
+ session->
+ internals.resumed_compression_method);
- session->internals.resumed = RESUME_TRUE; /* we are resuming */
+ session->internals.resumed = RESUME_TRUE; /* we are resuming */
return 0;
}
else
{
/* keep the new session id */
- session->internals.resumed = RESUME_FALSE; /* we are not resuming */
+ session->internals.resumed = RESUME_FALSE; /* we are not resuming */
session->security_parameters.session_id_size = session_id_len;
memcpy (session->security_parameters.session_id,
- session_id, session_id_len);
+ session_id, session_id_len);
return -1;
}
*/
static int
_gnutls_read_server_hello (gnutls_session_t session,
- opaque * data, int datalen)
+ opaque * data, int datalen)
{
uint8_t session_id_len = 0;
int pos = 0;
}
_gnutls_handshake_log ("HSK[%p]: Server's version: %d.%d\n",
- session, data[pos], data[pos + 1]);
+ session, data[pos], data[pos + 1]);
DECR_LEN (len, 2);
version = _gnutls_version_get (data[pos], data[pos + 1]);
DECR_LEN (len, 2 + 1);
ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
+ &data[pos], len);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
return 0;
}
*/
static int
_gnutls_copy_ciphersuites (gnutls_session_t session,
- opaque * ret_data, size_t ret_data_size,
- int add_scsv)
+ opaque * ret_data, size_t ret_data_size,
+ int add_scsv)
{
int ret, i;
cipher_suite_st *cipher_suites;
cipher_num = ret;
- cipher_num *= sizeof (uint16_t); /* in order to get bytes */
+ cipher_num *= sizeof (uint16_t); /* in order to get bytes */
datalen = pos = 0;
ret_data[pos++] = 0xff;
ret = _gnutls_ext_sr_send_cs (session);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (cipher_suites);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (cipher_suites);
+ return ret;
+ }
}
gnutls_free (cipher_suites);
*/
static int
_gnutls_copy_comp_methods (gnutls_session_t session,
- opaque * ret_data, size_t ret_data_size)
+ opaque * ret_data, size_t ret_data_size)
{
int ret, i;
uint8_t *compression_methods, comp_num;
return GNUTLS_E_INTERNAL_ERROR;
}
- ret_data[pos++] = comp_num; /* put the number of compression methods */
+ ret_data[pos++] = comp_num; /* put the number of compression methods */
for (i = 0; i < comp_num; i++)
{
*/
bufel =
- _gnutls_handshake_alloc (datalen, datalen + MAX_EXT_DATA_LENGTH);
+ _gnutls_handshake_alloc (datalen, datalen + MAX_EXT_DATA_LENGTH);
if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
data = _mbuffer_get_udata_ptr (bufel);
extdatalen = MAX_EXT_DATA_LENGTH;
extdata = gnutls_malloc (extdatalen);
if (extdata == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
/* if we are resuming a session then we set the
* version number to the previously established.
*/
if (session_id_len == 0)
- {
- if (rehandshake) /* already negotiated version thus version_max == negotiated version */
- hver = session->security_parameters.version;
- else /* new handshake. just get the max */
- hver = _gnutls_version_max (session);
- }
+ {
+ if (rehandshake) /* already negotiated version thus version_max == negotiated version */
+ hver = session->security_parameters.version;
+ else /* new handshake. just get the max */
+ hver = _gnutls_version_max (session);
+ }
else
- {
- /* we are resuming a session */
- hver = session->internals.resumed_security_parameters.version;
- }
+ {
+ /* we are resuming a session */
+ hver = session->internals.resumed_security_parameters.version;
+ }
if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0)
- {
- gnutls_assert ();
- gnutls_free (bufel);
- gnutls_free (extdata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
data[pos++] = _gnutls_version_get_major (hver);
data[pos++] = _gnutls_version_get_minor (hver);
_gnutls_set_current_version (session, hver);
if (session->internals.priorities.no_ssl3_record_version != 0)
- {
- /* Advertize the SSL 3.0 record packet version in
- * record packets during the handshake.
- * That is to avoid confusing implementations
- * that do not support TLS 1.2 and don't know
- * how 3,3 version of record packets look like.
- */
- _gnutls_record_set_default_version (session, 3, 0);
- }
+ {
+ /* Advertize the SSL 3.0 record packet version in
+ * record packets during the handshake.
+ * That is to avoid confusing implementations
+ * that do not support TLS 1.2 and don't know
+ * how 3,3 version of record packets look like.
+ */
+ _gnutls_record_set_default_version (session, 3, 0);
+ }
/* In order to know when this session was initiated.
*/
data[pos++] = session_id_len;
if (session_id_len > 0)
- {
- memcpy (&data[pos],
- session->internals.resumed_security_parameters.session_id,
- session_id_len);
- pos += session_id_len;
- }
+ {
+ memcpy (&data[pos],
+ session->internals.resumed_security_parameters.session_id,
+ session_id_len);
+ pos += session_id_len;
+ }
/* Copy the ciphersuites.
* handled with the RI extension below).
*/
if (!session->internals.initial_negotiation_completed &&
- session->security_parameters.entity == GNUTLS_CLIENT &&
- gnutls_protocol_get_version (session) == GNUTLS_SSL3)
- {
- ret =
- _gnutls_copy_ciphersuites (session, extdata, extdatalen, TRUE);
- _gnutls_extension_list_add (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
- }
+ session->security_parameters.entity == GNUTLS_CLIENT &&
+ gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ ret =
+ _gnutls_copy_ciphersuites (session, extdata, extdatalen, TRUE);
+ _gnutls_extension_list_add (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
+ }
else
- ret = _gnutls_copy_ciphersuites (session, extdata, extdatalen, FALSE);
+ ret = _gnutls_copy_ciphersuites (session, extdata, extdatalen, FALSE);
if (ret > 0)
- {
- ret = _mbuffer_append_data (bufel, extdata, ret);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (extdata);
- return ret;
- }
- }
+ {
+ ret = _mbuffer_append_data (bufel, extdata, ret);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (extdata);
+ return ret;
+ }
+ }
else
- {
- if (extdatalen == 0)
- extdatalen = GNUTLS_E_INTERNAL_ERROR;
- gnutls_free (bufel);
- gnutls_free (extdata);
- gnutls_assert ();
- return ret;
- }
+ {
+ if (extdatalen == 0)
+ extdatalen = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ gnutls_assert ();
+ return ret;
+ }
/* Copy the compression methods.
*/
ret = _gnutls_copy_comp_methods (session, extdata, extdatalen);
if (ret > 0)
- {
- ret = _mbuffer_append_data (bufel, extdata, ret);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (extdata);
- return ret;
- }
- }
+ {
+ ret = _mbuffer_append_data (bufel, extdata, ret);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (extdata);
+ return ret;
+ }
+ }
else
- {
- if (extdatalen == 0)
- extdatalen = GNUTLS_E_INTERNAL_ERROR;
- gnutls_free (bufel);
- gnutls_free (extdata);
- gnutls_assert ();
- return ret;
- }
+ {
+ if (extdatalen == 0)
+ extdatalen = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ gnutls_assert ();
+ return ret;
+ }
/* Generate and copy TLS extensions.
*/
if (_gnutls_version_has_extensions (hver))
- type = GNUTLS_EXT_ANY;
+ type = GNUTLS_EXT_ANY;
else
- {
- if (session->internals.initial_negotiation_completed != 0)
- type = GNUTLS_EXT_MANDATORY;
- else
- type = GNUTLS_EXT_NONE;
- }
+ {
+ if (session->internals.initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_MANDATORY;
+ else
+ type = GNUTLS_EXT_NONE;
+ }
ret = _gnutls_gen_extensions (session, extdata, extdatalen, type);
if (ret > 0)
- {
- ret = _mbuffer_append_data (bufel, extdata, ret);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (extdata);
- return ret;
- }
- }
+ {
+ ret = _mbuffer_append_data (bufel, extdata, ret);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (extdata);
+ return ret;
+ }
+ }
else if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (bufel);
- gnutls_free (extdata);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ return ret;
+ }
}
gnutls_free (extdata);
extdata = gnutls_malloc (MAX_EXT_DATA_LENGTH);
if (extdata == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
ret =
- _gnutls_gen_extensions (session, extdata, MAX_EXT_DATA_LENGTH,
- GNUTLS_EXT_ANY);
+ _gnutls_gen_extensions (session, extdata, MAX_EXT_DATA_LENGTH,
+ GNUTLS_EXT_ANY);
if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
+ {
+ gnutls_assert ();
+ goto fail;
+ }
extdatalen = ret;
bufel =
- _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen);
+ _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen);
if (bufel == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto fail;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
data = _mbuffer_get_udata_ptr (bufel);
data[pos++] =
- _gnutls_version_get_major (session->security_parameters.version);
+ _gnutls_version_get_major (session->security_parameters.version);
data[pos++] =
- _gnutls_version_get_minor (session->security_parameters.version);
+ _gnutls_version_get_minor (session->security_parameters.version);
memcpy (&data[pos],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
pos += GNUTLS_RANDOM_SIZE;
data[pos++] = session_id_len;
if (session_id_len > 0)
- {
- memcpy (&data[pos], session->security_parameters.session_id,
- session_id_len);
- }
+ {
+ memcpy (&data[pos], session->security_parameters.session_id,
+ session_id_len);
+ }
pos += session_id_len;
_gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
- _gnutls_bin2hex (session->security_parameters.
- session_id, session_id_len, buf,
- sizeof (buf), NULL));
+ _gnutls_bin2hex (session->security_parameters.
+ session_id, session_id_len, buf,
+ sizeof (buf), NULL));
memcpy (&data[pos],
- session->security_parameters.current_cipher_suite.suite, 2);
+ session->security_parameters.current_cipher_suite.suite, 2);
pos += 2;
comp =
- (uint8_t) _gnutls_compression_get_num (session->internals.
- compression_method);
+ (uint8_t) _gnutls_compression_get_num (session->internals.
+ compression_method);
data[pos++] = comp;
if (extdatalen > 0)
- {
- datalen += extdatalen;
+ {
+ datalen += extdatalen;
- memcpy (&data[pos], extdata, extdatalen);
- }
+ memcpy (&data[pos], extdata, extdatalen);
+ }
}
ret =
}
else
- { /* SERVER */
+ { /* SERVER */
ret = _gnutls_send_server_hello (session, again);
}
{
ret = _gnutls_read_server_hello (session, data, datalen);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
else
- { /* Server side reading a client hello */
+ { /* Server side reading a client hello */
ret = _gnutls_read_client_hello (session, data, datalen);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
ret = _gnutls_ext_sr_verify (session);
ret =
_gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
- AGAIN (STATE50));
+ AGAIN (STATE50));
STATE = STATE50;
if (ret < 0)
/* set the hash type for handshake message hashing */
if (_gnutls_version_has_selectable_prf (ver))
- session->security_parameters.handshake_mac_handle_type =
- HANDSHAKE_MAC_TYPE_12;
+ session->security_parameters.handshake_mac_handle_type =
+ HANDSHAKE_MAC_TYPE_12;
else
- session->security_parameters.handshake_mac_handle_type =
- HANDSHAKE_MAC_TYPE_10;
+ session->security_parameters.handshake_mac_handle_type =
+ HANDSHAKE_MAC_TYPE_10;
if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_10)
- {
- ret =
- _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.
- md5, GNUTLS_MAC_MD5);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.
- sha, GNUTLS_MAC_SHA1);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&session->internals.handshake_mac_handle.
- tls10.md5, NULL);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.
+ md5, GNUTLS_MAC_MD5);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.
+ sha, GNUTLS_MAC_SHA1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.
+ tls10.md5, NULL);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
else if (session->security_parameters.handshake_mac_handle_type ==
- HANDSHAKE_MAC_TYPE_12)
- {
- /* The algorithm to compute hash over handshake messages must be
- same as the one used as the basis for PRF. By now we use
- SHA256. */
- ret =
- _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.
- sha256, GNUTLS_DIG_SHA256);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret =
- _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.
- sha1, GNUTLS_DIG_SHA1);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&session->internals.handshake_mac_handle.
- tls12.sha256, NULL);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ /* The algorithm to compute hash over handshake messages must be
+ same as the one used as the basis for PRF. By now we use
+ SHA256. */
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.
+ sha256, GNUTLS_DIG_SHA256);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.
+ sha1, GNUTLS_DIG_SHA1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.
+ tls12.sha256, NULL);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
session->internals.handshake_mac_handle_init = 1;
}
ret = _gnutls_gen_supplemental (session, &buf);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
bufel = _gnutls_handshake_alloc (buf.length, buf.length);
if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
_mbuffer_set_udata (bufel, buf.data, buf.length);
_gnutls_buffer_clear (&buf);
ret = _gnutls_send_handshake (session, bufel,
- GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL);
}
return ret;
_gnutls_debug_log ("EXT[%p]: Expecting supplemental data\n", session);
ret = _gnutls_recv_handshake (session, &data, &datalen,
- GNUTLS_HANDSHAKE_SUPPLEMENTAL,
- OPTIONAL_PACKET);
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL,
+ OPTIONAL_PACKET);
if (ret < 0)
{
gnutls_assert ();
record_parameters_st *params;
ret = _gnutls_epoch_get (session, session->security_parameters.epoch_next,
- ¶ms);
+ ¶ms);
if (ret < 0)
{
/* We assume the epoch is not allocated if _gnutls_epoch_get fails. */
ret =
- _gnutls_epoch_alloc (session, session->security_parameters.epoch_next,
- NULL);
+ _gnutls_epoch_alloc (session, session->security_parameters.epoch_next,
+ NULL);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
if (session->security_parameters.entity == GNUTLS_CLIENT)
* we should reset the handshake's internal state.
*/
if (_gnutls_abort_handshake (session, ret) == 0)
- STATE = STATE0;
+ STATE = STATE0;
return ret;
}
if (ret < 0)
{
if (_gnutls_abort_handshake (session, ret) == 0)
- STATE = STATE0;
+ STATE = STATE0;
return ret;
}
if (session->internals.resumed_security_parameters.session_id_size > 0)
_gnutls_handshake_log ("HSK[%p]: Ask to resume: %s\n", session,
- _gnutls_bin2hex (session->
- internals.resumed_security_parameters.session_id,
- session->
- internals.resumed_security_parameters.session_id_size,
- buf, sizeof (buf), NULL));
+ _gnutls_bin2hex (session->
+ internals.resumed_security_parameters.session_id,
+ session->
+ internals.resumed_security_parameters.session_id_size,
+ buf, sizeof (buf), NULL));
#endif
switch (STATE)
case STATE2:
/* receive the server hello */
ret =
- _gnutls_recv_handshake (session, NULL, NULL,
- GNUTLS_HANDSHAKE_SERVER_HELLO,
- MANDATORY_PACKET);
+ _gnutls_recv_handshake (session, NULL, NULL,
+ GNUTLS_HANDSHAKE_SERVER_HELLO,
+ MANDATORY_PACKET);
STATE = STATE2;
IMED_RET ("recv hello", ret, 1);
case STATE70:
if (session->security_parameters.do_recv_supplemental)
- {
- ret = _gnutls_recv_supplemental (session);
- STATE = STATE70;
- IMED_RET ("recv supplemental", ret, 1);
- }
+ {
+ ret = _gnutls_recv_supplemental (session);
+ STATE = STATE70;
+ IMED_RET ("recv supplemental", ret, 1);
+ }
case STATE3:
/* RECV CERTIFICATE */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_certificate (session);
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate (session);
STATE = STATE3;
IMED_RET ("recv server certificate", ret, 1);
case STATE4:
/* receive the server key exchange */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_kx_message (session);
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_kx_message (session);
STATE = STATE4;
IMED_RET ("recv server kx message", ret, 1);
/* receive the server certificate request - if any
*/
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_certificate_request (session);
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate_request (session);
STATE = STATE5;
IMED_RET ("recv server certificate request message", ret, 1);
case STATE6:
/* receive the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_recv_handshake (session, NULL, NULL,
- GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- MANDATORY_PACKET);
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_handshake (session, NULL, NULL,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ MANDATORY_PACKET);
STATE = STATE6;
IMED_RET ("recv server hello done", ret, 1);
case STATE71:
if (session->security_parameters.do_send_supplemental)
- {
- ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
- STATE = STATE71;
- IMED_RET ("send supplemental", ret, 0);
- }
+ {
+ ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
+ STATE = STATE71;
+ IMED_RET ("send supplemental", ret, 0);
+ }
case STATE7:
/* send our certificate - if any and if requested
*/
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_send_client_certificate (session, AGAIN (STATE7));
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_send_client_certificate (session, AGAIN (STATE7));
STATE = STATE7;
IMED_RET ("send client certificate", ret, 0);
case STATE8:
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8));
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8));
STATE = STATE8;
IMED_RET ("send client kx", ret, 0);
case STATE9:
/* send client certificate verify */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_client_certificate_verify (session, AGAIN (STATE9));
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_certificate_verify (session, AGAIN (STATE9));
STATE = STATE9;
IMED_RET ("send client certificate verify", ret, 1);
ret = _gnutls_handshake_io_write_flush (session);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
case STATE21:
ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE21));
STATE = STATE21;
if (ret < 0)
- {
- ERR ("send ChangeCipherSpec", ret);
- gnutls_assert ();
- return ret;
- }
+ {
+ ERR ("send ChangeCipherSpec", ret);
+ gnutls_assert ();
+ return ret;
+ }
/* Initialize the connection session (start encryption) - in case of client
*/
if (init == TRUE)
- {
- ret = _gnutls_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ ret = _gnutls_connection_state_init (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
ret = _gnutls_write_connection_state_init (session);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
case STATE22:
/* send the finished message */
ret = _gnutls_send_finished (session, AGAIN (STATE22));
STATE = STATE22;
if (ret < 0)
- {
- ERR ("send Finished", ret);
- gnutls_assert ();
- return ret;
- }
+ {
+ ERR ("send Finished", ret);
+ gnutls_assert ();
+ return ret;
+ }
STATE = STATE0;
default:
ret = _gnutls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1);
STATE = STATE30;
if (ret <= 0)
- {
- ERR ("recv ChangeCipherSpec", ret);
- gnutls_assert ();
- return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ {
+ ERR ("recv ChangeCipherSpec", ret);
+ gnutls_assert ();
+ return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
/* Initialize the connection session (start encryption) - in case of server */
if (init == TRUE)
- {
- ret = _gnutls_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ ret = _gnutls_connection_state_init (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
ret = _gnutls_read_connection_state_init (session);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
case STATE31:
ret = _gnutls_recv_finished (session);
STATE = STATE31;
if (ret < 0)
- {
- ERR ("recv finished", ret);
- gnutls_assert ();
- return ret;
- }
+ {
+ ERR ("recv finished", ret);
+ gnutls_assert ();
+ return ret;
+ }
STATE = STATE0;
default:
break;
case STATE0:
case STATE1:
ret =
- _gnutls_recv_handshake (session, NULL, NULL,
- GNUTLS_HANDSHAKE_CLIENT_HELLO,
- MANDATORY_PACKET);
+ _gnutls_recv_handshake (session, NULL, NULL,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO,
+ MANDATORY_PACKET);
STATE = STATE1;
IMED_RET ("recv hello", ret, 1);
case STATE70:
if (session->security_parameters.do_send_supplemental)
- {
- ret = _gnutls_send_supplemental (session, AGAIN (STATE70));
- STATE = STATE70;
- IMED_RET ("send supplemental data", ret, 0);
- }
+ {
+ ret = _gnutls_send_supplemental (session, AGAIN (STATE70));
+ STATE = STATE70;
+ IMED_RET ("send supplemental data", ret, 0);
+ }
/* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
case STATE3:
/* NOTE: these should not be send if we are resuming */
if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_certificate (session, AGAIN (STATE3));
+ ret = _gnutls_send_server_certificate (session, AGAIN (STATE3));
STATE = STATE3;
IMED_RET ("send server certificate", ret, 0);
case STATE4:
/* send server key exchange (A) */
if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4));
+ ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4));
STATE = STATE4;
IMED_RET ("send server kx", ret, 0);
case STATE5:
/* Send certificate request - if requested to */
if (session->internals.resumed == RESUME_FALSE)
- ret =
- _gnutls_send_server_certificate_request (session, AGAIN (STATE5));
+ ret =
+ _gnutls_send_server_certificate_request (session, AGAIN (STATE5));
STATE = STATE5;
IMED_RET ("send server cert request", ret, 0);
case STATE6:
/* send the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_empty_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- AGAIN (STATE6));
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_empty_handshake (session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ AGAIN (STATE6));
STATE = STATE6;
IMED_RET ("send server hello done", ret, 1);
case STATE71:
if (session->security_parameters.do_recv_supplemental)
- {
- ret = _gnutls_recv_supplemental (session);
- STATE = STATE71;
- IMED_RET ("recv client supplemental", ret, 1);
- }
+ {
+ ret = _gnutls_recv_supplemental (session);
+ STATE = STATE71;
+ IMED_RET ("recv client supplemental", ret, 1);
+ }
/* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
case STATE7:
/* receive the client certificate message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_certificate (session);
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate (session);
STATE = STATE7;
IMED_RET ("recv client certificate", ret, 1);
case STATE8:
/* receive the client key exchange message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_kx_message (session);
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_kx_message (session);
STATE = STATE8;
IMED_RET ("recv client kx", ret, 1);
case STATE9:
/* receive the client certificate verify message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_certificate_verify_message (session);
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate_verify_message (session);
STATE = STATE9;
IMED_RET ("recv client certificate verify", ret, 1);
- STATE = STATE0; /* finished thus clear session */
+ STATE = STATE0; /* finished thus clear session */
default:
break;
}
if ((session->internals.resumed == RESUME_TRUE
&& session->security_parameters.entity == GNUTLS_CLIENT)
|| (session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_SERVER))
+ && session->security_parameters.entity == GNUTLS_SERVER))
{
/* if we are a client resuming - or we are a server not resuming */
#ifdef ENABLE_SESSION_TICKET
switch (STATE)
- {
- case STATE0:
- case STATE40:
- ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40));
- STATE = STATE40;
- IMED_RET ("send handshake new session ticket", ret, 0);
- STATE = STATE0;
- default:
- break;
- }
+ {
+ case STATE0:
+ case STATE40:
+ ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40));
+ STATE = STATE40;
+ IMED_RET ("send handshake new session ticket", ret, 0);
+ STATE = STATE0;
+ default:
+ break;
+ }
#endif
ret = _gnutls_send_handshake_final (session, FALSE);
/* only store if we are not resuming */
if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- /* in order to support session resuming */
- _gnutls_server_register_current_session (session);
- }
+ {
+ /* in order to support session resuming */
+ _gnutls_server_register_current_session (session);
+ }
}
else
- { /* if we are a client not resuming - or we are a server resuming */
+ { /* if we are a client not resuming - or we are a server resuming */
ret = _gnutls_send_handshake_final (session, TRUE);
IMED_RET ("send handshake final 2", ret, 1);
#ifdef ENABLE_SESSION_TICKET
switch (STATE)
- {
- case STATE0:
- case STATE41:
- ret = _gnutls_recv_new_session_ticket (session);
- STATE = STATE41;
- IMED_RET ("recv handshake new session ticket", ret, 1);
- STATE = STATE0;
- default:
- break;
- }
+ {
+ case STATE0:
+ case STATE41:
+ ret = _gnutls_recv_new_session_ticket (session);
+ STATE = STATE41;
+ IMED_RET ("recv handshake new session ticket", ret, 1);
+ STATE = STATE0;
+ default:
+ break;
+ }
#endif
ret = _gnutls_recv_handshake_final (session, FALSE);
int
_gnutls_recv_hello_request (gnutls_session_t session, void *data,
- uint32_t data_size)
+ uint32_t data_size)
{
uint8_t type;
*/
inline static int
check_server_params (gnutls_session_t session,
- gnutls_kx_algorithm_t kx,
- gnutls_kx_algorithm_t * alg, int alg_size)
+ gnutls_kx_algorithm_t kx,
+ gnutls_kx_algorithm_t * alg, int alg_size)
{
int cred_type;
gnutls_dh_params_t dh_params = NULL;
{
int delete;
gnutls_certificate_credentials_t x509_cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
- cred_type, NULL);
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ cred_type, NULL);
if (x509_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (x509_cred->dh_params,
- x509_cred->params_func, session);
- rsa_params =
- _gnutls_certificate_get_rsa_params (x509_cred->rsa_params,
- x509_cred->params_func,
- session);
- }
+ {
+ dh_params =
+ _gnutls_get_dh_params (x509_cred->dh_params,
+ x509_cred->params_func, session);
+ rsa_params =
+ _gnutls_certificate_get_rsa_params (x509_cred->rsa_params,
+ x509_cred->params_func,
+ session);
+ }
/* Check also if the certificate supports the
* KX method.
*/
delete = 1;
for (j = 0; j < alg_size; j++)
- {
- if (alg[j] == kx)
- {
- delete = 0;
- break;
- }
- }
+ {
+ if (alg[j] == kx)
+ {
+ delete = 0;
+ break;
+ }
+ }
if (delete == 1)
- return 1;
+ return 1;
#ifdef ENABLE_ANON
}
else if (cred_type == GNUTLS_CRD_ANON)
{
gnutls_anon_server_credentials_t anon_cred =
- (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key,
- cred_type, NULL);
+ (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key,
+ cred_type, NULL);
if (anon_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (anon_cred->dh_params,
- anon_cred->params_func, session);
- }
+ {
+ dh_params =
+ _gnutls_get_dh_params (anon_cred->dh_params,
+ anon_cred->params_func, session);
+ }
#endif
#ifdef ENABLE_PSK
}
else if (cred_type == GNUTLS_CRD_PSK)
{
gnutls_psk_server_credentials_t psk_cred =
- (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key,
- cred_type, NULL);
+ (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key,
+ cred_type, NULL);
if (psk_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func,
- session);
- }
+ {
+ dh_params =
+ _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func,
+ session);
+ }
#endif
}
else
- return 0; /* no need for params */
+ return 0; /* no need for params */
/* If the key exchange method needs RSA or DH params,
{
/* needs rsa params. */
if (_gnutls_rsa_params_to_mpi (rsa_params) == NULL)
- {
- gnutls_assert ();
- return 1;
- }
+ {
+ gnutls_assert ();
+ return 1;
+ }
}
if (_gnutls_kx_needs_dh_params (kx) != 0)
{
/* needs DH params. */
if (_gnutls_dh_params_to_mpi (dh_params) == NULL)
- {
- gnutls_assert ();
- return 1;
- }
+ {
+ gnutls_assert ();
+ return 1;
+ }
}
return 0;
*/
int
_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
- cipher_suite_st ** cipherSuites,
- int numCipherSuites,
- gnutls_pk_algorithm_t requested_pk_algo)
+ cipher_suite_st ** cipherSuites,
+ int numCipherSuites,
+ gnutls_pk_algorithm_t requested_pk_algo)
{
int ret = 0;
cert_cred =
(gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
/* If there are certificate credentials, find an appropriate certificate
* or disable them;
{
ret = _gnutls_server_select_cert (session, requested_pk_algo);
if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_x509_log ("Could not find an appropriate certificate: %s\n",
- gnutls_strerror (ret));
- cert_cred = NULL;
- }
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("Could not find an appropriate certificate: %s\n",
+ gnutls_strerror (ret));
+ cert_cred = NULL;
+ }
}
/* get all the key exchange algorithms that are
/* if it is defined but had no credentials
*/
if (_gnutls_get_kx_cred (session, kx, NULL) == NULL)
- {
- delete = 1;
- }
+ {
+ delete = 1;
+ }
else
- {
- delete = 0;
+ {
+ delete = 0;
- if (server)
- delete = check_server_params (session, kx, alg, alg_size);
- }
+ if (server)
+ delete = check_server_params (session, kx, alg, alg_size);
+ }
/* These two SRP kx's are marked to require a CRD_CERTIFICATE,
(see cred_mappings in gnutls_algorithms.c), but it also
requires a SRP credential. Don't use SRP kx unless we have a
SRP credential too. */
if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
- {
- if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL))
- delete = 1;
- }
+ {
+ if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL))
+ delete = 1;
+ }
memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2);
if (delete == 0)
- {
+ {
- _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n",
- session,
- _gnutls_cipher_suite_get_name (&cs));
+ _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name (&cs));
- memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2);
- newSuiteSize++;
- }
+ memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2);
+ newSuiteSize++;
+ }
else
- {
- _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n",
- session,
- _gnutls_cipher_suite_get_name (&cs));
+ {
+ _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name (&cs));
- }
+ }
}
gnutls_free (alg);
_gnutls_set_adv_version (gnutls_session_t session, gnutls_protocol_t ver)
{
set_adv_version (session, _gnutls_version_get_major (ver),
- _gnutls_version_get_minor (ver));
+ _gnutls_version_get_minor (ver));
}
gnutls_protocol_t
_gnutls_get_adv_version (gnutls_session_t session)
{
return _gnutls_version_get (_gnutls_get_adv_version_major (session),
- _gnutls_get_adv_version_minor (session));
+ _gnutls_get_adv_version_minor (session));
}
/**
{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
- gnutls_handshake_description_t type);
+ gnutls_handshake_description_t type);
int _gnutls_recv_hello_request (gnutls_session_t session, void *data,
- uint32_t data_size);
+ uint32_t data_size);
int _gnutls_send_hello (gnutls_session_t session, int again);
int _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen);
int _gnutls_recv_handshake (gnutls_session_t session, uint8_t **, int *,
- gnutls_handshake_description_t,
- Optional optional);
+ gnutls_handshake_description_t,
+ Optional optional);
int _gnutls_generate_session_id (opaque * session_id, uint8_t * len);
int _gnutls_handshake_common (gnutls_session_t session);
int _gnutls_handshake_client (gnutls_session_t session);
void _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd);
int _gnutls_tls_create_random (opaque * dst);
int _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
- cipher_suite_st ** cipherSuites,
- int numCipherSuites,
- gnutls_pk_algorithm_t);
+ cipher_suite_st ** cipherSuites,
+ int numCipherSuites,
+ gnutls_pk_algorithm_t);
int _gnutls_find_pk_algos_in_ciphersuites (opaque * data, int datalen);
int _gnutls_server_select_suite (gnutls_session_t session, opaque * data,
- int datalen);
+ int datalen);
int _gnutls_negotiate_version (gnutls_session_t session,
- gnutls_protocol_t adv_version);
+ gnutls_protocol_t adv_version);
int _gnutls_user_hello_func (gnutls_session_t session,
- gnutls_protocol_t adv_version);
+ gnutls_protocol_t adv_version);
void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session);
if (cc != NULL)
{
if (cc->init (algorithm, &dig->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
dig->hash = cc->hash;
dig->copy = cc->copy;
int
_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest)
+ const void *text, size_t textlen, void *digest)
{
digest_hd_st dig;
int ret;
int
_gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen, void *digest)
+ int keylen, const void *text, size_t textlen, void *digest)
{
digest_hd_st dig;
int ret;
int
_gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
- const void *key, int keylen)
+ const void *key, int keylen)
{
int result;
const gnutls_crypto_mac_st *cc = NULL;
if (cc != NULL)
{
if (cc->init (algorithm, &dig->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
if (cc->setkey (dig->handle, key, keylen) < 0)
- {
- gnutls_assert ();
- cc->deinit (dig->handle);
- return GNUTLS_E_HASH_FAILED;
- }
+ {
+ gnutls_assert ();
+ cc->deinit (dig->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
dig->hash = cc->hash;
dig->output = cc->output;
int
_gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm,
- void *key, int keylen)
+ void *key, int keylen)
{
opaque ipad[48];
int padsize, result;
_gnutls_hash (&td, opad, padsize);
block = _gnutls_hmac_get_algo_len (handle->algorithm);
- _gnutls_hash_deinit (handle, ret); /* get the previous hash */
+ _gnutls_hash_deinit (handle, ret); /* get the previous hash */
_gnutls_hash (&td, ret, block);
_gnutls_hash_deinit (&td, digest);
void
_gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
- void *digest, opaque * key,
- uint32_t key_size)
+ void *digest, opaque * key,
+ uint32_t key_size)
{
opaque ret[MAX_HASH_SIZE];
digest_hd_st td;
if (key_size > 0)
_gnutls_hash (handle, key, key_size);
_gnutls_hash (handle, ipad, padsize);
- _gnutls_hash_deinit (handle, ret); /* get the previous hash */
+ _gnutls_hash_deinit (handle, ret); /* get the previous hash */
_gnutls_hash (&td, ret, block);
static int
ssl3_sha (int i, opaque * secret, int secret_len,
- opaque * rnd, int rnd_len, void *digest)
+ opaque * rnd, int rnd_len, void *digest)
{
int j, ret;
opaque text1[26];
for (j = 0; j < i + 1; j++)
{
- text1[j] = 65 + i; /* A==65 */
+ text1[j] = 65 + i; /* A==65 */
}
ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
static int
ssl3_md5 (int i, opaque * secret, int secret_len,
- opaque * rnd, int rnd_len, void *digest)
+ opaque * rnd, int rnd_len, void *digest)
{
opaque tmp[MAX_HASH_SIZE];
digest_hd_st td;
int
_gnutls_ssl3_hash_md5 (const void *first, int first_len,
- const void *second, int second_len,
- int ret_len, opaque * ret)
+ const void *second, int second_len,
+ int ret_len, opaque * ret)
{
opaque digest[MAX_HASH_SIZE];
digest_hd_st td;
int
_gnutls_ssl3_generate_random (void *secret, int secret_len,
- void *rnd, int rnd_len,
- int ret_bytes, opaque * ret)
+ void *rnd, int rnd_len,
+ int ret_bytes, opaque * ret)
{
int i = 0, copy, output_bytes;
opaque digest[MAX_HASH_SIZE];
result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
if ((1 + i) * block < ret_bytes)
- {
- copy = block;
- }
+ {
+ copy = block;
+ }
else
- {
- copy = ret_bytes - (i) * block;
- }
+ {
+ copy = ret_bytes - (i) * block;
+ }
memcpy (&ret[i * block], digest, copy);
}
/* basic functions */
int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
- const void *key, int keylen);
+ const void *key, int keylen);
int _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm);
int _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen);
int _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen,
- void *digest);
+ int keylen, const void *text, size_t textlen,
+ void *digest);
void _gnutls_hmac_deinit (digest_hd_st * handle, void *digest);
void _gnutls_hmac_output (digest_hd_st * handle, void *digest);
int
_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest);
+ const void *text, size_t textlen, void *digest);
/* help functions */
int _gnutls_mac_init_ssl3 (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
- void *key, int keylen);
+ void *key, int keylen);
void _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest);
int _gnutls_ssl3_generate_random (void *secret, int secret_len,
- void *rnd, int random_len, int bytes,
- opaque * ret);
+ void *rnd, int random_len, int bytes,
+ opaque * ret);
int _gnutls_ssl3_hash_md5 (const void *first, int first_len,
- const void *second, int second_len,
- int ret_len, opaque * ret);
+ const void *second, int second_len,
+ int ret_len, opaque * ret);
void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest,
- opaque * key, uint32_t key_size);
+ opaque * key, uint32_t key_size);
int _gnutls_hash_copy (digest_hd_st * dst_handle, digest_hd_st * src_handle);
GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
GNUTLS_EXTENSION_SESSION_TICKET = 35,
GNUTLS_EXTENSION_INNER_APPLICATION = 37703,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
} extensions_t;
typedef enum
message. Mark should only be non-zero when this buffer is the
head of the queue. */
size_t mark;
- unsigned int user_mark; /* only used during fill in */
+ unsigned int user_mark; /* only used during fill in */
size_t maximum_size;
} mbuffer_st;
typedef enum
{
- HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */
- HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */
+ HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */
+ HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */
} handshake_mac_type_t;
/* Store & Retrieve functions defines:
*/
void *auth_info;
gnutls_credentials_type_t auth_info_type;
- int auth_info_size; /* needed in order to store to db for restoring
- */
+ int auth_info_size; /* needed in order to store to db for restoring
+ */
uint8_t crypt_algo;
- auth_cred_st *cred; /* used to specify keys/certificates etc */
+ auth_cred_st *cred; /* used to specify keys/certificates etc */
int certificate_requested;
/* some ciphersuites use this
typedef struct
{
uint8_t hash_algorithm;
- uint8_t sign_algorithm; /* pk algorithm actually */
+ uint8_t sign_algorithm; /* pk algorithm actually */
} sign_algorithm_st;
/* This structure holds parameters got from TLS extension
#define MAX_SIGNATURE_ALGORITHMS 16
-#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
+#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
/* auth_info_t structures now MAY contain malloced
* elements.
{
gnutls_connection_end_t entity;
gnutls_kx_algorithm_t kx_algorithm;
- handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
+ handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
/* The epoch used to read and write */
uint16_t epoch_read;
uint16_t max_record_recv_size;
/* holds the negotiated certificate type */
gnutls_certificate_type_t cert_type;
- gnutls_protocol_t version; /* moved here */
+ gnutls_protocol_t version; /* moved here */
/* FIXME: The following are not saved in the session storage
* for session resumption.
typedef struct
{
- gnutls_buffer_st application_data_buffer; /* holds data to be delivered to application layer */
- gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
- * message */
+ gnutls_buffer_st application_data_buffer; /* holds data to be delivered to application layer */
+ gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
+ * message */
union
{
struct
{
- digest_hd_st sha; /* hash of the handshake messages */
- digest_hd_st md5; /* hash of the handshake messages */
+ digest_hd_st sha; /* hash of the handshake messages */
+ digest_hd_st md5; /* hash of the handshake messages */
} tls10;
struct
{
- digest_hd_st sha1; /* hash of the handshake messages for TLS 1.2+ */
- digest_hd_st sha256; /* hash of the handshake messages for TLS 1.2+ */
+ digest_hd_st sha1; /* hash of the handshake messages for TLS 1.2+ */
+ digest_hd_st sha256; /* hash of the handshake messages for TLS 1.2+ */
} tls12;
} handshake_mac_handle;
- int handshake_mac_handle_init; /* 1 when the previous union and type were initialized */
-
- gnutls_buffer_st handshake_data_buffer; /* this is a buffer that holds the current handshake message */
- gnutls_buffer_st ia_data_buffer; /* holds inner application data (TLS/IA) */
- int resumable:1; /* TRUE or FALSE - if we can resume that session */
- handshake_state_t handshake_state; /* holds
- * a number which indicates where
- * the handshake procedure has been
- * interrupted. If it is 0 then
- * no interruption has happened.
- */
-
- int invalid_connection:1; /* true or FALSE - if this session is valid */
-
- int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
- */
+ int handshake_mac_handle_init; /* 1 when the previous union and type were initialized */
+
+ gnutls_buffer_st handshake_data_buffer; /* this is a buffer that holds the current handshake message */
+ gnutls_buffer_st ia_data_buffer; /* holds inner application data (TLS/IA) */
+ int resumable:1; /* TRUE or FALSE - if we can resume that session */
+ handshake_state_t handshake_state; /* holds
+ * a number which indicates where
+ * the handshake procedure has been
+ * interrupted. If it is 0 then
+ * no interruption has happened.
+ */
+
+ int invalid_connection:1; /* true or FALSE - if this session is valid */
+
+ int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
+ */
int may_not_write:1;
- int read_eof:1; /* non-zero if we have received a closure alert. */
+ int read_eof:1; /* non-zero if we have received a closure alert. */
- int last_alert; /* last alert received */
+ int last_alert; /* last alert received */
/* The last handshake messages sent or received.
*/
struct gnutls_priority_st priorities;
/* resumed session */
- int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
+ int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
security_parameters_st resumed_security_parameters;
gnutls_compression_method_t resumed_compression_method;
* non blocking IO.
*/
mbuffer_head_st record_recv_buffer;
- mbuffer_head_st record_send_buffer; /* holds cached data
- * for the gnutls_io_write_buffered()
- * function.
- */
- size_t record_send_buffer_user_size; /* holds the
- * size of the user specified data to
- * send.
- */
+ mbuffer_head_st record_send_buffer; /* holds cached data
+ * for the gnutls_io_write_buffered()
+ * function.
+ */
+ size_t record_send_buffer_user_size; /* holds the
+ * size of the user specified data to
+ * send.
+ */
/* 0 if no peeked data was kept, 1 otherwise.
*/
int have_peeked_data:1;
- int expire_time; /* after expire_time seconds this session will expire */
- struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
- int v2_hello; /* 0 if the client hello is v3+.
- * non-zero if we got a v2 hello.
- */
+ int expire_time; /* after expire_time seconds this session will expire */
+ struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
+ int v2_hello; /* 0 if the client hello is v3+.
+ * non-zero if we got a v2 hello.
+ */
/* keeps the headers of the handshake packet
*/
handshake_header_buffer_st handshake_header_buffer;
void *user_ptr;
- int enable_private; /* non zero to
- * enable cipher suites
- * which have 0xFF status.
- */
+ int enable_private; /* non zero to
+ * enable cipher suites
+ * which have 0xFF status.
+ */
/* Holds 0 if the last called function was interrupted while
* receiving, and non zero otherwise.
/* functions
*/
void _gnutls_set_current_version (gnutls_session_t session,
- gnutls_protocol_t version);
+ gnutls_protocol_t version);
void _gnutls_free_auth_info (gnutls_session_t session);
/* These two macros return the advertized TLS version of
#include <gnutls_datum.h>
#include <gnutls_rsa_export.h>
#include <gnutls_mbuffers.h>
-#include "../libextra/ext_inner_application.h" /* isn't this too much? */
+#include "../libextra/ext_inner_application.h" /* isn't this too much? */
/* This is a temporary function to be used before the generate_*
internal API is changed to use mbuffers. For now we don't avoid the
extra alloc + memcpy. */
static inline int
send_handshake (gnutls_session_t session, opaque * data, size_t size,
- gnutls_handshake_description_t type)
+ gnutls_handshake_description_t type)
{
mbuffer_st *bufel;
char buf[512];
_gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size,
- _gnutls_bin2hex (PREMASTER.data, PREMASTER.size, buf,
- sizeof (buf), NULL));
+ _gnutls_bin2hex (PREMASTER.data, PREMASTER.size, buf,
+ sizeof (buf), NULL));
_gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32,
- _gnutls_bin2hex (session->
- security_parameters.client_random, 32,
- buf, sizeof (buf), NULL));
+ _gnutls_bin2hex (session->
+ security_parameters.client_random, 32,
+ buf, sizeof (buf), NULL));
_gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32,
- _gnutls_bin2hex (session->
- security_parameters.server_random, 32,
- buf, sizeof (buf), NULL));
+ _gnutls_bin2hex (session->
+ security_parameters.server_random, 32,
+ buf, sizeof (buf), NULL));
if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
{
opaque rnd[2 * GNUTLS_RANDOM_SIZE + 1];
memcpy (rnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
ret =
- _gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size,
- rnd, 2 * GNUTLS_RANDOM_SIZE,
- GNUTLS_MASTER_SIZE,
- session->
- security_parameters.master_secret);
+ _gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size,
+ rnd, 2 * GNUTLS_RANDOM_SIZE,
+ GNUTLS_MASTER_SIZE,
+ session->
+ security_parameters.master_secret);
}
else
opaque rnd[2 * GNUTLS_RANDOM_SIZE + 1];
memcpy (rnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
ret =
- _gnutls_PRF (session, PREMASTER.data, PREMASTER.size,
- MASTER_SECRET, strlen (MASTER_SECRET),
- rnd, 2 * GNUTLS_RANDOM_SIZE, GNUTLS_MASTER_SIZE,
- session->security_parameters.master_secret);
+ _gnutls_PRF (session, PREMASTER.data, PREMASTER.size,
+ MASTER_SECRET, strlen (MASTER_SECRET),
+ rnd, 2 * GNUTLS_RANDOM_SIZE, GNUTLS_MASTER_SIZE,
+ session->security_parameters.master_secret);
}
/* TLS/IA inner secret is derived from the master secret. */
return ret;
_gnutls_hard_log ("INT: MASTER SECRET: %s\n",
- _gnutls_bin2hex (session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, buf, sizeof (buf),
- NULL));
+ _gnutls_bin2hex (session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, buf, sizeof (buf),
+ NULL));
return ret;
}
if (again == 0)
{
data_size =
- session->internals.auth_struct->gnutls_generate_server_kx (session,
- &data);
+ session->internals.auth_struct->gnutls_generate_server_kx (session,
+ &data);
if (data_size == GNUTLS_E_INT_RET_0)
- {
- gnutls_assert ();
- return 0;
- }
+ {
+ gnutls_assert ();
+ return 0;
+ }
if (data_size < 0)
- {
- gnutls_assert ();
- return data_size;
- }
+ {
+ gnutls_assert ();
+ return data_size;
+ }
}
ret = send_handshake (session, data, data_size,
- GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
gnutls_free (data);
if (ret < 0)
if (again == 0)
{
data_size =
- session->internals.
- auth_struct->gnutls_generate_server_certificate_request (session,
- &data);
+ session->internals.
+ auth_struct->gnutls_generate_server_certificate_request (session,
+ &data);
if (data_size < 0)
- {
- gnutls_assert ();
- return data_size;
- }
+ {
+ gnutls_assert ();
+ return data_size;
+ }
}
ret = send_handshake (session, data, data_size,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
gnutls_free (data);
if (ret < 0)
if (again == 0)
{
data_size =
- session->internals.auth_struct->gnutls_generate_client_kx (session,
- &data);
+ session->internals.auth_struct->gnutls_generate_client_kx (session,
+ &data);
if (data_size < 0)
- {
- gnutls_assert ();
- return data_size;
- }
+ {
+ gnutls_assert ();
+ return data_size;
+ }
}
ret = send_handshake (session, data, data_size,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
gnutls_free (data);
if (ret < 0)
NULL)
{
gnutls_assert ();
- return 0; /* this algorithm does not support cli_cert_vrfy
- */
+ return 0; /* this algorithm does not support cli_cert_vrfy
+ */
}
data = NULL;
if (again == 0)
{
data_size =
- session->internals.
- auth_struct->gnutls_generate_client_cert_vrfy (session, &data);
+ session->internals.
+ auth_struct->gnutls_generate_client_cert_vrfy (session, &data);
if (data_size < 0)
- {
- gnutls_assert ();
- return data_size;
- }
+ {
+ gnutls_assert ();
+ return data_size;
+ }
if (data_size == 0)
- return 0;
+ return 0;
}
ret = send_handshake (session, data, data_size,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
gnutls_free (data);
return ret;
/* EXCEPTION FOR RSA_EXPORT cipher suite
*/
if (_gnutls_session_is_export (session) != 0 &&
- _gnutls_peers_cert_less_512 (session) != 0)
- {
- gnutls_assert ();
- return 0;
- }
+ _gnutls_peers_cert_less_512 (session) != 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
/* Server key exchange packet is optional for PSK. */
if (_gnutls_session_is_psk (session))
- optflag = OPTIONAL_PACKET;
+ optflag = OPTIONAL_PACKET;
ret =
- _gnutls_recv_handshake (session, &data,
- &datasize,
- GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
- optflag);
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
+ optflag);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret =
- session->internals.auth_struct->gnutls_process_server_kx (session,
- data,
- datasize);
+ session->internals.auth_struct->gnutls_process_server_kx (session,
+ data,
+ datasize);
gnutls_free (data);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
return ret;
{
ret =
- _gnutls_recv_handshake (session, &data,
- &datasize,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
- OPTIONAL_PACKET);
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+ OPTIONAL_PACKET);
if (ret < 0)
- return ret;
+ return ret;
if (ret == 0 && datasize == 0)
- return 0; /* ignored */
+ return 0; /* ignored */
ret =
- session->internals.
- auth_struct->gnutls_process_server_certificate_request (session, data,
- datasize);
+ session->internals.
+ auth_struct->gnutls_process_server_certificate_request (session, data,
+ datasize);
gnutls_free (data);
if (ret < 0)
- return ret;
+ return ret;
}
return ret;
{
ret =
- _gnutls_recv_handshake (session, &data,
- &datasize,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
- MANDATORY_PACKET);
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
+ MANDATORY_PACKET);
if (ret < 0)
- return ret;
+ return ret;
ret =
- session->internals.auth_struct->gnutls_process_client_kx (session,
- data,
- datasize);
+ session->internals.auth_struct->gnutls_process_client_kx (session,
+ data,
+ datasize);
gnutls_free (data);
if (ret < 0)
- return ret;
+ return ret;
}
if (again == 0)
{
if (gnutls_protocol_get_version (session) != GNUTLS_SSL3 ||
- session->internals.selected_cert_list_length > 0)
- {
- /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
- data_size =
- session->internals.
- auth_struct->gnutls_generate_client_certificate (session, &data);
-
- if (data_size < 0)
- {
- gnutls_assert ();
- return data_size;
- }
- }
+ session->internals.selected_cert_list_length > 0)
+ {
+ /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ data_size =
+ session->internals.
+ auth_struct->gnutls_generate_client_certificate (session, &data);
+
+ if (data_size < 0)
+ {
+ gnutls_assert ();
+ return data_size;
+ }
+ }
}
/* In the SSL 3.0 protocol we need to send a
session->internals.selected_cert_list_length == 0)
{
ret =
- gnutls_alert_send (session, GNUTLS_AL_WARNING,
- GNUTLS_A_SSL3_NO_CERTIFICATE);
+ gnutls_alert_send (session, GNUTLS_AL_WARNING,
+ GNUTLS_A_SSL3_NO_CERTIFICATE);
}
else
- { /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
+ { /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
ret = send_handshake (session, data, data_size,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
gnutls_free (data);
}
if (again == 0)
{
data_size =
- session->internals.
- auth_struct->gnutls_generate_server_certificate (session, &data);
+ session->internals.
+ auth_struct->gnutls_generate_server_certificate (session, &data);
if (data_size < 0)
- {
- gnutls_assert ();
- return data_size;
- }
+ {
+ gnutls_assert ();
+ return data_size;
+ }
}
ret = send_handshake (session, data, data_size,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
gnutls_free (data);
if (ret < 0)
/* if we have not requested a certificate then just return
*/
if (session->internals.send_cert_req == 0)
- {
- return 0;
- }
+ {
+ return 0;
+ }
if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- optional = MANDATORY_PACKET;
+ optional = MANDATORY_PACKET;
else
- optional = OPTIONAL_PACKET;
+ optional = OPTIONAL_PACKET;
ret =
- _gnutls_recv_handshake (session, &data,
- &datasize,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional);
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional);
if (ret < 0)
- {
- /* Handle the case of old SSL3 clients who send
- * a warning alert instead of an empty certificate to indicate
- * no certificate.
- */
- if (optional == OPTIONAL_PACKET &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
- gnutls_protocol_get_version (session) == GNUTLS_SSL3 &&
- gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
- {
-
- /* SSL3 does not send an empty certificate,
- * but this alert. So we just ignore it.
- */
- gnutls_assert ();
- return 0;
- }
-
- /* certificate was required
- */
- if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- && optional == MANDATORY_PACKET)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- return ret;
- }
+ {
+ /* Handle the case of old SSL3 clients who send
+ * a warning alert instead of an empty certificate to indicate
+ * no certificate.
+ */
+ if (optional == OPTIONAL_PACKET &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
+ gnutls_protocol_get_version (session) == GNUTLS_SSL3 &&
+ gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
+ {
+
+ /* SSL3 does not send an empty certificate,
+ * but this alert. So we just ignore it.
+ */
+ gnutls_assert ();
+ return 0;
+ }
+
+ /* certificate was required
+ */
+ if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ && optional == MANDATORY_PACKET)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ return ret;
+ }
if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET)
- {
- /* Client has not sent the certificate message.
- * well I'm not sure we should accept this
- * behaviour.
- */
- gnutls_assert ();
- return 0;
- }
+ {
+ /* Client has not sent the certificate message.
+ * well I'm not sure we should accept this
+ * behaviour.
+ */
+ gnutls_assert ();
+ return 0;
+ }
ret =
- session->internals.
- auth_struct->gnutls_process_client_certificate (session, data,
- datasize);
+ session->internals.
+ auth_struct->gnutls_process_client_certificate (session, data,
+ datasize);
gnutls_free (data);
if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* ok we should expect a certificate verify message now
*/
if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
- ret = 0;
+ ret = 0;
else
- session->key->certificate_requested = 1;
+ session->key->certificate_requested = 1;
}
{
ret =
- _gnutls_recv_handshake (session, &data,
- &datasize,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
- MANDATORY_PACKET);
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+ MANDATORY_PACKET);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret =
- session->internals.
- auth_struct->gnutls_process_server_certificate (session, data,
- datasize);
+ session->internals.
+ auth_struct->gnutls_process_server_certificate (session, data,
+ datasize);
gnutls_free (data);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
return ret;
{
if (session->internals.send_cert_req == 0 ||
- session->key->certificate_requested == 0)
- {
- return 0;
- }
+ session->key->certificate_requested == 0)
+ {
+ return 0;
+ }
ret =
- _gnutls_recv_handshake (session, &data,
- &datasize,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
- OPTIONAL_PACKET);
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
+ OPTIONAL_PACKET);
if (ret < 0)
- return ret;
+ return ret;
if (ret == 0 && datasize == 0
- && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- {
- /* certificate was required */
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
+ {
+ /* certificate was required */
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
ret =
- session->internals.
- auth_struct->gnutls_process_client_cert_vrfy (session, data,
- datasize);
+ session->internals.
+ auth_struct->gnutls_process_client_cert_vrfy (session, data,
+ datasize);
gnutls_free (data);
if (ret < 0)
- return ret;
+ return ret;
}
int _gnutls_recv_server_kx_message (gnutls_session_t session);
int _gnutls_recv_client_kx_message (gnutls_session_t session);
int _gnutls_send_client_certificate_verify (gnutls_session_t session,
- int again);
+ int again);
int _gnutls_send_server_certificate (gnutls_session_t session, int again);
int _gnutls_generate_master (gnutls_session_t session, int keep_premaster);
int _gnutls_recv_client_certificate (gnutls_session_t session);
int _gnutls_send_client_certificate (gnutls_session_t session, int again);
int _gnutls_recv_server_certificate_request (gnutls_session_t session);
int _gnutls_send_server_certificate_request (gnutls_session_t session,
- int again);
+ int again);
int _gnutls_recv_client_certificate_verify_message (gnutls_session_t session);
next = bufel->next;
if (left >= (bufel->msg.size - bufel->mark))
- {
- left -= (bufel->msg.size - bufel->mark);
- remove_front (buf);
- }
+ {
+ left -= (bufel->msg.size - bufel->mark);
+ remove_front (buf);
+ }
else
- {
- bufel->mark += left;
- buf->byte_length -= left;
- left = 0;
- }
+ {
+ bufel->mark += left;
+ buf->byte_length -= left;
+ left = 0;
+ }
}
return 0;
* one.
*/
int _mbuffer_append_data (mbuffer_st * bufel, void *newdata,
- size_t newdata_size);
+ size_t newdata_size);
int _mbuffer_linearize (mbuffer_head_st * buf);
_gnutls_handshake_alloc (size_t size, size_t maximum)
{
mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size,
- HANDSHAKE_HEADER_SIZE + maximum);
+ HANDSHAKE_HEADER_SIZE + maximum);
if (!ret)
return NULL;
#ifndef GNUTLS_MEM_H
#define GNUTLS_MEM_H
-typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
+typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
extern int (*_gnutls_is_secure_memory) (const void *);
bigint_t
_gnutls_mpi_randomize (bigint_t r, unsigned int bits,
- gnutls_rnd_level_t level)
+ gnutls_rnd_level_t level)
{
size_t size = 1 + (bits / 8);
int ret;
{
buf = gnutls_malloc (size);
if (buf == NULL)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
buf_release = 1;
}
else
{
for (i = 8; i >= rem; i--)
- buf[0] = clearbit (buf[0], i);
+ buf[0] = clearbit (buf[0], i);
}
ret = _gnutls_mpi_scan (&tmp, buf, size);
{
size_t diff = size - bytes;
for (i = 0; i < diff; i++)
- buf[i] = 0;
+ buf[i] = 0;
ret = _gnutls_mpi_print (a, &buf[diff], &bytes);
}
else
*/
int
_gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
- int lz)
+ int lz)
{
opaque *tmpstr;
size_t s_len;
extern gnutls_crypto_bigint_st _gnutls_mpi_ops;
bigint_t _gnutls_mpi_randomize (bigint_t, unsigned int bits,
- gnutls_rnd_level_t level);
+ gnutls_rnd_level_t level);
#define _gnutls_mpi_new(x) _gnutls_mpi_ops.bigint_new(x)
#define _gnutls_mpi_cmp(x,y) _gnutls_mpi_ops.bigint_cmp(x,y)
int _gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes);
int _gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer,
- size_t nbytes);
+ size_t nbytes);
int _gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer,
- size_t nbytes);
+ size_t nbytes);
int _gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest);
int _gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest);
int _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest,
- size_t size);
+ size_t size);
#define _gnutls_mpi_generate_group( gg, bits) _gnutls_mpi_ops.bigint_generate_group( gg, bits)
{
y = 0;
if (x->i[i] == 0xff)
- {
- x->i[i] = 0;
- y = 1;
- }
+ {
+ x->i[i] = 0;
+ y = 1;
+ }
else
- x->i[i]++;
+ x->i[i]++;
if (y == 0)
- break;
+ break;
}
if (y != 0)
- return -1; /* over 64 bits! WOW */
+ return -1; /* over 64 bits! WOW */
return 0;
}
*/
int
_gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- bigint_t * params, unsigned params_len,
- unsigned btype)
+ const gnutls_datum_t * plaintext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype)
{
unsigned int i, pad;
int ret;
case 2:
/* using public key */
if (params_len < RSA_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- gnutls_free (edata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, ps, psize);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (edata);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return ret;
+ }
for (i = 0; i < psize; i++)
- while (ps[i] == 0)
- {
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (edata);
- return ret;
- }
- }
+ while (ps[i] == 0)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return ret;
+ }
+ }
break;
case 1:
/* using private key */
if (params_len < RSA_PRIVATE_PARAMS)
- {
- gnutls_assert ();
- gnutls_free (edata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
for (i = 0; i < psize; i++)
- ps[i] = 0xff;
+ ps[i] = 0xff;
break;
default:
gnutls_assert ();
to_encrypt.data = edata;
to_encrypt.size = k;
- if (btype == 2) /* encrypt */
+ if (btype == 2) /* encrypt */
ret =
_gnutls_pk_encrypt (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params);
- else /* sign */
+ else /* sign */
ret =
_gnutls_pk_sign (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params);
return 0;
}
else
- { /* psize > k !!! */
+ { /* psize > k !!! */
/* This is an impossible situation */
gnutls_assert ();
_gnutls_free_datum (&encrypted);
*/
int
_gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- bigint_t * params, unsigned params_len,
- unsigned btype)
+ const gnutls_datum_t * ciphertext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype)
{
unsigned int k, i;
int ret;
if (btype == 2)
{
ret =
- _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
+ _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
}
else
{
ret =
- _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
+ _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
}
if (ret < 0)
{
case 2:
for (i = 2; i < plaintext->size; i++)
- {
- if (plaintext->data[i] == 0)
- {
- ret = 0;
- break;
- }
- }
+ {
+ if (plaintext->data[i] == 0)
+ {
+ ret = 0;
+ break;
+ }
+ }
break;
case 1:
for (i = 2; i < plaintext->size; i++)
- {
- if (plaintext->data[i] == 0 && i > 2)
- {
- ret = 0;
- break;
- }
- if (plaintext->data[i] != 0xff)
- {
- _gnutls_handshake_log ("PKCS #1 padding error");
- _gnutls_free_datum (plaintext);
- /* PKCS #1 padding error. Don't use
- GNUTLS_E_PKCS1_WRONG_PAD here. */
- break;
- }
- }
+ {
+ if (plaintext->data[i] == 0 && i > 2)
+ {
+ ret = 0;
+ break;
+ }
+ if (plaintext->data[i] != 0xff)
+ {
+ _gnutls_handshake_log ("PKCS #1 padding error");
+ _gnutls_free_datum (plaintext);
+ /* PKCS #1 padding error. Don't use
+ GNUTLS_E_PKCS1_WRONG_PAD here. */
+ break;
+ }
+ }
break;
default:
gnutls_assert ();
int
_gnutls_rsa_verify (const gnutls_datum_t * vdata,
- const gnutls_datum_t * ciphertext, bigint_t * params,
- int params_len, int btype)
+ const gnutls_datum_t * ciphertext, bigint_t * params,
+ int params_len, int btype)
{
gnutls_datum_t plain;
/* decrypt signature */
if ((ret =
_gnutls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len,
- btype)) < 0)
+ btype)) < 0)
{
gnutls_assert ();
return ret;
_gnutls_free_datum (&plain);
- return 0; /* ok */
+ return 0; /* ok */
}
/* encodes the Dss-Sig-Value structure
if ((result =
asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
*/
int
_gnutls_dsa_sign (gnutls_datum_t * signature,
- const gnutls_datum_t * hash, bigint_t * params,
- unsigned int params_len)
+ const gnutls_datum_t * hash, bigint_t * params,
+ unsigned int params_len)
{
int ret;
size_t i;
k = hash->size;
if (k < 20)
- { /* SHA1 or better only */
+ { /* SHA1 or better only */
gnutls_assert ();
return GNUTLS_E_PK_SIGN_FAILED;
}
*/
int
_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
- bigint_t * s)
+ bigint_t * s)
{
ASN1_TYPE sig;
int result;
if ((result =
asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
*/
int
_gnutls_dsa_verify (const gnutls_datum_t * vdata,
- const gnutls_datum_t * sig_value, bigint_t * params,
- int params_len)
+ const gnutls_datum_t * sig_value, bigint_t * params,
+ int params_len)
{
int ret, i;
pk_params.params_nr = params_len;
if (vdata->size > 20)
- { /* SHA1 or better only */
+ { /* SHA1 or better only */
gnutls_assert ();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
return ret;
}
- return 0; /* ok */
+ return 0; /* ok */
}
/* some generic pk functions */
static int
_generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len,
- int bits)
+ int bits)
{
gnutls_pk_params_st params;
int ret;
{
*resarr_len = params.params_nr;
for (i = 0; i < params.params_nr; i++)
- resarr[i] = params.params[i];
+ resarr[i] = params.params[i];
}
else
{
int
_gnutls_rsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
- int bits)
+ int bits)
{
return _generate_params (GNUTLS_PK_RSA, resarr, resarr_len, bits);
}
int
_gnutls_dsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
- int bits)
+ int bits)
{
return _generate_params (GNUTLS_PK_DSA, resarr, resarr_len, bits);
}
int
_gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params,
- int params_len)
+ int params_len)
{
int i, j;
dst->params_nr = 0;
{
dst->params[i] = _gnutls_mpi_set (NULL, params[i]);
if (dst->params[i] == NULL)
- {
- for (j = 0; j < i; j++)
- _gnutls_mpi_release (&dst->params[j]);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ for (j = 0; j < i; j++)
+ _gnutls_mpi_release (&dst->params[j]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
dst->params_nr++;
}
int
_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, bigint_t * params,
- int params_size,
- gnutls_digest_algorithm_t * dig,
- unsigned int *mand)
+ int params_size,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand)
{
if (mand)
{
if (pk == GNUTLS_PK_DSA)
- *mand = 1;
+ *mand = 1;
else
- *mand = 0;
+ *mand = 0;
}
return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) dig,
- NULL, pk, params, params_size);
+ NULL, pk, params, params_size);
}
inline static int
_gnutls_pk_fixup (gnutls_pk_algorithm_t algo, gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+ gnutls_pk_params_st * params)
{
if (_gnutls_pk_ops.pk_fixup_private_params)
return _gnutls_pk_ops.pk_fixup_private_params (algo, direction, params);
}
int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params,
- int params_len);
+ int params_len);
int _gnutls_rsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
- int bits);
+ int bits);
int _gnutls_dsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
- int bits);
+ int bits);
/* The internal PK interface */
int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- bigint_t * params, unsigned params_len,
- unsigned btype);
+ const gnutls_datum_t * plaintext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype);
int _gnutls_dsa_sign (gnutls_datum_t * signature,
- const gnutls_datum_t * plaintext, bigint_t * params,
- unsigned params_len);
+ const gnutls_datum_t * plaintext, bigint_t * params,
+ unsigned params_len);
int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- bigint_t * params, unsigned params_len,
- unsigned btype);
+ const gnutls_datum_t * ciphertext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype);
int _gnutls_rsa_verify (const gnutls_datum_t * vdata,
- const gnutls_datum_t * ciphertext, bigint_t * params,
- int params_len, int btype);
+ const gnutls_datum_t * ciphertext, bigint_t * params,
+ int params_len, int btype);
int _gnutls_dsa_verify (const gnutls_datum_t * vdata,
- const gnutls_datum_t * sig_value, bigint_t * params,
- int params_len);
+ const gnutls_datum_t * sig_value, bigint_t * params,
+ int params_len);
int
_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s);
int
_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
- bigint_t * s);
+ bigint_t * s);
int _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size);
int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
- bigint_t * params, int params_size,
- gnutls_digest_algorithm_t * dig,
- unsigned int *mand);
+ bigint_t * params, int params_size,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand);
#endif /* GNUTLS_PK_H */
static void
break_comma_list (char *etag,
- char **broken_etag, int *elements, int max_elements,
- char sep);
+ char **broken_etag, int *elements, int max_elements,
+ char sep);
/**
* gnutls_cipher_set_priority:
**/
int
gnutls_certificate_type_set_priority (gnutls_session_t session,
- const int *list)
+ const int *list)
{
#ifdef ENABLE_OPENPGP
return _set_priority (&session->internals.priorities.cert_type, list);
prio_remove (priority_st * priority_list, unsigned int algo)
{
int i = 0;
- int pos = -1; /* the position of the cipher to remove */
+ int pos = -1; /* the position of the cipher to remove */
while (priority_list->priority[i] != 0)
{
if (priority_list->priority[i] == algo)
- pos = i;
+ pos = i;
i++;
}
while (priority_list->priority[i] != 0)
{
if (algo == priority_list->priority[i])
- return; /* if it exists */
+ return; /* if it exists */
i++;
}
}
memcpy (&session->internals.priorities, priority,
- sizeof (struct gnutls_priority_st));
+ sizeof (struct gnutls_priority_st));
/* set the current version to the first in the chain.
* This will be overridden later.
*/
if (session->internals.priorities.protocol.algorithms > 0)
_gnutls_set_current_version (session,
- session->internals.priorities.protocol.
- priority[0]);
+ session->internals.priorities.protocol.
+ priority[0]);
return 0;
}
**/
int
gnutls_priority_init (gnutls_priority_t * priority_cache,
- const char *priorities, const char **err_pos)
+ const char *priorities, const char **err_pos)
{
char *broken_list[MAX_ELEMENTS];
int broken_list_size = 0, i = 0, j;
for (; i < broken_list_size; i++)
{
if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
- {
- _set_priority (&(*priority_cache)->cipher,
- cipher_priority_performance);
- _set_priority (&(*priority_cache)->kx, kx_priority_performance);
- _set_priority (&(*priority_cache)->mac, mac_priority_performance);
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_default);
- }
+ {
+ _set_priority (&(*priority_cache)->cipher,
+ cipher_priority_performance);
+ _set_priority (&(*priority_cache)->kx, kx_priority_performance);
+ _set_priority (&(*priority_cache)->mac, mac_priority_performance);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
else if (strcasecmp (broken_list[i], "NORMAL") == 0)
- {
- _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
- _set_priority (&(*priority_cache)->kx, kx_priority_secure);
- _set_priority (&(*priority_cache)->mac, mac_priority_secure);
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_default);
- }
+ {
+ _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
else if (strcasecmp (broken_list[i], "SECURE256") == 0
- || strcasecmp (broken_list[i], "SECURE") == 0)
- {
- _set_priority (&(*priority_cache)->cipher,
- cipher_priority_secure256);
- _set_priority (&(*priority_cache)->kx, kx_priority_secure);
- _set_priority (&(*priority_cache)->mac, mac_priority_secure);
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_secure256);
- }
+ || strcasecmp (broken_list[i], "SECURE") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+ cipher_priority_secure256);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_secure256);
+ }
else if (strcasecmp (broken_list[i], "SECURE128") == 0)
- {
- _set_priority (&(*priority_cache)->cipher,
- cipher_priority_secure128);
- _set_priority (&(*priority_cache)->kx, kx_priority_secure);
- _set_priority (&(*priority_cache)->mac, mac_priority_secure);
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_secure128);
- }
+ {
+ _set_priority (&(*priority_cache)->cipher,
+ cipher_priority_secure128);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_secure128);
+ }
else if (strcasecmp (broken_list[i], "EXPORT") == 0)
- {
- _set_priority (&(*priority_cache)->cipher, cipher_priority_export);
- _set_priority (&(*priority_cache)->kx, kx_priority_export);
- _set_priority (&(*priority_cache)->mac, mac_priority_secure);
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_default);
- } /* now check if the element is something like -ALGO */
+ {
+ _set_priority (&(*priority_cache)->cipher, cipher_priority_export);
+ _set_priority (&(*priority_cache)->kx, kx_priority_export);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ } /* now check if the element is something like -ALGO */
else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
- || broken_list[i][0] == '-')
- {
- if (broken_list[i][0] == '+')
- fn = prio_add;
- else
- fn = prio_remove;
-
- if ((algo =
- gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN)
- fn (&(*priority_cache)->mac, algo);
- else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) !=
- GNUTLS_CIPHER_UNKNOWN)
- fn (&(*priority_cache)->cipher, algo);
- else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) !=
- GNUTLS_KX_UNKNOWN)
- fn (&(*priority_cache)->kx, algo);
- else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
- {
- _set_priority (&(*priority_cache)->protocol,
- protocol_priority);
- }
- else
- {
- if ((algo =
- gnutls_protocol_get_id (&broken_list[i][6])) !=
- GNUTLS_VERSION_UNKNOWN)
- fn (&(*priority_cache)->protocol, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0)
- {
- _set_priority (&(*priority_cache)->compression,
- comp_priority);
- }
- else
- {
- if ((algo =
- gnutls_compression_get_id (&broken_list[i][6])) !=
- GNUTLS_COMP_UNKNOWN)
- fn (&(*priority_cache)->compression, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
- {
- _set_priority (&(*priority_cache)->cert_type,
- cert_type_priority);
- }
- else
- {
- if ((algo =
- gnutls_certificate_type_get_id (&broken_list[i][7])) !=
- GNUTLS_CRT_UNKNOWN)
- fn (&(*priority_cache)->cert_type, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0)
- {
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_default);
- }
- else
- {
- if ((algo =
- gnutls_sign_get_id (&broken_list[i][6])) !=
- GNUTLS_SIGN_UNKNOWN)
- fn (&(*priority_cache)->sign_algo, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else
- goto error;
- }
+ || broken_list[i][0] == '-')
+ {
+ if (broken_list[i][0] == '+')
+ fn = prio_add;
+ else
+ fn = prio_remove;
+
+ if ((algo =
+ gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN)
+ fn (&(*priority_cache)->mac, algo);
+ else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) !=
+ GNUTLS_CIPHER_UNKNOWN)
+ fn (&(*priority_cache)->cipher, algo);
+ else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) !=
+ GNUTLS_KX_UNKNOWN)
+ fn (&(*priority_cache)->kx, algo);
+ else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
+ {
+ _set_priority (&(*priority_cache)->protocol,
+ protocol_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_protocol_get_id (&broken_list[i][6])) !=
+ GNUTLS_VERSION_UNKNOWN)
+ fn (&(*priority_cache)->protocol, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0)
+ {
+ _set_priority (&(*priority_cache)->compression,
+ comp_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_compression_get_id (&broken_list[i][6])) !=
+ GNUTLS_COMP_UNKNOWN)
+ fn (&(*priority_cache)->compression, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
+ {
+ _set_priority (&(*priority_cache)->cert_type,
+ cert_type_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_certificate_type_get_id (&broken_list[i][7])) !=
+ GNUTLS_CRT_UNKNOWN)
+ fn (&(*priority_cache)->cert_type, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0)
+ {
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_sign_get_id (&broken_list[i][6])) !=
+ GNUTLS_SIGN_UNKNOWN)
+ fn (&(*priority_cache)->sign_algo, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else
+ goto error;
+ }
else if (broken_list[i][0] == '%')
- {
- if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
- {
- (*priority_cache)->no_padding = 1;
- (*priority_cache)->allow_large_records = 1;
- }
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
- {
- prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
- }
- else if (strcasecmp (&broken_list[i][1],
- "SSL3_RECORD_VERSION") == 0)
- (*priority_cache)->no_ssl3_record_version = 0;
- else if (strcasecmp (&broken_list[i][1],
- "LATEST_RECORD_VERSION") == 0)
- (*priority_cache)->no_ssl3_record_version = 1;
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
- else if (strcasecmp (&broken_list[i][1],
- "UNSAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_UNSAFE;
- }
- else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_SAFE;
- }
- else if (strcasecmp (&broken_list[i][1],
- "PARTIAL_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_PARTIAL;
- }
- else if (strcasecmp (&broken_list[i][1],
- "DISABLE_SAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_DISABLED;
- }
- else
- goto error;
- }
+ {
+ if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
+ {
+ (*priority_cache)->no_padding = 1;
+ (*priority_cache)->allow_large_records = 1;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
+ {
+ prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
+ (*priority_cache)->additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "SSL3_RECORD_VERSION") == 0)
+ (*priority_cache)->no_ssl3_record_version = 0;
+ else if (strcasecmp (&broken_list[i][1],
+ "LATEST_RECORD_VERSION") == 0)
+ (*priority_cache)->no_ssl3_record_version = 1;
+ else if (strcasecmp (&broken_list[i][1],
+ "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
+ (*priority_cache)->additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
+ else if (strcasecmp (&broken_list[i][1],
+ "UNSAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_UNSAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_SAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "PARTIAL_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_PARTIAL;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "DISABLE_SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_DISABLED;
+ }
+ else
+ goto error;
+ }
else
- goto error;
+ goto error;
}
gnutls_free (darg);
{
*err_pos = priorities;
for (j = 0; j < i; j++)
- {
- (*err_pos) += strlen (broken_list[j]) + 1;
- }
+ {
+ (*err_pos) += strlen (broken_list[j]) + 1;
+ }
}
gnutls_free (darg);
gnutls_free (*priority_cache);
**/
int
gnutls_priority_set_direct (gnutls_session_t session,
- const char *priorities, const char **err_pos)
+ const char *priorities, const char **err_pos)
{
gnutls_priority_t prio;
int ret;
*/
static void
break_comma_list (char *etag,
- char **broken_etag, int *elements, int max_elements,
- char sep)
+ char **broken_etag, int *elements, int max_elements,
+ char sep)
{
char *p = etag;
if (sep == 0)
p = strchr (p, sep);
if (p)
- {
- *p = 0;
- p++; /* move to next entry and skip white
- * space.
- */
- while (*p == ' ')
- p++;
- }
+ {
+ *p = 0;
+ p++; /* move to next entry and skip white
+ * space.
+ */
+ while (*p == ' ')
+ p++;
+ }
}
while (p != NULL && *elements < max_elements);
}
return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits);
case GNUTLS_PRIVKEY_X509:
if (bits)
- *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]);
+ *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]);
return gnutls_x509_privkey_get_pk_algorithm (key->key.x509);
default:
gnutls_assert ();
static int
privkey_to_pubkey (gnutls_pk_algorithm_t pk,
- const bigint_t * params, int params_size,
- bigint_t * new_params, int *new_params_size)
+ const bigint_t * params, int params_size,
+ bigint_t * new_params, int *new_params_size)
{
int ret, i;
{
case GNUTLS_PK_RSA:
if (*new_params_size < RSA_PUBLIC_PARAMS
- || params_size < RSA_PRIVATE_PARAMS)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ || params_size < RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
new_params[0] = _gnutls_mpi_copy (params[0]);
new_params[1] = _gnutls_mpi_copy (params[1]);
*new_params_size = RSA_PUBLIC_PARAMS;
if (new_params[0] == NULL || new_params[1] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
break;
case GNUTLS_PK_DSA:
if (*new_params_size < DSA_PUBLIC_PARAMS
- || params_size < DSA_PRIVATE_PARAMS)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ || params_size < DSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
new_params[0] = _gnutls_mpi_copy (params[0]);
new_params[1] = _gnutls_mpi_copy (params[1]);
*new_params_size = DSA_PUBLIC_PARAMS;
if (new_params[0] == NULL || new_params[1] == NULL ||
- new_params[2] == NULL || new_params[3] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ new_params[2] == NULL || new_params[3] == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
break;
default:
*/
int
_gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
- bigint_t * params, int *params_size)
+ bigint_t * params, int *params_size)
{
int ret;
gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm (key, NULL);
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
{
- bigint_t tmp_params[MAX_PRIV_PARAMS_SIZE];
- int tmp_params_size = MAX_PRIV_PARAMS_SIZE;
- uint32_t kid[2], i;
- gnutls_openpgp_keyid_t keyid;
-
- ret =
- gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp,
- keyid);
- if (ret == 0)
- {
- KEYID_IMPORT (kid, keyid);
- ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid,
- tmp_params,
- &tmp_params_size);
- }
- else
- ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL,
- tmp_params,
- &tmp_params_size);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = privkey_to_pubkey (pk,
- tmp_params, tmp_params_size,
- params, params_size);
-
- for (i = 0; i < tmp_params_size; i++)
- _gnutls_mpi_release (&tmp_params[i]);
+ bigint_t tmp_params[MAX_PRIV_PARAMS_SIZE];
+ int tmp_params_size = MAX_PRIV_PARAMS_SIZE;
+ uint32_t kid[2], i;
+ gnutls_openpgp_keyid_t keyid;
+
+ ret =
+ gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp,
+ keyid);
+ if (ret == 0)
+ {
+ KEYID_IMPORT (kid, keyid);
+ ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid,
+ tmp_params,
+ &tmp_params_size);
+ }
+ else
+ ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL,
+ tmp_params,
+ &tmp_params_size);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = privkey_to_pubkey (pk,
+ tmp_params, tmp_params_size,
+ params, params_size);
+
+ for (i = 0; i < tmp_params_size; i++)
+ _gnutls_mpi_release (&tmp_params[i]);
}
#endif
case GNUTLS_PRIVKEY_X509:
ret = privkey_to_pubkey (pk,
- key->key.x509->params,
- key->key.x509->params_size, params,
- params_size);
+ key->key.x509->params,
+ key->key.x509->params_size, params,
+ params_size);
break;
default:
gnutls_assert ();
{
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_deinit (key->key.openpgp);
+ return gnutls_openpgp_privkey_deinit (key->key.openpgp);
#endif
case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
+ return gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
case GNUTLS_PRIVKEY_X509:
- return gnutls_x509_privkey_deinit (key->key.x509);
+ return gnutls_x509_privkey_deinit (key->key.x509);
}
gnutls_free (key);
}
**/
int
gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t key, unsigned int flags)
+ gnutls_pkcs11_privkey_t key, unsigned int flags)
{
pkey->key.pkcs11 = key;
pkey->type = GNUTLS_PRIVKEY_PKCS11;
**/
int
gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
- gnutls_x509_privkey_t key, unsigned int flags)
+ gnutls_x509_privkey_t key, unsigned int flags)
{
pkey->key.x509 = key;
pkey->type = GNUTLS_PRIVKEY_X509;
**/
int
gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t key,
- unsigned int flags)
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags)
{
pkey->key.openpgp = key;
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
**/
int
gnutls_privkey_sign_data (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
**/
int
gnutls_privkey_sign_hash2 (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
-*/
int
_gnutls_privkey_sign_hash (gnutls_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
switch (key->type)
{
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
return _gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
- hash, signature);
+ hash, signature);
#endif
case GNUTLS_PRIVKEY_PKCS11:
return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
- hash, signature);
+ hash, signature);
case GNUTLS_PRIVKEY_X509:
return _gnutls_soft_sign (key->key.x509->pk_algorithm,
- key->key.x509->params,
- key->key.x509->params_size, hash, signature);
+ key->key.x509->params,
+ key->key.x509->params_size, hash, signature);
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
**/
int
gnutls_privkey_decrypt_data (gnutls_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
if (key->pk_algorithm != GNUTLS_PK_RSA)
{
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
return gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags,
- ciphertext, plaintext);
+ ciphertext, plaintext);
#endif
case GNUTLS_PRIVKEY_X509:
return _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext,
- key->key.x509->params,
- key->key.x509->params_size, 2);
+ key->key.x509->params,
+ key->key.x509->params_size, 2);
case GNUTLS_PRIVKEY_PKCS11:
return gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11,
- flags,
- ciphertext, plaintext);
+ flags,
+ ciphertext, plaintext);
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
**/
int
gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
- const char *username,
- const gnutls_datum_t * key,
- gnutls_psk_key_flags flags)
+ const char *username,
+ const gnutls_datum_t * key,
+ gnutls_psk_key_flags flags)
{
int ret;
if (flags == GNUTLS_PSK_KEY_RAW)
{
if (_gnutls_set_datum (&res->key, key->data, key->size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
}
else
- { /* HEX key */
+ { /* HEX key */
size_t size;
size = res->key.size = key->size / 2;
res->key.data = gnutls_malloc (size);
if (res->key.data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
ret = gnutls_hex_decode (key, (char *) res->key.data, &size);
res->key.size = (unsigned int) size;
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
**/
int
gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
- res, const char *password_file)
+ res, const char *password_file)
{
if (password_file == NULL)
**/
int
gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res,
- const char *hint)
+ const char *hint)
{
res->hint = gnutls_strdup (hint);
if (res->hint == NULL)
**/
void
gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
- cred,
- gnutls_psk_server_credentials_function
- * func)
+ cred,
+ gnutls_psk_server_credentials_function
+ * func)
{
cred->pwd_callback = func;
}
**/
void
gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
- cred,
- gnutls_psk_client_credentials_function
- * func)
+ cred,
+ gnutls_psk_client_credentials_function
+ * func)
{
cred->get_function = func;
}
**/
int
gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
- size_t * result_size)
+ size_t * result_size)
{
int ret;
ret =
_gnutls_hex2bin (hex_data->data, hex_data->size, (opaque *) result,
- result_size);
+ result_size);
if (ret < 0)
return ret;
**/
int
gnutls_hex_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size)
+ size_t * result_size)
{
size_t res = data->size + data->size + 1;
**/
void
gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
- gnutls_dh_params_t dh_params)
+ gnutls_dh_params_t dh_params)
{
res->dh_params = dh_params;
}
**/
void
gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res,
- gnutls_params_function * func)
+ gnutls_params_function * func)
{
res->params_func = func;
}
**/
int
gnutls_psk_netconf_derive_key (const char *password,
- const char *psk_identity,
- const char *psk_identity_hint,
- gnutls_datum_t * output_key)
+ const char *psk_identity,
+ const char *psk_identity_hint,
+ gnutls_datum_t * output_key)
{
const char netconf_key_pad[] = "Key Pad for Netconf";
size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1);
struct gnutls_pubkey_st
{
gnutls_pk_algorithm_t pk_algorithm;
- unsigned int bits; /* an indication of the security parameter */
+ unsigned int bits; /* an indication of the security parameter */
/* the size of params depends on the public
* key algorithm
* [3] is public key
*/
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size; /* holds the size of MPI params */
+ int params_size; /* holds the size of MPI params */
- unsigned int key_usage; /* bits from GNUTLS_KEY_* */
+ unsigned int key_usage; /* bits from GNUTLS_KEY_* */
};
/**
**/
int
gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
- unsigned int flags)
+ unsigned int flags)
{
int ret;
case GNUTLS_PK_RSA:
ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
case GNUTLS_PK_DSA:
ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
default:
**/
int
gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
- unsigned int usage, unsigned int flags)
+ unsigned int usage, unsigned int flags)
{
key->pk_algorithm = gnutls_privkey_get_pk_algorithm (pkey, &key->bits);
key->params_size = sizeof (key->params) / sizeof (key->params[0]);
return _gnutls_privkey_get_public_mpis (pkey, key->params,
- &key->params_size);
+ &key->params_size);
}
/**
**/
int
gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
int ret;
}
ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm,
- key->params, key->params_size,
- hash, mand);
+ key->params, key->params_size,
+ hash, mand);
return ret;
}
**/
int
gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
- gnutls_pkcs11_obj_t obj, unsigned int flags)
+ gnutls_pkcs11_obj_t obj, unsigned int flags)
{
int ret;
{
case GNUTLS_PK_RSA:
ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0],
- &obj->pubkey[1]);
+ &obj->pubkey[1]);
break;
case GNUTLS_PK_DSA:
ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0],
- &obj->pubkey[1],
- &obj->pubkey[2], &obj->pubkey[3]);
+ &obj->pubkey[1],
+ &obj->pubkey[2], &obj->pubkey[3]);
break;
default:
gnutls_assert ();
**/
int
gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
int ret;
uint32_t kid32[2];
{
case GNUTLS_PK_RSA:
ret =
- _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
- &key->params_size);
+ _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ &key->params_size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
case GNUTLS_PK_DSA:
ret =
- _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
- &key->params_size);
+ _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ &key->params_size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
default:
gnutls_assert ();
**/
int
gnutls_pubkey_export (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
result =
_gnutls_x509_encode_and_copy_PKI_params (spk, "",
- key->pk_algorithm,
- key->params, key->params_size);
+ key->pk_algorithm,
+ key->params, key->params_size);
if (result < 0)
{
gnutls_assert ();
}
result = _gnutls_x509_export_int_named (spk, "",
- format, PK_PEM_HEADER,
- output_data, output_data_size);
+ format, PK_PEM_HEADER,
+ output_data, output_data_size);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+ unsigned char *output_data,
+ size_t * output_data_size)
{
int ret = 0;
ret =
_gnutls_get_key_id (key->pk_algorithm, key->params,
- key->params_size, output_data, output_data_size);
+ key->params_size, output_data, output_data_size);
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e)
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
int ret;
**/
int
gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
int ret;
**/
int
gnutls_pubkey_import (gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
/* Try the first header */
result =
- _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out);
+ _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out);
if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
_data.data = out;
_data.size = result;
}
result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- key->pk_algorithm,
- key->params,
- key->params_size);
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
if (result < 0)
{
int
gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+ unsigned int flags)
{
gnutls_pkcs11_obj_t pcrt;
int ret;
**/
int
gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e)
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
{
size_t siz = 0;
**/
int
gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y)
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y)
{
size_t siz = 0;
**/
int
gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
int ret;
ret =
pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm,
- key->params, key->params_size);
+ key->params, key->params_size);
return ret;
}
**/
int
gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
if (key == NULL)
{
}
return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *)
- hash, signature,
- key->pk_algorithm,
- key->params, key->params_size);
+ hash, signature,
+ key->pk_algorithm,
+ key->params, key->params_size);
}
void
_gnutls_set_current_version (gnutls_session_t session,
- gnutls_protocol_t version)
+ gnutls_protocol_t version)
{
session->security_parameters.version = version;
}
**/
void
gnutls_transport_set_ptr (gnutls_session_t session,
- gnutls_transport_ptr_t ptr)
+ gnutls_transport_ptr_t ptr)
{
session->internals.transport_recv_ptr = ptr;
session->internals.transport_send_ptr = ptr;
**/
void
gnutls_transport_set_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t recv_ptr,
- gnutls_transport_ptr_t send_ptr)
+ gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr)
{
session->internals.transport_send_ptr = send_ptr;
session->internals.transport_recv_ptr = recv_ptr;
**/
void
gnutls_transport_get_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t * recv_ptr,
- gnutls_transport_ptr_t * send_ptr)
+ gnutls_transport_ptr_t * recv_ptr,
+ gnutls_transport_ptr_t * send_ptr)
{
*recv_ptr = session->internals.transport_recv_ptr;
ret = _gnutls_io_write_flush (session);
STATE = STATE60;
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
case STATE61:
ret =
- gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
+ gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
STATE = STATE61;
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
case STATE62:
STATE = STATE62;
if (how == GNUTLS_SHUT_RDWR)
- {
- do
- {
- _gnutls_io_clear_peeked_data (session);
- ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0);
- }
- while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
-
- if (ret >= 0)
- session->internals.may_not_read = 1;
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ do
+ {
+ _gnutls_io_clear_peeked_data (session);
+ ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0);
+ }
+ while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
+
+ if (ret >= 0)
+ session->internals.may_not_read = 1;
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
STATE = STATE62;
break;
*/
inline static void
copy_record_version (gnutls_session_t session,
- gnutls_handshake_description_t htype, opaque version[2])
+ gnutls_handshake_description_t htype, opaque version[2])
{
gnutls_protocol_t lver;
*/
ssize_t
_gnutls_send_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *_data,
- size_t sizeofdata, unsigned int mflags)
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *_data,
+ size_t sizeofdata, unsigned int mflags)
{
mbuffer_st *bufel;
size_t cipher_size;
return GNUTLS_E_INVALID_REQUEST;
}
- if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
+ if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
if (session_is_valid (session) || session->internals.may_not_write != 0)
{
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
}
headers[0] = type;
{
ret = _gnutls_io_write_flush (session);
if (ret > 0)
- cipher_size = ret;
+ cipher_size = ret;
else
- cipher_size = 0;
+ cipher_size = 0;
retval = session->internals.record_send_buffer_user_size;
}
cipher_size = data2send_size + MAX_RECORD_OVERHEAD;
bufel = _mbuffer_alloc (cipher_size, cipher_size);
if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
cipher_size =
- _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
- data2send_size, _mbuffer_get_udata_ptr (bufel),
- cipher_size, type,
- (session->internals.priorities.no_padding ==
- 0) ? 1 : 0, record_params);
+ _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
+ data2send_size, _mbuffer_get_udata_ptr (bufel),
+ cipher_size, type,
+ (session->internals.priorities.no_padding ==
+ 0) ? 1 : 0, record_params);
if (cipher_size <= 0)
- {
- gnutls_assert ();
- if (cipher_size == 0)
- cipher_size = GNUTLS_E_ENCRYPTION_FAILED;
- gnutls_free (bufel);
- return cipher_size; /* error */
- }
+ {
+ gnutls_assert ();
+ if (cipher_size == 0)
+ cipher_size = GNUTLS_E_ENCRYPTION_FAILED;
+ gnutls_free (bufel);
+ return cipher_size; /* error */
+ }
retval = data2send_size;
session->internals.record_send_buffer_user_size = data2send_size;
/* increase sequence number
*/
if (_gnutls_uint64pp (&record_state->sequence_number) != 0)
- {
- session_invalidate (session);
- gnutls_assert ();
- gnutls_free (bufel);
- return GNUTLS_E_RECORD_LIMIT_REACHED;
- }
+ {
+ session_invalidate (session);
+ gnutls_assert ();
+ gnutls_free (bufel);
+ return GNUTLS_E_RECORD_LIMIT_REACHED;
+ }
_mbuffer_set_udata_size (bufel, cipher_size);
ret = _gnutls_io_write_buffered (session, bufel, mflags);
if (ret != cipher_size)
{
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- /* If we have sent any data then just return
- * the error value. Do not invalidate the session.
- */
- gnutls_assert ();
- return ret;
- }
+ {
+ /* If we have sent any data then just return
+ * the error value. Do not invalidate the session.
+ */
+ gnutls_assert ();
+ return ret;
+ }
if (ret > 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
session_unresumable (session);
session->internals.may_not_write = 1;
gnutls_assert ();
session->internals.record_send_buffer_user_size = 0;
_gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) with length: %d\n",
- session,
- (int)
- _gnutls_uint64touint32
- (&record_state->sequence_number),
- _gnutls_packet2str (type), type, (int) cipher_size);
+ session,
+ (int)
+ _gnutls_uint64touint32
+ (&record_state->sequence_number),
+ _gnutls_packet2str (type), type, (int) cipher_size);
return retval;
}
if (again == 0)
return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
- EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH);
+ EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH);
else
{
return _gnutls_io_write_flush (session);
*/
static int
check_buffers (gnutls_session_t session, content_type_t type,
- opaque * data, int sizeofdata)
+ opaque * data, int sizeofdata)
{
if ((type == GNUTLS_APPLICATION_DATA ||
type == GNUTLS_HANDSHAKE ||
int ret, ret2;
ret = _gnutls_record_buffer_get (type, session, data, sizeofdata);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* if the buffer just got empty */
if (_gnutls_record_buffer_get_size (type, session) == 0)
- {
- if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
- {
- gnutls_assert ();
- return ret2;
- }
- }
+ {
+ if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret2;
+ }
+ }
return ret;
}
*/
static int
record_check_headers (gnutls_session_t session,
- uint8_t headers[RECORD_HEADER_SIZE],
- content_type_t type,
- gnutls_handshake_description_t htype,
- /*output */ content_type_t * recv_type,
- opaque version[2], uint16_t * length,
- uint16_t * header_size)
+ uint8_t headers[RECORD_HEADER_SIZE],
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ /*output */ content_type_t * recv_type,
+ opaque version[2], uint16_t * length,
+ uint16_t * header_size)
{
/* Read the first two bytes to determine if this is a
/* if msb set and expecting handshake message
* it should be SSL 2 hello
*/
- version[0] = 3; /* assume SSL 3.0 */
+ version[0] = 3; /* assume SSL 3.0 */
version[1] = 0;
*length = (((headers[0] & 0x7f) << 8)) | headers[1];
/* SSL 2.0 headers */
*header_size = 2;
- *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
- */
+ *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
+ */
/* in order to assist the handshake protocol.
* V2 compatibility is a mess.
session->internals.v2_hello = *length;
_gnutls_record_log ("REC[%p]: V2 packet received. Length: %d\n",
- session, *length);
+ session, *length);
}
else
*/
inline static int
record_check_version (gnutls_session_t session,
- gnutls_handshake_description_t htype, opaque version[2])
+ gnutls_handshake_description_t htype, opaque version[2])
{
if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
{
/* Reject hello packets with major version higher than 3.
*/
if (version[0] > 3)
- {
- gnutls_assert ();
- _gnutls_record_log
- ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session,
- htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
+ {
+ gnutls_assert ();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session,
+ htype, version[0], version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
}
else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO &&
- gnutls_protocol_get_version (session) !=
- _gnutls_version_get (version[0], version[1]))
+ gnutls_protocol_get_version (session) !=
+ _gnutls_version_get (version[0], version[1]))
{
/* Reject record packets that have a different version than the
* one negotiated. Note that this version is not protected by any
*/
gnutls_assert ();
_gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
- session, htype, version[0], version[1]);
+ session, htype, version[0], version[1]);
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
}
*/
static int
record_check_type (gnutls_session_t session,
- content_type_t recv_type, content_type_t type,
- gnutls_handshake_description_t htype, opaque * data,
- int data_size)
+ content_type_t recv_type, content_type_t type,
+ gnutls_handshake_description_t htype, opaque * data,
+ int data_size)
{
int ret;
if ((recv_type == type)
&& (type == GNUTLS_APPLICATION_DATA ||
- type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION))
+ type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION))
{
_gnutls_record_buffer_put (type, session, (void *) data, data_size);
}
else
{
switch (recv_type)
- {
- case GNUTLS_ALERT:
-
- _gnutls_record_log
- ("REC[%p]: Alert[%d|%d] - %s - was received\n", session,
- data[0], data[1], gnutls_alert_get_name ((int) data[1]));
-
- session->internals.last_alert = data[1];
-
- /* if close notify is received and
- * the alert is not fatal
- */
- if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
- {
- /* If we have been expecting for an alert do
- */
- session->internals.read_eof = 1;
- return GNUTLS_E_INT_RET_0; /* EOF */
- }
- else
- {
-
- /* if the alert is FATAL or WARNING
- * return the apropriate message
- */
-
- gnutls_assert ();
- ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
- if (data[0] == GNUTLS_AL_FATAL)
- {
- session_unresumable (session);
- session_invalidate (session);
- ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
- }
-
- return ret;
- }
- break;
-
- case GNUTLS_CHANGE_CIPHER_SPEC:
- /* this packet is now handled in the recv_int()
- * function
- */
- gnutls_assert ();
-
- return GNUTLS_E_UNEXPECTED_PACKET;
-
- case GNUTLS_APPLICATION_DATA:
- /* even if data is unexpected put it into the buffer */
- if ((ret =
- _gnutls_record_buffer_put (recv_type, session,
- (void *) data, data_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* the got_application data is only returned
- * if expecting client hello (for rehandshake
- * reasons). Otherwise it is an unexpected packet
- */
- if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
- && type == GNUTLS_HANDSHAKE))
- return GNUTLS_E_GOT_APPLICATION_DATA;
- else
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
-
- break;
- case GNUTLS_HANDSHAKE:
- /* This is legal if HELLO_REQUEST is received - and we are a client.
- * If we are a server, a client may initiate a renegotiation at any time.
- */
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- ret =
- _gnutls_record_buffer_put (recv_type, session, (void *) data,
- data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return GNUTLS_E_REHANDSHAKE;
- }
-
- /* If we are already in a handshake then a Hello
- * Request is illegal. But here we don't really care
- * since this message will never make it up here.
- */
-
- /* So we accept it */
- return _gnutls_recv_hello_request (session, data, data_size);
-
- break;
- case GNUTLS_INNER_APPLICATION:
- /* even if data is unexpected put it into the buffer */
- if ((ret = _gnutls_record_buffer_put (recv_type, session,
- (void *) data,
- data_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- break;
- default:
-
- _gnutls_record_log
- ("REC[%p]: Received Unknown packet %d expecting %d\n",
- session, recv_type, type);
-
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ case GNUTLS_ALERT:
+
+ _gnutls_record_log
+ ("REC[%p]: Alert[%d|%d] - %s - was received\n", session,
+ data[0], data[1], gnutls_alert_get_name ((int) data[1]));
+
+ session->internals.last_alert = data[1];
+
+ /* if close notify is received and
+ * the alert is not fatal
+ */
+ if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
+ {
+ /* If we have been expecting for an alert do
+ */
+ session->internals.read_eof = 1;
+ return GNUTLS_E_INT_RET_0; /* EOF */
+ }
+ else
+ {
+
+ /* if the alert is FATAL or WARNING
+ * return the apropriate message
+ */
+
+ gnutls_assert ();
+ ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
+ if (data[0] == GNUTLS_AL_FATAL)
+ {
+ session_unresumable (session);
+ session_invalidate (session);
+ ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
+ }
+
+ return ret;
+ }
+ break;
+
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ /* this packet is now handled in the recv_int()
+ * function
+ */
+ gnutls_assert ();
+
+ return GNUTLS_E_UNEXPECTED_PACKET;
+
+ case GNUTLS_APPLICATION_DATA:
+ /* even if data is unexpected put it into the buffer */
+ if ((ret =
+ _gnutls_record_buffer_put (recv_type, session,
+ (void *) data, data_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* the got_application data is only returned
+ * if expecting client hello (for rehandshake
+ * reasons). Otherwise it is an unexpected packet
+ */
+ if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && type == GNUTLS_HANDSHAKE))
+ return GNUTLS_E_GOT_APPLICATION_DATA;
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ break;
+ case GNUTLS_HANDSHAKE:
+ /* This is legal if HELLO_REQUEST is received - and we are a client.
+ * If we are a server, a client may initiate a renegotiation at any time.
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ gnutls_assert ();
+ ret =
+ _gnutls_record_buffer_put (recv_type, session, (void *) data,
+ data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return GNUTLS_E_REHANDSHAKE;
+ }
+
+ /* If we are already in a handshake then a Hello
+ * Request is illegal. But here we don't really care
+ * since this message will never make it up here.
+ */
+
+ /* So we accept it */
+ return _gnutls_recv_hello_request (session, data, data_size);
+
+ break;
+ case GNUTLS_INNER_APPLICATION:
+ /* even if data is unexpected put it into the buffer */
+ if ((ret = _gnutls_record_buffer_put (recv_type, session,
+ (void *) data,
+ data_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ break;
+ default:
+
+ _gnutls_record_log
+ ("REC[%p]: Received Unknown packet %d expecting %d\n",
+ session, recv_type, type);
+
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
return 0;
/* Initialize the internal buffer.
*/
session->internals.recv_buffer.data =
- gnutls_realloc (session->internals.recv_buffer.data, max_record_size);
+ gnutls_realloc (session->internals.recv_buffer.data, max_record_size);
if (session->internals.recv_buffer.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
session->internals.recv_buffer.size = max_record_size;
}
*/
ssize_t
_gnutls_recv_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- opaque * data, size_t sizeofdata)
+ gnutls_handshake_description_t htype,
+ opaque * data, size_t sizeofdata)
{
int decrypted_length;
opaque version[2];
return 0;
}
else if (session_is_valid (session) != 0
- || session->internals.may_not_read != 0)
+ || session->internals.may_not_read != 0)
{
gnutls_assert ();
return GNUTLS_E_INVALID_SESSION;
_gnutls_io_read_buffered (session, header_size, -1)) != header_size)
{
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- return ret;
+ return ret;
session_invalidate (session);
if (type == GNUTLS_ALERT)
- {
- gnutls_assert ();
- return 0; /* we were expecting close notify */
- }
+ {
+ gnutls_assert ();
+ return 0; /* we were expecting close notify */
+ }
session_unresumable (session);
gnutls_assert ();
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
if ((ret =
record_check_headers (session, data_enc.data, type, htype, &recv_type,
- version, &length, &header_size)) < 0)
+ version, &length, &header_size)) < 0)
{
gnutls_assert ();
return ret;
(int) _gnutls_uint64touint32 (&record_state->sequence_number),
_gnutls_packet2str (type), type, (int) sizeofdata);
_gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n",
- session,
- (int)
- _gnutls_uint64touint32 (&record_state->sequence_number),
- _gnutls_packet2str (recv_type), recv_type, length);
+ session,
+ (int)
+ _gnutls_uint64touint32 (&record_state->sequence_number),
+ _gnutls_packet2str (recv_type), recv_type, length);
if (length > MAX_RECV_SIZE)
{
_gnutls_record_log
- ("REC[%p]: FATAL ERROR: Received packet with length: %d\n",
- session, length);
+ ("REC[%p]: FATAL ERROR: Received packet with length: %d\n",
+ session, length);
session_unresumable (session);
session_invalidate (session);
*/
if ((ret =
_gnutls_io_read_buffered (session, header_size + length,
- recv_type)) != header_size + length)
+ recv_type)) != header_size + length)
{
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- return ret;
+ return ret;
session_unresumable (session);
session_invalidate (session);
*/
ret =
_gnutls_decrypt (session, ciphertext, length, tmp.data, tmp.size,
- recv_type, record_params);
+ recv_type, record_params);
if (ret < 0)
{
session_unresumable (session);
return ret;
}
_mbuffer_remove_bytes (&session->internals.record_recv_buffer,
- header_size + length);
+ header_size + length);
decrypted_length = ret;
/* Check if this is a CHANGE_CIPHER_SPEC
{
_gnutls_record_log
- ("REC[%p]: ChangeCipherSpec Packet was received\n", session);
+ ("REC[%p]: ChangeCipherSpec Packet was received\n", session);
if ((size_t) ret != sizeofdata)
- { /* sizeofdata should be 1 */
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ { /* sizeofdata should be 1 */
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
memcpy (data, tmp.data, sizeofdata);
return ret;
ret =
record_check_type (session, recv_type, type, htype, tmp.data,
- decrypted_length);
+ decrypted_length);
if (ret < 0)
{
if (ret == GNUTLS_E_INT_RET_0)
- return 0;
+ return 0;
gnutls_assert ();
return ret;
}
ret = _gnutls_record_buffer_get (type, session, data, sizeofdata);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* if the buffer just got empty
*/
if (_gnutls_record_buffer_get_size (type, session) == 0)
- {
- if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
- {
- gnutls_assert ();
- return ret2;
- }
- }
+ {
+ if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret2;
+ }
+ }
}
else
{
**/
ssize_t
gnutls_record_send (gnutls_session_t session, const void *data,
- size_t sizeofdata)
+ size_t sizeofdata)
{
return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1,
- EPOCH_WRITE_CURRENT, data, sizeofdata,
- MBUFFER_FLUSH);
+ EPOCH_WRITE_CURRENT, data, sizeofdata,
+ MBUFFER_FLUSH);
}
/**
gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata)
{
return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data,
- sizeofdata);
+ sizeofdata);
}
#include <gnutls_buffers.h>
ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *data,
- size_t sizeofdata, unsigned int mflags);
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *data,
+ size_t sizeofdata, unsigned int mflags);
ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t, opaque * data,
- size_t sizeofdata);
+ gnutls_handshake_description_t, opaque * data,
+ size_t sizeofdata);
ssize_t _gnutls_send_change_cipher_spec (gnutls_session_t session, int again);
#endif
**/
int
gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u)
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
{
return gnutls_x509_privkey_import_rsa_raw (rsa_params, m, e, d, p, q, u);
}
**/
int
gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
- const gnutls_datum_t * pkcs1_params,
- gnutls_x509_crt_fmt_t format)
+ const gnutls_datum_t * pkcs1_params,
+ gnutls_x509_crt_fmt_t format)
{
return gnutls_x509_privkey_import (params, pkcs1_params, format);
}
**/
int
gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size)
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
return gnutls_x509_privkey_export (params, format,
- params_data, params_data_size);
+ params_data, params_data_size);
}
/**
**/
int
gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- unsigned int *bits)
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ unsigned int *bits)
{
int ret;
**/
int
gnutls_session_get_data (gnutls_session_t session,
- void *session_data, size_t * session_data_size)
+ void *session_data, size_t * session_data_size)
{
gnutls_datum_t psession;
**/
int
gnutls_session_get_id (gnutls_session_t session,
- void *session_id, size_t * session_id_size)
+ void *session_id, size_t * session_id_size)
{
size_t given_session_id_size = *session_id_size;
}
memcpy (session_id, &session->security_parameters.session_id,
- *session_id_size);
+ *session_id_size);
return 0;
}
**/
int
gnutls_session_set_data (gnutls_session_t session,
- const void *session_data, size_t session_data_size)
+ const void *session_data, size_t session_data_size)
{
int ret;
gnutls_datum_t psession;
#include <gnutls_constate.h>
static int pack_certificate_auth_info (gnutls_session_t,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int unpack_certificate_auth_info (gnutls_session_t,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int unpack_srp_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int pack_srp_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int unpack_psk_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int pack_psk_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int unpack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int pack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int unpack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
static int pack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+ gnutls_buffer_st * packed_session);
/* Since auth_info structures contain malloced data, this function
*/
int
_gnutls_session_pack (gnutls_session_t session,
- gnutls_datum_t * packed_session)
+ gnutls_datum_t * packed_session)
{
int ret;
gnutls_buffer_st sb;
case GNUTLS_CRD_SRP:
ret = pack_srp_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
#endif
#ifdef ENABLE_PSK
case GNUTLS_CRD_PSK:
ret = pack_psk_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
#endif
#ifdef ENABLE_ANON
case GNUTLS_CRD_ANON:
ret = pack_anon_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
#endif
case GNUTLS_CRD_CERTIFICATE:
ret = pack_certificate_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
default:
return GNUTLS_E_INTERNAL_ERROR;
*/
int
_gnutls_session_unpack (gnutls_session_t session,
- const gnutls_datum_t * packed_session)
+ const gnutls_datum_t * packed_session)
{
int ret;
gnutls_buffer_st sb;
ret =
_gnutls_buffer_append_data (&sb, packed_session->data,
- packed_session->size);
+ packed_session->size);
if (ret < 0)
{
gnutls_assert ();
case GNUTLS_CRD_SRP:
ret = unpack_srp_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
break;
#endif
#ifdef ENABLE_PSK
case GNUTLS_CRD_PSK:
ret = unpack_psk_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
break;
#endif
#ifdef ENABLE_ANON
case GNUTLS_CRD_ANON:
ret = unpack_anon_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
#endif
case GNUTLS_CRD_CERTIFICATE:
ret = unpack_certificate_auth_info (session, &sb);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
break;
default:
gnutls_assert ();
BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
BUFFER_APPEND_PFX (ps, info->dh.generator.data,
- info->dh.generator.size);
+ info->dh.generator.size);
BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
- info->dh.public_key.size);
+ info->dh.public_key.size);
BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data,
- info->rsa_export.modulus.size);
+ info->rsa_export.modulus.size);
BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data,
- info->rsa_export.exponent.size);
+ info->rsa_export.exponent.size);
BUFFER_APPEND_NUM (ps, info->ncerts);
for (i = 0; i < info->ncerts; i++)
- BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data,
- info->raw_certificate_list[i].size);
+ BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data,
+ info->raw_certificate_list[i].size);
}
/* write the real size */
BUFFER_POP_NUM (ps, pack_size);
if (pack_size == 0)
- return 0; /* nothing to be done */
+ return 0; /* nothing to be done */
/* client and server have the same auth_info here
*/
ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1);
+ sizeof (cert_auth_info_st), 1);
if (ret < 0)
{
gnutls_assert ();
if (info->ncerts > 0)
{
info->raw_certificate_list =
- gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
+ gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
if (info->raw_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
}
for (i = 0; i < info->ncerts; i++)
_gnutls_free_datum (&info->rsa_export.exponent);
for (j = 0; j < i; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
+ _gnutls_free_datum (&info->raw_certificate_list[j]);
gnutls_free (info->raw_certificate_list);
}
size_t cur_size;
if (info && info->username)
- len = strlen (info->username) + 1; /* include the terminating null */
+ len = strlen (info->username) + 1; /* include the terminating null */
else
len = 0;
ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
- sizeof (srp_server_auth_info_st), 1);
+ sizeof (srp_server_auth_info_st), 1);
if (ret < 0)
{
gnutls_assert ();
BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
BUFFER_APPEND_PFX (ps, info->dh.generator.data,
- info->dh.generator.size);
+ info->dh.generator.size);
BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
- info->dh.public_key.size);
+ info->dh.public_key.size);
}
/* write the real size */
BUFFER_POP_NUM (ps, pack_size);
if (pack_size == 0)
- return 0; /* nothing to be done */
+ return 0; /* nothing to be done */
/* client and server have the same auth_info here
*/
ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1);
+ sizeof (anon_auth_info_st), 1);
if (ret < 0)
{
gnutls_assert ();
info = _gnutls_get_auth_info (session);
if (info && info->username)
- username_len = strlen (info->username) + 1; /* include the terminating null */
+ username_len = strlen (info->username) + 1; /* include the terminating null */
else
username_len = 0;
if (info && info->hint)
- hint_len = strlen (info->hint) + 1; /* include the terminating null */
+ hint_len = strlen (info->hint) + 1; /* include the terminating null */
else
hint_len = 0;
ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1);
+ sizeof (psk_auth_info_st), 1);
if (ret < 0)
{
gnutls_assert ();
BUFFER_APPEND (ps, &session->security_parameters.entity, 1);
BUFFER_APPEND (ps, &session->security_parameters.kx_algorithm, 1);
BUFFER_APPEND (ps,
- &session->security_parameters.current_cipher_suite.suite[0],
- 1);
+ &session->security_parameters.current_cipher_suite.suite[0],
+ 1);
BUFFER_APPEND (ps,
- &session->security_parameters.current_cipher_suite.suite[1],
- 1);
+ &session->security_parameters.current_cipher_suite.suite[1],
+ 1);
BUFFER_APPEND (ps, ¶ms->compression_algorithm, 1);
BUFFER_APPEND (ps, &session->security_parameters.cert_type, 1);
BUFFER_APPEND (ps, &session->security_parameters.version, 1);
BUFFER_APPEND (ps, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ GNUTLS_MASTER_SIZE);
BUFFER_APPEND (ps, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
BUFFER_APPEND (ps, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size);
BUFFER_APPEND (ps, session->security_parameters.session_id,
- session->security_parameters.session_id_size);
+ session->security_parameters.session_id_size);
BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
return GNUTLS_E_INVALID_REQUEST;
memset (&session->internals.resumed_security_parameters, 0,
- sizeof (session->internals.resumed_security_parameters));
+ sizeof (session->internals.resumed_security_parameters));
BUFFER_POP (ps, &session->internals.resumed_security_parameters.entity, 1);
BUFFER_POP (ps,
- &session->internals.resumed_security_parameters.kx_algorithm,
- 1);
+ &session->internals.resumed_security_parameters.kx_algorithm,
+ 1);
BUFFER_POP (ps,
- &session->internals.
- resumed_security_parameters.current_cipher_suite.suite[0], 1);
+ &session->internals.
+ resumed_security_parameters.current_cipher_suite.suite[0], 1);
BUFFER_POP (ps,
- &session->internals.resumed_security_parameters.
- current_cipher_suite.suite[1], 1);
+ &session->internals.resumed_security_parameters.
+ current_cipher_suite.suite[1], 1);
BUFFER_POP (ps, &session->internals.resumed_compression_method, 1);
BUFFER_POP (ps, &session->internals.resumed_security_parameters.cert_type,
- 1);
+ 1);
BUFFER_POP (ps, &session->internals.resumed_security_parameters.version, 1);
BUFFER_POP (ps,
- &session->internals.resumed_security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ &session->internals.resumed_security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
BUFFER_POP (ps,
- &session->internals.resumed_security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ &session->internals.resumed_security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
BUFFER_POP (ps,
- &session->internals.resumed_security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ &session->internals.resumed_security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
BUFFER_POP_NUM (ps,
- session->internals.
- resumed_security_parameters.session_id_size);
+ session->internals.
+ resumed_security_parameters.session_id_size);
BUFFER_POP (ps, &session->internals.resumed_security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id_size);
+ session->internals.resumed_security_parameters.session_id_size);
BUFFER_POP_NUM (ps,
- session->internals.
- resumed_security_parameters.max_record_send_size);
+ session->internals.
+ resumed_security_parameters.max_record_send_size);
BUFFER_POP_NUM (ps,
- session->internals.
- resumed_security_parameters.max_record_recv_size);
+ session->internals.
+ resumed_security_parameters.max_record_recv_size);
BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.timestamp);
+ session->internals.resumed_security_parameters.timestamp);
if (timestamp - session->internals.resumed_security_parameters.timestamp >
session->internals.expire_time
*/
int _gnutls_session_pack (gnutls_session_t session,
- gnutls_datum_t * packed_session);
+ gnutls_datum_t * packed_session);
int _gnutls_session_unpack (gnutls_session_t session,
- const gnutls_datum_t * packed_session);
+ const gnutls_datum_t * packed_session);
static int
_gnutls_tls_sign (gnutls_session_t session,
- gnutls_cert * cert, gnutls_privkey_t pkey,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature);
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature);
/* While this is currently equal to the length of RSA/SHA512
* signature, it should also be sufficient for DSS signature and any
*/
static int
_gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
ASN1_TYPE di;
const char *oid;
}
if ((result = asn1_write_value (di, "digestAlgorithm.algorithm",
- oid, strlen (oid))) != ASN1_SUCCESS)
+ oid, strlen (oid))) != ASN1_SUCCESS)
{
gnutls_assert ();
asn1_delete_structure (&di);
/* Use NULL parameters. */
if ((result = asn1_write_value (di, "digestAlgorithm.parameters",
- ASN1_NULL, ASN1_NULL_SIZE)) != ASN1_SUCCESS)
+ ASN1_NULL, ASN1_NULL_SIZE)) != ASN1_SUCCESS)
{
gnutls_assert ();
asn1_delete_structure (&di);
}
if ((result = asn1_write_value (di, "digest",
- hash->data, hash->size)) != ASN1_SUCCESS)
+ hash->data, hash->size)) != ASN1_SUCCESS)
{
gnutls_assert ();
asn1_delete_structure (&di);
*/
int
_gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert,
- gnutls_privkey_t pkey, gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t * sign_algo)
+ gnutls_privkey_t pkey, gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * sign_algo)
{
gnutls_datum_t dconcat;
int ret;
*sign_algo =
_gnutls_session_get_sign_algo (session, cert->subject_pk_algorithm,
- &hash_algo);
+ &hash_algo);
if (*sign_algo == GNUTLS_SIGN_UNKNOWN)
{
gnutls_assert ();
}
_gnutls_hash (&td_sha, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, params->data, params->size);
switch (cert->subject_pk_algorithm)
{
case GNUTLS_PK_RSA:
if (!_gnutls_version_has_selectable_prf (ver))
- {
- digest_hd_st td_md5;
-
- ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td_md5, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, params->data, params->size);
-
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
-
- dconcat.data = concat;
- dconcat.size = 36;
- }
+ {
+ digest_hd_st td_md5;
+
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&td_md5, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_md5, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_md5, params->data, params->size);
+
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ }
else
- { /* TLS 1.2 way */
- gnutls_datum_t hash;
+ { /* TLS 1.2 way */
+ gnutls_datum_t hash;
- _gnutls_hash_deinit (&td_sha, concat);
+ _gnutls_hash_deinit (&td_sha, concat);
- hash.data = concat;
- hash.size = _gnutls_hash_get_algo_len (hash_algo);
- dconcat.data = concat;
- dconcat.size = sizeof concat;
+ hash.data = concat;
+ hash.size = _gnutls_hash_get_algo_len (hash_algo);
+ dconcat.data = concat;
+ dconcat.size = sizeof concat;
- _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
- }
+ _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+ }
break;
case GNUTLS_PK_DSA:
_gnutls_hash_deinit (&td_sha, concat);
if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224)
- && (hash_algo != GNUTLS_DIG_SHA256))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ && (hash_algo != GNUTLS_DIG_SHA256))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
break;
*/
int
_gnutls_soft_sign (gnutls_pk_algorithm_t algo, bigint_t * params,
- int params_size, const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ int params_size, const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
case GNUTLS_PK_RSA:
/* encrypt */
if ((ret = _gnutls_pkcs1_rsa_encrypt (signature, data, params,
- params_size, 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ params_size, 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
case GNUTLS_PK_DSA:
/* sign */
if ((ret = _gnutls_dsa_sign (signature, data, params, params_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
default:
gnutls_assert ();
*/
static int
_gnutls_tls_sign (gnutls_session_t session,
- gnutls_cert * cert, gnutls_privkey_t pkey,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature)
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature)
{
/* If our certificate supports signing
if (cert != NULL)
{
if (cert->key_usage != 0)
- if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
+ if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
/* External signing. */
if (!pkey)
- {
- if (!session->internals.sign_func)
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ {
+ if (!session->internals.sign_func)
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- return (*session->internals.sign_func)
- (session, session->internals.sign_func_userdata,
- cert->cert_type, &cert->raw, hash_concat, signature);
- }
+ return (*session->internals.sign_func)
+ (session, session->internals.sign_func_userdata,
+ cert->cert_type, &cert->raw, hash_concat, signature);
+ }
}
return _gnutls_privkey_sign_hash (pkey, hash_concat, signature);
static int
_gnutls_verify_sig (gnutls_cert * cert,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature, size_t sha1pos,
- gnutls_pk_algorithm_t pk_algo)
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature, size_t sha1pos,
+ gnutls_pk_algorithm_t pk_algo)
{
int ret;
gnutls_datum_t vdata;
if (cert == NULL || cert->version == 0)
- { /* this is the only way to check
- * if it is initialized
- */
+ { /* this is the only way to check
+ * if it is initialized
+ */
gnutls_assert ();
return GNUTLS_E_CERTIFICATE_ERROR;
}
if (cert->key_usage != 0)
if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
{
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
}
if (pk_algo == GNUTLS_PK_UNKNOWN)
/* verify signature */
if ((ret = _gnutls_rsa_verify (&vdata, signature, cert->params,
- cert->params_size, 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ cert->params_size, 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
case GNUTLS_PK_DSA:
/* verify signature */
if ((ret = _gnutls_dsa_verify (&vdata, signature, cert->params,
- cert->params_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ cert->params_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
*/
int
_gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t algo)
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo)
{
gnutls_datum_t dconcat;
int ret;
{
ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
_gnutls_hash (&td_md5, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_md5, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_md5, params->data, params->size);
}
{
gnutls_assert ();
if (!_gnutls_version_has_selectable_prf (ver))
- _gnutls_hash_deinit (&td_md5, NULL);
+ _gnutls_hash_deinit (&td_md5, NULL);
return ret;
}
_gnutls_hash (&td_sha, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, params->data, params->size);
if (!_gnutls_version_has_selectable_prf (ver))
}
ret = _gnutls_verify_sig (cert, &dconcat, signature,
- dconcat.size -
- _gnutls_hash_get_algo_len (hash_algo),
- _gnutls_sign_get_pk_algorithm (algo));
+ dconcat.size -
+ _gnutls_hash_get_algo_len (hash_algo),
+ _gnutls_sign_get_pk_algorithm (algo));
if (ret < 0)
{
gnutls_assert ();
*/
static int
_gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session,
- gnutls_cert * cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+ gnutls_cert * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
int ret;
opaque concat[MAX_SIG_SIZE];
handshake_td = &session->internals.handshake_mac_handle.tls12.sha256;
hash_algo = handshake_td->algorithm;
_sign_algo =
- _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
+ _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
if (sign_algo != _sign_algo)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
}
ret = _gnutls_hash_copy (&td, handshake_td);
ret =
_gnutls_verify_sig (cert, &dconcat, signature, 0,
- cert->subject_pk_algorithm);
+ cert->subject_pk_algorithm);
if (ret < 0)
{
gnutls_assert ();
*/
int
_gnutls_handshake_verify_cert_vrfy (gnutls_session_t session,
- gnutls_cert * cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+ gnutls_cert * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
int ret;
opaque concat[MAX_SIG_SIZE];
HANDSHAKE_MAC_TYPE_12)
{
return _gnutls_handshake_verify_cert_vrfy12 (session, cert, signature,
- sign_algo);
+ sign_algo);
}
else if (session->security_parameters.handshake_mac_handle_type !=
- HANDSHAKE_MAC_TYPE_10)
+ HANDSHAKE_MAC_TYPE_10)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
ret =
_gnutls_hash_copy (&td_md5,
- &session->internals.handshake_mac_handle.tls10.md5);
+ &session->internals.handshake_mac_handle.tls10.md5);
if (ret < 0)
{
gnutls_assert ();
ret =
_gnutls_hash_copy (&td_sha,
- &session->internals.handshake_mac_handle.tls10.sha);
+ &session->internals.handshake_mac_handle.tls10.sha);
if (ret < 0)
{
gnutls_assert ();
{
ret = _gnutls_generate_master (session, 1);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
_gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
_gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
}
else
{
}
dconcat.data = concat;
- dconcat.size = 20 + 16; /* md5+ sha */
+ dconcat.size = 20 + 16; /* md5+ sha */
ret =
_gnutls_verify_sig (cert, &dconcat, signature, 16,
- cert->subject_pk_algorithm);
+ cert->subject_pk_algorithm);
if (ret < 0)
{
gnutls_assert ();
*/
static int
_gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session,
- gnutls_cert * cert, gnutls_privkey_t pkey,
- gnutls_datum_t * signature)
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
{
gnutls_datum_t dconcat;
int ret;
handshake_td = &session->internals.handshake_mac_handle.tls12.sha256;
hash_algo = handshake_td->algorithm;
sign_algo =
- _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
+ _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
ret = _gnutls_session_sign_algo_requested (session, sign_algo);
if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_x509_log
- ("Server did not allow either '%s' or '%s' for signing\n",
- gnutls_mac_get_name (hash_algo),
- gnutls_mac_get_name (session->internals.handshake_mac_handle.
- tls12.sha1.algorithm));
- return ret;
- }
+ {
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Server did not allow either '%s' or '%s' for signing\n",
+ gnutls_mac_get_name (hash_algo),
+ gnutls_mac_get_name (session->internals.handshake_mac_handle.
+ tls12.sha1.algorithm));
+ return ret;
+ }
}
_gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n",
- gnutls_sign_algorithm_get_name (sign_algo),
- gnutls_mac_get_name (hash_algo));
+ gnutls_sign_algorithm_get_name (sign_algo),
+ gnutls_mac_get_name (hash_algo));
ret = _gnutls_hash_copy (&td, handshake_td);
if (ret < 0)
*/
int
_gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
- gnutls_cert * cert, gnutls_privkey_t pkey,
- gnutls_datum_t * signature)
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
{
gnutls_datum_t dconcat;
int ret;
HANDSHAKE_MAC_TYPE_12)
{
return _gnutls_handshake_sign_cert_vrfy12 (session, cert, pkey,
- signature);
+ signature);
}
else if (session->security_parameters.handshake_mac_handle_type !=
- HANDSHAKE_MAC_TYPE_10)
+ HANDSHAKE_MAC_TYPE_10)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
ret =
_gnutls_hash_copy (&td_sha,
- &session->internals.handshake_mac_handle.tls10.sha);
+ &session->internals.handshake_mac_handle.tls10.sha);
if (ret < 0)
{
gnutls_assert ();
{
ret = _gnutls_generate_master (session, 1);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
_gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
}
else
_gnutls_hash_deinit (&td_sha, &concat[16]);
{
case GNUTLS_PK_RSA:
ret =
- _gnutls_hash_copy (&td_md5,
- &session->internals.handshake_mac_handle.tls10.
- md5);
+ _gnutls_hash_copy (&td_md5,
+ &session->internals.handshake_mac_handle.tls10.
+ md5);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (ver == GNUTLS_SSL3)
- _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
+ _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
else
- _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_md5, concat);
dconcat.data = concat;
dconcat.size = 36;
return ret;
}
-int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
- bigint_t * params,
- const gnutls_datum_t * data, gnutls_datum_t * digest)
+int
+pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+ bigint_t * params,
+ const gnutls_datum_t * data, gnutls_datum_t * digest)
{
int ret;
{
case GNUTLS_PK_RSA:
if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 &&
- hash != GNUTLS_DIG_SHA256)
+ hash != GNUTLS_DIG_SHA256)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
break;
default:
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return GNUTLS_E_MEMORY_ERROR;
}
- ret = _gnutls_hash_fast(hash, data->data, data->size, digest->data);
+ ret = _gnutls_hash_fast (hash, data->data, data->size, digest->data);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto cleanup;
}
return 0;
cleanup:
- gnutls_free(digest->data);
+ gnutls_free (digest->data);
return ret;
}
*/
static int
encode_ber_digest_info (gnutls_digest_algorithm_t hash,
- const gnutls_datum_t * digest,
- gnutls_datum_t * output)
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output)
{
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
int result;
const char *algo;
- opaque* tmp_output;
+ opaque *tmp_output;
int tmp_output_size;
algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
}
if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DigestInfo",
- &dinfo)) != ASN1_SUCCESS)
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
Regardless of what is correct, this appears to be what most
implementations do. */
result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
- ASN1_NULL, ASN1_NULL_SIZE);
+ ASN1_NULL, ASN1_NULL_SIZE);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
}
asn1_delete_structure (&dinfo);
-
+
output->size = tmp_output_size;
output->data = tmp_output;
*/
int
pk_prepare_hash (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t hash,
- gnutls_datum_t * digest)
+ gnutls_digest_algorithm_t hash, gnutls_datum_t * digest)
{
int ret;
gnutls_datum old_digest = { digest->data, digest->size };
- switch(pk)
+ switch (pk)
{
- case GNUTLS_PK_RSA:
- /* Encode the digest as a DigestInfo
- */
- if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0)
- {
- gnutls_assert ();
- return ret;
- }
+ case GNUTLS_PK_RSA:
+ /* Encode the digest as a DigestInfo
+ */
+ if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- _gnutls_free_datum(&old_digest);
- case GNUTLS_PK_DSA:
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ _gnutls_free_datum (&old_digest);
+ case GNUTLS_PK_DSA:
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
return 0;
#include <gnutls/abstract.h>
int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
- gnutls_cert * cert,
- gnutls_privkey_t pkey,
- gnutls_datum_t * signature);
+ gnutls_cert * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature);
int _gnutls_handshake_sign_data (gnutls_session_t session,
- gnutls_cert * cert,
- gnutls_privkey_t pkey,
- gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t * algo);
+ gnutls_cert * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * algo);
int _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session,
- gnutls_cert * cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t);
+ gnutls_cert * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t);
int _gnutls_handshake_verify_data (gnutls_session_t session,
- gnutls_cert * cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t algo);
+ gnutls_cert * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo);
int _gnutls_soft_sign (gnutls_pk_algorithm_t algo,
- bigint_t * params, int params_size,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
+ bigint_t * params, int params_size,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int pk_prepare_hash (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
- gnutls_datum_t * output);
-int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
- bigint_t * params, const gnutls_datum_t * data, gnutls_datum_t * digest);
+ gnutls_datum_t * output);
+int pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+ bigint_t * params, const gnutls_datum_t * data,
+ gnutls_datum_t * digest);
int
_gnutls_privkey_sign_hash (gnutls_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
#endif
int
_gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result,
- bigint_t g, bigint_t prime, gnutls_alloc_function galloc_func)
+ bigint_t g, bigint_t prime, gnutls_alloc_function galloc_func)
{
bigint_t x, e;
size_t result_size;
{
*result = galloc_func (result_size);
if ((*result) == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
_gnutls_mpi_print (e, *result, &result_size);
ret = result_size;
if (a_size > n_size || b_size > n_size)
{
gnutls_assert ();
- return NULL; /* internal error */
+ return NULL; /* internal error */
}
holder_size = n_size + n_size;
/* convert the bytes of hd to integer
*/
- hash_size = 20; /* SHA */
+ hash_size = 20; /* SHA */
ret = _gnutls_mpi_scan_nz (&res, hd, hash_size);
gnutls_free (holder);
*/
bigint_t
_gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
- bigint_t n)
+ bigint_t n)
{
bigint_t tmp1 = NULL, tmp2 = NULL;
bigint_t S = NULL;
*/
static int
_gnutls_calc_srp_sha (const char *username, const char *password,
- opaque * salt, int salt_size, size_t * size,
- void *digest)
+ opaque * salt, int salt_size, size_t * size,
+ void *digest)
{
digest_hd_st td;
opaque res[MAX_HASH_SIZE];
}
_gnutls_hash (&td, salt, salt_size);
- _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */
+ _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */
_gnutls_hash_deinit (&td, digest);
int
_gnutls_calc_srp_x (char *username, char *password, opaque * salt,
- size_t salt_size, size_t * size, void *digest)
+ size_t salt_size, size_t * size, void *digest)
{
return _gnutls_calc_srp_sha (username, password, salt,
- salt_size, size, digest);
+ salt_size, size, digest);
}
*/
bigint_t
_gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
- bigint_t u, bigint_t n)
+ bigint_t u, bigint_t n)
{
bigint_t S = NULL, tmp1 = NULL, tmp2 = NULL;
bigint_t tmp4 = NULL, tmp3 = NULL, k = NULL;
goto freeall;
}
- _gnutls_mpi_powm (tmp1, g, x, n); /* g^x */
- _gnutls_mpi_mulm (tmp3, tmp1, k, n); /* k*g^x mod n */
+ _gnutls_mpi_powm (tmp1, g, x, n); /* g^x */
+ _gnutls_mpi_mulm (tmp3, tmp1, k, n); /* k*g^x mod n */
_gnutls_mpi_subm (tmp2, B, tmp3, n);
tmp4 = _gnutls_mpi_alloc_like (n);
**/
int
gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
- const char *username, const char *password)
+ const char *username, const char *password)
{
if (username == NULL || password == NULL)
**/
int
gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
- const char *password_file,
- const char *password_conf_file)
+ const char *password_file,
+ const char *password_conf_file)
{
if (password_file == NULL || password_conf_file == NULL)
**/
void
gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
- cred,
- gnutls_srp_server_credentials_function
- * func)
+ cred,
+ gnutls_srp_server_credentials_function
+ * func)
{
cred->pwd_callback = func;
}
**/
void
gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
- cred,
- gnutls_srp_client_credentials_function
- * func)
+ cred,
+ gnutls_srp_client_credentials_function
+ * func)
{
cred->get_function = func;
}
**/
int
gnutls_srp_verifier (const char *username, const char *password,
- const gnutls_datum_t * salt,
- const gnutls_datum_t * generator,
- const gnutls_datum_t * prime, gnutls_datum_t * res)
+ const gnutls_datum_t * salt,
+ const gnutls_datum_t * generator,
+ const gnutls_datum_t * prime, gnutls_datum_t * res)
{
bigint_t _n, _g;
int ret;
opaque digest[20];
ret = _gnutls_calc_srp_sha (username, password, salt->data,
- salt->size, &digest_size, digest);
+ salt->size, &digest_size, digest);
if (ret < 0)
{
gnutls_assert ();
#ifdef ENABLE_SRP
int _gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result,
- bigint_t g, bigint_t prime, gnutls_alloc_function);
+ bigint_t g, bigint_t prime, gnutls_alloc_function);
bigint_t _gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n,
- bigint_t v);
+ bigint_t v);
bigint_t _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t N);
bigint_t _gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
- bigint_t n);
+ bigint_t n);
bigint_t _gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n);
bigint_t _gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
- bigint_t u, bigint_t n);
+ bigint_t u, bigint_t n);
int _gnutls_calc_srp_x (char *username, char *password, opaque * salt,
- size_t salt_size, size_t * size, void *digest);
+ size_t salt_size, size_t * size, void *digest);
int _gnutls_srp_gn (opaque ** ret_g, opaque ** ret_n, int bits);
/* g is defined to be 2 */
them public functions? */
void
_gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+ unsigned char major, unsigned char minor);
void
_gnutls_session_cert_type_set (gnutls_session_t session,
- gnutls_certificate_type_t ct)
+ gnutls_certificate_type_t ct)
{
session->security_parameters.cert_type = ct;
}
*/
int
_gnutls_session_cert_type_supported (gnutls_session_t session,
- gnutls_certificate_type_t cert_type)
+ gnutls_certificate_type_t cert_type)
{
unsigned i;
unsigned cert_found = 0;
if (session->security_parameters.entity == GNUTLS_SERVER)
{
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
if (cred->server_get_cert_callback == NULL
- && cred->get_cert_callback == NULL)
- {
- for (i = 0; i < cred->ncerts; i++)
- {
- if (cred->cert_list[i][0].cert_type == cert_type)
- {
- cert_found = 1;
- break;
- }
- }
-
- if (cert_found == 0)
- /* no certificate is of that type.
- */
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
+ && cred->get_cert_callback == NULL)
+ {
+ for (i = 0; i < cred->ncerts; i++)
+ {
+ if (cred->cert_list[i][0].cert_type == cert_type)
+ {
+ cert_found = 1;
+ break;
+ }
+ }
+
+ if (cert_found == 0)
+ /* no certificate is of that type.
+ */
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
}
if (session->internals.priorities.cert_type.algorithms == 0
for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++)
{
if (session->internals.priorities.cert_type.priority[i] == cert_type)
- {
- return 0; /* ok */
- }
+ {
+ return 0; /* ok */
+ }
}
return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
session->internals.adv_version_minor = 0;
session->internals.v2_hello = 0;
memset (&session->internals.handshake_header_buffer, 0,
- sizeof (handshake_header_buffer_st));
+ sizeof (handshake_header_buffer_st));
session->internals.adv_version_minor = 0;
session->internals.adv_version_minor = 0;
session->internals.direction = 0;
return GNUTLS_E_MEMORY_ERROR;
}
- (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
+ (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS);
- gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */
+ gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */
gnutls_handshake_set_max_packet_length ((*session),
- MAX_HANDSHAKE_PACKET_SIZE);
+ MAX_HANDSHAKE_PACKET_SIZE);
/* set the socket pointers to -1;
*/
for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL)
{
- _gnutls_epoch_free (session, session->record_parameters[i]);
- session->record_parameters[i] = NULL;
+ _gnutls_epoch_free (session, session->record_parameters[i]);
+ session->record_parameters[i] = NULL;
}
_gnutls_buffer_clear (&session->internals.ia_data_buffer);
{
case GNUTLS_CRD_ANON:
{
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_PSK:
{
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_CERTIFICATE:
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
default:
gnutls_assert ();
{
case GNUTLS_CRD_ANON:
{
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
}
case GNUTLS_CRD_PSK:
{
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
}
case GNUTLS_CRD_CERTIFICATE:
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
+ info->dh.secret_bits = bits;
+ break;
default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
}
*/
int
_gnutls_rsa_export_set_pubkey (gnutls_session_t session,
- bigint_t exponent, bigint_t modulus)
+ bigint_t exponent, bigint_t modulus)
{
cert_auth_info_t info;
int ret;
{
case GNUTLS_CRD_ANON:
{
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_PSK:
{
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_CERTIFICATE:
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
default:
gnutls_assert ();
**/
void
gnutls_openpgp_send_cert (gnutls_session_t session,
- gnutls_openpgp_crt_status_t status)
+ gnutls_openpgp_crt_status_t status)
{
session->internals.pgp_fingerprint = status;
}
**/
void
gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
- int status)
+ int status)
{
session->internals.ignore_rdn_sequence = status;
}
-*/
void
_gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major, unsigned char minor)
+ unsigned char major, unsigned char minor)
{
session->internals.default_record_version[0] = major;
session->internals.default_record_version[1] = minor;
inline static int
_gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
- const void *secret, int secret_size,
- const void *seed, int seed_size, void *result)
+ const void *secret, int secret_size,
+ const void *seed, int seed_size, void *result)
{
digest_hd_st td1;
int ret;
*/
static int
_gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
- const opaque * secret, int secret_size,
- const opaque * seed, int seed_size,
- int total_bytes, opaque * ret)
+ const opaque * secret, int secret_size,
+ const opaque * seed, int seed_size,
+ int total_bytes, opaque * ret)
{
digest_hd_st td2;
{
result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
/* here we calculate A(i+1) */
if ((result =
- _gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp,
- A_size, Atmp)) < 0)
- {
- gnutls_assert ();
- _gnutls_hmac_deinit (&td2, final);
- return result;
- }
+ _gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp,
+ A_size, Atmp)) < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hmac_deinit (&td2, final);
+ return result;
+ }
A_size = blocksize;
_gnutls_hmac_deinit (&td2, final);
if ((1 + i) * blocksize < total_bytes)
- {
- how = blocksize;
- }
+ {
+ how = blocksize;
+ }
else
- {
- how = total_bytes - (i) * blocksize;
- }
+ {
+ how = total_bytes - (i) * blocksize;
+ }
if (how > 0)
- {
- memcpy (&ret[i * blocksize], final, how);
- }
+ {
+ memcpy (&ret[i * blocksize], final, how);
+ }
}
return 0;
*/
int
_gnutls_PRF (gnutls_session_t session,
- const opaque * secret, int secret_size, const char *label,
- int label_size, const opaque * seed, int seed_size,
- int total_bytes, void *ret)
+ const opaque * secret, int secret_size, const char *label,
+ int label_size, const opaque * seed, int seed_size,
+ int total_bytes, void *ret)
{
int l_s, s_seed_size;
const opaque *s1, *s2;
if (_gnutls_version_has_selectable_prf (ver))
{
result =
- _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size,
- s_seed, s_seed_size, total_bytes, ret);
+ _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size,
+ s_seed, s_seed_size, total_bytes, ret);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
else
{
s2 = &secret[l_s];
if (secret_size % 2 != 0)
- {
- l_s++;
- }
+ {
+ l_s++;
+ }
result =
- _gnutls_P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
- total_bytes, o1);
+ _gnutls_P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
+ total_bytes, o1);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
result =
- _gnutls_P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
- total_bytes, o2);
+ _gnutls_P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
+ total_bytes, o2);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
_gnutls_xor (o1, o2, total_bytes);
memcpy (ret, o1, total_bytes);
}
- return 0; /* ok */
+ return 0; /* ok */
}
**/
int
gnutls_prf_raw (gnutls_session_t session,
- size_t label_size,
- const char *label,
- size_t seed_size, const char *seed, size_t outsize, char *out)
+ size_t label_size,
+ const char *label,
+ size_t seed_size, const char *seed, size_t outsize, char *out)
{
int ret;
ret = _gnutls_PRF (session,
- session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE,
- label,
- label_size, (opaque *) seed, seed_size, outsize, out);
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE,
+ label,
+ label_size, (opaque *) seed, seed_size, outsize, out);
return ret;
}
**/
int
gnutls_prf (gnutls_session_t session,
- size_t label_size,
- const char *label,
- int server_random_first,
- size_t extra_size, const char *extra, size_t outsize, char *out)
+ size_t label_size,
+ const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra, size_t outsize, char *out)
{
int ret;
opaque *seed;
}
memcpy (seed, server_random_first ?
- session->security_parameters.server_random :
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random :
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
memcpy (seed + GNUTLS_RANDOM_SIZE, server_random_first ?
- session->security_parameters.client_random :
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.client_random :
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
memcpy (seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
ret = _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE,
- label, label_size, seed, seedsize, outsize, out);
+ GNUTLS_MASTER_SIZE,
+ label, label_size, seed, seedsize, outsize, out);
gnutls_free (seed);
**/
void
gnutls_session_set_finished_function (gnutls_session_t session,
- gnutls_finished_callback_func func)
+ gnutls_finished_callback_func func)
{
session->internals.finished_func = func;
}
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
if (session->security_parameters.session_id_size > 0 &&
- session->security_parameters.session_id_size ==
- session->internals.resumed_security_parameters.session_id_size
- && memcmp (session->security_parameters.session_id,
- session->internals.
- resumed_security_parameters.session_id,
- session->security_parameters.session_id_size) == 0)
- return 1;
+ session->security_parameters.session_id_size ==
+ session->internals.resumed_security_parameters.session_id_size
+ && memcmp (session->security_parameters.session_id,
+ session->internals.
+ resumed_security_parameters.session_id,
+ session->security_parameters.session_id_size) == 0)
+ return 1;
}
else
{
if (session->internals.resumed == RESUME_TRUE)
- return 1;
+ return 1;
}
return 0;
cipher =
_gnutls_cipher_suite_get_cipher_algo (&session->
- security_parameters.current_cipher_suite);
+ security_parameters.current_cipher_suite);
if (_gnutls_cipher_get_export_flag (cipher) != 0)
return 1;
kx =
_gnutls_cipher_suite_get_kx_algo (&session->
- security_parameters.current_cipher_suite);
+ security_parameters.current_cipher_suite);
if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK)
return 1;
-*/
void
_gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor)
+ unsigned char major, unsigned char minor)
{
session->internals.rsa_pms_version[0] = major;
session->internals.rsa_pms_version[1] = minor;
**/
void
gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
- gnutls_handshake_post_client_hello_func
- func)
+ gnutls_handshake_post_client_hello_func
+ func)
{
session->internals.user_hello_func = func;
}
**/
int
gnutls_session_channel_binding (gnutls_session_t session,
- gnutls_channel_binding_t cbtype,
- gnutls_datum_t * cb)
+ gnutls_channel_binding_t cbtype,
+ gnutls_datum_t * cb)
{
if (cbtype != GNUTLS_CB_TLS_UNIQUE)
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
#include <gnutls_int.h>
void _gnutls_session_cert_type_set (gnutls_session_t session,
- gnutls_certificate_type_t);
+ gnutls_certificate_type_t);
void
_gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+ unsigned char major, unsigned char minor);
#include <gnutls_auth.h>
#endif
int _gnutls_session_cert_type_supported (gnutls_session_t,
- gnutls_certificate_type_t);
+ gnutls_certificate_type_t);
int _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits);
int _gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public);
int _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen,
- bigint_t prime);
+ bigint_t prime);
int _gnutls_dh_get_allowed_prime_bits (gnutls_session_t session);
void _gnutls_handshake_internal_state_clear (gnutls_session_t);
int _gnutls_rsa_export_set_pubkey (gnutls_session_t session,
- bigint_t exponent, bigint_t modulus);
+ bigint_t exponent, bigint_t modulus);
int _gnutls_session_is_resumable (gnutls_session_t session);
int _gnutls_session_is_export (gnutls_session_t session);
int _gnutls_openpgp_send_fingerprint (gnutls_session_t session);
int _gnutls_PRF (gnutls_session_t session,
- const opaque * secret, int secret_size,
- const char *label, int label_size,
- const opaque * seed, int seed_size,
- int total_bytes, void *ret);
+ const opaque * secret, int secret_size,
+ const char *label, int label_size,
+ const opaque * seed, int seed_size,
+ int total_bytes, void *ret);
#define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
else
{
if (dest_tot_size - dest_size > 0)
- {
- strncat (dest, src, (dest_tot_size - dest_size) - 1);
- dest[dest_tot_size - 1] = 0;
- }
+ {
+ strncat (dest, src, (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
}
}
else
{
if (dest_tot_size > 0)
- {
- strncpy (dest, src, (dest_tot_size) - 1);
- dest[dest_tot_size - 1] = 0;
- }
+ {
+ strncpy (dest, src, (dest_tot_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
}
}
void
_gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
- size_t src_size)
+ size_t src_size)
{
if (dest_tot_size >= src_size)
else
{
if (dest_tot_size > 0)
- {
- memcpy (dest, src, dest_tot_size);
- }
+ {
+ memcpy (dest, src, dest_tot_size);
+ }
}
}
int
_gnutls_buffer_append_data (gnutls_buffer_st * dest, const void *data,
- size_t data_size)
+ size_t data_size)
{
size_t tot_len = data_size + dest->length;
size_t unused = MEMSUB (dest->data, dest->allocd);
if (dest->max_length - unused <= tot_len)
- {
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
+ {
+ if (dest->length && dest->data)
+ memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
- }
+ dest->data = dest->allocd;
+ }
memmove (&dest->data[dest->length], data, data_size);
dest->length = tot_len;
{
size_t unused = MEMSUB (dest->data, dest->allocd);
size_t new_len =
- MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
+ MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
dest->allocd = gnutls_realloc (dest->allocd, new_len);
if (dest->allocd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
dest->max_length = new_len;
dest->data = dest->allocd + unused;
if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
+ memmove (dest->allocd, dest->data, dest->length);
dest->data = dest->allocd;
memcpy (&dest->data[dest->length], data, data_size);
{
size_t unused = MEMSUB (dest->data, dest->allocd);
if (dest->max_length - unused <= new_size)
- {
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
- }
+ {
+ if (dest->length && dest->data)
+ memmove (dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+ }
return 0;
}
{
size_t unused = MEMSUB (dest->data, dest->allocd);
size_t alloc_len =
- MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
+ MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
dest->allocd = gnutls_realloc (dest->allocd, alloc_len);
if (dest->allocd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
dest->max_length = alloc_len;
dest->data = dest->allocd + unused;
if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
+ memmove (dest->allocd, dest->data, dest->length);
dest->data = dest->allocd;
return 0;
*/
void
_gnutls_buffer_pop_datum (gnutls_buffer_st * str, gnutls_datum_t * data,
- size_t req_size)
+ size_t req_size)
{
if (str->length == 0)
{
data->data = gnutls_malloc (str->length);
if (data->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
memcpy (data->data, str->data, str->length);
data->size = str->length;
_gnutls_buffer_clear (str);
*/
void
_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data,
- size_t * req_size)
+ size_t * req_size)
{
gnutls_datum_t tdata;
static int
_gnutls_buffer_insert_data (gnutls_buffer_st * dest, int pos, const void *str,
- size_t str_size)
+ size_t str_size)
{
size_t orig_length = dest->length;
int ret;
- ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */
+ ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */
if (ret < 0)
return ret;
_gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size)
{
memmove (&dest->data[pos], &dest->data[pos + str_size],
- dest->length - pos - str_size);
+ dest->length - pos - str_size);
dest->length -= str_size;
int
_gnutls_buffer_escape (gnutls_buffer_st * dest,
- const char *const invalid_chars)
+ const char *const invalid_chars)
{
int rv = -1;
char t[5];
{
if (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos])
- || !isgraph (dest->data[pos]))
- {
+ || !isgraph (dest->data[pos]))
+ {
- snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]);
+ snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]);
- _gnutls_buffer_delete_data (dest, pos, 1);
+ _gnutls_buffer_delete_data (dest, pos, 1);
- if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0)
- {
- rv = -1;
- goto cleanup;
- }
+ if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0)
+ {
+ rv = -1;
+ goto cleanup;
+ }
- }
+ }
pos++;
}
while (pos < dest->length)
{
if (dest->data[pos] == '%')
- {
- char b[3];
- unsigned int u;
- unsigned char x;
+ {
+ char b[3];
+ unsigned int u;
+ unsigned char x;
- b[0] = dest->data[pos + 1];
- b[1] = dest->data[pos + 2];
- b[2] = 0;
+ b[0] = dest->data[pos + 1];
+ b[1] = dest->data[pos + 2];
+ b[2] = 0;
- sscanf (b, "%02x", &u);
+ sscanf (b, "%02x", &u);
- x = u;
+ x = u;
- _gnutls_buffer_delete_data (dest, pos, 3);
- _gnutls_buffer_insert_data (dest, pos, &x, 1);
- }
+ _gnutls_buffer_delete_data (dest, pos, 3);
+ _gnutls_buffer_insert_data (dest, pos, &x, 1);
+ }
pos++;
}
*/
char *
_gnutls_bin2hex (const void *_old, size_t oldlen,
- char *buffer, size_t buffer_size, const char *separator)
+ char *buffer, size_t buffer_size, const char *separator)
{
unsigned int i, j;
const opaque *old = _old;
**/
int
gnutls_hex2bin (const char *hex_data,
- size_t hex_size, char *bin_data, size_t * bin_size)
+ size_t hex_size, char *bin_data, size_t * bin_size)
{
return _gnutls_hex2bin (hex_data, (int) hex_size, bin_data, bin_size);
}
int
_gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data,
- size_t * bin_size)
+ size_t * bin_size)
{
int i, j;
opaque hex2_data[3];
for (i = j = 0; i < hex_size;)
{
- if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */
- {
- i++;
- continue;
- }
+ if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */
+ {
+ i++;
+ continue;
+ }
if (j > *bin_size)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
hex2_data[0] = hex_data[i];
hex2_data[1] = hex_data[i + 1];
val = strtoul ((char *) hex2_data, NULL, 16);
if (val == ULONG_MAX)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
bin_data[j] = val;
j++;
}
*/
int
_gnutls_hostname_compare (const char *certname,
- size_t certnamesize, const char *hostname)
+ size_t certnamesize, const char *hostname)
{
/* find the first different character */
for (; *certname && *hostname && toupper (*certname) == toupper (*hostname);
certnamesize--;
while (1)
- {
- /* Use a recursive call to allow multiple wildcards */
- if (_gnutls_hostname_compare (certname, certnamesize, hostname))
- return 1;
-
- /* wildcards are only allowed to match a single domain
- component or component fragment */
- if (*hostname == '\0' || *hostname == '.')
- break;
- hostname++;
- }
+ {
+ /* Use a recursive call to allow multiple wildcards */
+ if (_gnutls_hostname_compare (certname, certnamesize, hostname))
+ return 1;
+
+ /* wildcards are only allowed to match a single domain
+ component or component fragment */
+ if (*hostname == '\0' || *hostname == '.')
+ break;
+ hostname++;
+ }
return 0;
}
*/
int
_gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
- int check)
+ int check)
{
size_t size;
int
_gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
- gnutls_datum_t * data)
+ gnutls_datum_t * data)
{
size_t size;
int ret;
size_t osize = size;
_gnutls_buffer_pop_datum (buf, data, size);
if (osize != data->size)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
}
else
{
int
_gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data,
- size_t data_size)
+ size_t data_size)
{
_gnutls_buffer_append_prefix (buf, data_size);
if (data_size > 0)
int
_gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
- size_t * data_size)
+ size_t * data_size)
{
size_t size;
int ret;
void _gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
void _gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
- size_t src_size);
+ size_t src_size);
void _gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src);
typedef struct
{
- opaque *allocd; /* pointer to allocated data */
- opaque *data; /* API: pointer to data to copy from */
+ opaque *allocd; /* pointer to allocated data */
+ opaque *data; /* API: pointer to data to copy from */
size_t max_length;
- size_t length; /* API: current length */
+ size_t length; /* API: current length */
} gnutls_buffer_st;
void _gnutls_buffer_init (gnutls_buffer_st *);
int _gnutls_buffer_append_str (gnutls_buffer_st *, const char *str);
int _gnutls_buffer_append_data (gnutls_buffer_st *, const void *data,
- size_t data_size);
+ size_t data_size);
#include <gnutls_num.h>
int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size);
int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf,
- const void *data, size_t data_size);
+ const void *data, size_t data_size);
void _gnutls_buffer_pop_data (gnutls_buffer_st *, void *, size_t * size);
void _gnutls_buffer_pop_datum (gnutls_buffer_st *, gnutls_datum_t *,
- size_t max_size);
+ size_t max_size);
int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
- int check);
+ int check);
int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
- size_t * data_size);
+ size_t * data_size);
int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
- gnutls_datum_t * data);
+ gnutls_datum_t * data);
int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data);
int _gnutls_buffer_escape (gnutls_buffer_st * dest,
- const char *const invalid_chars);
+ const char *const invalid_chars);
int _gnutls_buffer_unescape (gnutls_buffer_st * dest);
#ifndef __attribute__
/* This feature is available in gcc versions 2.5 and later. */
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec) /* empty */
+#define __attribute__(Spec) /* empty */
#endif
#endif
int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt,
- ...)
+ ...)
__attribute__ ((format (printf, 2, 3)));
char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer,
- size_t buffer_size, const char *separator);
+ size_t buffer_size, const char *separator);
int _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data,
- size_t * bin_size);
+ size_t * bin_size);
int _gnutls_hostname_compare (const char *certname, size_t certnamesize,
- const char *hostname);
+ const char *hostname);
#define MAX_CN 256
#define BUFFER_APPEND(b, x, s) { \
#include "gnutls_num.h"
typedef int (*supp_recv_func) (gnutls_session_t session,
- const opaque * data, size_t data_size);
+ const opaque * data, size_t data_size);
typedef int (*supp_send_func) (gnutls_session_t session,
- gnutls_buffer_st * buf);
+ gnutls_buffer_st * buf);
typedef struct
{
/* Make room for supplement type and length byte length field. */
ret = _gnutls_buffer_append_data (buf, "\0\0\0\0", 4);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = supp_send (session, buf);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* If data were added, store type+length, otherwise reset. */
if (buf->length > sizepos + 4)
- {
- buf->data[sizepos] = 0;
- buf->data[sizepos + 1] = p->type;
- buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF;
- buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF;
- }
+ {
+ buf->data[sizepos] = 0;
+ buf->data[sizepos + 1] = p->type;
+ buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF;
+ buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF;
+ }
else
- buf->length -= 4;
+ buf->length -= 4;
}
buf->data[0] = ((buf->length - 3) >> 16) & 0xFF;
buf->data[2] = (buf->length - 3) & 0xFF;
_gnutls_debug_log ("EXT[%p]: Sending %d bytes of supplemental data\n",
- session, (int) buf->length);
+ session, (int) buf->length);
return buf->length;
}
int
_gnutls_parse_supplemental (gnutls_session_t session,
- const uint8_t * data, int datalen)
+ const uint8_t * data, int datalen)
{
const opaque *p = data;
ssize_t dsize = datalen;
p += 2;
_gnutls_debug_log ("EXT[%p]: Got supplemental type=%02x length=%d\n",
- session, supp_data_type, supp_data_length);
+ session, supp_data_type, supp_data_length);
recv_func = get_supp_func_recv (supp_data_type);
if (recv_func)
- {
- int ret = recv_func (session, p, supp_data_length);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ int ret = recv_func (session, p, supp_data_length);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
else
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
DECR_LEN (dsize, supp_data_length);
p += supp_data_length;
#include <gnutls_int.h>
int _gnutls_parse_supplemental (gnutls_session_t session,
- const uint8_t * data, int data_size);
+ const uint8_t * data, int data_size);
int _gnutls_gen_supplemental (gnutls_session_t session,
- gnutls_buffer_st * buf);
+ gnutls_buffer_st * buf);
**/
int
gnutls_dh_get_group (gnutls_session_t session,
- gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
+ gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
{
dh_info_st *dh;
int ret;
case GNUTLS_CRD_ANON:
anon_info = _gnutls_get_auth_info (session);
if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &anon_info->dh;
break;
case GNUTLS_CRD_PSK:
psk_info = _gnutls_get_auth_info (session);
if (psk_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &psk_info->dh;
break;
case GNUTLS_CRD_CERTIFICATE:
cert_info = _gnutls_get_auth_info (session);
if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &cert_info->dh;
break;
default:
{
case GNUTLS_CRD_ANON:
{
- anon_info = _gnutls_get_auth_info (session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
+ anon_info = _gnutls_get_auth_info (session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
}
case GNUTLS_CRD_PSK:
{
- psk_info = _gnutls_get_auth_info (session);
- if (psk_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &psk_info->dh;
- break;
+ psk_info = _gnutls_get_auth_info (session);
+ if (psk_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &psk_info->dh;
+ break;
}
case GNUTLS_CRD_CERTIFICATE:
{
- cert_info = _gnutls_get_auth_info (session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
+ cert_info = _gnutls_get_auth_info (session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
}
default:
gnutls_assert ();
}
return _gnutls_set_datum (raw_key, dh->public_key.data,
- dh->public_key.size);
+ dh->public_key.size);
}
/**
**/
int
gnutls_rsa_export_get_pubkey (gnutls_session_t session,
- gnutls_datum_t * exponent,
- gnutls_datum_t * modulus)
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus)
{
cert_auth_info_t info;
int ret;
{
info = _gnutls_get_auth_info (session);
if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_INTERNAL_ERROR;
ret = _gnutls_set_datum (modulus, info->rsa_export.modulus.data,
- info->rsa_export.modulus.size);
+ info->rsa_export.modulus.size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = _gnutls_set_datum (exponent, info->rsa_export.exponent.data,
- info->rsa_export.exponent.size);
+ info->rsa_export.exponent.size);
if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (modulus);
- return ret;
- }
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (modulus);
+ return ret;
+ }
return 0;
}
{
case GNUTLS_CRD_ANON:
{
- anon_auth_info_t info;
+ anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
}
case GNUTLS_CRD_PSK:
{
- psk_auth_info_t info;
+ psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
}
case GNUTLS_CRD_CERTIFICATE:
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
+ return info->dh.secret_bits;
}
default:
gnutls_assert ();
{
case GNUTLS_CRD_ANON:
{
- anon_auth_info_t info;
+ anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_PSK:
{
- psk_auth_info_t info;
+ psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_CERTIFICATE:
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
default:
gnutls_assert ();
{
case GNUTLS_CRD_ANON:
{
- anon_auth_info_t info;
+ anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_PSK:
{
- psk_auth_info_t info;
+ psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
case GNUTLS_CRD_CERTIFICATE:
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
+ dh = &info->dh;
+ break;
}
default:
gnutls_assert ();
**/
const gnutls_datum_t *
gnutls_certificate_get_peers (gnutls_session_t
- session, unsigned int *list_size)
+ session, unsigned int *list_size)
{
cert_auth_info_t info;
**/
int
gnutls_fingerprint (gnutls_digest_algorithm_t algo,
- const gnutls_datum_t * data, void *result,
- size_t * result_size)
+ const gnutls_datum_t * data, void *result,
+ size_t * result_size)
{
digest_hd_st td;
int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo));
{
int ret = _gnutls_hash_init (&td, HASH2MAC (algo));
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
_gnutls_hash (&td, data->data, data->size);
**/
void
gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
- gnutls_dh_params_t dh_params)
+ gnutls_dh_params_t dh_params)
{
res->dh_params = dh_params;
}
**/
void
gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
- gnutls_params_function * func)
+ gnutls_params_function * func)
{
res->params_func = func;
}
**/
void
gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
- res, unsigned int flags)
+ res, unsigned int flags)
{
res->verify_flags = flags;
}
**/
void
gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res,
- unsigned int max_bits,
- unsigned int max_depth)
+ unsigned int max_bits,
+ unsigned int max_depth)
{
res->verify_depth = max_depth;
res->verify_bits = max_bits;
**/
void
gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
- res, gnutls_rsa_params_t rsa_params)
+ res, gnutls_rsa_params_t rsa_params)
{
res->rsa_params = rsa_params;
}
**/
void
gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
- gnutls_params_function * func)
+ gnutls_params_function * func)
{
res->params_func = func;
}
**/
void
gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
- gnutls_params_function * func)
+ gnutls_params_function * func)
{
res->params_func = func;
}
/* This selects the best supported ciphersuite from the ones provided */
static int
_gnutls_handshake_select_v2_suite (gnutls_session_t session,
- opaque * data, int datalen)
+ opaque * data, int datalen)
{
int i, j, ret;
opaque *_data;
int _datalen;
_gnutls_handshake_log ("HSK[%p]: Parsing a version 2.0 client hello.\n",
- session);
+ session);
_data = gnutls_malloc (datalen);
if (_data == NULL)
for (j = 0; j < datalen; j += 3)
{
if (data[j] == 0)
- {
- memcpy (&_data[i], &data[j + 1], 2);
- i += 2;
- _datalen += 2;
- }
+ {
+ memcpy (&_data[i], &data[j + 1], 2);
+ i += 2;
+ _datalen += 2;
+ }
}
ret = _gnutls_server_select_suite (session, _data, _datalen);
*/
int
_gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
- int datalen)
+ int datalen)
{
uint16_t session_id_len = 0;
int pos = 0;
if (_gnutls_get_kx_cred
(session,
_gnutls_cipher_suite_get_kx_algo (&session->
- security_parameters.current_cipher_suite),
+ security_parameters.current_cipher_suite),
&err) == NULL && err != 0)
{
gnutls_assert ();
*/
session->internals.auth_struct =
_gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite));
+ (&session->
+ security_parameters.current_cipher_suite));
if (session->internals.auth_struct == NULL)
{
_gnutls_handshake_log
- ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
- session);
+ ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
/* read random new values -skip session id for now */
- DECR_LEN (len, session_id_len); /* skip session id for now */
+ DECR_LEN (len, session_id_len); /* skip session id for now */
memcpy (session_id, &data[pos], session_id_len);
pos += session_id_len;
ret = _gnutls_server_restore_session (session, session_id, session_id_len);
if (ret == 0)
- { /* resumed! */
+ { /* resumed! */
/* get the new random values */
memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
session->internals.resumed = RESUME_TRUE;
return 0;
else
{
_gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
+ &session->
+ security_parameters.session_id_size);
session->internals.resumed = RESUME_FALSE;
}
*/
int _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
- int datalen);
+ int datalen);
-*/
int
_gnutls_x509_cert_verify_peers (gnutls_session_t session,
- unsigned int *status)
+ unsigned int *status)
{
cert_auth_info_t info;
gnutls_certificate_credentials_t cred;
{
ret = gnutls_x509_crt_init (&peer_certificate_list[i]);
if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
+ {
+ gnutls_assert ();
+ CLEAR_CERTS;
+ return ret;
+ }
ret =
- gnutls_x509_crt_import (peer_certificate_list[i],
- &info->raw_certificate_list[i],
- GNUTLS_X509_FMT_DER);
+ gnutls_x509_crt_import (peer_certificate_list[i],
+ &info->raw_certificate_list[i],
+ GNUTLS_X509_FMT_DER);
if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
+ {
+ gnutls_assert ();
+ CLEAR_CERTS;
+ return ret;
+ }
ret = check_bits (peer_certificate_list[i], cred->verify_bits);
if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
+ {
+ gnutls_assert ();
+ CLEAR_CERTS;
+ return ret;
+ }
}
*/
ret = gnutls_x509_crt_list_verify (peer_certificate_list,
- peer_certificate_list_size,
- cred->x509_ca_list, cred->x509_ncas,
- cred->x509_crl_list, cred->x509_ncrls,
- cred->verify_flags | session->internals.
- priorities.additional_verify_flags,
- status);
+ peer_certificate_list_size,
+ cred->x509_ca_list, cred->x509_ncas,
+ cred->x509_crl_list, cred->x509_ncrls,
+ cred->verify_flags | session->internals.
+ priorities.additional_verify_flags,
+ status);
CLEAR_CERTS;
*/
static int
parse_der_cert_mem (gnutls_certificate_credentials_t res,
- const void *input_cert, int input_cert_size)
+ const void *input_cert, int input_cert_size)
{
gnutls_datum_t tmp;
gnutls_x509_crt_t crt;
*/
static int
parse_pem_cert_mem (gnutls_certificate_credentials_t res,
- const char *input_cert, int input_cert_size)
+ const char *input_cert, int input_cert_size)
{
int size, siz2;
const char *ptr;
/* move to the certificate
*/
ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
if (ptr == NULL)
ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
if (ptr == NULL)
{
siz2 = _gnutls_fbase64_decode (NULL, ptr, size, &ptr2);
if (siz2 < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert));
if (certs == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
tmp.data = ptr2;
tmp.size = siz2;
ret = _gnutls_x509_raw_cert_to_gcert (&certs[count], &tmp, 0);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (certs);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (certs);
+ return ret;
+ }
- _gnutls_free_datum (&tmp); /* free ptr2 */
+ _gnutls_free_datum (&tmp); /* free ptr2 */
/* now we move ptr after the pem header
*/
size = input_cert_size - (ptr - input_cert);
if (size > 0)
- {
- char *ptr3;
+ {
+ char *ptr3;
- ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr3 == NULL)
- ptr3 = memmem (ptr, size, PEM_CERT_SEP2,
- sizeof (PEM_CERT_SEP2) - 1);
+ ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr3 == NULL)
+ ptr3 = memmem (ptr, size, PEM_CERT_SEP2,
+ sizeof (PEM_CERT_SEP2) - 1);
- ptr = ptr3;
- }
+ ptr = ptr3;
+ }
else
- ptr = NULL;
+ ptr = NULL;
count++;
*/
static int
read_cert_mem (gnutls_certificate_credentials_t res, const void *cert,
- int cert_size, gnutls_x509_crt_fmt_t type)
+ int cert_size, gnutls_x509_crt_fmt_t type)
{
int ret;
static int
_gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t * privkey,
- const gnutls_datum_t * raw_key,
- gnutls_x509_crt_fmt_t type)
+ const gnutls_datum_t * raw_key,
+ gnutls_x509_crt_fmt_t type)
{
gnutls_x509_privkey_t tmpkey;
int ret;
ret =
gnutls_privkey_import_x509 (*privkey, tmpkey,
- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
gnutls_assert ();
*/
static int
read_key_mem (gnutls_certificate_credentials_t res,
- const void *key, int key_size, gnutls_x509_crt_fmt_t type)
+ const void *key, int key_size, gnutls_x509_crt_fmt_t type)
{
int ret;
gnutls_datum_t tmp;
ret = _gnutls_x509_raw_privkey_to_privkey (&privkey, &tmp, type);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = certificate_credentials_append_pkey (res, privkey);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (privkey);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_privkey_deinit (privkey);
+ return ret;
+ }
}
else
ret =
gnutls_privkey_import_pkcs11 (pkey, key1,
- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
gnutls_assert ();
/* FIXME: should we use login? */
ret =
gnutls_pkcs11_obj_list_import_url (NULL, &pcrt_list_size, url,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
gnutls_assert ();
ret =
gnutls_pkcs11_obj_list_import_url (pcrt_list, &pcrt_list_size, url,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
if (ret < 0)
{
gnutls_assert ();
ret =
gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list,
- 0);
+ 0);
if (xcrt_list == NULL)
{
gnutls_assert ();
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
ret =
gnutls_x509_crt_import_pkcs11_url (crt, url,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0)
{
*/
static int
read_cert_file (gnutls_certificate_credentials_t res,
- const char *certfile, gnutls_x509_crt_fmt_t type)
+ const char *certfile, gnutls_x509_crt_fmt_t type)
{
int ret;
size_t size;
*/
static int
read_key_file (gnutls_certificate_credentials_t res,
- const char *keyfile, gnutls_x509_crt_fmt_t type)
+ const char *keyfile, gnutls_x509_crt_fmt_t type)
{
int ret;
size_t size;
**/
int
gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_x509_crt_fmt_t type)
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type)
{
int ret;
/* this should be first
*/
if ((ret = read_key_mem (res, key ? key->data : NULL,
- key ? key->size : 0, type)) < 0)
+ key ? key->size : 0, type)) < 0)
return ret;
if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0)
int
certificate_credential_append_crt_list (gnutls_certificate_credentials_t res,
- gnutls_cert * crt, int nr)
+ gnutls_cert * crt, int nr)
{
res->cert_list = gnutls_realloc_fast (res->cert_list,
- (1 +
- res->ncerts) *
- sizeof (gnutls_cert *));
+ (1 +
+ res->ncerts) *
+ sizeof (gnutls_cert *));
if (res->cert_list == NULL)
{
gnutls_assert ();
}
res->cert_list_length = gnutls_realloc_fast (res->cert_list_length,
- (1 +
- res->ncerts) * sizeof (int));
+ (1 +
+ res->ncerts) * sizeof (int));
if (res->cert_list_length == NULL)
{
gnutls_assert ();
int
certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
- gnutls_privkey_t pkey)
+ gnutls_privkey_t pkey)
{
res->pkey = gnutls_realloc_fast (res->pkey,
- (1 + res->ncerts) *
- sizeof (gnutls_privkey_t));
+ (1 + res->ncerts) *
+ sizeof (gnutls_privkey_t));
if (res->pkey == NULL)
{
gnutls_assert ();
**/
int
gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * cert_list,
- int cert_list_size,
- gnutls_x509_privkey_t key)
+ gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key)
{
int ret, i;
gnutls_privkey_t pkey;
{
ret = _gnutls_x509_crt_to_gcert (&pcerts[i], cert_list[i], 0);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
ret = certificate_credential_append_crt_list (res, pcerts, cert_list_size);
**/
int
gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_x509_crt_fmt_t type)
+ const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type)
{
int ret;
for (i = res->x509_ncas - new; i < res->x509_ncas; i++)
{
if ((ret = gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
newsize = res->x509_rdn_sequence.size + 2 + tmp.size;
if (newsize < res->x509_rdn_sequence.size)
- {
- gnutls_assert ();
- _gnutls_free_datum (&tmp);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&tmp);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
newdata = gnutls_realloc (res->x509_rdn_sequence.data, newsize);
if (newdata == NULL)
- {
- gnutls_assert ();
- _gnutls_free_datum (&tmp);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&tmp);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
_gnutls_write_datum16 (newdata + res->x509_rdn_sequence.size, tmp);
_gnutls_free_datum (&tmp);
encipher_type = _gnutls_kx_encipher_type (alg);
if (key_usage != 0 && encipher_type != CIPHER_IGN)
- {
- /* If key_usage has been set in the certificate
- */
-
- if (encipher_type == CIPHER_ENCRYPT)
- {
- /* If the key exchange method requires an encipher
- * type algorithm, and key's usage does not permit
- * encipherment, then fail.
- */
- if (!(key_usage & KEY_KEY_ENCIPHERMENT))
- {
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
-
- if (encipher_type == CIPHER_SIGN)
- {
- /* The same as above, but for sign only keys
- */
- if (!(key_usage & KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
- }
+ {
+ /* If key_usage has been set in the certificate
+ */
+
+ if (encipher_type == CIPHER_ENCRYPT)
+ {
+ /* If the key exchange method requires an encipher
+ * type algorithm, and key's usage does not permit
+ * encipherment, then fail.
+ */
+ if (!(key_usage & KEY_KEY_ENCIPHERMENT))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+
+ if (encipher_type == CIPHER_SIGN)
+ {
+ /* The same as above, but for sign only keys
+ */
+ if (!(key_usage & KEY_DIGITAL_SIGNATURE))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+ }
}
return 0;
}
static int
parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
- const opaque * input_cert, int input_cert_size)
+ const opaque * input_cert, int input_cert_size)
{
int i, size;
const opaque *ptr;
/* move to the certificate
*/
ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
if (ptr == NULL)
ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
if (ptr == NULL)
{
{
*cert_list =
- (gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list,
- i *
- sizeof
- (gnutls_x509_crt_t));
+ (gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list,
+ i *
+ sizeof
+ (gnutls_x509_crt_t));
if (*cert_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
ret = gnutls_x509_crt_init (&cert_list[0][i - 1]);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
tmp.data = (opaque *) ptr;
tmp.size = size;
ret =
- gnutls_x509_crt_import (cert_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_PEM);
+ gnutls_x509_crt_import (cert_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_PEM);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* now we move ptr after the pem header
*/
*/
if (size > 0)
- {
- char *ptr3;
+ {
+ char *ptr3;
- ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr3 == NULL)
- ptr3 = memmem (ptr, size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+ ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr3 == NULL)
+ ptr3 = memmem (ptr, size,
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
- ptr = ptr3;
- size = input_cert_size - (ptr - input_cert);
- }
+ ptr = ptr3;
+ size = input_cert_size - (ptr - input_cert);
+ }
else
- ptr = NULL;
+ ptr = NULL;
i++;
count++;
*/
static int
parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
- const void *input_cert, int input_cert_size)
+ const void *input_cert, int input_cert_size)
{
int i;
gnutls_datum_t tmp;
*cert_list =
(gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list,
- i *
- sizeof (gnutls_x509_crt_t));
+ i *
+ sizeof (gnutls_x509_crt_t));
if (*cert_list == NULL)
{
*ncerts = i;
- return 1; /* one certificate parsed */
+ return 1; /* one certificate parsed */
}
/**
**/
int
gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * ca,
- gnutls_x509_crt_fmt_t type)
+ const gnutls_datum_t * ca,
+ gnutls_x509_crt_fmt_t type)
{
int ret, ret2;
if (type == GNUTLS_X509_FMT_DER)
ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
+ ca->data, ca->size);
else
ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
+ ca->data, ca->size);
if ((ret2 = add_new_crt_to_rdn_seq (res, ret)) < 0)
return ret2;
**/
int
gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * ca_list,
- int ca_list_size)
+ gnutls_x509_crt_t * ca_list,
+ int ca_list_size)
{
int ret, i, ret2;
res->x509_ca_list = gnutls_realloc_fast (res->x509_ca_list,
- (ca_list_size +
- res->x509_ncas) *
- sizeof (gnutls_x509_crt_t));
+ (ca_list_size +
+ res->x509_ncas) *
+ sizeof (gnutls_x509_crt_t));
if (res->x509_ca_list == NULL)
{
gnutls_assert ();
{
ret = gnutls_x509_crt_init (&res->x509_ca_list[res->x509_ncas]);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = _gnutls_x509_crt_cpy (res->x509_ca_list[res->x509_ncas],
- ca_list[i]);
+ ca_list[i]);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (res->x509_ca_list[res->x509_ncas]);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (res->x509_ca_list[res->x509_ncas]);
+ return ret;
+ }
res->x509_ncas++;
}
**/
int
gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res,
- const char *cafile,
- gnutls_x509_crt_fmt_t type)
+ const char *cafile,
+ gnutls_x509_crt_fmt_t type)
{
int ret, ret2;
size_t size;
static int
parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
- const opaque * input_crl, int input_crl_size)
+ const opaque * input_crl, int input_crl_size)
{
int size, i;
const opaque *ptr;
/* move to the certificate
*/
ptr = memmem (input_crl, input_crl_size,
- PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
+ PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
if (ptr == NULL)
{
gnutls_assert ();
{
*crl_list =
- (gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list,
- i *
- sizeof
- (gnutls_x509_crl_t));
+ (gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list,
+ i *
+ sizeof
+ (gnutls_x509_crl_t));
if (*crl_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
ret = gnutls_x509_crl_init (&crl_list[0][i - 1]);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
tmp.data = (char *) ptr;
tmp.size = size;
ret =
- gnutls_x509_crl_import (crl_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_PEM);
+ gnutls_x509_crl_import (crl_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_PEM);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* now we move ptr after the pem header
*/
size = input_crl_size - (ptr - input_crl);
if (size > 0)
- ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
+ ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
else
- ptr = NULL;
+ ptr = NULL;
i++;
count++;
*/
static int
parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
- const void *input_crl, int input_crl_size)
+ const void *input_crl, int input_crl_size)
{
int i;
gnutls_datum_t tmp;
*crl_list =
(gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list,
- i *
- sizeof (gnutls_x509_crl_t));
+ i *
+ sizeof (gnutls_x509_crl_t));
if (*crl_list == NULL)
{
*ncrls = i;
- return 1; /* one certificate parsed */
+ return 1; /* one certificate parsed */
}
*/
static int
read_crl_mem (gnutls_certificate_credentials_t res, const void *crl,
- int crl_size, gnutls_x509_crt_fmt_t type)
+ int crl_size, gnutls_x509_crt_fmt_t type)
{
int ret;
/* allocate space for the certificate to add
*/
res->x509_crl_list = gnutls_realloc_fast (res->x509_crl_list,
- (1 +
- res->x509_ncrls) *
- sizeof (gnutls_x509_crl_t));
+ (1 +
+ res->x509_ncrls) *
+ sizeof (gnutls_x509_crl_t));
if (res->x509_crl_list == NULL)
{
gnutls_assert ();
if (type == GNUTLS_X509_FMT_DER)
ret = parse_der_crl_mem (&res->x509_crl_list,
- &res->x509_ncrls, crl, crl_size);
+ &res->x509_ncrls, crl, crl_size);
else
ret = parse_pem_crl_mem (&res->x509_crl_list,
- &res->x509_ncrls, crl, crl_size);
+ &res->x509_ncrls, crl, crl_size);
if (ret < 0)
{
**/
int
gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * CRL,
- gnutls_x509_crt_fmt_t type)
+ const gnutls_datum_t * CRL,
+ gnutls_x509_crt_fmt_t type)
{
int ret;
**/
int
gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
- gnutls_x509_crl_t * crl_list,
- int crl_list_size)
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size)
{
int ret, i;
res->x509_crl_list = gnutls_realloc_fast (res->x509_crl_list,
- (crl_list_size +
- res->x509_ncrls) *
- sizeof (gnutls_x509_crl_t));
+ (crl_list_size +
+ res->x509_ncrls) *
+ sizeof (gnutls_x509_crl_t));
if (res->x509_crl_list == NULL)
{
gnutls_assert ();
{
ret = gnutls_x509_crl_init (&res->x509_crl_list[res->x509_ncrls]);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = _gnutls_x509_crl_cpy (res->x509_crl_list[res->x509_ncrls],
- crl_list[i]);
+ crl_list[i]);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
res->x509_ncrls++;
}
**/
int
gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res,
- const char *crlfile,
- gnutls_x509_crt_fmt_t type)
+ const char *crlfile,
+ gnutls_x509_crt_fmt_t type)
{
int ret;
size_t size;
if (type == GNUTLS_X509_FMT_DER)
ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
- data, size);
+ data, size);
else
ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
- data, size);
+ data, size);
free (data);
static int
parse_pkcs12 (gnutls_certificate_credentials_t res,
- gnutls_pkcs12_t p12,
- const char *password,
- gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t * cert, gnutls_x509_crl_t * crl)
+ gnutls_pkcs12_t p12,
+ const char *password,
+ gnutls_x509_privkey_t * key,
+ gnutls_x509_crt_t * cert, gnutls_x509_crl_t * crl)
{
gnutls_pkcs12_bag_t bag = NULL;
int idx = 0;
ret = gnutls_pkcs12_bag_init (&bag);
if (ret < 0)
- {
- bag = NULL;
- gnutls_assert ();
- goto done;
- }
+ {
+ bag = NULL;
+ gnutls_assert ();
+ goto done;
+ }
ret = gnutls_pkcs12_get_bag (p12, idx, bag);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
+ break;
if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
ret = gnutls_pkcs12_bag_get_type (bag, 0);
if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
if (ret == GNUTLS_BAG_ENCRYPTED)
- {
- ret = gnutls_pkcs12_bag_decrypt (bag, password);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
+ {
+ ret = gnutls_pkcs12_bag_decrypt (bag, password);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+ }
elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
if (elements_in_bag < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
for (i = 0; i < elements_in_bag; i++)
- {
- int type;
- gnutls_datum_t data;
-
- type = gnutls_pkcs12_bag_get_type (bag, i);
- if (type < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- switch (type)
- {
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- case GNUTLS_BAG_PKCS8_KEY:
- if (*key != NULL) /* too simple to continue */
- {
- gnutls_assert ();
- break;
- }
-
- ret = gnutls_x509_privkey_init (key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_x509_privkey_import_pkcs8
- (*key, &data, GNUTLS_X509_FMT_DER, password,
- type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_privkey_deinit (*key);
- goto done;
- }
-
- key_id_size = sizeof (key_id);
- ret =
- gnutls_x509_privkey_get_key_id (*key, 0, key_id,
- &key_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_privkey_deinit (*key);
- goto done;
- }
-
- privkey_ok = 1; /* break */
- break;
- default:
- break;
- }
- }
+ {
+ int type;
+ gnutls_datum_t data;
+
+ type = gnutls_pkcs12_bag_get_type (bag, i);
+ if (type < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ switch (type)
+ {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ case GNUTLS_BAG_PKCS8_KEY:
+ if (*key != NULL) /* too simple to continue */
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ ret = gnutls_x509_privkey_init (key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_x509_privkey_import_pkcs8
+ (*key, &data, GNUTLS_X509_FMT_DER, password,
+ type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_privkey_deinit (*key);
+ goto done;
+ }
+
+ key_id_size = sizeof (key_id);
+ ret =
+ gnutls_x509_privkey_get_key_id (*key, 0, key_id,
+ &key_id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_privkey_deinit (*key);
+ goto done;
+ }
+
+ privkey_ok = 1; /* break */
+ break;
+ default:
+ break;
+ }
+ }
idx++;
gnutls_pkcs12_bag_deinit (bag);
- if (privkey_ok != 0) /* private key was found */
- break;
+ if (privkey_ok != 0) /* private key was found */
+ break;
}
- if (privkey_ok == 0) /* no private key */
+ if (privkey_ok == 0) /* no private key */
{
gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
ret = gnutls_pkcs12_bag_init (&bag);
if (ret < 0)
- {
- bag = NULL;
- gnutls_assert ();
- goto done;
- }
+ {
+ bag = NULL;
+ gnutls_assert ();
+ goto done;
+ }
ret = gnutls_pkcs12_get_bag (p12, idx, bag);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
+ break;
if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
ret = gnutls_pkcs12_bag_get_type (bag, 0);
if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
if (ret == GNUTLS_BAG_ENCRYPTED)
- {
- ret = gnutls_pkcs12_bag_decrypt (bag, password);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
+ {
+ ret = gnutls_pkcs12_bag_decrypt (bag, password);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+ }
elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
if (elements_in_bag < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
for (i = 0; i < elements_in_bag; i++)
- {
- int type;
- gnutls_datum_t data;
-
- type = gnutls_pkcs12_bag_get_type (bag, i);
- if (type < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- switch (type)
- {
- case GNUTLS_BAG_CERTIFICATE:
- if (*cert != NULL) /* no need to set it again */
- {
- gnutls_assert ();
- break;
- }
-
- ret = gnutls_x509_crt_init (cert);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret =
- gnutls_x509_crt_import (*cert, &data, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (*cert);
- goto done;
- }
-
- /* check if the key id match */
- cert_id_size = sizeof (cert_id);
- ret =
- gnutls_x509_crt_get_key_id (*cert, 0, cert_id, &cert_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (*cert);
- goto done;
- }
-
- if (memcmp (cert_id, key_id, cert_id_size) != 0)
- { /* they don't match - skip the certificate */
- gnutls_x509_crt_deinit (*cert);
- *cert = NULL;
- }
- break;
-
- case GNUTLS_BAG_CRL:
- if (*crl != NULL)
- {
- gnutls_assert ();
- break;
- }
-
- ret = gnutls_x509_crl_init (crl);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crl_deinit (*crl);
- goto done;
- }
- break;
-
- case GNUTLS_BAG_ENCRYPTED:
- /* XXX Bother to recurse one level down? Unlikely to
- use the same password anyway. */
- case GNUTLS_BAG_EMPTY:
- default:
- break;
- }
- }
+ {
+ int type;
+ gnutls_datum_t data;
+
+ type = gnutls_pkcs12_bag_get_type (bag, i);
+ if (type < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ switch (type)
+ {
+ case GNUTLS_BAG_CERTIFICATE:
+ if (*cert != NULL) /* no need to set it again */
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ ret = gnutls_x509_crt_init (cert);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret =
+ gnutls_x509_crt_import (*cert, &data, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (*cert);
+ goto done;
+ }
+
+ /* check if the key id match */
+ cert_id_size = sizeof (cert_id);
+ ret =
+ gnutls_x509_crt_get_key_id (*cert, 0, cert_id, &cert_id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (*cert);
+ goto done;
+ }
+
+ if (memcmp (cert_id, key_id, cert_id_size) != 0)
+ { /* they don't match - skip the certificate */
+ gnutls_x509_crt_deinit (*cert);
+ *cert = NULL;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if (*crl != NULL)
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ ret = gnutls_x509_crl_init (crl);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crl_deinit (*crl);
+ goto done;
+ }
+ break;
+
+ case GNUTLS_BAG_ENCRYPTED:
+ /* XXX Bother to recurse one level down? Unlikely to
+ use the same password anyway. */
+ case GNUTLS_BAG_EMPTY:
+ default:
+ break;
+ }
+ }
idx++;
gnutls_pkcs12_bag_deinit (bag);
ret =
gnutls_certificate_set_x509_simple_pkcs12_mem (res, &p12blob, type,
- password);
+ password);
free (p12blob.data);
return ret;
{
ret = gnutls_pkcs12_verify_mac (p12, password);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_pkcs12_deinit (p12);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_pkcs12_deinit (p12);
+ return ret;
+ }
}
ret = parse_pkcs12 (res, p12, password, &key, &cert, &crl);
{
ret = gnutls_certificate_set_x509_key (res, &cert, 1, key);
if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
}
if (crl)
{
ret = gnutls_certificate_set_x509_crl (res, &crl, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
+ {
+ gnutls_assert ();
+ goto done;
+ }
}
ret = 0;
#include <gnutls/abstract.h>
int _gnutls_x509_cert_verify_peers (gnutls_session_t session,
- unsigned int *status);
+ unsigned int *status);
#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE"
#define PEM_CERT_SEP "-----BEGIN CERTIFICATE"
#define PEM_KEY_DSA_SEP "-----BEGIN DSA"
int _gnutls_check_key_usage (const gnutls_cert * cert,
- gnutls_kx_algorithm_t alg);
+ gnutls_kx_algorithm_t alg);
int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey_t * privkey,
- const gnutls_datum_t * raw_key,
- gnutls_x509_crt_fmt_t type);
+ const gnutls_datum_t * raw_key,
+ gnutls_x509_crt_fmt_t type);
int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits);
int gnutls_pubkey_import_x509 (gnutls_pubkey_t pkey, gnutls_x509_crt_t crt,
- unsigned int flags);
+ unsigned int flags);
int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey,
- gnutls_pkcs11_obj_t crt, unsigned int flags);
+ gnutls_pkcs11_obj_t crt, unsigned int flags);
int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flags);
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags);
int
gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
- unsigned int usage, unsigned int flags);
+ unsigned int usage, unsigned int flags);
int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand);
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand);
int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e);
+ gnutls_datum_t * m, gnutls_datum_t * e);
int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y);
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y);
int gnutls_pubkey_export (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
+ unsigned char *output_data,
+ size_t * output_data_size);
int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage);
int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage);
int gnutls_pubkey_import (gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y);
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y);
int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t pubkey,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e);
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key);
int
gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature);
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature);
int
gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash);
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash);
/* Private key operations */
int gnutls_privkey_init (gnutls_privkey_t * key);
void gnutls_privkey_deinit (gnutls_privkey_t key);
int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
- unsigned int *bits);
+ unsigned int *bits);
gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1
int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t key,
- unsigned int flags);
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags);
int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
- gnutls_x509_privkey_t key,
- unsigned int flags);
+ gnutls_x509_privkey_t key,
+ unsigned int flags);
int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t key,
- unsigned int flags);
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags);
int gnutls_privkey_sign_data (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int
gnutls_privkey_sign_hash2 (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
int gnutls_privkey_decrypt_data (gnutls_privkey_t signer,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
- gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
#endif
gnutls_x509_crt_t *x509;
gnutls_openpgp_crt_t pgp;
} cert;
- unsigned int ncerts; /* one for pgp keys */
+ unsigned int ncerts; /* one for pgp keys */
union
{
gnutls_openpgp_privkey_t pgp;
} key;
- unsigned int deinit_all; /* if non zero all keys will be deinited */
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
} gnutls_retr_st;
typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
- const
- gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int
- pk_algos_length,
- gnutls_retr_st *);
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr_st *);
typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
- gnutls_retr_st *);
+ gnutls_retr_st *);
void gnutls_certificate_client_set_retrieve_function
(gnutls_certificate_credentials_t cred,
/* External signing callback. No longer supported because it
* was deprecated by the PKCS #11 API. */
typedef int (*gnutls_sign_func) (gnutls_session_t session,
- void *userdata,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+ void *userdata,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
void
gnutls_sign_callback_set (gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata)
+ gnutls_sign_func sign_func, void *userdata)
_GNUTLS_GCC_ATTR_DEPRECATED;
gnutls_sign_func
gnutls_sign_callback_get (gnutls_session_t session, void **userdata);
* structures are used.
*/
int gnutls_ext_register (int type,
- const char *name,
- gnutls_ext_parse_type_t parse_type,
- gnutls_ext_recv_func recv_func,
- gnutls_ext_send_func send_func)
+ const char *name,
+ gnutls_ext_parse_type_t parse_type,
+ gnutls_ext_recv_func recv_func,
+ gnutls_ext_send_func send_func)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* We no longer support the finished callback. Use
* gnutls_session_channel_binding for similar functionality.
*/
typedef void (*gnutls_finished_callback_func) (gnutls_session_t session,
- const void *finished,
- size_t len);
+ const void *finished,
+ size_t len);
void gnutls_session_set_finished_function (gnutls_session_t session,
- gnutls_finished_callback_func
- func)
+ gnutls_finished_callback_func
+ func)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* returns security values.
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_psk_netconf_derive_key (const char *password,
- const char *psk_identity,
- const char *psk_identity_hint,
- gnutls_datum_t *
- output_key)
+ const char *psk_identity,
+ const char *psk_identity_hint,
+ gnutls_datum_t *
+ output_key)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* This is a very dangerous and error-prone function.
* Do not use.
*/
- int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
#endif /* _GNUTLS_COMPAT_H */
{
#endif
-typedef struct cipher_hd_st *gnutls_cipher_hd_t;
-
-int gnutls_cipher_init (gnutls_cipher_hd_t * handle,
- gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key,
- const gnutls_datum_t * iv);
-int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
- void *text, size_t textlen);
-int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
- void *ciphertext, size_t ciphertextlen);
-int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
- size_t ciphertextlen, void *text, size_t textlen);
-int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text,
- size_t textlen, void *ciphertext,
- size_t ciphertextlen);
-
-void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
-int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
-
-
-typedef struct hash_hd_st *gnutls_hash_hd_t;
-typedef struct hmac_hd_st *gnutls_hmac_hd_t;
-
-int gnutls_hmac_init (gnutls_hmac_hd_t * dig,
- gnutls_digest_algorithm_t algorithm, const void *key,
- size_t keylen);
-int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
-void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
-void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
-int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm);
-int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- size_t keylen, const void *text, size_t textlen,
- void *digest);
-
-int gnutls_hash_init (gnutls_hash_hd_t * dig,
- gnutls_digest_algorithm_t algorithm);
-int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen);
-void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
-void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
-int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm);
-int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest);
+ typedef struct cipher_hd_st *gnutls_cipher_hd_t;
+
+ int gnutls_cipher_init (gnutls_cipher_hd_t * handle,
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv);
+ int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
+ void *text, size_t textlen);
+ int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
+ void *ciphertext, size_t ciphertextlen);
+ int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle,
+ const void *ciphertext, size_t ciphertextlen,
+ void *text, size_t textlen);
+ int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text,
+ size_t textlen, void *ciphertext,
+ size_t ciphertextlen);
+
+ void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
+ int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
+
+
+ typedef struct hash_hd_st *gnutls_hash_hd_t;
+ typedef struct hmac_hd_st *gnutls_hmac_hd_t;
+
+ int gnutls_hmac_init (gnutls_hmac_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm, const void *key,
+ size_t keylen);
+ int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
+ void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
+ void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
+ int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm);
+ int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
+ size_t keylen, const void *text, size_t textlen,
+ void *digest);
+
+ int gnutls_hash_init (gnutls_hash_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen);
+ void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
+ void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
+ int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest);
/* register ciphers */
#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
-typedef struct
-{
- int (*init) (gnutls_cipher_algorithm_t, void **ctx);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*setiv) (void *ctx, const void *iv, size_t ivsize);
- int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize);
- int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize);
- void (*deinit) (void *ctx);
-} gnutls_crypto_cipher_st;
-
-typedef struct
-{
- int (*init) (gnutls_mac_algorithm_t, void **ctx);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*hash) (void *ctx, const void *text, size_t textsize);
- int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*deinit) (void *ctx);
-} gnutls_crypto_mac_st;
-
-typedef struct
-{
- int (*init) (gnutls_mac_algorithm_t, void **ctx);
- int (*hash) (void *ctx, const void *text, size_t textsize);
- int (*copy) (void **dst_ctx, void *src_ctx);
- int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*deinit) (void *ctx);
-} gnutls_crypto_digest_st;
+ typedef struct
+ {
+ int (*init) (gnutls_cipher_algorithm_t, void **ctx);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*setiv) (void *ctx, const void *iv, size_t ivsize);
+ int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize);
+ int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_cipher_st;
+
+ typedef struct
+ {
+ int (*init) (gnutls_mac_algorithm_t, void **ctx);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*hash) (void *ctx, const void *text, size_t textsize);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_mac_st;
+
+ typedef struct
+ {
+ int (*init) (gnutls_mac_algorithm_t, void **ctx);
+ int (*hash) (void *ctx, const void *text, size_t textsize);
+ int (*copy) (void **dst_ctx, void *src_ctx);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_digest_st;
/**
* gnutls_rnd_level_t:
*
* Enumeration of random quality levels.
*/
-typedef enum gnutls_rnd_level
-{
- GNUTLS_RND_NONCE = 0,
- GNUTLS_RND_RANDOM = 1,
- GNUTLS_RND_KEY = 2
-} gnutls_rnd_level_t;
+ typedef enum gnutls_rnd_level
+ {
+ GNUTLS_RND_NONCE = 0,
+ GNUTLS_RND_RANDOM = 1,
+ GNUTLS_RND_KEY = 2
+ } gnutls_rnd_level_t;
-int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
+ int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
/**
*
* Enumeration of public-key flag.
*/
-typedef enum
-{
- GNUTLS_PK_FLAG_NONE = 0
-} gnutls_pk_flag_t;
+ typedef enum
+ {
+ GNUTLS_PK_FLAG_NONE = 0
+ } gnutls_pk_flag_t;
-typedef struct gnutls_crypto_rnd
-{
- int (*init) (void **ctx);
- int (*rnd) (void *ctx, int level, void *data, size_t datasize);
- void (*deinit) (void *ctx);
-} gnutls_crypto_rnd_st;
+ typedef struct gnutls_crypto_rnd
+ {
+ int (*init) (void **ctx);
+ int (*rnd) (void *ctx, int level, void *data, size_t datasize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_rnd_st;
-typedef void *bigint_t;
+ typedef void *bigint_t;
/**
* gnutls_bigint_format_t:
*
* Enumeration of different bignum integer encoding formats.
*/
-typedef enum
-{
- /* raw unsigned integer format */
- GNUTLS_MPI_FORMAT_USG = 0,
- /* raw signed integer format - always a leading zero when positive */
- GNUTLS_MPI_FORMAT_STD = 1,
- /* the pgp integer format */
- GNUTLS_MPI_FORMAT_PGP = 2
-} gnutls_bigint_format_t;
-
-typedef struct
-{
- bigint_t g; /* group generator */
- bigint_t p; /* prime */
-} gnutls_group_st;
+ typedef enum
+ {
+ /* raw unsigned integer format */
+ GNUTLS_MPI_FORMAT_USG = 0,
+ /* raw signed integer format - always a leading zero when positive */
+ GNUTLS_MPI_FORMAT_STD = 1,
+ /* the pgp integer format */
+ GNUTLS_MPI_FORMAT_PGP = 2
+ } gnutls_bigint_format_t;
+
+ typedef struct
+ {
+ bigint_t g; /* group generator */
+ bigint_t p; /* prime */
+ } gnutls_group_st;
/* Multi precision integer arithmetic */
-typedef struct gnutls_crypto_bigint
-{
- bigint_t (*bigint_new) (int nbits);
- void (*bigint_release) (bigint_t n);
- /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
- int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
- /* as bigint_cmp */
- int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
- /* ret = a % b */
- bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b);
- /* a = b -> ret == a */
- bigint_t (*bigint_set) (bigint_t a, const bigint_t b);
- /* a = b -> ret == a */
- bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b);
- unsigned int (*bigint_get_nbits) (const bigint_t a);
- /* w = b ^ e mod m */
- bigint_t (*bigint_powm) (bigint_t w, const bigint_t b,
- const bigint_t e, const bigint_t m);
- /* w = a + b mod m */
- bigint_t (*bigint_addm) (bigint_t w, const bigint_t a,
- const bigint_t b, const bigint_t m);
- /* w = a - b mod m */
- bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m);
- /* w = a * b mod m */
- bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m);
- /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a,
- const bigint_t b);
- /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a,
- const bigint_t b);
- /* w = a * b */
- bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b);
- /* w = a + b */
- bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a, unsigned long b);
- /* w = a - b */
- bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a, unsigned long b);
- /* w = a * b */
- bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a, unsigned long b);
- /* q = a / b */
- bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b);
- /* 0 if prime */
- int (*bigint_prime_check) (const bigint_t pp);
- int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits);
-
- /* reads an bigint from a buffer */
- /* stores an bigint into the buffer. returns
- * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
- * store this integer, and updates the buf_size;
- */
- bigint_t (*bigint_scan) (const void *buf, size_t buf_size,
- gnutls_bigint_format_t format);
- int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size,
- gnutls_bigint_format_t format);
-} gnutls_crypto_bigint_st;
+ typedef struct gnutls_crypto_bigint
+ {
+ bigint_t (*bigint_new) (int nbits);
+ void (*bigint_release) (bigint_t n);
+ /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
+ int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
+ /* as bigint_cmp */
+ int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
+ /* ret = a % b */
+ bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t (*bigint_set) (bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b);
+ unsigned int (*bigint_get_nbits) (const bigint_t a);
+ /* w = b ^ e mod m */
+ bigint_t (*bigint_powm) (bigint_t w, const bigint_t b,
+ const bigint_t e, const bigint_t m);
+ /* w = a + b mod m */
+ bigint_t (*bigint_addm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a - b mod m */
+ bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m);
+ /* w = a * b mod m */
+ bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m);
+ /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a,
+ const bigint_t b);
+ /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a,
+ const bigint_t b);
+ /* w = a * b */
+ bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b);
+ /* w = a + b */
+ bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a - b */
+ bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a * b */
+ bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* q = a / b */
+ bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b);
+ /* 0 if prime */
+ int (*bigint_prime_check) (const bigint_t pp);
+ int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits);
+
+ /* reads an bigint from a buffer */
+ /* stores an bigint into the buffer. returns
+ * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
+ * store this integer, and updates the buf_size;
+ */
+ bigint_t (*bigint_scan) (const void *buf, size_t buf_size,
+ gnutls_bigint_format_t format);
+ int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size,
+ gnutls_bigint_format_t format);
+ } gnutls_crypto_bigint_st;
#define GNUTLS_MAX_PK_PARAMS 16
-typedef struct
-{
- bigint_t params[GNUTLS_MAX_PK_PARAMS];
- unsigned int params_nr; /* the number of parameters */
- unsigned int flags;
-} gnutls_pk_params_st;
+ typedef struct
+ {
+ bigint_t params[GNUTLS_MAX_PK_PARAMS];
+ unsigned int params_nr; /* the number of parameters */
+ unsigned int flags;
+ } gnutls_pk_params_st;
-void gnutls_pk_params_release (gnutls_pk_params_st * p);
-void gnutls_pk_params_init (gnutls_pk_params_st * p);
+ void gnutls_pk_params_release (gnutls_pk_params_st * p);
+ void gnutls_pk_params_init (gnutls_pk_params_st * p);
/* params are:
* RSA:
*
* Enumeration of different directions.
*/
-typedef enum
-{
- GNUTLS_IMPORT = 0,
- GNUTLS_EXPORT = 1
-} gnutls_direction_t;
+ typedef enum
+ {
+ GNUTLS_IMPORT = 0,
+ GNUTLS_EXPORT = 1
+ } gnutls_direction_t;
/* Public key algorithms */
-typedef struct gnutls_crypto_pk
-{
- /* The params structure should contain the private or public key
- * parameters, depending on the operation */
- int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pub);
- int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * priv);
-
- int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
- const gnutls_datum_t * data,
- const gnutls_pk_params_st * priv);
- int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- const gnutls_pk_params_st * pub);
-
- int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
- gnutls_pk_params_st *);
- /* this function should convert params to ones suitable
- * for the above functions
- */
- int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t,
- gnutls_pk_params_st *);
-
-} gnutls_crypto_pk_st;
+ typedef struct gnutls_crypto_pk
+ {
+ /* The params structure should contain the private or public key
+ * parameters, depending on the operation */
+ int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pub);
+ int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * priv);
+
+ int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
+ const gnutls_datum_t * data,
+ const gnutls_pk_params_st * priv);
+ int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pub);
+
+ int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
+ gnutls_pk_params_st *);
+ /* this function should convert params to ones suitable
+ * for the above functions
+ */
+ int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t,
+ gnutls_pk_params_st *);
+
+ } gnutls_crypto_pk_st;
/* priority: infinity for backend algorithms, 90 for kernel
algorithms, lowest wins
gnutls_crypto_single_digest_register2(algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
-int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t
- algorithm, int priority,
- int version,
- const
- gnutls_crypto_single_cipher_st *
- s);
-int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
- int priority, int version,
- const gnutls_crypto_single_mac_st *
- s);
-int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t
- algorithm, int priority,
- int version,
- const
- gnutls_crypto_single_digest_st *
- s);
+ int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t
+ algorithm, int priority,
+ int version,
+ const
+ gnutls_crypto_single_cipher_st *
+ s);
+ int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
+ int priority, int version,
+ const gnutls_crypto_single_mac_st *
+ s);
+ int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t
+ algorithm, int priority,
+ int version,
+ const
+ gnutls_crypto_single_digest_st *
+ s);
#define gnutls_crypto_cipher_register(prio, st) \
gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_digest_register(prio, st) \
gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-int gnutls_crypto_cipher_register2 (int priority, int version,
- const gnutls_crypto_cipher_st * s);
-int gnutls_crypto_mac_register2 (int priority, int version,
- const gnutls_crypto_mac_st * s);
-int gnutls_crypto_digest_register2 (int priority, int version,
- const gnutls_crypto_digest_st * s);
+ int gnutls_crypto_cipher_register2 (int priority, int version,
+ const gnutls_crypto_cipher_st * s);
+ int gnutls_crypto_mac_register2 (int priority, int version,
+ const gnutls_crypto_mac_st * s);
+ int gnutls_crypto_digest_register2 (int priority, int version,
+ const gnutls_crypto_digest_st * s);
#define gnutls_crypto_rnd_register(prio, st) \
gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_bigint_register(prio, st) \
gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-int gnutls_crypto_rnd_register2 (int priority, int version,
- const gnutls_crypto_rnd_st * s);
-int gnutls_crypto_pk_register2 (int priority, int version,
- const gnutls_crypto_pk_st * s);
-int gnutls_crypto_bigint_register2 (int priority, int version,
- const gnutls_crypto_bigint_st * s);
+ int gnutls_crypto_rnd_register2 (int priority, int version,
+ const gnutls_crypto_rnd_st * s);
+ int gnutls_crypto_pk_register2 (int priority, int version,
+ const gnutls_crypto_pk_st * s);
+ int gnutls_crypto_bigint_register2 (int priority, int version,
+ const gnutls_crypto_bigint_st * s);
#ifdef __cplusplus
}
GNUTLS_COMP_NULL = 1,
GNUTLS_COMP_DEFLATE = 2,
GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
- GNUTLS_COMP_LZO = 3 /* only available if gnutls-extra has
- been initialized
- */
+ GNUTLS_COMP_LZO = 3 /* only available if gnutls-extra has
+ been initialized
+ */
} gnutls_compression_method_t;
/**
} gnutls_params_st;
typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
- gnutls_params_st *);
+ gnutls_params_st *);
/* internal functions */
int gnutls_init (gnutls_session_t * session,
- gnutls_connection_end_t con_end);
+ gnutls_connection_end_t con_end);
void gnutls_deinit (gnutls_session_t session);
#define _gnutls_deinit(x) gnutls_deinit(x)
gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
int gnutls_alert_send (gnutls_session_t session,
- gnutls_alert_level_t level,
- gnutls_alert_description_t desc);
+ gnutls_alert_level_t level,
+ gnutls_alert_description_t desc);
int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
- unsigned int bits);
+ unsigned int bits);
const char *gnutls_sec_param_get_name (gnutls_sec_param_t param);
unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
- gnutls_sec_param_t param);
+ gnutls_sec_param_t param);
/* get information on the current session */
gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
gnutls_certificate_type_t
gnutls_certificate_type_get (gnutls_session_t session);
int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
- size_t indx,
- gnutls_sign_algorithm_t * algo);
+ size_t indx,
+ gnutls_sign_algorithm_t * algo);
size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
const char *gnutls_compression_get_name (gnutls_compression_method_t
- algorithm);
+ algorithm);
const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
- type);
+ type);
const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
const gnutls_pk_algorithm_t *gnutls_pk_list (void);
const gnutls_sign_algorithm_t *gnutls_sign_list (void);
const char *gnutls_cipher_suite_info (size_t idx,
- char *cs_id,
- gnutls_kx_algorithm_t * kx,
- gnutls_cipher_algorithm_t * cipher,
- gnutls_mac_algorithm_t * mac,
- gnutls_protocol_t * version);
+ char *cs_id,
+ gnutls_kx_algorithm_t * kx,
+ gnutls_cipher_algorithm_t * cipher,
+ gnutls_mac_algorithm_t * mac,
+ gnutls_protocol_t * version);
/* error functions */
int gnutls_error_is_fatal (int error);
/* Semi-internal functions.
*/
void gnutls_handshake_set_private_extensions (gnutls_session_t session,
- int allow);
+ int allow);
gnutls_handshake_description_t
gnutls_handshake_get_last_out (gnutls_session_t session);
gnutls_handshake_description_t
/* Record layer functions.
*/
ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
- size_t sizeofdata);
+ size_t sizeofdata);
ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
- size_t sizeofdata);
+ size_t sizeofdata);
#define gnutls_read gnutls_record_recv
#define gnutls_write gnutls_record_send
size_t gnutls_record_check_pending (gnutls_session_t session);
int gnutls_prf (gnutls_session_t session,
- size_t label_size, const char *label,
- int server_random_first,
- size_t extra_size, const char *extra,
- size_t outsize, char *out);
+ size_t label_size, const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out);
int gnutls_prf_raw (gnutls_session_t session,
- size_t label_size, const char *label,
- size_t seed_size, const char *seed,
- size_t outsize, char *out);
+ size_t label_size, const char *label,
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out);
/* TLS Extensions */
typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
- const unsigned char *data, size_t len);
+ const unsigned char *data, size_t len);
typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
- unsigned char *data, size_t len);
+ unsigned char *data, size_t len);
/**
* gnutls_ext_parse_type_t:
} gnutls_server_name_type_t;
int gnutls_server_name_set (gnutls_session_t session,
- gnutls_server_name_type_t type,
- const void *name, size_t name_length);
+ gnutls_server_name_type_t type,
+ const void *name, size_t name_length);
int gnutls_server_name_get (gnutls_session_t session,
- void *data, size_t * data_length,
- unsigned int *type, unsigned int indx);
+ void *data, size_t * data_length,
+ unsigned int *type, unsigned int indx);
/* Safe renegotiation */
int gnutls_safe_renegotiation_status (gnutls_session_t session);
const char
*gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
- type);
+ type);
/* SessionTicket, RFC 5077. */
int gnutls_session_ticket_key_generate (gnutls_datum_t * key);
int gnutls_session_ticket_enable_client (gnutls_session_t session);
int gnutls_session_ticket_enable_server (gnutls_session_t session,
- const gnutls_datum_t * key);
+ const gnutls_datum_t * key);
/* functions to set priority of cipher suites
*/
int gnutls_cipher_set_priority (gnutls_session_t session, const int *list);
int gnutls_mac_set_priority (gnutls_session_t session, const int *list);
int gnutls_compression_set_priority (gnutls_session_t session,
- const int *list);
+ const int *list);
int gnutls_kx_set_priority (gnutls_session_t session, const int *list);
int gnutls_protocol_set_priority (gnutls_session_t session,
- const int *list);
+ const int *list);
int gnutls_certificate_type_set_priority (gnutls_session_t session,
- const int *list);
+ const int *list);
/* if you just want some defaults, use the following.
*/
int gnutls_priority_init (gnutls_priority_t * priority_cache,
- const char *priorities, const char **err_pos);
+ const char *priorities, const char **err_pos);
void gnutls_priority_deinit (gnutls_priority_t priority_cache);
int gnutls_priority_set (gnutls_session_t session,
- gnutls_priority_t priority);
+ gnutls_priority_t priority);
int gnutls_priority_set_direct (gnutls_session_t session,
- const char *priorities,
- const char **err_pos);
+ const char *priorities,
+ const char **err_pos);
/* for compatibility
*/
/* Returns the name of a cipher suite */
const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
- kx_algorithm,
- gnutls_cipher_algorithm_t
- cipher_algorithm,
- gnutls_mac_algorithm_t
- mac_algorithm);
+ kx_algorithm,
+ gnutls_cipher_algorithm_t
+ cipher_algorithm,
+ gnutls_mac_algorithm_t
+ mac_algorithm);
/* get the currently used protocol version */
gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
/* get/set session
*/
int gnutls_session_set_data (gnutls_session_t session,
- const void *session_data,
- size_t session_data_size);
+ const void *session_data,
+ size_t session_data_size);
int gnutls_session_get_data (gnutls_session_t session, void *session_data,
- size_t * session_data_size);
+ size_t * session_data_size);
int gnutls_session_get_data2 (gnutls_session_t session,
- gnutls_datum_t * data);
+ gnutls_datum_t * data);
/* returns the session ID */
#define GNUTLS_MAX_SESSION_ID 32
int gnutls_session_get_id (gnutls_session_t session, void *session_id,
- size_t * session_id_size);
+ size_t * session_id_size);
int gnutls_session_channel_binding (gnutls_session_t session,
- gnutls_channel_binding_t cbtype,
- gnutls_datum_t * cb);
+ gnutls_channel_binding_t cbtype,
+ gnutls_datum_t * cb);
/* checks if this session is a resumed one
*/
int gnutls_session_is_resumed (gnutls_session_t session);
typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
- gnutls_datum_t data);
+ gnutls_datum_t data);
typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
void gnutls_db_remove_session (gnutls_session_t session);
void gnutls_db_set_retrieve_function (gnutls_session_t session,
- gnutls_db_retr_func retr_func);
+ gnutls_db_retr_func retr_func);
void gnutls_db_set_remove_function (gnutls_session_t session,
- gnutls_db_remove_func rem_func);
+ gnutls_db_remove_func rem_func);
void gnutls_db_set_store_function (gnutls_session_t session,
- gnutls_db_store_func store_func);
+ gnutls_db_store_func store_func);
void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
void *gnutls_db_get_ptr (gnutls_session_t session);
int gnutls_db_check_entry (gnutls_session_t session,
- gnutls_datum_t session_entry);
+ gnutls_datum_t session_entry);
typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
void
gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
- gnutls_handshake_post_client_hello_func
- func);
+ gnutls_handshake_post_client_hello_func
+ func);
void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
- size_t max);
+ size_t max);
/* returns libgnutls version (call it with a NULL argument)
*/
/* cred is a structure defined by the kx algorithm
*/
int gnutls_credentials_set (gnutls_session_t session,
- gnutls_credentials_type_t type, void *cred);
+ gnutls_credentials_type_t type, void *cred);
#define gnutls_cred_set gnutls_credentials_set
/* Credential structures - used in gnutls_credentials_set(); */
*gnutls_anon_client_credentials_t;
void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
- sc);
+ sc);
int
gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t
- * sc);
+ * sc);
void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
- gnutls_dh_params_t dh_params);
+ gnutls_dh_params_t dh_params);
void
gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
- res,
- gnutls_params_function * func);
+ res,
+ gnutls_params_function * func);
void
gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc);
int
gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
- * sc);
+ * sc);
/* CERTFILE is an x509 certificate in PEM form.
* KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc);
int
gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
- * res);
+ * res);
void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
- gnutls_dh_params_t dh_params);
+ gnutls_dh_params_t dh_params);
void
gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
- res,
- gnutls_rsa_params_t rsa_params);
+ res,
+ gnutls_rsa_params_t rsa_params);
void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
- res, unsigned int flags);
+ res, unsigned int flags);
void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
- res, unsigned int max_bits,
- unsigned int max_depth);
+ res, unsigned int max_bits,
+ unsigned int max_depth);
int
gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
- res, const char *cafile,
- gnutls_x509_crt_fmt_t type);
+ res, const char *cafile,
+ gnutls_x509_crt_fmt_t type);
int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
- res, const gnutls_datum_t * ca,
- gnutls_x509_crt_fmt_t type);
+ res, const gnutls_datum_t * ca,
+ gnutls_x509_crt_fmt_t type);
int
gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
- res, const char *crlfile,
- gnutls_x509_crt_fmt_t type);
+ res, const char *crlfile,
+ gnutls_x509_crt_fmt_t type);
int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
- res, const gnutls_datum_t * CRL,
- gnutls_x509_crt_fmt_t type);
+ res, const gnutls_datum_t * CRL,
+ gnutls_x509_crt_fmt_t type);
int
gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- gnutls_x509_crt_fmt_t type);
+ res, const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type);
int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
- res, const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_x509_crt_fmt_t type);
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type);
void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
- int status);
+ int status);
int gnutls_certificate_set_x509_simple_pkcs12_file
(gnutls_certificate_credentials_t res, const char *pkcs12file,
typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * cert_list,
- int cert_list_size,
- gnutls_x509_privkey_t key);
+ gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key);
int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * ca_list,
- int ca_list_size);
+ gnutls_x509_crt_t * ca_list,
+ int ca_list_size);
int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
- gnutls_x509_crl_t * crl_list,
- int crl_list_size);
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size);
void gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
- gnutls_x509_crt_t ** x509_ca_list,
- unsigned int *ncas);
+ gnutls_x509_crt_t ** x509_ca_list,
+ unsigned int *ncas);
void gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc,
- gnutls_x509_crl_t ** x509_crl_list,
- unsigned int *ncrls);
+ gnutls_x509_crl_t ** x509_crl_list,
+ unsigned int *ncrls);
void
gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t
- sc,
- gnutls_openpgp_keyring_t *
- keyring);
+ sc,
+ gnutls_openpgp_keyring_t *
+ keyring);
/* global state functions
*/
typedef int (*mutex_deinit_func) (void **mutex);
void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func,
- mutex_lock_func, mutex_unlock_func);
+ mutex_lock_func, mutex_unlock_func);
typedef void *(*gnutls_alloc_function) (size_t);
typedef void *(*gnutls_calloc_function) (size_t, size_t);
void
gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
- gnutls_alloc_function secure_alloc_func,
- gnutls_is_secure_function is_secure_func,
- gnutls_realloc_function realloc_func,
- gnutls_free_function free_func);
+ gnutls_alloc_function secure_alloc_func,
+ gnutls_is_secure_function is_secure_func,
+ gnutls_realloc_function realloc_func,
+ gnutls_free_function free_func);
/* For use in callbacks */
extern gnutls_alloc_function gnutls_malloc;
int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
- const gnutls_datum_t * prime,
- const gnutls_datum_t * generator);
+ const gnutls_datum_t * prime,
+ const gnutls_datum_t * generator);
int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
- const gnutls_datum_t * pkcs3_params,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * pkcs3_params,
+ gnutls_x509_crt_fmt_t format);
int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
- unsigned int bits);
+ unsigned int bits);
int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size);
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
- gnutls_datum_t * prime,
- gnutls_datum_t * generator,
- unsigned int *bits);
+ gnutls_datum_t * prime,
+ gnutls_datum_t * generator,
+ unsigned int *bits);
int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params);
void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params);
int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
- gnutls_rsa_params_t src);
+ gnutls_rsa_params_t src);
int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u);
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
- unsigned int bits);
+ unsigned int bits);
int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- unsigned int *bits);
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ unsigned int *bits);
int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size);
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
- const gnutls_datum_t * pkcs1_params,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * pkcs1_params,
+ gnutls_x509_crt_fmt_t format);
/* Session stuff
*/
typedef struct
{
- void *iov_base; /* Starting address */
- size_t iov_len; /* Number of bytes to transfer */
+ void *iov_base; /* Starting address */
+ size_t iov_len; /* Number of bytes to transfer */
} giovec_t;
typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
- size_t);
+ size_t);
typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
- size_t);
+ size_t);
typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t,
- const giovec_t * iov, int iovcnt);
+ const giovec_t * iov, int iovcnt);
typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
void gnutls_transport_set_ptr (gnutls_session_t session,
- gnutls_transport_ptr_t ptr);
+ gnutls_transport_ptr_t ptr);
void gnutls_transport_set_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t recv_ptr,
- gnutls_transport_ptr_t send_ptr);
+ gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr);
gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
void gnutls_transport_get_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t * recv_ptr,
- gnutls_transport_ptr_t * send_ptr);
+ gnutls_transport_ptr_t * recv_ptr,
+ gnutls_transport_ptr_t * send_ptr);
void gnutls_transport_set_lowat (gnutls_session_t session, int num);
void gnutls_transport_set_push_function2 (gnutls_session_t session,
- gnutls_vec_push_func vec_func);
+ gnutls_vec_push_func vec_func);
void gnutls_transport_set_push_function (gnutls_session_t session,
- gnutls_push_func push_func);
+ gnutls_push_func push_func);
void gnutls_transport_set_pull_function (gnutls_session_t session,
- gnutls_pull_func pull_func);
+ gnutls_pull_func pull_func);
void gnutls_transport_set_errno_function (gnutls_session_t session,
- gnutls_errno_func errno_func);
+ gnutls_errno_func errno_func);
void gnutls_transport_set_errno (gnutls_session_t session, int err);
void gnutls_transport_set_global_errno (int err);
void *gnutls_session_get_ptr (gnutls_session_t session);
void gnutls_openpgp_send_cert (gnutls_session_t session,
- gnutls_openpgp_crt_status_t status);
+ gnutls_openpgp_crt_status_t status);
/* fingerprint
* Actually this function returns the hash of the given data.
*/
int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
- const gnutls_datum_t * data, void *result,
- size_t * result_size);
+ const gnutls_datum_t * data, void *result,
+ size_t * result_size);
/* SRP
gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc);
int
gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t *
- sc);
+ sc);
int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
- const char *username,
- const char *password);
+ const char *username,
+ const char *password);
void
gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc);
int
gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t *
- sc);
+ sc);
int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
- res, const char *password_file,
- const char *password_conf_file);
+ res, const char *password_file,
+ const char *password_conf_file);
const char *gnutls_srp_server_get_username (gnutls_session_t session);
extern void gnutls_srp_set_prime_bits (gnutls_session_t session,
- unsigned int bits);
+ unsigned int bits);
int gnutls_srp_verifier (const char *username,
- const char *password,
- const gnutls_datum_t * salt,
- const gnutls_datum_t * generator,
- const gnutls_datum_t * prime,
- gnutls_datum_t * res);
+ const char *password,
+ const gnutls_datum_t * salt,
+ const gnutls_datum_t * generator,
+ const gnutls_datum_t * prime,
+ gnutls_datum_t * res);
/* The static parameters defined in draft-ietf-tls-srp-05
* Those should be used as input to gnutls_srp_verifier().
extern const gnutls_datum_t gnutls_srp_1024_group_generator;
typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
- const char *username,
- gnutls_datum_t * salt,
- gnutls_datum_t *
- verifier,
- gnutls_datum_t *
- generator,
- gnutls_datum_t * prime);
+ const char *username,
+ gnutls_datum_t * salt,
+ gnutls_datum_t *
+ verifier,
+ gnutls_datum_t *
+ generator,
+ gnutls_datum_t * prime);
void
gnutls_srp_set_server_credentials_function
(gnutls_srp_server_credentials_t cred,
gnutls_srp_server_credentials_function * func);
typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
- char **, char **);
+ char **, char **);
void
gnutls_srp_set_client_credentials_function
(gnutls_srp_client_credentials_t cred,
gnutls_srp_client_credentials_function * func);
int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size);
+ size_t * result_size);
int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
- gnutls_datum_t * result);
+ gnutls_datum_t * result);
int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
- size_t * result_size);
+ size_t * result_size);
int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
- gnutls_datum_t * result);
+ gnutls_datum_t * result);
/* PSK stuff */
typedef struct gnutls_psk_server_credentials_st
gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc);
int
gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t *
- sc);
+ sc);
int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
- const char *username,
- const gnutls_datum_t * key,
- gnutls_psk_key_flags format);
+ const char *username,
+ const gnutls_datum_t * key,
+ gnutls_psk_key_flags format);
void
gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc);
int
gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t *
- sc);
+ sc);
int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
- res, const char *password_file);
+ res, const char *password_file);
int
gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t
- res, const char *hint);
+ res, const char *hint);
const char *gnutls_psk_server_get_username (gnutls_session_t session);
const char *gnutls_psk_client_get_hint (gnutls_session_t session);
typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
- const char *username,
- gnutls_datum_t * key);
+ const char *username,
+ gnutls_datum_t * key);
void
gnutls_psk_set_server_credentials_function
(gnutls_psk_server_credentials_t cred,
gnutls_psk_server_credentials_function * func);
typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
- char **username,
- gnutls_datum_t * key);
+ char **username,
+ gnutls_datum_t * key);
void
gnutls_psk_set_client_credentials_function
(gnutls_psk_client_credentials_t cred,
gnutls_psk_client_credentials_function * func);
int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size);
+ size_t * result_size);
int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
- size_t * result_size);
+ size_t * result_size);
void
gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
- gnutls_dh_params_t dh_params);
+ gnutls_dh_params_t dh_params);
void
gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
- res,
- gnutls_params_function * func);
+ res,
+ gnutls_params_function * func);
/**
* gnutls_x509_subject_alt_name_t:
typedef enum
{
- GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */
- GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */
- GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */
+ GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */
+ GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */
+ GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */
} gnutls_privkey_type_t;
typedef struct gnutls_retr2_st
gnutls_x509_crt_t *x509;
gnutls_openpgp_crt_t pgp;
} cert;
- unsigned int ncerts; /* one for pgp keys */
+ unsigned int ncerts; /* one for pgp keys */
union
{
gnutls_pkcs11_privkey_t pkcs11;
} key;
- unsigned int deinit_all; /* if non zero all keys will be deinited */
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
} gnutls_retr2_st;
int gnutls_dh_get_prime_bits (gnutls_session_t session);
int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
- gnutls_datum_t * raw_prime);
+ gnutls_datum_t * raw_prime);
int gnutls_dh_get_pubkey (gnutls_session_t session,
- gnutls_datum_t * raw_key);
+ gnutls_datum_t * raw_key);
/* RSA */
int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
- gnutls_datum_t * exponent,
- gnutls_datum_t * modulus);
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus);
int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session);
/* X509PKI */
*/
typedef int gnutls_certificate_retrieve_function (gnutls_session_t,
- const
- gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int
- pk_algos_length,
- gnutls_retr2_st *);
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr2_st *);
void gnutls_certificate_set_retrieve_function
typedef int gnutls_certificate_verify_function (gnutls_session_t);
void
gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t
- cred,
- gnutls_certificate_verify_function
- * func);
+ cred,
+ gnutls_certificate_verify_function
+ * func);
void
gnutls_certificate_server_set_request (gnutls_session_t session,
- gnutls_certificate_request_t req);
+ gnutls_certificate_request_t req);
/* get data from the session
*/
const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
- session,
- unsigned int
- *list_size);
+ session,
+ unsigned int
+ *list_size);
const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
- session);
+ session);
time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
int gnutls_certificate_client_get_request_status (gnutls_session_t session);
int gnutls_certificate_verify_peers2 (gnutls_session_t session,
- unsigned int *status);
+ unsigned int *status);
/* this is obsolete (?). */
int gnutls_certificate_verify_peers (gnutls_session_t session);
int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
- char *result, size_t * result_size);
+ char *result, size_t * result_size);
int gnutls_pem_base64_decode (const char *header,
- const gnutls_datum_t * b64_data,
- unsigned char *result, size_t * result_size);
+ const gnutls_datum_t * b64_data,
+ unsigned char *result, size_t * result_size);
int gnutls_pem_base64_encode_alloc (const char *msg,
- const gnutls_datum_t * data,
- gnutls_datum_t * result);
+ const gnutls_datum_t * data,
+ gnutls_datum_t * result);
int gnutls_pem_base64_decode_alloc (const char *header,
- const gnutls_datum_t * b64_data,
- gnutls_datum_t * result);
+ const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result);
/* key_usage will be an OR of the following values:
*/
void
gnutls_certificate_set_params_function (gnutls_certificate_credentials_t
- res,
- gnutls_params_function * func);
+ res,
+ gnutls_params_function * func);
void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
- gnutls_params_function * func);
+ gnutls_params_function * func);
void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
- gnutls_params_function * func);
+ gnutls_params_function * func);
int gnutls_hex2bin (const char *hex_data, size_t hex_size,
- char *bin_data, size_t * bin_size);
+ char *bin_data, size_t * bin_size);
/* Gnutls error codes. The mapping to a TLS alert is also shown in
* comments.
#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
#define GNUTLS_E_LARGE_PACKET -7
-#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
-#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
+#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
+#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
#define GNUTLS_E_INVALID_SESSION -10
#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
-#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
+#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
-#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
+#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
#define GNUTLS_E_UNWANTED_ALGORITHM -22
#define GNUTLS_E_MPI_SCAN_FAILED -23
-#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
+#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
#define GNUTLS_E_MEMORY_ERROR -25
-#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
+#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
#define GNUTLS_E_COMPRESSION_FAILED -27
#define GNUTLS_E_AGAIN -28
#define GNUTLS_E_EXPIRED -29
#define GNUTLS_E_DB_ERROR -30
#define GNUTLS_E_SRP_PWD_ERROR -31
#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
-#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
+#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
-#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
+#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
#define GNUTLS_E_HASH_FAILED -33
#define GNUTLS_E_BASE64_DECODING_ERROR -34
#define GNUTLS_E_MPI_PRINT_FAILED -35
-#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
+#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
#define GNUTLS_E_GOT_APPLICATION_DATA -38
#define GNUTLS_E_RECORD_LIMIT_REACHED -39
#define GNUTLS_E_ENCRYPTION_FAILED -40
#define GNUTLS_E_PK_SIGN_FAILED -46
#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
#define GNUTLS_E_KEY_USAGE_VIOLATION -48
-#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
+#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
#define GNUTLS_E_INVALID_REQUEST -50
#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
#define GNUTLS_E_INTERRUPTED -52
#define GNUTLS_E_PUSH_ERROR -53
#define GNUTLS_E_PULL_ERROR -54
-#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
+#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
#define GNUTLS_E_PKCS1_WRONG_PAD -57
#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
#define GNUTLS_E_CERTIFICATE_ERROR -43
#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
-#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
+#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
#define GNUTLS_E_X509_UNKNOWN_SAN -62
#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
#define GNUTLS_E_INVALID_PASSWORD -99
-#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
+#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
#define GNUTLS_E_CONSTRAINT_ERROR -101
#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
#define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
#define GNUTLS_E_BASE64_ENCODING_ERROR -201
-#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
+#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
#include <gnutls/compat.h>
-#endif /* GNUTLS_H */
+#endif /* GNUTLS_H */
dh_params ();
~dh_params ();
void import_raw (const gnutls_datum_t & prime,
- const gnutls_datum_t & generator);
+ const gnutls_datum_t & generator);
void import_pkcs3 (const gnutls_datum_t & pkcs3_params,
- gnutls_x509_crt_fmt_t format);
+ gnutls_x509_crt_fmt_t format);
void generate (unsigned int bits);
void export_pkcs3 (gnutls_x509_crt_fmt_t format,
- unsigned char *params_data, size_t * params_data_size);
+ unsigned char *params_data, size_t * params_data_size);
void export_raw (gnutls_datum_t & prime, gnutls_datum_t & generator);
gnutls_dh_params_t get_params_t () const;
rsa_params ();
~rsa_params ();
void import_raw (const gnutls_datum_t & m,
- const gnutls_datum_t & e,
- const gnutls_datum_t & d,
- const gnutls_datum_t & p,
- const gnutls_datum_t & q, const gnutls_datum_t & u);
+ const gnutls_datum_t & e,
+ const gnutls_datum_t & d,
+ const gnutls_datum_t & p,
+ const gnutls_datum_t & q, const gnutls_datum_t & u);
void import_pkcs1 (const gnutls_datum_t & pkcs1_params,
- gnutls_x509_crt_fmt_t format);
+ gnutls_x509_crt_fmt_t format);
void generate (unsigned int bits);
void export_pkcs1 (gnutls_x509_crt_fmt_t format,
- unsigned char *params_data, size_t * params_data_size);
+ unsigned char *params_data, size_t * params_data_size);
void export_raw (gnutls_datum_t & m, gnutls_datum_t & e,
- gnutls_datum_t & d, gnutls_datum_t & p,
- gnutls_datum_t & q, gnutls_datum_t & u);
+ gnutls_datum_t & d, gnutls_datum_t & p,
+ gnutls_datum_t & q, gnutls_datum_t & u);
gnutls_rsa_params_t get_params_t () const;
rsa_params & operator= (const rsa_params & src);
gnutls_alert_description_t get_alert () const;
int send_alert (gnutls_alert_level_t level,
- gnutls_alert_description_t desc);
+ gnutls_alert_description_t desc);
int send_appropriate_alert (int err);
gnutls_cipher_algorithm_t get_cipher () const;
size_t check_pending () const;
void prf (size_t label_size, const char *label,
- int server_random_first,
- size_t extra_size, const char *extra,
- size_t outsize, char *out);
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out);
void prf_raw (size_t label_size, const char *label,
- size_t seed_size, const char *seed,
- size_t outsize, char *out);
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out);
void set_cipher_priority (const int *list);
void set_mac_priority (const int *list);
void set_transport_ptr (gnutls_transport_ptr_t ptr);
void set_transport_ptr (gnutls_transport_ptr_t recv_ptr,
- gnutls_transport_ptr_t send_ptr);
+ gnutls_transport_ptr_t send_ptr);
gnutls_transport_ptr_t get_transport_ptr () const;
void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr,
- gnutls_transport_ptr_t & send_ptr) const;
+ gnutls_transport_ptr_t & send_ptr) const;
void set_transport_lowat (size_t num);
void set_transport_push_function (gnutls_push_func push_func);
void get_dh_group (gnutls_datum_t & gen, gnutls_datum_t & prime) const;
void get_dh_pubkey (gnutls_datum_t & raw_key) const;
void get_rsa_export_pubkey (gnutls_datum_t & exponent,
- gnutls_datum_t & modulus) const;
+ gnutls_datum_t & modulus) const;
unsigned int get_rsa_export_modulus_bits () const;
void get_our_certificate (gnutls_datum_t & cert) const;
bool get_peers_certificate (std::vector < gnutls_datum_t >
- &out_certs) const;
+ &out_certs) const;
bool get_peers_certificate (const gnutls_datum_t ** certs,
- unsigned int *certs_size) const;
+ unsigned int *certs_size) const;
time_t get_peers_certificate_activation_time () const;
time_t get_peers_certificate_expiration_time () const;
public:
virtual ~ DB () = 0;
virtual bool store (const gnutls_datum_t & key,
- const gnutls_datum_t & data) = 0;
+ const gnutls_datum_t & data) = 0;
virtual bool retrieve (const gnutls_datum_t & key,
- gnutls_datum_t & data) = 0;
+ gnutls_datum_t & data) = 0;
virtual bool remove (const gnutls_datum_t & key) = 0;
};
const char *get_psk_username () const;
void get_server_name (void *data, size_t * data_length,
- unsigned int *type, unsigned int indx) const;
+ unsigned int *type, unsigned int indx) const;
int rehandshake ();
void set_certificate_request (gnutls_certificate_request_t);
~client_session ();
void set_server_name (gnutls_server_name_type_t type,
- const void *name, size_t name_length);
+ const void *name, size_t name_length);
bool get_request_status ();
};
void set_x509_trust_file (const char *cafile, gnutls_x509_crt_fmt_t type);
void set_x509_trust (const gnutls_datum_t & CA,
- gnutls_x509_crt_fmt_t type);
+ gnutls_x509_crt_fmt_t type);
// FIXME: use classes instead of gnutls_x509_crt_t
void set_x509_trust (gnutls_x509_crt_t * ca_list, int ca_list_size);
void set_x509_crl_file (const char *crlfile, gnutls_x509_crt_fmt_t type);
void set_x509_crl (const gnutls_datum_t & CRL,
- gnutls_x509_crt_fmt_t type);
+ gnutls_x509_crt_fmt_t type);
void set_x509_crl (gnutls_x509_crl_t * crl_list, int crl_list_size);
void set_x509_key_file (const char *certfile, const char *KEYFILE,
- gnutls_x509_crt_fmt_t type);
+ gnutls_x509_crt_fmt_t type);
void set_x509_key (const gnutls_datum_t & CERT,
- const gnutls_datum_t & KEY,
- gnutls_x509_crt_fmt_t type);
+ const gnutls_datum_t & KEY,
+ gnutls_x509_crt_fmt_t type);
// FIXME: use classes
void set_x509_key (gnutls_x509_crt_t * cert_list, int cert_list_size,
- gnutls_x509_privkey_t key);
+ gnutls_x509_privkey_t key);
void set_simple_pkcs12_file (const char *pkcs12file,
- gnutls_x509_crt_fmt_t type,
- const char *password);
+ gnutls_x509_crt_fmt_t type,
+ const char *password);
void set_retrieve_function (gnutls_certificate_retrieve_function * func);
srp_server_credentials ();
~srp_server_credentials ();
void set_credentials_file (const char *password_file,
- const char *password_conf_file);
+ const char *password_conf_file);
void set_credentials_function (gnutls_srp_server_credentials_function *
- func);
+ func);
protected:
gnutls_srp_server_credentials_t cred;
};
~srp_client_credentials ();
void set_credentials (const char *username, const char *password);
void set_credentials_function (gnutls_srp_client_credentials_function *
- func);
+ func);
protected:
gnutls_srp_client_credentials_t cred;
};
~psk_server_credentials ();
void set_credentials_file (const char *password_file);
void set_credentials_function (gnutls_psk_server_credentials_function *
- func);
+ func);
void set_dh_params (const dh_params & params);
void set_params_function (gnutls_params_function * func);
protected:
psk_client_credentials ();
~psk_client_credentials ();
void set_credentials (const char *username, const gnutls_datum_t & key,
- gnutls_psk_key_flags flags);
+ gnutls_psk_key_flags flags);
void set_credentials_function (gnutls_psk_client_credentials_function *
- func);
+ func);
protected:
gnutls_psk_client_credentials_t cred;
};
-} /* namespace */
+} /* namespace */
#endif /* GNUTLSXX_H */
void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
/* The key_usage flags are defined in gnutls.h. They are
* the GNUTLS_KEY_* definitions.
*/
int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
- unsigned int *key_usage);
+ unsigned int *key_usage);
int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
- size_t * fprlen);
+ size_t * fprlen);
int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen);
+ unsigned int idx,
+ void *fpr, size_t * fprlen);
int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
- int idx, char *buf, size_t * sizeof_buf);
+ int idx, char *buf, size_t * sizeof_buf);
gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int *bits);
+ unsigned int *bits);
int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key);
time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid);
+ gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
- const char *hostname);
+ const char *hostname);
int gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid);
+ const gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
- unsigned int idx);
+ unsigned int idx);
gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *bits);
+ unsigned int idx,
+ unsigned int *bits);
time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t
- key, unsigned int idx);
+ key, unsigned int idx);
time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t
- key,
- unsigned int idx);
+ key,
+ unsigned int idx);
int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid);
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *key_usage);
+ unsigned int idx,
+ unsigned int *key_usage);
int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y);
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y);
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid);
+ gnutls_openpgp_keyid_t keyid);
int
gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t
- keyid);
+ const gnutls_openpgp_keyid_t
+ keyid);
/* privkey stuff.
*/
void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key);
gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int *bits);
+ unsigned int *bits);
gnutls_sec_param_t
gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key);
int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags);
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
int gnutls_openpgp_privkey_sign_hash2 (gnutls_openpgp_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
- int gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature);
+ int gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature);
int gnutls_openpgp_privkey_sign_data2 (gnutls_openpgp_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
- void *fpr, size_t * fprlen);
+ void *fpr, size_t * fprlen);
int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
- key, unsigned int idx,
- void *fpr,
- size_t * fprlen);
+ key, unsigned int idx,
+ void *fpr,
+ size_t * fprlen);
int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid);
+ gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid);
+ const gnutls_openpgp_keyid_t
+ keyid);
int
gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
- key, unsigned int idx);
+ key, unsigned int idx);
int gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t
- key);
+ key);
gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t
- key, unsigned int idx,
- unsigned int *bits);
+ key, unsigned int idx,
+ unsigned int *bits);
time_t
gnutls_openpgp_privkey_get_subkey_expiration_time
(gnutls_openpgp_privkey_t key, unsigned int idx);
int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid);
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid);
time_t
gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t
- key, unsigned int idx);
+ key, unsigned int idx);
int
gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t
- pkey, unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
+ pkey, unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t
- pkey, unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
+ pkey, unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size);
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
int
gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid);
+ const gnutls_openpgp_keyid_t
+ keyid);
int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t
- key,
- gnutls_openpgp_keyid_t
- keyid);
+ key,
+ gnutls_openpgp_keyid_t
+ keyid);
int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flag);
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flag);
/* Keyring stuff.
*/
void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring);
int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags);
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags);
int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyring_t keyring,
- unsigned int flags, unsigned int *verify
- /* the output of the verification */ );
+ gnutls_openpgp_keyring_t keyring,
+ unsigned int flags, unsigned int *verify
+ /* the output of the verification */ );
int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
- unsigned int flags,
- unsigned int *verify);
+ unsigned int flags,
+ unsigned int *verify);
int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
- unsigned int idx,
- gnutls_openpgp_crt_t * cert);
+ unsigned int idx,
+ gnutls_openpgp_crt_t * cert);
int gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring);
* otherwise an error code is returned.
*/
typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session,
- const unsigned char *keyfpr,
- unsigned int keyfpr_length,
- gnutls_datum_t * key);
+ const unsigned char *keyfpr,
+ unsigned int keyfpr_length,
+ gnutls_datum_t * key);
void
gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
- gnutls_openpgp_recv_key_func func);
+ gnutls_openpgp_recv_key_func func);
/* certificate authentication stuff.
*/
int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t
- res, gnutls_openpgp_crt_t key,
- gnutls_openpgp_privkey_t pkey);
+ res, gnutls_openpgp_crt_t key,
+ gnutls_openpgp_privkey_t pkey);
int
gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- gnutls_openpgp_crt_fmt_t format);
+ res, const char *certfile,
+ const char *keyfile,
+ gnutls_openpgp_crt_fmt_t format);
int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
- res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_openpgp_crt_fmt_t
- format);
+ res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t
+ format);
int
gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t
- format);
+ res, const char *certfile,
+ const char *keyfile,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t
+ format);
int
gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t
- res, const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format);
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format);
int
gnutls_certificate_set_openpgp_keyring_mem
}
#endif
-#endif /* GNUTLS_OPENPGP_H */
+#endif /* GNUTLS_OPENPGP_H */
* will be increased.
*/
typedef int (*gnutls_pkcs11_token_callback_t) (void *const global_data,
- const char *const label,
- const unsigned retry);
+ const char *const label,
+ const unsigned retry);
/* flags */
typedef enum
} gnutls_pkcs11_pin_flag_t;
typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt,
- const char *token_url,
- const char *token_label,
- unsigned int flags
- /*gnutls_pkcs11_pin_flag_t */ ,
- char *pin, size_t pin_max);
+ const char *token_url,
+ const char *token_label,
+ unsigned int flags
+ /*gnutls_pkcs11_pin_flag_t */ ,
+ char *pin, size_t pin_max);
struct gnutls_pkcs11_obj_st;
typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
-#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
-#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
+#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
+#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
/* pkcs11.conf format:
* load = /lib/xxx-pkcs11.so
int gnutls_pkcs11_init (unsigned int flags, const char *configfile);
void gnutls_pkcs11_deinit (void);
void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
- void *userdata);
+ void *userdata);
void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t callback,
- void *data);
+ void *data);
int gnutls_pkcs11_add_provider (const char *name, const char *params);
int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * certificate);
-#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
typedef enum
{
- GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
- GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
- GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
+ GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
+ GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
+ GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
} gnutls_pkcs11_url_type_t;
int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t);
int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size);
+ void *output_data, size_t * output_data_size);
int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt,
- const char *label, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t crt, const char *label, unsigned int key_usage /*GNUTLS_KEY_* */
- , unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ const char *label, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t crt, const char *label, unsigned int key_usage /*GNUTLS_KEY_* */
+ , unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_copy_secret_key (const char *token_url,
- gnutls_datum_t * key, const char *label,
- unsigned int key_usage /* GNUTLS_KEY_* */ ,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ gnutls_datum_t * key, const char *label,
+ unsigned int key_usage /* GNUTLS_KEY_* */ ,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
typedef enum
{
} gnutls_pkcs11_obj_info_t;
int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size);
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
typedef enum
{
- GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
- GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
- GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
- GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
+ GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
+ GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
+ GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */
} gnutls_pkcs11_obj_attr_t;
/* token info */
int
gnutls_pkcs11_token_init (const char *token_url,
- const char *so_pin, const char *label);
+ const char *so_pin, const char *label);
int
gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
- unsigned long *mechanism);
+ unsigned long *mechanism);
-int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */
+int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */
);
int gnutls_pkcs11_token_get_url (unsigned int seq,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
int gnutls_pkcs11_token_get_info (const char *url, gnutls_pkcs11_token_info_t,
- void *output, size_t * output_size);
+ void *output, size_t * output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1
int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags);
int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
- unsigned int *const n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ unsigned int *const n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
- gnutls_pkcs11_obj_t pkcs11_crt);
+ gnutls_pkcs11_obj_t pkcs11_crt);
int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t
- certificate);
+ certificate);
const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t);
-int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /* must be zero */
+int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /* must be zero */
);
int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key);
void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key);
int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
- unsigned int *bits);
+ unsigned int *bits);
int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t crt,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size);
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size);
int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t key,
- const char *url, unsigned int flags);
+ const char *url, unsigned int flags);
int gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int
gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
int
gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
/** @} */
int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags);
int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
- int indx, gnutls_pkcs12_bag_t bag);
+ int indx, gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass);
int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
- unsigned int flags);
+ unsigned int flags);
/**
* gnutls_pkcs12_bag_type_t:
GNUTLS_BAG_PKCS8_KEY = 2,
GNUTLS_BAG_CERTIFICATE = 3,
GNUTLS_BAG_CRL = 4,
- GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
- * gnutls extension. We use the PKCS-9
- * random nonce ID 1.2.840.113549.1.9.25.3
- * to store randomly generated keys.
- */
+ GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
+ * gnutls extension. We use the PKCS-9
+ * random nonce ID 1.2.840.113549.1.9.25.3
+ * to store randomly generated keys.
+ */
GNUTLS_BAG_ENCRYPTED = 10,
GNUTLS_BAG_UNKNOWN = 20
} gnutls_pkcs12_bag_type_t;
gnutls_pkcs12_bag_type_t
gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx);
int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * data);
+ gnutls_datum_t * data);
int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
- gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * data);
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data);
int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag,
- gnutls_x509_crl_t crl);
+ gnutls_x509_crl_t crl);
int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag,
- gnutls_x509_crt_t crt);
+ gnutls_x509_crt_t crt);
int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * id);
+ gnutls_datum_t * id);
int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
- const gnutls_datum_t * id);
+ const gnutls_datum_t * id);
int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- char **name);
+ char **name);
int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- const char *name);
+ const char *name);
#ifdef __cplusplus
}
#endif
-#endif /* GNUTLS_PKCS12_H */
+#endif /* GNUTLS_PKCS12_H */
int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags);
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * sizeof_buf);
+ size_t * sizeof_buf);
int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid);
+ void *oid, size_t * sizeof_oid);
int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf);
int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * sizeof_buf);
+ size_t * sizeof_buf);
int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid);
+ void *oid, size_t * sizeof_oid);
int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
- const char *hostname);
+ const char *hostname);
int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
- char *sig, size_t * sizeof_sig);
+ char *sig, size_t * sizeof_sig);
int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t
- * hash,
- unsigned int *mand);
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int *mand);
int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size);
+ const void *id, size_t id_size);
int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
- void *ret, size_t * ret_size,
- unsigned int *critical);
+ void *ret, size_t * ret_size,
+ unsigned int *critical);
int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
- void *ret, size_t * ret_size,
- unsigned int *critical);
+ void *ret, size_t * ret_size,
+ unsigned int *critical);
int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * sizeof_buf);
+ size_t * sizeof_buf);
int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * sizeof_buf);
+ size_t * sizeof_buf);
#define GNUTLS_CRL_REASON_UNUSED 128
#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical);
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical);
int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int reason_flags);
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags);
int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data_string,
- unsigned int reason_flags);
+ gnutls_x509_subject_alt_name_t
+ type, const void *data_string,
+ unsigned int reason_flags);
int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
- gnutls_x509_crt_t src);
+ gnutls_x509_crt_t src);
time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
- size_t * result_size);
+ size_t * result_size);
int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
- unsigned int *bits);
+ unsigned int *bits);
int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e);
+ gnutls_datum_t * m, gnutls_datum_t * e);
int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y);
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y);
int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *critical);
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical);
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size);
int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *critical);
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical);
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size);
int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
- unsigned int *critical);
+ unsigned int *critical);
int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *ca, int *pathlen);
+ unsigned int *critical,
+ int *ca, int *pathlen);
/* The key_usage flags are defined in gnutls.h. They are the
* GNUTLS_KEY_* definitions.
*/
int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
- unsigned int *key_usage,
- unsigned int *critical);
+ unsigned int *key_usage,
+ unsigned int *critical);
int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
- unsigned int usage);
+ unsigned int usage);
int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy);
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy, size_t * sizeof_policy);
int gnutls_x509_dn_oid_known (const char *oid);
/* Read extensions by OID. */
int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid);
+ void *oid, size_t * sizeof_oid);
int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- void *buf,
- size_t * sizeof_buf,
- unsigned int *critical);
+ const char *oid, int indx,
+ void *buf,
+ size_t * sizeof_buf,
+ unsigned int *critical);
/* Read extensions by sequence number. */
int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid,
- int *critical);
+ void *oid, size_t * sizeof_oid,
+ int *critical);
int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
- void *data, size_t * sizeof_data);
+ void *data, size_t * sizeof_data);
int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- const void *buf,
- size_t sizeof_buf,
- unsigned int critical);
+ const char *oid,
+ const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical);
/* X.509 Certificate writing.
*/
int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
- unsigned int version);
+ unsigned int version);
int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
- gnutls_x509_privkey_t key);
+ gnutls_x509_privkey_t key);
int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
- unsigned int ca,
- int pathLenConstraint);
+ unsigned int ca,
+ int pathLenConstraint);
int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type,
- const char *data_string);
+ gnutls_x509_subject_alt_name_t
+ type,
+ const char *data_string);
int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int flags);
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int flags);
int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key);
+ gnutls_x509_privkey_t issuer_key);
int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
- time_t act_time);
+ time_t act_time);
int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
- time_t exp_time);
+ time_t exp_time);
int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
- size_t serial_size);
+ size_t serial_size);
int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size);
+ const void *id, size_t id_size);
int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t eecrt,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
+ gnutls_x509_crt_t eecrt,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
- int pathLenConstraint,
- const char *policyLanguage,
- const char *policy, size_t sizeof_policy);
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy, size_t sizeof_policy);
int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
/* Access to internal Certificate fields.
*/
int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * start);
+ gnutls_datum_t * start);
int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * start);
+ gnutls_datum_t * start);
/* RDN handling.
*/
int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
- char *buf, size_t * sizeof_buf);
+ char *buf, size_t * sizeof_buf);
int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
- int indx, void *buf, size_t * sizeof_buf);
+ int indx, void *buf, size_t * sizeof_buf);
int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
typedef void *gnutls_x509_dn_t;
} gnutls_x509_ava_st;
int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
- gnutls_x509_dn_t * dn);
+ gnutls_x509_dn_t * dn);
int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_dn_t * dn);
+ gnutls_x509_dn_t * dn);
int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,
- int iava, gnutls_x509_ava_st * ava);
+ int iava, gnutls_x509_ava_st * ava);
int gnutls_x509_dn_init (gnutls_x509_dn_t * dn);
int gnutls_x509_dn_import (gnutls_x509_dn_t dn,
- const gnutls_datum_t * data);
+ const gnutls_datum_t * data);
int gnutls_x509_dn_export (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size);
void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);
void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
- char *buf, size_t * sizeof_buf);
+ char *buf, size_t * sizeof_buf);
int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
- const char *oid, int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf);
int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid);
+ void *oid, size_t * sizeof_oid);
int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
- char *sig, size_t * sizeof_sig);
+ char *sig, size_t * sizeof_sig);
int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
- unsigned char *serial,
- size_t * serial_size, time_t * t);
+ unsigned char *serial,
+ size_t * serial_size, time_t * t);
#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer);
+ gnutls_x509_crt_t issuer);
/* CRL writing.
*/
int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
- unsigned int version);
+ unsigned int version);
int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key);
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key);
int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
- time_t act_time);
+ time_t act_time);
int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
- time_t exp_time);
+ time_t exp_time);
int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
- const void *serial,
- size_t serial_size,
- time_t revocation_time);
+ const void *serial,
+ size_t serial_size,
+ time_t revocation_time);
int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t crt, time_t revocation_time);
+ gnutls_x509_crt_t crt, time_t revocation_time);
int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size,
- unsigned int *critical);
+ size_t * ret_size,
+ unsigned int *critical);
int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size, unsigned int *critical);
+ size_t * ret_size, unsigned int *critical);
int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid);
+ void *oid, size_t * sizeof_oid);
int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid,
- int *critical);
+ void *oid, size_t * sizeof_oid,
+ int *critical);
int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
- void *data, size_t * sizeof_data);
+ void *data, size_t * sizeof_data);
int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
- const void *id, size_t id_size);
+ const void *id, size_t id_size);
int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
- const void *nr, size_t nr_size);
+ const void *nr, size_t nr_size);
/* PKCS7 structures handling
int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,
- void *certificate, size_t * certificate_size);
+ void *certificate, size_t * certificate_size);
int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * crt);
+ const gnutls_datum_t * crt);
int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *crl, size_t * crl_size);
+ int indx, void *crl, size_t * crl_size);
int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * crl);
+ const gnutls_datum_t * crl);
int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
} gnutls_certificate_verify_flags;
int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
+ gnutls_x509_crt_t issuer);
int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
- int cert_list_length,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length,
- const gnutls_x509_crl_t * CRL_list,
- int CRL_list_length,
- unsigned int flags, unsigned int *verify);
+ int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length,
+ unsigned int flags, unsigned int *verify);
int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify);
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify);
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t *
- crl_list, int crl_list_length);
+ const gnutls_x509_crl_t *
+ crl_list, int crl_list_length);
int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo,
- void *buf, size_t * sizeof_buf);
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * sizeof_buf);
int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
- int indx, void *oid,
- size_t * sizeof_oid,
- unsigned int *critical);
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
- const void *oid,
- unsigned int critical);
+ const void *oid,
+ unsigned int critical);
/* Private key handling.
*/
int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t
- key);
+ key);
int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
- gnutls_x509_privkey_t src);
+ gnutls_x509_privkey_t src);
int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u);
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t * exp1,
- const gnutls_datum_t * exp2);
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * exp1,
+ const gnutls_datum_t * exp2);
int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y,
- const gnutls_datum_t * x);
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x);
int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
- gnutls_pk_algorithm_t algo,
- unsigned int bits, unsigned int flags);
+ gnutls_pk_algorithm_t algo,
+ unsigned int bits, unsigned int flags);
int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u,
- gnutls_datum_t * e1,
- gnutls_datum_t * e2);
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u,
+ gnutls_datum_t * e1,
+ gnutls_datum_t * e2);
int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
/* Signing stuff.
*/
int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- void *signature,
- size_t * signature_size);
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature,
+ size_t * signature_size);
int gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature);
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature);
int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature);
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature);
int gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature);
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature);
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature);
int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash);
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash);
typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
int gnutls_x509_crq_print (gnutls_x509_crq_t crq,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
int gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq,
- gnutls_digest_algorithm_t
- * hash,
- unsigned int *mand);
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int *mand);
int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
- size_t * sizeof_buf);
+ size_t * sizeof_buf);
int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid);
+ void *oid, size_t * sizeof_oid);
int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
- const char *oid,
- unsigned int raw_flag,
- const void *data,
- unsigned int sizeof_data);
+ const char *oid,
+ unsigned int raw_flag,
+ const void *data,
+ unsigned int sizeof_data);
int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
- unsigned int version);
+ unsigned int version);
int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq);
int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
- gnutls_x509_privkey_t key);
+ gnutls_x509_privkey_t key);
int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
- gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key);
int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
- const char *pass);
+ const char *pass);
int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
- char *pass,
- size_t * sizeof_pass);
+ char *pass,
+ size_t * sizeof_pass);
int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, void *buf,
- size_t sizeof_buf);
+ const char *oid, void *buf,
+ size_t sizeof_buf);
int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf);
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf);
int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq);
+ gnutls_x509_crq_t crq);
int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e);
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
- gnutls_x509_subject_alt_name_t nt,
- const void *data,
- unsigned int data_size,
- unsigned int flags);
+ gnutls_x509_subject_alt_name_t nt,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags);
int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq,
- unsigned int usage);
+ unsigned int usage);
int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int ca,
- int pathLenConstraint);
+ unsigned int ca,
+ int pathLenConstraint);
int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
- const void *oid,
- unsigned int critical);
+ const void *oid,
+ unsigned int critical);
int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical);
+ void *oid, size_t * sizeof_oid,
+ unsigned int *critical);
int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data);
+ void *data, size_t * sizeof_data);
int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- int *critical);
+ void *oid, size_t * sizeof_oid,
+ int *critical);
int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data);
+ void *data, size_t * sizeof_data);
int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid);
+ void *oid, size_t * sizeof_oid);
int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
- unsigned int *bits);
+ unsigned int *bits);
int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
+ unsigned char *output_data,
+ size_t * output_data_size);
int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
- unsigned int *key_usage,
- unsigned int *critical);
+ unsigned int *key_usage,
+ unsigned int *critical);
int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int *critical,
- int *ca, int *pathlen);
+ unsigned int *critical,
+ int *ca, int *pathlen);
int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical);
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size);
int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf,
- unsigned int *critical);
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf,
+ unsigned int *critical);
#ifdef __cplusplus
}
#endif
-#endif /* GNUTLS_X509_H */
+#endif /* GNUTLS_X509_H */
**/
void
gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
- mutex_lock_func lock, mutex_unlock_func unlock)
+ mutex_lock_func lock, mutex_unlock_func unlock)
{
if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL)
return;
#define MAX_BLOCK_SIZE 32
typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
- unsigned, uint8_t *, const uint8_t *);
+ unsigned, uint8_t *, const uint8_t *);
typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
- unsigned, uint8_t *, const uint8_t *);
+ unsigned, uint8_t *, const uint8_t *);
typedef void (*setkey_func) (void *, unsigned, const uint8_t *);
static void
stream_encrypt (void *ctx, nettle_crypt_func func, unsigned block_size,
- uint8_t * iv, unsigned length, uint8_t * dst,
- const uint8_t * src)
+ uint8_t * iv, unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
func (ctx, length, dst, src);
}
static void
aes_bidi_setkey (struct aes_bidi_ctx *ctx, unsigned length,
- const uint8_t * key)
+ const uint8_t * key)
{
aes_set_encrypt_key (&ctx->encrypt, length, key);
aes_invert_key (&ctx->decrypt, &ctx->encrypt);
static void
aes_bidi_encrypt (struct aes_bidi_ctx *ctx,
- unsigned length, uint8_t * dst, const uint8_t * src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
aes_encrypt (&ctx->encrypt, length, dst, src);
}
static void
aes_bidi_decrypt (struct aes_bidi_ctx *ctx,
- unsigned length, uint8_t * dst, const uint8_t * src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
aes_decrypt (&ctx->decrypt, length, dst, src);
}
static void
camellia_bidi_setkey (struct camellia_bidi_ctx *ctx, unsigned length,
- const uint8_t * key)
+ const uint8_t * key)
{
camellia_set_encrypt_key (&ctx->encrypt, length, key);
camellia_invert_key (&ctx->decrypt, &ctx->encrypt);
static void
camellia_bidi_encrypt (struct camellia_bidi_ctx *ctx,
- unsigned length, uint8_t * dst, const uint8_t * src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
camellia_crypt (&ctx->encrypt, length, dst, src);
}
static void
camellia_bidi_decrypt (struct camellia_bidi_ctx *ctx,
- unsigned length, uint8_t * dst, const uint8_t * src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
camellia_crypt (&ctx->decrypt, length, dst, src);
}
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
des_fix_parity (keysize, des_key, key);
/* this fails on weak keys */
if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
break;
case GNUTLS_CIPHER_DES_CBC:
if (keysize != DES_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
des_fix_parity (keysize, des_key, key);
if (des_set_key (ctx->ctx_ptr, des_key) != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
static int
wrap_nettle_cipher_decrypt (void *_ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize)
+ void *plain, size_t plainsize)
{
struct nettle_cipher_ctx *ctx = _ctx;
ctx->decrypt (ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv,
- encrsize, plain, encr);
+ encrsize, plain, encr);
return 0;
}
static int
wrap_nettle_cipher_encrypt (void *_ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize)
+ void *encr, size_t encrsize)
{
struct nettle_cipher_ctx *ctx = _ctx;
ctx->encrypt (ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv,
- plainsize, encr, plain);
+ plainsize, encr, plain);
return 0;
}
{
nwritten = write (fd, buf, nleft);
if (nwritten < 0)
- {
- if (errno == EINTR)
- continue;
- return -1;
- }
+ {
+ if (errno == EINTR)
+ continue;
+ return -1;
+ }
nleft -= nwritten;
buf = (char *) buf + nwritten;
}
do
{
do
- {
- n = read (fd, (char *) buf + nread, nbytes);
- }
+ {
+ n = read (fd, (char *) buf + nread, nbytes);
+ }
while (n == -1 && errno == EINTR);
if (n == -1)
- return nread ? nread : -1;
+ return nread ? nread : -1;
if (n == 0)
- return -1;
+ return -1;
nread += n;
nbytes -= n;
}
do
{
if (stat (egd_names[i], &st) != 0)
- continue;
+ continue;
if (st.st_mode & S_IFSOCK)
- { /* found */
- return egd_names[i];
- }
+ { /* found */
+ return egd_names[i];
+ }
}
while (egd_names[++i] != NULL);
addr.sun_family = AF_LOCAL;
strcpy (addr.sun_path, name);
addr_len = (offsetof (struct sockaddr_un, sun_path)
- + strlen (addr.sun_path));
+ + strlen (addr.sun_path));
fd = socket (AF_LOCAL, SOCK_STREAM, 0);
if (fd == -1)
{
_gnutls_debug_log ("can't create unix domain socket: %s\n",
- strerror (errno));
+ strerror (errno));
return -1;
}
else if (connect (fd, (struct sockaddr *) &addr, addr_len) == -1)
{
_gnutls_debug_log ("can't connect to EGD socket `%s': %s\n",
- name, strerror (errno));
+ name, strerror (errno));
close (fd);
fd = -1;
}
nbytes = length < 255 ? length : 255;
/* First time we do it with a non blocking request */
- buffer[0] = 1; /* non blocking */
+ buffer[0] = 1; /* non blocking */
buffer[1] = nbytes;
if (do_write (*fd, buffer, 2) == -1)
{
n = do_read (*fd, buffer, n);
if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
+ {
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
+ do_restart = 1;
+ goto restart;
+ }
if (n > length)
- {
- _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
- n = length;
- }
+ {
+ _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
memcpy (output, buffer, n);
output += n;
{
nbytes = length < 255 ? length : 255;
- buffer[0] = 2; /* blocking */
+ buffer[0] = 2; /* blocking */
buffer[1] = nbytes;
if (do_write (*fd, buffer, 2) == -1)
- _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
+ _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
n = do_read (*fd, buffer, nbytes);
if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
+ {
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
+ do_restart = 1;
+ goto restart;
+ }
if (n > length)
- {
- _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
- n = length;
- }
+ {
+ _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
memcpy (output, buffer, n);
output += n;
length -= n;
}
- return _length; /* success */
+ return _length; /* success */
}
static int
wrap_nettle_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
- gnutls_bigint_format_t format)
+ gnutls_bigint_format_t format)
{
unsigned int size;
mpz_t *p = (void *) a;
static bigint_t
wrap_nettle_mpi_scan (const void *buffer, size_t nbytes,
- gnutls_bigint_format_t format)
+ gnutls_bigint_format_t format)
{
bigint_t r = wrap_nettle_mpi_new (nbytes * 8);
size_t size;
if (nbytes < 3)
- {
- gnutls_assert ();
- goto fail;
- }
+ {
+ gnutls_assert ();
+ goto fail;
+ }
size = (buf[0] << 8) | buf[1];
size = (size + 7) / 8;
if (size > nbytes - 2)
- {
- gnutls_assert ();
- goto fail;
- }
+ {
+ gnutls_assert ();
+ goto fail;
+ }
nettle_mpz_set_str_256_u (TOMPZ (r), size, buf + 2);
}
else
static bigint_t
wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
static bigint_t
wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
static bigint_t
wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
static bigint_t
wrap_nettle_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+ const bigint_t m)
{
if (w == NULL)
w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
return 0;
}
- return GNUTLS_E_INTERNAL_ERROR; /* ignored */
+ return GNUTLS_E_INTERNAL_ERROR; /* ignored */
}
_gnutls_debug_log
("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n",
nbits, q_bytes * 8);
- buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */
+ buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */
if (buffer == NULL)
{
gnutls_assert ();
{
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes);
if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
+ {
+ gnutls_assert ();
+ goto fail;
+ }
nettle_mpz_set_str_256_u (q, q_bytes, buffer);
/* always odd */
ret = mpz_probab_prime_p (q, PRIME_CHECK_PARAM);
if (ret > 0)
- {
- break;
- }
+ {
+ break;
+ }
}
/* now generate w of size p_bytes - q_bytes */
{
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
nettle_mpz_set_str_256_u (w, w_bytes, buffer);
/* always odd */
ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);
if (ret == 0)
- {
- continue;
- }
+ {
+ continue;
+ }
/* check if 2wq+1 is prime */
mpz_mul_ui (*prime, w, 2);
ret = mpz_probab_prime_p (*prime, PRIME_CHECK_PARAM);
if (ret > 0)
- {
- break;
- }
+ {
+ break;
+ }
}
_gnutls_debug_log ("Found prime w of %u bits. Looking for generator...\n",
- wrap_nettle_mpi_get_nbits (&w));
+ wrap_nettle_mpi_get_nbits (&w));
/* finally a prime! Let calculate generator
*/
*/
r_bytes = p_bytes;
- mpz_mul_ui (w, w, 2); /* w = w*2 */
+ mpz_mul_ui (w, w, 2); /* w = w*2 */
mpz_fdiv_r (w, w, *prime);
for (;;)
{
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, r_bytes);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
nettle_mpz_set_str_256_u (q, r_bytes, buffer);
mpz_fdiv_r (q, q, *prime);
mpz_powm (*generator, q, w, *prime);
if (mpz_cmp_ui (*generator, 1) == 0)
- continue;
+ continue;
else
- break;
+ break;
}
_gnutls_debug_log ("Found generator g of %u bits\n",
- wrap_nettle_mpi_get_nbits (generator));
+ wrap_nettle_mpi_get_nbits (generator));
_gnutls_debug_log ("Prime n is of %u bits\n",
- wrap_nettle_mpi_get_nbits (prime));
+ wrap_nettle_mpi_get_nbits (prime));
mpz_clear (q);
mpz_clear (w);
static void
_dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
- struct dsa_public_key *pub)
+ struct dsa_public_key *pub)
{
memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t));
memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t));
static void
_dsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
- struct dsa_private_key *pub)
+ struct dsa_private_key *pub)
{
memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t));
}
static void
_rsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
- struct rsa_private_key *priv)
+ struct rsa_private_key *priv)
{
memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t));
memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t));
static int
_wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pk_params)
+ gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pk_params)
{
int ret;
{
case GNUTLS_PK_RSA:
{
- bigint_t p;
+ bigint_t p;
- if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ ,
- TOMPZ (pk_params->params[0] /*m */ ));
+ mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ ,
+ TOMPZ (pk_params->params[0] /*m */ ));
- ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size);
- _gnutls_mpi_release (&p);
+ ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size);
+ _gnutls_mpi_release (&p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
- break;
+ break;
}
default:
gnutls_assert ();
}
r = _gnutls_mpi_randomize (NULL, _gnutls_mpi_get_nbits (n),
- GNUTLS_RND_NONCE);
+ GNUTLS_RND_NONCE);
if (r == NULL)
{
gnutls_assert ();
static int
_wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * pk_params)
+ gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * pk_params)
{
int ret;
{
case GNUTLS_PK_RSA:
{
- struct rsa_private_key priv;
- bigint_t c, ri, nc;
+ struct rsa_private_key priv;
+ bigint_t c, ri, nc;
- if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- nc = rsa_blind (c, pk_params->params[1] /*e */ ,
- pk_params->params[0] /*m */ , &ri);
- _gnutls_mpi_release (&c);
- if (nc == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ nc = rsa_blind (c, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
+ _gnutls_mpi_release (&c);
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- rsa_private_key_init (&priv);
- _rsa_params_to_privkey (pk_params, &priv);
+ rsa_private_key_init (&priv);
+ _rsa_params_to_privkey (pk_params, &priv);
- rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
+ rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
- rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
+ rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
- ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size);
+ ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size);
- _gnutls_mpi_release (&nc);
- _gnutls_mpi_release (&ri);
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&ri);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
- break;
+ break;
}
default:
gnutls_assert ();
*/
static int
_wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * signature,
- const gnutls_datum_t * vdata,
- const gnutls_pk_params_st * pk_params)
+ gnutls_datum_t * signature,
+ const gnutls_datum_t * vdata,
+ const gnutls_pk_params_st * pk_params)
{
int ret, hash;
case GNUTLS_PK_DSA:
{
- struct dsa_public_key pub;
- struct dsa_private_key priv;
- struct dsa_signature sig;
-
- dsa_public_key_init (&pub);
- dsa_private_key_init (&priv);
- _dsa_params_to_pubkey (pk_params, &pub);
- _dsa_params_to_privkey (pk_params, &priv);
-
- dsa_signature_init (&sig);
-
- hash = _gnutls_dsa_q_to_hash (pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len (hash))
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret =
- _dsa_sign (&pub, &priv, NULL, rnd_func,
- vdata->size, vdata->data, &sig);
- if (ret == 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+ struct dsa_signature sig;
+
+ dsa_public_key_init (&pub);
+ dsa_private_key_init (&priv);
+ _dsa_params_to_pubkey (pk_params, &pub);
+ _dsa_params_to_privkey (pk_params, &priv);
+
+ dsa_signature_init (&sig);
+
+ hash = _gnutls_dsa_q_to_hash (pub.q);
+ if (vdata->size != _gnutls_hash_get_algo_len (hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret =
+ _dsa_sign (&pub, &priv, NULL, rnd_func,
+ vdata->size, vdata->data, &sig);
+ if (ret == 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
dsa_fail:
- dsa_signature_clear (&sig);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
+ dsa_signature_clear (&sig);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
}
case GNUTLS_PK_RSA:
{
- struct rsa_private_key priv;
- bigint_t hash, nc, ri;
+ struct rsa_private_key priv;
+ bigint_t hash, nc, ri;
- if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- rsa_private_key_init (&priv);
- _rsa_params_to_privkey (pk_params, &priv);
+ rsa_private_key_init (&priv);
+ _rsa_params_to_privkey (pk_params, &priv);
- nc = rsa_blind (hash, pk_params->params[1] /*e */ ,
- pk_params->params[0] /*m */ , &ri);
+ nc = rsa_blind (hash, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
- _gnutls_mpi_release (&hash);
+ _gnutls_mpi_release (&hash);
- if (nc == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
+ rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
- rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
+ rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
- ret = _gnutls_mpi_dprint (nc, signature);
- _gnutls_mpi_release (&nc);
- _gnutls_mpi_release (&ri);
+ ret = _gnutls_mpi_dprint (nc, signature);
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&ri);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
- break;
+ break;
}
default:
gnutls_assert ();
static int
_int_rsa_verify (const gnutls_pk_params_st * pk_params,
- bigint_t m, bigint_t s)
+ bigint_t m, bigint_t s)
{
int res;
mpz_init (m1);
mpz_powm (m1, TOMPZ (s), TOMPZ (pk_params->params[1]),
- TOMPZ (pk_params->params[0]));
+ TOMPZ (pk_params->params[0]));
res = !mpz_cmp (TOMPZ (m), m1);
static int
_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
- const gnutls_datum_t * vdata,
- const gnutls_datum_t * signature,
- const gnutls_pk_params_st * pk_params)
+ const gnutls_datum_t * vdata,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pk_params)
{
int ret, hash;
bigint_t tmp[2] = { NULL, NULL };
{
case GNUTLS_PK_DSA:
{
- struct dsa_public_key pub;
- struct dsa_signature sig;
-
- ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- dsa_public_key_init (&pub);
- _dsa_params_to_pubkey (pk_params, &pub);
- memcpy (&sig.r, tmp[0], sizeof (sig.r));
- memcpy (&sig.s, tmp[1], sizeof (sig.s));
-
- hash = _gnutls_dsa_q_to_hash (pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len (hash))
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- goto dsa_fail;
- }
-
- ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig);
- if (ret == 0)
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- else
- ret = 0;
+ struct dsa_public_key pub;
+ struct dsa_signature sig;
+
+ ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ dsa_public_key_init (&pub);
+ _dsa_params_to_pubkey (pk_params, &pub);
+ memcpy (&sig.r, tmp[0], sizeof (sig.r));
+ memcpy (&sig.s, tmp[1], sizeof (sig.s));
+
+ hash = _gnutls_dsa_q_to_hash (pub.q);
+ if (vdata->size != _gnutls_hash_get_algo_len (hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ goto dsa_fail;
+ }
+
+ ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig);
+ if (ret == 0)
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ else
+ ret = 0;
dsa_fail:
- _gnutls_mpi_release (&tmp[0]);
- _gnutls_mpi_release (&tmp[1]);
- break;
+ _gnutls_mpi_release (&tmp[0]);
+ _gnutls_mpi_release (&tmp[1]);
+ break;
}
case GNUTLS_PK_RSA:
{
- bigint_t hash;
-
- if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _int_rsa_verify (pk_params, hash, tmp[0]);
- _gnutls_mpi_release (&tmp[0]);
- _gnutls_mpi_release (&hash);
- break;
+ bigint_t hash;
+
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _int_rsa_verify (pk_params, hash, tmp[0]);
+ _gnutls_mpi_release (&tmp[0]);
+ _gnutls_mpi_release (&hash);
+ break;
}
default:
gnutls_assert ();
static int
wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
- unsigned int level /*bits */ ,
- gnutls_pk_params_st * params)
+ unsigned int level /*bits */ ,
+ gnutls_pk_params_st * params)
{
int ret, i;
int q_bits;
case GNUTLS_PK_DSA:
{
- struct dsa_public_key pub;
- struct dsa_private_key priv;
-
- dsa_public_key_init (&pub);
- dsa_private_key_init (&priv);
-
- /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
- * but we do NIST DSA here */
- if (level <= 1024)
- q_bits = 160;
- else
- q_bits = 256;
-
- ret =
- dsa_generate_keypair (&pub, &priv, NULL,
- rnd_func, NULL, NULL, level, q_bits);
- if (ret != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- params->params_nr = 0;
- for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
- {
- params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
- if (params->params[i] == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- dsa_private_key_clear (&priv);
- dsa_public_key_clear (&pub);
- goto fail;
- }
- params->params_nr++;
- }
- _gnutls_mpi_set (params->params[0], pub.p);
- _gnutls_mpi_set (params->params[1], pub.q);
- _gnutls_mpi_set (params->params[2], pub.g);
- _gnutls_mpi_set (params->params[3], pub.y);
- _gnutls_mpi_set (params->params[4], priv.x);
-
- dsa_private_key_clear (&priv);
- dsa_public_key_clear (&pub);
-
- break;
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+
+ dsa_public_key_init (&pub);
+ dsa_private_key_init (&priv);
+
+ /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
+ * but we do NIST DSA here */
+ if (level <= 1024)
+ q_bits = 160;
+ else
+ q_bits = 256;
+
+ ret =
+ dsa_generate_keypair (&pub, &priv, NULL,
+ rnd_func, NULL, NULL, level, q_bits);
+ if (ret != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
+ {
+ params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
+ if (params->params[i] == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ dsa_private_key_clear (&priv);
+ dsa_public_key_clear (&pub);
+ goto fail;
+ }
+ params->params_nr++;
+ }
+ _gnutls_mpi_set (params->params[0], pub.p);
+ _gnutls_mpi_set (params->params[1], pub.q);
+ _gnutls_mpi_set (params->params[2], pub.g);
+ _gnutls_mpi_set (params->params[3], pub.y);
+ _gnutls_mpi_set (params->params[4], priv.x);
+
+ dsa_private_key_clear (&priv);
+ dsa_public_key_clear (&pub);
+
+ break;
}
case GNUTLS_PK_RSA:
{
- struct rsa_public_key pub;
- struct rsa_private_key priv;
-
- rsa_public_key_init (&pub);
- rsa_private_key_init (&priv);
-
- _gnutls_mpi_set_ui (&pub.e, 65537);
-
- ret =
- rsa_generate_keypair (&pub, &priv, NULL,
- rnd_func, NULL, NULL, level, 0);
- if (ret != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- params->params_nr = 0;
- for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
- {
- params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
- if (params->params[i] == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- rsa_private_key_clear (&priv);
- rsa_public_key_clear (&pub);
- goto fail;
- }
- params->params_nr++;
-
- }
- _gnutls_mpi_set (params->params[0], pub.n);
- _gnutls_mpi_set (params->params[1], pub.e);
- _gnutls_mpi_set (params->params[2], priv.d);
- _gnutls_mpi_set (params->params[3], priv.p);
- _gnutls_mpi_set (params->params[4], priv.q);
- _gnutls_mpi_set (params->params[5], priv.c);
- _gnutls_mpi_set (params->params[6], priv.a);
- _gnutls_mpi_set (params->params[7], priv.b);
- rsa_private_key_clear (&priv);
- rsa_public_key_clear (&pub);
-
- break;
+ struct rsa_public_key pub;
+ struct rsa_private_key priv;
+
+ rsa_public_key_init (&pub);
+ rsa_private_key_init (&priv);
+
+ _gnutls_mpi_set_ui (&pub.e, 65537);
+
+ ret =
+ rsa_generate_keypair (&pub, &priv, NULL,
+ rnd_func, NULL, NULL, level, 0);
+ if (ret != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
+ {
+ params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
+ if (params->params[i] == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ rsa_private_key_clear (&priv);
+ rsa_public_key_clear (&pub);
+ goto fail;
+ }
+ params->params_nr++;
+
+ }
+ _gnutls_mpi_set (params->params[0], pub.n);
+ _gnutls_mpi_set (params->params[1], pub.e);
+ _gnutls_mpi_set (params->params[2], priv.d);
+ _gnutls_mpi_set (params->params[3], priv.p);
+ _gnutls_mpi_set (params->params[4], priv.q);
+ _gnutls_mpi_set (params->params[5], priv.c);
+ _gnutls_mpi_set (params->params[6], priv.a);
+ _gnutls_mpi_set (params->params[7], priv.b);
+ rsa_private_key_clear (&priv);
+ rsa_public_key_clear (&pub);
+
+ break;
}
default:
gnutls_assert ();
static int
wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo,
- gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+ gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
{
int result;
* keys were as old.
*/
mpz_invert (TOMPZ (params->params[5]),
- TOMPZ (params->params[4]), TOMPZ (params->params[3]));
+ TOMPZ (params->params[4]), TOMPZ (params->params[3]));
/* calculate exp1 [6] and exp2 [7] */
_gnutls_mpi_release (¶ms->params[6]);
result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS - 2);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
params->params_nr = RSA_PRIVATE_PARAMS;
}
}
return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
- sizeof (event), (const uint8_t *) &event);
+ sizeof (event), (const uint8_t *) &event);
}
static int
int old;
if (!CryptAcquireContext
- (&device_fd, NULL, NULL, PROV_RSA_FULL,
- CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
- {
- _gnutls_debug_log ("error in CryptAcquireContext!\n");
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ (&device_fd, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
+ {
+ _gnutls_debug_log ("error in CryptAcquireContext!\n");
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
device_last_read = now;
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
}
if ((device_fd != NULL)
uint8_t buf[DEVICE_READ_SIZE_MAX];
if (!CryptGenRandom (device_fd, (DWORD) read_size, buf))
- {
- _gnutls_debug_log ("Error in CryptGenRandom: %s\n",
- GetLastError ());
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ _gnutls_debug_log ("Error in CryptGenRandom: %s\n",
+ GetLastError ());
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
device_last_read = now;
return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
- read_size * 8 /
- 2 /* we trust the system RNG */ ,
- read_size, buf);
+ read_size * 8 /
+ 2 /* we trust the system RNG */ ,
+ read_size, buf);
}
return 0;
}
event.count = trivia_time_count++;
if (event.now.tv_sec != trivia_previous_time)
- {
- /* Count one bit of entropy if we either have more than two
- * invocations in one second, or more than two seconds
- * between invocations. */
- if ((trivia_time_count > 2)
- || ((event.now.tv_sec - trivia_previous_time) > 2))
- entropy++;
-
- trivia_time_count = 0;
- }
+ {
+ /* Count one bit of entropy if we either have more than two
+ * invocations in one second, or more than two seconds
+ * between invocations. */
+ if ((trivia_time_count > 2)
+ || ((event.now.tv_sec - trivia_previous_time) > 2))
+ entropy++;
+
+ trivia_time_count = 0;
+ }
}
trivia_previous_time = event.now.tv_sec;
event.pid = getpid ();
return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
- sizeof (event), (const uint8_t *) &event);
+ sizeof (event), (const uint8_t *) &event);
}
static int
device_fd = open ("/dev/urandom", O_RDONLY);
if (device_fd < 0)
- {
- _gnutls_debug_log ("Cannot open urandom!\n");
- return GNUTLS_E_FILE_ERROR;
- }
+ {
+ _gnutls_debug_log ("Cannot open urandom!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
old = fcntl (device_fd, F_GETFD);
fcntl (device_fd, F_SETFD, old | 1);
device_last_read = now;
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
}
if ((device_fd > 0)
uint32_t done;
for (done = 0; done < read_size;)
- {
- int res;
- do
- res = read (device_fd, buf + done, sizeof (buf) - done);
- while (res < 0 && errno == EINTR);
-
- if (res <= 0)
- {
- if (res < 0)
- {
- _gnutls_debug_log ("Failed to read /dev/urandom: %s\n",
- strerror (errno));
- }
- else
- {
- _gnutls_debug_log
- ("Failed to read /dev/urandom: end of file\n");
- }
-
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- done += res;
- }
+ {
+ int res;
+ do
+ res = read (device_fd, buf + done, sizeof (buf) - done);
+ while (res < 0 && errno == EINTR);
+
+ if (res <= 0)
+ {
+ if (res < 0)
+ {
+ _gnutls_debug_log ("Failed to read /dev/urandom: %s\n",
+ strerror (errno));
+ }
+ else
+ {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: end of file\n");
+ }
+
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ done += res;
+ }
device_last_read = now;
return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
- read_size * 8 / 2 /* we trust the RNG */ ,
- read_size, buf);
+ read_size * 8 / 2 /* we trust the RNG */ ,
+ read_size, buf);
}
return 0;
}
{
device_fd = _rndegd_connect_socket ();
if (device_fd < 0)
- {
- _gnutls_debug_log ("Cannot open egd socket!\n");
- return GNUTLS_E_FILE_ERROR;
- }
+ {
+ _gnutls_debug_log ("Cannot open egd socket!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
device_last_read = now;
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
}
if ((device_fd > 0)
uint32_t done;
for (done = 0; done < read_size;)
- {
- int res;
- res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done);
- if (res <= 0)
- {
- if (res < 0)
- {
- _gnutls_debug_log ("Failed to read egd.\n");
- }
- else
- {
- _gnutls_debug_log ("Failed to read egd: end of file\n");
- }
-
- return GNUTLS_E_INTERNAL_ERROR;
- }
- done += res;
- }
+ {
+ int res;
+ res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done);
+ if (res <= 0)
+ {
+ if (res < 0)
+ {
+ _gnutls_debug_log ("Failed to read egd.\n");
+ }
+ else
+ {
+ _gnutls_debug_log ("Failed to read egd: end of file\n");
+ }
+
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ done += res;
+ }
device_last_read = now;
return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, read_size * 8 / 2,
- read_size, buf);
+ read_size, buf);
}
return 0;
}
do_source = do_device_source_urandom;
ret = do_source (init);
if (ret < 0)
- {
- do_source = do_device_source_egd;
- ret = do_source (init);
- }
+ {
+ do_source = do_device_source_egd;
+ ret = do_source (init);
+ }
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
return ret;
}
*out++ = b64chars[in[0] >> 2];
fragment = (in[0] << 4) & 0x30;
if (len > 1)
- fragment |= in[1] >> 4;
+ fragment |= in[1] >> 4;
*out++ = b64chars[fragment];
*out++ = (len < 2) ? '=' : b64chars[(in[1] << 2) & 0x3c];
*out++ = '=';
{
digit1 = in[0];
if (digit1 > 127 || b64val (digit1) == BAD)
- {
- gnutls_assert ();
- return -1;
- }
+ {
+ gnutls_assert ();
+ return -1;
+ }
digit2 = in[1];
if (digit2 > 127 || b64val (digit2) == BAD)
- {
- gnutls_assert ();
- return -1;
- }
+ {
+ gnutls_assert ();
+ return -1;
+ }
digit3 = in[2];
if (digit3 > 127 || ((digit3 != '=') && (b64val (digit3) == BAD)))
- {
- gnutls_assert ();
- return -1;
- }
+ {
+ gnutls_assert ();
+ return -1;
+ }
digit4 = in[3];
if (digit4 > 127 || ((digit4 != '=') && (b64val (digit4) == BAD)))
- {
- gnutls_assert ();
- return -1;
- }
+ {
+ gnutls_assert ();
+ return -1;
+ }
in += 4;
/* digits are already sanity-checked */
*out++ = (b64val (digit1) << 2) | (b64val (digit2) >> 4);
len++;
if (digit3 != '=')
- {
- *out++ = ((b64val (digit2) << 4) & 0xf0) | (b64val (digit3) >> 2);
- len++;
- if (digit4 != '=')
- {
- *out++ = ((b64val (digit3) << 6) & 0xc0) | b64val (digit4);
- len++;
- }
- }
+ {
+ *out++ = ((b64val (digit2) << 4) & 0xf0) | (b64val (digit3) >> 2);
+ len++;
+ if (digit4 != '=')
+ {
+ *out++ = ((b64val (digit3) << 6) & 0xc0) | b64val (digit4);
+ len++;
+ }
+ }
}
while (*in && digit4 != '=');
{
nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nread || nread == -1)
- break;
+ break;
if (nread == 1 && !cdk_stream_eof (inp)
- && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0)
- {
- base64_decode (plain, buf);
- if (!(*plain & 0x80))
- break;
- pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf);
- if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo)
- {
- _gnutls_buffers_log ("armor compressed (algo=%d)\n",
- *(plain + 1));
- *r_zipalgo = *(plain + 1);
- }
- break;
- }
+ && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0)
+ {
+ base64_decode (plain, buf);
+ if (!(*plain & 0x80))
+ break;
+ pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf);
+ if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo)
+ {
+ _gnutls_buffers_log ("armor compressed (algo=%d)\n",
+ *(plain + 1));
+ *r_zipalgo = *(plain + 1);
+ }
+ break;
+ }
}
return 0;
}
{
buf[nread] = '\0';
if (strstr (buf, "-----BEGIN PGP"))
- {
- compress_get_algo (inp, r_zipalgo);
- check = 1;
- }
+ {
+ compress_get_algo (inp, r_zipalgo);
+ check = 1;
+ }
cdk_stream_seek (inp, 0);
}
return check;
if (!(ctb & 0x80))
{
gnutls_assert ();
- return 1; /* invalid packet: assume it is armored */
+ return 1; /* invalid packet: assume it is armored */
}
pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb >> 2) & 0xf);
switch (pkttype)
case CDK_PKT_SIGNATURE:
case CDK_PKT_LITERAL:
case CDK_PKT_COMPRESSED:
- return 0; /* seems to be a regular packet: not armored */
+ return 0; /* seems to be a regular packet: not armored */
}
return 1;
}
{
nread = fread (raw, 1, DIM (raw) - 1, in);
if (!nread)
- break;
+ break;
if (ferror (in))
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
+ {
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
afx->crc = update_crc (afx->crc, (byte *) raw, nread);
base64_encode (buf, (byte *) raw, nread, DIM (buf) - 1);
fprintf (out, "%s%s", buf, lf);
zipalgo = 0;
c = cdk_stream_getc (inp);
if (c == EOF)
- return 0; /* EOF, doesn't matter whether armored or not */
+ return 0; /* EOF, doesn't matter whether armored or not */
cdk_stream_seek (inp, 0);
check = is_armored (c);
if (check)
{
check = check_armor (inp, &zipalgo);
if (zipalgo)
- _cdk_stream_set_compress_algo (inp, zipalgo);
+ _cdk_stream_set_compress_algo (inp, zipalgo);
}
return check;
}
for (i = 0; (s = array[i]); i++)
{
if (!strncmp (s, buf + 5, strlen (s)))
- return i;
+ return i;
}
return -1;
}
{
s = fgets (buf, DIM (buf) - 1, in);
if (!s)
- break;
+ break;
afx->idx = search_header (buf, armor_begin);
if (afx->idx >= 0)
- pgp_data = 1;
+ pgp_data = 1;
}
if (feof (in) || !pgp_data)
{
gnutls_assert ();
- return CDK_Armor_Error; /* no data found */
+ return CDK_Armor_Error; /* no data found */
}
/* Parse header until the empty line is reached */
{
s = fgets (buf, DIM (buf) - 1, in);
if (!s)
- return CDK_EOF;
+ return CDK_EOF;
if (strlen (s) == strlen (LF))
- {
- rc = 0;
- break; /* empty line */
- }
+ {
+ rc = 0;
+ break; /* empty line */
+ }
/* From RFC2440: OpenPGP should consider improperly formatted Armor
Headers to be corruption of the ASCII Armor. A colon and a single
space separate the key and value. */
if (!strstr (buf, ": "))
- {
- gnutls_assert ();
- return CDK_Armor_Error;
- }
+ {
+ gnutls_assert ();
+ return CDK_Armor_Error;
+ }
rc = CDK_General_Error;
for (i = 0; (s = valid_headers[i]); i++)
- {
- if (!strncmp (s, buf, strlen (s)))
- rc = 0;
- }
+ {
+ if (!strncmp (s, buf, strlen (s)))
+ rc = 0;
+ }
if (rc)
- {
- /* From RFC2440: Unknown keys should be reported to the user,
- but OpenPGP should continue to process the message. */
- _cdk_log_info ("unknown header: `%s'\n", buf);
- rc = 0;
- }
+ {
+ /* From RFC2440: Unknown keys should be reported to the user,
+ but OpenPGP should continue to process the message. */
+ _cdk_log_info ("unknown header: `%s'\n", buf);
+ rc = 0;
+ }
}
/* Read the data body */
{
s = fgets (buf, DIM (buf) - 1, in);
if (!s)
- break;
+ break;
buf[strlen (buf) - strlen (LF)] = '\0';
if (buf[0] == '=' && strlen (s) == 5)
- { /* CRC */
- memset (crcbuf, 0, sizeof (crcbuf));
- base64_decode (crcbuf, buf + 1);
- crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2];
- break; /* stop here */
- }
+ { /* CRC */
+ memset (crcbuf, 0, sizeof (crcbuf));
+ base64_decode (crcbuf, buf + 1);
+ crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2];
+ break; /* stop here */
+ }
else
- {
- nread = base64_decode (raw, buf);
- if (nread == -1 || nread == 0)
- break;
- afx->crc = update_crc (afx->crc, raw, nread);
- fwrite (raw, 1, nread, out);
- }
+ {
+ nread = base64_decode (raw, buf);
+ if (nread == -1 || nread == 0)
+ break;
+ afx->crc = update_crc (afx->crc, raw, nread);
+ fwrite (raw, 1, nread, out);
+ }
}
/* Search the tail of the message */
rc = CDK_General_Error;
afx->idx2 = search_header (buf, armor_end);
if (afx->idx2 >= 0)
- rc = 0;
+ rc = 0;
}
/* This catches error when no tail was found or the header is
if (!afx->crc_okay && !rc)
{
_gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n",
- (unsigned int) crc2, (unsigned int) afx->crc);
+ (unsigned int) crc2, (unsigned int) afx->crc);
rc = CDK_Armor_CRC_Error;
}
cdk_stream_set_armor_flag (out, CDK_ARMOR_MESSAGE);
if (hd->opt.compress)
rc = cdk_stream_set_compress_flag (out, hd->compress.algo,
- hd->compress.level);
+ hd->compress.level);
if (!rc)
rc = cdk_stream_set_literal_flag (out, 0, file);
if (!rc)
rc = cdk_stream_set_literal_flag (inp, 0, NULL);
zipalgo = cdk_stream_is_compressed (inp);
if (zipalgo)
- rc = cdk_stream_set_compress_flag (inp, zipalgo, 0);
+ rc = cdk_stream_set_compress_flag (inp, zipalgo, 0);
if (!rc)
- rc = cdk_stream_set_armor_flag (inp, 0);
+ rc = cdk_stream_set_armor_flag (inp, 0);
if (!rc)
- rc = cdk_stream_kick_off (inp, out);
+ rc = cdk_stream_kick_off (inp, out);
if (!rc)
- rc = _cdk_stream_get_errno (inp);
+ rc = _cdk_stream_get_errno (inp);
}
cdk_stream_close (inp);
{
armor_filter_t *afx = data;
if (afx)
- {
- _gnutls_buffers_log ("free armor filter\n");
- afx->idx = afx->idx2 = 0;
- afx->crc = afx->crc_okay = 0;
- return 0;
- }
+ {
+ _gnutls_buffers_log ("free armor filter\n");
+ afx->idx = afx->idx2 = 0;
+ afx->crc = afx->crc_okay = 0;
+ return 0;
+ }
}
gnutls_assert ();
**/
cdk_error_t
cdk_armor_encode_buffer (const byte * inbuf, size_t inlen,
- char *outbuf, size_t outlen,
- size_t * nwritten, int type)
+ char *outbuf, size_t outlen,
+ size_t * nwritten, int type)
{
const char *head, *tail, *le;
byte tempbuf[48];
for (off = 0; off < inlen;)
{
if (rest > 48)
- {
- memcpy (tempbuf, inbuf + off, 48);
- off += 48;
- len = 48;
- }
+ {
+ memcpy (tempbuf, inbuf + off, 48);
+ off += 48;
+ len = 48;
+ }
else
- {
- memcpy (tempbuf, inbuf + off, rest);
- off += rest;
- len = rest;
- }
+ {
+ memcpy (tempbuf, inbuf + off, rest);
+ off += rest;
+ len = rest;
+ }
rest -= len;
base64_encode (tempout, tempbuf, len, DIM (tempout) - 1);
memcpy (outbuf + pos, tempout, strlen (tempout));
int algo;
int keylen;
int use_mdc;
- byte key[32]; /* 256-bit */
+ byte key[32]; /* 256-bit */
};
struct cdk_strlist_s
cdk_error_t
_cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
- const char *output, cdk_stream_t outstream,
- digest_hd_st * md)
+ const char *output, cdk_stream_t outstream,
+ digest_hd_st * md)
{
return 0;
}
typedef struct
{
- const char *le; /* line endings */
+ const char *le; /* line endings */
const char *hdrlines;
u32 crc;
int crc_okay;
typedef struct
{
cdk_lit_format_t mode;
- char *orig_filename; /* This original name of the input file. */
+ char *orig_filename; /* This original name of the input file. */
char *filename;
digest_hd_st md;
int md_initialized;
byte inbuf[8192];
size_t outbufsize;
byte outbuf[8192];
- int algo; /* compress algo */
+ int algo; /* compress algo */
int level;
} compress_filter_t;
/*-- compress.c --*/
cdk_error_t _cdk_filter_compress (void *opaque, int ctl,
- FILE * in, FILE * out);
+ FILE * in, FILE * out);
#endif /* CDK_FILTERS_H */
{
err = _gnutls_hash_init (&mfx->md, mfx->digest_algo);
if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
+ {
+ gnutls_assert ();
+ return map_gnutls_error (err);
+ }
mfx->md_initialized = 1;
}
{
nread = fread (buf, 1, BUFSIZE, in);
if (!nread)
- break;
+ break;
_gnutls_hash (&mfx->md, buf, nread);
}
{
md_filter_t *mfx = data;
if (mfx)
- {
- _cdk_log_debug ("free hash filter\n");
- _gnutls_hash_deinit (&mfx->md, NULL);
- mfx->md_initialized = 0;
- return 0;
- }
+ {
+ _cdk_log_debug ("free hash filter\n");
+ _gnutls_hash_deinit (&mfx->md, NULL);
+ mfx->md_initialized = 0;
+ return 0;
+ }
}
gnutls_assert ();
{
n2 = node->next;
if (!node->is_cloned)
- cdk_pkt_release (node->pkt);
+ cdk_pkt_release (node->pkt);
cdk_free (node);
node = n2;
}
**/
void
cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype)
+ cdk_packet_type_t pkttype)
{
if (!pkttype)
{
cdk_kbnode_t n1;
for (n1 = root; n1->next; n1 = n1->next)
- if (pkttype != n1->next->pkt->pkttype)
- {
- node->next = n1->next;
- n1->next = node;
- return;
- }
+ if (pkttype != n1->next->pkt->pkttype)
+ {
+ node->next = n1->next;
+ n1->next = node;
+ return;
+ }
/* No such packet, append */
node->next = NULL;
n1->next = node;
**/
cdk_kbnode_t
cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype)
+ cdk_packet_type_t pkttype)
{
cdk_kbnode_t n1;
for (n1 = NULL; root && root != node; root = root->next)
{
if (!pkttype || root->pkt->pkttype == pkttype)
- n1 = root;
+ n1 = root;
}
return n1;
}
for (node = node->next; node; node = node->next)
{
if (!pkttype)
- return node;
+ return node;
else if (pkttype == CDK_PKT_USER_ID &&
- (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY))
- return NULL;
+ (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
else if (pkttype == CDK_PKT_SIGNATURE &&
- (node->pkt->pkttype == CDK_PKT_USER_ID ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY))
- return NULL;
+ (node->pkt->pkttype == CDK_PKT_USER_ID ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
else if (node->pkt->pkttype == pkttype)
- return node;
+ return node;
}
return NULL;
}
for (; node; node = node->next)
{
if (node->pkt->pkttype == pkttype)
- return node;
+ return node;
}
return NULL;
}
do
{
if (!*ctx)
- {
- *ctx = root;
- n = root;
- }
+ {
+ *ctx = root;
+ n = root;
+ }
else
- {
- n = (*ctx)->next;
- *ctx = n;
- }
+ {
+ n = (*ctx)->next;
+ *ctx = n;
+ }
}
while (!all && n && n->is_deleted);
return n;
for (n = *root, nl = NULL; n; n = nl->next)
{
if (n->is_deleted)
- {
- if (n == *root)
- *root = nl = n->next;
- else
- nl->next = n->next;
- if (!n->is_cloned)
- cdk_pkt_release (n->pkt);
- cdk_free (n);
- changed = 1;
- }
+ {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release (n->pkt);
+ cdk_free (n);
+ changed = 1;
+ }
else
- nl = n;
+ nl = n;
}
return changed;
}
for (n = *root, nl = NULL; n; n = nl->next)
{
if (n == node)
- {
- if (n == *root)
- *root = nl = n->next;
- else
- nl->next = n->next;
- if (!n->is_cloned)
- cdk_pkt_release (n->pkt);
- cdk_free (n);
- }
+ {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release (n->pkt);
+ cdk_free (n);
+ }
else
- nl = n;
+ nl = n;
}
}
for (prev = *root; prev && prev->next != node; prev = prev->next)
;
if (!prev)
- return; /* Node is not in the list */
+ return; /* Node is not in the list */
if (!where)
- { /* Move node before root */
+ { /* Move node before root */
if (node == *root)
- return;
+ return;
prev->next = node->next;
node->next = *root;
*root = node;
return;
}
- if (node == where) /* Move it after where. */
+ if (node == where) /* Move it after where. */
return;
tmp = node->next;
node->next = where->next;
**/
cdk_error_t
cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
- const byte * buf, size_t buflen)
+ const byte * buf, size_t buflen)
{
cdk_stream_t inp;
cdk_error_t rc;
*/
cdk_error_t
cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
- byte ** r_buf, size_t * r_buflen)
+ byte ** r_buf, size_t * r_buflen)
{
cdk_kbnode_t n;
cdk_stream_t s;
{
/* Skip all packets which cannot occur in a key composition. */
if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SIGNATURE &&
- n->pkt->pkttype != CDK_PKT_USER_ID &&
- n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
- continue;
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
rc = cdk_pkt_write (s, n->pkt);
if (rc)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return rc;
- }
+ {
+ cdk_stream_close (s);
+ gnutls_assert ();
+ return rc;
+ }
}
cdk_stream_seek (s, 0);
{
/* Skip all packets which cannot occur in a key composition. */
if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SIGNATURE &&
- n->pkt->pkttype != CDK_PKT_USER_ID &&
- n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
- continue;
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
rc = cdk_pkt_write (s, n->pkt);
if (rc)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return rc;
- }
+ {
+ cdk_stream_close (s);
+ gnutls_assert ();
+ return rc;
+ }
}
cdk_stream_seek (s, 0);
len = cdk_stream_get_length (s);
if (!buf)
{
- *r_nbytes = len; /* Only return the length of the buffer */
+ *r_nbytes = len; /* Only return the length of the buffer */
cdk_stream_close (s);
return 0;
}
**/
cdk_error_t
cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
- cdk_packet_type_t pkttype, int flags)
+ cdk_packet_type_t pkttype, int flags)
{
cdk_packet_t pkt;
{
pkt = cdk_kbnode_find_packet (node, pkttype);
if (!pkt)
- {
- gnutls_assert ();
- return CDK_Inv_Packet;
- }
+ {
+ gnutls_assert ();
+ return CDK_Inv_Packet;
+ }
}
switch (pkttype)
rc = cdk_pkt_read (inp, pkt);
if (rc)
- {
- _cdk_log_debug ("index build failed packet off=%lu\n", pos);
- /* FIXME: The index is incomplete */
- break;
- }
+ {
+ _cdk_log_debug ("index build failed packet off=%lu\n", pos);
+ /* FIXME: The index is incomplete */
+ break;
+ }
if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- _cdk_u32tobuf (pos, buf);
- cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
- _cdk_u32tobuf (keyid[0], buf + 4);
- _cdk_u32tobuf (keyid[1], buf + 8);
- cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12);
- cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN);
- }
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ {
+ _cdk_u32tobuf (pos, buf);
+ cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
+ _cdk_u32tobuf (keyid[0], buf + 4);
+ _cdk_u32tobuf (keyid[1], buf + 8);
+ cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12);
+ cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN);
+ }
cdk_pkt_free (pkt);
}
{
dbs->idx_name = keydb_idx_mkname (db->name);
if (!dbs->idx_name)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
}
rc = keydb_idx_build (db->name);
if (!rc)
while (!cdk_stream_eof (inp))
{
if (cdk_stream_read (inp, buf, 4) == CDK_EOF)
- break;
+ break;
idx->offset = _cdk_buftou32 (buf);
cdk_stream_read (inp, buf, 4);
idx->keyid[0] = _cdk_buftou32 (buf);
static cdk_error_t
keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
- off_t * r_off)
+ off_t * r_off)
{
key_idx_t idx;
while (keydb_idx_parse (inp, &idx) != CDK_EOF)
{
if (keyid && KEYID_CMP (keyid, idx->keyid))
- {
- *r_off = idx->offset;
- break;
- }
+ {
+ *r_off = idx->offset;
+ break;
+ }
else if (fpr && !memcmp (idx->fpr, fpr, KEY_FPR_LEN))
- {
- *r_off = idx->offset;
- break;
- }
+ {
+ *r_off = idx->offset;
+ break;
+ }
cdk_free (idx);
idx = NULL;
}
*/
cdk_error_t
cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret,
- const void *data, size_t datlen)
+ const void *data, size_t datlen)
{
cdk_keydb_hd_t db;
cdk_error_t rc;
case CDK_DBTYPE_PK_KEYRING:
case CDK_DBTYPE_SK_KEYRING:
return cdk_keydb_new_from_file (r_hd, type == CDK_DBTYPE_SK_KEYRING,
- (const char *) data);
+ (const char *) data);
case CDK_DBTYPE_DATA:
return cdk_keydb_new_from_mem (r_hd, 0, data, count);
cdk_stream_seek (kr, 0);
}
else if (hd->type == CDK_DBTYPE_PK_KEYRING ||
- hd->type == CDK_DBTYPE_SK_KEYRING)
+ hd->type == CDK_DBTYPE_SK_KEYRING)
{
rc = cdk_stream_open (hd->name, &kr);
if (rc)
- goto leave;
+ goto leave;
if (cdk_armor_filter_use (kr))
- cdk_stream_set_armor_flag (kr, 0);
+ cdk_stream_set_armor_flag (kr, 0);
}
else
{
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- _cdk_pkt_get_keyid (node->pkt, keyid);
- switch (ks->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- if (keyid[1] == ks->u.keyid[1])
- return 1;
- break;
-
- case CDK_DBSEARCH_KEYID:
- if (KEYID_CMP (keyid, ks->u.keyid))
- return 1;
- break;
-
- default:
- _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type);
- return 0;
- }
- }
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ _cdk_pkt_get_keyid (node->pkt, keyid);
+ switch (ks->type)
+ {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ if (keyid[1] == ks->u.keyid[1])
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP (keyid, ks->u.keyid))
+ return 1;
+ break;
+
+ default:
+ _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type);
+ return 0;
+ }
+ }
}
return 0;
}
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- _cdk_pkt_get_fingerprint (node->pkt, fpr);
- if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN))
- return 1;
- break;
- }
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ _cdk_pkt_get_fingerprint (node->pkt, fpr);
+ if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN))
+ return 1;
+ break;
+ }
}
return 0;
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype != CDK_PKT_USER_ID)
- continue;
+ continue;
if (node->pkt->pkt.user_id->attrib_img != NULL)
- continue; /* Skip attribute packets. */
+ continue; /* Skip attribute packets. */
uidlen = node->pkt->pkt.user_id->len;
name = node->pkt->pkt.user_id->name;
switch (ks->type)
- {
- case CDK_DBSEARCH_EXACT:
- if (name &&
- (strlen (ks->u.pattern) == uidlen &&
- !strncmp (ks->u.pattern, name, uidlen)))
- return 1;
- break;
-
- case CDK_DBSEARCH_SUBSTR:
- if (uidlen > 65536)
- break;
- if (name && strlen (ks->u.pattern) > uidlen)
- break;
- if (name && _cdk_memistr (name, uidlen, ks->u.pattern))
- return 1;
- break;
-
- default: /* Invalid mode */
- return 0;
- }
+ {
+ case CDK_DBSEARCH_EXACT:
+ if (name &&
+ (strlen (ks->u.pattern) == uidlen &&
+ !strncmp (ks->u.pattern, name, uidlen)))
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (uidlen > 65536)
+ break;
+ if (name && strlen (ks->u.pattern) > uidlen)
+ break;
+ if (name && _cdk_memistr (name, uidlen, ks->u.pattern))
+ return 1;
+ break;
+
+ default: /* Invalid mode */
+ return 0;
+ }
}
return 0;
}
for (t = cache; t; t = t->next)
{
switch (desc->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- if (KEYID_CMP (desc->u.keyid, desc->u.keyid))
- return t;
- break;
-
- case CDK_DBSEARCH_EXACT:
- if (strlen (desc->u.pattern) == strlen (desc->u.pattern) &&
- !strcmp (desc->u.pattern, desc->u.pattern))
- return t;
- break;
-
- case CDK_DBSEARCH_SUBSTR:
- if (strstr (desc->u.pattern, desc->u.pattern))
- return t;
- break;
-
- case CDK_DBSEARCH_FPR:
- if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
- return t;
- break;
- }
+ {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP (desc->u.keyid, desc->u.keyid))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ if (strlen (desc->u.pattern) == strlen (desc->u.pattern) &&
+ !strcmp (desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (strstr (desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
+ return t;
+ break;
+ }
}
return NULL;
key_table_t k;
if (dbs->ncache > KEYDB_CACHE_ENTRIES)
- return 0; /* FIXME: we should replace the last entry. */
+ return 0; /* FIXME: we should replace the last entry. */
k = cdk_calloc (1, sizeof *k);
if (!k)
{
dbs->cache = k;
dbs->ncache++;
_cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset,
- (int) dbs->type);
+ (int) dbs->type);
return 0;
}
{
rc = keydb_idx_build (db->name);
if (!rc)
- rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
+ rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
if (!rc)
- {
- _cdk_log_debug ("create key index table\n");
- }
+ {
+ _cdk_log_debug ("create key index table\n");
+ }
else
- {
- /* This is no real error, it just means we can't create
- the index at the given directory. maybe we've no write
- access. in this case, we simply disable the index. */
- _cdk_log_debug ("disable key index table err=%d\n", rc);
- rc = 0;
- dbs->no_cache = 1;
- }
+ {
+ /* This is no real error, it just means we can't create
+ the index at the given directory. maybe we've no write
+ access. in this case, we simply disable the index. */
+ _cdk_log_debug ("disable key index table err=%d\n", rc);
+ rc = 0;
+ dbs->no_cache = 1;
+ }
}
leave:
**/
cdk_error_t
cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type,
- void *desc)
+ void *desc)
{
u32 *keyid;
char *p, tmp[3];
cdk_free ((*st)->u.pattern);
(*st)->u.pattern = cdk_strdup (desc);
if (!(*st)->u.pattern)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
+ {
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
break;
case CDK_DBSEARCH_SHORT_KEYID:
/* Override the type with the actual db search type. */
(*st)->type = classify_data (desc, strlen (desc));
switch ((*st)->type)
- {
- case CDK_DBSEARCH_SUBSTR:
- case CDK_DBSEARCH_EXACT:
- cdk_free ((*st)->u.pattern);
- p = (*st)->u.pattern = cdk_strdup (desc);
- if (!p)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- break;
-
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- p = desc;
- if (!strncmp (p, "0x", 2))
- p += 2;
- if (strlen (p) == 8)
- {
- (*st)->u.keyid[0] = 0;
- (*st)->u.keyid[1] = strtoul (p, NULL, 16);
- }
- else if (strlen (p) == 16)
- {
- (*st)->u.keyid[0] = strtoul (p, NULL, 16);
- (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16);
- }
- else
- { /* Invalid key ID object. */
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- break;
-
- case CDK_DBSEARCH_FPR:
- p = desc;
- if (strlen (p) != 2 * KEY_FPR_LEN)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- for (i = 0; i < KEY_FPR_LEN; i++)
- {
- tmp[0] = p[2 * i];
- tmp[1] = p[2 * i + 1];
- tmp[2] = 0x00;
- (*st)->u.fpr[i] = strtoul (tmp, NULL, 16);
- }
- break;
- }
+ {
+ case CDK_DBSEARCH_SUBSTR:
+ case CDK_DBSEARCH_EXACT:
+ cdk_free ((*st)->u.pattern);
+ p = (*st)->u.pattern = cdk_strdup (desc);
+ if (!p)
+ {
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ break;
+
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ p = desc;
+ if (!strncmp (p, "0x", 2))
+ p += 2;
+ if (strlen (p) == 8)
+ {
+ (*st)->u.keyid[0] = 0;
+ (*st)->u.keyid[1] = strtoul (p, NULL, 16);
+ }
+ else if (strlen (p) == 16)
+ {
+ (*st)->u.keyid[0] = strtoul (p, NULL, 16);
+ (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16);
+ }
+ else
+ { /* Invalid key ID object. */
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ p = desc;
+ if (strlen (p) != 2 * KEY_FPR_LEN)
+ {
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ for (i = 0; i < KEY_FPR_LEN; i++)
+ {
+ tmp[0] = p[2 * i];
+ tmp[1] = p[2 * i + 1];
+ tmp[2] = 0x00;
+ (*st)->u.fpr[i] = strtoul (tmp, NULL, 16);
+ }
+ break;
+ }
break;
default:
static cdk_error_t
keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
- int *r_cache_hit, off_t * r_off)
+ int *r_cache_hit, off_t * r_off)
{
key_table_t c;
if (ks->idx)
{
if (ks->type == CDK_DBSEARCH_KEYID)
- {
- if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off))
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- _cdk_log_debug ("cache: found keyid entry in idx table.\n");
- *r_cache_hit = 1;
- }
+ {
+ if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off))
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug ("cache: found keyid entry in idx table.\n");
+ *r_cache_hit = 1;
+ }
else if (ks->type == CDK_DBSEARCH_FPR)
- {
- if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off))
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- _cdk_log_debug ("cache: found fpr entry in idx table.\n");
- *r_cache_hit = 1;
- }
+ {
+ if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off))
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug ("cache: found fpr entry in idx table.\n");
+ *r_cache_hit = 1;
+ }
}
return 0;
**/
cdk_error_t
cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
- cdk_kbnode_t * ret_key)
+ cdk_kbnode_t * ret_key)
{
cdk_stream_t kr;
cdk_kbnode_t knode;
and continue our normal search procedure. */
rc = keydb_pos_from_cache (hd, st, &cache_hit, &off);
if (rc)
- cache_hit = 0;
+ cache_hit = 0;
}
knode = NULL;
while (!key_found && !rc)
{
if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
- cdk_stream_seek (kr, off);
+ cdk_stream_seek (kr, off);
else if (st->type == CDK_DBSEARCH_NEXT)
- cdk_stream_seek (kr, st->off);
+ cdk_stream_seek (kr, st->off);
pos = cdk_stream_tell (kr);
rc = cdk_keydb_get_keyblock (kr, &knode);
if (rc)
- {
- if (rc == CDK_EOF)
- break;
- else
- {
- gnutls_assert ();
- return rc;
- }
- }
+ {
+ if (rc == CDK_EOF)
+ break;
+ else
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ }
switch (st->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- key_found = find_by_keyid (knode, st);
- break;
-
- case CDK_DBSEARCH_FPR:
- key_found = find_by_fpr (knode, st);
- break;
-
- case CDK_DBSEARCH_EXACT:
- case CDK_DBSEARCH_SUBSTR:
- key_found = find_by_pattern (knode, st);
- break;
-
- case CDK_DBSEARCH_NEXT:
- st->off = cdk_stream_tell (kr);
- key_found = knode ? 1 : 0;
- break;
- }
+ {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ key_found = find_by_keyid (knode, st);
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ key_found = find_by_fpr (knode, st);
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ case CDK_DBSEARCH_SUBSTR:
+ key_found = find_by_pattern (knode, st);
+ break;
+
+ case CDK_DBSEARCH_NEXT:
+ st->off = cdk_stream_tell (kr);
+ key_found = knode ? 1 : 0;
+ break;
+ }
if (key_found)
- {
- if (!keydb_cache_find (st))
- keydb_cache_add (st, pos);
- break;
- }
+ {
+ if (!keydb_cache_find (st))
+ keydb_cache_add (st, pos);
+ break;
+ }
cdk_kbnode_release (knode);
knode = NULL;
cdk_error_t
cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, const byte * fpr,
- cdk_kbnode_t * r_key)
+ cdk_kbnode_t * r_key)
{
cdk_error_t rc;
cdk_keydb_search_t st;
cdk_error_t
cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
- cdk_kbnode_t * ret_key)
+ cdk_kbnode_t * ret_key)
{
cdk_error_t rc;
cdk_keydb_search_t st;
is_sk = 0;
}
else if (pkt->pkttype == CDK_PKT_SECRET_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
{
pk = pkt->pkt.secret_key->pk;
is_sk = 1;
}
- else /* No key object. */
+ else /* No key object. */
return 0;
valid = !pk->is_revoked && !pk->has_expired;
if (is_sk)
for (n = root; n; n = n->next)
{
if (n->pkt->pkttype != pkttype)
- continue;
+ continue;
if (keydb_check_key (n->pkt))
- return n;
+ return n;
}
return NULL;
for (node = root; node; node = node->next)
{
if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- && keydb_check_key (node->pkt)
- && (node->pkt->pkt.public_key->pubkey_usage & req_usage))
- {
- if (node->pkt->pkt.public_key->timestamp > timestamp)
- key = node;
- }
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ && keydb_check_key (node->pkt)
+ && (node->pkt->pkt.public_key->pubkey_usage & req_usage))
+ {
+ if (node->pkt->pkt.public_key->timestamp > timestamp)
+ key = node;
+ }
if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- && keydb_check_key (node->pkt)
- && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage))
- {
- if (node->pkt->pkt.secret_key->pk->timestamp > timestamp)
- key = node;
- }
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ && keydb_check_key (node->pkt)
+ && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage))
+ {
+ if (node->pkt->pkt.secret_key->pk->timestamp > timestamp)
+ key = node;
+ }
}
return key;
for (node = root; node; node = node->next)
{
if (!_cdk_pkt_get_keyid (node->pkt, kid))
- continue;
+ continue;
if (search_mode == CDK_DBSEARCH_SHORT_KEYID && kid[1] == keyid[1])
- return node;
+ return node;
else if (kid[0] == keyid[0] && kid[1] == keyid[1])
- return node;
+ return node;
}
return NULL;
}
cdk_error_t
_cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_seckey_t * ret_sk, int usage)
+ cdk_seckey_t * ret_sk, int usage)
{
cdk_kbnode_t knode = NULL;
cdk_kbnode_t node, sk_node, pk_node;
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype == CDK_PKT_USER_ID)
- {
- s = node->pkt->pkt.user_id->name;
- if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name))
- {
- _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id);
- break;
- }
- }
+ {
+ s = node->pkt->pkt.user_id->name;
+ if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name))
+ {
+ _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id);
+ break;
+ }
+ }
}
/* To find the self signature, we need the primary public key because
cdk_error_t
_cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pubkey_t * ret_pk, int usage)
+ cdk_pubkey_t * ret_pk, int usage)
{
cdk_kbnode_t knode, node, pk_node;
cdk_pkt_pubkey_t pk;
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype == CDK_PKT_USER_ID)
- {
- s = node->pkt->pkt.user_id->name;
- if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name))
- {
- _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id);
- break;
- }
- }
+ {
+ s = node->pkt->pkt.user_id->name;
+ if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name))
+ {
+ _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id);
+ break;
+ }
+ }
}
/* Same as in the sk code, the selected key can be a sub key
for (n = key; n; n = n->next)
{
if (is_selfsig (n, keyid) && n->pkt->pkt.signature->timestamp > ts)
- {
- ts = n->pkt->pkt.signature->timestamp;
- sig = n;
- }
+ {
+ ts = n->pkt->pkt.signature->timestamp;
+ sig = n;
+ }
}
return sig;
{
unsigned key_usage = 0;
- if (usage & 0x01) /* cert + sign data */
+ if (usage & 0x01) /* cert + sign data */
key_usage |= CDK_KEY_USG_CERT_SIGN;
- if (usage & 0x02) /* cert + sign data */
+ if (usage & 0x02) /* cert + sign data */
key_usage |= CDK_KEY_USG_DATA_SIGN;
- if (usage & 0x04) /* encrypt comm. + storage */
+ if (usage & 0x04) /* encrypt comm. + storage */
key_usage |= CDK_KEY_USG_COMM_ENCR;
- if (usage & 0x08) /* encrypt comm. + storage */
+ if (usage & 0x08) /* encrypt comm. + storage */
key_usage |= CDK_KEY_USG_STORAGE_ENCR;
- if (usage & 0x10) /* encrypt comm. + storage */
+ if (usage & 0x10) /* encrypt comm. + storage */
key_usage |= CDK_KEY_USG_SPLIT_KEY;
if (usage & 0x20)
key_usage |= CDK_KEY_USG_AUTH;
- if (usage & 0x80) /* encrypt comm. + storage */
+ if (usage & 0x80) /* encrypt comm. + storage */
key_usage |= CDK_KEY_USG_SHARED_KEY;
return key_usage;
for (node = key; node; node = node->next)
{
if (!is_selfsig (node, keyid))
- continue;
+ continue;
unode = cdk_kbnode_find_prev (key, node, CDK_PKT_USER_ID);
if (!unode)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
uid = unode->pkt->pkt.user_id;
sig = node->pkt->pkt.signature;
s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PRIMARY_UID);
if (s)
- uid->is_primary = 1;
+ uid->is_primary = 1;
s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_FEATURES);
if (s && s->size == 1 && s->d[0] & 0x01)
- uid->mdc_feature = 1;
+ uid->mdc_feature = 1;
s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
if (s && s->size == 4)
- key_expire = _cdk_buftou32 (s->d);
+ key_expire = _cdk_buftou32 (s->d);
s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
if (s)
- {
- symalg = s->d;
- nsymalg = s->size;
- n += s->size + 1;
- }
+ {
+ symalg = s->d;
+ nsymalg = s->size;
+ n += s->size + 1;
+ }
s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
if (s)
- {
- hashalg = s->d;
- nhashalg = s->size;
- n += s->size + 1;
- }
+ {
+ hashalg = s->d;
+ nhashalg = s->size;
+ n += s->size + 1;
+ }
s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
if (s)
- {
- compalg = s->d;
- ncompalg = s->size;
- n += s->size + 1;
- }
+ {
+ compalg = s->d;
+ ncompalg = s->size;
+ n += s->size + 1;
+ }
if (uid->prefs != NULL)
- cdk_free (uid->prefs);
+ cdk_free (uid->prefs);
if (!n || !hashalg || !compalg || !symalg)
- uid->prefs = NULL;
+ uid->prefs = NULL;
else
- {
- uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1));
- if (!uid->prefs)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- n = 0;
- for (; nsymalg; nsymalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_SYM;
- uid->prefs[n].value = *symalg++;
- }
- for (; nhashalg; nhashalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_HASH;
- uid->prefs[n].value = *hashalg++;
- }
- for (; ncompalg; ncompalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_ZIP;
- uid->prefs[n].value = *compalg++;
- }
-
- uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
- uid->prefs[n].value = 0;
- uid->prefs_size = n;
- }
+ {
+ uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1));
+ if (!uid->prefs)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ n = 0;
+ for (; nsymalg; nsymalg--, n++)
+ {
+ uid->prefs[n].type = CDK_PREFTYPE_SYM;
+ uid->prefs[n].value = *symalg++;
+ }
+ for (; nhashalg; nhashalg--, n++)
+ {
+ uid->prefs[n].type = CDK_PREFTYPE_HASH;
+ uid->prefs[n].value = *hashalg++;
+ }
+ for (; ncompalg; ncompalg--, n++)
+ {
+ uid->prefs[n].type = CDK_PREFTYPE_ZIP;
+ uid->prefs[n].value = *compalg++;
+ }
+
+ uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
+ uid->prefs[n].value = 0;
+ uid->prefs_size = n;
+ }
}
/* Now we add the extracted information to the primary key. */
{
cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
if (uid && uid->prefs && n)
- {
- if (pk->prefs != NULL)
- cdk_free (pk->prefs);
- pk->prefs = _cdk_copy_prefs (uid->prefs);
- pk->prefs_size = n;
- }
+ {
+ if (pk->prefs != NULL)
+ cdk_free (pk->prefs);
+ pk->prefs = _cdk_copy_prefs (uid->prefs);
+ pk->prefs_size = n;
+ }
if (key_expire)
- {
- pk->expiredate = pk->timestamp + key_expire;
- pk->has_expired = pk->expiredate > (u32) time (NULL) ? 0 : 1;
- }
+ {
+ pk->expiredate = pk->timestamp + key_expire;
+ pk->has_expired = pk->expiredate > (u32) time (NULL) ? 0 : 1;
+ }
pk->is_invalid = 0;
}
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype == CDK_PKT_USER_ID)
- node->pkt->pkt.user_id->is_revoked = 0;
+ node->pkt->pkt.user_id->is_revoked = 0;
else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- node->pkt->pkt.public_key->is_revoked = 0;
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_revoked = 0;
}
kb = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype == CDK_PKT_SIGNATURE)
- {
- sig = node->pkt->pkt.signature;
- /* Revocation certificates for primary keys */
- if (sig->sig_class == 0x20)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
- if (kb)
- {
- kb->pkt->pkt.public_key->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Revocation certificates for subkeys */
- else if (sig->sig_class == 0x28)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
- if (kb)
- {
- kb->pkt->pkt.public_key->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Revocation certifcates for user ID's */
- else if (sig->sig_class == 0x30)
- {
- if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1])
- continue; /* revokes an earlier signature, no userID. */
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID);
- if (kb)
- {
- kb->pkt->pkt.user_id->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Direct certificates for primary keys */
- else if (sig->sig_class == 0x1F)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
- if (kb)
- {
- pk = kb->pkt->pkt.public_key;
- pk->is_invalid = 0;
- s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s)
- {
- expiredate = _cdk_buftou32 (s->d);
- pk->expiredate = pk->timestamp + expiredate;
- pk->has_expired = pk->expiredate > curtime ? 0 : 1;
- }
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Direct certificates for subkeys */
- else if (sig->sig_class == 0x18)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
- if (kb)
- {
- pk = kb->pkt->pkt.public_key;
- pk->is_invalid = 0;
- s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s)
- {
- expiredate = _cdk_buftou32 (s->d);
- pk->expiredate = pk->timestamp + expiredate;
- pk->has_expired = pk->expiredate > curtime ? 0 : 1;
- }
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- }
+ {
+ sig = node->pkt->pkt.signature;
+ /* Revocation certificates for primary keys */
+ if (sig->sig_class == 0x20)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
+ if (kb)
+ {
+ kb->pkt->pkt.public_key->is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certificates for subkeys */
+ else if (sig->sig_class == 0x28)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
+ if (kb)
+ {
+ kb->pkt->pkt.public_key->is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certifcates for user ID's */
+ else if (sig->sig_class == 0x30)
+ {
+ if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1])
+ continue; /* revokes an earlier signature, no userID. */
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID);
+ if (kb)
+ {
+ kb->pkt->pkt.user_id->is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for primary keys */
+ else if (sig->sig_class == 0x1F)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
+ if (kb)
+ {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s)
+ {
+ expiredate = _cdk_buftou32 (s->d);
+ pk->expiredate = pk->timestamp + expiredate;
+ pk->has_expired = pk->expiredate > curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for subkeys */
+ else if (sig->sig_class == 0x18)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
+ if (kb)
+ {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s)
+ {
+ expiredate = _cdk_buftou32 (s->d);
+ pk->expiredate = pk->timestamp + expiredate;
+ pk->has_expired = pk->expiredate > curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ }
}
node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
if (node && node->pkt->pkt.public_key->version == 3)
we say the key is valid when we have at least a self signature. */
pk = node->pkt->pkt.public_key;
for (node = knode; node; node = node->next)
- {
- if (is_selfsig (node, keyid))
- {
- pk->is_invalid = 0;
- break;
- }
- }
+ {
+ if (is_selfsig (node, keyid))
+ {
+ pk->is_invalid = 0;
+ break;
+ }
+ }
}
if (node && (node->pkt->pkt.public_key->is_revoked ||
- node->pkt->pkt.public_key->has_expired))
+ node->pkt->pkt.public_key->has_expired))
{
/* If the primary key has been revoked, mark all subkeys as invalid
because without a primary key they are not useable */
for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- node->pkt->pkt.public_key->is_invalid = 1;
- }
+ {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_invalid = 1;
+ }
}
return 0;
{
pkt = cdk_kbnode_get_packet (p);
if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
- || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
- && pkt->pkt.public_key->keyid[0] == keyid[0]
- && pkt->pkt.public_key->keyid[1] == keyid[1])
- {
- pkt->pkt.public_key->pubkey_usage = usage;
- return;
- }
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
+ && pkt->pkt.public_key->keyid[0] == keyid[0]
+ && pkt->pkt.public_key->keyid[1] == keyid[1])
+ {
+ pkt->pkt.public_key->pubkey_usage = usage;
+ return;
+ }
}
return;
}
old_off = cdk_stream_tell (inp);
rc = cdk_pkt_read (inp, pkt);
if (rc)
- {
- cdk_pkt_release (pkt);
- if (rc == CDK_EOF)
- break;
- else
- { /* Release all packets we reached so far. */
- _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc);
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
- }
+ {
+ cdk_pkt_release (pkt);
+ if (rc == CDK_EOF)
+ break;
+ else
+ { /* Release all packets we reached so far. */
+ _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc);
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return rc;
+ }
+ }
if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY))
- {
- /* The next key starts here so set the file pointer
- and leave the loop. */
- cdk_stream_seek (inp, old_off);
- cdk_pkt_release (pkt);
- break;
- }
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY)
- {
- _cdk_pkt_get_keyid (pkt, main_keyid);
- key_seen = 1;
- }
- else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- pkt->pkt.public_key->main_keyid[0] = main_keyid[0];
- pkt->pkt.public_key->main_keyid[1] = main_keyid[1];
- }
- else
- {
- pkt->pkt.secret_key->main_keyid[0] = main_keyid[0];
- pkt->pkt.secret_key->main_keyid[1] = main_keyid[1];
- }
- }
- /* We save this for the signature */
- _cdk_pkt_get_keyid (pkt, keyid);
- got_key = 1;
- }
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY))
+ {
+ /* The next key starts here so set the file pointer
+ and leave the loop. */
+ cdk_stream_seek (inp, old_off);
+ cdk_pkt_release (pkt);
+ break;
+ }
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY)
+ {
+ _cdk_pkt_get_keyid (pkt, main_keyid);
+ key_seen = 1;
+ }
+ else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ {
+ pkt->pkt.public_key->main_keyid[0] = main_keyid[0];
+ pkt->pkt.public_key->main_keyid[1] = main_keyid[1];
+ }
+ else
+ {
+ pkt->pkt.secret_key->main_keyid[0] = main_keyid[0];
+ pkt->pkt.secret_key->main_keyid[1] = main_keyid[1];
+ }
+ }
+ /* We save this for the signature */
+ _cdk_pkt_get_keyid (pkt, keyid);
+ got_key = 1;
+ }
else if (pkt->pkttype == CDK_PKT_USER_ID)
- ;
+ ;
else if (pkt->pkttype == CDK_PKT_SIGNATURE)
- {
- cdk_subpkt_t s;
-
- pkt->pkt.signature->key[0] = keyid[0];
- pkt->pkt.signature->key[1] = keyid[1];
- if (pkt->pkt.signature->sig_class == 0x1F &&
- pkt->pkt.signature->revkeys)
- revkeys = pkt->pkt.signature->revkeys;
-
- s =
- cdk_subpkt_find (pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_FLAGS);
- if (s)
- {
- unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]);
- add_key_usage (knode, pkt->pkt.signature->key, key_usage);
- }
- }
+ {
+ cdk_subpkt_t s;
+
+ pkt->pkt.signature->key[0] = keyid[0];
+ pkt->pkt.signature->key[1] = keyid[1];
+ if (pkt->pkt.signature->sig_class == 0x1F &&
+ pkt->pkt.signature->revkeys)
+ revkeys = pkt->pkt.signature->revkeys;
+
+ s =
+ cdk_subpkt_find (pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_FLAGS);
+ if (s)
+ {
+ unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]);
+ add_key_usage (knode, pkt->pkt.signature->key, key_usage);
+ }
+ }
node = cdk_kbnode_new (pkt);
if (!knode)
- knode = node;
+ knode = node;
else
- _cdk_kbnode_add (knode, node);
+ _cdk_kbnode_add (knode, node);
}
if (got_key)
keydb_merge_selfsig (knode, main_keyid);
rc = keydb_parse_allsigs (knode, NULL, 0);
if (revkeys)
- {
- node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (node)
- node->pkt->pkt.public_key->revkeys = revkeys;
- }
+ {
+ node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
+ if (node)
+ node->pkt->pkt.public_key->revkeys = revkeys;
+ }
}
else
cdk_kbnode_release (knode);
unsigned int i;
if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X'))
- { /* Skip hex prefix. */
+ { /* Skip hex prefix. */
buf += 2;
len -= 2;
}
for (i = 0; i < len; i++)
{
if (!isxdigit (buf[i]))
- return CDK_DBSEARCH_SUBSTR;
+ return CDK_DBSEARCH_SUBSTR;
}
if (i != len)
return CDK_DBSEARCH_SUBSTR;
{
rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, r->d);
if (rc)
- {
- gnutls_assert ();
- return rc;
- }
+ {
+ gnutls_assert ();
+ return rc;
+ }
rc = cdk_keydb_search (st, hd, &knode);
cdk_keydb_search_release (st);
if (rc)
- {
- gnutls_assert ();
- return rc;
- }
+ {
+ gnutls_assert ();
+ return rc;
+ }
node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
if (!node)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
/* If the key is a version 3 key, use the old packet
format for the output. */
if (node->pkt->pkt.public_key->version == 3)
- old_ctb = 1;
+ old_ctb = 1;
else
- old_ctb = 0;
+ old_ctb = 0;
for (node = knode; node; node = node->next)
- {
- /* No specified format; skip them */
- if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
- continue;
- /* We never export local signed signatures */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- !node->pkt->pkt.signature->flags.exportable)
- continue;
- /* Filter out invalid signatures */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo)))
- continue;
-
- /* Adjust the ctb flag if needed. */
- node->pkt->old_ctb = old_ctb;
- rc = cdk_pkt_write (out, node->pkt);
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
- }
+ {
+ /* No specified format; skip them */
+ if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
+ continue;
+ /* We never export local signed signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable)
+ continue;
+ /* Filter out invalid signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo)))
+ continue;
+
+ /* Adjust the ctb flag if needed. */
+ node->pkt->old_ctb = old_ctb;
+ rc = cdk_pkt_write (out, node->pkt);
+ if (rc)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return rc;
+ }
+ }
cdk_kbnode_release (knode);
knode = NULL;
}
{
pkt = cdk_kbnode_find_packet (knode, CDK_PKT_SECRET_KEY);
if (r_is_sk)
- *r_is_sk = pkt ? 1 : 0;
+ *r_is_sk = pkt ? 1 : 0;
}
return pkt;
}
chk = NULL;
cdk_keydb_get_bykeyid (hd, keyid, &chk);
if (chk)
- { /* FIXME: search for new signatures */
+ { /* FIXME: search for new signatures */
cdk_kbnode_release (chk);
return 0;
}
for (node = knode; node; node = node->next)
{
if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
- continue; /* No uniformed syntax for this packet */
+ continue; /* No uniformed syntax for this packet */
if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- !node->pkt->pkt.signature->flags.exportable)
- {
- _cdk_log_debug ("key db import: skip local signature\n");
- continue;
- }
+ !node->pkt->pkt.signature->flags.exportable)
+ {
+ _cdk_log_debug ("key db import: skip local signature\n");
+ continue;
+ }
if (!is_key_node (node))
- {
- _cdk_log_debug ("key db import: skip invalid node of type %d\n",
- node->pkt->pkttype);
- continue;
- }
+ {
+ _cdk_log_debug ("key db import: skip invalid node of type %d\n",
+ node->pkt->pkttype);
+ continue;
+ }
rc = cdk_pkt_write (out, node->pkt);
if (rc)
- {
- cdk_stream_close (out);
- gnutls_assert ();
- return rc;
- }
+ {
+ cdk_stream_close (out);
+ gnutls_assert ();
+ return rc;
+ }
}
cdk_stream_close (out);
while (!cdk_pkt_read (db, pkt))
{
if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
- pkt->pkttype != CDK_PKT_SECRET_SUBKEY)
- {
- cdk_pkt_free (pkt);
- continue;
- }
+ pkt->pkttype != CDK_PKT_SECRET_SUBKEY)
+ {
+ cdk_pkt_free (pkt);
+ continue;
+ }
cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
if (KEYID_CMP (kid, keyid))
- {
- cdk_pkt_release (pkt);
- return 0;
- }
+ {
+ cdk_pkt_release (pkt);
+ return 0;
+ }
cdk_pkt_free (pkt);
}
cdk_pkt_release (pkt);
**/
cdk_error_t
cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
- const char *patt, cdk_strlist_t fpatt)
+ const char *patt, cdk_strlist_t fpatt)
{
cdk_listkey_t ctx;
cdk_stream_t inp;
{
ctx->u.patt = cdk_strdup (patt);
if (!ctx->u.patt)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
}
else if (fpatt)
{
cdk_strlist_t l;
for (l = fpatt; l; l = l->next)
- cdk_strlist_add (&ctx->u.fpatt, l->d);
+ cdk_strlist_add (&ctx->u.fpatt, l->d);
}
ctx->type = patt ? 1 : 0;
ctx->init = 1;
cdk_error_t rc;
for (;;)
- {
- rc = cdk_keydb_get_keyblock (ctx->inp, &node);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- memset (&ks, 0, sizeof (ks));
- ks.type = CDK_DBSEARCH_SUBSTR;
- ks.u.pattern = ctx->u.patt;
- if (find_by_pattern (node, &ks))
- {
- *ret_key = node;
- return 0;
- }
- cdk_kbnode_release (node);
- node = NULL;
- }
+ {
+ rc = cdk_keydb_get_keyblock (ctx->inp, &node);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ memset (&ks, 0, sizeof (ks));
+ ks.type = CDK_DBSEARCH_SUBSTR;
+ ks.u.pattern = ctx->u.patt;
+ if (find_by_pattern (node, &ks))
+ {
+ *ret_key = node;
+ return 0;
+ }
+ cdk_kbnode_release (node);
+ node = NULL;
+ }
}
else
{
if (!ctx->t)
- ctx->t = ctx->u.fpatt;
+ ctx->t = ctx->u.fpatt;
else if (ctx->t->next)
- ctx->t = ctx->t->next;
+ ctx->t = ctx->t->next;
else
- return CDK_EOF;
+ return CDK_EOF;
return cdk_keydb_get_bypattern (ctx->db, ctx->t->d, ret_key);
}
gnutls_assert ();
typedef struct cdk_keydb_search_s
{
- off_t off; /* last file offset */
+ off_t off; /* last file offset */
union
{
- char *pattern; /* A search is performed by pattern. */
- u32 keyid[2]; /* A search by keyid. */
- byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */
+ char *pattern; /* A search is performed by pattern. */
+ u32 keyid[2]; /* A search by keyid. */
+ byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */
} u;
int type;
struct key_table_s *cache;
size_t ncache;
- unsigned int no_cache:1; /* disable the index cache. */
+ unsigned int no_cache:1; /* disable the index cache. */
cdk_stream_t idx;
- char *idx_name; /* name of the index file or NULL. */
+ char *idx_name; /* name of the index file or NULL. */
} cdk_keydb_search_s;
/* Internal key database handle. */
struct cdk_keydb_hd_s
{
- int type; /* type of the key db handle. */
- int fp_ref; /* 1=means it is a reference and shall not be closed. */
+ int type; /* type of the key db handle. */
+ int fp_ref; /* 1=means it is a reference and shall not be closed. */
cdk_stream_t fp;
- char *name; /* name of the underlying file or NULL. */
- unsigned int secret:1; /* contain secret keys. */
- unsigned int isopen:1; /* the underlying stream is opened. */
+ char *name; /* name of the underlying file or NULL. */
+ unsigned int secret:1; /* contain secret keys. */
+ unsigned int isopen:1; /* the underlying stream is opened. */
/* structure to store some stats about the keydb. */
struct
{
- size_t new_keys; /* amount of new keys that were imported. */
+ size_t new_keys; /* amount of new keys that were imported. */
} stats;
};
from the original name and cut off the OpenPGP extension.
If this is not possible, we return an error. */
if (!stristr (pfx->orig_filename, ".gpg") &&
- !stristr (pfx->orig_filename, ".pgp") &&
- !stristr (pfx->orig_filename, ".asc"))
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- cdk_stream_close (so);
- _cdk_log_debug
- ("literal filter: no file name and no PGP extension\n");
- return CDK_Inv_Mode;
- }
+ !stristr (pfx->orig_filename, ".pgp") &&
+ !stristr (pfx->orig_filename, ".asc"))
+ {
+ cdk_pkt_release (pkt);
+ cdk_stream_close (si);
+ cdk_stream_close (so);
+ _cdk_log_debug
+ ("literal filter: no file name and no PGP extension\n");
+ return CDK_Inv_Mode;
+ }
_cdk_log_debug ("literal filter: derrive file name from original\n");
pfx->filename = dup_trim_filename (pfx->orig_filename);
pfx->filename[strlen (pfx->filename) - 4] = '\0';
while (!feof (in))
{
_cdk_log_debug ("literal_decode: part on %d size %lu\n",
- (int) pfx->blkmode.on, pfx->blkmode.size);
+ (int) pfx->blkmode.on, pfx->blkmode.size);
if (pfx->blkmode.on)
- bufsize = pfx->blkmode.size;
+ bufsize = pfx->blkmode.size;
else
- bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf);
+ bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf);
nread = cdk_stream_read (pt->buf, buf, bufsize);
if (nread == EOF)
- {
- rc = CDK_File_Error;
- break;
- }
+ {
+ rc = CDK_File_Error;
+ break;
+ }
if (pfx->md_initialized)
- _gnutls_hash (&pfx->md, buf, nread);
+ _gnutls_hash (&pfx->md, buf, nread);
cdk_stream_write (so, buf, nread);
pt->len -= nread;
if (pfx->blkmode.on)
- {
- pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on);
- if ((ssize_t) pfx->blkmode.size == EOF)
- return CDK_Inv_Packet;
- }
+ {
+ pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on);
+ if ((ssize_t) pfx->blkmode.size == EOF)
+ return CDK_Inv_Packet;
+ }
if (pt->len <= 0 && !pfx->blkmode.on)
- break;
+ break;
}
cdk_stream_close (si);
{
pfx->filename = cdk_strdup ("_CONSOLE");
if (!pfx->filename)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
}
rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
{
literal_filter_t *pfx = data;
if (pfx)
- {
- _cdk_log_debug ("free literal filter\n");
- cdk_free (pfx->filename);
- pfx->filename = NULL;
- cdk_free (pfx->orig_filename);
- pfx->orig_filename = NULL;
- return 0;
- }
+ {
+ _cdk_log_debug ("free literal filter\n");
+ cdk_free (pfx->filename);
+ pfx->filename = NULL;
+ cdk_free (pfx->orig_filename);
+ pfx->orig_filename = NULL;
+ return 0;
+ }
}
return CDK_Inv_Mode;
}
{
s = fgets (buf, DIM (buf) - 1, in);
if (!s)
- break;
+ break;
_cdk_trim_string (buf, 1);
fwrite (buf, 1, strlen (buf), out);
}
{
s = fgets (buf, DIM (buf) - 1, in);
if (!s)
- break;
+ break;
_cdk_trim_string (buf, 0);
fwrite (buf, 1, strlen (buf), out);
fwrite (tfx->lf, 1, strlen (tfx->lf), out);
{
text_filter_t *tfx = data;
if (tfx)
- {
- _cdk_log_debug ("free text filter\n");
- tfx->lf = NULL;
- }
+ {
+ _cdk_log_debug ("free text filter\n");
+ tfx->lf = NULL;
+ }
}
return CDK_Inv_Mode;
}
else
{
if (level > 0 && level < 10)
- hd->compress.level = level;
+ hd->compress.level = level;
else
- hd->compress.level = 6;
+ hd->compress.level = 6;
}
}
{
case CDK_CTL_ARMOR:
if (set)
- hd->opt.armor = va_arg (arg_ptr, int);
+ hd->opt.armor = va_arg (arg_ptr, int);
else
- val = hd->opt.armor;
+ val = hd->opt.armor;
break;
case CDK_CTL_DIGEST:
if (set)
- handle_set_digest (hd, va_arg (arg_ptr, int));
+ handle_set_digest (hd, va_arg (arg_ptr, int));
else
- val = hd->digest_algo;
+ val = hd->digest_algo;
break;
case CDK_CTL_OVERWRITE:
if (set)
- hd->opt.overwrite = va_arg (arg_ptr, int);
+ hd->opt.overwrite = va_arg (arg_ptr, int);
else
- val = hd->opt.overwrite;
+ val = hd->opt.overwrite;
break;
case CDK_CTL_COMPRESS:
if (set)
- {
- int algo = va_arg (arg_ptr, int);
- int level = va_arg (arg_ptr, int);
- handle_set_compress (hd, algo, level);
- }
+ {
+ int algo = va_arg (arg_ptr, int);
+ int level = va_arg (arg_ptr, int);
+ handle_set_compress (hd, algo, level);
+ }
else
- val = hd->compress.algo;
+ val = hd->compress.algo;
break;
case CDK_CTL_S2K:
if (set)
- {
- int mode = va_arg (arg_ptr, int);
- int digest = va_arg (arg_ptr, int);
- handle_set_s2k (hd, mode, digest);
- }
+ {
+ int mode = va_arg (arg_ptr, int);
+ int digest = va_arg (arg_ptr, int);
+ handle_set_s2k (hd, mode, digest);
+ }
else
- val = hd->_s2k.mode;
+ val = hd->_s2k.mode;
break;
case CDK_CTL_FORCE_DIGEST:
if (set)
- hd->opt.force_digest = va_arg (arg_ptr, int);
+ hd->opt.force_digest = va_arg (arg_ptr, int);
else
- val = hd->opt.force_digest;
+ val = hd->opt.force_digest;
break;
case CDK_CTL_BLOCKMODE_ON:
if (set)
- hd->opt.blockmode = va_arg (arg_ptr, int);
+ hd->opt.blockmode = va_arg (arg_ptr, int);
else
- val = hd->opt.blockmode;
+ val = hd->opt.blockmode;
break;
default:
**/
void
cdk_handle_set_passphrase_cb (cdk_ctx_t hd,
- char *(*cb) (void *opa, const char *prompt),
- void *cb_value)
+ char *(*cb) (void *opa, const char *prompt),
+ void *cb_value)
{
if (!hd)
return;
if (hd->db.close_db)
{
if (hd->db.pub)
- cdk_keydb_free (hd->db.pub);
+ cdk_keydb_free (hd->db.pub);
if (hd->db.sec)
- cdk_keydb_free (hd->db.sec);
+ cdk_keydb_free (hd->db.sec);
hd->db.pub = hd->db.sec = NULL;
}
cdk_free (hd);
/* This is the default block size for the partial length packet mode. */
#define DEF_BLOCKSIZE 8192
-#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */
+#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */
/* For now SHA-1 is used to create fingerprint for keys.
But if this will ever change, it is a good idea to
/*-- proc-packet.c --*/
cdk_error_t _cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp,
- cdk_stream_t data,
- const char *output, cdk_stream_t outstream,
- digest_hd_st * md);
+ cdk_stream_t data,
+ const char *output, cdk_stream_t outstream,
+ digest_hd_st * md);
cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx);
/*-- pubkey.c --*/
/*-- sig-check.c --*/
cdk_error_t _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st * digest, int *r_expired);
+ digest_hd_st * digest, int *r_expired);
cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * hd);
cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version,
- digest_hd_st * md);
+ digest_hd_st * md);
cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, digest_hd_st * md,
- int use_fpr);
+ int use_fpr);
cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t hd, cdk_kbnode_t knode,
- cdk_kbnode_t snode, int *is_selfsig,
- char **ret_uid);
+ cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid);
/*-- kbnode.c --*/
void _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node);
/*-- sesskey.c --*/
cdk_error_t _cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen,
- int pk_algo,
- const byte * md,
- int digest_algo, unsigned nbits);
+ int pk_algo,
+ const byte * md,
+ int digest_algo, unsigned nbits);
cdk_error_t _cdk_sk_unprotect_auto (cdk_ctx_t hd, cdk_pkt_seckey_t sk);
/*-- keydb.c --*/
int _cdk_keydb_is_secret (cdk_keydb_hd_t db);
cdk_error_t _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pkt_pubkey_t * ret_pk, int usage);
+ cdk_pkt_pubkey_t * ret_pk, int usage);
cdk_error_t _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pkt_seckey_t * ret_sk, int usage);
+ cdk_pkt_seckey_t * ret_sk, int usage);
cdk_error_t _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid,
- const char *id);
+ const char *id);
/*-- sign.c --*/
int _cdk_sig_hash_for (cdk_pkt_pubkey_t pk);
void _cdk_trim_string (char *s, int canon);
cdk_error_t _cdk_sig_create (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
cdk_error_t _cdk_sig_complete (cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
- digest_hd_st * hd);
+ digest_hd_st * hd);
/*-- stream.c --*/
void _cdk_stream_set_compress_algo (cdk_stream_t s, int algo);
cdk_error_t _cdk_stream_open_mode (const char *file, const char *mode,
- cdk_stream_t * ret_s);
+ cdk_stream_t * ret_s);
void *_cdk_stream_get_opaque (cdk_stream_t s, int fid);
const char *_cdk_stream_get_fname (cdk_stream_t s);
FILE *_cdk_stream_get_fp (cdk_stream_t s);
int _cdk_stream_get_blockmode (cdk_stream_t s);
int _cdk_stream_puts (cdk_stream_t s, const char *buf);
cdk_error_t _cdk_stream_fpopen (FILE * fp, unsigned write_mode,
- cdk_stream_t * ret_out);
+ cdk_stream_t * ret_out);
/*-- verify.c --*/
void _cdk_result_verify_free (cdk_verify_result_t res);
for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--)
{
if (toupper (*t) == toupper (*s))
- {
- for (buf = t++, buflen = n--, s++;
- n && toupper (*t) == toupper ((byte) * s); t++, s++, n--)
- ;
- if (!*s)
- return buf;
- t = (byte *) buf;
- n = buflen;
- s = (byte *) sub;
- }
+ {
+ for (buf = t++, buflen = n--, s++;
+ n && toupper (*t) == toupper ((byte) * s); t++, s++, n--)
+ ;
+ if (!*s)
+ return buf;
+ t = (byte *) buf;
+ n = buflen;
+ s = (byte *) sub;
+ }
}
return NULL;
_cdk_trim_string (char *s, int canon)
{
while (s && *s &&
- (s[strlen (s) - 1] == '\t' ||
- s[strlen (s) - 1] == '\r' ||
- s[strlen (s) - 1] == '\n' || s[strlen (s) - 1] == ' '))
+ (s[strlen (s) - 1] == '\t' ||
+ s[strlen (s) - 1] == '\r' ||
+ s[strlen (s) - 1] == '\n' || s[strlen (s) - 1] == ' '))
s[strlen (s) - 1] = '\0';
if (canon)
strcat (s, "\r\n");
/* We need to make sure the file will be deleted when it is closed. */
fd = _open (buf, _O_CREAT | _O_EXCL | _O_TEMPORARY |
- _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE);
+ _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE);
if (fd == -1)
return NULL;
fp = fdopen (fd, "w+b");
case CDK_PKT_USER_ID:
pkt->pkt.user_id = cdk_calloc (1, sizeof pkt->pkt.user_id);
if (!pkt->pkt.user_id)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
pkt->pkt.user_id->name = NULL;
break;
case CDK_PKT_PUBLIC_SUBKEY:
pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
if (!pkt->pkt.public_key)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
break;
case CDK_PKT_SECRET_KEY:
case CDK_PKT_SECRET_SUBKEY:
pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
pkt->pkt.secret_key->pk =
- cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk);
+ cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk);
if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
break;
case CDK_PKT_SIGNATURE:
pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
if (!pkt->pkt.signature)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
break;
case CDK_PKT_PUBKEY_ENC:
pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
if (!pkt->pkt.pubkey_enc)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
break;
case CDK_PKT_MDC:
pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
if (!pkt->pkt.mdc)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
break;
case CDK_PKT_ONEPASS_SIG:
pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
if (!pkt->pkt.onepass_sig)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
break;
case CDK_PKT_LITERAL:
bytes, otherwise the result would be useless. */
pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
if (!pkt->pkt.literal)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
pkt->pkt.literal->name = NULL;
break;
{
k->encdata = cdk_calloc (1, src->enclen + 1);
if (!k->encdata)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
memcpy (k->encdata, src->encdata, src->enclen);
}
for (i = 0; i < na; i++)
{
if (_gnutls_mpi_cmp (a->mpi[i], b->mpi[i]))
- return -1;
+ return -1;
}
return 0;
for (s = ctx; s; s = s->next)
{
if (s->type == type)
- count++;
+ count++;
}
return count;
for (s = ctx; s; s = s->next)
{
if (s->type == type && pos++ == idx)
- return s;
+ return s;
}
return NULL;
if (!s)
{
if (r_nbytes)
- *r_nbytes = 0;
+ *r_nbytes = 0;
return NULL;
}
for (n = 0, list = s; list; list = list->next)
{
- n++; /* type */
+ n++; /* type */
n += list->size;
if (list->size < 192)
- n++;
+ n++;
else if (list->size < 8384)
- n += 2;
+ n += 2;
else
- n += 5;
+ n += 5;
}
buf = cdk_calloc (1, n + 1);
if (!buf)
n = 0;
for (list = s; list; list = list->next)
{
- nbytes = 1 + list->size; /* type */
+ nbytes = 1 + list->size; /* type */
if (nbytes < 192)
- buf[n++] = nbytes;
+ buf[n++] = nbytes;
else if (nbytes < 8384)
- {
- buf[n++] = nbytes / 256 + 192;
- buf[n++] = nbytes % 256;
- }
+ {
+ buf[n++] = nbytes / 256 + 192;
+ buf[n++] = nbytes % 256;
+ }
else
- {
- buf[n++] = 0xFF;
- buf[n++] = nbytes >> 24;
- buf[n++] = nbytes >> 16;
- buf[n++] = nbytes >> 8;
- buf[n++] = nbytes;
- }
+ {
+ buf[n++] = 0xFF;
+ buf[n++] = nbytes >> 24;
+ buf[n++] = nbytes >> 16;
+ buf[n++] = nbytes >> 8;
+ buf[n++] = nbytes;
+ }
buf[n++] = list->type;
memcpy (buf + n, list->d, list->size);
n += list->size;
{
node = cdk_subpkt_new (p->size);
if (node)
- {
- memcpy (node->d, p->d, p->size);
- node->type = p->type;
- node->size = p->size;
- }
+ {
+ memcpy (node->d, p->d, p->size);
+ node->type = p->type;
+ node->size = p->size;
+ }
if (!root)
- root = node;
+ root = node;
else
- cdk_subpkt_add (root, node);
+ cdk_subpkt_add (root, node);
}
*r_dst = root;
return 0;
**/
void
cdk_subpkt_init (cdk_subpkt_t node, size_t type,
- const void *buf, size_t buflen)
+ const void *buf, size_t buflen)
{
if (!node)
return;
/* FIXME: We need to think of a public interface for it. */
const byte *
cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
- cdk_desig_revoker_t * ctx,
- int *r_class, int *r_algid)
+ cdk_desig_revoker_t * ctx,
+ int *r_class, int *r_algid)
{
cdk_desig_revoker_t n;
for (node = root->next; node; node = node->next)
{
if (!type)
- return node;
+ return node;
else if (node->type == type)
- return node;
+ return node;
}
return NULL;
#ifndef OPENCDK_H
#define OPENCDK_H
-#include <stddef.h> /* for size_t */
+#include <stddef.h> /* for size_t */
#include <stdarg.h>
#include <gnutls_int.h>
#include <gnutls_mem.h>
enum cdk_control_flags
{
- CDK_CTLF_SET = 0, /* Value to set an option */
- CDK_CTLF_GET = 1, /* Value to get an option */
- CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
- CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
- CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
- CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
- CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
- CDK_CTL_S2K = 16, /* Option to set S2K values. */
- CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
- CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
+ CDK_CTLF_SET = 0, /* Value to set an option */
+ CDK_CTLF_GET = 1, /* Value to get an option */
+ CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
+ CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
+ CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
+ CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
+ CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
+ CDK_CTL_S2K = 16, /* Option to set S2K values. */
+ CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
+ CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
};
/* Specifies all valid log levels. */
enum cdk_log_level_t
{
- CDK_LOG_NONE = 0, /* No log message will be shown. */
+ CDK_LOG_NONE = 0, /* No log message will be shown. */
CDK_LOG_INFO = 1,
CDK_LOG_DEBUG = 2,
CDK_LOG_DEBUG_PKT = 3
CDK_COMPRESS_NONE = 0,
CDK_COMPRESS_ZIP = 1,
CDK_COMPRESS_ZLIB = 2,
- CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
+ CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
};
/* All valid public key algorithms valid in OpenPGP */
{
CDK_PK_UNKNOWN = 0,
CDK_PK_RSA = 1,
- CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
- CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
+ CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
+ CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
CDK_PK_ELG_E = 16,
CDK_PK_DSA = 17
};
enum cdk_pref_type_t
{
CDK_PREFTYPE_NONE = 0,
- CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
- CDK_PREFTYPE_HASH = 2, /* Message digests */
- CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
+ CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
+ CDK_PREFTYPE_HASH = 2, /* Message digests */
+ CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
};
enum cdk_keydb_flag_t
{
/* Valid database search modes */
- CDK_DBSEARCH_EXACT = 1, /* Exact string search */
- CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
- CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
- CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
- CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
- CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
- CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
+ CDK_DBSEARCH_EXACT = 1, /* Exact string search */
+ CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
+ CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
+ CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
+ CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
+ CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
+ CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
/* Valid database types */
- CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
- CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
- CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
- CDK_DBTYPE_STREAM = 103 /* A stream is used to read keys from */
+ CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
+ CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
+ CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
+ CDK_DBTYPE_STREAM = 103 /* A stream is used to read keys from */
};
enum cdk_key_flag_t
{
CDK_KEY_VALID = 0,
- CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
- CDK_KEY_EXPIRED = 2, /* Key is expired. */
- CDK_KEY_REVOKED = 4, /* Key has been revoked. */
+ CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
+ CDK_KEY_EXPIRED = 2, /* Key is expired. */
+ CDK_KEY_REVOKED = 4, /* Key has been revoked. */
CDK_KEY_NOSIGNER = 8
};
CDK_SIGSTAT_GOOD = 1,
CDK_SIGSTAT_BAD = 2,
CDK_SIGSTAT_NOKEY = 3,
- CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
+ CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
/* FIXME: We need indicators for revoked/expires signatures. */
/* Signature modes */
unsigned valid:1;
unsigned missing_key:1;
} flags;
- unsigned int key[2]; /* only valid for key signatures */
+ unsigned int key[2]; /* only valid for key signatures */
};
typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
unsigned mdc_feature:1;
cdk_prefitem_t prefs;
size_t prefs_size;
- unsigned char *attrib_img; /* Tag 17 if not null */
+ unsigned char *attrib_img; /* Tag 17 if not null */
size_t attrib_len;
cdk_pkt_signature_t selfsig;
char *name;
struct
{
unsigned char algo;
- unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
+ unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
cdk_s2k_t s2k;
unsigned char iv[16];
unsigned char ivlen;
/* Structure which represents a single OpenPGP packet. */
struct cdk_packet_s
{
- size_t pktlen; /* real packet length */
- size_t pktsize; /* length with all headers */
- int old_ctb; /* 1 if RFC1991 mode is used */
+ size_t pktlen; /* real packet length */
+ size_t pktsize; /* length with all headers */
+ int old_ctb; /* 1 if RFC1991 mode is used */
cdk_packet_type_t pkttype;
union
{
The user can directly use the file name, the rest is
done internally. */
cdk_error_t cdk_handle_set_keyring (cdk_ctx_t hd, int type,
- const char *kringname);
+ const char *kringname);
/* Return keydb handle stored in the session handle. */
cdk_keydb_hd_t cdk_handle_get_keydb (cdk_ctx_t hd, int type);
/* Set a passphrase callback for the given session handle. */
void cdk_handle_set_passphrase_cb (cdk_ctx_t hd,
- char *(*cb) (void *opa,
- const char *prompt),
- void *cb_value);
+ char *(*cb) (void *opa,
+ const char *prompt),
+ void *cb_value);
/* shortcuts for some controls */
/* This context holds all information of the verification process. */
struct cdk_verify_result_s
{
- int sig_ver; /* Version of the signature. */
- int sig_status; /* The status (GOOD, BAD) of the signature */
- int sig_flags; /* May contain expired or revoked flags */
- unsigned int keyid[2]; /* The issuer key ID */
- unsigned int created; /* Timestamp when the sig was created. */
+ int sig_ver; /* Version of the signature. */
+ int sig_status; /* The status (GOOD, BAD) of the signature */
+ int sig_flags; /* May contain expired or revoked flags */
+ unsigned int keyid[2]; /* The issuer key ID */
+ unsigned int created; /* Timestamp when the sig was created. */
unsigned int expires;
int pubkey_algo;
int digest_algo;
- char *user_id; /* NULL or user ID which issued the signature. */
- char *policy_url; /* If set, the policy the sig was created under. */
- size_t sig_len; /* Size of the signature data inbits. */
- unsigned char *sig_data; /* Raw signature data. */
+ char *user_id; /* NULL or user ID which issued the signature. */
+ char *policy_url; /* If set, the policy the sig was created under. */
+ size_t sig_len; /* Size of the signature data inbits. */
+ unsigned char *sig_data; /* Raw signature data. */
};
typedef struct cdk_verify_result_s *cdk_verify_result_t;
cdk_subpkt_t cdk_subpkt_find_next (cdk_subpkt_t root, size_t type);
size_t cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type);
cdk_subpkt_t cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type,
- size_t index);
+ size_t index);
cdk_error_t cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node);
const unsigned char *cdk_subpkt_get_data (cdk_subpkt_t ctx,
- size_t * r_type,
- size_t * r_nbytes);
+ size_t * r_type,
+ size_t * r_nbytes);
void cdk_subpkt_init (cdk_subpkt_t node, size_t type, const void *buf,
- size_t buflen);
+ size_t buflen);
/* Designated Revoker routines */
const unsigned char *cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
- cdk_desig_revoker_t * ctx,
- int *r_class,
- int *r_algid);
+ cdk_desig_revoker_t * ctx,
+ int *r_class,
+ int *r_algid);
#define is_RSA(a) ((a) == CDK_PK_RSA \
|| (a) == CDK_PK_RSA_E \
/* Encrypt the given session key @SK with the public key @PK
and write the contents into the packet @PKE. */
cdk_error_t cdk_pk_encrypt (cdk_pubkey_t pk, cdk_pkt_pubkey_enc_t pke,
- bigint_t sk);
+ bigint_t sk);
/* Decrypt the given encrypted session key in @PKE with the secret key
@SK and store it in @R_SK. */
cdk_error_t cdk_pk_decrypt (cdk_seckey_t sk, cdk_pkt_pubkey_enc_t pke,
- bigint_t * r_sk);
+ bigint_t * r_sk);
/* Sign the given message digest @MD with the secret key @SK and
store the signature in the packet @SIG. */
cdk_error_t cdk_pk_sign (cdk_seckey_t sk, cdk_pkt_signature_t sig,
- const unsigned char *md);
+ const unsigned char *md);
/* Verify the given signature in @SIG with the public key @PK
and compare it against the message digest @MD. */
cdk_error_t cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- const unsigned char *md);
+ const unsigned char *md);
/* Use cdk_pk_get_npkey() and cdk_pk_get_nskey to find out how much
multiprecision integers a key consists of. */
in the buffer @BUF. @R_NWRITTEN will contain the length in octets.
Optional @R_NBITS may contain the size in bits. */
cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
- unsigned char *buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits);
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
/* Same as the function above but of the secret key. */
cdk_error_t cdk_sk_get_mpi (cdk_seckey_t sk, size_t idx,
- unsigned char *buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits);
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
/* Helper to get the exact number of multi precision integers
for the given object. */
/* Same as above, but with additional sanity checks of the buffer size. */
cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk,
- unsigned char *fpr, size_t fprlen,
- size_t * r_nout);
+ unsigned char *fpr, size_t fprlen,
+ size_t * r_nout);
/* Derive the keyid from the fingerprint. This is only possible for
modern, version 4 keys. */
unsigned int cdk_pk_fingerprint_get_keyid (const unsigned char *fpr,
- size_t fprlen,
- unsigned int *keyid);
+ size_t fprlen,
+ unsigned int *keyid);
/* Various functions to get the keyid from the specific packet type. */
unsigned int cdk_pk_get_keyid (cdk_pubkey_t pk, unsigned int *keyid);
unsigned int cdk_sk_get_keyid (cdk_seckey_t sk, unsigned int *keyid);
unsigned int cdk_sig_get_keyid (cdk_pkt_signature_t sig,
- unsigned int *keyid);
+ unsigned int *keyid);
/* Key release functions. */
void cdk_pk_release (cdk_pubkey_t pk);
/* String to Key routines. */
cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
- const unsigned char *salt);
+ const unsigned char *salt);
void cdk_s2k_free (cdk_s2k_t s2k);
cdk_error_t cdk_file_armor (cdk_ctx_t hd, const char *file,
- const char *output);
+ const char *output);
cdk_error_t cdk_file_dearmor (const char *file, const char *output);
int cdk_armor_filter_use (cdk_stream_t inp);
If @outbuf and @outlen are NULL, the function returns the calculated
size of the base64 encoded data in @nwritten. */
cdk_error_t cdk_armor_encode_buffer (const unsigned char *inbuf,
- size_t inlen, char *outbuf,
- size_t outlen, size_t * nwritten,
- int type);
+ size_t inlen, char *outbuf,
+ size_t outlen, size_t * nwritten,
+ int type);
/* This context contain user callbacks for different stream operations.
/* Return a stream object which is associated to a socket. */
cdk_error_t cdk_stream_sockopen (const char *host, unsigned short port,
- cdk_stream_t * ret_out);
+ cdk_stream_t * ret_out);
/* Return a stream object which is associated to an existing file. */
cdk_error_t cdk_stream_open (const char *file, cdk_stream_t * ret_s);
/* Return a stream object with custom callback functions for the
various core operations. */
cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
- cdk_stream_t * ret_s);
+ cdk_stream_t * ret_s);
cdk_error_t cdk_stream_create (const char *file, cdk_stream_t * ret_s);
cdk_error_t cdk_stream_tmp_new (cdk_stream_t * r_out);
cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen,
- cdk_stream_t * r_out);
+ cdk_stream_t * r_out);
void cdk_stream_tmp_set_mode (cdk_stream_t s, int val);
cdk_error_t cdk_stream_flush (cdk_stream_t s);
cdk_error_t cdk_stream_enable_cache (cdk_stream_t s, int val);
/* Push the literal filter for the given stream. */
cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s,
- cdk_lit_format_t mode,
- const char *fname);
+ cdk_lit_format_t mode,
+ const char *fname);
cdk_error_t cdk_stream_set_compress_flag (cdk_stream_t s, int algo,
- int level);
+ int level);
cdk_error_t cdk_stream_set_hash_flag (cdk_stream_t s, int algo);
cdk_error_t cdk_stream_set_text_flag (cdk_stream_t s, const char *lf);
cdk_error_t cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out);
cdk_error_t cdk_stream_mmap (cdk_stream_t s, unsigned char **ret_buf,
- size_t * ret_buflen);
+ size_t * ret_buflen);
cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
- unsigned char **ret_buf,
- size_t * ret_buflen);
+ unsigned char **ret_buf,
+ size_t * ret_buflen);
/* Read from the stream but restore the file pointer after reading
the requested amount of bytes. */
the function does not support all combinations, the dedicated
functions should be preferred. */
cdk_error_t cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data,
- size_t count);
+ size_t count);
/* Create a new key db handle from a memory buffer. */
cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_hd, int secret,
- const void *data, size_t datlen);
+ const void *data, size_t datlen);
/* Create a new key db which uses an existing file. */
cdk_error_t cdk_keydb_new_from_file (cdk_keydb_hd_t * r_hd, int secret,
- const char *fname);
+ const char *fname);
/* Uses a stream as the key db input. For searching it is important
that the seek function is supported on the stream. Furthermore,
the stream is not closed in cdk_keydb_free(). The caller must do it. */
cdk_error_t cdk_keydb_new_from_stream (cdk_keydb_hd_t * r_hd, int secret,
- cdk_stream_t in);
+ cdk_stream_t in);
/* Check that a secret key with the given key ID is available. */
cdk_error_t cdk_keydb_check_sk (cdk_keydb_hd_t hd, unsigned int *keyid);
/* Prepare the key db search. */
cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st,
- cdk_keydb_hd_t db, int type,
- void *desc);
+ cdk_keydb_hd_t db, int type,
+ void *desc);
void cdk_keydb_search_release (cdk_keydb_search_t st);
/* Return a key which matches a valid description given in
cdk_keydb_search_start(). */
cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
- cdk_kbnode_t * ret_key);
+ cdk_kbnode_t * ret_key);
/* Release the key db handle and all its resources. */
void cdk_keydb_free (cdk_keydb_hd_t hd);
/* The following functions will try to find a key in the given key
db handle either by keyid, by fingerprint or by some pattern. */
cdk_error_t cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, unsigned int *keyid,
- cdk_kbnode_t * ret_pk);
+ cdk_kbnode_t * ret_pk);
cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd,
- const unsigned char *fpr,
- cdk_kbnode_t * ret_pk);
+ const unsigned char *fpr,
+ cdk_kbnode_t * ret_pk);
cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
- cdk_kbnode_t * ret_pk);
+ cdk_kbnode_t * ret_pk);
/* These function, in contrast to most other key db functions, only
return the public or secret key packet without the additional
signatures and user IDs. */
cdk_error_t cdk_keydb_get_pk (cdk_keydb_hd_t khd, unsigned int *keyid,
- cdk_pubkey_t * ret_pk);
+ cdk_pubkey_t * ret_pk);
cdk_error_t cdk_keydb_get_sk (cdk_keydb_hd_t khd, unsigned int *keyid,
- cdk_seckey_t * ret_sk);
+ cdk_seckey_t * ret_sk);
/* Try to read the next key block from the given input stream.
The key will be returned in @RET_KEY on success. */
cdk_error_t cdk_keydb_get_keyblock (cdk_stream_t inp,
- cdk_kbnode_t * ret_key);
+ cdk_kbnode_t * ret_key);
/* Rebuild the key db index if possible. */
cdk_error_t cdk_keydb_idx_rebuild (cdk_keydb_hd_t db,
- cdk_keydb_search_t dbs);
+ cdk_keydb_search_t dbs);
/* Export one or more keys from the given key db handle into
the stream @OUT. The export is done by substring search and
uses the string list @REMUSR for the pattern. */
cdk_error_t cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out,
- cdk_strlist_t remusr);
+ cdk_strlist_t remusr);
/* Import the given key node @knode into the key db. */
cdk_error_t cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode);
/* Start the key list process. Either use @PATT for a pattern search
or @FPATT for a list of pattern. */
cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
- const char *patt, cdk_strlist_t fpatt);
+ const char *patt, cdk_strlist_t fpatt);
void cdk_listkey_close (cdk_listkey_t ctx);
/* Return the next key which matches the pattern. */
cdk_kbnode_t cdk_kbnode_new (cdk_packet_t pkt);
cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
- const unsigned char *buf,
- size_t buflen);
+ const unsigned char *buf,
+ size_t buflen);
cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node,
- unsigned char *buf, size_t * r_nbytes);
+ unsigned char *buf, size_t * r_nbytes);
cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
- unsigned char **r_buf,
- size_t * r_buflen);
+ unsigned char **r_buf,
+ size_t * r_buflen);
void cdk_kbnode_release (cdk_kbnode_t node);
void cdk_kbnode_delete (cdk_kbnode_t node);
void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
+ cdk_packet_type_t pkttype);
int cdk_kbnode_commit (cdk_kbnode_t * root);
void cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node);
void cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node,
- cdk_kbnode_t where);
+ cdk_kbnode_t where);
cdk_kbnode_t cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx,
- int all);
+ int all);
cdk_packet_t cdk_kbnode_find_packet (cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
+ cdk_packet_type_t pkttype);
cdk_packet_t cdk_kbnode_get_packet (cdk_kbnode_t node);
cdk_kbnode_t cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype);
cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
+ cdk_packet_type_t pkttype);
cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
+ cdk_packet_type_t pkttype);
cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md,
- int is_v4, cdk_packet_type_t pkttype,
- int flags);
+ int is_v4, cdk_packet_type_t pkttype,
+ int flags);
/* Check each signature in the key node and return a summary of the
key status in @r_status. Values of cdk_key_flag_t are used. */
cdk_error_t cdk_pk_check_sigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd,
- int *r_status);
+ int *r_status);
/* Check the self signature of the key to make sure it is valid. */
cdk_error_t cdk_pk_check_self_sig (cdk_kbnode_t knode, int *r_status);
MDC feature. */
int cdk_pklist_use_mdc (cdk_keylist_t pkl);
cdk_error_t cdk_pklist_build (cdk_keylist_t * ret_pkl, cdk_keydb_hd_t hd,
- cdk_strlist_t remusr, int use);
+ cdk_strlist_t remusr, int use);
void cdk_pklist_release (cdk_keylist_t pkl);
/* Secret key lists */
cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
- cdk_keydb_hd_t db, cdk_ctx_t hd,
- cdk_strlist_t locusr,
- int unlock, unsigned int use);
+ cdk_keydb_hd_t db, cdk_ctx_t hd,
+ cdk_strlist_t locusr,
+ int unlock, unsigned int use);
void cdk_sklist_release (cdk_keylist_t skl);
cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
- digest_hd_st * mdctx, int sigclass,
- int sigver);
+ digest_hd_st * mdctx, int sigclass,
+ int sigver);
cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
- int sigclass, int mdalgo);
+ int sigclass, int mdalgo);
/* Encrypt the given stream @INP with the recipients given in @REMUSR.
If @REMUSR is NULL, symmetric encryption will be used. The output
will be written to @OUT. */
cdk_error_t cdk_stream_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
- cdk_stream_t inp, cdk_stream_t out);
+ cdk_stream_t inp, cdk_stream_t out);
/* Decrypt the @INP stream into @OUT. */
cdk_error_t cdk_stream_decrypt (cdk_ctx_t hd, cdk_stream_t inp,
- cdk_stream_t out);
+ cdk_stream_t out);
/* Same as the function above but it works on files. */
cdk_error_t cdk_file_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
- const char *file, const char *output);
+ const char *file, const char *output);
cdk_error_t cdk_file_decrypt (cdk_ctx_t hd, const char *file,
- const char *output);
+ const char *output);
/* Generic function to transform data. The mode can be either sign,
verify, encrypt, decrypt, import or export. The meanings of the
parameters are similar to the functions above.
@OUTBUF will contain the output and @OUTSIZE the length of it. */
cdk_error_t cdk_data_transform (cdk_ctx_t hd, enum cdk_crypto_mode_t mode,
- cdk_strlist_t locusr, cdk_strlist_t remusr,
- const void *inbuf, size_t insize,
- unsigned char **outbuf, size_t * outsize,
- int modval);
+ cdk_strlist_t locusr, cdk_strlist_t remusr,
+ const void *inbuf, size_t insize,
+ unsigned char **outbuf, size_t * outsize,
+ int modval);
/* Sign the stream @INP. Optionally, the output will be encrypted
if @REMUSR is not NULL and the @ENCRYPTFLAG is set.
The output will be written to @OUT.
@LOCUSR contains one ore more pattern for the secret key(s) to use. */
cdk_error_t cdk_stream_sign (cdk_ctx_t hd, cdk_stream_t inp,
- cdk_stream_t out, cdk_strlist_t locusr,
- cdk_strlist_t remusr, int encryptflag,
- int sigmode);
+ cdk_stream_t out, cdk_strlist_t locusr,
+ cdk_strlist_t remusr, int encryptflag,
+ int sigmode);
/* Same as the function above but it works on files. */
cdk_error_t cdk_file_sign (cdk_ctx_t hd, cdk_strlist_t locusr,
- cdk_strlist_t remusr,
- const char *file, const char *output,
- int sigmode, int encryptflag);
+ cdk_strlist_t remusr,
+ const char *file, const char *output,
+ int sigmode, int encryptflag);
cdk_error_t cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp,
- cdk_stream_t data, cdk_stream_t out);
+ cdk_stream_t data, cdk_stream_t out);
/* Verify the given file @FILE. For a detached signature, @DATA_FILE
contains the actual file data and @FILE is only the signature.
If the @OUTPUT is not NULL, the plaintext will be written to this file. */
cdk_error_t cdk_file_verify (cdk_ctx_t hd, const char *file,
- const char *data_file, const char *output);
+ const char *data_file, const char *output);
int cdk_trustdb_get_validity (cdk_stream_t inp, cdk_pkt_userid_t id,
- int *r_val);
+ int *r_val);
int cdk_trustdb_get_ownertrust (cdk_stream_t inp, cdk_pubkey_t pk,
- int *r_val, int *r_flags);
+ int *r_val, int *r_flags);
void cdk_strlist_free (cdk_strlist_t sl);
cdk_strlist_t cdk_strlist_add (cdk_strlist_t * list, const char *string);
}
#endif
-#endif /* OPENCDK_H */
+#endif /* OPENCDK_H */
cdk_error_t _cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src);
cdk_error_t _cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk);
cdk_error_t _cdk_copy_signature (cdk_pkt_signature_t * dst,
- cdk_pkt_signature_t src);
+ cdk_pkt_signature_t src);
cdk_error_t _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b);
#endif /* CDK_PACKET_H */
{
err = _gnutls_mpi_dprint (sig->mpi[0], r_sig);
if (err < 0)
- rc = map_gnutls_error (err);
+ rc = map_gnutls_error (err);
}
else if (is_DSA (sig->pubkey_algo))
{
err = _gnutls_encode_ber_rs (r_sig, sig->mpi[0], sig->mpi[1]);
if (err < 0)
- rc = map_gnutls_error (err);
+ rc = map_gnutls_error (err);
}
else
rc = CDK_Inv_Algo;
}
rc = _cdk_digest_encode_pkcs1 (&encmd, &enclen, pk->pubkey_algo, md,
- sig->digest_algo, cdk_pk_get_nbits (pk));
+ sig->digest_algo, cdk_pk_get_nbits (pk));
if (rc)
{
gnutls_assert ();
int ret;
if (is_RSA (algo))
- ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
+ ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
else if (is_DSA (algo))
ret = DSA_PRIVATE_PARAMS;
else if (is_ELG (algo))
*/
static cdk_error_t
mpi_to_buffer (bigint_t a, byte * buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits)
+ size_t * r_nwritten, size_t * r_nbits)
{
size_t nbits;
int err;
**/
cdk_error_t
cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
- byte * buf, size_t buflen, size_t * r_nwritten,
- size_t * r_nbits)
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
{
if (!pk || !r_nwritten)
return CDK_Inv_Value;
**/
cdk_error_t
cdk_sk_get_mpi (cdk_pkt_seckey_t sk, size_t idx,
- byte * buf, size_t buflen, size_t * r_nwritten,
- size_t * r_nbits)
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
{
if (!sk || !r_nwritten)
return CDK_Inv_Value;
return CDK_Inv_Value;
if (pk->version < 4 && is_RSA (pk->pubkey_algo))
- md_algo = GNUTLS_DIG_MD5; /* special */
+ md_algo = GNUTLS_DIG_MD5; /* special */
else
md_algo = GNUTLS_DIG_SHA1;
dlen = _gnutls_hash_get_algo_len (md_algo);
**/
cdk_error_t
cdk_pk_to_fingerprint (cdk_pubkey_t pk,
- byte * fprbuf, size_t fprbuflen, size_t * r_nout)
+ byte * fprbuf, size_t fprbuflen, size_t * r_nout)
{
size_t key_fprlen;
cdk_error_t err;
if (pk && (!pk->keyid[0] || !pk->keyid[1]))
{
if (pk->version < 4 && is_RSA (pk->pubkey_algo))
- {
- byte p[MAX_MPI_BYTES];
- size_t n;
-
- n = MAX_MPI_BYTES;
- _gnutls_mpi_print (pk->mpi[0], p, &n);
- pk->keyid[0] =
- p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5];
- pk->keyid[1] =
- p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1];
- }
+ {
+ byte p[MAX_MPI_BYTES];
+ size_t n;
+
+ n = MAX_MPI_BYTES;
+ _gnutls_mpi_print (pk->mpi[0], p, &n);
+ pk->keyid[0] =
+ p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5];
+ pk->keyid[1] =
+ p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1];
+ }
else if (pk->version == 4)
- {
- cdk_pk_get_fingerprint (pk, buf);
- pk->keyid[0] = _cdk_buftou32 (buf + 12);
- pk->keyid[1] = _cdk_buftou32 (buf + 16);
- }
+ {
+ cdk_pk_get_fingerprint (pk, buf);
+ pk->keyid[0] = _cdk_buftou32 (buf + 12);
+ pk->keyid[1] = _cdk_buftou32 (buf + 16);
+ }
}
lowbits = pk ? pk->keyid[1] : 0;
if (keyid && pk)
else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
{
if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
- return CDK_Inv_Packet;
+ return CDK_Inv_Packet;
if (nread != DIM (s2k->salt))
- return CDK_Inv_Packet;
+ return CDK_Inv_Packet;
if (s2k->mode == CDK_S2K_ITERSALTED)
- s2k->count = cdk_stream_getc (inp);
+ s2k->count = cdk_stream_getc (inp);
}
else if (s2k->mode == CDK_S2K_GNU_EXT)
{
if (nbits > MAX_MPI_BITS || nbits == 0)
{
_gnutls_write_log ("read_mpi: too large %d bits\n", (int) nbits);
- return CDK_MPI_Error; /* Sanity check */
+ return CDK_MPI_Error; /* Sanity check */
}
rc = stream_read (inp, buf + 2, nread, &nread);
if (!rc && nread != ((nbits + 7) / 8))
{
_gnutls_write_log ("read_mpi: too short %d < %d\n", (int) nread,
- (int) ((nbits + 7) / 8));
+ (int) ((nbits + 7) / 8));
return CDK_MPI_Error;
}
if (c1 == EOF)
return (size_t) EOF;
if (c1 < 224 || c1 == 255)
- *ret_partial = 0; /* End of partial data */
+ *ret_partial = 0; /* End of partial data */
if (c1 < 192)
pktlen = c1;
else if (c1 >= 192 && c1 <= 223)
{
c2 = fgetc (inp);
if (c2 == EOF)
- return (size_t) EOF;
+ return (size_t) EOF;
pktlen = ((c1 - 192) << 8) + c2 + 192;
}
else if (c1 == 255)
pke->keyid[0] = read_32 (inp);
pke->keyid[1] = read_32 (inp);
if (!pke->keyid[0] && !pke->keyid[1])
- pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
+ pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
pke->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
nenc = cdk_pk_get_nenc (pke->pubkey_algo);
if (!nenc)
{
cdk_error_t rc = read_mpi (inp, &pke->mpi[i], 0);
if (rc)
- return rc;
+ return rc;
}
return 0;
if (DEBUG_PKT)
_gnutls_write_log ("read_public_key: %d octets\n", (int) pktlen);
- pk->is_invalid = 1; /* default to detect missing self signatures */
+ pk->is_invalid = 1; /* default to detect missing self signatures */
pk->is_revoked = 0;
pk->has_expired = 0;
{
ndays = read_16 (inp);
if (ndays)
- pk->expiredate = pk->timestamp + ndays * 86400L;
+ pk->expiredate = pk->timestamp + ndays * 86400L;
}
pk->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
{
gnutls_assert ();
_gnutls_write_log ("invalid public key algorithm %d\n",
- pk->pubkey_algo);
+ pk->pubkey_algo);
return CDK_Inv_Algo;
}
for (i = 0; i < npkey; i++)
{
cdk_error_t rc = read_mpi (inp, &pk->mpi[i], 0);
if (rc)
- return rc;
+ return rc;
}
/* This value is just for the first run and will be
sk->protect.algo = _pgp_cipher_to_gnutls (cdk_stream_getc (inp));
sk->protect.s2k = cdk_calloc (1, sizeof *sk->protect.s2k);
if (!sk->protect.s2k)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_s2k (inp, sk->protect.s2k);
if (rc)
- return rc;
+ return rc;
/* refer to --export-secret-subkeys in gpg(1) */
if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
- sk->protect.ivlen = 0;
+ sk->protect.ivlen = 0;
else
- {
- sk->protect.ivlen = gnutls_cipher_get_block_size (sk->protect.algo);
- if (!sk->protect.ivlen)
- return CDK_Inv_Packet;
- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
- if (rc)
- return rc;
- if (nread != sk->protect.ivlen)
- return CDK_Inv_Packet;
- }
+ {
+ sk->protect.ivlen = gnutls_cipher_get_block_size (sk->protect.algo);
+ if (!sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ }
}
else
sk->protect.algo = _pgp_cipher_to_gnutls (sk->s2k_usage);
sk->csum = 0;
nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
+ {
+ gnutls_assert ();
+ return CDK_Inv_Algo;
+ }
for (i = 0; i < nskey; i++)
- {
- rc = read_mpi (inp, &sk->mpi[i], 1);
- if (rc)
- return rc;
- }
+ {
+ rc = read_mpi (inp, &sk->mpi[i], 1);
+ if (rc)
+ return rc;
+ }
sk->csum = read_16 (inp);
sk->is_protected = 0;
}
/* The length of each multiprecision integer is stored in plaintext. */
nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
+ {
+ gnutls_assert ();
+ return CDK_Inv_Algo;
+ }
for (i = 0; i < nskey; i++)
- {
- rc = read_mpi (inp, &sk->mpi[i], 1);
- if (rc)
- return rc;
- }
+ {
+ rc = read_mpi (inp, &sk->mpi[i], 1);
+ if (rc)
+ return rc;
+ }
sk->csum = read_16 (inp);
sk->is_protected = 1;
}
p2 -= p1;
sk->enclen = pktlen - p2;
if (sk->enclen < 2)
- return CDK_Inv_Packet; /* at least 16 bits for the checksum! */
+ return CDK_Inv_Packet; /* at least 16 bits for the checksum! */
sk->encdata = cdk_calloc (1, sk->enclen + 1);
if (!sk->encdata)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
if (stream_read (inp, sk->encdata, sk->enclen, &nread))
- return CDK_Inv_Packet;
+ return CDK_Inv_Packet;
/* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
- {
- unsigned char gnumode;
- if ((sk->enclen < strlen ("GNU") + 1) ||
- (0 != memcmp ("GNU", sk->encdata, strlen ("GNU"))))
- return CDK_Inv_Packet;
- gnumode = sk->encdata[strlen ("GNU")];
- /* we only handle gnu-dummy (mode 1).
- mode 2 should refer to external smart cards.
- */
- if (gnumode != 1)
- return CDK_Inv_Packet;
- /* gnu-dummy should have no more data */
- if (sk->enclen != strlen ("GNU") + 1)
- return CDK_Inv_Packet;
- }
+ {
+ unsigned char gnumode;
+ if ((sk->enclen < strlen ("GNU") + 1) ||
+ (0 != memcmp ("GNU", sk->encdata, strlen ("GNU"))))
+ return CDK_Inv_Packet;
+ gnumode = sk->encdata[strlen ("GNU")];
+ /* we only handle gnu-dummy (mode 1).
+ mode 2 should refer to external smart cards.
+ */
+ if (gnumode != 1)
+ return CDK_Inv_Packet;
+ /* gnu-dummy should have no more data */
+ if (sk->enclen != strlen ("GNU") + 1)
+ return CDK_Inv_Packet;
+ }
nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
+ {
+ gnutls_assert ();
+ return CDK_Inv_Algo;
+ }
/* We mark each MPI entry with NULL to indicate a protected key. */
for (i = 0; i < nskey; i++)
- sk->mpi[i] = NULL;
+ sk->mpi[i] = NULL;
sk->is_protected = 1;
}
else if (len >= 192)
{
if (pktlen < 2)
- {
- cdk_free (buf);
- return CDK_Inv_Packet;
- }
+ {
+ cdk_free (buf);
+ return CDK_Inv_Packet;
+ }
len = ((len - 192) << 8) + *p + 192;
p++;
pktlen--;
}
- if (*p != 1) /* Currently only 1, meaning an image, is defined. */
+ if (*p != 1) /* Currently only 1, meaning an image, is defined. */
{
cdk_free (buf);
return CDK_Inv_Packet;
c1 = cdk_stream_getc (inp);
n++;
if (c1 == 0)
- return 0;
+ return 0;
size = ((c - 192) << 8) + c1 + 192;
}
else if (c < 192)
for (node = sig->unhashed; node; node = node->next)
{
if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8)
- {
- sig->keyid[0] = _cdk_buftou32 (node->d);
- sig->keyid[1] = _cdk_buftou32 (node->d + 4);
- }
+ {
+ sig->keyid[0] = _cdk_buftou32 (node->d);
+ sig->keyid[1] = _cdk_buftou32 (node->d + 4);
+ }
else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
- {
- /* Sometimes this packet might be placed in the unhashed area */
- sig->flags.exportable = 0;
- }
+ {
+ /* Sometimes this packet might be placed in the unhashed area */
+ sig->flags.exportable = 0;
+ }
}
for (node = sig->hashed; node; node = node->next)
{
if (node->type == CDK_SIGSUBPKT_SIG_CREATED && node->size >= 4)
- sig->timestamp = _cdk_buftou32 (node->d);
+ sig->timestamp = _cdk_buftou32 (node->d);
else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE && node->size >= 4)
- {
- sig->expiredate = _cdk_buftou32 (node->d);
- if (sig->expiredate > 0 && sig->expiredate < (u32) time (NULL))
- sig->flags.expired = 1;
- }
+ {
+ sig->expiredate = _cdk_buftou32 (node->d);
+ if (sig->expiredate > 0 && sig->expiredate < (u32) time (NULL))
+ sig->flags.expired = 1;
+ }
else if (node->type == CDK_SIGSUBPKT_POLICY)
- sig->flags.policy_url = 1;
+ sig->flags.policy_url = 1;
else if (node->type == CDK_SIGSUBPKT_NOTATION)
- sig->flags.notation = 1;
+ sig->flags.notation = 1;
else if (node->type == CDK_SIGSUBPKT_REVOCABLE && node->d[0] == 0)
- sig->flags.revocable = 0;
+ sig->flags.revocable = 0;
else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
- sig->flags.exportable = 0;
+ sig->flags.exportable = 0;
}
if (sig->sig_class == 0x1F)
{
cdk_desig_revoker_t r, rnode;
for (node = sig->hashed; node; node = node->next)
- {
- if (node->type == CDK_SIGSUBPKT_REV_KEY)
- {
- if (node->size < 22)
- continue;
- rnode = cdk_calloc (1, sizeof *rnode);
- if (!rnode)
- return CDK_Out_Of_Core;
- rnode->r_class = node->d[0];
- rnode->algid = node->d[1];
- memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN);
- if (!sig->revkeys)
- sig->revkeys = rnode;
- else
- {
- for (r = sig->revkeys; r->next; r = r->next)
- ;
- r->next = rnode;
- }
- }
- }
+ {
+ if (node->type == CDK_SIGSUBPKT_REV_KEY)
+ {
+ if (node->size < 22)
+ continue;
+ rnode = cdk_calloc (1, sizeof *rnode);
+ if (!rnode)
+ return CDK_Out_Of_Core;
+ rnode->r_class = node->d[0];
+ rnode->algid = node->d[1];
+ memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN);
+ if (!sig->revkeys)
+ sig->revkeys = rnode;
+ else
+ {
+ for (r = sig->revkeys; r->next; r = r->next)
+ ;
+ r->next = rnode;
+ }
+ }
+ }
}
return 0;
if (sig->version < 4)
{
if (cdk_stream_getc (inp) != 5)
- return CDK_Inv_Packet;
+ return CDK_Inv_Packet;
sig->sig_class = cdk_stream_getc (inp);
sig->timestamp = read_32 (inp);
sig->keyid[0] = read_32 (inp);
sig->digest_start[1] = cdk_stream_getc (inp);
nsig = cdk_pk_get_nsig (sig->pubkey_algo);
if (!nsig)
- return CDK_Inv_Algo;
+ return CDK_Inv_Algo;
for (i = 0; i < nsig; i++)
- {
- rc = read_mpi (inp, &sig->mpi[i], 0);
- if (rc)
- return rc;
- }
+ {
+ rc = read_mpi (inp, &sig->mpi[i], 0);
+ if (rc)
+ return rc;
+ }
}
else
{
size = sig->hashed_size;
sig->hashed = NULL;
while (size > 0)
- {
- rc = read_subpkt (inp, &sig->hashed, &nbytes);
- if (rc)
- return rc;
- size -= nbytes;
- }
+ {
+ rc = read_subpkt (inp, &sig->hashed, &nbytes);
+ if (rc)
+ return rc;
+ size -= nbytes;
+ }
sig->unhashed_size = read_16 (inp);
size = sig->unhashed_size;
sig->unhashed = NULL;
while (size > 0)
- {
- rc = read_subpkt (inp, &sig->unhashed, &nbytes);
- if (rc)
- return rc;
- size -= nbytes;
- }
+ {
+ rc = read_subpkt (inp, &sig->unhashed, &nbytes);
+ if (rc)
+ return rc;
+ size -= nbytes;
+ }
rc = parse_sig_subpackets (sig);
if (rc)
- return rc;
+ return rc;
sig->digest_start[0] = cdk_stream_getc (inp);
sig->digest_start[1] = cdk_stream_getc (inp);
nsig = cdk_pk_get_nsig (sig->pubkey_algo);
if (!nsig)
- return CDK_Inv_Algo;
+ return CDK_Inv_Algo;
for (i = 0; i < nsig; i++)
- {
- rc = read_mpi (inp, &sig->mpi[i], 0);
- if (rc)
- return rc;
- }
+ {
+ rc = read_mpi (inp, &sig->mpi[i], 0);
+ if (rc)
+ return rc;
+ }
}
return 0;
static cdk_error_t
read_literal (cdk_stream_t inp, size_t pktlen,
- cdk_pkt_literal_t * ret_pt, int is_partial)
+ cdk_pkt_literal_t * ret_pt, int is_partial)
{
cdk_pkt_literal_t pt = *ret_pt;
size_t nread;
{
*ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2);
if (!pt)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
pt->name = (char *) pt + sizeof (*pt);
rc = stream_read (inp, pt->name, pt->namelen, &nread);
if (rc)
- return rc;
+ return rc;
if ((int) nread != pt->namelen)
- return CDK_Inv_Packet;
+ return CDK_Inv_Packet;
pt->name[pt->namelen] = '\0';
}
pt->timestamp = read_32 (inp);
/* Read a new CTB and decode the body length. */
static void
read_new_length (cdk_stream_t inp,
- size_t * r_len, size_t * r_size, size_t * r_partial)
+ size_t * r_len, size_t * r_size, size_t * r_partial)
{
int c, c1;
if (!(ctb & 0x80))
{
_cdk_log_info ("cdk_pkt_read: no openpgp data found. "
- "(ctb=%02X; fpos=%02X)\n", (int) ctb,
- (int) cdk_stream_tell (inp));
+ "(ctb=%02X; fpos=%02X)\n", (int) ctb,
+ (int) cdk_stream_tell (inp));
return CDK_Inv_Packet;
}
- if (ctb & 0x40) /* RFC2440 packet format. */
+ if (ctb & 0x40) /* RFC2440 packet format. */
{
pkttype = ctb & 0x3f;
is_newctb = 1;
}
- else /* the old RFC1991 packet format. */
+ else /* the old RFC1991 packet format. */
{
pkttype = ctb & 0x3f;
pkttype >>= 2;
{
case CDK_PKT_ATTRIBUTE:
pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
- + pkt->pktlen + 16 + 1);
+ + pkt->pktlen + 16 + 1);
if (!pkt->pkt.user_id)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
pkt->pkt.user_id->name =
- (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
+ (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
rc = read_attribute (inp, pktlen, pkt->pkt.user_id);
pkt->pkttype = CDK_PKT_ATTRIBUTE;
case CDK_PKT_USER_ID:
pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
- + pkt->pktlen + 1);
+ + pkt->pktlen + 1);
if (!pkt->pkt.user_id)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
pkt->pkt.user_id->name =
- (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
+ (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
rc = read_user_id (inp, pktlen, pkt->pkt.user_id);
break;
case CDK_PKT_PUBLIC_KEY:
pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
if (!pkt->pkt.public_key)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_public_key (inp, pktlen, pkt->pkt.public_key);
break;
case CDK_PKT_PUBLIC_SUBKEY:
pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
if (!pkt->pkt.public_key)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_public_subkey (inp, pktlen, pkt->pkt.public_key);
break;
case CDK_PKT_SECRET_KEY:
pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
if (!pkt->pkt.secret_key)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
pkt->pkt.secret_key->pk = cdk_calloc (1,
- sizeof *pkt->pkt.secret_key->pk);
+ sizeof *pkt->pkt.secret_key->pk);
if (!pkt->pkt.secret_key->pk)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_secret_key (inp, pktlen, pkt->pkt.secret_key);
break;
case CDK_PKT_SECRET_SUBKEY:
pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
if (!pkt->pkt.secret_key)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
pkt->pkt.secret_key->pk = cdk_calloc (1,
- sizeof *pkt->pkt.secret_key->pk);
+ sizeof *pkt->pkt.secret_key->pk);
if (!pkt->pkt.secret_key->pk)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_secret_subkey (inp, pktlen, pkt->pkt.secret_key);
break;
case CDK_PKT_LITERAL:
pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
if (!pkt->pkt.literal)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_literal (inp, pktlen, &pkt->pkt.literal, is_partial);
break;
case CDK_PKT_ONEPASS_SIG:
pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
if (!pkt->pkt.onepass_sig)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_onepass_sig (inp, pktlen, pkt->pkt.onepass_sig);
break;
case CDK_PKT_SIGNATURE:
pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
if (!pkt->pkt.signature)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_signature (inp, pktlen, pkt->pkt.signature);
break;
case CDK_PKT_PUBKEY_ENC:
pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
if (!pkt->pkt.pubkey_enc)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_pubkey_enc (inp, pktlen, pkt->pkt.pubkey_enc);
break;
case CDK_PKT_COMPRESSED:
pkt->pkt.compressed = cdk_calloc (1, sizeof *pkt->pkt.compressed);
if (!pkt->pkt.compressed)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_compressed (inp, pktlen, pkt->pkt.compressed);
break;
case CDK_PKT_MDC:
pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
if (!pkt->pkt.mdc)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = read_mdc (inp, pkt->pkt.mdc);
break;
*/
static cdk_error_t
do_encode_md (byte ** r_frame, size_t * r_flen, const byte * md, int algo,
- size_t len, unsigned nbits, const byte * asn, size_t asnlen)
+ size_t len, unsigned nbits, const byte * asn, size_t asnlen)
{
byte *frame = NULL;
size_t nframe = (nbits + 7) / 8;
return 0;
}
-static const byte md5_asn[18] = /* Object ID is 1.2.840.113549.2.5 */
+static const byte md5_asn[18] = /* Object ID is 1.2.840.113549.2.5 */
{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
};
-static const byte sha1_asn[15] = /* Object ID is 1.3.14.3.2.26 */
+static const byte sha1_asn[15] = /* Object ID is 1.3.14.3.2.26 */
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
};
-static const byte sha224_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
+static const byte sha224_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
{ 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
0x1C
};
-static const byte sha256_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
+static const byte sha256_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
{ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
0x00, 0x04, 0x20
};
-static const byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
+static const byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
{
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
0x00, 0x04, 0x40
};
-static const byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
+static const byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
{
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
0x00, 0x04, 0x30
};
-static const byte rmd160_asn[15] = /* Object ID is 1.3.36.3.2.1 */
+static const byte rmd160_asn[15] = /* Object ID is 1.3.36.3.2.1 */
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
0x02, 0x01, 0x05, 0x00, 0x04, 0x14
};
/* Encode the given digest into a pkcs#1 compatible format. */
cdk_error_t
_cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen, int pk_algo,
- const byte * md, int digest_algo, unsigned nbits)
+ const byte * md, int digest_algo, unsigned nbits)
{
size_t dlen;
if (dlen <= 0)
return CDK_Inv_Algo;
if (is_DSA (pk_algo))
- { /* DSS does not use a special encoding. */
+ { /* DSS does not use a special encoding. */
*r_md = cdk_malloc (dlen + 1);
if (!*r_md)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
*r_mdlen = dlen;
memcpy (*r_md, md, dlen);
return 0;
asnlen = _gnutls_get_digest_oid (digest_algo, &asn);
if (asnlen < 0)
- return asnlen;
+ return asnlen;
rc = do_encode_md (r_md, r_mdlen, md, digest_algo, dlen,
- nbits, asn, asnlen);
+ nbits, asn, asnlen);
return rc;
}
return 0;
**/
cdk_error_t
cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
- const byte * salt)
+ const byte * salt)
{
cdk_s2k_t s2k;
static int
hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
- byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
+ byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
size_t nbytes;
size_t i, npkey;
int err;
err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes);
if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
+ {
+ gnutls_assert ();
+ return map_gnutls_error (err);
+ }
if (!usefpr || pk->version == 4)
- _gnutls_hash (md, buf, nbytes);
- else /* without the prefix. */
- _gnutls_hash (md, buf + 2, nbytes - 2);
+ _gnutls_hash (md, buf, nbytes);
+ else /* without the prefix. */
+ _gnutls_hash (md, buf + 2, nbytes - 2);
}
return 0;
}
/* Convert the expiration date into days. */
if (pk->expiredate)
- a = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
+ a = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
buf[i++] = a >> 8;
buf[i++] = a;
}
tmp = _gnutls_hash_algo_to_pgp (sig->digest_algo);
_gnutls_hash (md, &tmp, 1);
if (sig->hashed != NULL)
- {
- byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n);
- assert (p != NULL);
- buf[0] = n >> 8;
- buf[1] = n >> 0;
- _gnutls_hash (md, buf, 2);
- _gnutls_hash (md, p, n);
- cdk_free (p);
- sig->hashed_size = n;
- n = sig->hashed_size + 6;
- }
+ {
+ byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n);
+ assert (p != NULL);
+ buf[0] = n >> 8;
+ buf[1] = n >> 0;
+ _gnutls_hash (md, buf, 2);
+ _gnutls_hash (md, p, n);
+ cdk_free (p);
+ sig->hashed_size = n;
+ n = sig->hashed_size + 6;
+ }
else
- {
- tmp = 0x00;
- _gnutls_hash (md, &tmp, 1);
- _gnutls_hash (md, &tmp, 1);
- n = 6;
- }
+ {
+ tmp = 0x00;
+ _gnutls_hash (md, &tmp, 1);
+ _gnutls_hash (md, &tmp, 1);
+ n = 6;
+ }
_gnutls_hash (md, &sig->version, 1);
tmp = 0xff;
_gnutls_hash (md, &tmp, 1);
Use the digest handle @digest. */
cdk_error_t
_cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st * digest, int *r_expired)
+ digest_hd_st * digest, int *r_expired)
{
cdk_error_t rc;
byte md[MAX_DIGEST_LEN];
@knode is the key node and @snode the signature node. */
cdk_error_t
_cdk_pk_check_sig (cdk_keydb_hd_t keydb,
- cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
- char **ret_uid)
+ cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid)
{
digest_hd_st md;
int err;
is_expired = 0;
if (sig->sig_class == 0x20)
- { /* key revocation */
+ { /* key revocation */
cdk_kbnode_hash (knode, &md, 0, 0, 0);
rc = _cdk_sig_check (pk, sig, &md, &is_expired);
}
else if (sig->sig_class == 0x28)
- { /* subkey revocation */
+ { /* subkey revocation */
node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
if (!node)
- { /* no subkey for subkey revocation packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
+ { /* no subkey for subkey revocation packet */
+ gnutls_assert ();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
cdk_kbnode_hash (knode, &md, 0, 0, 0);
cdk_kbnode_hash (node, &md, 0, 0, 0);
rc = _cdk_sig_check (pk, sig, &md, &is_expired);
}
else if (sig->sig_class == 0x18 || sig->sig_class == 0x19)
- { /* primary/secondary key binding */
+ { /* primary/secondary key binding */
node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
if (!node)
- { /* no subkey for subkey binding packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
+ { /* no subkey for subkey binding packet */
+ gnutls_assert ();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
cdk_kbnode_hash (knode, &md, 0, 0, 0);
cdk_kbnode_hash (node, &md, 0, 0, 0);
rc = _cdk_sig_check (pk, sig, &md, &is_expired);
}
else if (sig->sig_class == 0x1F)
- { /* direct key signature */
+ { /* direct key signature */
cdk_kbnode_hash (knode, &md, 0, 0, 0);
rc = _cdk_sig_check (pk, sig, &md, &is_expired);
}
else
- { /* all other classes */
+ { /* all other classes */
cdk_pkt_userid_t uid;
node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_USER_ID);
if (!node)
- { /* no user ID for key signature packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
+ { /* no user ID for key signature packet */
+ gnutls_assert ();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
uid = node->pkt->pkt.user_id;
if (ret_uid)
- {
- *ret_uid = uid->name;
- }
+ {
+ *ret_uid = uid->name;
+ }
cdk_kbnode_hash (knode, &md, 0, 0, 0);
cdk_kbnode_hash (node, &md, sig->version == 4, 0, 0);
if (pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1])
- {
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- if (is_selfsig)
- *is_selfsig = 1;
- }
+ {
+ rc = _cdk_sig_check (pk, sig, &md, &is_expired);
+ if (is_selfsig)
+ *is_selfsig = 1;
+ }
else if (keydb != NULL)
- {
- cdk_pubkey_t sig_pk;
- rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk);
- if (!rc)
- rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired);
- cdk_pk_release (sig_pk);
- }
+ {
+ cdk_pubkey_t sig_pk;
+ rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk);
+ if (!rc)
+ rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired);
+ cdk_pk_release (sig_pk);
+ }
}
fail:
_gnutls_hash_deinit (&md, NULL);
static int
uid_list_add_sig (struct verify_uid **list, const char *uid,
- unsigned int flag)
+ unsigned int flag)
{
if (*list == NULL)
{
*list = cdk_calloc (1, sizeof (struct verify_uid));
if (*list == NULL)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
(*list)->name = uid;
if (flag != 0)
- (*list)->nsigs++;
+ (*list)->nsigs++;
}
else
{
p = *list;
while (p != NULL)
- {
- if (strcmp (uid, p->name) == 0)
- {
- found = 1;
- break;
- }
- prev_p = p;
- p = p->next;
- }
+ {
+ if (strcmp (uid, p->name) == 0)
+ {
+ found = 1;
+ break;
+ }
+ prev_p = p;
+ p = p->next;
+ }
if (found == 0)
- { /* not found add to the last */
- prev_p->next = cdk_calloc (1, sizeof (struct verify_uid));
- if (prev_p->next == NULL)
- return CDK_Out_Of_Core;
- prev_p->next->name = uid;
- if (flag != 0)
- prev_p->next->nsigs++;
- }
+ { /* not found add to the last */
+ prev_p->next = cdk_calloc (1, sizeof (struct verify_uid));
+ if (prev_p->next == NULL)
+ return CDK_Out_Of_Core;
+ prev_p->next->name = uid;
+ if (flag != 0)
+ prev_p->next->nsigs++;
+ }
else
- { /* found... increase sigs */
- if (flag != 0)
- p->nsigs++;
- }
+ { /* found... increase sigs */
+ if (flag != 0)
+ p->nsigs++;
+ }
}
return CDK_Success;
while (p != NULL)
{
if (p->nsigs == 0)
- {
- return 0;
- }
+ {
+ return 0;
+ }
p = p->next;
}
- return 1; /* all signed */
+ return 1; /* all signed */
}
/**
for (node = key; node; node = node->next)
{
if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- continue;
+ continue;
sig = node->pkt->pkt.signature;
rc = _cdk_pk_check_sig (keydb, key, node, &is_selfsig, &uid_name);
if (rc && rc != CDK_Error_No_Key)
- {
- /* It might be possible that a single signature has been
- corrupted, thus we do not consider it a problem when
- one ore more signatures are bad. But at least the self
- signature has to be valid. */
- if (is_selfsig)
- {
- key_status |= CDK_KEY_INVALID;
- break;
- }
- }
+ {
+ /* It might be possible that a single signature has been
+ corrupted, thus we do not consider it a problem when
+ one ore more signatures are bad. But at least the self
+ signature has to be valid. */
+ if (is_selfsig)
+ {
+ key_status |= CDK_KEY_INVALID;
+ break;
+ }
+ }
_cdk_log_debug ("signature %s: signer %08X keyid %08X\n",
- rc == CDK_Bad_Sig ? "BAD" : "good",
- (unsigned int) sig->keyid[1], (unsigned int) keyid);
+ rc == CDK_Bad_Sig ? "BAD" : "good",
+ (unsigned int) sig->keyid[1], (unsigned int) keyid);
if (IS_UID_SIG (sig) && uid_name != NULL)
- {
- /* add every uid in the uid list. Only consider valid:
- * - verification was ok
- * - not a selfsig
- */
- rc =
- uid_list_add_sig (&uid_list, uid_name,
- (rc == CDK_Success && is_selfsig == 0) ? 1 : 0);
- if (rc != CDK_Success)
- {
- gnutls_assert ();
- goto exit;
- }
- }
+ {
+ /* add every uid in the uid list. Only consider valid:
+ * - verification was ok
+ * - not a selfsig
+ */
+ rc =
+ uid_list_add_sig (&uid_list, uid_name,
+ (rc == CDK_Success && is_selfsig == 0) ? 1 : 0);
+ if (rc != CDK_Success)
+ {
+ gnutls_assert ();
+ goto exit;
+ }
+ }
}
{
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY
- && pkt->pkttype != CDK_PKT_PUBLIC_KEY)
- continue;
+ && pkt->pkttype != CDK_PKT_PUBLIC_KEY)
+ continue;
/* FIXME: we should set expire/revoke here also but callers
expect CDK_KEY_VALID=0 if the key is okay. */
sig_ok = 0;
for (node = p; node; node = node->next)
- {
- if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- continue;
- sig = node->pkt->pkt.signature;
-
- cdk_sig_get_keyid (sig, sigid);
- if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
- continue;
- /* FIXME: Now we check all self signatures. */
- rc = _cdk_pk_check_sig (NULL, p, node, &is_selfsig, NULL);
- if (rc)
- {
- *r_status = CDK_KEY_INVALID;
- return rc;
- }
- else /* For each valid self sig we increase this counter. */
- sig_ok++;
- }
+ {
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+
+ cdk_sig_get_keyid (sig, sigid);
+ if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
+ continue;
+ /* FIXME: Now we check all self signatures. */
+ rc = _cdk_pk_check_sig (NULL, p, node, &is_selfsig, NULL);
+ if (rc)
+ {
+ *r_status = CDK_KEY_INVALID;
+ return rc;
+ }
+ else /* For each valid self sig we increase this counter. */
+ sig_ok++;
+ }
/* A key without a self signature is not valid. At least one
* signature for the given key has to be found.
*/
if (!sig_ok)
- {
- *r_status = CDK_KEY_INVALID;
- return CDK_General_Error;
- }
+ {
+ *r_status = CDK_KEY_INVALID;
+ return CDK_General_Error;
+ }
}
/* No flags indicate a valid key. */
static cdk_error_t stream_filter_write (cdk_stream_t s);
static int stream_cache_flush (cdk_stream_t s, FILE * fp);
struct stream_filter_s *filter_add (cdk_stream_t s, filter_fnct_t fnc,
- int type);
+ int type);
/* FIXME: The read/write/putc/getc function cannot directly
/* Helper function to allow to open a stream in different modes. */
cdk_error_t
_cdk_stream_open_mode (const char *file, const char *mode,
- cdk_stream_t * ret_s)
+ cdk_stream_t * ret_s)
{
cdk_stream_t s;
*/
cdk_error_t
cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
- cdk_stream_t * ret_s)
+ cdk_stream_t * ret_s)
{
cdk_stream_t s;
{
s->fname = cdk_strdup (file);
if (!s->fname)
- {
- cdk_free (s);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
+ {
+ cdk_free (s);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
}
s->fp = _cdk_tmpfile ();
if (!s->fp)
if (!s->flags.filtrated)
{
if (!cdk_stream_get_length (s))
- return 0;
+ return 0;
rc = cdk_stream_seek (s, 0);
if (!rc)
- rc = stream_flush (s);
+ rc = stream_flush (s);
if (!rc)
- rc = stream_filter_write (s);
+ rc = stream_filter_write (s);
s->flags.filtrated = 1;
if (rc)
- {
- s->error = rc;
- gnutls_assert ();
- return rc;
- }
+ {
+ s->error = rc;
+ gnutls_assert ();
+ return rc;
+ }
}
return 0;
}
}
_gnutls_read_log ("close stream ref=%d `%s'\n",
- s->fp_ref, s->fname ? s->fname : "[temp]");
+ s->fp_ref, s->fname ? s->fname : "[temp]");
/* In the user callback mode, we call the release cb if possible
and just free the stream. */
if (s->cbs_hd)
{
if (s->cbs.release)
- rc = s->cbs.release (s->cbs_hd);
+ rc = s->cbs.release (s->cbs_hd);
else
- rc = 0;
+ rc = 0;
cdk_free (s);
gnutls_assert ();
return rc;
err = fclose (s->fp);
s->fp = NULL;
if (err)
- rc = CDK_File_Error;
+ rc = CDK_File_Error;
}
/* Iterate over the filter list and use the cleanup flag to
{
f2 = f->next;
if (f->fnct)
- f->fnct (f->opaque, STREAMCTL_FREE, NULL, NULL);
+ f->fnct (f->opaque, STREAMCTL_FREE, NULL, NULL);
cdk_free (f);
f = f2;
}
for (f = s->filters; f; f = f->next)
{
if (f->fnct == fnc)
- return f;
+ return f;
}
return NULL;
assert (s);
_gnutls_read_log ("replace stream fd=%d with fd=%d\n",
- fileno (s->fp), fileno (*tmp));
+ fileno (s->fp), fileno (*tmp));
rc = fclose (s->fp);
if (rc)
{
for (f = s->filters; f; f = f->next)
{
if (!f->flags.enabled)
- continue;
+ continue;
/* if there is no next filter, create the final output file */
_gnutls_read_log ("filter [write]: last filter=%d fname=%s\n",
- f->next ? 1 : 0, s->fname);
+ f->next ? 1 : 0, s->fname);
if (!f->next && s->fname)
- f->tmp = fopen (s->fname, "w+b");
+ f->tmp = fopen (s->fname, "w+b");
else
- f->tmp = _cdk_tmpfile ();
+ f->tmp = _cdk_tmpfile ();
if (!f->tmp)
- {
- rc = CDK_File_Error;
- break;
- }
+ {
+ rc = CDK_File_Error;
+ break;
+ }
/* If there is no next filter, flush the cache. We also do this
when the next filter is the armor filter because this filter
is special and before it starts, all data should be written. */
if ((!f->next || f->next->type == fARMOR) && s->cache.size)
- {
- rc = stream_cache_flush (s, f->tmp);
- if (rc)
- break;
- }
+ {
+ rc = stream_cache_flush (s, f->tmp);
+ if (rc)
+ break;
+ }
rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp);
_gnutls_read_log ("filter [write]: type=%d rc=%d\n", f->type, rc);
if (!rc)
- rc = stream_fp_replace (s, &f->tmp);
+ rc = stream_fp_replace (s, &f->tmp);
if (!rc)
- rc = cdk_stream_seek (s, 0);
+ rc = cdk_stream_seek (s, 0);
if (rc)
- {
- _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp));
- fclose (f->tmp);
- break;
- }
+ {
+ _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp));
+ fclose (f->tmp);
+ break;
+ }
}
return rc;
}
for (f = s->filters; f; f = f->next)
{
if (!f->flags.enabled)
- continue;
+ continue;
if (f->flags.error)
- {
- _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n",
- s->fname ? s->fname : "[temp]");
- continue;
- }
+ {
+ _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n",
+ s->fname ? s->fname : "[temp]");
+ continue;
+ }
f->tmp = _cdk_tmpfile ();
if (!f->tmp)
- {
- rc = CDK_File_Error;
- break;
- }
+ {
+ rc = CDK_File_Error;
+ break;
+ }
rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp);
_gnutls_read_log ("filter %s [read]: type=%d rc=%d\n",
- s->fname ? s->fname : "[temp]", f->type, rc);
+ s->fname ? s->fname : "[temp]", f->type, rc);
if (rc)
- {
- f->flags.error = 1;
- break;
- }
+ {
+ f->flags.error = 1;
+ break;
+ }
f->flags.error = 0;
/* If the filter is read-only, do not replace the FP because
the contents were not altered in any way. */
if (!f->flags.rdonly)
- {
- rc = stream_fp_replace (s, &f->tmp);
- if (rc)
- break;
- }
+ {
+ rc = stream_fp_replace (s, &f->tmp);
+ if (rc)
+ break;
+ }
else
- {
- fclose (f->tmp);
- f->tmp = NULL;
- }
+ {
+ fclose (f->tmp);
+ f->tmp = NULL;
+ }
rc = cdk_stream_seek (s, 0);
if (rc)
- break;
+ break;
/* Disable the filter after it was successfully used. The idea
is the following: let's say the armor filter was pushed and
later more filters were added. The second time the filter code
for (f = s->filters; f; f = f->next)
{
if ((int) f->type == fid)
- return f->opaque;
+ return f->opaque;
}
return NULL;
}
if (s->cbs_hd)
{
if (s->cbs.read)
- return s->cbs.read (s->cbs_hd, buf, buflen);
+ return s->cbs.read (s->cbs_hd, buf, buflen);
return 0;
}
{
s->error = CDK_Inv_Mode;
gnutls_assert ();
- return EOF; /* This is a write stream */
+ return EOF; /* This is a write stream */
}
if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated)
{
rc = stream_filter_read (s);
if (rc)
- {
- s->error = rc;
- if (feof (s->fp))
- s->flags.eof = 1;
- gnutls_assert ();
- return EOF;
- }
+ {
+ s->error = rc;
+ if (feof (s->fp))
+ s->flags.eof = 1;
+ gnutls_assert ();
+ return EOF;
+ }
s->flags.filtrated = 1;
}
if (s->cbs_hd)
{
if (s->cbs.write)
- return s->cbs.write (s->cbs_hd, buf, count);
+ return s->cbs.write (s->cbs_hd, buf, count);
return 0;
}
if (!s->flags.write)
{
- s->error = CDK_Inv_Mode; /* this is a read stream */
+ s->error = CDK_Inv_Mode; /* this is a read stream */
gnutls_assert ();
return EOF;
}
fit into it. We allocate more memory to avoid to resize it the
next time the function is used. */
if (s->cache.size + count > s->cache.alloced)
- {
- byte *old = s->cache.buf;
-
- s->cache.buf =
- cdk_calloc (1, s->cache.alloced + count + STREAM_BUFSIZE);
- s->cache.alloced += (count + STREAM_BUFSIZE);
- memcpy (s->cache.buf, old, s->cache.size);
- cdk_free (old);
- _gnutls_read_log ("stream: enlarge cache to %d octets\n",
- (int) s->cache.alloced);
- }
+ {
+ byte *old = s->cache.buf;
+
+ s->cache.buf =
+ cdk_calloc (1, s->cache.alloced + count + STREAM_BUFSIZE);
+ s->cache.alloced += (count + STREAM_BUFSIZE);
+ memcpy (s->cache.buf, old, s->cache.size);
+ cdk_free (old);
+ _gnutls_read_log ("stream: enlarge cache to %d octets\n",
+ (int) s->cache.alloced);
+ }
memcpy (s->cache.buf + s->cache.size, buf, count);
s->cache.size += count;
return count;
if (s->cbs_hd)
{
if (s->cbs.seek)
- return s->cbs.seek (s->cbs_hd, offset);
+ return s->cbs.seek (s->cbs_hd, offset);
return 0;
}
**/
cdk_error_t
cdk_stream_set_literal_flag (cdk_stream_t s, cdk_lit_format_t mode,
- const char *fname)
+ const char *fname)
{
struct stream_filter_s *f;
const char *orig_fname;
s->cache.buf = cdk_calloc (1, STREAM_BUFSIZE);
s->cache.alloced = STREAM_BUFSIZE;
_gnutls_read_log ("stream: allocate cache of %d octets\n",
- STREAM_BUFSIZE);
+ STREAM_BUFSIZE);
}
return 0;
}
{
nwritten = fwrite (s->cache.buf, 1, s->cache.size, fp);
if (!nwritten)
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
+ {
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
s->cache.size = 0;
s->cache.on = 0;
wipemem (s->cache.buf, s->cache.alloced);
{
nread = cdk_stream_read (inp, buf, DIM (buf));
if (!nread || nread == EOF)
- break;
+ break;
nwritten = cdk_stream_write (out, buf, nread);
if (!nwritten || nwritten == EOF)
- { /* In case of errors, we leave the loop. */
- rc = inp->error;
- break;
- }
+ { /* In case of errors, we leave the loop. */
+ rc = inp->error;
+ break;
+ }
}
wipemem (buf, sizeof (buf));
**/
cdk_error_t
cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
- byte ** ret_buf, size_t * ret_buflen)
+ byte ** ret_buf, size_t * ret_buflen)
{
cdk_error_t rc;
off_t oldpos;
{
c = cdk_stream_getc (s);
if (c == EOF || c == '\r' || c == '\n')
- {
- buf[i++] = '\0';
- break;
- }
+ {
+ buf[i++] = '\0';
+ break;
+ }
buf[i++] = c;
count--;
}
assert (s);
_gnutls_read_log ("stream: activate block mode with blocksize %d\n",
- (int) nbytes);
+ (int) nbytes);
s->blkmode = nbytes;
return 0;
}
/* Type definition for the filter function. */
typedef cdk_error_t (*filter_fnct_t) (void *opaque, int ctl, FILE * in,
- FILE * out);
+ FILE * out);
/* The stream filter context structure. */
struct stream_filter_s
static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *,
- const char *);
+ const char *);
/**
*/
cdk_error_t
cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
- cdk_stream_t out)
+ cdk_stream_t out)
{
/* FIXME: out is not currently used. */
if (cdk_armor_filter_use (inp))
**/
cdk_error_t
cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file,
- const char *output)
+ const char *output)
{
struct stat stbuf;
cdk_stream_t inp, data;
{
n = cdk_stream_peek (inp, (byte *) buf, DIM (buf) - 1);
if (!n || n == -1)
- return CDK_EOF;
+ return CDK_EOF;
buf[n] = '\0';
if (strstr (buf, "BEGIN PGP SIGNED MESSAGE"))
- {
- cdk_stream_close (inp);
- return file_verify_clearsign (hd, file, output);
- }
+ {
+ cdk_stream_close (inp);
+ return file_verify_clearsign (hd, file, output);
+ }
cdk_stream_set_armor_flag (inp, 0);
}
{
rc = cdk_stream_open (data_file, &data);
if (rc)
- {
- cdk_stream_close (inp);
- return rc;
- }
+ {
+ cdk_stream_close (inp);
+ return rc;
+ }
}
else
data = NULL;
{
rc = cdk_stream_create (output, &out);
if (rc)
- return rc;
+ return rc;
}
rc = cdk_stream_open (file, &inp);
if (rc)
{
if (output)
- cdk_stream_close (out);
+ cdk_stream_close (out);
return rc;
}
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
- break;
+ break;
if (!strncmp (buf, s, strlen (s)))
- {
- is_signed = 1;
- break;
- }
+ {
+ is_signed = 1;
+ break;
+ }
}
if (cdk_stream_eof (inp) && !is_signed)
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
- break;
- if (nbytes == 1) /* Empty line */
- break;
+ break;
+ if (nbytes == 1) /* Empty line */
+ break;
else if (!strncmp (buf, "Hash: ", 6))
- {
- for (i = 0; digest_table[i].name; i++)
- {
- if (!strcmp (buf + 6, digest_table[i].name))
- {
- digest_algo = digest_table[i].algo;
- break;
- }
- }
- }
+ {
+ for (i = 0; digest_table[i].name; i++)
+ {
+ if (!strcmp (buf + 6, digest_table[i].name))
+ {
+ digest_algo = digest_table[i].algo;
+ break;
+ }
+ }
+ }
}
if (digest_algo && _gnutls_hash_get_algo_len (digest_algo) <= 0)
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
- break;
+ break;
if (!strncmp (buf, s, strlen (s)))
- break;
+ break;
else
- {
- cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1);
- i = strncmp (chk, s, strlen (s));
- if (strlen (buf) == 0 && i == 0)
- continue; /* skip last '\n' */
- _cdk_trim_string (buf, i == 0 ? 0 : 1);
- _gnutls_hash (&md, buf, strlen (buf));
- }
- if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */
- memmove (buf, buf + 2, nbytes - 2);
+ {
+ cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1);
+ i = strncmp (chk, s, strlen (s));
+ if (strlen (buf) == 0 && i == 0)
+ continue; /* skip last '\n' */
+ _cdk_trim_string (buf, i == 0 ? 0 : 1);
+ _gnutls_hash (&md, buf, strlen (buf));
+ }
+ if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */
+ memmove (buf, buf + 2, nbytes - 2);
if (out)
- {
- if (strstr (buf, "\r\n"))
- buf[strlen (buf) - 2] = '\0';
- cdk_stream_write (out, buf, strlen (buf));
- _cdk_stream_puts (out, _cdk_armor_get_lineend ());
- }
+ {
+ if (strstr (buf, "\r\n"))
+ buf[strlen (buf) - 2] = '\0';
+ cdk_stream_write (out, buf, strlen (buf));
+ _cdk_stream_puts (out, _cdk_armor_get_lineend ());
+ }
}
/* We create a temporary stream object to store the
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
- break;
+ break;
if (nbytes < (int) (DIM (buf) - 3))
- {
- buf[nbytes - 1] = '\n';
- buf[nbytes] = '\0';
- }
+ {
+ buf[nbytes - 1] = '\n';
+ buf[nbytes] = '\0';
+ }
cdk_stream_write (tmp, buf, nbytes);
}
{
rc = write_mpi (out, mpi[i]);
if (rc)
- return rc;
+ return rc;
}
return 0;
}
pktlen -= 192;
rc = stream_putc (out, (pktlen / 256) + 192);
if (!rc)
- rc = stream_putc (out, (pktlen % 256));
+ rc = stream_putc (out, (pktlen % 256));
}
else
{
rc = stream_putc (out, 255);
if (!rc)
- rc = write_32 (out, pktlen);
+ rc = write_32 (out, pktlen);
}
return rc;
if (!rc)
{
if (size < 256)
- rc = stream_putc (out, size);
+ rc = stream_putc (out, size);
else if (size < 65536)
- rc = write_16 (out, size);
+ rc = write_16 (out, size);
else
- rc = write_32 (out, size);
+ rc = write_32 (out, size);
}
return rc;
_gnutls_write_log ("write_mdc:\n");
/* This packet requires a fixed header encoding */
- rc = stream_putc (out, 0xD3); /* packet ID and 1 byte length */
+ rc = stream_putc (out, 0xD3); /* packet ID and 1 byte length */
if (!rc)
rc = stream_putc (out, 0x14);
if (!rc)
{
buf = _cdk_subpkt_get_array (sig->hashed, 0, &nbytes);
if (!buf)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = stream_write (out, buf, nbytes);
cdk_free (buf);
}
{
buf = _cdk_subpkt_get_array (sig->unhashed, 0, &nbytes);
if (!buf)
- return CDK_Out_Of_Core;
+ return CDK_Out_Of_Core;
rc = stream_write (out, buf, nbytes);
cdk_free (buf);
}
static cdk_error_t
write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk,
- int is_subkey, int old_ctb)
+ int is_subkey, int old_ctb)
{
int pkttype, ndays = 0;
size_t npkey = 0, size = 6;
if (!npkey)
return CDK_Inv_Algo;
if (pk->version < 4)
- size += 2; /* expire date */
+ size += 2; /* expire date */
if (is_subkey)
old_ctb = 0;
size += calc_mpisize (pk->mpi, npkey);
if (!rc && pk->version < 4)
{
if (pk->expiredate)
- ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
+ ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
rc = write_16 (out, ndays);
}
if (!rc)
break;
}
nbytes += sk->protect.ivlen;
- nbytes++; /* single cipher byte */
+ nbytes++; /* single cipher byte */
return nbytes;
}
static cdk_error_t
write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk,
- int is_subkey, int old_ctb)
+ int is_subkey, int old_ctb)
{
cdk_pkt_pubkey_t pk = NULL;
size_t size = 6, npkey, nskey;
if (sk->version == 3 || !sk->is_protected)
{
if (sk->version == 3)
- {
- size += 2; /* force simple checksum */
- sk->protect.sha1chk = 0;
- }
+ {
+ size += 2; /* force simple checksum */
+ sk->protect.sha1chk = 0;
+ }
else
- size += sk->protect.sha1chk ? 20 : 2;
+ size += sk->protect.sha1chk ? 20 : 2;
size += calc_mpisize (sk->mpi, nskey);
}
- else /* We do not know anything about the encrypted mpi's so we
- treat the data as opaque. */
+ else /* We do not know anything about the encrypted mpi's so we
+ treat the data as opaque. */
size += sk->enclen;
pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY;
{
u16 ndays = 0;
if (pk->expiredate)
- ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
+ ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
rc = write_16 (out, ndays);
}
if (!rc)
if (!rc)
{
if (sk->is_protected == 0)
- rc = stream_putc (out, 0x00);
+ rc = stream_putc (out, 0x00);
else
- {
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
- else if (sk->protect.s2k)
- {
- s2k_mode = sk->protect.s2k->mode;
- rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
- if (!rc)
- rc =
- stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
- if (!rc)
- rc = stream_putc (out, sk->protect.s2k->mode);
- if (!rc)
- rc = stream_putc (out, sk->protect.s2k->hash_algo);
- if (!rc && (s2k_mode == 1 || s2k_mode == 3))
- {
- rc = stream_write (out, sk->protect.s2k->salt, 8);
- if (!rc && s2k_mode == 3)
- rc = stream_putc (out, sk->protect.s2k->count);
- }
- }
- else
- return CDK_Inv_Value;
- if (!rc)
- rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
- }
+ {
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
+ else if (sk->protect.s2k)
+ {
+ s2k_mode = sk->protect.s2k->mode;
+ rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
+ if (!rc)
+ rc =
+ stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
+ if (!rc)
+ rc = stream_putc (out, sk->protect.s2k->mode);
+ if (!rc)
+ rc = stream_putc (out, sk->protect.s2k->hash_algo);
+ if (!rc && (s2k_mode == 1 || s2k_mode == 3))
+ {
+ rc = stream_write (out, sk->protect.s2k->salt, 8);
+ if (!rc && s2k_mode == 3)
+ rc = stream_putc (out, sk->protect.s2k->count);
+ }
+ }
+ else
+ return CDK_Inv_Value;
+ if (!rc)
+ rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
+ }
}
if (!rc && sk->is_protected && pk->version == 4)
{
if (sk->encdata && sk->enclen)
- rc = stream_write (out, sk->encdata, sk->enclen);
+ rc = stream_write (out, sk->encdata, sk->enclen);
}
else
{
if (!rc)
- rc = write_mpibuf (out, sk->mpi, nskey);
+ rc = write_mpibuf (out, sk->mpi, nskey);
if (!rc)
- {
- if (!sk->csum)
- sk->csum = _cdk_sk_get_csum (sk);
- rc = write_16 (out, sk->csum);
- }
+ {
+ if (!sk->csum)
+ sk->csum = _cdk_sk_get_csum (sk);
+ rc = write_16 (out, sk->csum);
+ }
}
return rc;
{
rc = stream_read (pt->buf, buf, DIM (buf), &size);
if (!rc)
- rc = stream_write (out, buf, size);
+ rc = stream_write (out, buf, size);
}
wipemem (buf, sizeof (buf));
static cdk_error_t
write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
- int pkttype)
+ int pkttype)
{
cdk_error_t rc;
if (pkttype == CDK_PKT_ATTRIBUTE)
{
if (!id->attrib_img)
- return CDK_Inv_Value;
+ return CDK_Inv_Value;
rc =
- pkt_write_head (out, old_ctb, id->attrib_len + 6, CDK_PKT_ATTRIBUTE);
+ pkt_write_head (out, old_ctb, id->attrib_len + 6, CDK_PKT_ATTRIBUTE);
if (rc)
- return rc;
+ return rc;
/* Write subpacket part. */
stream_putc (out, 255);
write_32 (out, id->attrib_len + 1);
else
{
if (!id->name)
- return CDK_Inv_Value;
+ return CDK_Inv_Value;
rc = pkt_write_head (out, old_ctb, id->len, CDK_PKT_USER_ID);
if (!rc)
- rc = stream_write (out, id->name, id->len);
+ rc = stream_write (out, id->name, id->len);
}
return rc;
-*/
int
_gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
- const gnutls_datum_t * cert_list,
- int cert_list_length, unsigned int *status)
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status)
{
int ret = 0;
gnutls_openpgp_crt_t key = NULL;
{
ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify);
if (ret < 0)
- {
- gnutls_assert ();
- goto leave;
- }
+ {
+ gnutls_assert ();
+ goto leave;
+ }
}
/* Now try the self signature. */
-*/
int
_gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
- unsigned char *fpr, size_t * fprlen)
+ unsigned char *fpr, size_t * fprlen)
{
gnutls_openpgp_crt_t key;
int ret;
*keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int));
if (*keyring)
- return 0; /* success */
+ return 0; /* success */
return GNUTLS_E_MEMORY_ERROR;
}
**/
int
gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
cdk_pkt_pubkey_t pk;
uint32_t id[2];
**/
int
gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format)
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
{
cdk_error_t err;
cdk_stream_t input = NULL;
}
_gnutls_debug_log ("PGP: keyring import format '%s'\n",
- format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
+ format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
/* Create a new stream from the given data, decode it, and import
* the raw database. This to avoid using opencdk streams which are
err = cdk_stream_tmp_from_mem (data->data, data->size, &input);
if (!err)
- err = cdk_stream_set_armor_flag (input, 0);
+ err = cdk_stream_set_armor_flag (input, 0);
if (err)
- {
- gnutls_assert ();
- err = _gnutls_map_cdk_rc (err);
- goto error;
- }
+ {
+ gnutls_assert ();
+ err = _gnutls_map_cdk_rc (err);
+ goto error;
+ }
raw_len = cdk_stream_get_length (input);
if (raw_len == 0)
- {
- gnutls_assert ();
- err = GNUTLS_E_BASE64_DECODING_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ err = GNUTLS_E_BASE64_DECODING_ERROR;
+ goto error;
+ }
raw_data = gnutls_malloc (raw_len);
if (raw_data == NULL)
- {
- gnutls_assert ();
- err = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ err = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
do
- {
- err =
- cdk_stream_read (input, raw_data + written, raw_len - written);
+ {
+ err =
+ cdk_stream_read (input, raw_data + written, raw_len - written);
- if (err > 0)
- written += err;
- }
+ if (err > 0)
+ written += err;
+ }
while (written < raw_len && err != EOF && err > 0);
raw_len = written;
}
else
- { /* RAW */
+ { /* RAW */
raw_len = data->size;
raw_data = data->data;
}
{
err = cdk_keydb_search (st, ring->db, &knode);
if (err != CDK_Error_No_Key && err != CDK_Success)
- {
- gnutls_assert ();
- cdk_keydb_search_release (st);
- return _gnutls_map_cdk_rc (err);
- }
+ {
+ gnutls_assert ();
+ cdk_keydb_search_release (st);
+ return _gnutls_map_cdk_rc (err);
+ }
if (knode_is_pkey (knode))
- ret++;
+ ret++;
cdk_kbnode_release (knode);
**/
int
gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
- unsigned int idx, gnutls_openpgp_crt_t * cert)
+ unsigned int idx, gnutls_openpgp_crt_t * cert)
{
cdk_kbnode_t knode;
cdk_error_t err;
{
err = cdk_keydb_search (st, ring->db, &knode);
if (err != CDK_EOF && err != CDK_Success)
- {
- gnutls_assert ();
- cdk_keydb_search_release (st);
- return _gnutls_map_cdk_rc (err);
- }
+ {
+ gnutls_assert ();
+ cdk_keydb_search_release (st);
+ return _gnutls_map_cdk_rc (err);
+ }
if (idx == count && err == CDK_Success)
- {
- ret = gnutls_openpgp_crt_init (cert);
- if (ret == 0)
- (*cert)->knode = knode;
- cdk_keydb_search_release (st);
- return ret;
- }
+ {
+ ret = gnutls_openpgp_crt_init (cert);
+ if (ret == 0)
+ (*cert)->knode = knode;
+ cdk_keydb_search_release (st);
+ return ret;
+ }
if (knode_is_pkey (knode))
- count++;
+ count++;
cdk_kbnode_release (knode);
-*/
int
_gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * gcert,
- const gnutls_datum_t * raw,
- const gnutls_openpgp_keyid_t keyid)
+ const gnutls_datum_t * raw,
+ const gnutls_openpgp_keyid_t keyid)
{
gnutls_openpgp_crt_t pcrt;
int ret;
{
ret = gnutls_openpgp_crt_set_preferred_key_id (pcrt, keyid);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_crt_deinit (pcrt);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_openpgp_crt_deinit (pcrt);
+ return ret;
+ }
}
ret = _gnutls_openpgp_crt_to_gcert (gcert, pcrt);
**/
int
gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_privkey_t pkey)
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_privkey_t pkey)
{
int ret;
gnutls_privkey_t privkey;
ret =
gnutls_privkey_import_openpgp (privkey, pkey,
- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
gnutls_privkey_deinit (privkey);
-*/
int
gnutls_openpgp_get_key (gnutls_datum_t * key,
- gnutls_openpgp_keyring_t keyring, key_attr_t by,
- opaque * pattern)
+ gnutls_openpgp_keyring_t keyring, key_attr_t by,
+ opaque * pattern)
{
cdk_kbnode_t knode = NULL;
unsigned long keyid[2];
**/
int
gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_openpgp_crt_fmt_t format)
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t format)
{
return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key,
- NULL, format);
+ NULL, format);
}
/**
**/
int
gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_openpgp_crt_fmt_t format)
+ const char *certfile,
+ const char *keyfile,
+ gnutls_openpgp_crt_fmt_t format)
{
return gnutls_certificate_set_openpgp_key_file2 (res, certfile,
- keyfile, NULL, format);
+ keyfile, NULL, format);
}
static int
if (strlen (str) != 16)
{
_gnutls_debug_log
- ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
+ ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
return GNUTLS_E_INVALID_REQUEST;
}
**/
int
gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format)
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
{
gnutls_openpgp_privkey_t pkey;
gnutls_openpgp_crt_t crt;
if (subkey_id != NULL)
{
if (strcasecmp (subkey_id, "auto") == 0)
- ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
+ ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
else
- ret = get_keyid (keyid, subkey_id);
+ ret = get_keyid (keyid, subkey_id);
if (ret < 0)
- gnutls_assert ();
+ gnutls_assert ();
if (ret >= 0)
- {
- ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
- if (ret >= 0)
- ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
- }
+ {
+ ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
+ if (ret >= 0)
+ ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
+ }
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- gnutls_openpgp_crt_deinit (crt);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_openpgp_privkey_deinit (pkey);
+ gnutls_openpgp_crt_deinit (crt);
+ return ret;
+ }
}
ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
**/
int
gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format)
+ res, const char *certfile,
+ const char *keyfile,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
{
struct stat statbuf;
gnutls_datum_t key, cert;
rc =
gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id,
- format);
+ format);
free (cert.data);
free (key.data);
{
p = cdk_kbnode_walk (knode, &ctx, 0);
if (!p)
- break;
+ break;
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype == CDK_PKT_USER_ID)
- nuids++;
+ nuids++;
}
cdk_kbnode_release (knode);
**/
int
gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t
- c, const char *file,
- gnutls_openpgp_crt_fmt_t format)
+ c, const char *file,
+ gnutls_openpgp_crt_fmt_t format)
{
gnutls_datum_t ring;
size_t size;
rc =
gnutls_certificate_set_openpgp_keyring_mem (c, ring.data, ring.size,
- format);
+ format);
free (ring.data);
**/
int
gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t
- c, const opaque * data,
- size_t dlen,
- gnutls_openpgp_crt_fmt_t format)
+ c, const opaque * data,
+ size_t dlen,
+ gnutls_openpgp_crt_fmt_t format)
{
gnutls_datum_t ddata;
int rc;
-*/
int
_gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret,
- const gnutls_certificate_credentials_t cred,
- opaque * key_fpr, int key_fpr_size)
+ const gnutls_certificate_credentials_t cred,
+ opaque * key_fpr, int key_fpr_size)
{
int rc = 0;
}
if (key_fpr_size != 16 && key_fpr_size != 20)
- return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
+ return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
rc = gnutls_openpgp_get_key (ret, cred->keyring, KEY_ATTR_FPR, key_fpr);
- if (rc >= 0) /* key was found */
+ if (rc >= 0) /* key was found */
{
rc = 0;
goto error;
if (session->internals.openpgp_recv_key_func != NULL)
{
rc = session->internals.openpgp_recv_key_func (session,
- key_fpr,
- key_fpr_size, ret);
+ key_fpr,
+ key_fpr_size, ret);
if (rc < 0)
- {
- gnutls_assert ();
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
- goto error;
- }
+ {
+ gnutls_assert ();
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ goto error;
+ }
}
error:
**/
void
gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
- gnutls_openpgp_recv_key_func func)
+ gnutls_openpgp_recv_key_func func)
{
session->internals.openpgp_recv_key_func = func;
}
memset (gcert, 0, sizeof (gnutls_cert));
gcert->cert_type = GNUTLS_CRT_OPENPGP;
- gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */
+ gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */
gcert->version = gnutls_openpgp_crt_get_version (cert);
gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
uint32_t kid32[2];
_gnutls_debug_log
- ("Importing Openpgp cert and using openpgp sub key: %s\n",
- _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf),
- NULL));
+ ("Importing Openpgp cert and using openpgp sub key: %s\n",
+ _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf),
+ NULL));
KEYID_IMPORT (kid32, keyid);
idx = gnutls_openpgp_crt_get_subkey_idx (cert, keyid);
if (idx < 0)
- {
- gnutls_assert ();
- return idx;
- }
+ {
+ gnutls_assert ();
+ return idx;
+ }
gcert->subject_pk_algorithm =
- gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL);
+ gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL);
gnutls_openpgp_crt_get_subkey_usage (cert, idx, &gcert->key_usage);
gcert->use_subkey = 1;
memcpy (gcert->subkey_id, keyid, sizeof (keyid));
ret =
- _gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params,
- &gcert->params_size);
+ _gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params,
+ &gcert->params_size);
}
else
{
_gnutls_debug_log
- ("Importing Openpgp cert and using main openpgp key\n");
+ ("Importing Openpgp cert and using main openpgp key\n");
gcert->subject_pk_algorithm =
- gnutls_openpgp_crt_get_pk_algorithm (cert, NULL);
+ gnutls_openpgp_crt_get_pk_algorithm (cert, NULL);
gnutls_openpgp_crt_get_key_usage (cert, &gcert->key_usage);
ret =
- _gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params,
- &gcert->params_size);
+ _gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params,
+ &gcert->params_size);
gcert->use_subkey = 0;
}
return ret;
}
- { /* copy the raw certificate */
+ { /* copy the raw certificate */
#define SMALL_RAW 512
opaque *raw;
size_t raw_size = SMALL_RAW;
raw = gnutls_malloc (raw_size);
if (raw == NULL)
{
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
ret =
gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
- &raw_size);
+ &raw_size);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
- gnutls_assert ();
- gnutls_free (raw);
- return ret;
+ gnutls_assert ();
+ gnutls_free (raw);
+ return ret;
}
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
- raw = gnutls_realloc (raw, raw_size);
- if (raw == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret =
- gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
- &raw_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (raw);
- return ret;
- }
+ raw = gnutls_realloc (raw, raw_size);
+ if (raw == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
+ &raw_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (raw);
+ return ret;
+ }
}
gcert->raw.data = raw;
return 0;
}
-
int gnutls_openpgp_count_key_names (const gnutls_datum_t * cert);
int gnutls_openpgp_get_key (gnutls_datum_t * key,
- gnutls_openpgp_keyring_t keyring,
- key_attr_t by, opaque * pattern);
+ gnutls_openpgp_keyring_t keyring,
+ key_attr_t by, opaque * pattern);
/* internal */
int _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * cert,
- const gnutls_datum_t * raw,
- const gnutls_openpgp_keyid_t);
+ const gnutls_datum_t * raw,
+ const gnutls_openpgp_keyid_t);
int
_gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey_t * pkey,
- const gnutls_datum_t * raw_key);
+ const gnutls_datum_t * raw_key);
int
_gnutls_openpgp_request_key (gnutls_session_t,
- gnutls_datum_t * ret,
- const gnutls_certificate_credentials_t cred,
- opaque * key_fpr, int key_fpr_size);
+ gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
+ opaque * key_fpr, int key_fpr_size);
int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t,
- const gnutls_datum_t * cert_list,
- int cert_list_length, unsigned int *status);
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status);
int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
- unsigned char *fpr, size_t * fprlen);
+ unsigned char *fpr, size_t * fprlen);
time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t *
- cert);
+ cert);
time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t *
- cert);
+ cert);
int
_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
#endif /*GNUTLS_OPENPGP_LOCAL_H */
int _gnutls_map_cdk_rc (int rc);
int _gnutls_openpgp_export (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data, size_t * output_data_size,
- int private);
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size,
+ int private);
int _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert,
- gnutls_openpgp_crt_t cert);
+ gnutls_openpgp_crt_t cert);
cdk_packet_t _gnutls_get_valid_subkey (cdk_kbnode_t knode, int key_type);
int
_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, uint32_t keyid[2],
- bigint_t * params, int *params_size);
+ bigint_t * params, int *params_size);
int
_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
- uint32_t keyid[2], bigint_t * params,
- int *params_size);
+ uint32_t keyid[2], bigint_t * params,
+ int *params_size);
cdk_packet_t _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv);
+ unsigned int priv);
int _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
- bigint_t * m);
+ bigint_t * m);
int _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv);
+ unsigned int priv);
int _gnutls_openpgp_get_algo (int cdk_algo);
static void
hexdump (gnutls_buffer_st * str, const char *data, size_t len,
- const char *spc)
+ const char *spc)
{
size_t j;
for (j = 0; j < len; j++)
{
if (((j + 1) % 16) == 0)
- {
- addf (str, "%.2x\n", (unsigned char) data[j]);
- if (spc && j != (len - 1))
- adds (str, spc);
- }
+ {
+ addf (str, "%.2x\n", (unsigned char) data[j]);
+ if (spc && j != (len - 1))
+ adds (str, spc);
+ }
else if (j == (len - 1))
- addf (str, "%.2x", (unsigned char) data[j]);
+ addf (str, "%.2x", (unsigned char) data[j]);
else
- addf (str, "%.2x:", (unsigned char) data[j]);
+ addf (str, "%.2x:", (unsigned char) data[j]);
}
if ((j % 16) != 0)
adds (str, "\n");
else
{
for (j = 0; j < len; j++)
- addf (str, "%.2x", (unsigned char) data[j]);
+ addf (str, "%.2x", (unsigned char) data[j]);
}
}
static void
print_key_usage (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
- unsigned int idx)
+ unsigned int idx)
{
unsigned int key_usage;
int err;
if (tim == 0)
{
- adds (str, _("\t\tExpiration: Never\n"));
+ adds (str, _("\t\tExpiration: Never\n"));
}
else
{
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %e %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tExpiration: %s\n"), s);
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %e %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tExpiration: %s\n"), s);
}
}
}
{
const char *name = gnutls_pk_algorithm_get_name (err);
if (name == NULL)
- name = _("unknown");
+ name = _("unknown");
addf (str, _("\tPublic Key Algorithm: %s\n"), name);
addf (str, _("\tKey Security Level: %s\n"),
- gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)));
+ gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
+ (err, bits)));
switch (err)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e);
- else
- err =
- gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e);
-
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- hexdump (str, m.data, m.size, "\t\t\t");
- adds (str, _("\t\tExponent:\n"));
- hexdump (str, e.data, e.size, "\t\t\t");
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
- else
- err =
- gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q,
- &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- hexdump (str, y.data, y.size, "\t\t\t");
- adds (str, _("\t\tP:\n"));
- hexdump (str, p.data, p.size, "\t\t\t");
- adds (str, _("\t\tQ:\n"));
- hexdump (str, q.data, q.size, "\t\t\t");
- adds (str, _("\t\tG:\n"));
- hexdump (str, g.data, g.size, "\t\t\t");
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
- }
- }
- break;
-
- default:
- break;
- }
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ if (idx == -1)
+ err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e);
+
+ if (err < 0)
+ addf (str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tModulus (bits %d):\n"), bits);
+ hexdump (str, m.data, m.size, "\t\t\t");
+ adds (str, _("\t\tExponent:\n"));
+ hexdump (str, e.data, e.size, "\t\t\t");
+
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ if (idx == -1)
+ err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q,
+ &g, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tPublic key (bits %d):\n"), bits);
+ hexdump (str, y.data, y.size, "\t\t\t");
+ adds (str, _("\t\tP:\n"));
+ hexdump (str, p.data, p.size, "\t\t\t");
+ adds (str, _("\t\tQ:\n"));
+ hexdump (str, q.data, q.size, "\t\t\t");
+ adds (str, _("\t\tG:\n"));
+ hexdump (str, g.data, g.size, "\t\t\t");
+
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
}
}
err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
- && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
- && err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "error: get_name: %s\n", gnutls_strerror (err));
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "error: get_name: %s\n", gnutls_strerror (err));
else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
- if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
- err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "error: get_name: %s\n", gnutls_strerror (err));
- else if (err >= 0)
- addf (str, _("\tName[%d]: %s\n"), i, dn);
- else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn);
-
- gnutls_free (dn);
- }
- }
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
+ if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
+ err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "error: get_name: %s\n", gnutls_strerror (err));
+ else if (err >= 0)
+ addf (str, _("\tName[%d]: %s\n"), i, dn);
+ else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn);
+
+ gnutls_free (dn);
+ }
+ }
i++;
}
err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
- && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
- && err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "unknown name (%s), ", gnutls_strerror (err));
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "unknown name (%s), ", gnutls_strerror (err));
else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown name (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
- if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
- err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "unknown name (%s), ", gnutls_strerror (err));
- else if (err >= 0)
- addf (str, _("name[%d]: %s, "), i, dn);
- else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, _("revoked name[%d]: %s, "), i, dn);
-
- gnutls_free (dn);
- }
- }
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "unknown name (%s), ",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
+ if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
+ err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "unknown name (%s), ", gnutls_strerror (err));
+ else if (err >= 0)
+ addf (str, _("name[%d]: %s, "), i, dn);
+ else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, _("revoked name[%d]: %s, "), i, dn);
+
+ gnutls_free (dn);
+ }
+ }
i++;
}
addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
else
{
- adds (str, _("fingerprint: "));
- hexprint (str, fpr, fpr_size);
- addf (str, ", ");
+ adds (str, _("fingerprint: "));
+ hexprint (str, fpr, fpr_size);
+ addf (str, ", ");
}
}
struct tm t;
if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
+ addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "error: strftime (%ld), ", (unsigned long) tim);
+ addf (str, "error: strftime (%ld), ", (unsigned long) tim);
else
- addf (str, _("created: %s, "), s);
+ addf (str, _("created: %s, "), s);
}
tim = gnutls_openpgp_crt_get_expiration_time (cert);
struct tm t;
if (tim == 0)
- adds (str, _("never expires, "));
+ adds (str, _("never expires, "));
else
- {
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "error: strftime (%ld), ", (unsigned long) tim);
- else
- addf (str, _("expires: %s, "), s);
- }
+ {
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
+ else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
+ addf (str, "error: strftime (%ld), ", (unsigned long) tim);
+ else
+ addf (str, _("expires: %s, "), s);
+ }
}
}
**/
int
gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
gnutls_buffer_st str;
else
{
_gnutls_buffer_append_str (&str,
- _("OpenPGP Certificate Information:\n"));
+ _("OpenPGP Certificate Information:\n"));
print_cert (&str, cert);
}
*key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int));
if (*key)
- return 0; /* success */
+ return 0; /* success */
return GNUTLS_E_MEMORY_ERROR;
}
**/
int
gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format)
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
{
cdk_stream_t inp;
cdk_packet_t pkt;
{
rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
}
else
{
rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
if (cdk_armor_filter_use (inp))
- rc = cdk_stream_set_armor_flag (inp, 0);
+ rc = cdk_stream_set_armor_flag (inp, 0);
if (!rc)
- rc = cdk_keydb_get_keyblock (inp, &key->knode);
+ rc = cdk_keydb_get_keyblock (inp, &key->knode);
cdk_stream_close (inp);
if (rc)
- {
- if (rc == CDK_Inv_Packet)
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
- else
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
+ {
+ if (rc == CDK_Inv_Packet)
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ else
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
}
/* Test if the import was successful. */
*/
int
_gnutls_openpgp_export (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size, int private)
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size, int private)
{
size_t input_data_size = *output_data_size;
size_t calc_size;
/* Calculate the size of the encoded data and check if the provided
buffer is large enough. */
rc = cdk_armor_encode_buffer (in, *output_data_size,
- NULL, 0, &calc_size,
- private ? CDK_ARMOR_SECKEY :
- CDK_ARMOR_PUBKEY);
+ NULL, 0, &calc_size,
+ private ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
if (rc || calc_size > input_data_size)
- {
- gnutls_free (in);
- *output_data_size = calc_size;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ gnutls_free (in);
+ *output_data_size = calc_size;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
rc = cdk_armor_encode_buffer (in, *output_data_size,
- output_data, input_data_size, &calc_size,
- private ? CDK_ARMOR_SECKEY :
- CDK_ARMOR_PUBKEY);
+ output_data, input_data_size, &calc_size,
+ private ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
gnutls_free (in);
*output_data_size = calc_size;
if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
}
return 0;
**/
int
gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data, size_t * output_data_size)
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size)
{
return _gnutls_openpgp_export (key->knode, format, output_data,
- output_data_size, 0);
+ output_data_size, 0);
}
/**
**/
int
gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key,
- void *fpr, size_t * fprlen)
+ void *fpr, size_t * fprlen)
{
cdk_packet_t pkt;
cdk_pkt_pubkey_t pk = NULL;
{
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype == CDK_PKT_USER_ID)
- nuids++;
+ nuids++;
}
return nuids;
**/
int
gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
- int idx, char *buf, size_t * sizeof_buf)
+ int idx, char *buf, size_t * sizeof_buf)
{
cdk_kbnode_t ctx = NULL, p;
cdk_packet_t pkt = NULL;
{
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype == CDK_PKT_USER_ID)
- {
- if (pos == idx)
- break;
- pos++;
- }
+ {
+ if (pos == idx)
+ break;
+ pos++;
+ }
}
if (!pkt)
if (buf)
{
memcpy (buf, uid->name, uid->len);
- buf[uid->len] = '\0'; /* make sure it's a string */
+ buf[uid->len] = '\0'; /* make sure it's a string */
}
*sizeof_buf = uid->len + 1;
**/
gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int *bits)
+ unsigned int *bits)
{
cdk_packet_t pkt;
int algo;
if (pkt)
{
if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
+ *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
}
**/
int
gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid)
+ gnutls_openpgp_keyid_t keyid)
{
cdk_packet_t pkt;
uint32_t kid[2];
**/
int
gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
- const char *hostname)
+ const char *hostname)
{
char dnsname[MAX_CN];
size_t dnsnamesize;
ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize);
if (ret == 0)
- {
- /* Length returned by gnutls_openpgp_crt_get_name includes
- the terminating zero. */
- dnsnamesize--;
+ {
+ /* Length returned by gnutls_openpgp_crt_get_name includes
+ the terminating zero. */
+ dnsnamesize--;
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
- return 1;
- }
+ if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ return 1;
+ }
}
/* not found a matching name */
*/
int
gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
- unsigned int *key_usage)
+ unsigned int *key_usage)
{
cdk_packet_t pkt;
{
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- subkeys++;
+ subkeys++;
}
return subkeys;
{
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY && indx == subkeys++)
- return pkt;
+ return pkt;
}
return NULL;
*/
cdk_packet_t
_gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv)
+ unsigned int priv)
{
cdk_kbnode_t p, ctx;
cdk_packet_t pkt;
pkt = cdk_kbnode_get_packet (p);
if ((priv == 0
- && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
- || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0
- && (pkt->pkttype ==
- CDK_PKT_SECRET_SUBKEY
- || pkt->pkttype
- ==
- CDK_PKT_SECRET_KEY)))
- {
- if (priv == 0)
- cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
- else
- cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
-
- if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
- {
- return pkt;
- }
- }
+ && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0
+ && (pkt->pkttype ==
+ CDK_PKT_SECRET_SUBKEY
+ || pkt->pkttype
+ ==
+ CDK_PKT_SECRET_KEY)))
+ {
+ if (priv == 0)
+ cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
+ else
+ cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
+
+ if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
+ {
+ return pkt;
+ }
+ }
}
gnutls_assert ();
*/
int
_gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv)
+ unsigned int priv)
{
cdk_kbnode_t p, ctx;
cdk_packet_t pkt;
pkt = cdk_kbnode_get_packet (p);
if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)) ||
- (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)))
- {
- if (priv == 0)
- cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
- else
- cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
-
- _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0],
- local_keyid[1]);
- if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
- {
- return i;
- }
- i++;
- }
+ (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)))
+ {
+ if (priv == 0)
+ cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
+ else
+ cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
+
+ _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0],
+ local_keyid[1]);
+ if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
+ {
+ return i;
+ }
+ i++;
+ }
}
gnutls_assert ();
**/
int
gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
- unsigned int idx)
+ unsigned int idx)
{
cdk_packet_t pkt;
**/
gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *bits)
+ unsigned int idx,
+ unsigned int *bits)
{
cdk_packet_t pkt;
int algo;
if (pkt)
{
if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
+ *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
}
**/
time_t
gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key,
- unsigned int idx)
+ unsigned int idx)
{
cdk_packet_t pkt;
time_t timestamp;
**/
time_t
gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key,
- unsigned int idx)
+ unsigned int idx)
{
cdk_packet_t pkt;
time_t expiredate;
**/
int
gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid)
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
{
cdk_packet_t pkt;
uint32_t kid[2];
**/
int
gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen)
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
{
cdk_packet_t pkt;
cdk_pkt_pubkey_t pk = NULL;
**/
int
gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid)
+ const gnutls_openpgp_keyid_t keyid)
{
int ret;
uint32_t kid[2];
*/
int
gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *key_usage)
+ unsigned int idx,
+ unsigned int *key_usage)
{
cdk_packet_t pkt;
int
_gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
- bigint_t * m)
+ bigint_t * m)
{
size_t buf_size = 512;
opaque *buf = gnutls_malloc (buf_size);
if (priv == 0)
err =
cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
- NULL);
+ NULL);
else
{
if (idx < max_pub_params)
- err =
- cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
- &buf_size, NULL);
+ err =
+ cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
+ &buf_size, NULL);
else
- {
- err =
- cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf,
- buf_size, &buf_size, NULL);
- }
+ {
+ err =
+ cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf,
+ buf_size, &buf_size, NULL);
+ }
}
if (err == CDK_Too_Short)
{
buf = gnutls_realloc_fast (buf, buf_size);
if (buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
if (priv == 0)
- err =
- cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
- NULL);
+ err =
+ cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
+ NULL);
else
- {
- if (idx < max_pub_params)
- err =
- cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
- &buf_size, NULL);
- else
- {
- err =
- cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params,
- buf, buf_size, &buf_size, NULL);
- }
- }
+ {
+ if (idx < max_pub_params)
+ err =
+ cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
+ &buf_size, NULL);
+ else
+ {
+ err =
+ cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params,
+ buf, buf_size, &buf_size, NULL);
+ }
+ }
}
if (err != CDK_Success)
*/
int
_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert,
- uint32_t * keyid /* [2] */ ,
- bigint_t * params, int *params_size)
+ uint32_t * keyid /* [2] */ ,
+ bigint_t * params, int *params_size)
{
int result, i;
int pk_algorithm, local_params;
{
result = _gnutls_read_pgp_mpi (pkt, 0, i, ¶ms[i]);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
return 0;
*/
static int
_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * m, gnutls_datum_t * e)
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
int pk_algorithm, ret, i;
cdk_packet_t pkt;
static int
_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
int pk_algorithm, ret, i;
cdk_packet_t pkt;
**/
int
gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e)
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e)
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y)
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid)
+ gnutls_openpgp_keyid_t keyid)
{
if (!key || !keyid || !key->preferred_set)
{
**/
int
gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid)
+ const gnutls_openpgp_keyid_t keyid)
{
int ret;
**/
int
gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flag)
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flag)
{
int ret, subkeys, i;
unsigned int usage;
{
ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i);
- if (ret != 0) /* it is revoked. ignore it */
- continue;
+ if (ret != 0) /* it is revoked. ignore it */
+ continue;
if (keyid_init == 0)
- { /* keep the first valid subkey */
- ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ { /* keep the first valid subkey */
+ ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- keyid_init = 1;
- }
+ keyid_init = 1;
+ }
ret = gnutls_openpgp_crt_get_subkey_usage (crt, i, &usage);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (usage & GNUTLS_KEY_KEY_AGREEMENT)
- {
- ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
+ {
+ ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
}
if (flag && keyid_init)
**/
int
gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
int ret;
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
int params_size = MAX_PUBLIC_PARAMS_SIZE;
gnutls_pk_algorithm_t pk;
uint32_t kid[2];
-
+
if (crt == NULL || !crt->preferred_set)
{
gnutls_assert ();
return ret;
}
pk = ret;
-
+
KEYID_IMPORT (kid, crt->preferred_keyid);
ret = _gnutls_openpgp_crt_get_mpis (crt, kid, params, ¶ms_size);
if (ret < 0)
return ret;
}
- ret = pubkey_verify_sig( NULL, hash, signature, pk, params, params_size);
+ ret = pubkey_verify_sig (NULL, hash, signature, pk, params, params_size);
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyring_t keyring,
- unsigned int flags, unsigned int *verify)
+ gnutls_openpgp_keyring_t keyring,
+ unsigned int flags, unsigned int *verify)
{
gnutls_openpgp_keyid_t id;
cdk_error_t rc;
{
rc = gnutls_openpgp_crt_get_key_id (key, id);
if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
+ {
+ gnutls_assert ();
+ return rc;
+ }
rc = gnutls_openpgp_keyring_check_id (keyring, id, 0);
/* If it exists in the keyring don't treat it as unknown. */
if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
- *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND;
+ *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND;
}
return 0;
**/
int
gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
- unsigned int flags, unsigned int *verify)
+ unsigned int flags, unsigned int *verify)
{
int status;
cdk_error_t rc;
*key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int));
if (*key)
- return 0; /* success */
+ return 0; /* success */
return GNUTLS_E_MEMORY_ERROR;
}
**/
int
gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags)
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
cdk_stream_t inp;
cdk_packet_t pkt;
{
rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
if (rc != 0)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
}
else
{
rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
if (rc != 0)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
if (cdk_armor_filter_use (inp))
- {
- rc = cdk_stream_set_armor_flag (inp, 0);
- if (rc != 0)
- {
- rc = _gnutls_map_cdk_rc (rc);
- cdk_stream_close (inp);
- gnutls_assert ();
- return rc;
- }
- }
+ {
+ rc = cdk_stream_set_armor_flag (inp, 0);
+ if (rc != 0)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ cdk_stream_close (inp);
+ gnutls_assert ();
+ return rc;
+ }
+ }
rc = cdk_keydb_get_keyblock (inp, &key->knode);
cdk_stream_close (inp);
if (rc != 0)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
}
/* Test if the import was successful. */
**/
int
gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags,
- void *output_data, size_t * output_data_size)
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags,
+ void *output_data, size_t * output_data_size)
{
/* FIXME for now we do not export encrypted keys */
return _gnutls_openpgp_export (key->knode, format, output_data,
- output_data_size, 1);
+ output_data_size, 1);
}
**/
gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int *bits)
+ unsigned int *bits)
{
cdk_packet_t pkt;
int algo;
if (pkt)
{
if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
+ *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
algo = _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
}
**/
int
gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
- void *fpr, size_t * fprlen)
+ void *fpr, size_t * fprlen)
{
cdk_packet_t pkt;
cdk_pkt_pubkey_t pk = NULL;
**/
int
gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid)
+ gnutls_openpgp_keyid_t keyid)
{
cdk_packet_t pkt;
uint32_t kid[2];
{
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- subkeys++;
+ subkeys++;
}
return subkeys;
{
pkt = cdk_kbnode_get_packet (p);
if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY && indx == subkeys++)
- return pkt;
+ return pkt;
}
return NULL;
**/
int
gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
- key, unsigned int idx)
+ key, unsigned int idx)
{
cdk_packet_t pkt;
**/
gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- unsigned int *bits)
+ unsigned int idx,
+ unsigned int *bits)
{
cdk_packet_t pkt;
int algo;
if (pkt)
{
if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
+ *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
algo = pkt->pkt.secret_key->pubkey_algo;
if (is_RSA (algo))
- algo = GNUTLS_PK_RSA;
+ algo = GNUTLS_PK_RSA;
else if (is_DSA (algo))
- algo = GNUTLS_PK_DSA;
+ algo = GNUTLS_PK_DSA;
else
- algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
return algo;
**/
int
gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t keyid)
+ const gnutls_openpgp_keyid_t keyid)
{
int ret;
uint32_t kid[2];
**/
time_t
gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key,
- unsigned int idx)
+ unsigned int idx)
{
cdk_packet_t pkt;
time_t timestamp;
**/
time_t
gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t
- key, unsigned int idx)
+ key, unsigned int idx)
{
cdk_packet_t pkt;
time_t expiredate;
**/
int
gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid)
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
{
cdk_packet_t pkt;
uint32_t kid[2];
**/
int
gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen)
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
{
cdk_packet_t pkt;
cdk_pkt_pubkey_t pk = NULL;
*/
int
_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
- uint32_t * keyid /*[2] */ ,
- bigint_t * params, int *params_size)
+ uint32_t * keyid /*[2] */ ,
+ bigint_t * params, int *params_size)
{
int result, i;
int pk_algorithm;
{
result = _gnutls_read_pgp_mpi (pkt, 1, i, &pk_params.params[i]);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
/* fixup will generate exp1 and exp2 that are not
* available here.
*/
static int
_get_sk_rsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
int pk_algorithm, ret, i;
cdk_packet_t pkt;
static int
_get_sk_dsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x)
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x)
{
int pk_algorithm, ret, i;
cdk_packet_t pkt;
**/
int
gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y,
- gnutls_datum_t * x)
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u)
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x)
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
gnutls_openpgp_keyid_t keyid;
int ret;
**/
int
gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid)
+ gnutls_openpgp_keyid_t keyid)
{
if (!key || !keyid || !key->preferred_set)
{
**/
int
gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid)
+ const gnutls_openpgp_keyid_t
+ keyid)
{
int ret;
-*/
int
_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
int result, i;
bigint_t params[MAX_PRIV_PARAMS_SIZE];
idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
pk_algorithm =
- gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
result =
- _gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size);
+ _gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size);
}
else
{
pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
- params, ¶ms_size);
+ params, ¶ms_size);
}
if (result < 0)
**/
int
gnutls_openpgp_privkey_sign_hash2 (gnutls_openpgp_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
- digest.data = gnutls_malloc(hash_data->size);
+ digest.data = gnutls_malloc (hash_data->size);
if (digest.data == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
digest.size = hash_data->size;
- memcpy(digest.data, hash_data->data, digest.size);
+ memcpy (digest.data, hash_data->data, digest.size);
- ret = pk_prepare_hash (gnutls_openpgp_privkey_get_pk_algorithm (signer, NULL),
- hash_algo, &digest);
+ ret =
+ pk_prepare_hash (gnutls_openpgp_privkey_get_pk_algorithm (signer, NULL),
+ hash_algo, &digest);
if (ret < 0)
{
gnutls_assert ();
ret = 0;
cleanup:
- _gnutls_free_datum(&digest);
+ _gnutls_free_datum (&digest);
return ret;
}
**/
int
gnutls_openpgp_privkey_sign_data2 (gnutls_openpgp_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
- ret = pk_hash_data(gnutls_openpgp_privkey_get_pk_algorithm(signer,NULL), hash, NULL, data, &digest);
+ ret =
+ pk_hash_data (gnutls_openpgp_privkey_get_pk_algorithm (signer, NULL),
+ hash, NULL, data, &digest);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
- ret = gnutls_openpgp_privkey_sign_hash2(signer, hash, flags, &digest, signature);
+ ret =
+ gnutls_openpgp_privkey_sign_hash2 (signer, hash, flags, &digest,
+ signature);
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
int result, i;
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
KEYID_IMPORT (kid, keyid);
result = _gnutls_openpgp_privkey_get_mpis (key, kid,
- params, ¶ms_size);
+ params, ¶ms_size);
}
else
{
result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
- params, ¶ms_size);
+ params, ¶ms_size);
}
if (result < 0)
if (suffix != NULL)
{
if (strncmp (suffix, ".so", 3) == 0)
- {
- suffix[0] = 0; /* null terminate before . */
- }
+ {
+ suffix[0] = 0; /* null terminate before . */
+ }
}
/* check and remove for -p11 or -pkcs11 */
while ((suffix = strchr (suffix, '-')) != NULL)
{
if (strncasecmp (suffix, "-p11", 4) == 0 ||
- strncasecmp (suffix, "-pkcs11", 7) == 0)
- {
- suffix[0] = 0;
- break;
- }
+ strncasecmp (suffix, "-pkcs11", 7) == 0)
+ {
+ suffix[0] = 0;
+ break;
+ }
suffix++;
}
unsigned i;
if (sep)
- {
- *sep++ = '\0';
- next = sep;
- }
+ {
+ *sep++ = '\0';
+ next = sep;
+ }
else
- {
- next = NULL;
- }
+ {
+ next = NULL;
+ }
for (i = 0; suffix_prefixes[i][0]; i++)
- {
- char path[PATH_MAX];
+ {
+ char path[PATH_MAX];
- snprintf (path, sizeof path, "%s/%s%s%s", dir,
- suffix_prefixes[i][0], hint, suffix_prefixes[i][1]);
+ snprintf (path, sizeof path, "%s/%s%s%s", dir,
+ suffix_prefixes[i][0], hint, suffix_prefixes[i][1]);
- if (stat (path, &st) < 0)
- continue;
+ if (stat (path, &st) < 0)
+ continue;
- *dev = st.st_dev;
- *ino = st.st_ino;
+ *dev = st.st_dev;
+ *ino = st.st_ino;
- return strdup (path);
- }
+ return strdup (path);
+ }
}
return NULL;
len = wordexp (name, &we, 0);
if (len == 0)
- { /* success */
+ { /* success */
if (we.we_wordc > 0)
- { /* we care about the 1st */
- exname = strdup (we.we_wordv[0]);
- }
+ { /* we care about the 1st */
+ exname = strdup (we.we_wordv[0]);
+ }
wordfree (&we);
}
#endif
if (exname != NULL)
{
if (stat (exname, &st) >= 0)
- {
- *dev = st.st_dev;
- *ino = st.st_ino;
- }
+ {
+ *dev = st.st_dev;
+ *ino = st.st_ino;
+ }
else
- {
- free (exname);
- return NULL;
- }
+ {
+ free (exname);
+ return NULL;
+ }
}
return exname;
for (p = provider_list; p; p = p->next)
{
if (dev == p->dev && ino == p->ino)
- {
- return p;
- }
+ {
+ return p;
+ }
}
return NULL;
*/
static ck_rv_t
load_pkcs11_module (struct provider **provider,
- const char *name, dev_t dev, ino_t ino, void *reserved)
+ const char *name, dev_t dev, ino_t ino, void *reserved)
{
struct provider *prov;
CK_C_GetFunctionList gfl;
*/
static ck_rv_t
load_provider (struct provider **provider, const char *name,
- void *reserved, int real_name)
+ void *reserved, int real_name)
{
ck_rv_t rv;
char *cname = NULL;
{
args.reserved = p->reserved;
rv = p->fns->C_Initialize (&args);
- assert (rv == CKR_OK); /* what can we do? */
+ assert (rv == CKR_OK); /* what can we do? */
}
gnutls_mutex_unlock (&provider_mutex);
static ck_rv_t
load_module (pakchois_module_t ** module, const char *name,
- void *reserved, unsigned int real_name)
+ void *reserved, unsigned int real_name)
{
ck_rv_t rv;
pakchois_module_t *pm = malloc (sizeof *pm);
ck_rv_t
pakchois_module_nssload (pakchois_module_t ** module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix, const char *secmod_db)
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix, const char *secmod_db)
{
char buf[256];
snprintf (buf, sizeof buf,
- "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
- directory, cert_prefix ? cert_prefix : "",
- key_prefix ? key_prefix : "",
- secmod_db ? secmod_db : "secmod.db");
+ "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
+ directory, cert_prefix ? cert_prefix : "",
+ key_prefix ? key_prefix : "",
+ secmod_db ? secmod_db : "secmod.db");
return load_module (module, name, buf, 0);
}
ck_rv_t
pakchois_module_nssload_abs (pakchois_module_t ** module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix, const char *secmod_db)
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix, const char *secmod_db)
{
char buf[256];
snprintf (buf, sizeof buf,
- "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
- directory, cert_prefix ? cert_prefix : "",
- key_prefix ? key_prefix : "",
- secmod_db ? secmod_db : "secmod.db");
+ "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
+ directory, cert_prefix ? cert_prefix : "",
+ key_prefix ? key_prefix : "",
+ secmod_db ? secmod_db : "secmod.db");
return load_module (module, name, buf, 1);
}
dlclose (prov->handle);
*prov->prevref = prov->next;
if (prov->next)
- {
- prov->next->prevref = prov->prevref;
- }
+ {
+ prov->next->prevref = prov->prevref;
+ }
free (prov->name);
free (prov);
}
ck_rv_t
pakchois_get_slot_list (pakchois_module_t * mod,
- unsigned char token_present,
- ck_slot_id_t * slot_list, unsigned long *count)
+ unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count)
{
return CALL (GetSlotList, (token_present, slot_list, count));
}
ck_rv_t
pakchois_get_slot_info (pakchois_module_t * mod,
- ck_slot_id_t slot_id, struct ck_slot_info * info)
+ ck_slot_id_t slot_id, struct ck_slot_info * info)
{
return CALL (GetSlotInfo, (slot_id, info));
}
ck_rv_t
pakchois_get_token_info (pakchois_module_t * mod,
- ck_slot_id_t slot_id, struct ck_token_info * info)
+ ck_slot_id_t slot_id, struct ck_token_info * info)
{
return CALL (GetTokenInfo, (slot_id, info));
}
ck_rv_t
pakchois_wait_for_slot_event (pakchois_module_t * mod,
- ck_flags_t flags, ck_slot_id_t * slot,
- void *reserved)
+ ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved)
{
ck_rv_t rv;
ck_rv_t
pakchois_get_mechanism_list (pakchois_module_t * mod,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t * mechanism_list,
- unsigned long *count)
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count)
{
return CALL (GetMechanismList, (slot_id, mechanism_list, count));
}
ck_rv_t
pakchois_get_mechanism_info (pakchois_module_t * mod,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t type,
- struct ck_mechanism_info * info)
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t type,
+ struct ck_mechanism_info * info)
{
return CALL (GetMechanismInfo, (slot_id, type, info));
}
ck_rv_t
pakchois_init_token (pakchois_module_t * mod,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label)
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label)
{
return CALL (InitToken, (slot_id, pin, pin_len, label));
}
ck_rv_t
pakchois_init_pin (pakchois_session_t * sess, unsigned char *pin,
- unsigned long pin_len)
+ unsigned long pin_len)
{
return CALLS2 (InitPIN, pin, pin_len);
}
ck_rv_t
pakchois_set_pin (pakchois_session_t * sess, unsigned char *old_pin,
- unsigned long old_len, unsigned char *new_pin,
- unsigned long new_len)
+ unsigned long old_len, unsigned char *new_pin,
+ unsigned long new_len)
{
return CALLS4 (SetPIN, old_pin, old_len, new_pin, new_len);
}
static ck_rv_t
notify_thunk (ck_session_handle_t session,
- ck_notification_t event, void *application)
+ ck_notification_t event, void *application)
{
pakchois_session_t *sess = application;
static ck_rv_t
insert_session (pakchois_module_t * mod,
- pakchois_session_t * session, ck_slot_id_t id)
+ pakchois_session_t * session, ck_slot_id_t id)
{
struct slot *slot = find_or_create_slot (mod, id);
ck_rv_t
pakchois_open_session (pakchois_module_t * mod,
- ck_slot_id_t slot_id, ck_flags_t flags,
- void *application, pakchois_notify_t notify,
- pakchois_session_t ** session)
+ ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, pakchois_notify_t notify,
+ pakchois_session_t ** session)
{
ck_session_handle_t sh;
pakchois_session_t *sess;
{
rv = pakchois_close_session (slot->sessions);
if (rv != CKR_OK)
- {
- frv = rv;
- }
+ {
+ frv = rv;
+ }
}
return frv;
ck_rv_t
pakchois_get_session_info (pakchois_session_t * sess,
- struct ck_session_info * info)
+ struct ck_session_info * info)
{
return CALLS1 (GetSessionInfo, info);
}
ck_rv_t
pakchois_get_operation_state (pakchois_session_t * sess,
- unsigned char *operation_state,
- unsigned long *operation_state_len)
+ unsigned char *operation_state,
+ unsigned long *operation_state_len)
{
return CALLS2 (GetOperationState, operation_state, operation_state_len);
}
ck_rv_t
pakchois_set_operation_state (pakchois_session_t * sess,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
- ck_object_handle_t authentiation_key)
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key)
{
return CALLS4 (SetOperationState, operation_state,
- operation_state_len, encryption_key, authentiation_key);
+ operation_state_len, encryption_key, authentiation_key);
}
ck_rv_t
pakchois_login (pakchois_session_t * sess, ck_user_type_t user_type,
- unsigned char *pin, unsigned long pin_len)
+ unsigned char *pin, unsigned long pin_len)
{
return CALLS3 (Login, user_type, pin, pin_len);
}
ck_rv_t
pakchois_create_object (pakchois_session_t * sess,
- struct ck_attribute * templ,
- unsigned long count, ck_object_handle_t * object)
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object)
{
return CALLS3 (CreateObject, templ, count, object);
}
ck_rv_t
pakchois_copy_object (pakchois_session_t * sess,
- ck_object_handle_t object,
- struct ck_attribute * templ,
- unsigned long count, ck_object_handle_t * new_object)
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * new_object)
{
return CALLS4 (CopyObject, object, templ, count, new_object);
}
ck_rv_t
pakchois_get_object_size (pakchois_session_t * sess,
- ck_object_handle_t object, unsigned long *size)
+ ck_object_handle_t object, unsigned long *size)
{
return CALLS2 (GetObjectSize, object, size);
}
ck_rv_t
pakchois_get_attribute_value (pakchois_session_t * sess,
- ck_object_handle_t object,
- struct ck_attribute * templ,
- unsigned long count)
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
{
return CALLS3 (GetAttributeValue, object, templ, count);
}
ck_rv_t
pakchois_set_attribute_value (pakchois_session_t * sess,
- ck_object_handle_t object,
- struct ck_attribute * templ,
- unsigned long count)
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
{
return CALLS3 (SetAttributeValue, object, templ, count);
}
ck_rv_t
pakchois_find_objects_init (pakchois_session_t * sess,
- struct ck_attribute * templ, unsigned long count)
+ struct ck_attribute * templ, unsigned long count)
{
return CALLS2 (FindObjectsInit, templ, count);
}
ck_rv_t
pakchois_find_objects (pakchois_session_t * sess,
- ck_object_handle_t * object,
- unsigned long max_object_count,
- unsigned long *object_count)
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count)
{
return CALLS3 (FindObjects, object, max_object_count, object_count);
}
ck_rv_t
pakchois_encrypt_init (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
return CALLS2 (EncryptInit, mechanism, key);
}
ck_rv_t
pakchois_encrypt (pakchois_session_t * sess,
- unsigned char *data, unsigned long data_len,
- unsigned char *encrypted_data,
- unsigned long *encrypted_data_len)
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len)
{
return CALLS4 (Encrypt, data, data_len, encrypted_data, encrypted_data_len);
}
ck_rv_t
pakchois_encrypt_update (pakchois_session_t * sess,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len)
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
{
return CALLS4 (EncryptUpdate, part, part_len,
- encrypted_part, encrypted_part_len);
+ encrypted_part, encrypted_part_len);
}
ck_rv_t
pakchois_encrypt_final (pakchois_session_t * sess,
- unsigned char *last_encrypted_part,
- unsigned long *last_encrypted_part_len)
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len)
{
return CALLS2 (EncryptFinal, last_encrypted_part, last_encrypted_part_len);
}
ck_rv_t
pakchois_decrypt_init (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
return CALLS2 (DecryptInit, mechanism, key);
}
ck_rv_t
pakchois_decrypt (pakchois_session_t * sess,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len)
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len)
{
return CALLS4 (Decrypt, encrypted_data, encrypted_data_len, data, data_len);
}
ck_rv_t
pakchois_decrypt_update (pakchois_session_t * sess,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len)
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
{
return CALLS4 (DecryptUpdate, encrypted_part, encrypted_part_len,
- part, part_len);
+ part, part_len);
}
ck_rv_t
pakchois_decrypt_final (pakchois_session_t * sess,
- unsigned char *last_part,
- unsigned long *last_part_len)
+ unsigned char *last_part,
+ unsigned long *last_part_len)
{
return CALLS2 (DecryptFinal, last_part, last_part_len);
}
ck_rv_t
pakchois_digest_init (pakchois_session_t * sess,
- struct ck_mechanism * mechanism)
+ struct ck_mechanism * mechanism)
{
return CALLS1 (DigestInit, mechanism);
}
ck_rv_t
pakchois_digest (pakchois_session_t * sess, unsigned char *data,
- unsigned long data_len, unsigned char *digest,
- unsigned long *digest_len)
+ unsigned long data_len, unsigned char *digest,
+ unsigned long *digest_len)
{
return CALLS4 (Digest, data, data_len, digest, digest_len);
}
ck_rv_t
pakchois_digest_update (pakchois_session_t * sess,
- unsigned char *part, unsigned long part_len)
+ unsigned char *part, unsigned long part_len)
{
return CALLS2 (DigestUpdate, part, part_len);
}
ck_rv_t
pakchois_digest_final (pakchois_session_t * sess,
- unsigned char *digest, unsigned long *digest_len)
+ unsigned char *digest, unsigned long *digest_len)
{
return CALLS2 (DigestFinal, digest, digest_len);
}
ck_rv_t
pakchois_sign_init (pakchois_session_t * sess,
- struct ck_mechanism * mechanism, ck_object_handle_t key)
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
{
return CALLS2 (SignInit, mechanism, key);
}
ck_rv_t
pakchois_sign (pakchois_session_t * sess, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long *signature_len)
+ unsigned long data_len, unsigned char *signature,
+ unsigned long *signature_len)
{
return CALLS4 (Sign, data, data_len, signature, signature_len);
}
ck_rv_t
pakchois_sign_update (pakchois_session_t * sess,
- unsigned char *part, unsigned long part_len)
+ unsigned char *part, unsigned long part_len)
{
return CALLS2 (SignUpdate, part, part_len);
}
ck_rv_t
pakchois_sign_final (pakchois_session_t * sess,
- unsigned char *signature, unsigned long *signature_len)
+ unsigned char *signature, unsigned long *signature_len)
{
return CALLS2 (SignFinal, signature, signature_len);
}
ck_rv_t
pakchois_sign_recover_init (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
return CALLS2 (SignRecoverInit, mechanism, key);
}
ck_rv_t
pakchois_sign_recover (pakchois_session_t * sess,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature, unsigned long *signature_len)
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature, unsigned long *signature_len)
{
return CALLS4 (SignRecover, data, data_len, signature, signature_len);
}
ck_rv_t
pakchois_verify_init (pakchois_session_t * sess,
- struct ck_mechanism * mechanism, ck_object_handle_t key)
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
{
return CALLS2 (VerifyInit, mechanism, key);
}
ck_rv_t
pakchois_verify (pakchois_session_t * sess, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long signature_len)
+ unsigned long data_len, unsigned char *signature,
+ unsigned long signature_len)
{
return CALLS4 (Verify, data, data_len, signature, signature_len);
}
ck_rv_t
pakchois_verify_update (pakchois_session_t * sess,
- unsigned char *part, unsigned long part_len)
+ unsigned char *part, unsigned long part_len)
{
return CALLS2 (VerifyUpdate, part, part_len);
}
ck_rv_t
pakchois_verify_final (pakchois_session_t * sess,
- unsigned char *signature, unsigned long signature_len)
+ unsigned char *signature, unsigned long signature_len)
{
return CALLS2 (VerifyFinal, signature, signature_len);
}
ck_rv_t
pakchois_verify_recover_init (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key)
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
return CALLS2 (VerifyRecoverInit, mechanism, key);
}
ck_rv_t
pakchois_verify_recover (pakchois_session_t * sess,
- unsigned char *signature,
- unsigned long signature_len,
- unsigned char *data, unsigned long *data_len)
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data, unsigned long *data_len)
{
return CALLS4 (VerifyRecover, signature, signature_len, data, data_len);
}
ck_rv_t
pakchois_digest_encrypt_update (pakchois_session_t * sess,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len)
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
{
return CALLS4 (DigestEncryptUpdate, part, part_len,
- encrypted_part, encrypted_part_len);
+ encrypted_part, encrypted_part_len);
}
ck_rv_t
pakchois_decrypt_digest_update (pakchois_session_t * sess,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len)
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
{
return CALLS4 (DecryptDigestUpdate, encrypted_part,
- encrypted_part_len, part, part_len);
+ encrypted_part_len, part, part_len);
}
ck_rv_t
pakchois_sign_encrypt_update (pakchois_session_t * sess,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len)
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
{
return CALLS4 (SignEncryptUpdate, part, part_len,
- encrypted_part, encrypted_part_len);
+ encrypted_part, encrypted_part_len);
}
ck_rv_t
pakchois_decrypt_verify_update (pakchois_session_t * sess,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len)
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
{
return CALLS4 (DecryptVerifyUpdate, encrypted_part,
- encrypted_part_len, part, part_len);
+ encrypted_part_len, part, part_len);
}
ck_rv_t
pakchois_generate_key (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- struct ck_attribute * templ,
- unsigned long count, ck_object_handle_t * key)
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * key)
{
return CALLS4 (GenerateKey, mechanism, templ, count, key);
}
ck_rv_t
pakchois_generate_key_pair (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- struct ck_attribute *
- public_key_template,
- unsigned long
- public_key_attribute_count,
- struct ck_attribute *
- private_key_template,
- unsigned long
- private_key_attribute_count,
- ck_object_handle_t * public_key,
- ck_object_handle_t * private_key)
+ struct ck_mechanism * mechanism,
+ struct ck_attribute *
+ public_key_template,
+ unsigned long
+ public_key_attribute_count,
+ struct ck_attribute *
+ private_key_template,
+ unsigned long
+ private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key)
{
return CALLS7 (GenerateKeyPair, mechanism,
- public_key_template, public_key_attribute_count,
- private_key_template, private_key_attribute_count,
- public_key, private_key);
+ public_key_template, public_key_attribute_count,
+ private_key_template, private_key_attribute_count,
+ public_key, private_key);
}
ck_rv_t
pakchois_wrap_key (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t wrapping_key,
- ck_object_handle_t key,
- unsigned char *wrapped_key, unsigned long *wrapped_key_len)
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key, unsigned long *wrapped_key_len)
{
return CALLS5 (WrapKey, mechanism, wrapping_key,
- key, wrapped_key, wrapped_key_len);
+ key, wrapped_key, wrapped_key_len);
}
ck_rv_t
pakchois_unwrap_key (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t unwrapping_key,
- unsigned char *wrapped_key,
- unsigned long wrapped_key_len,
- struct ck_attribute * templ,
- unsigned long attribute_count, ck_object_handle_t * key)
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute * templ,
+ unsigned long attribute_count, ck_object_handle_t * key)
{
return CALLS7 (UnwrapKey, mechanism, unwrapping_key,
- wrapped_key, wrapped_key_len, templ, attribute_count, key);
+ wrapped_key, wrapped_key_len, templ, attribute_count, key);
}
ck_rv_t
pakchois_derive_key (pakchois_session_t * sess,
- struct ck_mechanism * mechanism,
- ck_object_handle_t base_key,
- struct ck_attribute * templ,
- unsigned long attribute_count, ck_object_handle_t * key)
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute * templ,
+ unsigned long attribute_count, ck_object_handle_t * key)
{
return CALLS5 (DeriveKey, mechanism, base_key, templ, attribute_count, key);
}
ck_rv_t
pakchois_seed_random (pakchois_session_t * sess,
- unsigned char *seed, unsigned long seed_len)
+ unsigned char *seed, unsigned long seed_len)
{
return CALLS2 (SeedRandom, seed, seed_len);
}
ck_rv_t
pakchois_generate_random (pakchois_session_t * sess,
- unsigned char *random_data,
- unsigned long random_len)
+ unsigned char *random_data,
+ unsigned long random_len)
{
return CALLS2 (GenerateRandom, random_data, random_len);
}
* multiple times within an application; the underlying PKCS#11 provider will
* be loaded only once. */
ck_rv_t pakchois_module_load_abs (pakchois_module_t ** module,
- const char *name);
+ const char *name);
/* Load an NSS "softokn" which violates the PKCS#11 standard in
* initialization, with given name (e.g. "softokn3"). The directory
* arguments may be NULL to use defaults. Returns CKR_OK on
* success. */
ck_rv_t pakchois_module_nssload (pakchois_module_t ** module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix,
- const char *secmod_db);
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix,
+ const char *secmod_db);
ck_rv_t pakchois_module_nssload_abs (pakchois_module_t ** module,
- const char *name,
- const char *directory,
- const char *cert_prefix,
- const char *key_prefix,
- const char *secmod_db);
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix,
+ const char *secmod_db);
/* Destroy a PKCS#11 module. */
void pakchois_module_destroy (pakchois_module_t * module);
ck_rv_t pakchois_get_info (pakchois_module_t * module, struct ck_info *info);
ck_rv_t pakchois_get_slot_list (pakchois_module_t * module,
- unsigned char token_present,
- ck_slot_id_t * slot_list,
- unsigned long *count);
+ unsigned char token_present,
+ ck_slot_id_t * slot_list,
+ unsigned long *count);
ck_rv_t pakchois_get_slot_info (pakchois_module_t * module,
- ck_slot_id_t slot_id,
- struct ck_slot_info *info);
+ ck_slot_id_t slot_id,
+ struct ck_slot_info *info);
ck_rv_t pakchois_get_token_info (pakchois_module_t * module,
- ck_slot_id_t slot_id,
- struct ck_token_info *info);
+ ck_slot_id_t slot_id,
+ struct ck_token_info *info);
ck_rv_t pakchois_wait_for_slot_event (pakchois_module_t * module,
- ck_flags_t flags, ck_slot_id_t * slot,
- void *reserved);
+ ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved);
ck_rv_t pakchois_get_mechanism_list (pakchois_module_t * module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t * mechanism_list,
- unsigned long *count);
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count);
ck_rv_t pakchois_get_mechanism_info (pakchois_module_t * module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t type,
- struct ck_mechanism_info *info);
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t type,
+ struct ck_mechanism_info *info);
ck_rv_t pakchois_init_token (pakchois_module_t * module,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label);
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label);
ck_rv_t pakchois_init_pin (pakchois_session_t * session, unsigned char *pin,
- unsigned long pin_len);
+ unsigned long pin_len);
ck_rv_t pakchois_set_pin (pakchois_session_t * session,
- unsigned char *old_pin, unsigned long old_len,
- unsigned char *new_pin, unsigned long new_len);
+ unsigned char *old_pin, unsigned long old_len,
+ unsigned char *new_pin, unsigned long new_len);
typedef ck_rv_t (*pakchois_notify_t) (pakchois_session_t * sess,
- ck_notification_t event,
- void *application);
+ ck_notification_t event,
+ void *application);
ck_rv_t pakchois_open_session (pakchois_module_t * module,
- ck_slot_id_t slot_id, ck_flags_t flags,
- void *application, pakchois_notify_t notify,
- pakchois_session_t ** session);
+ ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, pakchois_notify_t notify,
+ pakchois_session_t ** session);
ck_rv_t pakchois_close_session (pakchois_session_t * session);
ck_rv_t pakchois_close_all_sessions (pakchois_module_t * module,
- ck_slot_id_t slot_id);
+ ck_slot_id_t slot_id);
ck_rv_t pakchois_get_session_info (pakchois_session_t * session,
- struct ck_session_info *info);
+ struct ck_session_info *info);
ck_rv_t pakchois_get_operation_state (pakchois_session_t * session,
- unsigned char *operation_state,
- unsigned long *operation_state_len);
+ unsigned char *operation_state,
+ unsigned long *operation_state_len);
ck_rv_t pakchois_set_operation_state (pakchois_session_t * session,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
- ck_object_handle_t authentiation_key);
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key);
ck_rv_t pakchois_login (pakchois_session_t * session,
- ck_user_type_t user_type, unsigned char *pin,
- unsigned long pin_len);
+ ck_user_type_t user_type, unsigned char *pin,
+ unsigned long pin_len);
ck_rv_t pakchois_logout (pakchois_session_t * session);
ck_rv_t pakchois_create_object (pakchois_session_t * session,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t * object);
+ struct ck_attribute *templ,
+ unsigned long count,
+ ck_object_handle_t * object);
ck_rv_t pakchois_copy_object (pakchois_session_t * session,
- ck_object_handle_t object,
- struct ck_attribute *templ, unsigned long count,
- ck_object_handle_t * new_object);
+ ck_object_handle_t object,
+ struct ck_attribute *templ, unsigned long count,
+ ck_object_handle_t * new_object);
ck_rv_t pakchois_destroy_object (pakchois_session_t * session,
- ck_object_handle_t object);
+ ck_object_handle_t object);
ck_rv_t pakchois_get_object_size (pakchois_session_t * session,
- ck_object_handle_t object,
- unsigned long *size);
+ ck_object_handle_t object,
+ unsigned long *size);
ck_rv_t pakchois_get_attribute_value (pakchois_session_t * session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count);
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
ck_rv_t pakchois_set_attribute_value (pakchois_session_t * session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count);
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
ck_rv_t pakchois_find_objects_init (pakchois_session_t * session,
- struct ck_attribute *templ,
- unsigned long count);
+ struct ck_attribute *templ,
+ unsigned long count);
ck_rv_t pakchois_find_objects (pakchois_session_t * session,
- ck_object_handle_t * object,
- unsigned long max_object_count,
- unsigned long *object_count);
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count);
ck_rv_t pakchois_find_objects_final (pakchois_session_t * session);
ck_rv_t pakchois_encrypt_init (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t pakchois_encrypt (pakchois_session_t * session,
- unsigned char *data, unsigned long data_len,
- unsigned char *encrypted_data,
- unsigned long *encrypted_data_len);
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len);
ck_rv_t pakchois_encrypt_update (pakchois_session_t * session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len);
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
ck_rv_t pakchois_encrypt_final (pakchois_session_t * session,
- unsigned char *last_encrypted_part,
- unsigned long *last_encrypted_part_len);
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len);
ck_rv_t pakchois_decrypt_init (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t pakchois_decrypt (pakchois_session_t * session,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len);
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len);
ck_rv_t pakchois_decrypt_update (pakchois_session_t * session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len);
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
ck_rv_t pakchois_decrypt_final (pakchois_session_t * session,
- unsigned char *last_part,
- unsigned long *last_part_len);
+ unsigned char *last_part,
+ unsigned long *last_part_len);
ck_rv_t pakchois_digest_init (pakchois_session_t * session,
- struct ck_mechanism *mechanism);
+ struct ck_mechanism *mechanism);
ck_rv_t pakchois_digest (pakchois_session_t * session, unsigned char *data,
- unsigned long data_len, unsigned char *digest,
- unsigned long *digest_len);
+ unsigned long data_len, unsigned char *digest,
+ unsigned long *digest_len);
ck_rv_t pakchois_digest_update (pakchois_session_t * session,
- unsigned char *part, unsigned long part_len);
+ unsigned char *part, unsigned long part_len);
ck_rv_t pakchois_digest_key (pakchois_session_t * session,
- ck_object_handle_t key);
+ ck_object_handle_t key);
ck_rv_t pakchois_digest_final (pakchois_session_t * session,
- unsigned char *digest,
- unsigned long *digest_len);
+ unsigned char *digest,
+ unsigned long *digest_len);
ck_rv_t pakchois_sign_init (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t pakchois_sign (pakchois_session_t * session, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long *signature_len);
+ unsigned long data_len, unsigned char *signature,
+ unsigned long *signature_len);
ck_rv_t pakchois_sign_update (pakchois_session_t * session,
- unsigned char *part, unsigned long part_len);
+ unsigned char *part, unsigned long part_len);
ck_rv_t pakchois_sign_final (pakchois_session_t * session,
- unsigned char *signature,
- unsigned long *signature_len);
+ unsigned char *signature,
+ unsigned long *signature_len);
ck_rv_t pakchois_sign_recover_init (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t pakchois_sign_recover (pakchois_session_t * session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len);
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len);
ck_rv_t pakchois_verify_init (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t pakchois_verify (pakchois_session_t * session, unsigned char *data,
- unsigned long data_len, unsigned char *signature,
- unsigned long signature_len);
+ unsigned long data_len, unsigned char *signature,
+ unsigned long signature_len);
ck_rv_t pakchois_verify_update (pakchois_session_t * session,
- unsigned char *part, unsigned long part_len);
+ unsigned char *part, unsigned long part_len);
ck_rv_t pakchois_verify_final (pakchois_session_t * session,
- unsigned char *signature,
- unsigned long signature_len);
+ unsigned char *signature,
+ unsigned long signature_len);
ck_rv_t pakchois_verify_recover_init (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t pakchois_verify_recover (pakchois_session_t * session,
- unsigned char *signature,
- unsigned long signature_len,
- unsigned char *data,
- unsigned long *data_len);
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data,
+ unsigned long *data_len);
ck_rv_t pakchois_digest_encrypt_update (pakchois_session_t * session,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len);
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
ck_rv_t pakchois_decrypt_digest_update (pakchois_session_t * session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len);
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
ck_rv_t pakchois_sign_encrypt_update (pakchois_session_t * session,
- unsigned char *part,
- unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len);
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
ck_rv_t pakchois_decrypt_verify_update (pakchois_session_t * session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len);
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
ck_rv_t pakchois_generate_key (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *templ,
- unsigned long count, ck_object_handle_t * key);
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t * key);
ck_rv_t pakchois_generate_key_pair (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *public_key_template,
- unsigned long public_key_attribute_count,
- struct ck_attribute *private_key_template,
- unsigned long private_key_attribute_count,
- ck_object_handle_t * public_key,
- ck_object_handle_t * private_key);
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute *private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key);
ck_rv_t pakchois_wrap_key (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t wrapping_key,
- ck_object_handle_t key, unsigned char *wrapped_key,
- unsigned long *wrapped_key_len);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key, unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len);
ck_rv_t pakchois_unwrap_key (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t unwrapping_key,
- unsigned char *wrapped_key,
- unsigned long wrapped_key_len,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t * key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key);
ck_rv_t pakchois_derive_key (pakchois_session_t * session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t base_key,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t * key);
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key);
ck_rv_t pakchois_seed_random (pakchois_session_t * session,
- unsigned char *seed, unsigned long seed_len);
+ unsigned char *seed, unsigned long seed_len);
ck_rv_t pakchois_generate_random (pakchois_session_t * session,
- unsigned char *random_data,
- unsigned long random_len);
+ unsigned char *random_data,
+ unsigned long random_len);
#endif /* PAKCHOIS_H */
#define unlock_mutex UnlockMutex
#define reserved pReserved
-#endif /* CRYPTOKI_COMPAT */
+#endif /* CRYPTOKI_COMPAT */
\f
typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
- ck_notification_t event, void *application);
+ ck_notification_t event, void *application);
/* Forward reference. */
struct ck_function_list;
_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info * info));
_CK_DECLARE_FUNCTION (C_GetFunctionList,
- (struct ck_function_list ** function_list));
+ (struct ck_function_list ** function_list));
_CK_DECLARE_FUNCTION (C_GetSlotList,
- (unsigned char token_present,
- ck_slot_id_t * slot_list, unsigned long *count));
+ (unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count));
_CK_DECLARE_FUNCTION (C_GetSlotInfo,
- (ck_slot_id_t slot_id, struct ck_slot_info * info));
+ (ck_slot_id_t slot_id, struct ck_slot_info * info));
_CK_DECLARE_FUNCTION (C_GetTokenInfo,
- (ck_slot_id_t slot_id,
- struct ck_token_info * info));
+ (ck_slot_id_t slot_id,
+ struct ck_token_info * info));
_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
- (ck_flags_t flags, ck_slot_id_t * slot,
- void *reserved));
+ (ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved));
_CK_DECLARE_FUNCTION (C_GetMechanismList,
- (ck_slot_id_t slot_id,
- ck_mechanism_type_t * mechanism_list,
- unsigned long *count));
+ (ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count));
_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
- (ck_slot_id_t slot_id, ck_mechanism_type_t type,
- struct ck_mechanism_info * info));
+ (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+ struct ck_mechanism_info * info));
_CK_DECLARE_FUNCTION (C_InitToken,
- (ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label));
+ (ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label));
_CK_DECLARE_FUNCTION (C_InitPIN,
- (ck_session_handle_t session, unsigned char *pin,
- unsigned long pin_len));
+ (ck_session_handle_t session, unsigned char *pin,
+ unsigned long pin_len));
_CK_DECLARE_FUNCTION (C_SetPIN,
- (ck_session_handle_t session,
- unsigned char *old_pin, unsigned long old_len,
- unsigned char *new_pin, unsigned long new_len));
+ (ck_session_handle_t session,
+ unsigned char *old_pin, unsigned long old_len,
+ unsigned char *new_pin, unsigned long new_len));
_CK_DECLARE_FUNCTION (C_OpenSession,
- (ck_slot_id_t slot_id, ck_flags_t flags,
- void *application, ck_notify_t notify,
- ck_session_handle_t * session));
+ (ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, ck_notify_t notify,
+ ck_session_handle_t * session));
_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
_CK_DECLARE_FUNCTION (C_GetSessionInfo,
- (ck_session_handle_t session,
- struct ck_session_info * info));
+ (ck_session_handle_t session,
+ struct ck_session_info * info));
_CK_DECLARE_FUNCTION (C_GetOperationState,
- (ck_session_handle_t session,
- unsigned char *operation_state,
- unsigned long *operation_state_len));
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len));
_CK_DECLARE_FUNCTION (C_SetOperationState,
- (ck_session_handle_t session,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
- ck_object_handle_t authentiation_key));
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key));
_CK_DECLARE_FUNCTION (C_Login,
- (ck_session_handle_t session,
- ck_user_type_t user_type, unsigned char *pin,
- unsigned long pin_len));
+ (ck_session_handle_t session,
+ ck_user_type_t user_type, unsigned char *pin,
+ unsigned long pin_len));
_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
_CK_DECLARE_FUNCTION (C_CreateObject,
- (ck_session_handle_t session,
- struct ck_attribute * templ,
- unsigned long count, ck_object_handle_t * object));
+ (ck_session_handle_t session,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object));
_CK_DECLARE_FUNCTION (C_CopyObject,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- struct ck_attribute * templ, unsigned long count,
- ck_object_handle_t * new_object));
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count,
+ ck_object_handle_t * new_object));
_CK_DECLARE_FUNCTION (C_DestroyObject,
- (ck_session_handle_t session,
- ck_object_handle_t object));
+ (ck_session_handle_t session,
+ ck_object_handle_t object));
_CK_DECLARE_FUNCTION (C_GetObjectSize,
- (ck_session_handle_t session,
- ck_object_handle_t object, unsigned long *size));
+ (ck_session_handle_t session,
+ ck_object_handle_t object, unsigned long *size));
_CK_DECLARE_FUNCTION (C_GetAttributeValue,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- struct ck_attribute * templ, unsigned long count));
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count));
_CK_DECLARE_FUNCTION (C_SetAttributeValue,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- struct ck_attribute * templ, unsigned long count));
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count));
_CK_DECLARE_FUNCTION (C_FindObjectsInit,
- (ck_session_handle_t session,
- struct ck_attribute * templ, unsigned long count));
+ (ck_session_handle_t session,
+ struct ck_attribute * templ, unsigned long count));
_CK_DECLARE_FUNCTION (C_FindObjects,
- (ck_session_handle_t session,
- ck_object_handle_t * object,
- unsigned long max_object_count,
- unsigned long *object_count));
+ (ck_session_handle_t session,
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count));
_CK_DECLARE_FUNCTION (C_FindObjectsFinal, (ck_session_handle_t session));
_CK_DECLARE_FUNCTION (C_EncryptInit,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
_CK_DECLARE_FUNCTION (C_Encrypt,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *encrypted_data,
- unsigned long *encrypted_data_len));
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len));
_CK_DECLARE_FUNCTION (C_EncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
_CK_DECLARE_FUNCTION (C_EncryptFinal,
- (ck_session_handle_t session,
- unsigned char *last_encrypted_part,
- unsigned long *last_encrypted_part_len));
+ (ck_session_handle_t session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len));
_CK_DECLARE_FUNCTION (C_DecryptInit,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
_CK_DECLARE_FUNCTION (C_Decrypt,
- (ck_session_handle_t session,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len));
+ (ck_session_handle_t session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len));
_CK_DECLARE_FUNCTION (C_DecryptUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len));
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
_CK_DECLARE_FUNCTION (C_DecryptFinal,
- (ck_session_handle_t session,
- unsigned char *last_part,
- unsigned long *last_part_len));
+ (ck_session_handle_t session,
+ unsigned char *last_part,
+ unsigned long *last_part_len));
_CK_DECLARE_FUNCTION (C_DigestInit,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism));
_CK_DECLARE_FUNCTION (C_Digest,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *digest, unsigned long *digest_len));
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *digest, unsigned long *digest_len));
_CK_DECLARE_FUNCTION (C_DigestUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
_CK_DECLARE_FUNCTION (C_DigestKey,
- (ck_session_handle_t session,
- ck_object_handle_t key));
+ (ck_session_handle_t session,
+ ck_object_handle_t key));
_CK_DECLARE_FUNCTION (C_DigestFinal,
- (ck_session_handle_t session, unsigned char *digest,
- unsigned long *digest_len));
+ (ck_session_handle_t session, unsigned char *digest,
+ unsigned long *digest_len));
_CK_DECLARE_FUNCTION (C_SignInit,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
_CK_DECLARE_FUNCTION (C_Sign,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len));
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
_CK_DECLARE_FUNCTION (C_SignUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
_CK_DECLARE_FUNCTION (C_SignFinal,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long *signature_len));
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long *signature_len));
_CK_DECLARE_FUNCTION (C_SignRecoverInit,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
_CK_DECLARE_FUNCTION (C_SignRecover,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len));
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
_CK_DECLARE_FUNCTION (C_VerifyInit,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
_CK_DECLARE_FUNCTION (C_Verify,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long signature_len));
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long signature_len));
_CK_DECLARE_FUNCTION (C_VerifyUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
_CK_DECLARE_FUNCTION (C_VerifyFinal,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long signature_len));
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len));
_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
_CK_DECLARE_FUNCTION (C_VerifyRecover,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long signature_len,
- unsigned char *data, unsigned long *data_len));
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data, unsigned long *data_len));
_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len));
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len));
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
_CK_DECLARE_FUNCTION (C_GenerateKey,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- struct ck_attribute * templ,
- unsigned long count, ck_object_handle_t * key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * key));
_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- struct ck_attribute * public_key_template,
- unsigned long public_key_attribute_count,
- struct ck_attribute * private_key_template,
- unsigned long private_key_attribute_count,
- ck_object_handle_t * public_key,
- ck_object_handle_t * private_key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute * private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key));
_CK_DECLARE_FUNCTION (C_WrapKey,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t wrapping_key,
- ck_object_handle_t key,
- unsigned char *wrapped_key,
- unsigned long *wrapped_key_len));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len));
_CK_DECLARE_FUNCTION (C_UnwrapKey,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t unwrapping_key,
- unsigned char *wrapped_key,
- unsigned long wrapped_key_len,
- struct ck_attribute * templ,
- unsigned long attribute_count,
- ck_object_handle_t * key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute * templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key));
_CK_DECLARE_FUNCTION (C_DeriveKey,
- (ck_session_handle_t session,
- struct ck_mechanism * mechanism,
- ck_object_handle_t base_key,
- struct ck_attribute * templ,
- unsigned long attribute_count,
- ck_object_handle_t * key));
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute * templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key));
_CK_DECLARE_FUNCTION (C_SeedRandom,
- (ck_session_handle_t session, unsigned char *seed,
- unsigned long seed_len));
+ (ck_session_handle_t session, unsigned char *seed,
+ unsigned long seed_len));
_CK_DECLARE_FUNCTION (C_GenerateRandom,
- (ck_session_handle_t session,
- unsigned char *random_data,
- unsigned long random_len));
+ (ck_session_handle_t session,
+ unsigned char *random_data,
+ unsigned long random_len));
_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
#undef unlock_mutex
#undef reserved
-#endif /* CRYPTOKI_COMPAT */
+#endif /* CRYPTOKI_COMPAT */
\f
/* System dependencies. */
}
#endif
-#endif /* PKCS11_H */
+#endif /* PKCS11_H */
unsigned long slots;
pakchois_get_slot_list (providers[active_providers - 1].module, 0,
- NULL, &slots);
+ NULL, &slots);
}
/**
providers[active_providers - 1].slots =
gnutls_malloc (sizeof (*providers[active_providers - 1].slots) *
- providers[active_providers - 1].nslots);
+ providers[active_providers - 1].nslots);
if (providers[active_providers - 1].slots == NULL)
{
gnutls_assert ();
}
memset (&providers[active_providers - 1].info, 0,
- sizeof (providers[active_providers - 1].info));
+ sizeof (providers[active_providers - 1].info));
pakchois_get_info (providers[active_providers - 1].module,
- &providers[active_providers - 1].info);
+ &providers[active_providers - 1].info);
terminate_string (providers[active_providers - 1].info.manufacturer_id,
- sizeof (providers[active_providers - 1].
- info.manufacturer_id));
+ sizeof (providers[active_providers - 1].
+ info.manufacturer_id));
terminate_string (providers[active_providers - 1].info.library_description,
- sizeof (providers[active_providers - 1].
- info.library_description));
+ sizeof (providers[active_providers - 1].
+ info.library_description));
_gnutls_debug_log ("p11: loaded provider '%s' with %d slots\n",
- name, (int) providers[active_providers - 1].nslots);
+ name, (int) providers[active_providers - 1].nslots);
return 0;
**/
int
gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
return pkcs11_get_info (&crt->info, itype, output, output_size);
}
int
pkcs11_get_info (struct pkcs11_url_info *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size)
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size)
{
const char *str = NULL;
size_t len;
{
case GNUTLS_PKCS11_OBJ_ID:
if (*output_size < info->certid_raw_size)
- {
- *output_size = info->certid_raw_size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ *output_size = info->certid_raw_size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
if (output)
- memcpy (output, info->certid_raw, info->certid_raw_size);
+ memcpy (output, info->certid_raw, info->certid_raw_size);
*output_size = info->certid_raw_size;
return 0;
const char *library;
if (configfile == NULL)
- configfile = "/etc/gnutls/pkcs11.conf";
+ configfile = "/etc/gnutls/pkcs11.conf";
fp = fopen (configfile, "r");
if (fp == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot load %s\n", configfile);
- return GNUTLS_E_FILE_ERROR;
- }
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot load %s\n", configfile);
+ return GNUTLS_E_FILE_ERROR;
+ }
while (fgets (line, sizeof (line), fp) != NULL)
- {
- if (strncmp (line, "load", sizeof ("load") - 1) == 0)
- {
- char *p;
- p = strchr (line, '=');
- if (p == NULL)
- continue;
-
- library = ++p;
-
- p = strchr (line, '\n');
- if (p != NULL)
- {
- *p = 0;
- }
-
- ret = gnutls_pkcs11_add_provider (library, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot load provider: %s\n", library);
- continue;
- }
- }
- }
+ {
+ if (strncmp (line, "load", sizeof ("load") - 1) == 0)
+ {
+ char *p;
+ p = strchr (line, '=');
+ if (p == NULL)
+ continue;
+
+ library = ++p;
+
+ p = strchr (line, '\n');
+ if (p != NULL)
+ {
+ *p = 0;
+ }
+
+ ret = gnutls_pkcs11_add_provider (library, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot load provider: %s\n", library);
+ continue;
+ }
+ }
+ }
}
return 0;
**/
void
gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn,
- void *userdata)
+ void *userdata)
{
pin_func = fn;
pin_data = userdata;
**/
void
gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
- void *userdata)
+ void *userdata)
{
token_func = fn;
token_data = userdata;
static int
unescape_string (char *output, const char *input, size_t * size,
- char terminator)
+ char terminator)
{
gnutls_buffer_st str;
int ret = 0;
ret = unescape_string (info->lib_manufacturer, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, "library-description=")) != NULL)
ret = unescape_string (info->lib_desc, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, "library-version=")) != NULL)
ret = unescape_string (info->lib_version, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, ";manufacturer=")) != NULL ||
ret = unescape_string (info->manufacturer, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, "token=")) != NULL)
ret = unescape_string (info->token, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, "object=")) != NULL)
ret = unescape_string (info->label, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, "serial=")) != NULL)
ret = unescape_string (info->serial, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, "model=")) != NULL)
ret = unescape_string (info->model, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if ((p1 = strstr (url, "objecttype=")) != NULL)
ret = unescape_string (info->type, p1, &l, ';');
if (ret < 0)
- {
- goto cleanup;
- }
+ {
+ goto cleanup;
+ }
}
if (((p1 = strstr (url, ";id=")) != NULL)
p1 += sizeof (";id=") - 1;
if ((p2 = strchr (p1, ';')) == NULL)
- {
- l = strlen (p1);
- }
+ {
+ l = strlen (p1);
+ }
else
- {
- l = p2 - p1;
- }
+ {
+ l = p2 - p1;
+ }
if (l > sizeof (info->id) - 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PARSING_ERROR;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PARSING_ERROR;
+ }
memcpy (info->id, p1, l);
info->id[l] = 0;
/* convert to raw */
info->certid_raw_size = sizeof (info->certid_raw);
ret =
- _gnutls_hex2bin (info->id, strlen (info->id),
- info->certid_raw, &info->certid_raw_size);
+ _gnutls_hex2bin (info->id, strlen (info->id),
+ info->certid_raw, &info->certid_raw_size);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
ret = 0;
static int
append (gnutls_buffer_st * dest, const char *tname,
- const char *p11name, int init)
+ const char *p11name, int init)
{
gnutls_buffer_st tmpstr;
int ret;
if ((ret =
_gnutls_buffer_append_printf (dest, "%s%s=%s",
- (init != 0) ? ";" : "", p11name,
- tmpstr.data)) < 0)
+ (init != 0) ? ";" : "", p11name,
+ tmpstr.data)) < 0)
{
gnutls_assert ();
goto cleanup;
int
pkcs11_info_to_url (const struct pkcs11_url_info *info,
- gnutls_pkcs11_url_type_t detailed, char **url)
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
gnutls_buffer_st str;
int init = 0;
{
ret = append (&str, info->token, "token", init);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
init = 1;
}
{
ret = append (&str, info->serial, "serial", init);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
init = 1;
}
{
ret = append (&str, info->model, "model", init);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
init = 1;
}
{
ret = append (&str, info->manufacturer, "manufacturer", init);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
init = 1;
}
{
ret = append (&str, info->label, "object", init);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
init = 1;
}
{
ret = append (&str, info->type, "objecttype", init);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
init = 1;
}
if (detailed > GNUTLS_PKCS11_URL_GENERIC)
{
if (info->lib_manufacturer[0])
- {
- ret =
- append (&str, info->lib_manufacturer, "library-manufacturer",
- init);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- init = 1;
- }
+ {
+ ret =
+ append (&str, info->lib_manufacturer, "library-manufacturer",
+ init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
if (info->lib_desc[0])
- {
- ret = append (&str, info->lib_desc, "library-description", init);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- init = 1;
- }
+ {
+ ret = append (&str, info->lib_desc, "library-description", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
}
if (detailed > GNUTLS_PKCS11_URL_LIB)
{
if (info->lib_version[0])
- {
- ret = append (&str, info->lib_version, "library-version", init);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- init = 1;
- }
+ {
+ ret = append (&str, info->lib_version, "library-version", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
}
if (info->id[0] != 0)
{
ret = _gnutls_buffer_append_printf (&str, ";id=%s", info->id);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
_gnutls_buffer_append_data (&str, "", 1);
**/
int
gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size)
+ void *output_data, size_t * output_data_size)
{
if (obj == NULL || obj->raw.data == NULL)
{
int
pkcs11_find_object (pakchois_session_t ** _pks,
- ck_object_handle_t * _obj,
- struct pkcs11_url_info *info, unsigned int flags)
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, unsigned int flags)
{
int ret;
pakchois_session_t *pks;
fix_strings (struct token_info *info)
{
terminate_string (info->tinfo.manufacturer_id,
- sizeof info->tinfo.manufacturer_id);
+ sizeof info->tinfo.manufacturer_id);
terminate_string (info->tinfo.label, sizeof info->tinfo.label);
terminate_string (info->tinfo.model, sizeof info->tinfo.model);
terminate_string (info->tinfo.serial_number,
- sizeof info->tinfo.serial_number);
+ sizeof info->tinfo.serial_number);
terminate_string (info->sinfo.slot_description,
- sizeof info->sinfo.slot_description);
+ sizeof info->sinfo.slot_description);
}
int
pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot,
- struct pkcs11_url_info *info, struct token_info *_tinfo)
+ struct pkcs11_url_info *info, struct token_info *_tinfo)
{
int x, z;
for (x = 0; x < active_providers; x++)
{
for (z = 0; z < providers[x].nslots; z++)
- {
- struct token_info tinfo;
+ {
+ struct token_info tinfo;
- if (pakchois_get_token_info
- (providers[x].module, providers[x].slots[z],
- &tinfo.tinfo) != CKR_OK)
- {
- continue;
- }
- tinfo.sid = providers[x].slots[z];
- tinfo.prov = &providers[x];
+ if (pakchois_get_token_info
+ (providers[x].module, providers[x].slots[z],
+ &tinfo.tinfo) != CKR_OK)
+ {
+ continue;
+ }
+ tinfo.sid = providers[x].slots[z];
+ tinfo.prov = &providers[x];
- if (pakchois_get_slot_info
- (providers[x].module, providers[x].slots[z],
- &tinfo.sinfo) != CKR_OK)
- {
- continue;
- }
+ if (pakchois_get_slot_info
+ (providers[x].module, providers[x].slots[z],
+ &tinfo.sinfo) != CKR_OK)
+ {
+ continue;
+ }
- /* XXX make wrapper for token_info? */
- fix_strings (&tinfo);
+ /* XXX make wrapper for token_info? */
+ fix_strings (&tinfo);
- if (pkcs11_token_matches_info (info, &tinfo.tinfo,
- &providers[x].info) < 0)
- {
- continue;
- }
+ if (pkcs11_token_matches_info (info, &tinfo.tinfo,
+ &providers[x].info) < 0)
+ {
+ continue;
+ }
- /* ok found */
- *module = providers[x].module;
- *slot = providers[x].slots[z];
+ /* ok found */
+ *module = providers[x].module;
+ *slot = providers[x].slots[z];
- if (_tinfo != NULL)
- memcpy (_tinfo, &tinfo, sizeof (tinfo));
+ if (_tinfo != NULL)
+ memcpy (_tinfo, &tinfo, sizeof (tinfo));
- return 0;
- }
+ return 0;
+ }
}
gnutls_assert ();
int
pkcs11_open_session (pakchois_session_t ** _pks,
- struct pkcs11_url_info *info, unsigned int flags)
+ struct pkcs11_url_info *info, unsigned int flags)
{
ck_rv_t rv;
int ret;
}
rv = pakchois_open_session (module,
- slot,
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ slot,
+ ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
if (rv != CKR_OK)
{
gnutls_assert ();
{
ret = pkcs11_login (pks, &tinfo, (flags & SESSION_SO) ? 1 : 0);
if (ret < 0)
- {
- gnutls_assert ();
- pakchois_close_session (pks);
- return ret;
- }
+ {
+ gnutls_assert ();
+ pakchois_close_session (pks);
+ return ret;
+ }
}
/* ok found */
int
_pkcs11_traverse_tokens (find_func_t find_func, void *input,
- unsigned int flags)
+ unsigned int flags)
{
ck_rv_t rv;
int found = 0, x, z, ret;
for (x = 0; x < active_providers; x++)
{
for (z = 0; z < providers[x].nslots; z++)
- {
- struct token_info info;
-
- ret = GNUTLS_E_PKCS11_ERROR;
-
- if (pakchois_get_token_info
- (providers[x].module, providers[x].slots[z],
- &info.tinfo) != CKR_OK)
- {
- continue;
- }
- info.sid = providers[x].slots[z];
- info.prov = &providers[x];
-
- if (pakchois_get_slot_info
- (providers[x].module, providers[x].slots[z],
- &info.sinfo) != CKR_OK)
- {
- continue;
- }
-
- /* XXX make wrapper for token_info? */
- fix_strings (&info);
-
- rv = pakchois_open_session (providers[x].module,
- providers[x].slots[z],
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION, NULL, NULL, &pks);
- if (rv != CKR_OK)
- {
- continue;
- }
-
- if (flags & SESSION_LOGIN)
- {
- ret = pkcs11_login (pks, &info, (flags & SESSION_SO) ? 1 : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = find_func (pks, &info, &providers[x].info, input);
-
- if (ret == 0)
- {
- found = 1;
- goto finish;
- }
- else
- {
- pakchois_close_session (pks);
- pks = NULL;
- }
- }
+ {
+ struct token_info info;
+
+ ret = GNUTLS_E_PKCS11_ERROR;
+
+ if (pakchois_get_token_info
+ (providers[x].module, providers[x].slots[z],
+ &info.tinfo) != CKR_OK)
+ {
+ continue;
+ }
+ info.sid = providers[x].slots[z];
+ info.prov = &providers[x];
+
+ if (pakchois_get_slot_info
+ (providers[x].module, providers[x].slots[z],
+ &info.sinfo) != CKR_OK)
+ {
+ continue;
+ }
+
+ /* XXX make wrapper for token_info? */
+ fix_strings (&info);
+
+ rv = pakchois_open_session (providers[x].module,
+ providers[x].slots[z],
+ ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ if (rv != CKR_OK)
+ {
+ continue;
+ }
+
+ if (flags & SESSION_LOGIN)
+ {
+ ret = pkcs11_login (pks, &info, (flags & SESSION_SO) ? 1 : 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ ret = find_func (pks, &info, &providers[x].info, input);
+
+ if (ret == 0)
+ {
+ found = 1;
+ goto finish;
+ }
+ else
+ {
+ pakchois_close_session (pks);
+ pks = NULL;
+ }
+ }
}
finish:
*/
static int
pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj,
- const gnutls_datum_t * data,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo, struct ck_info *lib_info)
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo, struct ck_info *lib_info)
{
char *s;
int ret;
{
ret = _gnutls_set_datum (&obj->raw, data->data, data->size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
}
terminate_string (tinfo->manufacturer_id, sizeof tinfo->manufacturer_id);
/* write data */
snprintf (obj->info.manufacturer, sizeof (obj->info.manufacturer),
- "%s", tinfo->manufacturer_id);
+ "%s", tinfo->manufacturer_id);
snprintf (obj->info.token, sizeof (obj->info.token), "%s", tinfo->label);
snprintf (obj->info.model, sizeof (obj->info.model), "%s", tinfo->model);
snprintf (obj->info.serial, sizeof (obj->info.serial), "%s",
- tinfo->serial_number);
+ tinfo->serial_number);
snprintf (obj->info.lib_manufacturer, sizeof (obj->info.lib_manufacturer),
- "%s", lib_info->manufacturer_id);
+ "%s", lib_info->manufacturer_id);
snprintf (obj->info.lib_desc, sizeof (obj->info.lib_desc), "%s",
- lib_info->library_description);
+ lib_info->library_description);
snprintf (obj->info.lib_version, sizeof (obj->info.lib_version), "%u.%u",
- (unsigned int) lib_info->library_version.major,
- (unsigned int) lib_info->library_version.minor);
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
if (id && id->data)
{
s = _gnutls_bin2hex (id->data, id->size, obj->info.id,
- sizeof (obj->info.id), ":");
+ sizeof (obj->info.id), ":");
if (s == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
memmove (obj->info.certid_raw, id->data, id->size);
obj->info.certid_raw_size = id->size;
static int
pkcs11_obj_import_pubkey (pakchois_session_t * pks,
- ck_object_handle_t obj,
- gnutls_pkcs11_obj_t crt,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info)
+ ck_object_handle_t obj,
+ gnutls_pkcs11_obj_t crt,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
{
struct ck_attribute a[4];
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
{
switch (key_type)
- {
- case CKK_RSA:
- a[0].type = CKA_MODULUS;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_PUBLIC_EXPONENT;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
- {
-
- ret =
- _gnutls_set_datum (&crt->pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&crt->pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&crt->pubkey[1]);
- _gnutls_free_datum (&crt->pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
- crt->pk_algorithm = GNUTLS_PK_RSA;
- break;
- case CKK_DSA:
- a[0].type = CKA_PRIME;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_SUBPRIME;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&crt->pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&crt->pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&crt->pubkey[1]);
- _gnutls_free_datum (&crt->pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
-
- a[0].type = CKA_BASE;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_VALUE;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&crt->pubkey[2],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&crt->pubkey
- [3], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&crt->pubkey[0]);
- _gnutls_free_datum (&crt->pubkey[1]);
- _gnutls_free_datum (&crt->pubkey[2]);
- _gnutls_free_datum (&crt->pubkey[3]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
- crt->pk_algorithm = GNUTLS_PK_RSA;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
+ {
+ case CKK_RSA:
+ a[0].type = CKA_MODULUS;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_PUBLIC_EXPONENT;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+
+ ret =
+ _gnutls_set_datum (&crt->pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [1], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ crt->pk_algorithm = GNUTLS_PK_RSA;
+ break;
+ case CKK_DSA:
+ a[0].type = CKA_PRIME;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_SUBPRIME;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ ret =
+ _gnutls_set_datum (&crt->pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [1], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ a[0].type = CKA_BASE;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_VALUE;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ ret =
+ _gnutls_set_datum (&crt->pubkey[2],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [3], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[0]);
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[2]);
+ _gnutls_free_datum (&crt->pubkey[3]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ crt->pk_algorithm = GNUTLS_PK_RSA;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
}
/* read key usage flags */
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
{
if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
- }
+ {
+ crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ }
}
a[0].type = CKA_VERIFY;
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
{
if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
- }
+ {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
}
a[0].type = CKA_VERIFY_RECOVER;
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
{
if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
- }
+ {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
}
a[0].type = CKA_DERIVE;
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
{
if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
- }
+ {
+ crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
+ }
}
a[0].type = CKA_WRAP;
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
{
if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- }
+ {
+ crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ }
}
return pkcs11_obj_import (CKO_PUBLIC_KEY, crt, NULL, id, label,
- tinfo, lib_info);
+ tinfo, lib_info);
}
ck_object_class_t
static int
find_obj_url (pakchois_session_t * pks, struct token_info *info,
- struct ck_info *lib_info, void *input)
+ struct ck_info *lib_info, void *input)
{
struct url_find_data_st *find_data = input;
struct ck_attribute a[4];
char label_tmp[PKCS11_LABEL_SIZE];
if (info == NULL)
- { /* we don't support multiple calls */
+ { /* we don't support multiple calls */
gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
{
class = pkcs11_strtype_to_class (find_data->crt->info.type);
if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
+ type = CKC_X_509;
if (class == -1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/* search the token for the id */
a[1].value_len = sizeof (label_tmp);
if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
- {
- gnutls_datum_t id = { find_data->crt->info.certid_raw,
- find_data->crt->info.certid_raw_size
- };
- gnutls_datum_t data = { a[0].value, a[0].value_len };
- gnutls_datum_t label = { a[1].value, a[1].value_len };
-
- if (class == CKO_PUBLIC_KEY)
- {
- ret =
- pkcs11_obj_import_pubkey (pks, obj,
- find_data->crt,
- &id, &label,
- &info->tinfo, lib_info);
- }
- else
- {
- ret =
- pkcs11_obj_import (class,
- find_data->crt,
- &data, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- found = 1;
- break;
- }
+ {
+ gnutls_datum_t id = { find_data->crt->info.certid_raw,
+ find_data->crt->info.certid_raw_size
+ };
+ gnutls_datum_t data = { a[0].value, a[0].value_len };
+ gnutls_datum_t label = { a[1].value, a[1].value_len };
+
+ if (class == CKO_PUBLIC_KEY)
+ {
+ ret =
+ pkcs11_obj_import_pubkey (pks, obj,
+ find_data->crt,
+ &id, &label,
+ &info->tinfo, lib_info);
+ }
+ else
+ {
+ ret =
+ pkcs11_obj_import (class,
+ find_data->crt,
+ &data, &id, &label,
+ &info->tinfo, lib_info);
+ }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ found = 1;
+ break;
+ }
else
- {
- _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n");
- }
+ {
+ _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n");
+ }
}
if (found == 0)
**/
int
gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url,
- unsigned int flags)
+ unsigned int flags)
{
int ret;
struct url_find_data_st find_data;
ret =
_pkcs11_traverse_tokens (find_obj_url, &find_data,
- pkcs11_obj_flags_to_int (flags));
+ pkcs11_obj_flags_to_int (flags));
if (ret < 0)
{
struct token_num
{
struct pkcs11_url_info info;
- unsigned int seq; /* which one we are looking for */
- unsigned int current; /* which one are we now */
+ unsigned int seq; /* which one we are looking for */
+ unsigned int current; /* which one are we now */
};
static int
find_token_num (pakchois_session_t * pks,
- struct token_info *tinfo,
- struct ck_info *lib_info, void *input)
+ struct token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
struct token_num *find_data = input;
if (tinfo == NULL)
- { /* we don't support multiple calls */
+ { /* we don't support multiple calls */
gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
strcpy (find_data->info.lib_manufacturer, lib_info->manufacturer_id);
strcpy (find_data->info.lib_desc, lib_info->library_description);
snprintf (find_data->info.lib_version,
- sizeof (find_data->info.lib_version), "%u.%u",
- (unsigned int) lib_info->library_version.major,
- (unsigned int) lib_info->library_version.minor);
+ sizeof (find_data->info.lib_version), "%u.%u",
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
return 0;
}
/* search the token for the id */
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
}
/**
int
gnutls_pkcs11_token_get_url (unsigned int seq,
- gnutls_pkcs11_url_type_t detailed, char **url)
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
int ret;
struct token_num tn;
**/
int
gnutls_pkcs11_token_get_info (const char *url,
- gnutls_pkcs11_token_info_t ttype,
- void *output, size_t * output_size)
+ gnutls_pkcs11_token_info_t ttype,
+ void *output, size_t * output_size)
{
const char *str;
size_t len;
**/
int
gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t cert,
- gnutls_pkcs11_url_type_t detailed, char **url)
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
int ret;
if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
{
if (pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0) ==
- CKR_OK)
- {
- return 0;
- }
+ CKR_OK)
+ {
+ return 0;
+ }
else
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: Protected login failed.\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: Protected login failed.\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
}
/* Otherwise, PIN entry is necessary for login, so fail if there's
/* If login has been attempted once already, check the token
* status again, the flags might change. */
if (attempt)
- {
- if (pakchois_get_token_info
- (info->prov->module, info->sid, &tinfo) != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: GetTokenInfo failed\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
- }
+ {
+ if (pakchois_get_token_info
+ (info->prov->module, info->sid, &tinfo) != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: GetTokenInfo failed\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
flags = 0;
if (so == 0)
- {
- flags |= GNUTLS_PKCS11_PIN_USER;
- if (tinfo.flags & CKF_USER_PIN_COUNT_LOW)
- flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
- if (tinfo.flags & CKF_USER_PIN_FINAL_TRY)
- flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
- }
+ {
+ flags |= GNUTLS_PKCS11_PIN_USER;
+ if (tinfo.flags & CKF_USER_PIN_COUNT_LOW)
+ flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
+ if (tinfo.flags & CKF_USER_PIN_FINAL_TRY)
+ flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
+ }
else
- {
- flags |= GNUTLS_PKCS11_PIN_SO;
- if (tinfo.flags & CKF_SO_PIN_COUNT_LOW)
- flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
- if (tinfo.flags & CKF_SO_PIN_FINAL_TRY)
- flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
- }
+ {
+ flags |= GNUTLS_PKCS11_PIN_SO;
+ if (tinfo.flags & CKF_SO_PIN_COUNT_LOW)
+ flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
+ if (tinfo.flags & CKF_SO_PIN_FINAL_TRY)
+ flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
+ }
ret = pin_func (pin_data, attempt++,
- (char *) token_url,
- (char *) info->tinfo.label, flags, pin, sizeof (pin));
+ (char *) token_url,
+ (char *) info->tinfo.label, flags, pin, sizeof (pin));
if (ret < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PKCS11_PIN_ERROR;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PKCS11_PIN_ERROR;
+ goto cleanup;
+ }
pin_len = strlen (pin);
rv = pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO,
- (unsigned char *) pin, pin_len);
+ (unsigned char *) pin, pin_len);
/* Try to scrub the pin off the stack. Clever compilers will
* probably optimize this away, oh well. */
ret = (rv == CKR_OK
- || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv);
+ || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv);
cleanup:
gnutls_free (token_url);
static int
find_privkeys (pakchois_session_t * pks, struct token_info *info,
- struct pkey_list *list)
+ struct pkey_list *list)
{
struct ck_attribute a[3];
ck_object_class_t class;
_gnutls_buffer_init (&list->key_ids[current]);
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
- {
- _gnutls_buffer_append_data (&list->key_ids[current],
- a[0].value, a[0].value_len);
- current++;
- }
+ {
+ _gnutls_buffer_append_data (&list->key_ids[current],
+ a[0].value, a[0].value_len);
+ current++;
+ }
if (current > list->key_ids_size)
- break;
+ break;
}
pakchois_find_objects_final (pks);
static int
find_objs (pakchois_session_t * pks, struct token_info *info,
- struct ck_info *lib_info, void *input)
+ struct ck_info *lib_info, void *input)
{
struct crt_find_data_st *find_data = input;
struct ck_attribute a[4];
char certid_tmp[PKCS11_ID_SIZE];
char label_tmp[PKCS11_LABEL_SIZE];
int ret, i;
- struct pkey_list plist; /* private key holder */
+ struct pkey_list plist; /* private key holder */
int tot_values = 0;
if (info == NULL)
- { /* final call */
+ { /* final call */
if (find_data->current <= *find_data->n_list)
- ret = 0;
+ ret = 0;
else
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
*find_data->n_list = find_data->current;
{
class = pkcs11_strtype_to_class (find_data->info.type);
if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
+ type = CKC_X_509;
else
- type = -1;
+ type = -1;
if (class == -1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
{
ret = find_privkeys (pks, info, &plist);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (plist.key_ids_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
}
cert_data = gnutls_malloc (MAX_CERT_SIZE);
else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
{
if (class != -1)
- {
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
+ {
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
if (type != -1)
- {
- a[tot_values].type = CKA_CERTIFICATE_TYPE;
- a[tot_values].value = &type;
- a[tot_values].value_len = sizeof type;
- tot_values++;
- }
+ {
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+ }
}
else
{
a[0].value_len = sizeof label_tmp;
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
- {
- label.data = a[0].value;
- label.size = a[0].value_len;
- }
+ {
+ label.data = a[0].value;
+ label.size = a[0].value_len;
+ }
else
- {
- label.data = NULL;
- label.size = 0;
- }
+ {
+ label.data = NULL;
+ label.size = 0;
+ }
a[0].type = CKA_ID;
a[0].value = certid_tmp;
a[0].value_len = sizeof certid_tmp;
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
- {
- id.data = a[0].value;
- id.size = a[0].value_len;
- }
+ {
+ id.data = a[0].value;
+ id.size = a[0].value_len;
+ }
else
- {
- id.data = NULL;
- id.size = 0;
- }
+ {
+ id.data = NULL;
+ id.size = 0;
+ }
a[0].type = CKA_VALUE;
a[0].value = cert_data;
a[0].value_len = MAX_CERT_SIZE;
if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
- {
- value.data = a[0].value;
- value.size = a[0].value_len;
- }
+ {
+ value.data = a[0].value;
+ value.size = a[0].value_len;
+ }
else
- {
- value.data = NULL;
- value.size = 0;
- }
+ {
+ value.data = NULL;
+ value.size = 0;
+ }
if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
- {
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
+ {
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
- pakchois_get_attribute_value (pks, obj, a, 1);
- }
+ pakchois_get_attribute_value (pks, obj, a, 1);
+ }
if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
- {
- for (i = 0; i < plist.key_ids_size; i++)
- {
- if (plist.key_ids[i].length !=
- a[1].value_len
- || memcmp (plist.key_ids[i].data,
- a[1].value, a[1].value_len) != 0)
- {
- /* not found */
- continue;
- }
- }
- }
+ {
+ for (i = 0; i < plist.key_ids_size; i++)
+ {
+ if (plist.key_ids[i].length !=
+ a[1].value_len
+ || memcmp (plist.key_ids[i].data,
+ a[1].value, a[1].value_len) != 0)
+ {
+ /* not found */
+ continue;
+ }
+ }
+ }
if (find_data->current < *find_data->n_list)
- {
- ret =
- gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- if (class == CKO_PUBLIC_KEY)
- {
- ret =
- pkcs11_obj_import_pubkey (pks, obj,
- find_data->p_list
- [find_data->current],
- &id, &label,
- &info->tinfo, lib_info);
- }
- else
- {
- ret =
- pkcs11_obj_import (class,
- find_data->p_list
- [find_data->current],
- &value, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- }
+ {
+ ret =
+ gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ if (class == CKO_PUBLIC_KEY)
+ {
+ ret =
+ pkcs11_obj_import_pubkey (pks, obj,
+ find_data->p_list
+ [find_data->current],
+ &id, &label,
+ &info->tinfo, lib_info);
+ }
+ else
+ {
+ ret =
+ pkcs11_obj_import (class,
+ find_data->p_list
+ [find_data->current],
+ &value, &id, &label,
+ &info->tinfo, lib_info);
+ }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+ }
find_data->current++;
gnutls_free (cert_data);
pakchois_find_objects_final (pks);
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
fail:
gnutls_free (cert_data);
if (plist.key_ids != NULL)
{
for (i = 0; i < plist.key_ids_size; i++)
- {
- _gnutls_buffer_clear (&plist.key_ids[i]);
- }
+ {
+ _gnutls_buffer_clear (&plist.key_ids[i]);
+ }
gnutls_free (plist.key_ids);
}
for (i = 0; i < find_data->current; i++)
**/
int
gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags)
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags)
{
int ret;
struct crt_find_data_st find_data;
ret =
_pkcs11_traverse_tokens (find_objs, &find_data,
- pkcs11_obj_flags_to_int (flags));
+ pkcs11_obj_flags_to_int (flags));
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt,
- const char *url, unsigned int flags)
+ const char *url, unsigned int flags)
{
gnutls_pkcs11_obj_t pcrt;
int ret;
**/
int
gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
- gnutls_pkcs11_obj_t pkcs11_crt)
+ gnutls_pkcs11_obj_t pkcs11_crt)
{
return gnutls_x509_crt_import (crt, &pkcs11_crt->raw, GNUTLS_X509_FMT_DER);
}
**/
int
gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
- unsigned int cert_max,
- gnutls_pkcs11_obj_t * const objs,
- unsigned int flags)
+ unsigned int cert_max,
+ gnutls_pkcs11_obj_t * const objs,
+ unsigned int flags)
{
int i, j;
int ret;
{
ret = gnutls_x509_crt_init (&certs[i]);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
ret = gnutls_x509_crt_import_pkcs11 (certs[i], objs[i]);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
return 0;
static int
find_flags (pakchois_session_t * pks, struct token_info *info,
- struct ck_info *lib_info, void *input)
+ struct ck_info *lib_info, void *input)
{
struct flags_find_data_st *find_data = input;
if (info == NULL)
- { /* we don't support multiple calls */
+ { /* we don't support multiple calls */
gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
**/
int
gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
- unsigned long *mechanism)
+ unsigned long *mechanism)
{
int ret;
ck_rv_t rv;
int
pkcs11_token_matches_info (struct pkcs11_url_info *info,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info)
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
{
if (info->manufacturer[0] != 0)
{
if (strcmp (info->manufacturer, tinfo->manufacturer_id) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
if (info->token[0] != 0)
{
if (strcmp (info->token, tinfo->label) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
if (info->model[0] != 0)
{
if (strcmp (info->model, tinfo->model) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
if (info->serial[0] != 0)
{
if (strcmp (info->serial, tinfo->serial_number) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
if (info->lib_manufacturer[0] != 0)
{
if (strcmp (info->lib_manufacturer, lib_info->manufacturer_id) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
if (info->lib_desc[0] != 0)
{
if (strcmp (info->lib_desc, lib_info->library_description) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
if (info->lib_version[0] != 0)
char version[16];
snprintf (version, sizeof (version), "%u.%u",
- (unsigned int) lib_info->library_version.major,
- (unsigned int) lib_info->library_version.minor);
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
if (strcmp (info->lib_version, version) != 0)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
return 0;
struct pkcs11_url_info
{
/* everything here is null terminated strings */
- opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
- opaque type[16]; /* cert/key etc. */
+ opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
+ opaque type[16]; /* cert/key etc. */
opaque lib_manufacturer[sizeof
- (((struct ck_info *) NULL)->manufacturer_id) + 1];
+ (((struct ck_info *) NULL)->manufacturer_id) + 1];
opaque lib_desc[sizeof
- (((struct ck_info *) NULL)->library_description) + 1];
+ (((struct ck_info *) NULL)->library_description) + 1];
opaque lib_version[12];
opaque manufacturer[sizeof
- (((struct ck_token_info *) NULL)->manufacturer_id) + 1];
+ (((struct ck_token_info *) NULL)->manufacturer_id) + 1];
opaque token[sizeof (((struct ck_token_info *) NULL)->label) + 1];
opaque serial[sizeof (((struct ck_token_info *) NULL)->serial_number) + 1];
opaque model[sizeof (((struct ck_token_info *) NULL)->model) + 1];
opaque label[PKCS11_LABEL_SIZE + 1];
- opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
+ opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
size_t certid_raw_size;
};
* It should return 0 if found what it was looking for.
*/
typedef int (*find_func_t) (pakchois_session_t * pks,
- struct token_info * tinfo, struct ck_info *,
- void *input);
+ struct token_info * tinfo, struct ck_info *,
+ void *input);
int pkcs11_rv_to_err (ck_rv_t rv);
int pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info);
int
pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot,
- struct pkcs11_url_info *info, struct token_info *_tinfo);
+ struct pkcs11_url_info *info, struct token_info *_tinfo);
int pkcs11_get_info (struct pkcs11_url_info *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size);
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
int pkcs11_login (pakchois_session_t * pks,
- const struct token_info *info, int admin);
+ const struct token_info *info, int admin);
extern gnutls_pkcs11_token_callback_t token_func;
extern void *token_data;
void pkcs11_rescan_slots (void);
int pkcs11_info_to_url (const struct pkcs11_url_info *info,
- gnutls_pkcs11_url_type_t detailed, char **url);
+ gnutls_pkcs11_url_type_t detailed, char **url);
#define SESSION_WRITE (1<<0)
#define SESSION_LOGIN (1<<1)
-#define SESSION_SO (1<<2) /* security officer session */
+#define SESSION_SO (1<<2) /* security officer session */
int pkcs11_open_session (pakchois_session_t ** _pks,
- struct pkcs11_url_info *info, unsigned int flags);
+ struct pkcs11_url_info *info, unsigned int flags);
int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
- unsigned int flags);
+ unsigned int flags);
ck_object_class_t pkcs11_strtype_to_class (const char *type);
int pkcs11_token_matches_info (struct pkcs11_url_info *info,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info);
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info);
/* flags are SESSION_* */
int pkcs11_find_object (pakchois_session_t ** _pks,
- ck_object_handle_t * _obj,
- struct pkcs11_url_info *info, unsigned int flags);
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, unsigned int flags);
unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
int
_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
#endif
**/
int
gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
- unsigned int *bits)
+ unsigned int *bits)
{
if (bits)
- *bits = 0; /* FIXME */
+ *bits = 0; /* FIXME */
return key->pk_algorithm;
}
**/
int
gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
return pkcs11_get_info (&pkey->info, itype, output, output_size);
}
**/
int
gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
- ret = pk_hash_data(signer->pk_algorithm, hash, NULL, data, &digest);
+ ret = pk_hash_data (signer->pk_algorithm, hash, NULL, data, &digest);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
-*/
int
_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
ck_rv_t rv;
int ret;
**/
int
gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
- digest.data = gnutls_malloc(hash_data->size);
+ digest.data = gnutls_malloc (hash_data->size);
if (digest.data == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
digest.size = hash_data->size;
- memcpy(digest.data, hash_data->data, digest.size);
+ memcpy (digest.data, hash_data->data, digest.size);
ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
if (ret < 0)
ret = 0;
cleanup:
- _gnutls_free_datum(&digest);
+ _gnutls_free_datum (&digest);
return ret;
}
**/
int
gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
- const char *url, unsigned int flags)
+ const char *url, unsigned int flags)
{
int ret;
**/
int
gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
ck_rv_t rv;
int ret;
/* Work out how long the plaintext must be: */
rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size,
- NULL, &siglen);
+ NULL, &siglen);
if (rv != CKR_OK)
{
gnutls_assert ();
plaintext->size = siglen;
rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size,
- plaintext->data, &siglen);
+ plaintext->data, &siglen);
if (rv != CKR_OK)
{
gnutls_free (plaintext->data);
**/
int
gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
- gnutls_pkcs11_url_type_t detailed,
- char **url)
+ gnutls_pkcs11_url_type_t detailed,
+ char **url)
{
int ret;
**/
int
gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key,
- const char *label,
- unsigned int key_usage, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
+ const char *label,
+ unsigned int key_usage, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
{
int ret;
pakchois_session_t *pks;
ret =
pkcs11_open_session (&pks, &info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_pkcs11_copy_x509_crt (const char *token_url,
- gnutls_x509_crt_t crt, const char *label,
- unsigned int flags)
+ gnutls_x509_crt_t crt, const char *label,
+ unsigned int flags)
{
int ret;
pakchois_session_t *pks;
ret =
pkcs11_open_session (&pks, &info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_pkcs11_copy_x509_privkey (const char *token_url,
- gnutls_x509_privkey_t key,
- const char *label,
- unsigned int key_usage, unsigned int flags)
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags)
{
int ret;
pakchois_session_t *pks;
ret =
pkcs11_open_session (&pks, &info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
if (ret < 0)
{
gnutls_assert ();
case GNUTLS_PK_RSA:
{
- ret =
- gnutls_x509_privkey_export_rsa_raw2 (key, &m,
- &e, &d, &p,
- &q, &u, &exp1, &exp2);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_RSA;
-
- a[a_val].type = CKA_MODULUS;
- a[a_val].value = m.data;
- a[a_val].value_len = m.size;
- a_val++;
-
- a[a_val].type = CKA_PUBLIC_EXPONENT;
- a[a_val].value = e.data;
- a[a_val].value_len = e.size;
- a_val++;
-
- a[a_val].type = CKA_PRIVATE_EXPONENT;
- a[a_val].value = d.data;
- a[a_val].value_len = d.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_1;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_2;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_COEFFICIENT;
- a[a_val].value = u.data;
- a[a_val].value_len = u.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_1;
- a[a_val].value = exp1.data;
- a[a_val].value_len = exp1.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_2;
- a[a_val].value = exp2.data;
- a[a_val].value_len = exp2.size;
- a_val++;
-
- break;
+ ret =
+ gnutls_x509_privkey_export_rsa_raw2 (key, &m,
+ &e, &d, &p,
+ &q, &u, &exp1, &exp2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ type = CKK_RSA;
+
+ a[a_val].type = CKA_MODULUS;
+ a[a_val].value = m.data;
+ a[a_val].value_len = m.size;
+ a_val++;
+
+ a[a_val].type = CKA_PUBLIC_EXPONENT;
+ a[a_val].value = e.data;
+ a[a_val].value_len = e.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIVATE_EXPONENT;
+ a[a_val].value = d.data;
+ a[a_val].value_len = d.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_1;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_2;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_COEFFICIENT;
+ a[a_val].value = u.data;
+ a[a_val].value_len = u.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_1;
+ a[a_val].value = exp1.data;
+ a[a_val].value_len = exp1.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_2;
+ a[a_val].value = exp2.data;
+ a[a_val].value_len = exp2.size;
+ a_val++;
+
+ break;
}
case GNUTLS_PK_DSA:
{
- ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_DSA;
-
- a[a_val].type = CKA_PRIME;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_SUBPRIME;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_BASE;
- a[a_val].value = g.data;
- a[a_val].value_len = g.size;
- a_val++;
-
- a[a_val].type = CKA_VALUE;
- a[a_val].value = x.data;
- a[a_val].value_len = x.size;
- a_val++;
-
- break;
+ ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ type = CKK_DSA;
+
+ a[a_val].type = CKA_PRIME;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_SUBPRIME;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_BASE;
+ a[a_val].value = g.data;
+ a[a_val].value_len = g.size;
+ a_val++;
+
+ a[a_val].type = CKA_VALUE;
+ a[a_val].value = x.data;
+ a[a_val].value_len = x.size;
+ a_val++;
+
+ break;
}
default:
gnutls_assert ();
{
case GNUTLS_PK_RSA:
{
- gnutls_free (m.data);
- gnutls_free (e.data);
- gnutls_free (d.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (u.data);
- gnutls_free (exp1.data);
- gnutls_free (exp2.data);
- break;
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ gnutls_free (d.data);
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (u.data);
+ gnutls_free (exp1.data);
+ gnutls_free (exp2.data);
+ break;
}
case GNUTLS_PK_DSA:
{
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
- gnutls_free (x.data);
- break;
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+ gnutls_free (x.data);
+ break;
}
default:
gnutls_assert ();
struct delete_data_st
{
struct pkcs11_url_info info;
- unsigned int deleted; /* how many */
+ unsigned int deleted; /* how many */
};
static int
delete_obj_url (pakchois_session_t * pks,
- struct token_info *info,
- struct ck_info *lib_info, void *input)
+ struct token_info *info,
+ struct ck_info *lib_info, void *input)
{
struct delete_data_st *find_data = input;
struct ck_attribute a[4];
if (info == NULL)
- { /* we don't support multiple calls */
+ { /* we don't support multiple calls */
gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- class = CKO_CERTIFICATE; /* default */
+ class = CKO_CERTIFICATE; /* default */
if (find_data->info.type[0] != 0)
{
class = pkcs11_strtype_to_class (find_data->info.type);
if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
+ type = CKC_X_509;
if (class == -1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
a_vals = 0;
{
rv = pakchois_destroy_object (pks, obj);
if (rv != CKR_OK)
- {
- _gnutls_debug_log
- ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv));
- }
+ {
+ _gnutls_debug_log
+ ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv));
+ }
else
- {
- find_data->deleted++;
- }
+ {
+ find_data->deleted++;
+ }
found = 1;
}
ret =
_pkcs11_traverse_tokens (delete_obj_url, &find_data,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_pkcs11_token_init (const char *token_url,
- const char *so_pin, const char *label)
+ const char *so_pin, const char *label)
{
int ret;
struct pkcs11_url_info info;
rv =
pakchois_init_token (module, slot, (char *) so_pin, strlen (so_pin),
- flabel);
+ flabel);
if (rv != CKR_OK)
{
gnutls_assert ();
**/
int
gnutls_pkcs11_token_set_pin (const char *token_url,
- const char *oldpin,
- const char *newpin, unsigned int flags)
+ const char *oldpin,
+ const char *newpin, unsigned int flags)
{
int ret;
pakchois_session_t *pks;
{
rv = pakchois_init_pin (pks, (char *) newpin, strlen (newpin));
if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto finish;
+ }
}
else
{
rv = pakchois_set_pin (pks,
- (char *) oldpin, strlen (oldpin),
- (char *) newpin, strlen (newpin));
+ (char *) oldpin, strlen (oldpin),
+ (char *) newpin, strlen (newpin));
if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto finish;
+ }
}
ret = 0;
if (_gnutls_rnd_ops.init != NULL)
{
if (_gnutls_rnd_ops.init (&rnd_ctx) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RANDOM_FAILED;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
}
return 0;
ssize_t
system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
- int iovec_cnt)
+ int iovec_cnt)
{
return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec,
- iovec_cnt);
+ iovec_cnt);
}
#endif
int
_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
- void (*child) (void))
+ void (*child) (void))
{
return 0;
}
int
_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
- void (*child) (void))
+ void (*child) (void))
{
return pthread_atfork (prepare, parent, child);
}
int
_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
- void (*child) (void))
+ void (*child) (void))
{
return 0;
}
#include <gnutls_int.h>
#ifndef _WIN32
-#include <sys/uio.h> /* for writev */
+#include <sys/uio.h> /* for writev */
#endif
int system_errno (gnutls_transport_ptr);
#ifdef _WIN32
ssize_t system_write (gnutls_transport_ptr ptr, const void *data,
- size_t data_size);
+ size_t data_size);
#else
#define HAVE_WRITEV
ssize_t system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
- int iovec_cnt);
+ int iovec_cnt);
#endif
ssize_t system_read (gnutls_transport_ptr ptr, void *data, size_t data_size);
ssize_t system_read_peek (gnutls_transport_ptr ptr, void *data,
- size_t data_size);
+ size_t data_size);
#ifdef _WIN32
#define HAVE_WIN32_LOCKS
#endif
int _gnutls_atfork (void (*prepare) (void), void (*parent) (void),
- void (*child) (void));
+ void (*child) (void));
#endif /* SYSTEM_H */
{
const char *oid;
const char *ldap_desc;
- int choice; /* of type DirectoryString */
+ int choice; /* of type DirectoryString */
int printable;
- const char *asn_desc; /* description in the pkix file */
+ const char *asn_desc; /* description in the pkix file */
};
/* This list contains all the OIDs that may be
do
{
if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].printable;
+ return _oid2str[i].printable;
i++;
}
while (_oid2str[i].oid != NULL);
do
{
if (strcmp (_oid2str[i].oid, oid) == 0)
- return 1;
+ return 1;
i++;
}
while (_oid2str[i].oid != NULL);
do
{
if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].choice;
+ return _oid2str[i].choice;
i++;
}
while (_oid2str[i].oid != NULL);
do
{
if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].ldap_desc;
+ return _oid2str[i].ldap_desc;
i++;
}
while (_oid2str[i].oid != NULL);
do
{
if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].asn_desc;
+ return _oid2str[i].asn_desc;
i++;
}
while (_oid2str[i].oid != NULL);
*/
int
_gnutls_x509_oid_data2string (const char *oid, void *value,
- int value_size, char *res, size_t * res_size)
+ int value_size, char *res, size_t * res_size)
{
char str[MAX_STRING_LEN], tmpname[128];
const char *ANAME = NULL;
if ((result =
asn1_create_element (_gnutls_get_pkix (), ANAME,
- &tmpasn)) != ASN1_SUCCESS)
+ &tmpasn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
if ((result =
asn1_der_decoding (&tmpasn, value, value_size,
- asn1_err)) != ASN1_SUCCESS)
+ asn1_err)) != ASN1_SUCCESS)
{
gnutls_assert ();
_gnutls_x509_log ("asn1_der_decoding: %s:%s\n", str, asn1_err);
*/
len = sizeof (str) - 1;
if ((result = asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS)
- { /* CHOICE */
+ { /* CHOICE */
gnutls_assert ();
asn1_delete_structure (&tmpasn);
return _gnutls_asn2err (result);
/* Refuse to deal with strings containing NULs. */
if (strlen (str) != len)
- return GNUTLS_E_ASN1_DER_ERROR;
+ return GNUTLS_E_ASN1_DER_ERROR;
if (res)
- _gnutls_str_cpy (res, *res_size, str);
+ _gnutls_str_cpy (res, *res_size, str);
*res_size = len;
asn1_delete_structure (&tmpasn);
}
else
- { /* CHOICE */
+ { /* CHOICE */
int non_printable = 0, teletex = 0;
str[len] = 0;
* UTF-8 (thus ASCII as well).
*/
if (strcmp (str, "printableString") != 0 &&
- strcmp (str, "ia5String") != 0 && strcmp (str, "utf8String") != 0)
- {
- non_printable = 1;
- }
+ strcmp (str, "ia5String") != 0 && strcmp (str, "utf8String") != 0)
+ {
+ non_printable = 1;
+ }
if (strcmp (str, "teletexString") == 0)
- teletex = 1;
+ teletex = 1;
_gnutls_str_cpy (tmpname, sizeof (tmpname), str);
len = sizeof (str) - 1;
if ((result =
- asn1_read_value (tmpasn, tmpname, str, &len)) != ASN1_SUCCESS)
- {
- asn1_delete_structure (&tmpasn);
- return _gnutls_asn2err (result);
- }
+ asn1_read_value (tmpasn, tmpname, str, &len)) != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (&tmpasn);
+ return _gnutls_asn2err (result);
+ }
asn1_delete_structure (&tmpasn);
if (teletex != 0)
- {
- int ascii = 0, i;
- /* HACK: if the teletex string contains only ascii
- * characters then treat it as printable.
- */
- for (i = 0; i < len; i++)
- if (!isascii (str[i]))
- ascii = 1;
-
- if (ascii == 0)
- non_printable = 0;
- }
+ {
+ int ascii = 0, i;
+ /* HACK: if the teletex string contains only ascii
+ * characters then treat it as printable.
+ */
+ for (i = 0; i < len; i++)
+ if (!isascii (str[i]))
+ ascii = 1;
+
+ if (ascii == 0)
+ non_printable = 0;
+ }
if (non_printable == 0)
- {
- str[len] = 0;
+ {
+ str[len] = 0;
- /* Refuse to deal with strings containing NULs. */
- if (strlen (str) != len)
- return GNUTLS_E_ASN1_DER_ERROR;
+ /* Refuse to deal with strings containing NULs. */
+ if (strlen (str) != len)
+ return GNUTLS_E_ASN1_DER_ERROR;
- if (res)
- _gnutls_str_cpy (res, *res_size, str);
- *res_size = len;
- }
+ if (res)
+ _gnutls_str_cpy (res, *res_size, str);
+ *res_size = len;
+ }
else
- {
- result = _gnutls_x509_data2hex (str, len, res, res_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
+ {
+ result = _gnutls_x509_data2hex (str, len, res, res_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
}
return 0;
*/
int
_gnutls_x509_data2hex (const opaque * data, size_t data_size,
- opaque * out, size_t * sizeof_out)
+ opaque * out, size_t * sizeof_out)
{
char *res;
char escaped[MAX_STRING_LEN];
*sizeof_out = size;
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- *sizeof_out = size; /* -1 for the null +1 for the '#' */
+ *sizeof_out = size; /* -1 for the null +1 for the '#' */
if (out)
{
typedef struct fake_tm
{
int tm_mon;
- int tm_year; /* FULL year - ie 1971 */
+ int tm_year; /* FULL year - ie 1971 */
int tm_mday;
int tm_hour;
int tm_min;
* time_t.
*/
if (sizeof (time_t) <= 4 && etime.tm_year >= 2038)
- return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
+ return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
if (etime.tm_year < 1970)
return (time_t) 0;
/* get the month
*/
- memcpy (xx, ttime, 2); /* month */
+ memcpy (xx, ttime, 2); /* month */
etime.tm_mon = atoi (xx) - 1;
ttime += 2;
/* get the day
*/
- memcpy (xx, ttime, 2); /* day */
+ memcpy (xx, ttime, 2); /* day */
etime.tm_mday = atoi (xx);
ttime += 2;
/* get the hour
*/
- memcpy (xx, ttime, 2); /* hour */
+ memcpy (xx, ttime, 2); /* hour */
etime.tm_hour = atoi (xx);
ttime += 2;
/* get the minutes
*/
- memcpy (xx, ttime, 2); /* minutes */
+ memcpy (xx, ttime, 2); /* minutes */
etime.tm_min = atoi (xx);
ttime += 2;
xx[2] = 0;
/* get the year
*/
- memcpy (xx, ttime, 2); /* year */
+ memcpy (xx, ttime, 2); /* year */
year = atoi (xx);
ttime += 2;
/* get the year
*/
- memcpy (xx, ttime, 4); /* year */
+ memcpy (xx, ttime, 4); /* year */
year = atoi (xx);
ttime += 4;
len = sizeof (ttime) - 1;
result = asn1_read_value (c2, name, ttime, &len);
if (result == ASN1_SUCCESS)
- c_time = _gnutls_x509_generalTime2gtime (ttime);
+ c_time = _gnutls_x509_generalTime2gtime (ttime);
}
else
- { /* UTCTIME */
+ { /* UTCTIME */
_gnutls_str_cat (name, sizeof (name), ".utcTime");
len = sizeof (ttime) - 1;
result = asn1_read_value (c2, name, ttime, &len);
if (result == ASN1_SUCCESS)
- c_time = _gnutls_x509_utcTime2gtime (ttime);
+ c_time = _gnutls_x509_utcTime2gtime (ttime);
}
/* We cannot handle dates after 2031 in 32 bit machines.
*/
int
_gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
int result, len;
{
if (output_data == NULL)
- *output_data_size = 0;
+ *output_data_size = 0;
len = *output_data_size;
if ((result =
- asn1_der_coding (asn1_data, name, output_data, &len,
- NULL)) != ASN1_SUCCESS)
- {
- *output_data_size = len;
- if (result == ASN1_MEM_ERROR)
- {
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ asn1_der_coding (asn1_data, name, output_data, &len,
+ NULL)) != ASN1_SUCCESS)
+ {
+ *output_data_size = len;
+ if (result == ASN1_MEM_ERROR)
+ {
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
*output_data_size = len;
}
else
- { /* PEM */
+ { /* PEM */
opaque *out;
gnutls_datum_t tmp;
result = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
result = _gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, &out);
_gnutls_free_datum (&tmp);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
if (result == 0)
- { /* oooops */
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ { /* oooops */
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
if ((unsigned) result > *output_data_size)
- {
- gnutls_assert ();
- gnutls_free (out);
- *output_data_size = result;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (out);
+ *output_data_size = result;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
*output_data_size = result;
if (output_data)
- {
- memcpy (output_data, out, result);
+ {
+ memcpy (output_data, out, result);
- /* do not include the null character into output size.
- */
- *output_data_size = result - 1;
- }
+ /* do not include the null character into output size.
+ */
+ *output_data_size = result - 1;
+ }
gnutls_free (out);
}
int
_gnutls_x509_export_int (ASN1_TYPE asn1_data,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
return _gnutls_x509_export_int_named (asn1_data, "",
- format, pem_header, output_data,
- output_data_size);
+ format, pem_header, output_data,
+ output_data_size);
}
/* Decodes an octet string. Leave string_type null for a normal
*/
int
_gnutls_x509_decode_octet_string (const char *string_type,
- const opaque * der, size_t der_size,
- opaque * output, size_t * output_size)
+ const opaque * der, size_t der_size,
+ opaque * output, size_t * output_size)
{
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
int result, tmp_output_size;
*/
int
_gnutls_x509_read_value (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret, int flags)
+ gnutls_datum_t * ret, int flags)
{
int len = 0, result;
size_t slen;
slen = len;
result = _gnutls_x509_decode_octet_string (NULL, tmp, slen, tmp, &slen);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
len = slen;
}
*/
int
_gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * res, int str)
+ gnutls_datum_t * res, int str)
{
int size, result;
int asize;
*/
if (str)
- size += 16; /* for later to include the octet tags */
+ size += 16; /* for later to include the octet tags */
asize = size;
data = gnutls_malloc (size);
if (str)
{
if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
result = asn1_write_value (c2, "", data, size);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
result = asn1_der_coding (c2, "", data, &asize, NULL);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
size = asize;
*/
int
_gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
- ASN1_TYPE dest, const char *dest_name,
- int str)
+ ASN1_TYPE dest, const char *dest_name,
+ int str)
{
int result;
gnutls_datum_t encoded;
*/
int
_gnutls_x509_write_value (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data, int str)
+ const gnutls_datum_t * data, int str)
{
int result;
int asize;
*/
val.data = gnutls_malloc (asize);
if (val.data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
result = asn1_write_value (c2, "", data->data, data->size);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
result = _gnutls_x509_der_encode (c2, "", &val, 0);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
else
void
_asnstr_append_name (char *name, size_t name_size, const char *part1,
- const char *part2)
+ const char *part2)
{
if (part1[0] != 0)
{
*/
int
_gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
- const char *dst_name,
- gnutls_pk_algorithm_t
- pk_algorithm, bigint_t * params,
- int params_size)
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm, bigint_t * params,
+ int params_size)
{
const char *pk;
gnutls_datum_t der = { NULL, 0 };
/* disable parameters, which are not used in RSA.
*/
_asnstr_append_name (name, sizeof (name), dst_name,
- ".algorithm.parameters");
+ ".algorithm.parameters");
result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
result = _gnutls_x509_write_rsa_params (params, params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
/* Write the DER parameters. (in bits)
*/
_asnstr_append_name (name, sizeof (name), dst_name,
- ".subjectPublicKey");
+ ".subjectPublicKey");
result = asn1_write_value (dst, name, der.data, der.size * 8);
_gnutls_free_datum (&der);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
}
else if (pk_algorithm == GNUTLS_PK_DSA)
{
result = _gnutls_x509_write_dsa_params (params, params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
/* Write the DER parameters.
*/
_asnstr_append_name (name, sizeof (name), dst_name,
- ".algorithm.parameters");
+ ".algorithm.parameters");
result = asn1_write_value (dst, name, der.data, der.size);
_gnutls_free_datum (&der);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
_asnstr_append_name (name, sizeof (name), dst_name,
- ".subjectPublicKey");
+ ".subjectPublicKey");
result = asn1_write_value (dst, name, der.data, der.size * 8);
_gnutls_free_datum (&der);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
}
else
*/
int
_gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
- unsigned int *bits)
+ unsigned int *bits)
{
int result;
opaque *str = NULL;
if (algo == GNUTLS_PK_UNKNOWN)
{
_gnutls_x509_log
- ("%s: unknown public key algorithm: %s\n", __func__, oid);
+ ("%s: unknown public key algorithm: %s\n", __func__, oid);
}
if (bits == NULL)
{
case GNUTLS_PK_RSA:
{
- if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
- bits[0] = _gnutls_mpi_get_nbits (params[0]);
+ bits[0] = _gnutls_mpi_get_nbits (params[0]);
- _gnutls_mpi_release (¶ms[0]);
- _gnutls_mpi_release (¶ms[1]);
+ _gnutls_mpi_release (¶ms[0]);
+ _gnutls_mpi_release (¶ms[1]);
}
break;
case GNUTLS_PK_DSA:
{
- if ((result = _gnutls_x509_read_dsa_pubkey (str, len, params)) < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if ((result = _gnutls_x509_read_dsa_pubkey (str, len, params)) < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
- bits[0] = _gnutls_mpi_get_nbits (params[3]);
+ bits[0] = _gnutls_mpi_get_nbits (params[3]);
- _gnutls_mpi_release (¶ms[3]);
+ _gnutls_mpi_release (¶ms[3]);
}
break;
}
*/
int
_gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signed_data)
+ gnutls_datum_t * signed_data)
{
gnutls_datum_t der;
int start, end, result;
/* Get the signed data
*/
result = asn1_der_decoding_startEnd (src, der.data, der.size,
- src_name, &start, &end);
+ src_name, &start, &end);
if (result != ASN1_SUCCESS)
{
result = _gnutls_asn2err (result);
*/
int
_gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signature)
+ gnutls_datum_t * signature)
{
int bits, result, len;
int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
int _gnutls_x509_decode_octet_string (const char *string_type,
- const opaque * der, size_t der_size,
- opaque * output, size_t * output_size);
+ const opaque * der, size_t der_size,
+ opaque * output, size_t * output_size);
int _gnutls_x509_oid_data2string (const char *OID, void *value,
- int value_size, char *res,
- size_t * res_size);
+ int value_size, char *res,
+ size_t * res_size);
int _gnutls_x509_data2hex (const opaque * data, size_t data_size,
- opaque * out, size_t * sizeof_out);
+ opaque * out, size_t * sizeof_out);
const char *_gnutls_x509_oid2asn_string (const char *oid);
gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type);
int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
- ASN1_TYPE dest, const char *dest_name,
- int str);
+ ASN1_TYPE dest, const char *dest_name,
+ int str);
int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * res, int str);
+ gnutls_datum_t * res, int str);
int _gnutls_x509_export_int (ASN1_TYPE asn1_data,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size);
int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size);
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size);
int _gnutls_x509_read_value (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret, int str);
+ gnutls_datum_t * ret, int str);
int _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data, int str);
+ const gnutls_datum_t * data, int str);
int _gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct,
- const char *where,
- const void *data,
- int sizeof_data, int multi);
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *data,
+ int sizeof_data, int multi);
int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
- const char *where, char *oid,
- int oid_size,
- gnutls_datum_t * value, int multi,
- int octet);
+ const char *where, char *oid,
+ int oid_size,
+ gnutls_datum_t * value, int multi,
+ int octet);
int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
- unsigned int *bits);
+ unsigned int *bits);
int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
- const char *dst_name,
- gnutls_pk_algorithm_t
- pk_algorithm, bigint_t * params,
- int params_size);
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm, bigint_t * params,
+ int params_size);
int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
- ASN1_TYPE src, const char *src_name);
+ ASN1_TYPE src, const char *src_name);
int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signed_data);
+ gnutls_datum_t * signed_data);
int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signature);
+ gnutls_datum_t * signature);
gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash (bigint_t q);
int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- bigint_t * params, int *params_size);
+ bigint_t * params, int *params_size);
int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params,
- int params_size, unsigned char *output_data,
- size_t * output_data_size);
+ int params_size, unsigned char *output_data,
+ size_t * output_data_size);
void _asnstr_append_name (char *name, size_t name_size, const char *part1,
- const char *part2);
+ const char *part2);
int pubkey_verify_sig (const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
- int issuer_params_size);
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
+ int issuer_params_size);
#endif
if (*crl)
{
int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.CertificateList",
- &(*crl)->crl);
+ "PKIX1.CertificateList",
+ &(*crl)->crl);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*crl);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
+ {
+ gnutls_assert ();
+ gnutls_free (*crl);
+ return _gnutls_asn2err (result);
+ }
+ return 0; /* success */
}
return GNUTLS_E_MEMORY_ERROR;
}
**/
int
gnutls_x509_crl_import (gnutls_x509_crl_t crl,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &out);
if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
_data.data = out;
_data.size = result;
**/
int
gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
- size_t * sizeof_buf)
+ size_t * sizeof_buf)
{
if (crl == NULL)
{
}
return _gnutls_x509_parse_dn (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- buf, sizeof_buf);
+ "tbsCertList.issuer.rdnSequence",
+ buf, sizeof_buf);
}
/**
**/
int
gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf)
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
{
if (crl == NULL)
{
}
return _gnutls_x509_parse_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
+ "tbsCertList.issuer.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
}
/**
**/
int
gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
if (crl == NULL)
{
}
return _gnutls_x509_get_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence", indx,
- oid, sizeof_oid);
+ "tbsCertList.issuer.rdnSequence", indx,
+ oid, sizeof_oid);
}
result =
_gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm",
- &sa, 0);
+ &sa, 0);
if (result < 0)
{
**/
int
gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
- char *sig, size_t * sizeof_sig)
+ char *sig, size_t * sizeof_sig)
{
int result;
int bits;
len = sizeof (version);
if ((result =
asn1_read_value (crl->crl, "tbsCertList.version", version,
- &len)) != ASN1_SUCCESS)
+ &len)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
result =
asn1_number_of_elements (crl->crl,
- "tbsCertList.revokedCertificates", &count);
+ "tbsCertList.revokedCertificates", &count);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- return 0; /* no certificates */
+ return 0; /* no certificates */
}
return count;
**/
int
gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
- unsigned char *serial,
- size_t * serial_size, time_t * t)
+ unsigned char *serial,
+ size_t * serial_size, time_t * t)
{
int result, _serial_size;
}
snprintf (serial_name, sizeof (serial_name),
- "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
+ "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
snprintf (date_name, sizeof (date_name),
- "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);
+ "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);
_serial_size = *serial_size;
result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size);
{
gnutls_assert ();
if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
return _gnutls_asn2err (result);
}
-*/
int
_gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn)
+ gnutls_datum_t * dn)
{
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
int result, len1;
*/
if ((result =
asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertList",
- &c2)) != ASN1_SUCCESS)
+ &c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
result =
asn1_der_decoding_startEnd (c2, crl_signed_data.data,
- crl_signed_data.size, "issuer",
- &start1, &end1);
+ crl_signed_data.size, "issuer",
+ &start1, &end1);
if (result != ASN1_SUCCESS)
{
**/
int
gnutls_x509_crl_export (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
if (crl == NULL)
{
}
return _gnutls_x509_export_int (crl->crl, format, PEM_CRL,
- output_data, output_data_size);
+ output_data, output_data_size);
}
/*-
**/
int
gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size,
- unsigned int *critical)
+ size_t * ret_size,
+ unsigned int *critical)
{
int result, len;
gnutls_datum_t id;
if ((result =
_gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &id,
- critical)) < 0)
+ critical)) < 0)
{
return result;
}
**/
int
gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size, unsigned int *critical)
+ size_t * ret_size, unsigned int *critical)
{
int result;
gnutls_datum_t id;
if ((result =
_gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &id,
- critical)) < 0)
+ critical)) < 0)
{
return result;
}
**/
int
gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid)
+ void *oid, size_t * sizeof_oid)
{
int result;
**/
int
gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid,
- int *critical)
+ void *oid, size_t * sizeof_oid,
+ int *critical)
{
int result;
char str_critical[10];
}
snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnID",
- indx + 1);
+ indx + 1);
len = *sizeof_oid;
result = asn1_read_value (crl->crl, name, oid, &len);
}
snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.critical",
- indx + 1);
+ indx + 1);
len = sizeof (str_critical);
result = asn1_read_value (crl->crl, name, str_critical, &len);
if (result != ASN1_SUCCESS)
if (critical)
{
if (str_critical[0] == 'T')
- *critical = 1;
+ *critical = 1;
else
- *critical = 0;
+ *critical = 0;
}
return 0;
**/
int
gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
- void *data, size_t * sizeof_data)
+ void *data, size_t * sizeof_data)
{
int result, len;
char name[ASN1_MAX_NAME_SIZE];
}
snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnValue",
- indx + 1);
+ indx + 1);
len = *sizeof_data;
result = asn1_read_value (crl->crl, name, data, &len);
**/
int
gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
int result;
gnutls_privkey_t privkey;
**/
int
gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
+ gnutls_x509_privkey_t issuer_key)
{
return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
}
**/
int
gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
- const void *serial, size_t serial_size,
- time_t revocation_time)
+ const void *serial, size_t serial_size,
+ time_t revocation_time)
{
int ret;
ret =
asn1_write_value (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.userCertificate",
- serial, serial_size);
+ "tbsCertList.revokedCertificates.?LAST.userCertificate",
+ serial, serial_size);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
ret =
_gnutls_x509_set_time (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.revocationDate",
- revocation_time);
+ "tbsCertList.revokedCertificates.?LAST.revocationDate",
+ revocation_time);
if (ret < 0)
{
gnutls_assert ();
ret =
asn1_write_value (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
- NULL, 0);
+ "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
+ NULL, 0);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
**/
int
gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
- time_t revocation_time)
+ time_t revocation_time)
{
int ret;
opaque serial[128];
ret =
gnutls_x509_crl_set_crt_serial (crl, serial, serial_size,
- revocation_time);
+ revocation_time);
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
- const void *id, size_t id_size)
+ const void *id, size_t id_size)
{
int result;
gnutls_datum_t old_id, der_data;
**/
int
gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
- const void *nr, size_t nr_size)
+ const void *nr, size_t nr_size)
{
int result;
gnutls_datum_t old_id, der_data;
**/
int
gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
int result;
disable_optional_stuff (crl);
result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList",
- dig, issuer, issuer_key);
+ dig, issuer, issuer_key);
if (result < 0)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-10-CertificationRequest",
- &((*crq)->crq));
+ "PKIX1.pkcs-10-CertificationRequest",
+ &((*crq)->crq));
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
**/
int
gnutls_x509_crq_import (gnutls_x509_crq_t crq,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
/* Try the first header */
result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &out);
- if (result <= 0) /* Go for the second header */
- result =
- _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out);
+ if (result <= 0) /* Go for the second header */
+ result =
+ _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out);
if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
_data.data = out;
_data.size = result;
}
return _gnutls_x509_parse_dn (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- buf, sizeof_buf);
+ "certificationRequestInfo.subject.rdnSequence",
+ buf, sizeof_buf);
}
/**
**/
int
gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
{
if (crq == NULL)
{
**/
int
gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
if (crq == NULL)
{
}
return _gnutls_x509_get_dn_oid (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- indx, oid, sizeof_oid);
+ "certificationRequestInfo.subject.rdnSequence",
+ indx, oid, sizeof_oid);
}
/* Parses an Attribute list in the asn1_struct, and searches for the
*/
static int
parse_attribute (ASN1_TYPE asn1_struct,
- const char *attr_name, const char *given_oid, int indx,
- int raw, char *buf, size_t * sizeof_buf)
+ const char *attr_name, const char *given_oid, int indx,
+ int raw, char *buf, size_t * sizeof_buf)
{
int k1, result;
char tmpbuffer1[ASN1_MAX_NAME_SIZE];
/* create a string like "attribute.?1"
*/
if (attr_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
len = sizeof (value) - 1;
result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
+ {
+ gnutls_assert ();
+ break;
+ }
if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
/* Move to the attibute type and values
*/
result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
+ break;
else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
if (strcmp (oid, given_oid) == 0)
- { /* Found the OID */
-
- /* Read the Value
- */
- snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
- tmpbuffer1, indx + 1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, value, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == 0)
- {
- printable = _gnutls_x509_oid_data_printable (oid);
- if (printable == 1)
- {
- if ((result =
- _gnutls_x509_oid_data2string
- (oid, value, len, buf, sizeof_buf)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- return 0;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE;
- }
- }
- else
- { /* raw!=0 */
- if (*sizeof_buf >= (size_t) len && buf != NULL)
- {
- *sizeof_buf = len;
- memcpy (buf, value, len);
-
- return 0;
- }
- else
- {
- *sizeof_buf = len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- }
- }
+ { /* Found the OID */
+
+ /* Read the Value
+ */
+ snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
+ tmpbuffer1, indx + 1);
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, value, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (raw == 0)
+ {
+ printable = _gnutls_x509_oid_data_printable (oid);
+ if (printable == 1)
+ {
+ if ((result =
+ _gnutls_x509_oid_data2string
+ (oid, value, len, buf, sizeof_buf)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE;
+ }
+ }
+ else
+ { /* raw!=0 */
+ if (*sizeof_buf >= (size_t) len && buf != NULL)
+ {
+ *sizeof_buf = len;
+ memcpy (buf, value, len);
+
+ return 0;
+ }
+ else
+ {
+ *sizeof_buf = len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ }
+ }
}
while (1);
**/
int
gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
- char *pass, size_t * sizeof_pass)
+ char *pass, size_t * sizeof_pass)
{
if (crq == NULL)
{
}
return parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass);
+ "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass);
}
/* This function will attempt to set the requested attribute in
*/
static int
add_attribute (ASN1_TYPE asn, const char *root, const char *attribute_id,
- const gnutls_datum_t * ext_data)
+ const gnutls_datum_t * ext_data)
{
int result;
char name[ASN1_MAX_NAME_SIZE];
*/
static int
overwrite_attribute (ASN1_TYPE asn, const char *root, unsigned int indx,
- const gnutls_datum_t * ext_data)
+ const gnutls_datum_t * ext_data)
{
char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
int result;
static int
set_attribute (ASN1_TYPE asn, const char *root,
- const char *ext_id, const gnutls_datum_t * ext_data)
+ const char *ext_id, const gnutls_datum_t * ext_data)
{
int result;
int k, len;
*/
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
+ {
+ break;
+ }
do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".type");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* attribute was found
- */
- return overwrite_attribute (asn, root, k, ext_data);
- }
-
-
- }
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".type");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp (extnID, ext_id) == 0)
+ {
+ /* attribute was found
+ */
+ return overwrite_attribute (asn, root, k, ext_data);
+ }
+
+
+ }
while (0);
}
while (1);
**/
int
gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, void *buf,
- size_t sizeof_buf)
+ const char *oid, void *buf,
+ size_t sizeof_buf)
{
gnutls_datum_t data;
}
return set_attribute (crq->crq, "certificationRequestInfo.attributes",
- oid, &data);
+ oid, &data);
}
/**
**/
int
gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx, void *buf,
- size_t * sizeof_buf)
+ const char *oid, int indx, void *buf,
+ size_t * sizeof_buf)
{
if (crq == NULL)
{
}
return parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- oid, indx, 1, buf, sizeof_buf);
+ oid, indx, 1, buf, sizeof_buf);
}
/**
**/
int
gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
- unsigned int raw_flag, const void *data,
- unsigned int sizeof_data)
+ unsigned int raw_flag, const void *data,
+ unsigned int sizeof_data)
{
if (sizeof_data == 0 || data == NULL || crq == NULL)
{
}
return _gnutls_x509_set_dn_oid (crq->crq,
- "certificationRequestInfo.subject", oid,
- raw_flag, data, sizeof_data);
+ "certificationRequestInfo.subject", oid,
+ raw_flag, data, sizeof_data);
}
/**
len = sizeof (version);
if ((result =
asn1_read_value (crq->crq, "certificationRequestInfo.version",
- version, &len)) != ASN1_SUCCESS)
+ version, &len)) != ASN1_SUCCESS)
{
if (result == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
+ return 1; /* the DEFAULT version */
gnutls_assert ();
return _gnutls_asn2err (result);
}
**/
int
gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
- gnutls_datum_t * m, gnutls_datum_t * e)
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
int ret;
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
**/
int
gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e)
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
{
int result, ret;
size_t siz = 0;
**/
int
gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
- const char *pass)
+ const char *pass)
{
int result;
/* Add the attribute.
*/
result = asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
- "NEW", 1);
+ "NEW", 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
**/
int
gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
int result;
gnutls_privkey_t privkey;
**/
int
gnutls_x509_crq_export (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
if (crq == NULL)
{
}
return _gnutls_x509_export_int (crq->crq, format, PEM_CRQ,
- output_data, output_data_size);
+ output_data, output_data_size);
}
/**
**/
int
gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid)
+ void *oid, size_t * sizeof_oid)
{
int result;
char name[ASN1_MAX_NAME_SIZE];
}
snprintf (name, sizeof (name),
- "certificationRequestInfo.attributes.?%u.type", indx + 1);
+ "certificationRequestInfo.attributes.?%u.type", indx + 1);
len = *sizeof_oid;
result = asn1_read_value (crq->crq, name, oid, &len);
**/
int
gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data)
+ void *data, size_t * sizeof_data)
{
int result, len;
char name[ASN1_MAX_NAME_SIZE];
}
snprintf (name, sizeof (name),
- "certificationRequestInfo.attributes.?%u.values.?1", indx + 1);
+ "certificationRequestInfo.attributes.?%u.values.?1", indx + 1);
len = *sizeof_data;
result = asn1_read_value (crq->crq, name, data, &len);
**/
int
gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- int *critical)
+ void *oid, size_t * sizeof_oid,
+ int *critical)
{
int result;
char str_critical[10];
/* read extensionRequest */
result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
+ 0, NULL, &extensions_size);
if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
extensions = gnutls_malloc (extensions_size);
if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
result = gnutls_x509_crq_get_attribute_by_oid (crq,
- "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
+ "1.2.840.113549.1.9.14",
+ 0, extensions,
+ &extensions_size);
}
if (result < 0)
{
if (critical)
{
if (str_critical[0] == 'T')
- *critical = 1;
+ *critical = 1;
else
- *critical = 0;
+ *critical = 0;
}
result = 0;
**/
int
gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data)
+ void *data, size_t * sizeof_data)
{
int result, len;
char name[ASN1_MAX_NAME_SIZE];
/* read extensionRequest */
result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
+ 0, NULL, &extensions_size);
if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
gnutls_assert ();
if (result == 0)
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_INTERNAL_ERROR;
return result;
}
}
result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
+ 0, extensions,
+ &extensions_size);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
- unsigned int *key_usage,
- unsigned int *critical)
+ unsigned int *key_usage,
+ unsigned int *critical)
{
int result;
uint16_t _usage;
}
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.15", 0,
- buf, &buf_size, critical);
+ buf, &buf_size, critical);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int *critical,
- int *ca, int *pathlen)
+ unsigned int *critical,
+ int *ca, int *pathlen)
{
int result;
int tmp_ca;
}
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.19", 0,
- buf, &buf_size, critical);
+ buf, &buf_size, critical);
if (result < 0)
{
gnutls_assert ();
result =
_gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
- pathlen, buf, buf_size);
+ pathlen, buf, buf_size);
if (ca)
*ca = tmp_ca;
static int
get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size, unsigned int *ret_type,
- unsigned int *critical, int othername_oid)
+ unsigned int seq, void *ret,
+ size_t * ret_size, unsigned int *ret_type,
+ unsigned int *critical, int othername_oid)
{
int result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
/* Extract extension.
*/
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- NULL, &dns_size, critical);
+ NULL, &dns_size, critical);
if (result < 0)
{
gnutls_assert ();
}
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- dnsname.data, &dns_size,
- critical);
+ dnsname.data, &dns_size,
+ critical);
if (result < 0)
{
gnutls_assert ();
}
result = _gnutls_parse_general_name (c2, "", seq, ret, ret_size,
- ret_type, othername_oid);
+ ret_type, othername_oid);
asn1_delete_structure (&c2);
if (result < 0)
{
**/
int
gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical)
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
{
return get_subject_alt_name (crq, seq, ret, ret_size, ret_type, critical,
- 0);
+ 0);
}
/**
**/
int
gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
- unsigned int seq,
- void *ret, size_t * ret_size)
+ unsigned int seq,
+ void *ret, size_t * ret_size)
{
return get_subject_alt_name (crq, seq, ret, ret_size, NULL, NULL, 1);
}
**/
int
gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf,
- unsigned int *critical)
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf,
+ unsigned int *critical)
{
int result;
unsigned int i;
{
oid_size = sizeof (_oid);
result =
- gnutls_x509_crq_get_extension_info (crq, i, _oid, &oid_size,
- critical);
+ gnutls_x509_crq_get_extension_info (crq, i, _oid, &oid_size,
+ critical);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
if (strcmp (oid, _oid) == 0)
- { /* found */
- if (indx == 0)
- return gnutls_x509_crq_get_extension_data (crq, i, buf,
- sizeof_buf);
- else
- indx--;
- }
+ { /* found */
+ if (indx == 0)
+ return gnutls_x509_crq_get_extension_data (crq, i, buf,
+ sizeof_buf);
+ else
+ indx--;
+ }
}
**/
int
gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
- gnutls_x509_subject_alt_name_t nt,
- const void *data,
- unsigned int data_size,
- unsigned int flags)
+ gnutls_x509_subject_alt_name_t nt,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
{
int result = 0;
gnutls_datum_t der_data = { NULL, 0 };
if (flags == GNUTLS_FSAN_APPEND)
{
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- NULL, &prev_data_size,
- &critical);
+ NULL, &prev_data_size,
+ &critical);
prev_der_data.size = prev_data_size;
switch (result)
- {
- case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
- /* Replacing non-existing data means the same as set data. */
- break;
-
- case GNUTLS_E_SUCCESS:
- prev_der_data.data = gnutls_malloc (prev_der_data.size);
- if (prev_der_data.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- prev_der_data.data,
- &prev_data_size,
- &critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev_der_data.data);
- return result;
- }
- break;
-
- default:
- gnutls_assert ();
- return result;
- }
+ {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ /* Replacing non-existing data means the same as set data. */
+ break;
+
+ case GNUTLS_E_SUCCESS:
+ prev_der_data.data = gnutls_malloc (prev_der_data.size);
+ if (prev_der_data.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
+ prev_der_data.data,
+ &prev_data_size,
+ &critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (prev_der_data.data);
+ return result;
+ }
+ break;
+
+ default:
+ gnutls_assert ();
+ return result;
+ }
}
/* generate the extension.
*/
result = _gnutls_x509_ext_gen_subject_alt_name (nt, data, data_size,
- &prev_der_data, &der_data);
+ &prev_der_data, &der_data);
gnutls_free (prev_der_data.data);
if (result < 0)
{
}
result = _gnutls_x509_crq_set_extension (crq, "2.5.29.17", &der_data,
- critical);
+ critical);
_gnutls_free_datum (&der_data);
**/
int
gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int ca, int pathLenConstraint)
+ unsigned int ca, int pathLenConstraint)
{
int result;
gnutls_datum_t der_data;
/* generate the extension.
*/
result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
- &der_data);
+ &der_data);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq,
- int indx, void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+ int indx, void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
{
char tmpstr[ASN1_MAX_NAME_SIZE];
int result, len;
/* Extract extension.
*/
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- NULL, &prev_size, critical);
+ NULL, &prev_size, critical);
prev.size = prev_size;
if (result < 0)
}
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- prev.data, &prev_size,
- critical);
+ prev.data, &prev_size,
+ critical);
if (result < 0)
{
gnutls_assert ();
if (result != ASN1_SUCCESS)
{
if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
+ gnutls_assert ();
return _gnutls_asn2err (result);
}
**/
int
gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
- const void *oid, unsigned int critical)
+ const void *oid, unsigned int critical)
{
int result;
gnutls_datum_t prev = { NULL, 0 }, der_data;
/* Read existing extension, if there is one.
*/
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- NULL, &prev_size, &critical);
+ NULL, &prev_size, &critical);
prev.size = prev_size;
switch (result)
case GNUTLS_E_SUCCESS:
prev.data = gnutls_malloc (prev.size);
if (prev.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- prev.data, &prev_size,
- &critical);
+ prev.data, &prev_size,
+ &critical);
if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return result;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (prev.data);
+ return result;
+ }
break;
default:
}
result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.ExtKeyUsageSyntax", &c2);
+ "PKIX1.ExtKeyUsageSyntax", &c2);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = asn1_der_decoding (&c2, prev.data, prev.size, NULL);
gnutls_free (prev.data);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
}
/* generate the extension.
}
result = _gnutls_x509_crq_set_extension (crq, "2.5.29.37",
- &der_data, critical);
+ &der_data, critical);
_gnutls_free_datum (&der_data);
if (result < 0)
{
**/
int
gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
int params_size;
ret =
_gnutls_pk_get_hash_algorithm (gnutls_x509_crq_get_pk_algorithm
- (crq, NULL), params, params_size, hash,
- mand);
+ (crq, NULL), params, params_size, hash,
+ mand);
/* release allocated mpis */
for (i = 0; i < params_size; i++)
static int
rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk,
- unsigned char *output_data, size_t * output_data_size)
+ unsigned char *output_data, size_t * output_data_size)
{
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
int params_size = MAX_PUBLIC_PARAMS_SIZE;
{
result = _gnutls_x509_write_rsa_params (params, params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
else if (pk == GNUTLS_PK_DSA)
{
result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
else
return GNUTLS_E_INTERNAL_ERROR;
**/
int
gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+ unsigned char *output_data,
+ size_t * output_data_size)
{
int pk, result = 0;
gnutls_datum_t pubkey;
pubkey.size = 0;
result =
asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL,
- &pubkey.size, NULL);
+ &pubkey.size, NULL);
if (result != ASN1_MEM_ERROR)
{
gnutls_assert ();
result =
asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo",
- pubkey.data, &pubkey.size, NULL);
+ pubkey.data, &pubkey.size, NULL);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
}
result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
- output_data, output_data_size);
+ output_data, output_data_size);
gnutls_free (pubkey.data);
**/
int
gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
int result;
gnutls_datum_t signature;
{
result = gnutls_x509_crq_set_version (crq, 1);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
/* Step 1. Self sign the request.
*/
result =
asn1_write_value (crq->crq, "signature", signature.data,
- signature.size * 8);
+ signature.size * 8);
_gnutls_free_datum (&signature);
/* Step 3. Write the signatureAlgorithm field.
*/
result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm
- (key, NULL), dig);
+ gnutls_privkey_get_pk_algorithm
+ (key, NULL), dig);
if (result < 0)
{
gnutls_assert ();
for (i = j = 0; i < str_length; i++)
{
if (str[i] == ',' || str[i] == '+' || str[i] == '"'
- || str[i] == '\\' || str[i] == '<' || str[i] == '>'
- || str[i] == ';')
- buffer[j++] = '\\';
+ || str[i] == '\\' || str[i] == '<' || str[i] == '>'
+ || str[i] == ';')
+ buffer[j++] = '\\';
buffer[j++] = str[i];
}
*/
int
_gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, char *buf,
- size_t * sizeof_buf)
+ const char *asn1_rdn_name, char *buf,
+ size_t * sizeof_buf)
{
gnutls_buffer_st out_str;
int k2, k1, result;
/* create a string like "tbsCertList.issuer.rdnSequence.?1"
*/
if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
+ k1);
else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
len = sizeof (value) - 1;
result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
+ {
+ break;
+ }
if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
k2 = 0;
do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the Value
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
-
- len = 0;
- result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len);
-
- value2 = gnutls_malloc (len);
- if (value2 == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
+ k2);
+ else
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
+
+ len = 0;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len);
+
+ value2 = gnutls_malloc (len);
+ if (value2 == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
#define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( &out_str, y)) < 0) { \
gnutls_assert(); \
goto cleanup; \
}
- /* The encodings of adjoining RelativeDistinguishedNames are separated
- * by a comma character (',' ASCII 44).
- */
-
- /* Where there is a multi-valued RDN, the outputs from adjoining
- * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
- * character.
- */
- if (k1 != 1)
- { /* the first time do not append a comma */
- if (k2 != 1)
- { /* adjoining multi-value RDN */
- STR_APPEND ("+");
- }
- else
- {
- STR_APPEND (",");
- }
- }
-
- ldap_desc = oid2ldap_string (oid);
- printable = _gnutls_x509_oid_data_printable (oid);
-
- /* leading #, hex encoded value and terminating NULL */
- sizeof_escaped = 2 * len + 2;
-
- escaped = gnutls_malloc (sizeof_escaped);
- if (escaped == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- sizeof_string = 2 * len + 2; /* in case it is not printable */
-
- string = gnutls_malloc (sizeof_string);
- if (string == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- STR_APPEND (ldap_desc);
- STR_APPEND ("=");
- result = 0;
-
- if (printable)
- result =
- _gnutls_x509_oid_data2string (oid,
- value2, len,
- string, &sizeof_string);
-
- if (!printable || result < 0)
- result =
- _gnutls_x509_data2hex (value2, len, string, &sizeof_string);
-
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_x509_log
- ("Found OID: '%s' with value '%s'\n",
- oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped,
- NULL));
- goto cleanup;
- }
- STR_APPEND (str_escape (string, escaped, sizeof_escaped));
- gnutls_free (string);
- string = NULL;
-
- gnutls_free (escaped);
- escaped = NULL;
- gnutls_free (value2);
- value2 = NULL;
-
- }
+ /* The encodings of adjoining RelativeDistinguishedNames are separated
+ * by a comma character (',' ASCII 44).
+ */
+
+ /* Where there is a multi-valued RDN, the outputs from adjoining
+ * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
+ * character.
+ */
+ if (k1 != 1)
+ { /* the first time do not append a comma */
+ if (k2 != 1)
+ { /* adjoining multi-value RDN */
+ STR_APPEND ("+");
+ }
+ else
+ {
+ STR_APPEND (",");
+ }
+ }
+
+ ldap_desc = oid2ldap_string (oid);
+ printable = _gnutls_x509_oid_data_printable (oid);
+
+ /* leading #, hex encoded value and terminating NULL */
+ sizeof_escaped = 2 * len + 2;
+
+ escaped = gnutls_malloc (sizeof_escaped);
+ if (escaped == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ sizeof_string = 2 * len + 2; /* in case it is not printable */
+
+ string = gnutls_malloc (sizeof_string);
+ if (string == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ STR_APPEND (ldap_desc);
+ STR_APPEND ("=");
+ result = 0;
+
+ if (printable)
+ result =
+ _gnutls_x509_oid_data2string (oid,
+ value2, len,
+ string, &sizeof_string);
+
+ if (!printable || result < 0)
+ result =
+ _gnutls_x509_data2hex (value2, len, string, &sizeof_string);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Found OID: '%s' with value '%s'\n",
+ oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped,
+ NULL));
+ goto cleanup;
+ }
+ STR_APPEND (str_escape (string, escaped, sizeof_escaped));
+ gnutls_free (string);
+ string = NULL;
+
+ gnutls_free (escaped);
+ escaped = NULL;
+ gnutls_free (value2);
+ value2 = NULL;
+
+ }
while (1);
}
*/
int
_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- const char *given_oid, int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
+ const char *asn1_rdn_name,
+ const char *given_oid, int indx,
+ unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
{
int k2, k1, result;
char tmpbuffer1[ASN1_MAX_NAME_SIZE];
/* create a string like "tbsCertList.issuer.rdnSequence.?1"
*/
if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
+ k1);
else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
len = sizeof (value) - 1;
result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
+ {
+ gnutls_assert ();
+ break;
+ }
if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
k2 = 0;
do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (strcmp (oid, given_oid) == 0 && indx == i++)
- { /* Found the OID */
-
- /* Read the Value
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
-
- len = *sizeof_buf;
- result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- if (result == ASN1_MEM_ERROR)
- *sizeof_buf = len;
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw_flag != 0)
- {
- if ((unsigned) len > *sizeof_buf)
- {
- *sizeof_buf = len;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
- *sizeof_buf = len;
-
- return 0;
-
- }
- else
- { /* parse data. raw_flag == 0 */
- printable = _gnutls_x509_oid_data_printable (oid);
-
- if (printable == 1)
- result =
- _gnutls_x509_oid_data2string (oid, buf, len,
- cbuf, sizeof_buf);
- else
- result =
- _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
- } /* raw_flag == 0 */
- }
- }
+ { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
+ k2);
+ else
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (strcmp (oid, given_oid) == 0 && indx == i++)
+ { /* Found the OID */
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
+
+ len = *sizeof_buf;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ if (result == ASN1_MEM_ERROR)
+ *sizeof_buf = len;
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (raw_flag != 0)
+ {
+ if ((unsigned) len > *sizeof_buf)
+ {
+ *sizeof_buf = len;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+ *sizeof_buf = len;
+
+ return 0;
+
+ }
+ else
+ { /* parse data. raw_flag == 0 */
+ printable = _gnutls_x509_oid_data_printable (oid);
+
+ if (printable == 1)
+ result =
+ _gnutls_x509_oid_data2string (oid, buf, len,
+ cbuf, sizeof_buf);
+ else
+ result =
+ _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return 0;
+
+ } /* raw_flag == 0 */
+ }
+ }
while (1);
}
*/
int
_gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid)
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid)
{
int k2, k1, result;
char tmpbuffer1[ASN1_MAX_NAME_SIZE];
/* create a string like "tbsCertList.issuer.rdnSequence.?1"
*/
if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
+ k1);
else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
len = sizeof (value) - 1;
result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
+ {
+ gnutls_assert ();
+ break;
+ }
if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
k2 = 0;
do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (indx == i++)
- { /* Found the OID */
-
- len = strlen (oid) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (_oid, oid, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
- }
+ { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
+ k2);
+ else
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (indx == i++)
+ { /* Found the OID */
+
+ len = strlen (oid) + 1;
+
+ if (*sizeof_oid < (unsigned) len)
+ {
+ *sizeof_oid = len;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy (_oid, oid, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+ }
while (1);
}
*/
int
_gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct,
- const char *where,
- const void *_data,
- int sizeof_data, int multi)
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *_data,
+ int sizeof_data, int multi)
{
const char *val_name;
const opaque *data = _data;
* the UTF8 string type if not.
*/
for (i = 0; i < sizeof_data; i++)
- {
- if (!isascii (data[i]))
- {
- string_type = "utf8String";
- break;
- }
- }
+ {
+ if (!isascii (data[i]))
+ {
+ string_type = "utf8String";
+ break;
+ }
+ }
/* if the type is a CHOICE then write the
* type we'll use.
*/
result = asn1_write_value (c2, "", string_type, 1);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
_gnutls_str_cpy (tmp, sizeof (tmp), string_type);
}
_gnutls_str_cat (tmp, sizeof (tmp), ".value");
if (multi != 0)
- { /* if not writing an AttributeTypeAndValue, but an Attribute */
- _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */
+ { /* if not writing an AttributeTypeAndValue, but an Attribute */
+ _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */
result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
_gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
*/
static int
_gnutls_x509_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct, const char *where,
- const void *_data, int sizeof_data)
+ ASN1_TYPE asn1_struct, const char *where,
+ const void *_data, int sizeof_data)
{
char tmp[128];
int result;
*/
int
_gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
- const char *where, char *oid,
- int oid_size, gnutls_datum_t * value,
- int multi, int octet_string)
+ const char *where, char *oid,
+ int oid_size, gnutls_datum_t * value,
+ int multi, int octet_string)
{
char tmpbuffer[128];
int len, result;
_gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
if (multi)
- _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
+ _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
result =
_gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string);
*/
int
_gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_name, const char *given_oid,
- int raw_flag, const char *name, int sizeof_name)
+ const char *asn1_name, const char *given_oid,
+ int raw_flag, const char *name, int sizeof_name)
{
int result;
char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
if (!raw_flag)
{
result =
- _gnutls_x509_encode_and_write_attribute (given_oid,
- asn1_struct,
- tmp, name, sizeof_name, 0);
+ _gnutls_x509_encode_and_write_attribute (given_oid,
+ asn1_struct,
+ tmp, name, sizeof_name, 0);
}
else
{
result =
- _gnutls_x509_write_attribute (given_oid, asn1_struct,
- tmp, name, sizeof_name);
+ _gnutls_x509_write_attribute (given_oid, asn1_struct,
+ tmp, name, sizeof_name);
}
if (result < 0)
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS)
+ "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
result = asn1_der_decoding ((ASN1_TYPE *) & dn,
- data->data, data->size, err);
+ data->data, data->size, err);
if (result != ASN1_SUCCESS)
{
/* couldn't decode DER */
**/
int
gnutls_x509_rdn_get (const gnutls_datum_t * idn,
- char *buf, size_t * sizeof_buf)
+ char *buf, size_t * sizeof_buf)
{
int result;
ASN1_TYPE dn = ASN1_TYPE_EMPTY;
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
**/
int
gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
{
int result;
ASN1_TYPE dn = ASN1_TYPE_EMPTY;
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
result =
_gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx,
- raw_flag, buf, sizeof_buf);
+ raw_flag, buf, sizeof_buf);
asn1_delete_structure (&dn);
return result;
**/
int
gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
- int indx, void *buf, size_t * sizeof_buf)
+ int indx, void *buf, size_t * sizeof_buf)
{
int result;
ASN1_TYPE dn = ASN1_TYPE_EMPTY;
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
*/
int
_gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
- const gnutls_datum_t * dn2)
+ const gnutls_datum_t * dn2)
{
if (dn1->size != dn2->size)
gnutls_assert ();
return 0;
}
- return 1; /* they match */
+ return 1; /* they match */
}
/**
**/
int
gnutls_x509_dn_export (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
ASN1_TYPE asn1 = dn;
}
return _gnutls_x509_export_int_named (asn1, "rdnSequence",
- format, "NAME",
- output_data, output_data_size);
+ format, "NAME",
+ output_data, output_data_size);
}
static int
get_extension (ASN1_TYPE asn, const char *root,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
{
int k, result, len;
char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
*/
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
+ {
+ break;
+ }
do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
- {
- /* extension was found
- */
-
- /* read the critical status.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".critical");
-
- len = sizeof (str_critical);
- result = asn1_read_value (asn, name2, str_critical, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (str_critical[0] == 'T')
- critical = 1;
- else
- critical = 0;
-
- /* read the value.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = _gnutls_x509_read_value (asn, name2, &value, 0);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- ret->data = value.data;
- ret->size = value.size;
-
- if (_critical)
- *_critical = critical;
-
- return 0;
- }
-
-
- }
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnID");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
+ {
+ /* extension was found
+ */
+
+ /* read the critical status.
+ */
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".critical");
+
+ len = sizeof (str_critical);
+ result = asn1_read_value (asn, name2, str_critical, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (str_critical[0] == 'T')
+ critical = 1;
+ else
+ critical = 0;
+
+ /* read the value.
+ */
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
+
+ result = _gnutls_x509_read_value (asn, name2, &value, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ ret->data = value.data;
+ ret->size = value.size;
+
+ if (_critical)
+ *_critical = critical;
+
+ return 0;
+ }
+
+
+ }
while (0);
}
while (1);
*/
int
_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
{
return get_extension (cert->cert, "tbsCertificate.extensions", extension_id,
- indx, ret, _critical);
+ indx, ret, _critical);
}
int
_gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
{
return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id,
- indx, ret, _critical);
+ indx, ret, _critical);
}
*/
static int
get_extension_oid (ASN1_TYPE asn, const char *root,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
int k, result, len;
char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
*/
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
+ {
+ break;
+ }
do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (indx == indx_counter++)
- {
- len = strlen (extnID) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (oid, extnID, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
-
-
- }
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnID");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (indx == indx_counter++)
+ {
+ len = strlen (extnID) + 1;
+
+ if (*sizeof_oid < (unsigned) len)
+ {
+ *sizeof_oid = len;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy (oid, extnID, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+
+
+ }
while (0);
}
while (1);
*/
int
_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx,
- oid, sizeof_oid);
+ oid, sizeof_oid);
}
int
_gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid,
- sizeof_oid);
+ sizeof_oid);
}
/* This function will attempt to set the requested extension in
*/
static int
add_extension (ASN1_TYPE asn, const char *root, const char *extension_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
int result;
const char *str;
*/
static int
overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx,
- const gnutls_datum_t * ext_data, unsigned int critical)
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
const char *str;
static int
set_extension (ASN1_TYPE asn, const char *root,
- const char *ext_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+ const char *ext_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
int result;
int k, len;
k++;
if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?%u", root, k);
+ snprintf (name, sizeof (name), "%s.?%u", root, k);
else
- snprintf (name, sizeof (name), "?%u", k);
+ snprintf (name, sizeof (name), "?%u", k);
len = sizeof (extnID) - 1;
result = asn1_read_value (asn, name, extnID, &len);
*/
if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
+ {
+ break;
+ }
do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* extension was found
- */
- return overwrite_extension (asn, root, k, ext_data, critical);
- }
-
-
- }
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnID");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp (extnID, ext_id) == 0)
+ {
+ /* extension was found
+ */
+ return overwrite_extension (asn, root, k, ext_data, critical);
+ }
+
+
+ }
while (0);
}
while (1);
*/
int
_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
return set_extension (cert->cert, "tbsCertificate.extensions", ext_id,
- ext_data, critical);
+ ext_data, critical);
}
int
_gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id,
- ext_data, critical);
+ ext_data, critical);
}
#ifdef ENABLE_PKI
int
_gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
unsigned char *extensions = NULL;
size_t extensions_size = 0;
int result;
result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
+ 0, NULL, &extensions_size);
if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
extensions = gnutls_malloc (extensions_size);
if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
result = gnutls_x509_crq_get_attribute_by_oid (crq,
- "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
+ "1.2.840.113549.1.9.14",
+ 0, extensions,
+ &extensions_size);
}
if (result < 0)
{
if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- extensions_size = 0;
- }
+ {
+ extensions_size = 0;
+ }
else
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return result;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (extensions);
+ return result;
+ }
}
result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
gnutls_free (extensions);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
}
result = set_extension (c2, "", ext_id, ext_data, critical);
}
result = gnutls_x509_crq_set_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- der.data, der.size);
+ der.data, der.size);
gnutls_free (der.data);
if (result < 0)
{
*/
int
_gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
- opaque * extnValue, int extnValueLen)
+ opaque * extnValue, int extnValueLen)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int len, result;
*/
int
_gnutls_x509_ext_extract_basicConstraints (int *CA,
- int *pathLenConstraint,
- opaque * extnValue,
- int extnValueLen)
+ int *pathLenConstraint,
+ opaque * extnValue,
+ int extnValueLen)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
char str[128];
if (pathLenConstraint)
{
result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
- pathLenConstraint);
+ pathLenConstraint);
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
+ *pathLenConstraint = -1;
else if (result != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
}
/* the default value of cA is false.
*/
int
_gnutls_x509_ext_gen_basicConstraints (int CA,
- int pathLenConstraint,
- gnutls_datum_t * der_ext)
+ int pathLenConstraint,
+ gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
const char *str;
{
result = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
if (result < 0)
- result = _gnutls_asn2err (result);
+ result = _gnutls_asn2err (result);
}
else
result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint",
- pathLenConstraint);
+ pathLenConstraint);
if (result < 0)
{
gnutls_assert ();
*/
int
_gnutls_x509_ext_extract_number (opaque * number,
- size_t * _nr_size,
- opaque * extnValue, int extnValueLen)
+ size_t * _nr_size,
+ opaque * extnValue, int extnValueLen)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
*/
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext)) != ASN1_SUCCESS)
+ &ext)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
*/
int
_gnutls_x509_ext_gen_number (const opaque * number, size_t nr_size,
- gnutls_datum_t * der_ext)
+ gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
result =
asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext);
+ &ext);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
static int
write_new_general_name (ASN1_TYPE ext, const char *ext_name,
- gnutls_x509_subject_alt_name_t type,
- const void *data, unsigned int data_size)
+ gnutls_x509_subject_alt_name_t type,
+ const void *data, unsigned int data_size)
{
const char *str;
int result;
}
if (ext_name[0] == 0)
- { /* no dot */
+ { /* no dot */
_gnutls_str_cpy (name, sizeof (name), "?LAST");
}
else
*/
int
_gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- gnutls_datum_t * prev_der_ext,
- gnutls_datum_t * der_ext)
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
&& prev_der_ext->size != 0)
{
result =
- asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
- NULL);
+ asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
+ NULL);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
}
result = write_new_general_name (ext, "", type, data, data_size);
*/
int
_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+ gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.SubjectKeyIdentifier", &ext);
+ "PKIX1.SubjectKeyIdentifier", &ext);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
int
_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+ gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityKeyIdentifier", &ext);
+ "PKIX1.AuthorityKeyIdentifier", &ext);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
int
_gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int reason_flags,
- gnutls_datum_t * der_ext)
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
gnutls_datum_t gnames = { NULL, 0 };
result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.CRLDistributionPoints", &ext);
+ "PKIX1.CRLDistributionPoints", &ext);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
{
result = asn1_write_value (ext, "?LAST.reasons", reasons, 9);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
}
else
{
result = asn1_write_value (ext, "?LAST.reasons", NULL, 0);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
}
result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
#if 0
/* only needed in old code (where defined as SEQUENCE OF) */
asn1_write_value (ext,
- "?LAST.distributionPoint.nameRelativeToCRLIssuer",
- NULL, 0);
+ "?LAST.distributionPoint.nameRelativeToCRLIssuer",
+ NULL, 0);
#endif
result =
write_new_general_name (ext, "?LAST.distributionPoint.fullName",
- type, data, data_size);
+ type, data, data_size);
if (result < 0)
{
gnutls_assert ();
*/
int
_gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- opaque * extnValue, int extnValueLen)
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ opaque * extnValue, int extnValueLen)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
if (pathLenConstraint)
{
result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
- pathLenConstraint);
+ pathLenConstraint);
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
+ *pathLenConstraint = -1;
else if (result != GNUTLS_E_SUCCESS)
- {
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
+ {
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
}
result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
- &value, 0);
+ &value, 0);
if (result < 0)
{
gnutls_assert ();
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
{
if (policy)
- *policy = NULL;
+ *policy = NULL;
if (sizeof_policy)
- *sizeof_policy = 0;
+ *sizeof_policy = 0;
}
else if (result < 0)
{
else
{
if (policy)
- *policy = value.data;
+ *policy = value.data;
if (sizeof_policy)
- *sizeof_policy = value.size;
+ *sizeof_policy = value.size;
}
asn1_delete_structure (&ext);
*/
int
_gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- gnutls_datum_t * der_ext)
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.ProxyCertInfo", &ext);
+ "PKIX1.ProxyCertInfo", &ext);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
{
result = asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
if (result < 0)
- result = _gnutls_asn2err (result);
+ result = _gnutls_asn2err (result);
}
else
result = _gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
- pathLenConstraint);
+ pathLenConstraint);
if (result < 0)
{
gnutls_assert ();
}
result = asn1_write_value (ext, "proxyPolicy.policyLanguage",
- policyLanguage, 1);
+ policyLanguage, 1);
if (result < 0)
{
gnutls_assert ();
}
result = asn1_write_value (ext, "proxyPolicy.policy",
- policy, sizeof_policy);
+ policy, sizeof_policy);
if (result < 0)
{
gnutls_assert ();
}
if ((result = _gnutls_x509_read_int (spk, "publicExponent",
- ¶ms[1])) < 0)
+ ¶ms[1])) < 0)
{
gnutls_assert ();
_gnutls_mpi_release (¶ms[0]);
/* == INTEGER */
if ((result = asn1_create_element
(_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey",
- &spk)) != ASN1_SUCCESS)
+ &spk)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
*/
int
_gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- bigint_t * params, int *params_size)
+ bigint_t * params, int *params_size)
{
int result;
char name[256];
* params[1] is the exponent
*/
if (*params_size < RSA_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- /* internal error. Increase the bigint_ts in params */
- result = GNUTLS_E_INTERNAL_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ /* internal error. Increase the bigint_ts in params */
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+ }
if ((result =
- _gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ _gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
*params_size = RSA_PUBLIC_PARAMS;
break;
*/
if (*params_size < DSA_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- /* internal error. Increase the bigint_ts in params */
- result = GNUTLS_E_INTERNAL_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ /* internal error. Increase the bigint_ts in params */
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+ }
if ((result =
- _gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ _gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
/* Now read the parameters
*/
_gnutls_free_datum (&tmp);
_asnstr_append_name (name, sizeof (name), root,
- ".algorithm.parameters");
+ ".algorithm.parameters");
result = _gnutls_x509_read_value (asn, name, &tmp, 0);
/* FIXME: If the parameters are not included in the certificate
*/
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
if ((result =
- _gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ _gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
*params_size = DSA_PUBLIC_PARAMS;
break;
*/
int
_gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
- bigint_t * params, int *params_size)
+ bigint_t * params, int *params_size)
{
/* Read the algorithm's OID
*/
return _gnutls_get_asn_mpis (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo", params,
- params_size);
+ "tbsCertificate.subjectPublicKeyInfo", params,
+ params_size);
}
#ifdef ENABLE_PKI
*/
int
_gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
- bigint_t * params, int *params_size)
+ bigint_t * params, int *params_size)
{
/* Read the algorithm's OID
*/
return _gnutls_get_asn_mpis (cert->crq,
- "certificationRequestInfo.subjectPKInfo",
- params, params_size);
+ "certificationRequestInfo.subjectPKInfo",
+ params, params_size);
}
#endif
*/
int
_gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
- gnutls_datum_t * der)
+ gnutls_datum_t * der)
{
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
*/
int
_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
- gnutls_pk_algorithm_t pk_algorithm,
- gnutls_digest_algorithm_t dig)
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t dig)
{
int result;
char name[128];
{
gnutls_assert ();
_gnutls_debug_log
- ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
- (int) pk_algorithm, (int) dig);
+ ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
+ (int) pk_algorithm, (int) dig);
return GNUTLS_E_INVALID_REQUEST;
}
*/
int
_gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
- gnutls_datum_t * der)
+ gnutls_datum_t * der)
{
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
*/
int
_gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
- gnutls_datum_t * der)
+ gnutls_datum_t * der)
{
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
static void
hexdump (gnutls_buffer_st * str, const char *data, size_t len,
- const char *spc)
+ const char *spc)
{
size_t j;
for (j = 0; j < len; j++)
{
if (((j + 1) % 16) == 0)
- {
- addf (str, "%.2x\n", (unsigned char) data[j]);
- if (spc && j != (len - 1))
- adds (str, spc);
- }
+ {
+ addf (str, "%.2x\n", (unsigned char) data[j]);
+ if (spc && j != (len - 1))
+ adds (str, spc);
+ }
else if (j == (len - 1))
- addf (str, "%.2x", (unsigned char) data[j]);
+ addf (str, "%.2x", (unsigned char) data[j]);
else
- addf (str, "%.2x:", (unsigned char) data[j]);
+ addf (str, "%.2x:", (unsigned char) data[j]);
}
if ((j % 16) != 0)
adds (str, "\n");
else
{
for (j = 0; j < len; j++)
- addf (str, "%.2x", (unsigned char) data[j]);
+ addf (str, "%.2x", (unsigned char) data[j]);
}
}
break;
case 16:
sprintf (string, "%x:%x:%x:%x:%x:%x:%x:%x",
- (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
- (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
- (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
- (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
+ (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
+ (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
+ (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
+ (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
break;
}
int err;
err = gnutls_x509_crt_get_proxy (cert, NULL,
- &pathlen, &policyLanguage,
- &policy, &npolicy);
+ &pathlen, &policyLanguage,
+ &policy, &npolicy);
if (err < 0)
{
addf (str, "error: get_proxy: %s\n", gnutls_strerror (err));
if (!buffer)
{
addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
return;
}
if (!buffer)
{
addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
return;
}
static void
print_key_usage (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+ cert_type_t cert)
{
unsigned int key_usage;
int err;
{
size = 0;
err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
- NULL, NULL);
+ NULL, NULL);
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
+ return;
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_crl_dist_points: %s\n",
- gnutls_strerror (err));
- return;
- }
+ {
+ addf (str, "error: get_crl_dist_points: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
buffer = gnutls_malloc (size);
if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
- NULL, NULL);
+ NULL, NULL);
if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_crl_dist_points2: %s\n",
- gnutls_strerror (err));
- return;
- }
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_crl_dist_points2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
if ((err == GNUTLS_SAN_DNSNAME
- || err == GNUTLS_SAN_RFC822NAME
- || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
- {
- adds (str, _("warning: distributionPoint contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
+ || err == GNUTLS_SAN_RFC822NAME
+ || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
+ {
+ adds (str, _("warning: distributionPoint contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (buffer) < size)
+ buffer[strlen (buffer)] = '!';
+ }
switch (err)
- {
- case GNUTLS_SAN_DNSNAME:
- addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_URI:
- addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "\t\t\tIPAddress: %s\n", p);
- break;
-
- case GNUTLS_SAN_DN:
- addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer);
- break;
-
- default:
- addf (str, "error: unknown SAN\n");
- break;
- }
+ {
+ case GNUTLS_SAN_DNSNAME:
+ addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf (str, "\t\t\tIPAddress: %s\n", p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer);
+ break;
+
+ default:
+ addf (str, "error: unknown SAN\n");
+ break;
+ }
gnutls_free (buffer);
}
}
static void
print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+ cert_type_t cert)
{
int indx;
char *buffer = NULL;
{
size = 0;
if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
- &size, NULL);
+ err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
+ &size, NULL);
else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
- &size, NULL);
+ err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
+ &size, NULL);
else
- return;
+ return;
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
+ return;
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_key_purpose_oid: %s\n",
- gnutls_strerror (err));
- return;
- }
+ {
+ addf (str, "error: get_key_purpose_oid: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
buffer = gnutls_malloc (size);
if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
- &size, NULL);
+ err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
+ &size, NULL);
else
- err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
- &size, NULL);
+ err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
+ &size, NULL);
if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_key_purpose_oid2: %s\n",
- gnutls_strerror (err));
- return;
- }
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_key_purpose_oid2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
if (strcmp (buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
- addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
+ addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
else if (strcmp (buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
- addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
+ addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
else if (strcmp (buffer, GNUTLS_KP_CODE_SIGNING) == 0)
- addf (str, _("%s\t\t\tCode signing.\n"), prefix);
+ addf (str, _("%s\t\t\tCode signing.\n"), prefix);
else if (strcmp (buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
- addf (str, _("%s\t\t\tEmail protection.\n"), prefix);
+ addf (str, _("%s\t\t\tEmail protection.\n"), prefix);
else if (strcmp (buffer, GNUTLS_KP_TIME_STAMPING) == 0)
- addf (str, _("%s\t\t\tTime stamping.\n"), prefix);
+ addf (str, _("%s\t\t\tTime stamping.\n"), prefix);
else if (strcmp (buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
- addf (str, _("%s\t\t\tOCSP signing.\n"), prefix);
+ addf (str, _("%s\t\t\tOCSP signing.\n"), prefix);
else if (strcmp (buffer, GNUTLS_KP_IPSEC_IKE) == 0)
- addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix);
+ addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix);
else if (strcmp (buffer, GNUTLS_KP_ANY) == 0)
- addf (str, _("%s\t\t\tAny purpose.\n"), prefix);
+ addf (str, _("%s\t\t\tAny purpose.\n"), prefix);
else
- addf (str, "%s\t\t\t%s\n", prefix, buffer);
+ addf (str, "%s\t\t\t%s\n", prefix, buffer);
gnutls_free (buffer);
}
static void
print_basic (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+ cert_type_t cert)
{
int pathlen;
int err;
static void
print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type,
- cert_type_t cert)
+ cert_type_t cert)
{
unsigned int altname_idx;
char str_ip[64];
int err;
if (altname_type == TYPE_CRT_SAN)
- err =
- gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
+ err =
+ gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
+ &size, NULL);
else if (altname_type == TYPE_CRQ_SAN)
- err =
- gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
- &size, NULL, NULL);
+ err =
+ gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
+ &size, NULL, NULL);
else if (altname_type == TYPE_CRT_IAN)
- err =
- gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
+ err =
+ gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer,
+ &size, NULL);
else
- return;
+ return;
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
+ break;
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_subject/issuer_alt_name: %s\n",
- gnutls_strerror (err));
- return;
- }
+ {
+ addf (str, "error: get_subject/issuer_alt_name: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
buffer = gnutls_malloc (size);
if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
if (altname_type == TYPE_CRT_SAN)
- err =
- gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
+ err =
+ gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
+ &size, NULL);
else if (altname_type == TYPE_CRQ_SAN)
- err =
- gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
- &size, NULL, NULL);
+ err =
+ gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
+ &size, NULL, NULL);
else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx,
- buffer, &size, NULL);
+ err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx,
+ buffer, &size, NULL);
if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_subject/issuer_alt_name2: %s\n",
- gnutls_strerror (err));
- return;
- }
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_subject/issuer_alt_name2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
if ((err == GNUTLS_SAN_DNSNAME
- || err == GNUTLS_SAN_RFC822NAME
- || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
+ || err == GNUTLS_SAN_RFC822NAME
+ || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
+ {
+ adds (str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (buffer) < size)
+ buffer[strlen (buffer)] = '!';
+ }
switch (err)
- {
- case GNUTLS_SAN_DNSNAME:
- addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer);
- break;
-
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size,
- buffer);
- break;
-
- case GNUTLS_SAN_URI:
- addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer);
- break;
-
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
- break;
-
- case GNUTLS_SAN_DN:
- addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
- (int) size, buffer);
- break;
-
- case GNUTLS_SAN_OTHERNAME:
- {
- char *oid = NULL;
- size_t oidsize;
-
- oidsize = 0;
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_free (buffer);
- addf (str,
- "error: get_subject/issuer_alt_othername_oid: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- oid = gnutls_malloc (oidsize);
- if (!oid)
- {
- gnutls_free (buffer);
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- gnutls_free (oid);
- addf (str, "error: get_subject_alt_othername_oid2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- if (err == GNUTLS_SAN_OTHERNAME_XMPP)
- {
- if (strlen (buffer) != size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
-
- addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
- (int) size, buffer);
- }
- else
- {
- addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
- (int) oidsize, oid);
- addf (str, _("%s\t\t\totherName DER: "), prefix);
- hexprint (str, buffer, size);
- addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
- asciiprint (str, buffer, size);
- addf (str, "\n");
- }
- gnutls_free (oid);
- }
- break;
-
- default:
- addf (str, "error: unknown altname\n");
- break;
- }
+ {
+ case GNUTLS_SAN_DNSNAME:
+ addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size,
+ buffer);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
+ (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_OTHERNAME:
+ {
+ char *oid = NULL;
+ size_t oidsize;
+
+ oidsize = 0;
+ if (altname_type == TYPE_CRT_SAN)
+ err = gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err = gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err = gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_free (buffer);
+ addf (str,
+ "error: get_subject/issuer_alt_othername_oid: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ oid = gnutls_malloc (oidsize);
+ if (!oid)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (altname_type == TYPE_CRT_SAN)
+ err = gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err = gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err = gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ gnutls_free (oid);
+ addf (str, "error: get_subject_alt_othername_oid2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ if (err == GNUTLS_SAN_OTHERNAME_XMPP)
+ {
+ if (strlen (buffer) != size)
+ {
+ adds (str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (buffer) < size)
+ buffer[strlen (buffer)] = '!';
+ }
+
+ addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
+ (int) size, buffer);
+ }
+ else
+ {
+ addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
+ (int) oidsize, oid);
+ addf (str, _("%s\t\t\totherName DER: "), prefix);
+ hexprint (str, buffer, size);
+ addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
+ asciiprint (str, buffer, size);
+ addf (str, "\n");
+ }
+ gnutls_free (oid);
+ }
+ break;
+
+ default:
+ addf (str, "error: unknown altname\n");
+ break;
+ }
gnutls_free (buffer);
}
static void
guiddump (gnutls_buffer_st * str, const char *data, size_t len,
- const char *spc)
+ const char *spc)
{
size_t j;
print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
{
int result;
- char buf[256]; /* if its longer, we won't bother to print it */
+ char buf[256]; /* if its longer, we won't bother to print it */
ssize_t buf_size = 256;
result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
addf (str, ("\t\tIssuer Unique ID:\n"));
hexdump (str, buf, buf_size, "\t\t\t");
if (buf_size == 16)
- { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
+ { /* this could be a GUID */
+ guiddump (str, buf, buf_size, "\t\t\t");
+ }
}
buf_size = 256;
addf (str, ("\t\tSubject Unique ID:\n"));
hexdump (str, buf, buf_size, "\t\t\t");
if (buf_size == 16)
- { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
+ { /* this could be a GUID */
+ guiddump (str, buf, buf_size, "\t\t\t");
+ }
}
}
static void
print_extensions (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+ cert_type_t cert)
{
int i, err;
int san_idx = 0;
int critical;
if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_extension_info (cert.crt, i,
- oid, &sizeof_oid,
- &critical);
+ err = gnutls_x509_crt_get_extension_info (cert.crt, i,
+ oid, &sizeof_oid,
+ &critical);
else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_extension_info (cert.crq, i,
- oid, &sizeof_oid,
- &critical);
+ err = gnutls_x509_crq_get_extension_info (cert.crq, i,
+ oid, &sizeof_oid,
+ &critical);
else
- {
- gnutls_assert ();
- return;
- }
+ {
+ gnutls_assert ();
+ return;
+ }
if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
+ {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf (str, "error: get_extension_info: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
if (i == 0)
- addf (str, _("%s\tExtensions:\n"), prefix);
+ addf (str, _("%s\tExtensions:\n"), prefix);
if (strcmp (oid, "2.5.29.19") == 0)
- {
- if (basic_idx)
- {
- addf (str, "error: more than one basic constraint\n");
- continue;
- }
+ {
+ if (basic_idx)
+ {
+ addf (str, "error: more than one basic constraint\n");
+ continue;
+ }
- addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
- print_basic (str, prefix, type, cert);
+ print_basic (str, prefix, type, cert);
- basic_idx++;
- }
+ basic_idx++;
+ }
else if (strcmp (oid, "2.5.29.14") == 0)
- {
- if (ski_idx)
- {
- addf (str, "error: more than one SKI extension\n");
- continue;
- }
+ {
+ if (ski_idx)
+ {
+ addf (str, "error: more than one SKI extension\n");
+ continue;
+ }
- addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
- if (type == TYPE_CRT)
- print_ski (str, cert.crt);
+ if (type == TYPE_CRT)
+ print_ski (str, cert.crt);
- ski_idx++;
- }
+ ski_idx++;
+ }
else if (strcmp (oid, "2.5.29.35") == 0)
- {
+ {
- if (aki_idx)
- {
- addf (str, "error: more than one AKI extension\n");
- continue;
- }
+ if (aki_idx)
+ {
+ addf (str, "error: more than one AKI extension\n");
+ continue;
+ }
- addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
- if (type == TYPE_CRT)
- print_aki (str, TYPE_CRT, cert);
+ if (type == TYPE_CRT)
+ print_aki (str, TYPE_CRT, cert);
- aki_idx++;
- }
+ aki_idx++;
+ }
else if (strcmp (oid, "2.5.29.15") == 0)
- {
- if (keyusage_idx)
- {
- addf (str, "error: more than one key usage extension\n");
- continue;
- }
+ {
+ if (keyusage_idx)
+ {
+ addf (str, "error: more than one key usage extension\n");
+ continue;
+ }
- addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
- print_key_usage (str, prefix, type, cert);
+ print_key_usage (str, prefix, type, cert);
- keyusage_idx++;
- }
+ keyusage_idx++;
+ }
else if (strcmp (oid, "2.5.29.37") == 0)
- {
- if (keypurpose_idx)
- {
- addf (str, "error: more than one key purpose extension\n");
- continue;
- }
+ {
+ if (keypurpose_idx)
+ {
+ addf (str, "error: more than one key purpose extension\n");
+ continue;
+ }
- addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
#ifdef ENABLE_PKI
- print_key_purpose (str, prefix, type, cert);
+ print_key_purpose (str, prefix, type, cert);
#endif
- keypurpose_idx++;
- }
+ keypurpose_idx++;
+ }
else if (strcmp (oid, "2.5.29.17") == 0)
- {
- if (san_idx)
- {
- addf (str, "error: more than one SKI extension\n");
- continue;
- }
+ {
+ if (san_idx)
+ {
+ addf (str, "error: more than one SKI extension\n");
+ continue;
+ }
- addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
- print_altname (str, prefix, type, cert);
+ print_altname (str, prefix, type, cert);
- san_idx++;
- }
+ san_idx++;
+ }
else if (strcmp (oid, "2.5.29.18") == 0)
- {
- if (ian_idx)
- {
- addf (str, "error: more than one Issuer AltName extension\n");
- continue;
- }
+ {
+ if (ian_idx)
+ {
+ addf (str, "error: more than one Issuer AltName extension\n");
+ continue;
+ }
- addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
- print_altname (str, prefix, TYPE_CRT_IAN, cert);
+ print_altname (str, prefix, TYPE_CRT_IAN, cert);
- ian_idx++;
- }
+ ian_idx++;
+ }
else if (strcmp (oid, "2.5.29.31") == 0)
- {
- if (crldist_idx)
- {
- addf (str, "error: more than one CRL distribution point\n");
- continue;
- }
+ {
+ if (crldist_idx)
+ {
+ addf (str, "error: more than one CRL distribution point\n");
+ continue;
+ }
- addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
#ifdef ENABLE_PKI
- if (type == TYPE_CRT)
- print_crldist (str, cert.crt);
+ if (type == TYPE_CRT)
+ print_crldist (str, cert.crt);
#endif
- crldist_idx++;
- }
+ crldist_idx++;
+ }
else if (strcmp (oid, "1.3.6.1.5.5.7.1.14") == 0)
- {
- if (proxy_idx)
- {
- addf (str, "error: more than one proxy extension\n");
- continue;
- }
+ {
+ if (proxy_idx)
+ {
+ addf (str, "error: more than one proxy extension\n");
+ continue;
+ }
- addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
+ addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
- if (type == TYPE_CRT)
- print_proxy (str, cert.crt);
+ if (type == TYPE_CRT)
+ print_proxy (str, cert.crt);
- proxy_idx++;
- }
+ proxy_idx++;
+ }
else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err < 0)
- {
- addf (str, "error: get_extension_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_extension_data (cert.crt, i, buffer,
- &extlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_extension_data (cert.crq, i, buffer,
- &extlen);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_extension_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- addf (str, _("%s\t\t\tASCII: "), prefix);
- asciiprint (str, buffer, extlen);
- addf (str, "\n");
-
- addf (str, _("%s\t\t\tHexdump: "), prefix);
- hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
+ {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen);
+ else
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ if (err < 0)
+ {
+ addf (str, "error: get_extension_data: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ buffer = gnutls_malloc (extlen);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data (cert.crt, i, buffer,
+ &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data (cert.crq, i, buffer,
+ &extlen);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_extension_data2: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ addf (str, _("%s\t\t\tASCII: "), prefix);
+ asciiprint (str, buffer, extlen);
+ addf (str, "\n");
+
+ addf (str, _("%s\t\t\tHexdump: "), prefix);
+ hexprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+ }
}
}
addf (str, "error: get_serial: %s\n", gnutls_strerror (err));
else
{
- adds (str, _("\tSerial Number (hex): "));
- hexprint (str, serial, serial_size);
- adds (str, "\n");
+ adds (str, _("\tSerial Number (hex): "));
+ hexprint (str, serial, serial_size);
+ adds (str, "\n");
}
}
err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
+ addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_issuer_dn: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\tIssuer: %s\n"), dn);
- gnutls_free (dn);
- }
- }
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror (err));
+ else
+ addf (str, _("\tIssuer: %s\n"), dn);
+ gnutls_free (dn);
+ }
+ }
}
/* Validity. */
struct tm t;
if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
else
- addf (str, _("\t\tNot Before: %s\n"), s);
+ addf (str, _("\t\tNot Before: %s\n"), s);
}
tim = gnutls_x509_crt_get_expiration_time (cert);
struct tm t;
if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
else
- addf (str, _("\t\tNot After: %s\n"), s);
+ addf (str, _("\t\tNot After: %s\n"), s);
}
}
addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
else
{
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- addf (str, _("\tSubject: %s\n"), dn);
- gnutls_free (dn);
- }
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
+ else
+ addf (str, _("\tSubject: %s\n"), dn);
+ gnutls_free (dn);
+ }
}
}
addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
else
{
- const char *name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
+ const char *name = gnutls_pk_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
- addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
- addf (str, _("\tCertificate Security Level: %s\n"),
- gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)));
+ addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
+ addf (str, _("\tCertificate Security Level: %s\n"),
+ gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
+ (err, bits)));
#ifdef ENABLE_PKI
- switch (err)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- err = gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e);
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- hexdump (str, m.data, m.size, "\t\t\t");
- addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
- hexdump (str, e.data, e.size, "\t\t\t");
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- err = gnutls_x509_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- hexdump (str, y.data, y.size, "\t\t\t");
- adds (str, _("\t\tP:\n"));
- hexdump (str, p.data, p.size, "\t\t\t");
- adds (str, _("\t\tQ:\n"));
- hexdump (str, q.data, q.size, "\t\t\t");
- adds (str, _("\t\tG:\n"));
- hexdump (str, g.data, g.size, "\t\t\t");
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
-
- }
- }
- break;
-
- default:
- break;
- }
+ switch (err)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ err = gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e);
+ if (err < 0)
+ addf (str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tModulus (bits %d):\n"), bits);
+ hexdump (str, m.data, m.size, "\t\t\t");
+ addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
+ hexdump (str, e.data, e.size, "\t\t\t");
+
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ err = gnutls_x509_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tPublic key (bits %d):\n"), bits);
+ hexdump (str, y.data, y.size, "\t\t\t");
+ adds (str, _("\t\tP:\n"));
+ hexdump (str, p.data, p.size, "\t\t\t");
+ adds (str, _("\t\tQ:\n"));
+ hexdump (str, q.data, q.size, "\t\t\t");
+ adds (str, _("\t\tG:\n"));
+ hexdump (str, g.data, g.size, "\t\t\t");
+
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
#endif
}
}
err = gnutls_x509_crt_get_signature_algorithm (cert);
if (err < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (err));
+ addf (str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror (err));
else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
+ {
+ const char *name = gnutls_sign_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+ addf (str, _("\tSignature Algorithm: %s\n"), name);
+ }
if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
+ {
+ adds (str, _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
err = gnutls_x509_crt_get_signature (cert, buffer, &size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
- return;
- }
+ {
+ addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
+ return;
+ }
buffer = gnutls_malloc (size);
if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
err = gnutls_x509_crt_get_signature (cert, buffer, &size);
if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
- return;
- }
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
+ return;
+ }
adds (str, _("\tSignature:\n"));
hexdump (str, buffer, size, "\t\t");
static void
print_fingerprint (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo)
+ gnutls_digest_algorithm_t algo)
{
int err;
char buffer[MAX_HASH_SIZE];
addf (str, "unknown subject (%s), ", gnutls_strerror (err));
else
{
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown subject (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "unknown subject (%s), ", gnutls_strerror (err));
- else
- addf (str, "subject `%s', ", dn);
- gnutls_free (dn);
- }
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "unknown subject (%s), ",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "unknown subject (%s), ", gnutls_strerror (err));
+ else
+ addf (str, "subject `%s', ", dn);
+ gnutls_free (dn);
+ }
}
}
addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
else
{
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown issuer (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
- else
- addf (str, "issuer `%s', ", dn);
- gnutls_free (dn);
- }
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "unknown issuer (%s), ",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
+ else
+ addf (str, "issuer `%s', ", dn);
+ gnutls_free (dn);
+ }
}
}
addf (str, "unknown signature algorithm (%s), ", gnutls_strerror (err));
else
{
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
- addf (str, _("signed using %s (broken!), "), name);
- else
- addf (str, _("signed using %s, "), name);
+ const char *name = gnutls_sign_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+ if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+ addf (str, _("signed using %s (broken!), "), name);
+ else
+ addf (str, _("signed using %s, "), name);
}
}
struct tm t;
if (gmtime_r (&tim, &t) == NULL)
- addf (str, "unknown activation (%ld), ", (unsigned long) tim);
+ addf (str, "unknown activation (%ld), ", (unsigned long) tim);
else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "failed activation (%ld), ", (unsigned long) tim);
+ addf (str, "failed activation (%ld), ", (unsigned long) tim);
else
- addf (str, "activated `%s', ", s);
+ addf (str, "activated `%s', ", s);
}
tim = gnutls_x509_crt_get_expiration_time (cert);
struct tm t;
if (gmtime_r (&tim, &t) == NULL)
- addf (str, "unknown expiry (%ld), ", (unsigned long) tim);
+ addf (str, "unknown expiry (%ld), ", (unsigned long) tim);
else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "failed expiry (%ld), ", (unsigned long) tim);
+ addf (str, "failed expiry (%ld), ", (unsigned long) tim);
else
- addf (str, "expires `%s', ", s);
+ addf (str, "expires `%s', ", s);
}
}
int err;
err = gnutls_x509_crt_get_proxy (cert, NULL,
- &pathlen, &policyLanguage, NULL, NULL);
+ &pathlen, &policyLanguage, NULL, NULL);
if (err == 0)
{
- addf (str, "proxy certificate (policy=");
- if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
- addf (str, "id-ppl-inheritALL");
- else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
- addf (str, "id-ppl-independent");
- else
- addf (str, "%s", policyLanguage);
- if (pathlen >= 0)
- addf (str, ", pathlen=%d), ", pathlen);
- else
- addf (str, "), ");
- gnutls_free (policyLanguage);
+ addf (str, "proxy certificate (policy=");
+ if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
+ addf (str, "id-ppl-inheritALL");
+ else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
+ addf (str, "id-ppl-independent");
+ else
+ addf (str, "%s", policyLanguage);
+ if (pathlen >= 0)
+ addf (str, ", pathlen=%d), ", pathlen);
+ else
+ addf (str, "), ");
+ gnutls_free (policyLanguage);
}
}
int err;
err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
- buffer, &size);
+ buffer, &size);
if (err < 0)
{
- addf (str, "unknown fingerprint (%s)", gnutls_strerror (err));
+ addf (str, "unknown fingerprint (%s)", gnutls_strerror (err));
}
else
{
- addf (str, "SHA-1 fingerprint `");
- hexprint (str, buffer, size);
- adds (str, "'");
+ addf (str, "SHA-1 fingerprint `");
+ hexprint (str, buffer, size);
+ adds (str, "'");
}
}
**/
int
gnutls_x509_crt_print (gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
gnutls_buffer_st str;
err = gnutls_x509_crl_get_issuer_dn (crl, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
+ addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_issuer_dn: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\tIssuer: %s\n"), dn);
- }
- gnutls_free (dn);
- }
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror (err));
+ else
+ addf (str, _("\tIssuer: %s\n"), dn);
+ }
+ gnutls_free (dn);
+ }
}
/* Validity. */
struct tm t;
if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
else
- addf (str, _("\t\tIssued: %s\n"), s);
+ addf (str, _("\t\tIssued: %s\n"), s);
}
tim = gnutls_x509_crl_get_next_update (crl);
struct tm t;
if (tim == -1)
- addf (str, "\t\tNo next update time.\n");
+ addf (str, "\t\tNo next update time.\n");
else if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
else
- addf (str, _("\t\tNext at: %s\n"), s);
+ addf (str, _("\t\tNext at: %s\n"), s);
}
}
int crl_nr = 0;
for (i = 0;; i++)
- {
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
- int critical;
-
- err = gnutls_x509_crl_get_extension_info (crl, i,
- oid, &sizeof_oid,
- &critical);
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- adds (str, _("\tExtensions:\n"));
-
- if (strcmp (oid, "2.5.29.20") == 0)
- {
- char nr[128];
- size_t nr_size = sizeof (nr);
-
- if (crl_nr)
- {
- addf (str, "error: more than one CRL number\n");
- continue;
- }
-
- err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical);
-
- addf (str, _("\t\tCRL Number (%s): "),
- critical ? _("critical") : _("not critical"));
-
- if (err < 0)
- addf (str, "error: get_number: %s\n", gnutls_strerror (err));
- else
- {
- hexprint (str, nr, nr_size);
- addf (str, "\n");
- }
-
- crl_nr++;
- }
- else if (strcmp (oid, "2.5.29.35") == 0)
- {
- cert_type_t ccert;
-
- if (aki_idx)
- {
- addf (str, "error: more than one AKI extension\n");
- continue;
- }
-
- addf (str, _("\t\tAuthority Key Identifier (%s):\n"),
- critical ? _("critical") : _("not critical"));
-
- ccert.crl = crl;
- print_aki (str, TYPE_CRL, ccert);
-
- aki_idx++;
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("\t\tUnknown extension %s (%s):\n"), oid,
- critical ? _("critical") : _("not critical"));
-
- err = gnutls_x509_crl_get_extension_data (crl, i,
- NULL, &extlen);
- if (err < 0)
- {
- addf (str, "error: get_extension_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crl_get_extension_data (crl, i,
- buffer, &extlen);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_extension_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- adds (str, _("\t\t\tASCII: "));
- asciiprint (str, buffer, extlen);
- adds (str, "\n");
-
- adds (str, _("\t\t\tHexdump: "));
- hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
- }
+ {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof (oid);
+ int critical;
+
+ err = gnutls_x509_crl_get_extension_info (crl, i,
+ oid, &sizeof_oid,
+ &critical);
+ if (err < 0)
+ {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf (str, "error: get_extension_info: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ if (i == 0)
+ adds (str, _("\tExtensions:\n"));
+
+ if (strcmp (oid, "2.5.29.20") == 0)
+ {
+ char nr[128];
+ size_t nr_size = sizeof (nr);
+
+ if (crl_nr)
+ {
+ addf (str, "error: more than one CRL number\n");
+ continue;
+ }
+
+ err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical);
+
+ addf (str, _("\t\tCRL Number (%s): "),
+ critical ? _("critical") : _("not critical"));
+
+ if (err < 0)
+ addf (str, "error: get_number: %s\n", gnutls_strerror (err));
+ else
+ {
+ hexprint (str, nr, nr_size);
+ addf (str, "\n");
+ }
+
+ crl_nr++;
+ }
+ else if (strcmp (oid, "2.5.29.35") == 0)
+ {
+ cert_type_t ccert;
+
+ if (aki_idx)
+ {
+ addf (str, "error: more than one AKI extension\n");
+ continue;
+ }
+
+ addf (str, _("\t\tAuthority Key Identifier (%s):\n"),
+ critical ? _("critical") : _("not critical"));
+
+ ccert.crl = crl;
+ print_aki (str, TYPE_CRL, ccert);
+
+ aki_idx++;
+ }
+ else
+ {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf (str, _("\t\tUnknown extension %s (%s):\n"), oid,
+ critical ? _("critical") : _("not critical"));
+
+ err = gnutls_x509_crl_get_extension_data (crl, i,
+ NULL, &extlen);
+ if (err < 0)
+ {
+ addf (str, "error: get_extension_data: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ buffer = gnutls_malloc (extlen);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err = gnutls_x509_crl_get_extension_data (crl, i,
+ buffer, &extlen);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_extension_data2: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ adds (str, _("\t\t\tASCII: "));
+ asciiprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ adds (str, _("\t\t\tHexdump: "));
+ hexprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+ }
+ }
}
for (j = 0; j < num; j++)
{
- char serial[128];
- size_t serial_size = sizeof (serial);
- int err;
- time_t tim;
-
- err = gnutls_x509_crl_get_crt_serial (crl, j, serial,
- &serial_size, &tim);
- if (err < 0)
- addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err));
- else
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- adds (str, _("\t\tSerial Number (hex): "));
- hexprint (str, serial, serial_size);
- adds (str, "\n");
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tRevoked at: %s\n"), s);
- }
+ char serial[128];
+ size_t serial_size = sizeof (serial);
+ int err;
+ time_t tim;
+
+ err = gnutls_x509_crl_get_crt_serial (crl, j, serial,
+ &serial_size, &tim);
+ if (err < 0)
+ addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err));
+ else
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ adds (str, _("\t\tSerial Number (hex): "));
+ hexprint (str, serial, serial_size);
+ adds (str, "\n");
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tRevoked at: %s\n"), s);
+ }
}
}
err = gnutls_x509_crl_get_signature_algorithm (crl);
if (err < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (err));
+ addf (str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror (err));
else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
+ {
+ const char *name = gnutls_sign_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+ addf (str, _("\tSignature Algorithm: %s\n"), name);
+ }
if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
+ {
+ adds (str, _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
err = gnutls_x509_crl_get_signature (crl, buffer, &size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
- return;
- }
+ {
+ addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
+ return;
+ }
buffer = gnutls_malloc (size);
if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
err = gnutls_x509_crl_get_signature (crl, buffer, &size);
if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
- return;
- }
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
+ return;
+ }
adds (str, _("\tSignature:\n"));
hexdump (str, buffer, size, "\t\t");
**/
int
gnutls_x509_crl_print (gnutls_x509_crl_t crl,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
gnutls_buffer_st str;
addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
else
{
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crq_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- addf (str, _("\tSubject: %s\n"), dn);
- gnutls_free (dn);
- }
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crq_get_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
+ else
+ addf (str, _("\tSubject: %s\n"), dn);
+ gnutls_free (dn);
+ }
}
}
addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
else
{
- const char *name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
-
- addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
- switch (err)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e);
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- hexdump (str, m.data, m.size, "\t\t\t");
- adds (str, _("\t\tExponent:\n"));
- hexdump (str, e.data, e.size, "\t\t\t");
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-#if 0 /* not implemented yet */
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- hexdump (str, y.data, y.size, "\t\t\t");
- addf (str, _("\t\tP:\n"));
- hexdump (str, p.data, p.size, "\t\t\t");
- addf (str, _("\t\tQ:\n"));
- hexdump (str, q.data, q.size, "\t\t\t");
- addf (str, _("\t\tG:\n"));
- hexdump (str, g.data, g.size, "\t\t\t");
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
-
- }
- }
- break;
+ const char *name = gnutls_pk_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+
+ addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
+ switch (err)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e);
+ if (err < 0)
+ addf (str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tModulus (bits %d):\n"), bits);
+ hexdump (str, m.data, m.size, "\t\t\t");
+ adds (str, _("\t\tExponent:\n"));
+ hexdump (str, e.data, e.size, "\t\t\t");
+
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
+
+ }
+ break;
+#if 0 /* not implemented yet */
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tPublic key (bits %d):\n"), bits);
+ hexdump (str, y.data, y.size, "\t\t\t");
+ addf (str, _("\t\tP:\n"));
+ hexdump (str, p.data, p.size, "\t\t\t");
+ addf (str, _("\t\tQ:\n"));
+ hexdump (str, q.data, q.size, "\t\t\t");
+ addf (str, _("\t\tG:\n"));
+ hexdump (str, g.data, g.size, "\t\t\t");
+
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+
+ }
+ }
+ break;
#endif
- default:
- break;
- }
+ default:
+ break;
+ }
}
}
for (i = 0;; i++)
{
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
-
- err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid);
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- adds (str, _("\tAttributes:\n"));
-
- if (strcmp (oid, "1.2.840.113549.1.9.14") == 0)
- {
- cert_type_t ccert;
-
- if (extensions)
- {
- addf (str, "error: more than one extensionsRequest\n");
- continue;
- }
-
- ccert.crq = cert;
- print_extensions (str, "\t", TYPE_CRQ, ccert);
-
- extensions++;
- }
- else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0)
- {
- char *pass;
- size_t size;
-
- if (challenge)
- {
- adds (str,
- "error: more than one Challenge password attribute\n");
- continue;
- }
-
- err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size);
- if (err < 0)
- {
- addf (str, "error: get_challenge_password: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- size++;
-
- pass = gnutls_malloc (size);
- if (!pass)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crq_get_challenge_password (cert, pass, &size);
- if (err < 0)
- addf (str, "error: get_challenge_password: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\t\tChallenge password: %s\n"), pass);
-
- gnutls_free (pass);
-
- challenge++;
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("\t\tUnknown attribute %s:\n"), oid);
-
- err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen);
- if (err < 0)
- {
- addf (str, "error: get_attribute_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crq_get_attribute_data (cert, i,
- buffer, &extlen);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_attribute_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- adds (str, _("\t\t\tASCII: "));
- asciiprint (str, buffer, extlen);
- adds (str, "\n");
-
- adds (str, _("\t\t\tHexdump: "));
- hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof (oid);
+
+ err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid);
+ if (err < 0)
+ {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf (str, "error: get_extension_info: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ if (i == 0)
+ adds (str, _("\tAttributes:\n"));
+
+ if (strcmp (oid, "1.2.840.113549.1.9.14") == 0)
+ {
+ cert_type_t ccert;
+
+ if (extensions)
+ {
+ addf (str, "error: more than one extensionsRequest\n");
+ continue;
+ }
+
+ ccert.crq = cert;
+ print_extensions (str, "\t", TYPE_CRQ, ccert);
+
+ extensions++;
+ }
+ else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0)
+ {
+ char *pass;
+ size_t size;
+
+ if (challenge)
+ {
+ adds (str,
+ "error: more than one Challenge password attribute\n");
+ continue;
+ }
+
+ err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size);
+ if (err < 0)
+ {
+ addf (str, "error: get_challenge_password: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ size++;
+
+ pass = gnutls_malloc (size);
+ if (!pass)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err = gnutls_x509_crq_get_challenge_password (cert, pass, &size);
+ if (err < 0)
+ addf (str, "error: get_challenge_password: %s\n",
+ gnutls_strerror (err));
+ else
+ addf (str, _("\t\tChallenge password: %s\n"), pass);
+
+ gnutls_free (pass);
+
+ challenge++;
+ }
+ else
+ {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf (str, _("\t\tUnknown attribute %s:\n"), oid);
+
+ err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen);
+ if (err < 0)
+ {
+ addf (str, "error: get_attribute_data: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ buffer = gnutls_malloc (extlen);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err = gnutls_x509_crq_get_attribute_data (cert, i,
+ buffer, &extlen);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_attribute_data2: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ adds (str, _("\t\t\tASCII: "));
+ asciiprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ adds (str, _("\t\t\tHexdump: "));
+ hexprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+ }
}
}
}
if (!buffer)
{
addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
return;
}
**/
int
gnutls_x509_crq_print (gnutls_x509_crq_t crq,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
gnutls_buffer_st str;
int
_gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
- const char *S, size_t Slen,
- unsigned int c, char *DK, size_t dkLen)
+ const char *S, size_t Slen,
+ unsigned int c, char *DK, size_t dkLen)
{
unsigned int hLen = 20;
char U[20];
memset (T, 0, hLen);
for (u = 1; u <= c; u++)
- {
- if (u == 1)
- {
- tmp[Slen + 0] = (i & 0xff000000) >> 24;
- tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
- tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
- tmp[Slen + 3] = (i & 0x000000ff) >> 0;
-
- rc =
- _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
- }
- else
- rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
-
- if (rc < 0)
- {
- gnutls_free (tmp);
- return rc;
- }
-
- for (k = 0; k < hLen; k++)
- T[k] ^= U[k];
- }
+ {
+ if (u == 1)
+ {
+ tmp[Slen + 0] = (i & 0xff000000) >> 24;
+ tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
+ tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
+ tmp[Slen + 3] = (i & 0x000000ff) >> 0;
+
+ rc =
+ _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
+ }
+ else
+ rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
+
+ if (rc < 0)
+ {
+ gnutls_free (tmp);
+ return rc;
+ }
+
+ for (k = 0; k < hLen; k++)
+ T[k] ^= U[k];
+ }
memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
}
int _gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
- const char *S, size_t Slen,
- unsigned int c, char *DK, size_t dkLen);
+ const char *S, size_t Slen,
+ unsigned int c, char *DK, size_t dkLen);
*/
static int
_decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
- gnutls_datum_t * raw)
+ gnutls_datum_t * raw)
{
char oid[MAX_OID_SIZE];
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
- &c2)) != ASN1_SUCCESS)
+ &c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
if (*pkcs12)
{
int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PFX",
- &(*pkcs12)->pkcs12);
+ "PKIX1.pkcs-12-PFX",
+ &(*pkcs12)->pkcs12);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*pkcs12);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
+ {
+ gnutls_assert ();
+ gnutls_free (*pkcs12);
+ return _gnutls_asn2err (result);
+ }
+ return 0; /* success */
}
return GNUTLS_E_MEMORY_ERROR;
}
**/
int
gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
opaque *out;
result = _gnutls_fbase64_decode (PEM_PKCS12, data->data, data->size,
- &out);
+ &out);
if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
_data.data = out;
_data.size = result;
**/
int
gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
if (pkcs12 == NULL)
{
}
return _gnutls_x509_export_int (pkcs12->pkcs12, format, PEM_PKCS12,
- output_data, output_data_size);
+ output_data, output_data_size);
}
static int
{
j = 2 * i + 1;
if (isascii (data[j]))
- data[i] = data[i * 2 + 1];
+ data[i] = data[i * 2 + 1];
else
- data[i] = '?';
+ data[i] = '?';
}
data[i] = 0;
*/
int
_pkcs12_decode_safe_contents (const gnutls_datum_t * content,
- gnutls_pkcs12_bag_t bag)
+ gnutls_pkcs12_bag_t bag)
{
char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE];
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
- &c2)) != ASN1_SUCCESS)
+ &c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
len = sizeof (oid);
result = asn1_read_value (c2, root, oid, &len);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
/* Read the Bag type
*/
bag_type = oid2bag (oid);
if (bag_type < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
/* Read the Bag Value
*/
result = _gnutls_x509_read_value (c2, root, &bag->element[i].data, 0);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL
- || bag_type == GNUTLS_BAG_SECRET)
- {
- gnutls_datum_t tmp = bag->element[i].data;
+ || bag_type == GNUTLS_BAG_SECRET)
+ {
+ gnutls_datum_t tmp = bag->element[i].data;
- result =
- _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
- _gnutls_free_datum (&tmp);
- }
+ _gnutls_free_datum (&tmp);
+ }
/* read the bag attributes
*/
result = asn1_number_of_elements (c2, root, &attributes);
if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
if (attributes < 0)
- attributes = 1;
+ attributes = 1;
if (result != ASN1_ELEMENT_NOT_FOUND)
- for (j = 0; j < attributes; j++)
- {
-
- snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1,
- j + 1);
-
- result =
- _gnutls_x509_decode_and_read_attribute (c2, root, oid,
- sizeof (oid), &attr_val,
- 1, 0);
-
- if (result < 0)
- {
- gnutls_assert ();
- continue; /* continue in case we find some known attributes */
- }
-
- if (strcmp (oid, KEY_ID_OID) == 0)
- {
- size = attr_val.size;
-
- result =
- _gnutls_x509_decode_octet_string (NULL, attr_val.data, size,
- attr_val.data, &size);
- attr_val.size = size;
- if (result < 0)
- {
- _gnutls_free_datum (&attr_val);
- gnutls_assert ();
- _gnutls_x509_log
- ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
- continue;
- }
- bag->element[i].local_key_id = attr_val;
- }
- else if (strcmp (oid, FRIENDLY_NAME_OID) == 0)
- {
- size = attr_val.size;
- result =
- _gnutls_x509_decode_octet_string ("BMPString",
- attr_val.data, size,
- attr_val.data, &size);
- attr_val.size = size;
- if (result < 0)
- {
- _gnutls_free_datum (&attr_val);
- gnutls_assert ();
- _gnutls_x509_log
- ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
- continue;
- }
- bag->element[i].friendly_name =
- ucs2_to_ascii (attr_val.data, attr_val.size);
- }
- else
- {
- _gnutls_free_datum (&attr_val);
- _gnutls_x509_log
- ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
- }
- }
+ for (j = 0; j < attributes; j++)
+ {
+
+ snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1,
+ j + 1);
+
+ result =
+ _gnutls_x509_decode_and_read_attribute (c2, root, oid,
+ sizeof (oid), &attr_val,
+ 1, 0);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ continue; /* continue in case we find some known attributes */
+ }
+
+ if (strcmp (oid, KEY_ID_OID) == 0)
+ {
+ size = attr_val.size;
+
+ result =
+ _gnutls_x509_decode_octet_string (NULL, attr_val.data, size,
+ attr_val.data, &size);
+ attr_val.size = size;
+ if (result < 0)
+ {
+ _gnutls_free_datum (&attr_val);
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
+ continue;
+ }
+ bag->element[i].local_key_id = attr_val;
+ }
+ else if (strcmp (oid, FRIENDLY_NAME_OID) == 0)
+ {
+ size = attr_val.size;
+ result =
+ _gnutls_x509_decode_octet_string ("BMPString",
+ attr_val.data, size,
+ attr_val.data, &size);
+ attr_val.size = size;
+ if (result < 0)
+ {
+ _gnutls_free_datum (&attr_val);
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
+ continue;
+ }
+ bag->element[i].friendly_name =
+ ucs2_to_ascii (attr_val.data, attr_val.size);
+ }
+ else
+ {
+ _gnutls_free_datum (&attr_val);
+ _gnutls_x509_log
+ ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
+ }
+ }
bag->element[i].type = bag_type;
static int
_parse_safe_contents (ASN1_TYPE sc, const char *sc_name,
- gnutls_pkcs12_bag_t bag)
+ gnutls_pkcs12_bag_t bag)
{
gnutls_datum_t content = { NULL, 0 };
int result;
**/
int
gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
- int indx, gnutls_pkcs12_bag_t bag)
+ int indx, gnutls_pkcs12_bag_t bag)
{
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
int result, len;
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
- &c2)) != ASN1_SUCCESS)
+ &c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
{
result = create_empty_pfx (pkcs12->pkcs12);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
/* Step 2. decode the authenticatedSafe.
/* Encrypted packets are written directly.
*/
result =
- asn1_write_value (c2, "?LAST.content",
- bag->element[0].data.data,
- bag->element[0].data.size);
+ asn1_write_value (c2, "?LAST.content",
+ bag->element[0].data.data,
+ bag->element[0].data.size);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
}
else
{
result =
- _gnutls_x509_der_encode_and_copy (safe_cont, "", c2,
- "?LAST.content", 1);
+ _gnutls_x509_der_encode_and_copy (safe_cont, "", c2,
+ "?LAST.content", 1);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
asn1_delete_structure (&safe_cont);
*/
result =
_gnutls_x509_der_encode_and_copy (c2, "", pkcs12->pkcs12,
- "authSafe.content", 1);
+ "authSafe.content", 1);
if (result < 0)
{
gnutls_assert ();
if (iter > 1)
{
result =
- _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations",
- iter);
+ _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations",
+ iter);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
/* Generate the key.
*/
result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt),
- iter, pass, sizeof (key), key);
+ iter, pass, sizeof (key), key);
if (result < 0)
{
gnutls_assert ();
result =
asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac,
- sizeof (sha_mac));
+ sizeof (sha_mac));
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result =
asn1_write_value (pkcs12->pkcs12,
- "macData.mac.digestAlgorithm.parameters", NULL, 0);
+ "macData.mac.digestAlgorithm.parameters", NULL, 0);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result =
asn1_write_value (pkcs12->pkcs12,
- "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1,
- 1);
+ "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1,
+ 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
_gnutls_x509_read_uint (pkcs12->pkcs12, "macData.iterations", &iter);
if (result < 0)
{
- iter = 1; /* the default */
+ iter = 1; /* the default */
}
/* Generate the key.
*/
result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt.data, salt.size,
- iter, pass, sizeof (key), key);
+ iter, pass, sizeof (key), key);
if (result < 0)
{
gnutls_assert ();
len = sizeof (sha_mac_orig);
result =
asn1_read_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig,
- &len);
+ &len);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
static int
write_attributes (gnutls_pkcs12_bag_t bag, int elem,
- ASN1_TYPE c2, const char *where)
+ ASN1_TYPE c2, const char *where)
{
int result;
char root[128];
*/
result = asn1_write_value (c2, where, NULL, 0);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
return 0;
}
*/
result = asn1_write_value (c2, where, "NEW", 1);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
_gnutls_str_cpy (root, sizeof (root), where);
_gnutls_str_cat (root, sizeof (root), ".?LAST");
result =
- _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root,
- bag->
- element[elem].local_key_id.
- data,
- bag->
- element[elem].local_key_id.
- size, 1);
+ _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root,
+ bag->
+ element[elem].local_key_id.
+ data,
+ bag->
+ element[elem].local_key_id.
+ size, 1);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
if (bag->element[elem].friendly_name != NULL)
*/
result = asn1_write_value (c2, where, "NEW", 1);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
/* convert name to BMPString
*/
name = gnutls_malloc (size);
if (name == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
p = bag->element[elem].friendly_name;
for (i = 0; i < size; i += 2)
- {
- name[i] = 0;
- name[i + 1] = *p;
- p++;
- }
+ {
+ name[i] = 0;
+ name[i + 1] = *p;
+ p++;
+ }
_gnutls_str_cpy (root, sizeof (root), where);
_gnutls_str_cat (root, sizeof (root), ".?LAST");
result =
- _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2,
- root, name, size, 1);
+ _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2,
+ root, name, size, 1);
gnutls_free (name);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
return 0;
*/
int
_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents,
- int *enc)
+ int *enc)
{
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
int result;
if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc)
{
*enc = 1;
- return 0; /* ENCRYPTED BAG, do nothing. */
+ return 0; /* ENCRYPTED BAG, do nothing. */
}
else if (enc)
*enc = 0;
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
- &c2)) != ASN1_SUCCESS)
+ &c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
oid = bag_to_oid (bag->element[i].type);
if (oid == NULL)
- {
- gnutls_assert ();
- continue;
- }
+ {
+ gnutls_assert ();
+ continue;
+ }
result = asn1_write_value (c2, "", "NEW", 1);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
/* Copy the bag type.
*/
result = asn1_write_value (c2, "?LAST.bagId", oid, 1);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
/* Set empty attributes
*/
result = write_attributes (bag, i, c2, "?LAST.bagAttributes");
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
/* Copy the Bag Value
*/
if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
- bag->element[i].type == GNUTLS_BAG_SECRET ||
- bag->element[i].type == GNUTLS_BAG_CRL)
- {
- gnutls_datum_t tmp;
+ bag->element[i].type == GNUTLS_BAG_SECRET ||
+ bag->element[i].type == GNUTLS_BAG_CRL)
+ {
+ gnutls_datum_t tmp;
- /* in that case encode it to a CertBag or
- * a CrlBag.
- */
+ /* in that case encode it to a CertBag or
+ * a CrlBag.
+ */
- result =
- _pkcs12_encode_crt_bag (bag->element[i].type,
- &bag->element[i].data, &tmp);
+ result =
+ _pkcs12_encode_crt_bag (bag->element[i].type,
+ &bag->element[i].data, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
- result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp, 0);
+ result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp, 0);
- _gnutls_free_datum (&tmp);
+ _gnutls_free_datum (&tmp);
- }
+ }
else
- {
+ {
- result = _gnutls_x509_write_value (c2, "?LAST.bagValue",
- &bag->element[i].data, 0);
- }
+ result = _gnutls_x509_write_value (c2, "?LAST.bagValue",
+ &bag->element[i].data, 0);
+ }
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
if (*bag)
{
- return 0; /* success */
+ return 0; /* success */
}
return GNUTLS_E_MEMORY_ERROR;
}
**/
int
gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * data)
+ gnutls_datum_t * data)
{
if (bag == NULL)
{
int
_pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * in, gnutls_datum_t * out)
+ const gnutls_datum_t * in, gnutls_datum_t * out)
{
int ret;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
{
case GNUTLS_BAG_CERTIFICATE:
if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CertBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = _gnutls_x509_read_value (c2, "certValue", out, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
break;
case GNUTLS_BAG_CRL:
if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CRLBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = _gnutls_x509_read_value (c2, "crlValue", out, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
break;
case GNUTLS_BAG_SECRET:
if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-SecretBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = _gnutls_x509_read_value (c2, "secretValue", out, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
break;
default:
int
_pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * raw, gnutls_datum_t * out)
+ const gnutls_datum_t * raw, gnutls_datum_t * out)
{
int ret;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
{
case GNUTLS_BAG_CERTIFICATE:
if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CertBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1);
if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = _gnutls_x509_write_value (c2, "certValue", raw, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
break;
case GNUTLS_BAG_CRL:
if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CRLBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1);
if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
break;
case GNUTLS_BAG_SECRET:
if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-SecretBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1);
if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
ret = _gnutls_x509_write_value (c2, "secretValue", raw, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
break;
default:
**/
int
gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
- gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * data)
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data)
{
int ret;
if (bag == NULL)
*/
if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
- bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY ||
- bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY ||
+ bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
ret =
_gnutls_set_datum (&bag->element[bag->bag_elements].data,
- data->data, data->size);
+ data->data, data->size);
if (ret < 0)
{
**/
int
gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
- const gnutls_datum_t * id)
+ const gnutls_datum_t * id)
{
int ret;
}
ret = _gnutls_set_datum (&bag->element[indx].local_key_id,
- id->data, id->size);
+ id->data, id->size);
if (ret < 0)
{
**/
int
gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * id)
+ gnutls_datum_t * id)
{
if (bag == NULL)
{
**/
int
gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- char **name)
+ char **name)
{
if (bag == NULL)
{
**/
int
gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- const char *name)
+ const char *name)
{
if (bag == NULL)
{
**/
int
gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
- unsigned int flags)
+ unsigned int flags)
{
int ret;
ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
for (i = 0; i < plen; i++)
{
if (isascii (p[i]))
- continue;
+ continue;
return GNUTLS_E_INVALID_PASSWORD;
}
*/
int
_gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
- unsigned int salt_size, unsigned int iter,
- const char *pw, unsigned int req_keylen,
- opaque * keybuf)
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ opaque * keybuf)
{
int rc;
unsigned int i, j;
opaque hash[20], buf_b[64], buf_i[128], *p;
size_t cur_keylen;
size_t n, m;
- const opaque buf_512[] = /* 2^64 */
+ const opaque buf_512[] = /* 2^64 */
{ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
if (pw)
{
for (i = j = 0; i < 64; i += 2)
- {
- *p++ = 0;
- *p++ = pw[j];
- if (++j > pwlen) /* Note, that we include the trailing zero */
- j = 0;
- }
+ {
+ *p++ = 0;
+ *p++ = pw[j];
+ if (++j > pwlen) /* Note, that we include the trailing zero */
+ j = 0;
+ }
}
else
memset (p, 0, 64);
{
rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
for (i = 0; i < 64; i++)
- {
- unsigned char lid = id & 0xFF;
- _gnutls_hash (&md, &lid, 1);
- }
+ {
+ unsigned char lid = id & 0xFF;
+ _gnutls_hash (&md, &lid, 1);
+ }
_gnutls_hash (&md, buf_i, pw ? 128 : 64);
_gnutls_hash_deinit (&md, hash);
for (i = 1; i < iter; i++)
- {
- rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_hash (&md, hash, 20);
- _gnutls_hash_deinit (&md, hash);
- }
+ {
+ rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ _gnutls_hash (&md, hash, 20);
+ _gnutls_hash_deinit (&md, hash);
+ }
for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
- keybuf[cur_keylen++] = hash[i];
+ keybuf[cur_keylen++] = hash[i];
if (cur_keylen == req_keylen)
- {
- rc = 0; /* ready */
- goto cleanup;
- }
+ {
+ rc = 0; /* ready */
+ goto cleanup;
+ }
/* need more bytes. */
for (i = 0; i < 64; i++)
- buf_b[i] = hash[i % 20];
+ buf_b[i] = hash[i % 20];
n = 64;
rc = _gnutls_mpi_scan (&num_b1, buf_b, n);
if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
_gnutls_mpi_add_ui (num_b1, num_b1, 1);
for (i = 0; i < 128; i += 64)
- {
- n = 64;
- rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512);
- n = 64;
+ {
+ n = 64;
+ rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512);
+ n = 64;
#ifndef PKCS12_BROKEN_KEYGEN
- m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8;
+ m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8;
#else
- m = n;
+ m = n;
#endif
- memset (buf_i + i, 0, n - m);
- rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_release (&num_ij);
- }
+ memset (buf_i + i, 0, n - m);
+ rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ _gnutls_mpi_release (&num_ij);
+ }
}
cleanup:
_gnutls_mpi_release (&num_ij);
*/
static int
_decode_pkcs7_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata,
- gnutls_datum_t * raw)
+ gnutls_datum_t * raw)
{
char oid[MAX_OID_SIZE];
ASN1_TYPE c2;
if (*pkcs7)
{
int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-ContentInfo",
- &(*pkcs7)->pkcs7);
+ "PKIX1.pkcs-7-ContentInfo",
+ &(*pkcs7)->pkcs7);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*pkcs7);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
+ {
+ gnutls_assert ();
+ gnutls_free (*pkcs7);
+ return _gnutls_asn2err (result);
+ }
+ return 0; /* success */
}
return GNUTLS_E_MEMORY_ERROR;
}
**/
int
gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+ gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
opaque *out;
result = _gnutls_fbase64_decode (PEM_PKCS7, data->data, data->size,
- &out);
+ &out);
if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
_data.data = out;
_data.size = result;
**/
int
gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *certificate,
- size_t * certificate_size)
+ int indx, void *certificate,
+ size_t * certificate_size)
{
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
int result, len;
int start, end;
result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
- root2, &start, &end);
+ root2, &start, &end);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
end = end - start + 1;
if ((unsigned) end > *certificate_size)
- {
- *certificate_size = end;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
+ {
+ *certificate_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
if (certificate)
- memcpy (certificate, &tmp.data[start], end);
+ memcpy (certificate, &tmp.data[start], end);
*certificate_size = end;
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- return 0; /* no certificates */
+ return 0; /* no certificates */
}
return count;
**/
int
gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
return _gnutls_x509_export_int (pkcs7->pkcs7, format, PEM_PKCS7,
- output_data, output_data_size);
+ output_data, output_data_size);
}
/* Creates an empty signed data structure in the pkcs7
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData",
- sdata)) != ASN1_SUCCESS)
+ sdata)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
/* id-data */
result =
asn1_write_value (*sdata, "encapContentInfo.eContentType",
- "1.2.840.113549.1.7.5", 1);
+ "1.2.840.113549.1.7.5", 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
result = create_empty_signed_data (pkcs7->pkcs7, &c2);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
/* Step 2. Append the new certificate.
result =
asn1_write_value (c2, "certificates.?LAST.certificate", crt->data,
- crt->size);
+ crt->size);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
**/
int
gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *crl, size_t * crl_size)
+ int indx, void *crl, size_t * crl_size)
{
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
int result;
/* Get the raw CRL
*/
result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
- root2, &start, &end);
+ root2, &start, &end);
if (result != ASN1_SUCCESS)
{
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
- return 0; /* no crls */
+ return 0; /* no crls */
}
return count;
*/
result = create_empty_signed_data (pkcs7->pkcs7, &c2);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
/* Step 2. Append the new crl.
{
(*key)->key = ASN1_TYPE_EMPTY;
(*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
- return 0; /* success */
+ return 0; /* success */
}
return GNUTLS_E_MEMORY_ERROR;
{
dst->params[i] = _gnutls_mpi_copy (src->params[i]);
if (dst->params[i] == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
}
dst->params_size = src->params_size;
if (!src->crippled)
{
switch (dst->pk_algorithm)
- {
- case GNUTLS_PK_DSA:
- ret = _gnutls_asn1_encode_dsa (&dst->key, dst->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- break;
- case GNUTLS_PK_RSA:
- ret = _gnutls_asn1_encode_rsa (&dst->key, dst->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_asn1_encode_dsa (&dst->key, dst->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_asn1_encode_rsa (&dst->key, dst->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
return 0;
*/
ASN1_TYPE
_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key,
- gnutls_x509_privkey_t pkey)
+ gnutls_x509_privkey_t pkey)
{
int result;
ASN1_TYPE pkey_asn;
if ((result =
asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.RSAPrivateKey",
- &pkey_asn)) != ASN1_SUCCESS)
+ "GNUTLS.RSAPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return NULL;
}
if ((result = _gnutls_x509_read_int (pkey_asn, "modulus",
- &pk_params.params[0])) < 0)
+ &pk_params.params[0])) < 0)
{
gnutls_assert ();
goto error;
if ((result =
_gnutls_x509_read_int (pkey_asn, "publicExponent",
- &pk_params.params[1])) < 0)
+ &pk_params.params[1])) < 0)
{
gnutls_assert ();
goto error;
if ((result =
_gnutls_x509_read_int (pkey_asn, "privateExponent",
- &pk_params.params[2])) < 0)
+ &pk_params.params[2])) < 0)
{
gnutls_assert ();
goto error;
}
if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
- &pk_params.params[3])) < 0)
+ &pk_params.params[3])) < 0)
{
gnutls_assert ();
goto error;
}
if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
- &pk_params.params[4])) < 0)
+ &pk_params.params[4])) < 0)
{
gnutls_assert ();
goto error;
}
if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
- &pk_params.params[5])) < 0)
+ &pk_params.params[5])) < 0)
{
gnutls_assert ();
goto error;
}
if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1",
- &pk_params.params[6])) < 0)
+ &pk_params.params[6])) < 0)
{
gnutls_assert ();
goto error;
}
if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2",
- &pk_params.params[7])) < 0)
+ &pk_params.params[7])) < 0)
{
gnutls_assert ();
goto error;
if ((result =
asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSAPrivateKey",
- &dsa_asn)) != ASN1_SUCCESS)
+ "GNUTLS.DSAPrivateKey",
+ &dsa_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return NULL;
}
if ((result = _gnutls_x509_read_int (dsa_asn, "priv",
- &pkey->params[4])) < 0)
+ &pkey->params[4])) < 0)
{
gnutls_assert ();
goto error;
**/
int
gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
/* Try the first header */
result =
- _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
+ _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
if (result >= 0)
- key->pk_algorithm = GNUTLS_PK_RSA;
+ key->pk_algorithm = GNUTLS_PK_RSA;
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
- &out);
- if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
-
- goto failover;
- }
-
- key->pk_algorithm = GNUTLS_PK_DSA;
- }
+ {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
+ &out);
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+
+ goto failover;
+ }
+
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ }
_data.data = out;
_data.size = result;
{
key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
if (key->key == NULL)
- gnutls_assert ();
+ gnutls_assert ();
}
else if (key->pk_algorithm == GNUTLS_PK_DSA)
{
key->key = decode_dsa_key (&_data, key);
if (key->key == NULL)
- gnutls_assert ();
+ gnutls_assert ();
}
else
{
key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
if (key->key == NULL)
- {
- key->pk_algorithm = GNUTLS_PK_DSA;
- key->key = decode_dsa_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
+ {
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->key = decode_dsa_key (&_data, key);
+ if (key->key == NULL)
+ gnutls_assert ();
+ }
}
if (key->key == NULL)
{
_gnutls_debug_log ("Falling back to PKCS #8 key decoding\n");
result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
- NULL, GNUTLS_PKCS_PLAIN);
+ NULL, GNUTLS_PKCS_PLAIN);
}
#endif
**/
int
gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u)
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
{
return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL,
- NULL);
+ NULL);
}
/**
**/
int
gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t * e1,
- const gnutls_datum_t * e2)
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2)
{
int i = 0, ret;
size_t siz = 0;
{
siz = e1->size;
if (_gnutls_mpi_scan_nz (&key->params[6], e1->data, siz))
- {
- gnutls_assert ();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
key->params_size++;
siz = e2->size;
if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz))
- {
- gnutls_assert ();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
key->params_size++;
}
{
ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
if (ret < 0)
- {
- gnutls_assert ();
- FREE_RSA_PRIVATE_PARAMS;
- return ret;
- }
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return ret;
+ }
}
key->params_size = RSA_PRIVATE_PARAMS;
**/
int
gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y,
- const gnutls_datum_t * x)
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x)
{
int i = 0, ret;
size_t siz = 0;
{
ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
if (ret < 0)
- {
- gnutls_assert ();
- FREE_DSA_PRIVATE_PARAMS;
- return ret;
- }
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return ret;
+ }
}
key->params_size = DSA_PRIVATE_PARAMS;
**/
int
gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
const char *msg;
int ret;
msg = NULL;
if (key->crippled)
- { /* encode the parameters on the fly.
- */
+ { /* encode the parameters on the fly.
+ */
switch (key->pk_algorithm)
- {
- case GNUTLS_PK_DSA:
- ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- break;
- case GNUTLS_PK_RSA:
- ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
return _gnutls_x509_export_int (key->key, format, msg,
- output_data, output_data_size);
+ output_data, output_data_size);
}
/**
switch (key->pk_algorithm)
{
case GNUTLS_PK_RSA:
- ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */
- ));
+ ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */
+ ));
break;
case GNUTLS_PK_DSA:
- ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */
- ));
+ ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */
+ ));
break;
default:
ret = GNUTLS_SEC_PARAM_UNKNOWN;
**/
int
gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL,
- NULL);
+ NULL);
}
/**
**/
int
gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t * e1, gnutls_datum_t * e2)
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * e1, gnutls_datum_t * e2)
{
int ret;
gnutls_pk_params_st pk_params;
{
ret = _gnutls_mpi_dprint_lz (key->params[6], e1);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
/* E2 */
{
ret = _gnutls_mpi_dprint_lz (key->params[7], e2);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
gnutls_pk_params_release (&pk_params);
**/
int
gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y,
- gnutls_datum_t * x)
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
int ret;
/* Write PRIME
*/
if ((result = asn1_write_value (*c2, "modulus",
- m.data, m.size)) != ASN1_SUCCESS)
+ m.data, m.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "publicExponent",
- e.data, e.size)) != ASN1_SUCCESS)
+ e.data, e.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "privateExponent",
- d.data, d.size)) != ASN1_SUCCESS)
+ d.data, d.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "prime1",
- p.data, p.size)) != ASN1_SUCCESS)
+ p.data, p.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "prime2",
- q.data, q.size)) != ASN1_SUCCESS)
+ q.data, q.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "coefficient",
- u.data, u.size)) != ASN1_SUCCESS)
+ u.data, u.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "exponent1",
- exp1.data, exp1.size)) != ASN1_SUCCESS)
+ exp1.data, exp1.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "exponent2",
- exp2.data, exp2.size)) != ASN1_SUCCESS)
+ exp2.data, exp2.size)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "otherPrimeInfos",
- NULL, 0)) != ASN1_SUCCESS)
+ NULL, 0)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
}
if ((result = asn1_write_value (*c2, "priv",
- x_data, size[4])) != ASN1_SUCCESS)
+ x_data, size[4])) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
**/
int
gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
- gnutls_pk_algorithm_t algo, unsigned int bits,
- unsigned int flags)
+ gnutls_pk_algorithm_t algo, unsigned int bits,
+ unsigned int flags)
{
int ret;
unsigned int params_len = MAX_PRIV_PARAMS_SIZE;
case GNUTLS_PK_DSA:
ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits);
if (params_len != DSA_PRIVATE_PARAMS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (!key->crippled)
- {
- ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
+ {
+ ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
key->params_size = params_len;
key->pk_algorithm = GNUTLS_PK_DSA;
case GNUTLS_PK_RSA:
ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits);
if (params_len != RSA_PRIVATE_PARAMS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (!key->crippled)
- {
- ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
+ {
+ ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
key->params_size = params_len;
key->pk_algorithm = GNUTLS_PK_RSA;
**/
int
gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
int result;
digest_hd_st hd;
if (key->pk_algorithm == GNUTLS_PK_RSA)
{
result =
- _gnutls_x509_write_rsa_params (key->params, key->params_size, &der);
+ _gnutls_x509_write_rsa_params (key->params, key->params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
else if (key->pk_algorithm == GNUTLS_PK_DSA)
{
result =
- _gnutls_x509_write_dsa_public_key (key->params,
- key->params_size, &der);
+ _gnutls_x509_write_dsa_public_key (key->params,
+ key->params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
else
return GNUTLS_E_INTERNAL_ERROR;
**/
int
gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
- ret = pk_hash_data(signer->pk_algorithm, hash, signer->params, data, &digest);
+ ret =
+ pk_hash_data (signer->pk_algorithm, hash, signer->params, data, &digest);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
- ret = gnutls_x509_privkey_sign_hash2(signer, hash, flags, &digest, signature);
+ ret =
+ gnutls_x509_privkey_sign_hash2 (signer, hash, flags, &digest, signature);
if (ret < 0)
{
gnutls_assert ();
-*/
int
gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
int result;
}
result = _gnutls_soft_sign (key->pk_algorithm, key->params,
- key->params_size, hash, signature);
+ key->params_size, hash, signature);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
- digest.data = gnutls_malloc(hash_data->size);
+ digest.data = gnutls_malloc (hash_data->size);
if (digest.data == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
digest.size = hash_data->size;
- memcpy(digest.data, hash_data->data, digest.size);
+ memcpy (digest.data, hash_data->data, digest.size);
ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
if (ret < 0)
}
ret = _gnutls_soft_sign (signer->pk_algorithm, signer->params,
- signer->params_size, &digest, signature);
+ signer->params_size, &digest, signature);
if (ret < 0)
{
ret = 0;
cleanup:
- _gnutls_free_datum(&digest);
+ _gnutls_free_datum (&digest);
return ret;
}
**/
int
gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- void *signature, size_t * signature_size)
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature, size_t * signature_size)
{
int result;
gnutls_datum_t sig = { NULL, 0 };
**/
int
gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
int result;
case GNUTLS_PK_DSA:
ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
case GNUTLS_PK_RSA:
ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
break;
default:
gnutls_assert ();
};
static int generate_key (schema_id schema, const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params,
- gnutls_datum_t * key);
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key);
static int read_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbkdf2_params *params);
+ const gnutls_datum_t * der,
+ struct pbkdf2_params *params);
static int read_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params);
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params);
static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root,
- const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * decrypted_data);
+ const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data);
static int decode_private_key_info (const gnutls_datum_t * der,
- gnutls_x509_privkey_t pkey);
+ gnutls_x509_privkey_t pkey);
static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params);
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params);
static int encrypt_data (const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted);
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted);
static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- struct pbkdf2_params *params);
+ struct pbkdf2_params *params);
static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *params);
+ const struct pbkdf2_params *params);
#define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
{
if (strcmp (oid, PBES2_OID) == 0)
- return PBES2_GENERIC; /* ok */
+ return PBES2_GENERIC; /* ok */
if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
return PKCS12_3DES_SHA1;
{
case GNUTLS_PK_RSA:
ret =
- gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size);
+ gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
data = gnutls_malloc (size);
if (data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
ret =
- gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size);
+ gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
raw->data = data;
raw->size = size;
case GNUTLS_PK_DSA:
/* DSAPublicKey == INTEGER */
if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
ret = _gnutls_x509_write_int (spk, "", pkey->params[4], 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
ret = _gnutls_x509_der_encode (spk, "", raw, 0);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
asn1_delete_structure (&spk);
break;
*/
static int
encode_to_private_key_info (gnutls_x509_privkey_t pkey,
- gnutls_datum_t * der, ASN1_TYPE * pkey_info)
+ gnutls_datum_t * der, ASN1_TYPE * pkey_info)
{
int result, len;
opaque null = 0;
{
oid = PK_DSA_OID;
result =
- _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size,
- &algo_params);
+ _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size,
+ &algo_params);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- pkey_info)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ pkey_info)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
result =
asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters",
- algo_params.data, algo_params.size);
+ algo_params.data, algo_params.size);
_gnutls_free_datum (&algo_params);
if (result != ASN1_SUCCESS)
{
result =
asn1_write_value (*pkey_info, "privateKey", algo_privkey.data,
- algo_privkey.size);
+ algo_privkey.size);
_gnutls_free_datum (&algo_privkey);
if (result != ASN1_SUCCESS)
{
case GNUTLS_CIPHER_AES_128_CBC:
if (oid)
- *oid = AES_128_CBC_OID;
+ *oid = AES_128_CBC_OID;
return "PKIX1.pkcs-5-aes128-CBC-params";
break;
case GNUTLS_CIPHER_AES_192_CBC:
if (oid)
- *oid = AES_192_CBC_OID;
+ *oid = AES_192_CBC_OID;
return "PKIX1.pkcs-5-aes192-CBC-params";
break;
case GNUTLS_CIPHER_AES_256_CBC:
if (oid)
- *oid = AES_256_CBC_OID;
+ *oid = AES_256_CBC_OID;
return "PKIX1.pkcs-5-aes256-CBC-params";
break;
case GNUTLS_CIPHER_3DES_CBC:
if (oid)
- *oid = DES_EDE3_CBC_OID;
+ *oid = DES_EDE3_CBC_OID;
return "PKIX1.pkcs-5-des-EDE3-CBC-params";
break;
default:
{
gnutls_assert ();
_gnutls_x509_log
- ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
- flags);
+ ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
+ flags);
schema = PKCS12_3DES_SHA1;
}
*/
static int
encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
- const char *password, ASN1_TYPE * out)
+ const char *password, ASN1_TYPE * out)
{
int result;
gnutls_datum_t key = { NULL, 0 };
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
result =
write_schema_params (schema, pkcs8_asn,
- "encryptionAlgorithm.parameters", &kdf_params,
- &enc_params);
+ "encryptionAlgorithm.parameters", &kdf_params,
+ &enc_params);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size)
{
ASN1_TYPE pkcs8_asn, pkey_info;
int ret;
_gnutls_free_datum (&tmp);
ret =
- _gnutls_x509_export_int (pkey_info, format,
- PEM_UNENCRYPTED_PKCS8,
- output_data, output_data_size);
+ _gnutls_x509_export_int (pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8,
+ output_data, output_data_size);
asn1_delete_structure (&pkey_info);
}
else
{
- asn1_delete_structure (&pkey_info); /* we don't need it */
+ asn1_delete_structure (&pkey_info); /* we don't need it */
ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
_gnutls_free_datum (&tmp);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret =
- _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8,
- output_data, output_data_size);
+ _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8,
+ output_data, output_data_size);
asn1_delete_structure (&pkcs8_asn);
}
*/
static int
read_pkcs_schema_params (schema_id * schema, const char *password,
- const opaque * data, int data_size,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params)
+ const opaque * data, int data_size,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params)
{
ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
int result;
* functions.
*/
if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
/* Decode the parameters.
*/
result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
tmp.data = (opaque *) data;
tmp.size = data_size;
result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params);
if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params);
if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
asn1_delete_structure (&pbes2_asn);
result = cipher_to_schema (enc_params->cipher);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
*schema = result;
return 0;
case PKCS12_RC2_40_SHA1:
if ((*schema) == PKCS12_3DES_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- enc_params->iv_size = 8;
- }
+ {
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ enc_params->iv_size = 8;
+ }
else if ((*schema) == PKCS12_ARCFOUR_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- enc_params->iv_size = 0;
- }
+ {
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ enc_params->iv_size = 0;
+ }
else if ((*schema) == PKCS12_RC2_40_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- enc_params->iv_size = 8;
- }
+ {
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ enc_params->iv_size = 8;
+ }
if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
/* Decode the parameters.
*/
result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
result = read_pkcs12_kdf_params (pbes2_asn, kdf_params);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
if (enc_params->iv_size)
- {
- result =
- _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- enc_params->iv_size,
- enc_params->iv);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- }
+ {
+ result =
+ _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ enc_params->iv_size,
+ enc_params->iv);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ }
asn1_delete_structure (&pbes2_asn);
default:
gnutls_assert ();
- } /* switch */
+ } /* switch */
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
*/
static int
decode_pkcs8_key (const gnutls_datum_t * raw_key,
- const char *password, gnutls_x509_privkey_t pkey)
+ const char *password, gnutls_x509_privkey_t pkey)
{
int result, len;
char enc_oid[64];
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
len = sizeof (enc_oid);
result =
asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- enc_oid, &len);
+ enc_oid, &len);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
result =
asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data,
- raw_key->size,
- "encryptionAlgorithm.parameters",
- ¶ms_start, ¶ms_end);
+ raw_key->size,
+ "encryptionAlgorithm.parameters",
+ ¶ms_start, ¶ms_end);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result =
read_pkcs_schema_params (&schema, password,
- &raw_key->data[params_start],
- params_len, &kdf_params, &enc_params);
+ &raw_key->data[params_start],
+ params_len, &kdf_params, &enc_params);
if (result < 0)
{
*/
result =
decrypt_data (schema, pkcs8_asn, "encryptedData", password,
- &kdf_params, &enc_params, &tmp);
+ &kdf_params, &enc_params, &tmp);
if (result < 0)
{
gnutls_assert ();
* Sadly like 90% of random data is somehow valid DER for the
* a first small number of bytes, so no easy way to guarantee. */
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
- result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
- result == GNUTLS_E_ASN1_DER_ERROR ||
- result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
- result == GNUTLS_E_ASN1_GENERIC_ERROR ||
- result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
- result == GNUTLS_E_ASN1_TAG_ERROR ||
- result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
- result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
- result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
- result == GNUTLS_E_ASN1_DER_OVERFLOW)
- {
- result = GNUTLS_E_DECRYPTION_FAILED;
- }
+ result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_DER_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_GENERIC_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
+ result == GNUTLS_E_ASN1_TAG_ERROR ||
+ result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
+ result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
+ result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
+ result == GNUTLS_E_ASN1_DER_OVERFLOW)
+ {
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ }
gnutls_assert ();
goto error;
ret =
_gnutls_x509_read_value (pkcs8_asn, "privateKeyAlgorithm.parameters",
- &tmp, 0);
+ &tmp, 0);
if (ret < 0)
{
gnutls_assert ();
}
_gnutls_mpi_powm (pkey->params[3], pkey->params[2], pkey->params[4],
- pkey->params[0]);
+ pkey->params[0]);
if (!pkey->crippled)
{
ret = _gnutls_asn1_encode_dsa (&pkey->key, pkey->params);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
pkey->params_size = DSA_PRIVATE_PARAMS;
static int
decode_private_key_info (const gnutls_datum_t * der,
- gnutls_x509_privkey_t pkey)
+ gnutls_x509_privkey_t pkey)
{
int result, len;
opaque oid[64];
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
{
gnutls_assert ();
_gnutls_x509_log
- ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
+ ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
goto error;
}
**/
int
gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char *password, unsigned int flags)
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
/* Try the first header
*/
result =
- _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
- data->data, data->size, &out);
+ _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
+ data->data, data->size, &out);
if (result < 0)
- { /* Try the encrypted header
- */
- result =
- _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out);
-
- if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
- }
+ { /* Try the encrypted header
+ */
+ result =
+ _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+ }
else if (flags == 0)
- flags |= GNUTLS_PKCS_PLAIN;
+ flags |= GNUTLS_PKCS_PLAIN;
_data.data = out;
_data.size = result;
result = decode_private_key_info (&_data, key);
}
else
- { /* encrypted. */
+ { /* encrypted. */
result = decode_pkcs8_key (&_data, password, key);
}
*/
static int
read_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der, struct pbkdf2_params *params)
+ const gnutls_datum_t * der, struct pbkdf2_params *params)
{
int params_start, params_end;
int params_len, len, result;
{
gnutls_assert ();
_gnutls_x509_log
- ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
return _gnutls_asn2err (result);
}
result =
asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
- "keyDerivationFunc.parameters",
- ¶ms_start, ¶ms_end);
+ "keyDerivationFunc.parameters",
+ ¶ms_start, ¶ms_end);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
result =
asn1_der_decoding (&pbkdf2_asn, &der->data[params_start],
- params_len, NULL);
+ params_len, NULL);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
params->salt_size = sizeof (params->salt);
result =
asn1_read_value (pbkdf2_asn, "salt.specified", params->salt,
- ¶ms->salt_size);
+ ¶ms->salt_size);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
result =
_gnutls_x509_read_uint (pbkdf2_asn, "iterationCount",
- ¶ms->iter_count);
+ ¶ms->iter_count);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
static int
write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *kdf_params)
+ const struct pbkdf2_params *kdf_params)
{
int result;
*/
result =
asn1_write_value (pbes2_asn, "salt",
- kdf_params->salt, kdf_params->salt_size);
+ kdf_params->salt, kdf_params->salt_size);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
result =
_gnutls_x509_write_uint32 (pbes2_asn, "iterations",
- kdf_params->iter_count);
+ kdf_params->iter_count);
if (result < 0)
{
gnutls_assert ();
static int
read_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params)
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params)
{
int params_start, params_end;
int params_len, len, result;
result =
asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
- "encryptionScheme.parameters",
- ¶ms_start, ¶ms_end);
+ "encryptionScheme.parameters",
+ ¶ms_start, ¶ms_end);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- eparams, &pbe_asn)) != ASN1_SUCCESS)
+ eparams, &pbe_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
static int
decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *root, const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * decrypted_data)
+ const char *root, const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data)
{
int result;
int data_size;
case PBES2_AES_256:
result = _gnutls_pbkdf2_sha1 (password, strlen (password),
- kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count, key, key_size);
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count, key, key_size);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
break;
default:
result =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- key_size, key);
+ _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ key_size, key);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
/* do the decryption.
*/
static int
write_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *kdf_params)
+ const struct pbkdf2_params *kdf_params)
{
int result;
ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
*/
result =
asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm",
- PBKDF2_OID, 1);
+ PBKDF2_OID, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
*/
result =
asn1_write_value (pbkdf2_asn, "salt.specified",
- kdf_params->salt, kdf_params->salt_size);
+ kdf_params->salt, kdf_params->salt_size);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
* in the keyDerivationFunc.parameters
*/
result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "",
- pbes2_asn,
- "keyDerivationFunc.parameters",
- 0);
+ pbes2_asn,
+ "keyDerivationFunc.parameters",
+ 0);
if (result < 0)
{
gnutls_assert ();
static int
write_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const struct pbe_enc_params *params)
+ const struct pbe_enc_params *params)
{
int result;
ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
*/
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- eparams, &pbe_asn)) != ASN1_SUCCESS)
+ eparams, &pbe_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
* in the encryptionScheme.parameters
*/
result = _gnutls_x509_der_encode_and_copy (pbe_asn, "",
- pbes2_asn,
- "encryptionScheme.parameters",
- 0);
+ pbes2_asn,
+ "encryptionScheme.parameters",
+ 0);
if (result < 0)
{
gnutls_assert ();
*/
static int
generate_key (schema_id schema,
- const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+ const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params, gnutls_datum_t * key)
{
opaque rnd[2];
int ret;
}
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
- kdf_params->salt_size);
+ kdf_params->salt_size);
if (ret < 0)
{
gnutls_assert ();
case PBES2_AES_256:
ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
- kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count,
- key->data, kdf_params->key_size);
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count,
+ key->data, kdf_params->key_size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
if (enc_params->iv_size)
- {
- ret = _gnutls_rnd (GNUTLS_RND_NONCE,
- enc_params->iv, enc_params->iv_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE,
+ enc_params->iv, enc_params->iv_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
break;
default:
ret =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- kdf_params->key_size, key->data);
+ _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ kdf_params->key_size, key->data);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* Now generate the IV
*/
if (enc_params->iv_size)
- {
- ret =
- _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- enc_params->iv_size,
- enc_params->iv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ {
+ ret =
+ _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ enc_params->iv_size,
+ enc_params->iv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
}
*/
static int
write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params)
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
{
int result;
ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
case PBES2_AES_192:
case PBES2_AES_256:
if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
result = write_pbkdf2_params (pbes2_asn, kdf_params);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
result = write_pbe_enc_params (pbes2_asn, enc_params);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
- pkcs8_asn, where, 0);
+ pkcs8_asn, where, 0);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
asn1_delete_structure (&pbes2_asn);
break;
default:
if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
- pkcs8_asn, where, 0);
+ pkcs8_asn, where, 0);
if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
asn1_delete_structure (&pbes2_asn);
static int
encrypt_data (const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted)
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted)
{
int result;
int data_size;
pad_size = gnutls_cipher_get_block_size (enc_params->cipher);
- if (pad_size == 1) /* stream */
+ if (pad_size == 1) /* stream */
pad_size = 0;
data = gnutls_malloc (plain->size + pad_size);
{
pad = pad_size - (plain->size % pad_size);
if (pad == 0)
- pad = pad_size;
+ pad = pad_size;
memset (&data[plain->size], pad, pad);
}
else
*/
int
_gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * dec)
+ const char *password, gnutls_datum_t * dec)
{
int result, len;
char enc_oid[64];
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
len = sizeof (enc_oid);
result =
asn1_read_value (pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- enc_oid, &len);
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ enc_oid, &len);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*/
result =
asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- ¶ms_start, ¶ms_end);
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ ¶ms_start, ¶ms_end);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result =
read_pkcs_schema_params (&schema, password,
- &data->data[params_start],
- params_len, &kdf_params, &enc_params);
+ &data->data[params_start],
+ params_len, &kdf_params, &enc_params);
if (result < ASN1_SUCCESS)
{
gnutls_assert ();
result =
decrypt_data (schema, pkcs7_asn,
- "encryptedContentInfo.encryptedContent", password,
- &kdf_params, &enc_params, &tmp);
+ "encryptedContentInfo.encryptedContent", password,
+ &kdf_params, &enc_params, &tmp);
if (result < 0)
{
gnutls_assert ();
*/
int
_gnutls_pkcs7_encrypt_data (schema_id schema,
- const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * enc)
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc)
{
int result;
gnutls_datum_t key = { NULL, 0 };
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS)
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
result =
asn1_write_value (pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- str_oid, 1);
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ str_oid, 1);
if (result != ASN1_SUCCESS)
{
}
result = write_schema_params (schema, pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
if (result < 0)
{
gnutls_assert ();
*/
result =
asn1_write_value (pkcs7_asn,
- "encryptedContentInfo.encryptedContent", tmp.data,
- tmp.size);
+ "encryptedContentInfo.encryptedContent", tmp.data,
+ tmp.size);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result =
asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType",
- DATA_OID, 1);
+ DATA_OID, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
dnsnamesize = sizeof (dnsname);
ret = gnutls_x509_crt_get_subject_alt_name (cert, i,
- dnsname, &dnsnamesize,
- NULL);
+ dnsname, &dnsnamesize,
+ NULL);
if (ret == GNUTLS_SAN_DNSNAME)
- {
- found_dnsname = 1;
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
- {
- return 1;
- }
- }
+ {
+ found_dnsname = 1;
+ if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ {
+ return 1;
+ }
+ }
else if (ret == GNUTLS_SAN_IPADDRESS)
- {
- found_dnsname = 1; /* RFC 2818 is unclear whether the CN
- should be compared for IP addresses
- too, but we won't do it. */
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
- {
- return 1;
- }
- }
+ {
+ found_dnsname = 1; /* RFC 2818 is unclear whether the CN
+ should be compared for IP addresses
+ too, but we won't do it. */
+ if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ {
+ return 1;
+ }
+ }
}
if (!found_dnsname)
*/
dnsnamesize = sizeof (dnsname);
if (gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0,
- 0, dnsname, &dnsnamesize) < 0)
- {
- /* got an error, can't find a name
- */
- return 0;
- }
+ 0, dnsname, &dnsnamesize) < 0)
+ {
+ /* got an error, can't find a name
+ */
+ return 0;
+ }
if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
- {
- return 1;
- }
+ {
+ return 1;
+ }
}
/* not found a matching name
#include <gnutls_cert.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
*/
int
_gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs)
+ gnutls_datum_t * tbs)
{
int result;
opaque *buf;
-*/
int
_gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- gnutls_digest_algorithm_t dig,
- gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key)
+ gnutls_digest_algorithm_t dig,
+ gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key)
{
int result;
gnutls_datum_t signature;
_gnutls_str_cat (name, sizeof (name), ".signature");
result = _gnutls_x509_write_sig_params (src, name,
- gnutls_privkey_get_pk_algorithm
- (issuer_key, NULL), dig);
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
if (result < 0)
{
gnutls_assert ();
*/
result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm
- (issuer_key, NULL), dig);
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
if (result < 0)
{
gnutls_assert ();
#include <gnutls_cert.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
#include <common.h>
static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags,
- unsigned int *output,
- gnutls_x509_crt_t * issuer);
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output,
+ gnutls_x509_crt_t * issuer);
static int is_crl_issuer (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer_cert);
+ gnutls_x509_crt_t issuer_cert);
static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags,
- unsigned int *output);
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output);
/* Checks if two certs are identical. Return 0 on match. */
static int
*/
static int
check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- unsigned int flags)
+ unsigned int flags)
{
gnutls_datum_t cert_signed_data = { NULL, 0 };
gnutls_datum_t issuer_signed_data = { NULL, 0 };
result =
_gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",
- &issuer_signed_data);
+ &issuer_signed_data);
if (result < 0)
{
gnutls_assert ();
result =
_gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &cert_signed_data);
+ &cert_signed_data);
if (result < 0)
{
gnutls_assert ();
if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
if (cert_signed_data.size == issuer_signed_data.size)
{
- if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
- cert_signed_data.size) == 0) &&
- (cert_signature.size == issuer_signature.size) &&
- (memcmp (cert_signature.data, issuer_signature.data,
- cert_signature.size) == 0))
- {
- result = 1;
- goto cleanup;
- }
+ if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
+ cert_signed_data.size) == 0) &&
+ (cert_signature.size == issuer_signature.size) &&
+ (memcmp (cert_signature.data, issuer_signature.data,
+ cert_signature.size) == 0))
+ {
+ result = 1;
+ goto cleanup;
+ }
}
result = gnutls_x509_crt_get_ca_status (issuer, NULL);
/* Handle V1 CAs that do not have a basicConstraint, but accept
these certs only if the appropriate flags are set. */
else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
- ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
- (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
- (gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))
+ ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
+ (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
+ (gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))
{
gnutls_assert ();
result = 1;
static inline gnutls_x509_crt_t
find_issuer (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
{
int i;
for (i = 0; i < tcas_size; i++)
{
if (is_issuer (cert, trusted_cas[i]) == 1)
- return trusted_cas[i];
+ return trusted_cas[i];
}
gnutls_assert ();
*/
static int
_gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags,
- unsigned int *output,
- gnutls_x509_crt_t * _issuer)
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output,
+ gnutls_x509_crt_t * _issuer)
{
gnutls_datum_t cert_signed_data = { NULL, 0 };
gnutls_datum_t cert_signature = { NULL, 0 };
{
gnutls_assert ();
if (output)
- *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
return 0;
}
if (issuer == NULL)
{
if (output)
- *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
gnutls_assert ();
return 0;
}
|| issuer_version != 1))
{
if (check_if_ca (cert, issuer, flags) == 0)
- {
- gnutls_assert ();
- if (output)
- *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- return 0;
- }
+ {
+ gnutls_assert ();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
+ return 0;
+ }
}
result =
_gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &cert_signed_data);
+ &cert_signed_data);
if (result < 0)
{
gnutls_assert ();
ret =
_gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
- issuer);
+ issuer);
if (ret < 0)
{
gnutls_assert ();
gnutls_assert ();
/* error. ignore it */
if (output)
- *output |= GNUTLS_CERT_INVALID;
+ *output |= GNUTLS_CERT_INVALID;
ret = 0;
}
sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
- ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
- {
- if (output)
- *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
- ret = 0;
- }
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
+ ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
+ {
+ if (output)
+ *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+ ret = 0;
+ }
}
result = ret;
**/
int
gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer)
+ gnutls_x509_crt_t issuer)
{
return is_issuer (cert, issuer);
}
*/
static unsigned int
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
- int clist_size,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size,
- const gnutls_x509_crl_t * CRLs,
- int crls_size, unsigned int flags)
+ int clist_size,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size,
+ const gnutls_x509_crl_t * CRLs,
+ int crls_size, unsigned int flags)
{
int i = 0, ret;
unsigned int status = 0, output;
* MD2 algorithm.
*/
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
- certificate_list[clist_size - 1]) > 0)
- {
- clist_size--;
- }
+ certificate_list[clist_size - 1]) > 0)
+ {
+ clist_size--;
+ }
}
/* We want to shorten the chain by removing the cert that matches
* self-signed E but already removed above), and we trust B, remove
* B, C and D. */
if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- i = 0; /* also replace the first one */
+ i = 0; /* also replace the first one */
else
- i = 1; /* do not replace the first one */
+ i = 1; /* do not replace the first one */
for (; i < clist_size; i++)
{
int j;
for (j = 0; j < tcas_size; j++)
- {
- if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0)
- {
- /* explicity time check for trusted CA that we remove from
- * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
- */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
- && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
- {
- status |= check_time (trusted_cas[j], now);
- if (status != 0)
- {
- return status;
- }
- }
- clist_size = i;
- break;
- }
- }
+ {
+ if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0)
+ {
+ /* explicity time check for trusted CA that we remove from
+ * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
+ */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
+ && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
+ {
+ status |= check_time (trusted_cas[j], now);
+ if (status != 0)
+ {
+ return status;
+ }
+ }
+ clist_size = i;
+ break;
+ }
+ }
/* clist_size may have been changed which gets out of loop */
}
* in self signed etc certificates.
*/
ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
- trusted_cas, tcas_size, flags, &output,
- &issuer);
+ trusted_cas, tcas_size, flags, &output,
+ &issuer);
if (ret == 0)
{
/* if the last certificate in the certificate
for (i = 0; i < clist_size; i++)
{
ret = gnutls_x509_crt_check_revocation (certificate_list[i],
- CRLs, crls_size);
+ CRLs, crls_size);
if (ret == 1)
- { /* revoked */
- status |= GNUTLS_CERT_REVOKED;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
+ { /* revoked */
+ status |= GNUTLS_CERT_REVOKED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
}
#endif
{
/* check the time of the issuer first */
if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS))
- {
- if (issuer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- status |= check_time (issuer, now);
- if (status != 0)
- {
- return status;
- }
- }
+ {
+ if (issuer == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ status |= check_time (issuer, now);
+ if (status != 0)
+ {
+ return status;
+ }
+ }
for (i = 0; i < clist_size; i++)
- {
- status |= check_time (certificate_list[i], now);
- if (status != 0)
- {
- return status;
- }
- }
+ {
+ status |= check_time (certificate_list[i], now);
+ if (status != 0)
+ {
+ return status;
+ }
+ }
}
/* Verify the certificate path (chain)
for (i = clist_size - 1; i > 0; i--)
{
if (i - 1 < 0)
- break;
+ break;
/* note that here we disable this V1 CA flag. So that no version 1
* certificates can exist in a supplied chain.
*/
if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
- flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
if ((ret =
- _gnutls_verify_certificate2 (certificate_list[i - 1],
- &certificate_list[i], 1, flags,
- NULL, NULL)) == 0)
- {
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
+ _gnutls_verify_certificate2 (certificate_list[i - 1],
+ &certificate_list[i], 1, flags,
+ NULL, NULL)) == 0)
+ {
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
}
return 0;
*/
static int
decode_ber_digest_info (const gnutls_datum_t * info,
- gnutls_mac_algorithm_t * hash,
- opaque * digest, int *digest_size)
+ gnutls_mac_algorithm_t * hash,
+ opaque * digest, int *digest_size)
{
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
int result;
int len;
if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DigestInfo",
- &dinfo)) != ASN1_SUCCESS)
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
/* To avoid permitting garbage in the parameters field, either the
parameters field is not present, or it contains 0x05 0x00. */
if (!(result == ASN1_ELEMENT_NOT_FOUND ||
- (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
- memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
+ (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
+ memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
{
gnutls_assert ();
asn1_delete_structure (&dinfo);
*/
static int
_pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
- const gnutls_datum_t * prehash,
- const gnutls_datum_t * signature, bigint_t * params,
- int params_len)
+ const gnutls_datum_t * prehash,
+ const gnutls_datum_t * signature, bigint_t * params,
+ int params_len)
{
gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
int ret;
else
{
if (!text)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
ret = _gnutls_hash_init (&hd, hash);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
_gnutls_hash (&hd, text->data, text->size);
_gnutls_hash_deinit (&hd, md);
*/
static int
dsa_verify_sig (const gnutls_datum_t * text,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature, bigint_t * params,
- int params_len)
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature, bigint_t * params,
+ int params_len)
{
int ret;
opaque _digest[MAX_HASH_SIZE];
{
ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
_gnutls_hash (&hd, text->data, text->size);
_gnutls_hash_deinit (&hd, _digest);
*/
int
pubkey_verify_sig (const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
- int issuer_params_size)
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
+ int issuer_params_size)
{
switch (pk)
case GNUTLS_PK_RSA:
if (_pkcs1_rsa_verify_sig
- (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
- {
- gnutls_assert ();
- return 0;
- }
+ (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
return 1;
break;
case GNUTLS_PK_DSA:
if (dsa_verify_sig
- (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
- {
- gnutls_assert ();
- return 0;
- }
+ (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
return 1;
break;
*/
int
_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm pk,
- bigint_t * issuer_params,
- unsigned int issuer_params_size)
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm pk,
+ bigint_t * issuer_params,
+ unsigned int issuer_params_size)
{
opaque digest[MAX_HASH_SIZE];
gnutls_datum_t decrypted;
case GNUTLS_PK_DSA:
if (hash)
- *hash = _gnutls_dsa_q_to_hash (issuer_params[1]);
+ *hash = _gnutls_dsa_q_to_hash (issuer_params[1]);
ret = 0;
break;
case GNUTLS_PK_RSA:
if (signature == NULL)
- { /* return a sensible algorithm */
- if (hash)
- *hash = GNUTLS_DIG_SHA256;
- return 0;
- }
+ { /* return a sensible algorithm */
+ if (hash)
+ *hash = GNUTLS_DIG_SHA256;
+ return 0;
+ }
ret =
- _gnutls_pkcs1_rsa_decrypt (&decrypted, signature,
- issuer_params, issuer_params_size, 1);
+ _gnutls_pkcs1_rsa_decrypt (&decrypted, signature,
+ issuer_params, issuer_params_size, 1);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
digest_size = sizeof (digest);
if ((ret =
- decode_ber_digest_info (&decrypted, hash, digest,
- &digest_size)) != 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&decrypted);
- goto cleanup;
- }
+ decode_ber_digest_info (&decrypted, hash, digest,
+ &digest_size)) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&decrypted);
+ goto cleanup;
+ }
_gnutls_free_datum (&decrypted);
if (digest_size != _gnutls_hash_get_algo_len (*hash))
- {
- gnutls_assert ();
- ret = GNUTLS_E_ASN1_GENERIC_ERROR;
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_ASN1_GENERIC_ERROR;
+ goto cleanup;
+ }
ret = 0;
break;
*/
int
_gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer)
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer)
{
bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
int ret, issuer_params_size, i;
ret =
pubkey_verify_sig (tbs, hash, signature,
- gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
- issuer_params, issuer_params_size);
+ gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
+ issuer_params, issuer_params_size);
if (ret < 0)
{
gnutls_assert ();
*/
int
_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
- const gnutls_datum_t * signature,
- gnutls_x509_privkey_t issuer)
+ const gnutls_datum_t * signature,
+ gnutls_x509_privkey_t issuer)
{
int ret;
ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
- issuer->params, issuer->params_size);
+ issuer->params, issuer->params_size);
if (ret < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
- int cert_list_length,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length,
- const gnutls_x509_crl_t * CRL_list,
- int CRL_list_length, unsigned int flags,
- unsigned int *verify)
+ int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length, unsigned int flags,
+ unsigned int *verify)
{
if (cert_list == NULL || cert_list_length == 0)
return GNUTLS_E_NO_CERTIFICATE_FOUND;
*/
*verify =
_gnutls_x509_verify_certificate (cert_list, cert_list_length,
- CA_list, CA_list_length, CRL_list,
- CRL_list_length, flags);
+ CA_list, CA_list_length, CRL_list,
+ CRL_list_length, flags);
return 0;
}
**/
int
gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify)
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify)
{
/* Verify certificate
*/
*verify =
_gnutls_x509_verify_certificate (&cert, 1,
- CA_list, CA_list_length, NULL, 0, flags);
+ CA_list, CA_list_length, NULL, 0, flags);
return 0;
}
**/
int
gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert,
- gnutls_x509_crt_t issuer)
+ gnutls_x509_crt_t issuer)
{
return is_crl_issuer (cert, issuer);
}
**/
int
gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify)
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify)
{
int ret;
/* Verify crl
static inline gnutls_x509_crt_t
find_crl_issuer (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
{
int i;
for (i = 0; i < tcas_size; i++)
{
if (is_crl_issuer (crl, trusted_cas[i]) == 1)
- return trusted_cas[i];
+ return trusted_cas[i];
}
gnutls_assert ();
*/
static int
_gnutls_verify_crl2 (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags, unsigned int *output)
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags, unsigned int *output)
{
/* CRL is ignored for now */
gnutls_datum_t crl_signed_data = { NULL, 0 };
{
gnutls_assert ();
if (output)
- *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
return 0;
}
{
gnutls_assert ();
if (output)
- *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
return 0;
}
if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))
{
if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)
- {
- gnutls_assert ();
- if (output)
- *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- return 0;
- }
+ {
+ gnutls_assert ();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
+ return 0;
+ }
}
result =
ret =
_gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature,
- issuer);
+ issuer);
if (ret < 0)
{
gnutls_assert ();
gnutls_assert ();
/* error. ignore it */
if (output)
- *output |= GNUTLS_CERT_INVALID;
+ *output |= GNUTLS_CERT_INVALID;
ret = 0;
}
sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
- ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
+ ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
{
- if (output)
- *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
- ret = 0;
+ if (output)
+ *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+ ret = 0;
}
}
return GNUTLS_E_MEMORY_ERROR;
result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &tmp->cert);
+ "PKIX1.Certificate", &tmp->cert);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
*cert = tmp;
- return 0; /* success */
+ return 0; /* success */
}
/*-
**/
int
gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
/* Try the first header */
result =
- _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out);
+ _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out);
if (result <= 0)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_X509_CERT, data->data,
- data->size, &out);
-
- if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
- }
+ {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode (PEM_X509_CERT, data->data,
+ data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+ }
_data.data = out;
_data.size = result;
asn1_delete_structure (&cert->cert);
result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &cert->cert);
+ "PKIX1.Certificate", &cert->cert);
if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
}
result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL);
**/
int
gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * sizeof_buf)
+ size_t * sizeof_buf)
{
if (cert == NULL)
{
}
return _gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.issuer.rdnSequence", buf,
- sizeof_buf);
+ "tbsCertificate.issuer.rdnSequence", buf,
+ sizeof_buf);
}
/**
**/
int
gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf)
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
{
if (cert == NULL)
{
}
return _gnutls_x509_parse_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
+ "tbsCertificate.issuer.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
}
/**
**/
int
gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
if (cert == NULL)
{
}
return _gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- indx, oid, sizeof_oid);
+ "tbsCertificate.issuer.rdnSequence",
+ indx, oid, sizeof_oid);
}
/**
**/
int
gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * sizeof_buf)
+ size_t * sizeof_buf)
{
if (cert == NULL)
{
}
return _gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.subject.rdnSequence", buf,
- sizeof_buf);
+ "tbsCertificate.subject.rdnSequence", buf,
+ sizeof_buf);
}
/**
**/
int
gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
{
if (cert == NULL)
{
}
return _gnutls_x509_parse_dn_oid (cert->cert,
- "tbsCertificate.subject.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
+ "tbsCertificate.subject.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
}
/**
**/
int
gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
if (cert == NULL)
{
}
return _gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.subject.rdnSequence",
- indx, oid, sizeof_oid);
+ "tbsCertificate.subject.rdnSequence",
+ indx, oid, sizeof_oid);
}
/**
*/
result =
_gnutls_x509_read_value (cert->cert, "signatureAlgorithm.algorithm",
- &sa, 0);
+ &sa, 0);
if (result < 0)
{
**/
int
gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
- char *sig, size_t * sizeof_sig)
+ char *sig, size_t * sizeof_sig)
{
int result;
int bits, len;
len = sizeof (version);
if ((result =
asn1_read_value (cert->cert, "tbsCertificate.version", version,
- &len)) != ASN1_SUCCESS)
+ &len)) != ASN1_SUCCESS)
{
if (result == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
+ return 1; /* the DEFAULT version */
gnutls_assert ();
return _gnutls_asn2err (result);
}
}
return _gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notBefore");
+ "tbsCertificate.validity.notBefore");
}
/**
}
return _gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notAfter");
+ "tbsCertificate.validity.notAfter");
}
/**
**/
int
gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
- size_t * result_size)
+ size_t * result_size)
{
int ret, len;
**/
int
gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret,
- size_t * ret_size, unsigned int *critical)
+ size_t * ret_size, unsigned int *critical)
{
int result, len;
gnutls_datum_t id;
if ((result =
_gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id,
- critical)) < 0)
+ critical)) < 0)
{
return result;
}
if (result != ASN1_SUCCESS)
{
if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
+ gnutls_assert ();
return _gnutls_asn2err (result);
}
**/
int
gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret,
- size_t * ret_size,
- unsigned int *critical)
+ size_t * ret_size,
+ unsigned int *critical)
{
int result, len;
gnutls_datum_t id;
if ((result =
_gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
- critical)) < 0)
+ critical)) < 0)
{
return result;
}
if (result != ASN1_SUCCESS)
{
if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
+ gnutls_assert ();
return _gnutls_asn2err (result);
}
result =
_gnutls_x509_get_pk_algorithm (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- bits);
+ "tbsCertificate.subjectPublicKeyInfo",
+ bits);
if (result < 0)
{
*/
int
_gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
- int seq, void *name, size_t * name_size,
- unsigned int *ret_type, int othername_oid)
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid)
{
unsigned int len;
char nptr[ASN1_MAX_NAME_SIZE];
opaque choice_type[128];
gnutls_x509_subject_alt_name_t type;
- seq++; /* 0->1, 1->2 etc */
+ seq++; /* 0->1, 1->2 etc */
if (src_name[0] != 0)
snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
if (type == GNUTLS_SAN_OTHERNAME)
{
if (othername_oid)
- _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id");
+ _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id");
else
- _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value");
+ _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value");
len = *name_size;
result = asn1_read_value (src, nptr, name, &len);
*name_size = len;
if (result == ASN1_MEM_ERROR)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
if (othername_oid)
- {
- if (len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0)
- type = GNUTLS_SAN_OTHERNAME_XMPP;
- }
+ {
+ if (len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0)
+ type = GNUTLS_SAN_OTHERNAME_XMPP;
+ }
else
- {
- char oid[42];
-
- if (src_name[0] != 0)
- snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id",
- src_name, seq);
- else
- snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq);
-
- len = sizeof (oid);
- result = asn1_read_value (src, nptr, oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0)
- {
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- size_t orig_name_size = *name_size;
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, name, *name_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- len = *name_size;
- result = asn1_read_value (c2, "", name, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- *name_size = len + 1;
- return _gnutls_asn2err (result);
- }
- asn1_delete_structure (&c2);
-
- if (len + 1 > orig_name_size)
- {
- gnutls_assert ();
- *name_size = len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *name_size = len;
- /* null terminate it */
- ((char *) name)[*name_size] = 0;
- }
- }
+ {
+ char oid[42];
+
+ if (src_name[0] != 0)
+ snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id",
+ src_name, seq);
+ else
+ snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq);
+
+ len = sizeof (oid);
+ result = asn1_read_value (src, nptr, oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0)
+ {
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t orig_name_size = *name_size;
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, name, *name_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ len = *name_size;
+ result = asn1_read_value (c2, "", name, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ *name_size = len + 1;
+ return _gnutls_asn2err (result);
+ }
+ asn1_delete_structure (&c2);
+
+ if (len + 1 > orig_name_size)
+ {
+ gnutls_assert ();
+ *name_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *name_size = len;
+ /* null terminate it */
+ ((char *) name)[*name_size] = 0;
+ }
+ }
}
else if (type == GNUTLS_SAN_DN)
{
_gnutls_str_cat (nptr, sizeof (nptr), ".directoryName");
result = _gnutls_x509_parse_dn (src, nptr, name, name_size);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
else if (othername_oid)
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
*name_size = len;
if (result == ASN1_MEM_ERROR)
- {
- if (is_type_printable (type))
- (*name_size)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ if (is_type_printable (type))
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
if (is_type_printable (type))
- {
+ {
- if (len + 1 > orig_name_size)
- {
- gnutls_assert ();
- (*name_size)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (len + 1 > orig_name_size)
+ {
+ gnutls_assert ();
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- /* null terminate it */
- ((char *) name)[*name_size] = 0;
- }
+ /* null terminate it */
+ ((char *) name)[*name_size] = 0;
+ }
}
static int
get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
- unsigned int seq, void *ret,
- size_t * ret_size, unsigned int *ret_type,
- unsigned int *critical, int othername_oid)
+ unsigned int seq, void *ret,
+ size_t * ret_size, unsigned int *ret_type,
+ unsigned int *critical, int othername_oid)
{
int result;
gnutls_datum_t dnsname;
if ((result =
_gnutls_x509_crt_get_extension (cert, extension_id, 0, &dnsname,
- critical)) < 0)
+ critical)) < 0)
{
return result;
}
if (strcmp ("2.5.29.17", extension_id) == 0)
result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.SubjectAltName", &c2);
+ "PKIX1.SubjectAltName", &c2);
else if (strcmp ("2.5.29.18", extension_id) == 0)
result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.IssuerAltName", &c2);
+ "PKIX1.IssuerAltName", &c2);
else
{
gnutls_assert ();
result =
_gnutls_parse_general_name (c2, "", seq, ret, ret_size, ret_type,
- othername_oid);
+ othername_oid);
asn1_delete_structure (&c2);
**/
int
gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *critical)
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
{
return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, critical,
- 0);
+ 0);
}
/**
**/
int
gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *critical)
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
{
return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, critical,
- 0);
+ 0);
}
/**
**/
int
gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical)
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
{
return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, ret_type,
- critical, 0);
+ critical, 0);
}
/**
**/
int
gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical)
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
{
return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, ret_type,
- critical, 0);
+ critical, 0);
}
/**
**/
int
gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret, size_t * ret_size)
+ unsigned int seq,
+ void *ret, size_t * ret_size)
{
return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, NULL, 1);
}
**/
int
gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret, size_t * ret_size)
+ unsigned int seq,
+ void *ret, size_t * ret_size)
{
return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, NULL, 1);
}
**/
int
gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *ca, int *pathlen)
+ unsigned int *critical,
+ int *ca, int *pathlen)
{
int result;
gnutls_datum_t basicConstraints;
if ((result =
_gnutls_x509_crt_get_extension (cert, "2.5.29.19", 0,
- &basicConstraints, critical)) < 0)
+ &basicConstraints, critical)) < 0)
{
return result;
}
result =
_gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
- pathlen,
- basicConstraints.data,
- basicConstraints.size);
+ pathlen,
+ basicConstraints.data,
+ basicConstraints.size);
if (ca)
*ca = tmp_ca;
_gnutls_free_datum (&basicConstraints);
{
int ca, pathlen;
return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca,
- &pathlen);
+ &pathlen);
}
/**
**/
int
gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
- unsigned int *key_usage,
- unsigned int *critical)
+ unsigned int *key_usage,
+ unsigned int *critical)
{
int result;
gnutls_datum_t keyUsage;
if ((result =
_gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage,
- critical)) < 0)
+ critical)) < 0)
{
return result;
}
}
result = _gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data,
- keyUsage.size);
+ keyUsage.size);
_gnutls_free_datum (&keyUsage);
*key_usage = _usage;
**/
int
gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy)
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy, size_t * sizeof_policy)
{
int result;
gnutls_datum_t proxyCertInfo;
if ((result =
_gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0,
- &proxyCertInfo, critical)) < 0)
+ &proxyCertInfo, critical)) < 0)
{
return result;
}
}
result = _gnutls_x509_ext_extract_proxyCertInfo (pathlen,
- policyLanguage,
- policy,
- sizeof_policy,
- proxyCertInfo.data,
- proxyCertInfo.size);
+ policyLanguage,
+ policy,
+ sizeof_policy,
+ proxyCertInfo.data,
+ proxyCertInfo.size);
_gnutls_free_datum (&proxyCertInfo);
if (result < 0)
{
**/
int
gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf,
- unsigned int *critical)
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf,
+ unsigned int *critical)
{
int result;
gnutls_datum_t output;
if ((result =
_gnutls_x509_crt_get_extension (cert, oid, indx, &output,
- critical)) < 0)
+ critical)) < 0)
{
gnutls_assert ();
return result;
**/
int
gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid)
+ void *oid, size_t * sizeof_oid)
{
int result;
**/
int
gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid,
- int *critical)
+ void *oid, size_t * sizeof_oid,
+ int *critical)
{
int result;
char str_critical[10];
}
snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
- indx + 1);
+ indx + 1);
len = *sizeof_oid;
result = asn1_read_value (cert->cert, name, oid, &len);
}
snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical",
- indx + 1);
+ indx + 1);
len = sizeof (str_critical);
result = asn1_read_value (cert->cert, name, str_critical, &len);
if (result != ASN1_SUCCESS)
if (critical)
{
if (str_critical[0] == 'T')
- *critical = 1;
+ *critical = 1;
else
- *critical = 0;
+ *critical = 0;
}
return 0;
**/
int
gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
- void *data, size_t * sizeof_data)
+ void *data, size_t * sizeof_data)
{
int result, len;
char name[ASN1_MAX_NAME_SIZE];
}
snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue",
- indx + 1);
+ indx + 1);
len = *sizeof_data;
result = asn1_read_value (cert->cert, name, data, &len);
static int
_gnutls_x509_crt_get_raw_dn2 (gnutls_x509_crt_t cert,
- const char *whom, gnutls_datum_t * start)
+ const char *whom, gnutls_datum_t * start)
{
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
int result, len1;
*/
if ((result =
asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertificate",
- &c2)) != ASN1_SUCCESS)
+ &c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
result =
asn1_der_decoding_startEnd (c2, signed_data.data, signed_data.size,
- whom, &start1, &end1);
+ whom, &start1, &end1);
if (result != ASN1_SUCCESS)
{
**/
int
gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * start)
+ gnutls_datum_t * start)
{
return _gnutls_x509_crt_get_raw_dn2 (cert, "issuer", start);
}
**/
int
gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
- int irdn, int iava, gnutls_x509_ava_st * ava)
+ int irdn, int iava, gnutls_x509_ava_st * ava)
{
ASN1_TYPE rdn, elem;
long len;
unsigned char cls, *ptr;
iava++;
- irdn++; /* 0->1, 1->2 etc */
+ irdn++; /* 0->1, 1->2 etc */
snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava);
rdn = asn1_find_node (dn, rbuf);
tmp = asn1_get_length_der (ptr, remlen, &lenlen);
if (tmp < 0)
{
- gnutls_assert ();
- return GNUTLS_E_ASN1_DER_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_ASN1_DER_ERROR;
}
ava->value.size = tmp;
}
**/
int
gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo,
- void *buf, size_t * sizeof_buf)
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * sizeof_buf)
{
opaque *cert_buf;
int cert_buf_size;
**/
int
gnutls_x509_crt_export (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
if (cert == NULL)
{
}
return _gnutls_x509_export_int (cert->cert, format, "CERTIFICATE",
- output_data, output_data_size);
+ output_data, output_data_size);
}
int
_gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params,
- int params_size, unsigned char *output_data,
- size_t * output_data_size)
+ int params_size, unsigned char *output_data,
+ size_t * output_data_size)
{
int result = 0;
gnutls_datum_t der = { NULL, 0 };
{
result = _gnutls_x509_write_rsa_params (params, params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
else if (pk == GNUTLS_PK_DSA)
{
result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
else
return GNUTLS_E_INTERNAL_ERROR;
static int
rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
- unsigned char *output_data, size_t * output_data_size)
+ unsigned char *output_data, size_t * output_data_size)
{
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
int params_size = MAX_PUBLIC_PARAMS_SIZE;
result =
_gnutls_get_key_id (pk, params, params_size, output_data,
- output_data_size);
+ output_data_size);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+ unsigned char *output_data,
+ size_t * output_data_size)
{
int pk, result = 0;
gnutls_datum_t pubkey;
*/
pubkey.size = 0;
result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- NULL, &pubkey.size, NULL);
+ NULL, &pubkey.size, NULL);
if (result != ASN1_MEM_ERROR)
{
gnutls_assert ();
}
result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- pubkey.data, &pubkey.size, NULL);
+ pubkey.data, &pubkey.size, NULL);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
}
result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
- output_data, output_data_size);
+ output_data, output_data_size);
gnutls_free (pubkey.data);
**/
int
gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t * crl_list,
- int crl_list_length)
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length)
{
opaque serial[64];
opaque cert_serial[64];
}
for (j = 0; j < crl_list_length; j++)
- { /* do for all the crls */
+ { /* do for all the crls */
/* Step 1. check if issuer's DN match
*/
ret = _gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn2);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
_gnutls_free_datum (&dn1);
_gnutls_free_datum (&dn2);
if (ret == 0)
- {
- /* issuers do not match so don't even
- * bother checking.
- */
- continue;
- }
+ {
+ /* issuers do not match so don't even
+ * bother checking.
+ */
+ continue;
+ }
/* Step 2. Read the certificate's serial number
*/
cert_serial_size = sizeof (cert_serial);
ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* Step 3. cycle through the CRL serials and compare with
* certificate serial we have.
ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]);
if (ncerts < 0)
- {
- gnutls_assert ();
- return ncerts;
- }
+ {
+ gnutls_assert ();
+ return ncerts;
+ }
for (i = 0; i < ncerts; i++)
- {
- serial_size = sizeof (serial);
- ret =
- gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial,
- &serial_size, NULL);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (serial_size == cert_serial_size)
- {
- if (memcmp (serial, cert_serial, serial_size) == 0)
- {
- /* serials match */
- return 1; /* revoked! */
- }
- }
- }
-
- }
- return 0; /* not revoked. */
+ {
+ serial_size = sizeof (serial);
+ ret =
+ gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial,
+ &serial_size, NULL);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (serial_size == cert_serial_size)
+ {
+ if (memcmp (serial, cert_serial, serial_size) == 0)
+ {
+ /* serials match */
+ return 1; /* revoked! */
+ }
+ }
+ }
+
+ }
+ return 0; /* not revoked. */
}
/**
**/
int
gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
int issuer_params_size;
}
ret = _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash,
- signature,
- gnutls_x509_crt_get_pk_algorithm (crt,
- NULL),
- issuer_params, issuer_params_size);
+ signature,
+ gnutls_x509_crt_get_pk_algorithm (crt,
+ NULL),
+ issuer_params, issuer_params_size);
/* release allocated mpis */
for (i = 0; i < issuer_params_size; i++)
**/
int
gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
int issuer_params_size;
ret =
_gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm
- (crt, NULL), issuer_params,
- issuer_params_size, hash, mand);
+ (crt, NULL), issuer_params,
+ issuer_params_size, hash, mand);
/* release allocated mpis */
for (i = 0; i < issuer_params_size; i++)
**/
int
gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
int result;
**/
int
gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
int result;
**/
int
gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical)
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical)
{
int result;
gnutls_datum_t dist_points = { NULL, 0 };
result =
_gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points,
- critical);
+ critical);
if (result < 0)
{
return result;
result = asn1_read_value (c2, name, reasons, &len);
if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
*reason_flags = reasons[0] | (reasons[1] << 8);
}
**/
int
gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+ int indx, void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
{
char tmpstr[ASN1_MAX_NAME_SIZE];
int result, len;
if ((result =
_gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
- critical)) < 0)
+ critical)) < 0)
{
return result;
}
**/
int
gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e)
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
int ret;
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
**/
int
gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
int ret;
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
**/
int
gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags)
{
int size;
const char *ptr;
if (format == GNUTLS_X509_FMT_DER)
{
if (*cert_max < 1)
- {
- *cert_max = 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ {
+ *cert_max = 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- count = 1; /* import only the first one */
+ count = 1; /* import only the first one */
ret = gnutls_x509_crt_init (&certs[0]);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
ret = gnutls_x509_crt_import (certs[0], data, format);
if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ {
+ gnutls_assert ();
+ goto error;
+ }
*cert_max = 1;
return 1;
/* move to the certificate
*/
ptr = memmem (data->data, data->size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
if (ptr == NULL)
ptr = memmem (data->data, data->size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
if (ptr == NULL)
{
do
{
if (count >= *cert_max)
- {
- if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
- break;
- else
- nocopy = 1;
- }
+ {
+ if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
+ break;
+ else
+ nocopy = 1;
+ }
if (!nocopy)
- {
- ret = gnutls_x509_crt_init (&certs[count]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- tmp.data = (void *) ptr;
- tmp.size = data->size - (ptr - (char *) data->data);
-
- ret =
- gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
+ {
+ ret = gnutls_x509_crt_init (&certs[count]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size = data->size - (ptr - (char *) data->data);
+
+ ret =
+ gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
/* now we move ptr after the pem header
*/
size = data->size - (ptr - (char *) data->data);
if (size > 0)
- {
- char *ptr2;
+ {
+ char *ptr2;
- ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr2 == NULL)
- ptr2 = memmem (ptr, size, PEM_CERT_SEP2,
- sizeof (PEM_CERT_SEP2) - 1);
+ ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr2 == NULL)
+ ptr2 = memmem (ptr, size, PEM_CERT_SEP2,
+ sizeof (PEM_CERT_SEP2) - 1);
- ptr = ptr2;
- }
+ ptr = ptr2;
+ }
else
- ptr = NULL;
+ ptr = NULL;
count++;
}
**/
int
gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * sizeof_buf)
+ size_t * sizeof_buf)
{
int result;
gnutls_datum_t datum = { NULL, 0 };
result =
_gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID",
- &datum, 2);
+ &datum, 2);
if (datum.size > *sizeof_buf)
- { /* then we're not going to fit */
+ { /* then we're not going to fit */
*sizeof_buf = datum.size;
buf[0] = '\0';
result = GNUTLS_E_SHORT_MEMORY_BUFFER;
**/
int
gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * sizeof_buf)
+ size_t * sizeof_buf)
{
int result;
gnutls_datum_t datum = { NULL, 0 };
result =
_gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID",
- &datum, 2);
+ &datum, 2);
if (datum.size > *sizeof_buf)
- { /* then we're not going to fit */
+ { /* then we're not going to fit */
*sizeof_buf = datum.size;
buf[0] = '\0';
result = GNUTLS_E_SHORT_MEMORY_BUFFER;
ASN1_TYPE pkcs7;
} gnutls_pkcs7_int;
-#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
+#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
* [3] is y (public key)
* [4] is x (private key)
*/
- int params_size; /* holds the number of params */
+ int params_size; /* holds the number of params */
gnutls_pk_algorithm_t pk_algorithm;
int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
- const gnutls_datum_t * dn2);
+ const gnutls_datum_t * dn2);
int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn);
+ gnutls_datum_t * dn);
/* sign.c */
int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs);
+ gnutls_datum_t * tbs);
int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- gnutls_digest_algorithm_t,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key);
+ gnutls_digest_algorithm_t,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key);
/* dn.c */
#define OID_X520_COUNTRY_NAME "2.5.4.6"
#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, char *buf,
- size_t * sizeof_buf);
+ const char *asn1_rdn_name, char *buf,
+ size_t * sizeof_buf);
int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, const char *oid,
- int indx, unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
+ const char *asn1_rdn_name, const char *oid,
+ int indx, unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, const char *oid,
- int raw_flag, const char *name, int sizeof_name);
+ const char *asn1_rdn_name, const char *oid,
+ int raw_flag, const char *name, int sizeof_name);
int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid);
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid);
int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
- int seq, void *name, size_t * name_size,
- unsigned int *ret_type, int othername_oid);
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid);
/* dsa.c */
/* verify.c */
int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
+ gnutls_x509_crt_t issuer);
int
_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm pk,
- bigint_t * issuer_params,
- unsigned int issuer_params_size);
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm pk,
+ bigint_t * issuer_params,
+ unsigned int issuer_params_size);
int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer);
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer);
int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
- const gnutls_datum_t * signature,
- gnutls_x509_privkey_t issuer);
+ const gnutls_datum_t * signature,
+ gnutls_x509_privkey_t issuer);
/* privkey.h */
ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
- raw_key,
- gnutls_x509_privkey_t pkey);
+ raw_key,
+ gnutls_x509_privkey_t pkey);
int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params);
/* extensions.c */
int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
- const char *extension_id, int indx,
- gnutls_datum_t * ret,
- unsigned int *_critical);
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical);
int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
- int indx, void *oid,
- size_t * sizeof_oid);
+ int indx, void *oid,
+ size_t * sizeof_oid);
int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
- const char *extension_id, int indx,
- gnutls_datum_t * ret,
- unsigned int *critical);
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *critical);
int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
- int indx, void *ret,
- size_t * ret_size);
+ int indx, void *ret,
+ size_t * ret_size);
int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
- opaque * extnValue, int extnValueLen);
+ opaque * extnValue, int extnValueLen);
int _gnutls_x509_ext_extract_basicConstraints (int *CA,
- int *pathLenConstraint,
- opaque * extnValue,
- int extnValueLen);
+ int *pathLenConstraint,
+ opaque * extnValue,
+ int extnValueLen);
int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
- const char *extension_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
+ const char *extension_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
int
_gnutls_x509_ext_extract_number (opaque * number,
- size_t * nr_size,
- opaque * extnValue, int extnValueLen);
+ size_t * nr_size,
+ opaque * extnValue, int extnValueLen);
int
_gnutls_x509_ext_gen_number (const opaque * nuber, size_t nr_size,
- gnutls_datum_t * der_ext);
+ gnutls_datum_t * der_ext);
int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
- gnutls_datum_t * der_ext);
+ gnutls_datum_t * der_ext);
int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- gnutls_datum_t * prev_der_ext,
- gnutls_datum_t * der_ext);
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext);
int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int reason_flags,
- gnutls_datum_t * der_ext);
+ const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext);
int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_data);
+ gnutls_datum_t * der_data);
int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_data);
+ gnutls_datum_t * der_data);
int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- opaque * extnValue,
- int extnValueLen);
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ opaque * extnValue,
+ int extnValueLen);
int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- gnutls_datum_t * der_ext);
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext);
/* mpi.c */
int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
- bigint_t * params, int *params_size);
+ bigint_t * params, int *params_size);
int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
- bigint_t * params, int *params_size);
+ bigint_t * params, int *params_size);
int _gnutls_x509_read_rsa_params (opaque * der, int dersize,
- bigint_t * params);
+ bigint_t * params);
int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize,
- bigint_t * params);
+ bigint_t * params);
int _gnutls_x509_read_dsa_params (opaque * der, int dersize,
- bigint_t * params);
+ bigint_t * params);
int _gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
- gnutls_datum_t * der);
+ gnutls_datum_t * der);
int _gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
- gnutls_datum_t * der);
+ gnutls_datum_t * der);
int _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
- gnutls_datum_t * der);
+ gnutls_datum_t * der);
int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
- unsigned int *ret);
+ unsigned int *ret);
int _gnutls_x509_read_der_int (opaque * der, int dersize, bigint_t * out);
int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
- bigint_t * ret_mpi);
+ bigint_t * ret_mpi);
int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
- int lz);
+ int lz);
int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
- uint32_t num);
+ uint32_t num);
int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
- gnutls_pk_algorithm_t pk_algorithm,
- gnutls_digest_algorithm_t);
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t);
/* pkcs12.h */
#include <gnutls/pkcs12.h>
int
_gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
- unsigned int salt_size, unsigned int iter,
- const char *pw, unsigned int req_keylen,
- opaque * keybuf);
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ opaque * keybuf);
int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * dec);
+ const char *password, gnutls_datum_t * dec);
typedef enum schema_id
{
- PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
- PBES2_3DES, /* the stuff in PKCS #5 */
+ PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
+ PBES2_3DES, /* the stuff in PKCS #5 */
PBES2_AES_128,
PBES2_AES_192,
PBES2_AES_256,
- PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
+ PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
PKCS12_ARCFOUR_SHA1,
PKCS12_RC2_40_SHA1
} schema_id;
int _gnutls_pkcs_flags_to_schema (unsigned int flags);
int _gnutls_pkcs7_encrypt_data (schema_id schema,
- const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * enc);
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc);
int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
- gnutls_pkcs12_bag_t bag);
+ gnutls_pkcs12_bag_t bag);
int
_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
- int *enc);
+ int *enc);
int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * in, gnutls_datum_t * out);
+ const gnutls_datum_t * in, gnutls_datum_t * out);
int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * raw, gnutls_datum_t * out);
+ const gnutls_datum_t * raw, gnutls_datum_t * out);
/* crq */
int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
#endif
**/
int
gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid,
- unsigned int raw_flag, const void *name,
- unsigned int sizeof_name)
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
{
if (sizeof_name == 0 || name == NULL || crt == NULL)
{
}
return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
- oid, raw_flag, name, sizeof_name);
+ oid, raw_flag, name, sizeof_name);
}
/**
**/
int
gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name)
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name)
{
if (sizeof_name == 0 || name == NULL || crt == NULL)
{
}
return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.issuer", oid,
- raw_flag, name, sizeof_name);
+ raw_flag, name, sizeof_name);
}
/**
**/
int
gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt,
- unsigned int raw_flag, const void *name,
- unsigned int sizeof_name)
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
{
int result;
}
result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
- eecrt->cert, "tbsCertificate.subject");
+ eecrt->cert, "tbsCertificate.subject");
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
if (name && sizeof_name)
{
return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
- GNUTLS_OID_X520_COMMON_NAME,
- raw_flag, name, sizeof_name);
+ GNUTLS_OID_X520_COMMON_NAME,
+ raw_flag, name, sizeof_name);
}
return 0;
}
result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- key->pk_algorithm,
- key->params,
- key->params_size);
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
if (result < 0)
{
}
result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
- crq->crq, "certificationRequestInfo.subject");
+ crq->crq, "certificationRequestInfo.subject");
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result =
asn1_copy_node (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- crq->crq, "certificationRequestInfo.subjectPKInfo");
+ crq->crq, "certificationRequestInfo.subjectPKInfo");
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq)
+ gnutls_x509_crq_t crq)
{
size_t i;
oid_size = sizeof (oid);
result = gnutls_x509_crq_get_extension_info (crq, i, oid,
- &oid_size, &critical);
+ &oid_size, &critical);
if (result < 0)
- {
- if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
+ {
+ if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
- gnutls_assert ();
- return result;
- }
+ gnutls_assert ();
+ return result;
+ }
extensions_size = 0;
result = gnutls_x509_crq_get_extension_data (crq, i, NULL,
- &extensions_size);
+ &extensions_size);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
extensions = gnutls_malloc (extensions_size);
if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
result = gnutls_x509_crq_get_extension_data (crq, i, extensions,
- &extensions_size);
+ &extensions_size);
if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return result;
- }
+ {
+ gnutls_assert ();
+ gnutls_free (extensions);
+ return result;
+ }
ext.data = extensions;
ext.size = extensions_size;
result = _gnutls_x509_crt_set_extension (crt, oid, &ext, critical);
gnutls_free (extensions);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
if (i > 0)
**/
int
gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
- const char *oid, const void *buf,
- size_t sizeof_buf,
- unsigned int critical)
+ const char *oid, const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical)
{
int result;
gnutls_datum_t der_data;
**/
int
gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
- unsigned int ca, int pathLenConstraint)
+ unsigned int ca, int pathLenConstraint)
{
int result;
gnutls_datum_t der_data;
/* generate the extension.
*/
result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
- &der_data);
+ &der_data);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const char *data_string)
+ gnutls_x509_subject_alt_name_t
+ type, const char *data_string)
{
if (crt == NULL)
{
}
return gnutls_x509_crt_set_subject_alt_name (crt, type, data_string,
- strlen (data_string),
- GNUTLS_FSAN_SET);
+ strlen (data_string),
+ GNUTLS_FSAN_SET);
}
/**
**/
int
gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int flags)
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
{
int result;
gnutls_datum_t der_data = { NULL, 0 };
if (flags == GNUTLS_FSAN_APPEND)
{
result = _gnutls_x509_crt_get_extension (crt, "2.5.29.17", 0,
- &prev_der_data, &critical);
+ &prev_der_data, &critical);
if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return result;
- }
+ {
+ gnutls_assert ();
+ return result;
+ }
}
/* generate the extension.
*/
result = _gnutls_x509_ext_gen_subject_alt_name (type, data, data_size,
- &prev_der_data, &der_data);
+ &prev_der_data, &der_data);
if (flags == GNUTLS_FSAN_APPEND)
_gnutls_free_datum (&prev_der_data);
}
result = _gnutls_x509_crt_set_extension (crt, "2.5.29.17", &der_data,
- critical);
+ critical);
_gnutls_free_datum (&der_data);
**/
int
gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
- int pathLenConstraint,
- const char *policyLanguage,
- const char *policy, size_t sizeof_policy)
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy, size_t sizeof_policy)
{
int result;
gnutls_datum_t der_data;
/* generate the extension.
*/
result = _gnutls_x509_ext_gen_proxyCertInfo (pathLenConstraint,
- policyLanguage,
- policy, sizeof_policy,
- &der_data);
+ policyLanguage,
+ policy, sizeof_policy,
+ &der_data);
if (result < 0)
{
gnutls_assert ();
}
result = _gnutls_x509_crt_set_extension (crt, "1.3.6.1.5.5.7.1.14",
- &der_data, 1);
+ &der_data, 1);
_gnutls_free_datum (&der_data);
**/
int
gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
int result;
gnutls_privkey_t privkey;
**/
int
gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
+ gnutls_x509_privkey_t issuer_key)
{
return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
}
}
return _gnutls_x509_set_time (cert->cert,
- "tbsCertificate.validity.notBefore",
- act_time);
+ "tbsCertificate.validity.notBefore",
+ act_time);
}
/**
return GNUTLS_E_INVALID_REQUEST;
}
return _gnutls_x509_set_time (cert->cert,
- "tbsCertificate.validity.notAfter", exp_time);
+ "tbsCertificate.validity.notAfter", exp_time);
}
/**
**/
int
gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
- size_t serial_size)
+ size_t serial_size)
{
int ret;
ret =
asn1_write_value (cert->cert, "tbsCertificate.serialNumber", serial,
- serial_size);
+ serial_size);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data_string,
- unsigned int reason_flags)
+ gnutls_x509_subject_alt_name_t type,
+ const void *data_string,
+ unsigned int reason_flags)
{
return gnutls_x509_crt_set_crl_dist_points2 (crt, type, data_string,
- strlen (data_string),
- reason_flags);
+ strlen (data_string),
+ reason_flags);
}
/**
**/
int
gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int reason_flags)
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags)
{
int result;
gnutls_datum_t der_data = { NULL, 0 };
*/
result =
_gnutls_x509_ext_gen_crl_dist_points (type, data, data_size,
- reason_flags, &der_data);
+ reason_flags, &der_data);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
- gnutls_x509_crt_t src)
+ gnutls_x509_crt_t src)
{
int result;
gnutls_datum_t der_data;
*/
result =
_gnutls_x509_crt_get_extension (src, "2.5.29.31", 0, &der_data,
- &critical);
+ &critical);
if (result < 0)
{
gnutls_assert ();
**/
int
gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size)
+ const void *id, size_t id_size)
{
int result;
gnutls_datum_t old_id, der_data;
**/
int
gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size)
+ const void *id, size_t id_size)
{
int result;
gnutls_datum_t old_id, der_data;
**/
int
gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
- const void *oid, unsigned int critical)
+ const void *oid, unsigned int critical)
{
int result;
gnutls_datum_t old_id, der_data;
_gnutls_free_datum (&old_id);
if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
}
}
result = _gnutls_x509_crt_set_extension (cert, "2.5.29.37",
- &der_data, critical);
+ &der_data, critical);
_gnutls_free_datum (&der_data);
**/
int
gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
int result;
disable_optional_stuff (crt);
result = _gnutls_x509_pkix_sign (crt->cert, "tbsCertificate",
- dig, issuer, issuer_key);
+ dig, issuer, issuer_key);
if (result < 0)
{
gnutls_assert ();
0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
- 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */
+ 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */
0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
case 3:
result[0] = b64table[(data[0] >> 2)];
result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
- (data[1] >> 4))];
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ (data[1] >> 4))];
result[2] =
- b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))];
+ b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))];
result[3] = b64table[(((data[2] << 2) & 0xff) >> 2)];
break;
case 2:
result[0] = b64table[(data[0] >> 2)];
result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
- (data[1] >> 4))];
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ (data[1] >> 4))];
result[2] = b64table[(((data[1] << 4) & 0xff) >> 2)];
result[3] = '=';
break;
*/
int
_gnutls_base64_encode (const uint8_t * data, size_t data_size,
- uint8_t ** result)
+ uint8_t ** result)
{
unsigned int i, j;
int ret, tmp;
{
tmp = encode (tmpres, &data[i], data_size - i);
if (tmp == -1)
- {
- gnutls_free ((*result));
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_free ((*result));
+ return GNUTLS_E_MEMORY_ERROR;
+ }
memcpy (&(*result)[j], tmpres, tmp);
}
- (*result)[ret] = 0; /* null terminated */
+ (*result)[ret] = 0; /* null terminated */
return ret;
}
*/
int
_gnutls_fbase64_encode (const char *msg, const uint8_t * data,
- int data_size, uint8_t ** result)
+ int data_size, uint8_t ** result)
{
int i, ret, tmp, j;
char tmpres[4];
memset (bottom, 0, sizeof (bottom));
memset (top, 0, sizeof (top));
- strcat (top, "-----BEGIN "); /* Flawfinder: ignore */
- strcat (top, msg); /* Flawfinder: ignore */
- strcat (top, "-----"); /* Flawfinder: ignore */
+ strcat (top, "-----BEGIN "); /* Flawfinder: ignore */
+ strcat (top, msg); /* Flawfinder: ignore */
+ strcat (top, "-----"); /* Flawfinder: ignore */
- strcat (bottom, "\n-----END "); /* Flawfinder: ignore */
- strcat (bottom, msg); /* Flawfinder: ignore */
- strcat (bottom, "-----\n"); /* Flawfinder: ignore */
+ strcat (bottom, "\n-----END "); /* Flawfinder: ignore */
+ strcat (bottom, msg); /* Flawfinder: ignore */
+ strcat (bottom, "-----\n"); /* Flawfinder: ignore */
top_len = strlen (top);
bottom_len = strlen (bottom);
INCR (bytes, top_len);
pos = top_len;
- strcpy (*result, top); /* Flawfinder: ignore */
+ strcpy (*result, top); /* Flawfinder: ignore */
for (i = j = 0; i < data_size; i += 3, j += 4)
{
tmp = encode (tmpres, &data[i], data_size - i);
if (tmp == -1)
- {
- gnutls_assert ();
- gnutls_free ((*result));
- *result = NULL;
- return GNUTLS_E_BASE64_ENCODING_ERROR;
- }
+ {
+ gnutls_assert ();
+ gnutls_free ((*result));
+ *result = NULL;
+ return GNUTLS_E_BASE64_ENCODING_ERROR;
+ }
INCR (bytes, 4);
ptr = &(*result)[j + pos];
if ((j) % 64 == 0)
- {
- INCR (bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
*ptr++ = tmpres[0];
if ((j + 1) % 64 == 0)
- {
- INCR (bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
*ptr++ = tmpres[1];
if ((j + 2) % 64 == 0)
- {
- INCR (bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
*ptr++ = tmpres[2];
if ((j + 3) % 64 == 0)
- {
- INCR (bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
*ptr++ = tmpres[3];
}
**/
int
gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
- char *result, size_t * result_size)
+ char *result, size_t * result_size)
{
opaque *ret;
int size;
**/
int
gnutls_pem_base64_encode_alloc (const char *msg,
- const gnutls_datum_t * data,
- gnutls_datum_t * result)
+ const gnutls_datum_t * data,
+ gnutls_datum_t * result)
{
opaque *ret;
int size;
*/
int
_gnutls_base64_decode (const uint8_t * data, size_t data_size,
- uint8_t ** result)
+ uint8_t ** result)
{
unsigned int i, j;
int ret, tmp, est;
{
tmp = decode (tmpres, &data[i]);
if (tmp < 0)
- {
- gnutls_free (*result);
- *result = NULL;
- return tmp;
- }
+ {
+ gnutls_free (*result);
+ *result = NULL;
+ return tmp;
+ }
memcpy (&(*result)[j], tmpres, tmp);
ret += tmp;
}
for (j = i = 0; i < data_size; i++)
{
if (data[i] == '\n' || data[i] == '\r' || data[i] == ' '
- || data[i] == '\t')
- continue;
+ || data[i] == '\t')
+ continue;
(*result)[j] = data[i];
j++;
}
#define ENDSTR "-----"
int
_gnutls_fbase64_decode (const char *header, const opaque * data,
- size_t data_size, uint8_t ** result)
+ size_t data_size, uint8_t ** result)
{
int ret;
static const char top[] = "-----BEGIN ";
**/
int
gnutls_pem_base64_decode (const char *header,
- const gnutls_datum_t * b64_data,
- unsigned char *result, size_t * result_size)
+ const gnutls_datum_t * b64_data,
+ unsigned char *result, size_t * result_size)
{
opaque *ret;
int size;
**/
int
gnutls_pem_base64_decode_alloc (const char *header,
- const gnutls_datum_t * b64_data,
- gnutls_datum_t * result)
+ const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result)
{
opaque *ret;
int size;
*/
int _gnutls_base64_encode (const uint8_t * data, size_t data_size,
- uint8_t ** result);
+ uint8_t ** result);
int _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
- int data_size, uint8_t ** result);
+ int data_size, uint8_t ** result);
int _gnutls_base64_decode (const uint8_t * data, size_t data_size,
- uint8_t ** result);
+ uint8_t ** result);
int _gnutls_fbase64_decode (const char *header, const uint8_t * data,
- size_t data_size, uint8_t ** result);
+ size_t data_size, uint8_t ** result);
#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4)))
#define YES 1
static int _gnutls_inner_application_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data,
+ size_t data_size);
static int _gnutls_inner_application_send_params (gnutls_session_t session,
- opaque * data, size_t);
+ opaque * data, size_t);
static int ia_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv);
static int ia_pack (extension_priv_data_t _priv, gnutls_buffer_st * ps);
static void ia_deinit_data (extension_priv_data_t priv);
static int
_gnutls_inner_application_recv_params (gnutls_session_t session,
- const opaque * data, size_t data_size)
+ const opaque * data, size_t data_size)
{
extension_priv_data_t epriv;
ia_ext_st *priv;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_INNER_APPLICATION,
- epriv);
+ GNUTLS_EXTENSION_INNER_APPLICATION,
+ epriv);
}
else
priv = epriv.ptr;
switch ((unsigned char) *data)
{
- case NO: /* Peer's ia_on_resume == no */
+ case NO: /* Peer's ia_on_resume == no */
priv->flags |= IA_PEER_ALLOW_SKIP;
break;
*/
static int
_gnutls_inner_application_send_params (gnutls_session_t session,
- opaque * data, size_t data_size)
+ opaque * data, size_t data_size)
{
extension_priv_data_t epriv;
ia_ext_st *priv = NULL;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
epriv.ptr = priv;
_gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_INNER_APPLICATION,
- epriv);
+ GNUTLS_EXTENSION_INNER_APPLICATION,
+ epriv);
}
else
priv = epriv.ptr;
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
+ _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
if (cred)
- priv->flags |= IA_ENABLE;
+ priv->flags |= IA_ENABLE;
}
- else /* SERVER */
+ else /* SERVER */
{
gnutls_ia_server_credentials_t cred;
cred = (gnutls_ia_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
+ _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
if (cred)
- priv->flags |= IA_PEER_ENABLE;
+ priv->flags |= IA_PEER_ENABLE;
}
/* If we don't want gnutls_ia locally, or we are a server and the
/* Client: value follows local setting */
if (priv->flags & IA_ALLOW_SKIP)
- *data = NO;
+ *data = NO;
}
else
{
* to record the peer's support for IA at all. Simon? */
if ((priv->flags & IA_ALLOW_SKIP) &&
- (priv->flags & IA_PEER_ALLOW_SKIP) &&
- session->internals.resumed == RESUME_TRUE)
- *data = NO;
+ (priv->flags & IA_PEER_ALLOW_SKIP) &&
+ session->internals.resumed == RESUME_TRUE)
+ *data = NO;
}
return 1;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
return;
priv = epriv.ptr;
memcpy (priv->inner_secret,
- session->security_parameters.master_secret, GNUTLS_MASTER_SIZE);
+ session->security_parameters.master_secret, GNUTLS_MASTER_SIZE);
}
for (i = 0; i < _gnutls_comp_algorithms_size; i++)
{
if (_gnutls_compression_algorithms[i].name == NULL)
- break;
+ break;
}
if (_gnutls_compression_algorithms[i].name == NULL
_gnutls_lzo1x_decompress_safe = lzo1x_decompress_safe;
_gnutls_lzo1x_1_compress = lzo1x_1_compress;
- return 0; /* ok */
+ return 0; /* ok */
}
{
ret = gnutls_register_md5_handler ();
if (ret)
- fprintf (stderr, "gnutls_register_md5_handler: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "gnutls_register_md5_handler: %s\n",
+ gnutls_strerror (ret));
}
#endif
#endif
with data==NULL&&sizeofdata=0NULL until it returns successfully. */
static ssize_t
_gnutls_send_inner_application (gnutls_session_t session,
- gnutls_ia_apptype_t msg_type,
- const char *data, size_t sizeofdata)
+ gnutls_ia_apptype_t msg_type,
+ const char *data, size_t sizeofdata)
{
opaque *p = NULL;
size_t plen = 0;
plen = sizeofdata + 4;
p = gnutls_malloc (plen);
if (!p)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
*(unsigned char *) p = (unsigned char) (msg_type & 0xFF);
_gnutls_write_uint24 (sizeofdata, p + 1);
len =
_gnutls_send_int (session, GNUTLS_INNER_APPLICATION, -1,
- EPOCH_WRITE_CURRENT, p, plen, MBUFFER_FLUSH);
+ EPOCH_WRITE_CURRENT, p, plen, MBUFFER_FLUSH);
if (p)
gnutls_free (p);
number of bytes read, or an error code. */
static ssize_t
_gnutls_recv_inner_application (gnutls_session_t session,
- gnutls_ia_apptype_t * msg_type,
- opaque * data, size_t sizeofdata)
+ gnutls_ia_apptype_t * msg_type,
+ opaque * data, size_t sizeofdata)
{
ssize_t len;
uint32_t len24;
uint32_t tmplen = len24;
len24 = _gnutls_recv_int (session, GNUTLS_INNER_APPLICATION, -1,
- data, tmplen);
+ data, tmplen);
if (len24 != tmplen)
- {
- gnutls_assert ();
- /* XXX Correct? */
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ {
+ gnutls_assert ();
+ /* XXX Correct? */
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
}
return len24;
result is placed in pre-allocated OUT of OUTSIZE length. */
static int
_gnutls_ia_prf (gnutls_session_t session,
- size_t label_size,
- const char *label,
- size_t extra_size,
- const char *extra, size_t outsize, opaque * out)
+ size_t label_size,
+ const char *label,
+ size_t extra_size,
+ const char *extra, size_t outsize, opaque * out)
{
int ret;
opaque *seed;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
}
memcpy (seed, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
memcpy (seed + GNUTLS_RANDOM_SIZE,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
memcpy (seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
ret = _gnutls_PRF (session, priv->inner_secret,
- GNUTLS_MASTER_SIZE,
- label, label_size, seed, seedsize, outsize, out);
+ GNUTLS_MASTER_SIZE,
+ label, label_size, seed, seedsize, outsize, out);
gnutls_free (seed);
**/
int
gnutls_ia_permute_inner_secret (gnutls_session_t session,
- size_t session_keys_size,
- const char *session_keys)
+ size_t session_keys_size,
+ const char *session_keys)
{
extension_priv_data_t epriv;
ia_ext_st *priv;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
priv = epriv.ptr;
return _gnutls_ia_prf (session,
- sizeof (inner_permutation_label) - 1,
- inner_permutation_label,
- session_keys_size,
- session_keys,
- GNUTLS_RANDOM_SIZE, priv->inner_secret);
+ sizeof (inner_permutation_label) - 1,
+ inner_permutation_label,
+ session_keys_size,
+ session_keys,
+ GNUTLS_RANDOM_SIZE, priv->inner_secret);
}
/**
**/
int
gnutls_ia_generate_challenge (gnutls_session_t session,
- size_t buffer_size, char *buffer)
+ size_t buffer_size, char *buffer)
{
return _gnutls_ia_prf (session,
- sizeof (challenge_label) - 1,
- challenge_label, 0, NULL, buffer_size, buffer);
+ sizeof (challenge_label) - 1,
+ challenge_label, 0, NULL, buffer_size, buffer);
}
/**
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
priv = epriv.ptr;
ret = _gnutls_PRF (session, priv->inner_secret,
- GNUTLS_MASTER_SIZE, label, size_of_label - 1,
- /* XXX specification unclear on seed. */
- "", 0, CHECKSUM_SIZE, local_checksum);
+ GNUTLS_MASTER_SIZE, label, size_of_label - 1,
+ /* XXX specification unclear on seed. */
+ "", 0, CHECKSUM_SIZE, local_checksum);
if (ret < 0)
return ret;
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
priv = epriv.ptr;
ret = _gnutls_PRF (session, priv->inner_secret,
- GNUTLS_MASTER_SIZE,
- label, size_of_label - 1,
- "", 0, CHECKSUM_SIZE, local_checksum);
+ GNUTLS_MASTER_SIZE,
+ label, size_of_label - 1,
+ "", 0, CHECKSUM_SIZE, local_checksum);
if (ret < 0)
{
gnutls_assert ();
if (memcmp (local_checksum, checksum, CHECKSUM_SIZE) != 0)
{
ret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_INNER_APPLICATION_VERIFICATION);
+ GNUTLS_A_INNER_APPLICATION_VERIFICATION);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ {
+ gnutls_assert ();
+ return ret;
+ }
return GNUTLS_E_IA_VERIFY_FAILED;
}
ssize_t len;
len = _gnutls_send_inner_application (session,
- GNUTLS_IA_APPLICATION_PAYLOAD,
- data, sizeofdata);
+ GNUTLS_IA_APPLICATION_PAYLOAD,
+ data, sizeofdata);
return len;
}
{
char *buf = NULL;
size_t buflen = 0;
- char tmp[1024]; /* XXX */
+ char tmp[1024]; /* XXX */
ssize_t len;
int ret;
const struct gnutls_ia_client_credentials_st *cred =
size_t avplen;
ret = cred->avp_func (session, cred->avp_ptr,
- buf, buflen, &avp, &avplen);
+ buf, buflen, &avp, &avplen);
if (ret)
- {
- int tmpret;
- tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_INNER_APPLICATION_FAILURE);
- if (tmpret < 0)
- gnutls_assert ();
- return ret;
- }
+ {
+ int tmpret;
+ tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
+ GNUTLS_A_INNER_APPLICATION_FAILURE);
+ if (tmpret < 0)
+ gnutls_assert ();
+ return ret;
+ }
len = gnutls_ia_send (session, avp, avplen);
gnutls_free (avp);
if (len < 0)
- return len;
+ return len;
len = gnutls_ia_recv (session, tmp, sizeof (tmp));
if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED ||
- len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)
- {
- ret = gnutls_ia_verify_endphase (session, tmp);
- if (ret < 0)
- return ret;
-
- ret = gnutls_ia_endphase_send
- (session, len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED);
- if (ret < 0)
- return ret;
- }
+ len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)
+ {
+ ret = gnutls_ia_verify_endphase (session, tmp);
+ if (ret < 0)
+ return ret;
+
+ ret = gnutls_ia_endphase_send
+ (session, len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED);
+ if (ret < 0)
+ return ret;
+ }
if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED)
- {
- buf = NULL;
- buflen = 0;
- continue;
- }
+ {
+ buf = NULL;
+ buflen = 0;
+ continue;
+ }
else if (len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)
- break;
+ break;
if (len < 0)
- return len;
+ return len;
buflen = len;
buf = tmp;
len = gnutls_ia_recv (session, buf, sizeof (buf));
if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED ||
- len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)
- {
- ret = gnutls_ia_verify_endphase (session, buf);
- if (ret < 0)
- return ret;
- }
+ len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)
+ {
+ ret = gnutls_ia_verify_endphase (session, buf);
+ if (ret < 0)
+ return ret;
+ }
if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED)
- continue;
+ continue;
else if (len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)
- break;
+ break;
if (len < 0)
- return len;
+ return len;
avp = NULL;
avplen = 0;
ret = cred->avp_func (session, cred->avp_ptr, buf, len, &avp, &avplen);
if (ret < 0)
- {
- int tmpret;
- tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_INNER_APPLICATION_FAILURE);
- if (tmpret < 0)
- gnutls_assert ();
- return ret;
- }
+ {
+ int tmpret;
+ tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
+ GNUTLS_A_INNER_APPLICATION_FAILURE);
+ if (tmpret < 0)
+ gnutls_assert ();
+ return ret;
+ }
msg_type = ret;
if (msg_type != GNUTLS_IA_APPLICATION_PAYLOAD)
- {
- ret = gnutls_ia_endphase_send (session, msg_type ==
- GNUTLS_IA_FINAL_PHASE_FINISHED);
- if (ret < 0)
- return ret;
- }
+ {
+ ret = gnutls_ia_endphase_send (session, msg_type ==
+ GNUTLS_IA_FINAL_PHASE_FINISHED);
+ if (ret < 0)
+ return ret;
+ }
else
- {
- len = gnutls_ia_send (session, avp, avplen);
- gnutls_free (avp);
- if (len < 0)
- return len;
- }
+ {
+ len = gnutls_ia_send (session, avp, avplen);
+ gnutls_free (avp);
+ if (len < 0)
+ return len;
+ }
}
while (1);
ret =
_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
+ &epriv);
if (ret < 0)
{
gnutls_assert ();
**/
void
gnutls_ia_set_client_avp_function (gnutls_ia_client_credentials_t cred,
- gnutls_ia_avp_func avp_func)
+ gnutls_ia_avp_func avp_func)
{
cred->avp_func = avp_func;
}
**/
void
gnutls_ia_set_server_avp_function (gnutls_ia_server_credentials_t cred,
- gnutls_ia_avp_func avp_func)
+ gnutls_ia_avp_func avp_func)
{
cred->avp_func = avp_func;
}
priv->flags |= IA_ALLOW_SKIP;
_gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION,
- epriv);
+ epriv);
}
void
SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *))
+ int (*verify_callback) (int, X509_STORE_CTX *))
{
ctx->verify_mode = verify_mode;
ctx->verify_callback = verify_callback;
gnutls_init (&ssl->gnutls_state, ctx->method->connend);
gnutls_protocol_set_priority (ssl->gnutls_state,
- ctx->method->protocol_priority);
+ ctx->method->protocol_priority);
gnutls_cipher_set_priority (ssl->gnutls_state,
- ctx->method->cipher_priority);
+ ctx->method->cipher_priority);
gnutls_compression_set_priority (ssl->gnutls_state,
- ctx->method->comp_priority);
+ ctx->method->comp_priority);
gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority);
gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority);
gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
- ssl->gnutls_cred);
+ ssl->gnutls_cred);
if (ctx->certfile)
gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
- ctx->certfile,
- ctx->certfile_type);
+ ctx->certfile,
+ ctx->certfile_type);
if (ctx->keyfile)
gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
- ctx->certfile, ctx->keyfile,
- ctx->keyfile_type);
+ ctx->certfile, ctx->keyfile,
+ ctx->keyfile_type);
ssl->ctx = ctx;
ssl->verify_mode = ctx->verify_mode;
ssl->verify_callback = ctx->verify_callback;
void
SSL_set_verify (SSL * ssl, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *))
+ int (*verify_callback) (int, X509_STORE_CTX *))
{
ssl->verify_mode = verify_mode;
ssl->verify_callback = verify_callback;
int cert_list_size = 0;
cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
- &cert_list_size);
+ &cert_list_size);
return cert_list;
}
if (ssl->options & SSL_OP_NO_TLSv1)
{
for (i = 0, j = 0;
- i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
- {
- if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
- j++;
- else
- x_priority[i] = ssl->ctx->method->protocol_priority[j];
- }
+ i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
+ {
+ if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
+ j++;
+ else
+ x_priority[i] = ssl->ctx->method->protocol_priority[j];
+ }
if (i < GNUTLS_MAX_ALGORITHM_NUM)
- x_priority[i] = 0;
+ x_priority[i] = 0;
gnutls_protocol_set_priority (ssl->gnutls_state,
- ssl->ctx->method->protocol_priority);
+ ssl->ctx->method->protocol_priority);
}
err = gnutls_handshake (ssl->gnutls_state);
store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
store->ssl = ssl;
store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
- &cert_list_size);
+ &cert_list_size);
if (ssl->verify_callback)
{
if (ssl->options & SSL_OP_NO_TLSv1)
{
for (i = 0, j = 0;
- i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
- {
- if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
- j++;
- else
- x_priority[i] = ssl->ctx->method->protocol_priority[j];
- }
+ i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
+ {
+ if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
+ j++;
+ else
+ x_priority[i] = ssl->ctx->method->protocol_priority[j];
+ }
if (i < GNUTLS_MAX_ALGORITHM_NUM)
- x_priority[i] = 0;
+ x_priority[i] = 0;
gnutls_protocol_set_priority (ssl->gnutls_state,
- ssl->ctx->method->protocol_priority);
+ ssl->ctx->method->protocol_priority);
}
/* FIXME: dh params, do we want client cert? */
store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
store->ssl = ssl;
store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
- &cert_list_size);
+ &cert_list_size);
if (ssl->verify_callback)
{
return ("NONE");
return gnutls_cipher_suite_get_name (cipher->kx,
- cipher->cipher, cipher->mac);
+ cipher->cipher, cipher->mac);
}
int
}
if (snprintf (tmpbuf, tmpsize, "%s %s %s %s",
- gnutls_protocol_get_name (cipher->version),
- gnutls_kx_get_name (cipher->kx),
- gnutls_cipher_get_name (cipher->cipher),
- gnutls_mac_get_name (cipher->mac)) == -1)
+ gnutls_protocol_get_name (cipher->version),
+ gnutls_kx_get_name (cipher->kx),
+ gnutls_cipher_get_name (cipher->cipher),
+ gnutls_mac_get_name (cipher->mac)) == -1)
{
if (local_alloc)
- free (tmpbuf);
+ free (tmpbuf);
return (char *) "Buffer too small";
}
memset (buf, 0, len);
snprintf (buf, len - 1,
- "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
- name->country, name->state_or_province_name,
- name->locality_name, name->organization,
- name->organizational_unit_name, name->common_name, name->email);
+ "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
+ name->country, name->state_or_province_name,
+ name->locality_name, name->organization,
+ name->organizational_unit_name, name->common_name, name->email);
return buf;
}
*/
typedef int (*gnutls_ia_avp_func) (gnutls_session_t session, void *ptr,
- const char *last, size_t lastlen,
- char **next, size_t * nextlen);
+ const char *last, size_t lastlen,
+ char **next, size_t * nextlen);
typedef struct gnutls_ia_server_credentials_st
*gnutls_ia_server_credentials_t;
gnutls_ia_free_client_credentials (gnutls_ia_client_credentials_t sc);
extern int
gnutls_ia_allocate_client_credentials (gnutls_ia_client_credentials_t *
- sc);
+ sc);
extern void
gnutls_ia_free_server_credentials (gnutls_ia_server_credentials_t sc);
extern int
gnutls_ia_allocate_server_credentials (gnutls_ia_server_credentials_t *
- sc);
+ sc);
/* Client TLS/IA credential functions. */
extern void
gnutls_ia_set_client_avp_function (gnutls_ia_client_credentials_t cred,
- gnutls_ia_avp_func avp_func);
+ gnutls_ia_avp_func avp_func);
extern void
gnutls_ia_set_client_avp_ptr (gnutls_ia_client_credentials_t cred,
- void *ptr);
+ void *ptr);
extern void *gnutls_ia_get_client_avp_ptr (gnutls_ia_client_credentials_t
- cred);
+ cred);
/* Server TLS/IA credential functions. */
extern void
gnutls_ia_set_server_avp_function (gnutls_ia_server_credentials_t cred,
- gnutls_ia_avp_func avp_func);
+ gnutls_ia_avp_func avp_func);
extern void
gnutls_ia_set_server_avp_ptr (gnutls_ia_server_credentials_t cred,
- void *ptr);
+ void *ptr);
extern void *gnutls_ia_get_server_avp_ptr (gnutls_ia_server_credentials_t
- cred);
+ cred);
/* TLS/IA handshake. */
extern int gnutls_ia_handshake_p (gnutls_session_t session);
/* TLS/IA low level interface. */
extern int
gnutls_ia_permute_inner_secret (gnutls_session_t session,
- size_t session_keys_size,
- const char *session_keys);
+ size_t session_keys_size,
+ const char *session_keys);
extern int gnutls_ia_endphase_send (gnutls_session_t session, int final_p);
extern int gnutls_ia_verify_endphase (gnutls_session_t session,
- const char *checksum);
+ const char *checksum);
extern ssize_t gnutls_ia_send (gnutls_session_t session,
- const char *data, size_t sizeofdata);
+ const char *data, size_t sizeofdata);
extern ssize_t gnutls_ia_recv (gnutls_session_t session,
- char *data, size_t sizeofdata);
+ char *data, size_t sizeofdata);
/* Utility stuff. */
extern int gnutls_ia_generate_challenge (gnutls_session_t session,
- size_t buffer_size, char *buffer);
+ size_t buffer_size, char *buffer);
extern void gnutls_ia_extract_inner_secret (gnutls_session_t session,
- char *buffer);
+ char *buffer);
/* Define whether inner phases are wanted. */
extern void gnutls_ia_enable (gnutls_session_t session,
- int allow_skip_on_resume);
+ int allow_skip_on_resume);
int gnutls_global_init_extra (void);
void SSL_CTX_free (SSL_CTX * ctx);
int SSL_CTX_set_default_verify_paths (SSL_CTX * ctx);
int SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile,
- int type);
+ int type);
int SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile,
- int type);
+ int type);
void SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *));
+ int (*verify_callback) (int, X509_STORE_CTX *));
unsigned long SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options);
long SSL_CTX_set_mode (SSL_CTX * ctx, long mode);
int SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list);
void SSL_set_connect_state (SSL * ssl);
int SSL_pending (SSL * ssl);
void SSL_set_verify (SSL * ssl, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *));
+ int (*verify_callback) (int, X509_STORE_CTX *));
const X509 *SSL_get_peer_certificate (SSL * ssl);
/* SSL connection open/close/read/write functions */
void MD5_Update (MD5_CTX * ctx, const void *buf, int len);
void MD5_Final (unsigned char *md, MD5_CTX * ctx);
unsigned char *MD5 (const unsigned char *buf, unsigned long len,
- unsigned char *md);
+ unsigned char *md);
void RIPEMD160_Init (RIPEMD160_CTX * ctx);
void RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len);
void RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx);
unsigned char *RIPEMD160 (const unsigned char *buf, unsigned long len,
- unsigned char *md);
+ unsigned char *md);
#ifdef __cplusplus
}
#include <gnutls_global.h>
#include <gnutls_errors.h>
-#include <string.h> /* memset */
+#include <string.h> /* memset */
#include <x509/x509_int.h>
#include <libtasn1.h>
#include <gnutls/x509.h>
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS)
{
return _gnutls_asn2err (result);
}
len = sizeof (rdn->country);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, 0,
- rdn->country, &len);
+ rdn->country, &len);
len = sizeof (rdn->organization);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
- 0, rdn->organization, &len);
+ 0, rdn->organization, &len);
len = sizeof (rdn->organizational_unit_name);
_gnutls_x509_parse_dn_oid (dn, "",
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0,
- 0, rdn->organizational_unit_name, &len);
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0,
+ 0, rdn->organizational_unit_name, &len);
len = sizeof (rdn->common_name);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- rdn->common_name, &len);
+ rdn->common_name, &len);
len = sizeof (rdn->locality_name);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, 0,
- rdn->locality_name, &len);
+ rdn->locality_name, &len);
len = sizeof (rdn->state_or_province_name);
_gnutls_x509_parse_dn_oid (dn, "",
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
- rdn->state_or_province_name, &len);
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
+ rdn->state_or_province_name, &len);
len = sizeof (rdn->email);
_gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, 0,
- rdn->email, &len);
+ rdn->email, &len);
asn1_delete_structure (&dn);
-*/
int
gnutls_x509_extract_certificate_dn (const gnutls_datum_t * cert,
- gnutls_x509_dn * ret)
+ gnutls_x509_dn * ret)
{
gnutls_x509_crt_t xcert;
int result;
len = sizeof (ret->country);
gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0,
- 0, ret->country, &len);
+ 0, ret->country, &len);
len = sizeof (ret->organization);
gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, 0, ret->organization, &len);
+ 0, 0, ret->organization, &len);
len = sizeof (ret->organizational_unit_name);
gnutls_x509_crt_get_dn_by_oid (xcert,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, 0, ret->organizational_unit_name, &len);
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, 0, ret->organizational_unit_name, &len);
len = sizeof (ret->common_name);
gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- ret->common_name, &len);
+ ret->common_name, &len);
len = sizeof (ret->locality_name);
gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0,
- 0, ret->locality_name, &len);
+ 0, ret->locality_name, &len);
len = sizeof (ret->state_or_province_name);
gnutls_x509_crt_get_dn_by_oid (xcert,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, 0, ret->state_or_province_name, &len);
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, 0, ret->state_or_province_name, &len);
len = sizeof (ret->email);
gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
- ret->email, &len);
+ ret->email, &len);
gnutls_x509_crt_deinit (xcert);
-*/
int
gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t * cert,
- gnutls_x509_dn * ret)
+ gnutls_x509_dn * ret)
{
gnutls_x509_crt_t xcert;
int result;
len = sizeof (ret->country);
gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_COUNTRY_NAME, 0,
- 0, ret->country, &len);
+ GNUTLS_OID_X520_COUNTRY_NAME, 0,
+ 0, ret->country, &len);
len = sizeof (ret->organization);
gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, 0, ret->organization, &len);
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0, 0, ret->organization, &len);
len = sizeof (ret->organizational_unit_name);
gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, 0,
- ret->organizational_unit_name, &len);
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, 0,
+ ret->organizational_unit_name, &len);
len = sizeof (ret->common_name);
gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- ret->common_name, &len);
+ GNUTLS_OID_X520_COMMON_NAME, 0, 0,
+ ret->common_name, &len);
len = sizeof (ret->locality_name);
gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_LOCALITY_NAME, 0,
- 0, ret->locality_name, &len);
+ GNUTLS_OID_X520_LOCALITY_NAME, 0,
+ 0, ret->locality_name, &len);
len = sizeof (ret->state_or_province_name);
gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, 0, ret->state_or_province_name,
- &len);
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, 0, ret->state_or_province_name,
+ &len);
len = sizeof (ret->email);
gnutls_x509_crt_get_issuer_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0,
- 0, ret->email, &len);
+ 0, ret->email, &len);
gnutls_x509_crt_deinit (xcert);
-*/
int
gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t *
- cert, int seq,
- char *ret, int *ret_size)
+ cert, int seq,
+ char *ret, int *ret_size)
{
gnutls_x509_crt_t xcert;
int result;
-*/
int
gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert,
- char *result, int *result_size)
+ char *result, int *result_size)
{
gnutls_x509_crt_t xcert;
size_t size = *result_size;
-*/
int
gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t *
- cert, int *bits)
+ cert, int *bits)
{
gnutls_x509_crt_t xcert;
int result;
-*/
int
gnutls_x509_extract_certificate_dn_string (char *buf,
- unsigned int sizeof_buf,
- const gnutls_datum_t * cert,
- int issuer)
+ unsigned int sizeof_buf,
+ const gnutls_datum_t * cert,
+ int issuer)
{
gnutls_x509_crt_t xcert;
int result;
-*/
int
gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list,
- int cert_list_length,
- const gnutls_datum_t * CA_list,
- int CA_list_length,
- const gnutls_datum_t * CRL_list,
- int CRL_list_length)
+ int cert_list_length,
+ const gnutls_datum_t * CA_list,
+ int CA_list_length,
+ const gnutls_datum_t * CRL_list,
+ int CRL_list_length)
{
unsigned int verify;
gnutls_x509_crt_t *peer_certificate_list = NULL;
{
ret = gnutls_x509_crt_init (&peer_certificate_list[i]);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
ret =
- gnutls_x509_crt_import (peer_certificate_list[i],
- &cert_list[i], GNUTLS_X509_FMT_DER);
+ gnutls_x509_crt_import (peer_certificate_list[i],
+ &cert_list[i], GNUTLS_X509_FMT_DER);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
/* convert CA_list to gnutls_x509_cert* list
{
ret = gnutls_x509_crt_init (&ca_certificate_list[i]);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
ret =
- gnutls_x509_crt_import (ca_certificate_list[i],
- &CA_list[i], GNUTLS_X509_FMT_DER);
+ gnutls_x509_crt_import (ca_certificate_list[i],
+ &CA_list[i], GNUTLS_X509_FMT_DER);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
#ifdef ENABLE_PKI
{
ret = gnutls_x509_crl_init (&crl_list[i]);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
ret =
- gnutls_x509_crl_import (crl_list[i],
- &CRL_list[i], GNUTLS_X509_FMT_DER);
+ gnutls_x509_crl_import (crl_list[i],
+ &CRL_list[i], GNUTLS_X509_FMT_DER);
if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
}
#endif
*/
ret =
gnutls_x509_crt_list_verify (peer_certificate_list,
- peer_certificate_list_size,
- ca_certificate_list,
- ca_certificate_list_size, crl_list,
- crl_list_size, 0, &verify);
+ peer_certificate_list_size,
+ ca_certificate_list,
+ ca_certificate_list_size, crl_list,
+ crl_list_size, 0, &verify);
if (ret < 0)
{
if (peer_certificate_list != NULL)
for (x = 0; x < peer_certificate_list_size; x++)
{
- if (peer_certificate_list[x] != NULL)
- gnutls_x509_crt_deinit (peer_certificate_list[x]);
+ if (peer_certificate_list[x] != NULL)
+ gnutls_x509_crt_deinit (peer_certificate_list[x]);
}
if (ca_certificate_list != NULL)
for (x = 0; x < ca_certificate_list_size; x++)
{
- if (ca_certificate_list[x] != NULL)
- gnutls_x509_crt_deinit (ca_certificate_list[x]);
+ if (ca_certificate_list[x] != NULL)
+ gnutls_x509_crt_deinit (ca_certificate_list[x]);
}
#ifdef ENABLE_PKI
if (crl_list != NULL)
for (x = 0; x < crl_list_size; x++)
{
- if (crl_list[x] != NULL)
- gnutls_x509_crl_deinit (crl_list[x]);
+ if (crl_list[x] != NULL)
+ gnutls_x509_crl_deinit (crl_list[x]);
}
gnutls_free (crl_list);
-*/
int
gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t *
- pkcs7_struct, int indx,
- char *certificate,
- int *certificate_size)
+ pkcs7_struct, int indx,
+ char *certificate,
+ int *certificate_size)
{
gnutls_pkcs7_t pkcs7;
int result;
int gnutls_x509_extract_dn (const gnutls_datum_t *, gnutls_x509_dn *);
int gnutls_x509_extract_dn_string (const gnutls_datum_t * idn,
- char *buf, unsigned int sizeof_buf);
+ char *buf, unsigned int sizeof_buf);
int gnutls_x509_extract_certificate_dn (const gnutls_datum_t *,
- gnutls_x509_dn *);
+ gnutls_x509_dn *);
int gnutls_x509_extract_certificate_dn_string (char *buf,
- unsigned int sizeof_buf,
- const gnutls_datum_t * cert,
- int issuer);
+ unsigned int sizeof_buf,
+ const gnutls_datum_t * cert,
+ int issuer);
int gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t *,
- gnutls_x509_dn *);
+ gnutls_x509_dn *);
int gnutls_x509_extract_certificate_version (const gnutls_datum_t *);
int gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert,
- char *result, int *result_size);
+ char *result, int *result_size);
time_t gnutls_x509_extract_certificate_activation_time (const gnutls_datum_t
- *);
+ *);
time_t gnutls_x509_extract_certificate_expiration_time (const gnutls_datum_t
- *);
+ *);
int gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t
- *, int seq, char *,
- int *);
+ *, int seq, char *,
+ int *);
int gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t *
- pkcs7_struct, int indx,
- char *certificate,
- int *certificate_size);
+ pkcs7_struct, int indx,
+ char *certificate,
+ int *certificate_size);
int gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t *
- cert, int *bits);
+ cert, int *bits);
int gnutls_x509_extract_certificate_ca_status (const gnutls_datum_t * cert);
int gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key);
int gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list,
- int cert_list_length,
- const gnutls_datum_t * CA_list,
- int CA_list_length,
- const gnutls_datum_t * CRL_list,
- int CRL_list_length);
+ int cert_list_length,
+ const gnutls_datum_t * CA_list,
+ int CA_list_length,
+ const gnutls_datum_t * CRL_list,
+ int CRL_list_length);
#define gnutls_x509_fingerprint gnutls_fingerprint
#define gnutls_x509_certificate_format gnutls_x509_crt_fmt_t
INDENT_SOURCES ?= $(C_SOURCES)
.PHONY: indent
indent:
- indent $(INDENT_SOURCES)
- indent $(INDENT_SOURCES)
+ indent -nut $(INDENT_SOURCES)
+ indent -nut $(INDENT_SOURCES)
# If you want to set UPDATE_COPYRIGHT_* environment variables,
# put the assignments in this variable.
#include <gnutls/crypto.h>
#include <time.h>
#include <signal.h>
-#include "timespec.h" /* gnulib gettime */
+#include "timespec.h" /* gnulib gettime */
static unsigned char data[64 * 1024];
static void
value2human (double bytes, double time, double *data, double *speed,
- char *metric)
+ char *metric)
{
if (bytes > 1000 && bytes < 1000 * 1000)
{
key.size = keysize;
printf ("Checking %s (%dkb payload)... ", gnutls_cipher_get_name (algo),
- size);
+ size);
fflush (stdout);
must_finish = 0;
gettime (&stop);
secs = (stop.tv_sec * 1000 + stop.tv_nsec / (1000 * 1000) -
- (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000)));
+ (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000)));
secs /= 1000;
value2human (data_size, secs, &ddata, &dspeed, metric);
if (fgets (input, sizeof (input), stdin) == NULL)
return;
- if (strlen (input) == 1) /* only newline */
+ if (strlen (input) == 1) /* only newline */
return;
ret =
if (fgets (input, sizeof (input), stdin) == NULL)
return;
- if (strlen (input) == 1) /* only newline */
+ if (strlen (input) == 1) /* only newline */
return;
ret =
if (fgets (input, sizeof (input), stdin) == NULL)
return 0;
- if (strlen (input) == 1) /* only newline */
+ if (strlen (input) == 1) /* only newline */
return 0;
if (input[0] == 'y' || input[0] == 'Y')
char *copy = NULL;
do
- {
- if (pass)
- printf ("Password missmatch, try again.\n");
+ {
+ if (pass)
+ printf ("Password missmatch, try again.\n");
- free (copy);
+ free (copy);
- pass = getpass ("Enter password: ");
- copy = strdup (pass);
- pass = getpass ("Confirm password: ");
- }
+ pass = getpass ("Enter password: ");
+ copy = strdup (pass);
+ pass = getpass ("Confirm password: ");
+ }
while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0'));
free (copy);
if (batch)
{
if (!cfg.country)
- return;
+ return;
ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_COUNTRY_NAME, 0,
- cfg.country, strlen (cfg.country));
+ gnutls_x509_crt_set_dn_by_oid (crt,
+ GNUTLS_OID_X520_COUNTRY_NAME, 0,
+ cfg.country, strlen (cfg.country));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crt_set (crt, "Country name (2 chars): ",
- GNUTLS_OID_X520_COUNTRY_NAME);
+ GNUTLS_OID_X520_COUNTRY_NAME);
}
}
if (batch)
{
if (!cfg.organization)
- return;
+ return;
ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, cfg.organization,
- strlen (cfg.organization));
+ gnutls_x509_crt_set_dn_by_oid (crt,
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0, cfg.organization,
+ strlen (cfg.organization));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crt_set (crt, "Organization name: ",
- GNUTLS_OID_X520_ORGANIZATION_NAME);
+ GNUTLS_OID_X520_ORGANIZATION_NAME);
}
}
if (batch)
{
if (!cfg.unit)
- return;
+ return;
ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit, strlen (cfg.unit));
+ gnutls_x509_crt_set_dn_by_oid (crt,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit, strlen (cfg.unit));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crt_set (crt, "Organizational unit name: ",
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
}
}
if (batch)
{
if (!cfg.state)
- return;
+ return;
ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, cfg.state, strlen (cfg.state));
+ gnutls_x509_crt_set_dn_by_oid (crt,
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, cfg.state, strlen (cfg.state));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crt_set (crt, "State or province name: ",
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
}
}
if (batch)
{
if (!cfg.locality)
- return;
+ return;
ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_LOCALITY_NAME, 0,
- cfg.locality, strlen (cfg.locality));
+ gnutls_x509_crt_set_dn_by_oid (crt,
+ GNUTLS_OID_X520_LOCALITY_NAME, 0,
+ cfg.locality, strlen (cfg.locality));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
if (batch)
{
if (!cfg.cn)
- return;
+ return;
ret =
- gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
- 0, cfg.cn, strlen (cfg.cn));
+ gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
+ 0, cfg.cn, strlen (cfg.cn));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
if (batch)
{
if (!cfg.uid)
- return;
+ return;
ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0,
- cfg.uid, strlen (cfg.uid));
+ cfg.uid, strlen (cfg.uid));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
if (batch)
{
if (!cfg.dn_oid)
- return;
+ return;
for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
- {
- if (cfg.dn_oid[i + 1] == NULL)
- {
- fprintf (stderr, "dn_oid: %s does not have an argument.\n",
- cfg.dn_oid[i]);
- exit (1);
- }
- ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
- cfg.dn_oid[i + 1],
- strlen (cfg.dn_oid[i + 1]));
-
- if (ret < 0)
- {
- fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
+ {
+ if (cfg.dn_oid[i + 1] == NULL)
+ {
+ fprintf (stderr, "dn_oid: %s does not have an argument.\n",
+ cfg.dn_oid[i]);
+ exit (1);
+ }
+ ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
+ cfg.dn_oid[i + 1],
+ strlen (cfg.dn_oid[i + 1]));
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
+ }
}
}
if (batch)
{
if (!cfg.key_purpose_oids)
- return;
+ return;
for (i = 0; cfg.key_purpose_oids[i] != NULL; i++)
- {
- ret =
- gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i],
- 0);
+ {
+ ret =
+ gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i],
+ 0);
- if (ret < 0)
- {
- fprintf (stderr, "set_key_purpose_oid (%s): %s\n",
- cfg.key_purpose_oids[i], gnutls_strerror (ret));
- exit (1);
- }
- }
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_key_purpose_oid (%s): %s\n",
+ cfg.key_purpose_oids[i], gnutls_strerror (ret));
+ exit (1);
+ }
+ }
}
}
if (batch)
{
if (!cfg.pkcs9_email)
- return;
+ return;
ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0,
- cfg.pkcs9_email,
- strlen (cfg.pkcs9_email));
+ cfg.pkcs9_email,
+ strlen (cfg.pkcs9_email));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
if (batch)
{
if (cfg.serial < 0)
- return default_serial;
+ return default_serial;
return cfg.serial;
}
else
{
return read_int_with_default
- ("Enter the certificate's serial number in decimal (default: %u): ",
- default_serial);
+ ("Enter the certificate's serial number in decimal (default: %u): ",
+ default_serial);
}
}
if (batch)
{
if (cfg.expiration_days <= 0)
- return 365;
+ return 365;
else
- return cfg.expiration_days;
+ return cfg.expiration_days;
}
else
{
do
- {
- days = read_int ("The certificate will expire in (days): ");
- }
+ {
+ days = read_int ("The certificate will expire in (days): ");
+ }
while (days == 0);
return days;
}
else
{
return
- read_yesno ("Does the certificate belong to an authority? (y/N): ");
+ read_yesno ("Does the certificate belong to an authority? (y/N): ");
}
}
else
{
return
- read_yesno
- ("Do you want to honour the extensions from the request? (y/N): ");
+ read_yesno
+ ("Do you want to honour the extensions from the request? (y/N): ");
}
}
else
{
return read_int_with_default
- ("Path length constraint (decimal, %d for no constraint): ", -1);
+ ("Path length constraint (decimal, %d for no constraint): ", -1);
}
}
if (batch)
{
if (!cfg.pkcs12_key_name)
- return "Anonymous";
+ return "Anonymous";
return cfg.pkcs12_key_name;
}
else
{
do
- {
- name = read_str ("Enter a name for the key: ");
- }
+ {
+ name = read_str ("Enter a name for the key: ");
+ }
while (name == NULL);
}
return name;
else
{
return
- read_yesno ("Is this also a TLS web server certificate? (y/N): ");
+ read_yesno ("Is this also a TLS web server certificate? (y/N): ");
}
}
#if HAVE_IPV6
if (strchr (str, ':') != NULL || len > 16)
- { /* IPv6 */
+ { /* IPv6 */
ret = inet_pton (AF_INET6, str, ip);
if (ret <= 0)
- {
- fprintf (stderr, "Error in IPv6 address %s\n", str);
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in IPv6 address %s\n", str);
+ exit (1);
+ }
/* To be done */
return 16;
}
else
#endif
- { /* IPv4 */
+ { /* IPv4 */
ret = inet_pton (AF_INET, str, ip);
if (ret <= 0)
- {
- fprintf (stderr, "Error in IPv4 address %s\n", str);
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in IPv4 address %s\n", str);
+ exit (1);
+ }
return 4;
}
if (batch)
{
if (!cfg.ip_addr)
- return;
+ return;
for (i = 0; cfg.ip_addr[i] != NULL; i++)
- {
- len = string_to_ip (ip, cfg.ip_addr[i]);
- if (len <= 0)
- {
- fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]);
- exit (1);
- }
-
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
-
- if (ret < 0)
- break;
- }
+ {
+ len = string_to_ip (ip, cfg.ip_addr[i]);
+ if (len <= 0)
+ {
+ fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]);
+ exit (1);
+ }
+
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
+ ip, len,
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
+ ip, len,
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
}
else
{
const char *p;
p =
- read_str ("Enter the IP address of the subject of the certificate: ");
+ read_str ("Enter the IP address of the subject of the certificate: ");
if (!p)
- return;
+ return;
len = string_to_ip (ip, p);
if (len <= 0)
- {
- fprintf (stderr, "Error parsing address: %s\n", p);
- exit (1);
- }
+ {
+ fprintf (stderr, "Error parsing address: %s\n", p);
+ exit (1);
+ }
if (type == TYPE_CRT)
- ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
+ ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
+ ip, len,
+ GNUTLS_FSAN_APPEND);
else
- ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
+ ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
+ ip, len,
+ GNUTLS_FSAN_APPEND);
}
if (ret < 0)
if (batch)
{
if (!cfg.email)
- return;
+ return;
for (i = 0; cfg.email[i] != NULL; i++)
- {
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt,
- GNUTLS_SAN_RFC822NAME,
- cfg.email[i],
- strlen (cfg.email[i]),
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt,
- GNUTLS_SAN_RFC822NAME,
- cfg.email[i],
- strlen (cfg.email[i]),
- GNUTLS_FSAN_APPEND);
-
- if (ret < 0)
- break;
- }
+ {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name (crt,
+ GNUTLS_SAN_RFC822NAME,
+ cfg.email[i],
+ strlen (cfg.email[i]),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name (crt,
+ GNUTLS_SAN_RFC822NAME,
+ cfg.email[i],
+ strlen (cfg.email[i]),
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
}
else
{
p = read_str ("Enter the e-mail of the subject of the certificate: ");
if (!p)
- return;
+ return;
if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
- strlen (p),
- GNUTLS_FSAN_APPEND);
+ ret =
+ gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
+ strlen (p),
+ GNUTLS_FSAN_APPEND);
else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
- strlen (p),
- GNUTLS_FSAN_APPEND);
+ ret =
+ gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
+ strlen (p),
+ GNUTLS_FSAN_APPEND);
}
if (ret < 0)
if (batch)
{
if (!cfg.dns_name)
- return;
+ return;
for (i = 0; cfg.dns_name[i] != NULL; i++)
- {
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
- cfg.dns_name[i],
- strlen (cfg.dns_name[i]),
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
- cfg.dns_name[i],
- strlen (cfg.dns_name[i]),
- GNUTLS_FSAN_APPEND);
-
- if (ret < 0)
- break;
- }
+ {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
+ cfg.dns_name[i],
+ strlen (cfg.dns_name[i]),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
+ cfg.dns_name[i],
+ strlen (cfg.dns_name[i]),
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
}
else
{
const char *p;
do
- {
- p =
- read_str ("Enter a dnsName of the subject of the certificate: ");
- if (!p)
- return;
-
- if (type == TYPE_CRT)
- ret = gnutls_x509_crt_set_subject_alt_name
- (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
- else
- ret = gnutls_x509_crq_set_subject_alt_name
- (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
- }
+ {
+ p =
+ read_str ("Enter a dnsName of the subject of the certificate: ");
+ if (!p)
+ return;
+
+ if (type == TYPE_CRT)
+ ret = gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
+ else
+ ret = gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
+ }
while (p);
}
else
{
if (server)
- msg =
- "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): ";
+ msg =
+ "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): ";
else
- msg =
- "Will the certificate be used for signing (required for TLS)? (y/N): ";
+ msg =
+ "Will the certificate be used for signing (required for TLS)? (y/N): ";
return read_yesno (msg);
}
}
else
{
if (server)
- msg =
- "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): ";
+ msg =
+ "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): ";
else
- msg =
- "Will the certificate be used for encryption (not required for TLS)? (y/N): ";
+ msg =
+ "Will the certificate be used for encryption (not required for TLS)? (y/N): ";
return read_yesno (msg);
}
}
else
{
return
- read_yesno
- ("Will the certificate be used to sign other certificates? (y/N): ");
+ read_yesno
+ ("Will the certificate be used to sign other certificates? (y/N): ");
}
}
else
{
return
- read_yesno ("Will the certificate be used to sign CRLs? (y/N): ");
+ read_yesno ("Will the certificate be used to sign CRLs? (y/N): ");
}
}
else
{
return
- read_yesno ("Will the certificate be used to sign code? (y/N): ");
+ read_yesno ("Will the certificate be used to sign code? (y/N): ");
}
}
else
{
return
- read_yesno
- ("Will the certificate be used to sign OCSP requests? (y/N): ");
+ read_yesno
+ ("Will the certificate be used to sign OCSP requests? (y/N): ");
}
}
else
{
return
- read_yesno
- ("Will the certificate be used for time stamping? (y/N): ");
+ read_yesno
+ ("Will the certificate be used for time stamping? (y/N): ");
}
}
else
{
return
- read_yesno
- ("Will the certificate be used for IPsec IKE operations? (y/N): ");
+ read_yesno
+ ("Will the certificate be used for IPsec IKE operations? (y/N): ");
}
}
if (batch)
{
if (cfg.crl_next_update <= 0)
- return 365;
+ return 365;
else
- return cfg.crl_next_update;
+ return cfg.crl_next_update;
}
else
{
do
- {
- days = read_int ("The next CRL will be issued in (days): ");
- }
+ {
+ days = read_int ("The next CRL will be issued in (days): ");
+ }
while (days == 0);
return days;
}
{
ret = cfg.proxy_policy_language;
if (!ret)
- ret = "1.3.6.1.5.5.7.21.1";
+ ret = "1.3.6.1.5.5.7.21.1";
}
else
{
do
- {
- ret = read_str ("Enter the OID of the proxy policy language: ");
- }
+ {
+ ret = read_str ("Enter the OID of the proxy policy language: ");
+ }
while (ret == NULL);
}
if (batch)
{
if (!cfg.country)
- return;
+ return;
ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_COUNTRY_NAME, 0,
- cfg.country, strlen (cfg.country));
+ gnutls_x509_crq_set_dn_by_oid (crq,
+ GNUTLS_OID_X520_COUNTRY_NAME, 0,
+ cfg.country, strlen (cfg.country));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crq_set (crq, "Country name (2 chars): ",
- GNUTLS_OID_X520_COUNTRY_NAME);
+ GNUTLS_OID_X520_COUNTRY_NAME);
}
}
if (batch)
{
if (!cfg.organization)
- return;
+ return;
ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, cfg.organization,
- strlen (cfg.organization));
+ gnutls_x509_crq_set_dn_by_oid (crq,
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0, cfg.organization,
+ strlen (cfg.organization));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crq_set (crq, "Organization name: ",
- GNUTLS_OID_X520_ORGANIZATION_NAME);
+ GNUTLS_OID_X520_ORGANIZATION_NAME);
}
}
if (batch)
{
if (!cfg.unit)
- return;
+ return;
ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit, strlen (cfg.unit));
+ gnutls_x509_crq_set_dn_by_oid (crq,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit, strlen (cfg.unit));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crq_set (crq, "Organizational unit name: ",
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
}
}
if (batch)
{
if (!cfg.state)
- return;
+ return;
ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, cfg.state, strlen (cfg.state));
+ gnutls_x509_crq_set_dn_by_oid (crq,
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, cfg.state, strlen (cfg.state));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
read_crq_set (crq, "State or province name: ",
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
}
}
if (batch)
{
if (!cfg.locality)
- return;
+ return;
ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_LOCALITY_NAME, 0,
- cfg.locality, strlen (cfg.locality));
+ gnutls_x509_crq_set_dn_by_oid (crq,
+ GNUTLS_OID_X520_LOCALITY_NAME, 0,
+ cfg.locality, strlen (cfg.locality));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
if (batch)
{
if (!cfg.cn)
- return;
+ return;
ret =
- gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
- 0, cfg.cn, strlen (cfg.cn));
+ gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
+ 0, cfg.cn, strlen (cfg.cn));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
if (batch)
{
if (!cfg.uid)
- return;
+ return;
ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0,
- cfg.uid, strlen (cfg.uid));
+ cfg.uid, strlen (cfg.uid));
if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
if (batch)
{
if (!cfg.dn_oid)
- return;
+ return;
for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
- {
- if (cfg.dn_oid[i + 1] == NULL)
- {
- fprintf (stderr, "dn_oid: %s does not have an argument.\n",
- cfg.dn_oid[i]);
- exit (1);
- }
- ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
- cfg.dn_oid[i + 1],
- strlen (cfg.dn_oid[i + 1]));
-
- if (ret < 0)
- {
- fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
+ {
+ if (cfg.dn_oid[i + 1] == NULL)
+ {
+ fprintf (stderr, "dn_oid: %s does not have an argument.\n",
+ cfg.dn_oid[i]);
+ exit (1);
+ }
+ ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
+ cfg.dn_oid[i + 1],
+ strlen (cfg.dn_oid[i + 1]));
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
+ }
}
}
int template_parse (const char *template);
void read_crt_set (gnutls_x509_crt_t crt, const char *input_str,
- const char *oid);
+ const char *oid);
void read_crq_set (gnutls_x509_crq_t crq, const char *input_str,
- const char *oid);
+ const char *oid);
int read_int (const char *input_str);
const char *read_str (const char *input_str);
int read_yesno (const char *input_str);
if (info->secret_key == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --secret-key");
+ error (EXIT_FAILURE, 0, "missing --secret-key");
else
- return NULL;
+ return NULL;
}
hex_key.data = (char *) info->secret_key;
{
const char *pass = get_pass ();
ret =
- gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
- pass, 0);
+ gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+ pass, 0);
}
else
ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header; "
- "check if your key is PKCS #8 or PKCS #12 encoded");
+ "import error: could not find a valid PEM header; "
+ "check if your key is PKCS #8 or PKCS #12 encoded");
}
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
- info->privkey, gnutls_strerror (ret));
+ info->privkey, gnutls_strerror (ret));
return key;
}
if (info->cert == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --load-certificate");
+ error (EXIT_FAILURE, 0, "missing --load-certificate");
else
- return NULL;
+ return NULL;
}
fd = fopen (info->cert, "r");
{
ret = gnutls_x509_crt_init (&crt[i]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
dat.data = ptr;
dat.size = ptr_size;
ret = gnutls_x509_crt_import (crt[i], &dat, info->incert_format);
if (ret < 0 && *crt_size > 0)
- break;
+ break;
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
ptr = strstr (ptr, "---END");
if (ptr == NULL)
- break;
+ break;
ptr++;
ptr_size = size;
ptr_size -=
- (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
+ (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
if (ptr_size < 0)
- break;
+ break;
(*crt_size)++;
}
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header");
+ "import error: could not find a valid PEM header");
}
free (dat.data);
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
- info->request, gnutls_strerror (ret));
+ info->request, gnutls_strerror (ret));
return crq;
}
if (!dat.data)
error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
- info->ca_privkey);
+ info->ca_privkey);
if (info->pkcs8)
{
const char *pass = get_pass ();
ret =
- gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
- pass, 0);
+ gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+ pass, 0);
}
else
ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
free (dat.data);
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
- info->ca_privkey, gnutls_strerror (ret));
+ info->ca_privkey, gnutls_strerror (ret));
return key;
}
if (!dat.data)
error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s",
- info->ca);
+ info->ca);
ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
free (dat.data);
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
- info->ca, gnutls_strerror (ret));
+ info->ca, gnutls_strerror (ret));
return crt;
}
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header; "
- "check if your key has the PUBLIC KEY header");
+ "import error: could not find a valid PEM header; "
+ "check if your key has the PUBLIC KEY header");
}
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
- info->pubkey, gnutls_strerror (ret));
+ info->pubkey, gnutls_strerror (ret));
return key;
}
gnutls_datum *load_secret_key (int mand, common_info_st * info);
gnutls_pubkey_t load_pubkey (int mand, common_info_st * info);
gnutls_x509_crt_t *load_cert_list (int mand, size_t * size,
- common_info_st * info);
+ common_info_st * info);
/* returns the bits specified in cmd */
int get_bits (gnutls_pk_algorithm_t);
void generate_self_signed (common_info_st *);
void generate_request (common_info_st *);
static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
- unsigned int all);
+ unsigned int all);
static void print_hex_datum (gnutls_datum_t * dat);
for (i = 0; i < raw_size; i++)
{
sprintf (&(buf[i * 3]), "%02X%s", raw[i],
- (i == raw_size - 1) ? "" : ":");
+ (i == raw_size - 1) ? "" : ":");
}
buf[sizeof (buf) - 1] = '\0';
static void
print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * g)
+ gnutls_datum_t * q, gnutls_datum_t * g)
{
if (x)
{
static void
print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
- gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t * exp1, gnutls_datum_t * exp2)
+ gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * exp1, gnutls_datum_t * exp2)
{
fprintf (outfile, "modulus:");
print_hex_datum (m);
fprintf (outfile, "coefficient:");
print_hex_datum (u);
if (exp1 && exp2)
- {
- fprintf (outfile, "exp1:");
- print_hex_datum (exp1);
- fprintf (outfile, "exp2:");
- print_hex_datum (exp2);
- }
+ {
+ fprintf (outfile, "exp1:");
+ print_hex_datum (exp1);
+ fprintf (outfile, "exp2:");
+ print_hex_datum (exp2);
+ }
}
}
static int warned = 0;
if (warned == 0)
- {
- warned = 1;
- fprintf (stderr,
- "** Note: Please use the --sec-param instead of --bits\n");
- }
+ {
+ warned = 1;
+ fprintf (stderr,
+ "** Note: Please use the --sec-param instead of --bits\n");
+ }
bits = info.bits;
}
else
{
if (info.sec_param)
- {
- bits =
- gnutls_sec_param_to_pk_bits (key_type,
- str_to_sec_param (info.sec_param));
- }
+ {
+ bits =
+ gnutls_sec_param_to_pk_bits (key_type,
+ str_to_sec_param (info.sec_param));
+ }
else
- bits =
- gnutls_sec_param_to_pk_bits (key_type, GNUTLS_SEC_PARAM_NORMAL);
+ bits =
+ gnutls_sec_param_to_pk_bits (key_type, GNUTLS_SEC_PARAM_NORMAL);
}
return bits;
bits = get_bits (key_type);
fprintf (stderr, "Generating a %d bit %s private key...\n",
- get_bits (key_type), gnutls_pk_algorithm_get_name (key_type));
+ get_bits (key_type), gnutls_pk_algorithm_get_name (key_type));
if (info.quick_random == 0)
fprintf (stderr,
- "This might take several minutes depending on availability of randomness"
- " in /dev/random.\n");
+ "This might take several minutes depending on availability of randomness"
+ " in /dev/random.\n");
ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0);
if (ret < 0)
{
size = buffer_size;
ret = gnutls_x509_privkey_export (key, info.outcert_format,
- buffer, &size);
+ buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_export: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "privkey_export: %s", gnutls_strerror (ret));
}
else
{
const char *pass;
if (info.export)
- flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
+ flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
else
- flags = cipher_to_flags (info.pkcs_cipher);
+ flags = cipher_to_flags (info.pkcs_cipher);
if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0')
- flags = GNUTLS_PKCS_PLAIN;
+ flags = GNUTLS_PKCS_PLAIN;
size = buffer_size;
ret =
- gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass,
- flags, buffer, &size);
+ gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass,
+ flags, buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_export_pkcs8: %s",
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "privkey_export_pkcs8: %s",
+ gnutls_strerror (ret));
}
fwrite (buffer, 1, size, outfile);
static gnutls_x509_crt_t
generate_certificate (gnutls_x509_privkey_t * ret_key,
- gnutls_x509_crt_t ca_crt, int proxy,
- common_info_st * cinfo)
+ gnutls_x509_crt_t ca_crt, int proxy,
+ common_info_st * cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key = NULL;
int days, result, ca_status = 0, is_ike = 0, path_len;
int vers;
unsigned int usage = 0, server;
- gnutls_x509_crq_t crq; /* request */
+ gnutls_x509_crq_t crq; /* request */
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
key = load_private_key (1, cinfo);
if (!batch)
- fprintf (stderr,
- "Please enter the details of the certificate's distinguished name. "
- "Just press enter to ignore a field.\n");
+ fprintf (stderr,
+ "Please enter the details of the certificate's distinguished name. "
+ "Just press enter to ignore a field.\n");
/* set the DN.
*/
if (proxy)
- {
- result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0);
- if (result < 0)
- error (EXIT_FAILURE, 0, "set_proxy_dn: %s",
- gnutls_strerror (result));
-
- get_cn_crt_set (crt);
- }
+ {
+ result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "set_proxy_dn: %s",
+ gnutls_strerror (result));
+
+ get_cn_crt_set (crt);
+ }
else
- {
- get_country_crt_set (crt);
- get_organization_crt_set (crt);
- get_unit_crt_set (crt);
- get_locality_crt_set (crt);
- get_state_crt_set (crt);
- get_cn_crt_set (crt);
- get_uid_crt_set (crt);
- get_oid_crt_set (crt);
- get_key_purpose_set (crt);
-
- if (!batch)
- fprintf (stderr,
- "This field should not be used in new certificates.\n");
-
- get_pkcs9_email_crt_set (crt);
- }
+ {
+ get_country_crt_set (crt);
+ get_organization_crt_set (crt);
+ get_unit_crt_set (crt);
+ get_locality_crt_set (crt);
+ get_state_crt_set (crt);
+ get_cn_crt_set (crt);
+ get_uid_crt_set (crt);
+ get_oid_crt_set (crt);
+ get_key_purpose_set (crt);
+
+ if (!batch)
+ fprintf (stderr,
+ "This field should not be used in new certificates.\n");
+
+ get_pkcs9_email_crt_set (crt);
+ }
result = gnutls_x509_crt_set_key (crt, key);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (result));
}
else
{
result = gnutls_x509_crt_set_crq (crt, crq);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result));
}
result =
gnutls_x509_crt_set_expiration_time (crt,
- time (NULL) + days * 24 * 60 * 60);
+ time (NULL) + days * 24 * 60 * 60);
if (result < 0)
error (EXIT_FAILURE, 0, "set_expiration: %s", gnutls_strerror (result));
{
result = gnutls_x509_crt_set_crq_extensions (crt, crq);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result));
}
/* append additional extensions */
{
if (proxy)
- {
- const char *policylanguage;
- char *policy;
- size_t policylen;
- int proxypathlen = get_path_len ();
-
- if (!batch)
- {
- printf ("1.3.6.1.5.5.7.21.1 ::= id-ppl-inheritALL\n");
- printf ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n");
- }
-
- policylanguage = get_proxy_policy (&policy, &policylen);
-
- result =
- gnutls_x509_crt_set_proxy (crt, proxypathlen, policylanguage,
- policy, policylen);
- if (result < 0)
- error (EXIT_FAILURE, 0, "set_proxy: %s",
- gnutls_strerror (result));
- }
+ {
+ const char *policylanguage;
+ char *policy;
+ size_t policylen;
+ int proxypathlen = get_path_len ();
+
+ if (!batch)
+ {
+ printf ("1.3.6.1.5.5.7.21.1 ::= id-ppl-inheritALL\n");
+ printf ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n");
+ }
+
+ policylanguage = get_proxy_policy (&policy, &policylen);
+
+ result =
+ gnutls_x509_crt_set_proxy (crt, proxypathlen, policylanguage,
+ policy, policylen);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "set_proxy: %s",
+ gnutls_strerror (result));
+ }
if (!proxy)
- ca_status = get_ca_status ();
+ ca_status = get_ca_status ();
if (ca_status)
- path_len = get_path_len ();
+ path_len = get_path_len ();
else
- path_len = -1;
+ path_len = -1;
result =
- gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len);
+ gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len);
if (result < 0)
- error (EXIT_FAILURE, 0, "basic_constraints: %s",
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "basic_constraints: %s",
+ gnutls_strerror (result));
client = get_tls_client_status ();
if (client != 0)
- {
- result = gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_TLS_WWW_CLIENT,
- 0);
- if (result < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result));
- }
+ {
+ result = gnutls_x509_crt_set_key_purpose_oid (crt,
+ GNUTLS_KP_TLS_WWW_CLIENT,
+ 0);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result));
+ }
is_ike = get_ipsec_ike_status ();
server = get_tls_server_status ();
if ((server != 0 && !proxy) || is_ike)
- {
- get_dns_name_set (TYPE_CRT, crt);
- get_ip_addr_set (TYPE_CRT, crt);
- }
+ {
+ get_dns_name_set (TYPE_CRT, crt);
+ get_ip_addr_set (TYPE_CRT, crt);
+ }
if (server != 0)
- {
- result = 0;
-
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_TLS_WWW_SERVER, 0);
- if (result < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result));
- }
+ {
+ result = 0;
+
+ result =
+ gnutls_x509_crt_set_key_purpose_oid (crt,
+ GNUTLS_KP_TLS_WWW_SERVER, 0);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result));
+ }
else if (!proxy)
- {
- get_email_set (TYPE_CRT, crt);
- }
+ {
+ get_email_set (TYPE_CRT, crt);
+ }
if (!ca_status || server)
- {
- int pk;
-
-
- pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
-
- if (pk != GNUTLS_PK_DSA)
- { /* DSA keys can only sign.
- */
- result = get_sign_status (server);
- if (result)
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
-
- result = get_encrypt_status (server);
- if (result)
- usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- }
- else
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
-
- if (is_ike)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_IPSEC_IKE, 0);
- if (result < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s",
- gnutls_strerror (result));
- }
- }
+ {
+ int pk;
+
+
+ pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
+
+ if (pk != GNUTLS_PK_DSA)
+ { /* DSA keys can only sign.
+ */
+ result = get_sign_status (server);
+ if (result)
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+
+ result = get_encrypt_status (server);
+ if (result)
+ usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ }
+ else
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+
+ if (is_ike)
+ {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid (crt,
+ GNUTLS_KP_IPSEC_IKE, 0);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s",
+ gnutls_strerror (result));
+ }
+ }
if (ca_status)
- {
- result = get_cert_sign_status ();
- if (result)
- usage |= GNUTLS_KEY_KEY_CERT_SIGN;
-
- result = get_crl_sign_status ();
- if (result)
- usage |= GNUTLS_KEY_CRL_SIGN;
-
- result = get_code_sign_status ();
- if (result)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_CODE_SIGNING,
- 0);
- if (result < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s",
- gnutls_strerror (result));
- }
-
- result = get_ocsp_sign_status ();
- if (result)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_OCSP_SIGNING,
- 0);
- if (result < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s",
- gnutls_strerror (result));
- }
-
- result = get_time_stamp_status ();
- if (result)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_TIME_STAMPING,
- 0);
- if (result < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s",
- gnutls_strerror (result));
- }
- }
+ {
+ result = get_cert_sign_status ();
+ if (result)
+ usage |= GNUTLS_KEY_KEY_CERT_SIGN;
+
+ result = get_crl_sign_status ();
+ if (result)
+ usage |= GNUTLS_KEY_CRL_SIGN;
+
+ result = get_code_sign_status ();
+ if (result)
+ {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid (crt,
+ GNUTLS_KP_CODE_SIGNING,
+ 0);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s",
+ gnutls_strerror (result));
+ }
+
+ result = get_ocsp_sign_status ();
+ if (result)
+ {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid (crt,
+ GNUTLS_KP_OCSP_SIGNING,
+ 0);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s",
+ gnutls_strerror (result));
+ }
+
+ result = get_time_stamp_status ();
+ if (result)
+ {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid (crt,
+ GNUTLS_KP_TIME_STAMPING,
+ 0);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s",
+ gnutls_strerror (result));
+ }
+ }
if (usage != 0)
- {
- /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is
- set, then either digitalSignature or the nonRepudiation bits in the
- KeyUsage extension MUST for all IKE certs */
- if (is_ike && (get_sign_status (server) != 1))
- usage |= GNUTLS_KEY_NON_REPUDIATION;
- result = gnutls_x509_crt_set_key_usage (crt, usage);
- if (result < 0)
- error (EXIT_FAILURE, 0, "key_usage: %s",
- gnutls_strerror (result));
- }
+ {
+ /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is
+ set, then either digitalSignature or the nonRepudiation bits in the
+ KeyUsage extension MUST for all IKE certs */
+ if (is_ike && (get_sign_status (server) != 1))
+ usage |= GNUTLS_KEY_NON_REPUDIATION;
+ result = gnutls_x509_crt_set_key_usage (crt, usage);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "key_usage: %s",
+ gnutls_strerror (result));
+ }
/* Subject Key ID.
*/
size = buffer_size;
result = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size);
if (result >= 0)
- {
- result = gnutls_x509_crt_set_subject_key_id (crt, buffer, size);
- if (result < 0)
- error (EXIT_FAILURE, 0, "set_subject_key_id: %s",
- gnutls_strerror (result));
- }
+ {
+ result = gnutls_x509_crt_set_subject_key_id (crt, buffer, size);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "set_subject_key_id: %s",
+ gnutls_strerror (result));
+ }
/* Authority Key ID.
*/
if (ca_crt != NULL)
- {
- size = buffer_size;
- result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
- &size, NULL);
- if (result < 0)
- {
- size = buffer_size;
- result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
- }
- if (result >= 0)
- {
- result =
- gnutls_x509_crt_set_authority_key_id (crt, buffer, size);
- if (result < 0)
- error (EXIT_FAILURE, 0, "set_authority_key_id: %s",
- gnutls_strerror (result));
- }
- }
+ {
+ size = buffer_size;
+ result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
+ &size, NULL);
+ if (result < 0)
+ {
+ size = buffer_size;
+ result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
+ }
+ if (result >= 0)
+ {
+ result =
+ gnutls_x509_crt_set_authority_key_id (crt, buffer, size);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "set_authority_key_id: %s",
+ gnutls_strerror (result));
+ }
+ }
}
/* Version.
{
result = gnutls_x509_crl_set_crt (crl, crts[i], now);
if (result < 0)
- error (EXIT_FAILURE, 0, "crl_set_crt: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "crl_set_crt: %s", gnutls_strerror (result));
}
result = gnutls_x509_crl_set_this_update (crl, now);
{
size = buffer_size;
result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
- &size, NULL);
+ &size, NULL);
if (result < 0)
- {
- size = buffer_size;
- result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
- }
+ {
+ size = buffer_size;
+ result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
+ }
if (result >= 0)
- {
- result = gnutls_x509_crl_set_authority_key_id (crl, buffer, size);
- if (result < 0)
- error (EXIT_FAILURE, 0, "set_authority_key_id: %s",
- gnutls_strerror (result));
- }
+ {
+ result = gnutls_x509_crl_set_authority_key_id (crl, buffer, size);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "set_authority_key_id: %s",
+ gnutls_strerror (result));
+ }
}
{
if (result < 0)
{
error (EXIT_FAILURE, 0, "crl_preferred_hash_algorithm: %s",
- gnutls_strerror (result));
+ gnutls_strerror (result));
}
/* if algorithm allows alternatives */
if (uri)
{
result = gnutls_x509_crt_set_crl_dist_points (crt, GNUTLS_SAN_URI,
- uri,
- 0 /* all reasons */ );
+ uri,
+ 0 /* all reasons */ );
if (result < 0)
- error (EXIT_FAILURE, 0, "crl_dist_points: %s",
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "crl_dist_points: %s",
+ gnutls_strerror (result));
}
print_certificate_info (crt, stderr, 0);
if (gaa (argc, argv, &info) != -1)
{
fprintf (stderr, "Try `%s --help' for more information.\n",
- program_name);
+ program_name);
exit (1);
}
{
outfile = safe_open_rw (info.outfile, info.privkey_op);
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", info.outfile);
+ error (EXIT_FAILURE, errno, "%s", info.outfile);
}
else
outfile = stdout;
{
infile = fopen (info.infile, "rb");
if (infile == NULL)
- error (EXIT_FAILURE, errno, "%s", info.infile);
+ error (EXIT_FAILURE, errno, "%s", info.infile);
}
else
infile = stdin;
if (info.hash != NULL)
{
if (strcasecmp (info.hash, "md5") == 0)
- {
- fprintf (stderr,
- "Warning: MD5 is broken, and should not be used any more for digital signatures.\n");
- default_dig = GNUTLS_DIG_MD5;
- }
+ {
+ fprintf (stderr,
+ "Warning: MD5 is broken, and should not be used any more for digital signatures.\n");
+ default_dig = GNUTLS_DIG_MD5;
+ }
else if (strcasecmp (info.hash, "sha1") == 0)
- default_dig = GNUTLS_DIG_SHA1;
+ default_dig = GNUTLS_DIG_SHA1;
else if (strcasecmp (info.hash, "sha256") == 0)
- default_dig = GNUTLS_DIG_SHA256;
+ default_dig = GNUTLS_DIG_SHA256;
else if (strcasecmp (info.hash, "sha224") == 0)
- default_dig = GNUTLS_DIG_SHA224;
+ default_dig = GNUTLS_DIG_SHA224;
else if (strcasecmp (info.hash, "sha384") == 0)
- default_dig = GNUTLS_DIG_SHA384;
+ default_dig = GNUTLS_DIG_SHA384;
else if (strcasecmp (info.hash, "sha512") == 0)
- default_dig = GNUTLS_DIG_SHA512;
+ default_dig = GNUTLS_DIG_SHA512;
else if (strcasecmp (info.hash, "rmd160") == 0)
- default_dig = GNUTLS_DIG_RMD160;
+ default_dig = GNUTLS_DIG_RMD160;
else
- error (EXIT_FAILURE, 0, "invalid hash: %s", info.hash);
+ error (EXIT_FAILURE, 0, "invalid hash: %s", info.hash);
}
batch = 0;
crt_num = MAX_CRTS;
ret =
gnutls_x509_crt_list_import (crt, &crt_num, &pem, info.incert_format,
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
error (0, 0, "too many certificates (%d); "
- "will only read the first %d", crt_num, MAX_CRTS);
+ "will only read the first %d", crt_num, MAX_CRTS);
crt_num = MAX_CRTS;
ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem,
- info.incert_format, 0);
+ info.incert_format, 0);
}
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
if (count > 1 && info.outcert_format == GNUTLS_X509_FMT_DER)
{
error (0, 0, "cannot output multiple certificates in DER format; "
- "using PEM instead");
+ "using PEM instead");
info.outcert_format = GNUTLS_X509_FMT_PEM;
}
for (i = 0; i < count; i++)
{
if (i > 0)
- fprintf (outfile, "\n");
+ fprintf (outfile, "\n");
if (info.outcert_format == GNUTLS_X509_FMT_PEM)
- print_certificate_info (crt[i], outfile, 1);
+ print_certificate_info (crt[i], outfile, 1);
size = buffer_size;
ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer,
- &size);
+ &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
fwrite (buffer, 1, size, outfile);
if (pubkey)
- pubkey_info (crt[i], cinfo);
+ pubkey_info (crt[i], cinfo);
gnutls_x509_crt_deinit (crt[i]);
}
ret = gnutls_openpgp_crt_print (crt, 0, &out_data);
if (ret == 0)
- {
- fprintf (outfile, "%s\n", out_data.data);
- gnutls_free (out_data.data);
- }
+ {
+ fprintf (outfile, "%s\n", out_data.data);
+ gnutls_free (out_data.data);
+ }
}
if (ret < 0)
{
error (EXIT_FAILURE, 0, "verify signature error: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
}
if (verify_status & GNUTLS_CERT_INVALID)
else
{
fprintf (outfile, "Self Signature verification: ok (%x)\n\n",
- verify_status);
+ verify_status);
}
size = buffer_size;
pem.size = size;
ret = gnutls_openpgp_privkey_import (key, &pem, info.incert_format,
- NULL, 0);
+ NULL, 0);
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
subkeys = gnutls_openpgp_privkey_get_subkey_count (key);
if (subkeys < 0)
error (EXIT_FAILURE, 0, "privkey_get_subkey_count: %s",
- gnutls_strerror (subkeys));
+ gnutls_strerror (subkeys));
for (i = -1; i < subkeys; i++)
{
if (i != -1)
- fprintf (outfile, "Subkey[%d]:\n", i);
+ fprintf (outfile, "Subkey[%d]:\n", i);
fprintf (outfile, "Public Key Info:\n");
if (i == -1)
- ret = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+ ret = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
else
- ret = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL);
+ ret = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL);
fprintf (outfile, "\tPublic Key Algorithm: ");
cprint = gnutls_pk_algorithm_get_name (ret);
fprintf (outfile, "%s\n", cprint ? cprint : "Unknown");
fprintf (outfile, "\tKey Security Level: %s\n",
- gnutls_sec_param_get_name (gnutls_openpgp_privkey_sec_param
- (key)));
+ gnutls_sec_param_get_name (gnutls_openpgp_privkey_sec_param
+ (key)));
/* Print the raw public and private keys
*/
if (ret == GNUTLS_PK_RSA)
- {
- gnutls_datum_t m, e, d, p, q, u;
-
- if (i == -1)
- ret =
- gnutls_openpgp_privkey_export_rsa_raw (key, &m, &e, &d, &p,
- &q, &u);
- else
- ret =
- gnutls_openpgp_privkey_export_subkey_rsa_raw (key, i, &m,
- &e, &d, &p,
- &q, &u);
- if (ret < 0)
- fprintf (stderr, "Error in key RSA data export: %s\n",
- gnutls_strerror (ret));
- else
- print_rsa_pkey (&m, &e, &d, &p, &q, &u, NULL, NULL);
-
- }
+ {
+ gnutls_datum_t m, e, d, p, q, u;
+
+ if (i == -1)
+ ret =
+ gnutls_openpgp_privkey_export_rsa_raw (key, &m, &e, &d, &p,
+ &q, &u);
+ else
+ ret =
+ gnutls_openpgp_privkey_export_subkey_rsa_raw (key, i, &m,
+ &e, &d, &p,
+ &q, &u);
+ if (ret < 0)
+ fprintf (stderr, "Error in key RSA data export: %s\n",
+ gnutls_strerror (ret));
+ else
+ print_rsa_pkey (&m, &e, &d, &p, &q, &u, NULL, NULL);
+
+ }
else if (ret == GNUTLS_PK_DSA)
- {
- gnutls_datum_t p, q, g, y, x;
-
- if (i == -1)
- ret =
- gnutls_openpgp_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
- else
- ret =
- gnutls_openpgp_privkey_export_subkey_dsa_raw (key, i, &p,
- &q, &g, &y, &x);
- if (ret < 0)
- fprintf (stderr, "Error in key DSA data export: %s\n",
- gnutls_strerror (ret));
- else
- print_dsa_pkey (&x, &y, &p, &q, &g);
- }
+ {
+ gnutls_datum_t p, q, g, y, x;
+
+ if (i == -1)
+ ret =
+ gnutls_openpgp_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
+ else
+ ret =
+ gnutls_openpgp_privkey_export_subkey_dsa_raw (key, i, &p,
+ &q, &g, &y, &x);
+ if (ret < 0)
+ fprintf (stderr, "Error in key DSA data export: %s\n",
+ gnutls_strerror (ret));
+ else
+ print_dsa_pkey (&x, &y, &p, &q, &g);
+ }
fprintf (outfile, "\n");
size = buffer_size;
if (i == -1)
- ret = gnutls_openpgp_privkey_get_key_id (key, keyid);
+ ret = gnutls_openpgp_privkey_get_key_id (key, keyid);
else
- ret = gnutls_openpgp_privkey_get_subkey_id (key, i, keyid);
+ ret = gnutls_openpgp_privkey_get_subkey_id (key, i, keyid);
if (ret < 0)
- {
- fprintf (stderr, "Error in key id calculation: %s\n",
- gnutls_strerror (ret));
- }
+ {
+ fprintf (stderr, "Error in key id calculation: %s\n",
+ gnutls_strerror (ret));
+ }
else
- {
- fprintf (outfile, "Public Key ID: %s\n", raw_to_string (keyid, 8));
- }
+ {
+ fprintf (outfile, "Public Key ID: %s\n", raw_to_string (keyid, 8));
+ }
}
size = buffer_size;
ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64,
- NULL, 0, buffer, &size);
+ NULL, 0, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
ret = gnutls_openpgp_keyring_init (&ring);
if (ret < 0)
error (EXIT_FAILURE, 0, "openpgp_keyring_init: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
ret = gnutls_openpgp_keyring_import (ring, &pem, info.incert_format);
{
ret = gnutls_openpgp_keyring_get_crt (ring, i, &crt);
if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
size = buffer_size;
ret = gnutls_openpgp_crt_export (crt, info.outcert_format,
- buffer, &size);
+ buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
fwrite (buffer, 1, size, outfile);
fprintf (outfile, "\n\n");
{
fprintf (outfile, "%.2x:", (unsigned char) dat->data[j]);
if ((j + 1) % 15 == 0)
- fprintf (outfile, "\n" SPACE);
+ fprintf (outfile, "\n" SPACE);
}
fprintf (outfile, "\n");
}
gnutls_free (cinfo.data);
}
- if (out == stderr && batch == 0) /* interactive */
+ if (out == stderr && batch == 0) /* interactive */
if (read_yesno ("Is the above information ok? (y/N): ") == 0)
{
- exit (1);
+ exit (1);
}
}
if (!pem.data)
error (EXIT_FAILURE, errno, "%s", info.infile ? info.infile :
- "standard input");
+ "standard input");
ret = gnutls_x509_crl_import (crl, &pem, info.incert_format);
{
ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &cinfo);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret));
fprintf (out, "%s\n", cinfo.data);
if (!pem.data)
error (EXIT_FAILURE, errno, "%s", info.infile ? info.infile :
- "standard input");
+ "standard input");
ret = gnutls_x509_crq_import (crq, &pem, info.incert_format);
if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
if (info.pass)
- pass = info.pass;
+ pass = info.pass;
else
- pass = get_pass ();
+ pass = get_pass ();
ret = gnutls_x509_privkey_import_pkcs8 (key, &pem,
- info.incert_format, pass, 0);
+ info.incert_format, pass, 0);
}
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
cprint = gnutls_pk_algorithm_get_name (ret);
fprintf (outfile, "%s\n", cprint ? cprint : "Unknown");
fprintf (outfile, "\tKey Security Level: %s\n",
- gnutls_sec_param_get_name (gnutls_x509_privkey_sec_param (key)));
+ gnutls_sec_param_get_name (gnutls_x509_privkey_sec_param (key)));
/* Print the raw public and private keys
*/
gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
ret =
- gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u,
- &exp1, &exp2);
+ gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u,
+ &exp1, &exp2);
if (ret < 0)
- fprintf (stderr, "Error in key RSA data export: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "Error in key RSA data export: %s\n",
+ gnutls_strerror (ret));
else
- {
- print_rsa_pkey (&m, &e, &d, &p, &q, &u, &exp1, &exp2);
- gnutls_free (m.data);
- gnutls_free (e.data);
- gnutls_free (d.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (u.data);
- gnutls_free (exp1.data);
- gnutls_free (exp2.data);
- }
+ {
+ print_rsa_pkey (&m, &e, &d, &p, &q, &u, &exp1, &exp2);
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ gnutls_free (d.data);
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (u.data);
+ gnutls_free (exp1.data);
+ gnutls_free (exp2.data);
+ }
}
else if (ret == GNUTLS_PK_DSA)
{
ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
if (ret < 0)
- fprintf (stderr, "Error in key DSA data export: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "Error in key DSA data export: %s\n",
+ gnutls_strerror (ret));
else
- {
- print_dsa_pkey (&x, &y, &p, &q, &g);
- gnutls_free (x.data);
- gnutls_free (y.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- }
+ {
+ print_dsa_pkey (&x, &y, &p, &q, &g);
+ gnutls_free (x.data);
+ gnutls_free (y.data);
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ }
}
fprintf (outfile, "\n");
if ((ret = gnutls_x509_privkey_get_key_id (key, 0, buffer, &size)) < 0)
{
fprintf (stderr, "Error in key id calculation: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
}
else
{
{
ret = gnutls_x509_privkey_fix (key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret));
}
size = buffer_size;
{
ret = gnutls_x509_crq_set_challenge_password (crq, pass);
if (ret < 0)
- error (EXIT_FAILURE, 0, "set_pass: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "set_pass: %s", gnutls_strerror (ret));
}
if (info.crq_extensions != 0)
{
ca_status = get_ca_status ();
if (ca_status)
- path_len = get_path_len ();
+ path_len = get_path_len ();
else
- path_len = -1;
+ path_len = -1;
ret = gnutls_x509_crq_set_basic_constraints (crq, ca_status, path_len);
if (ret < 0)
- error (EXIT_FAILURE, 0, "set_basic_constraints: %s",
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "set_basic_constraints: %s",
+ gnutls_strerror (ret));
ret = get_sign_status (1);
if (ret)
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
ret = get_encrypt_status (1);
if (ret)
- usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
else
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
if (ca_status)
- {
- ret = get_cert_sign_status ();
- if (ret)
- usage |= GNUTLS_KEY_KEY_CERT_SIGN;
-
- ret = get_crl_sign_status ();
- if (ret)
- usage |= GNUTLS_KEY_CRL_SIGN;
-
- ret = get_code_sign_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_CODE_SIGNING, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
- }
-
- ret = get_ocsp_sign_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_OCSP_SIGNING, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
- }
-
- ret = get_time_stamp_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_TIME_STAMPING, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
- }
-
- ret = get_ipsec_ike_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_IPSEC_IKE, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
- }
- }
+ {
+ ret = get_cert_sign_status ();
+ if (ret)
+ usage |= GNUTLS_KEY_KEY_CERT_SIGN;
+
+ ret = get_crl_sign_status ();
+ if (ret)
+ usage |= GNUTLS_KEY_CRL_SIGN;
+
+ ret = get_code_sign_status ();
+ if (ret)
+ {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_CODE_SIGNING, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
+ }
+
+ ret = get_ocsp_sign_status ();
+ if (ret)
+ {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_OCSP_SIGNING, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
+ }
+
+ ret = get_time_stamp_status ();
+ if (ret)
+ {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_TIME_STAMPING, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
+ }
+
+ ret = get_ipsec_ike_status ();
+ if (ret)
+ {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_IPSEC_IKE, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
+ }
+ }
ret = gnutls_x509_crq_set_key_usage (crq, usage);
if (ret < 0)
- error (EXIT_FAILURE, 0, "key_usage: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "key_usage: %s", gnutls_strerror (ret));
ret = get_tls_client_status ();
if (ret != 0)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_TLS_WWW_CLIENT, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
- }
+ {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_TLS_WWW_CLIENT, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
+ }
ret = get_tls_server_status ();
if (ret != 0)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
- }
+ {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
+ }
}
ret = gnutls_x509_crq_set_key (crq, key);
}
static void print_verification_res (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crl_t * crl_list,
- int crl_list_size, unsigned int flags);
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size, unsigned int flags);
#define CERT_SEP "-----BEGIN CERT"
#define CRL_SEP "-----BEGIN X509 CRL"
i = 1;
- if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */
+ if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */
do
{
- x509_crl_list =
- (gnutls_x509_crl_t *) realloc (x509_crl_list,
- i * sizeof (gnutls_x509_crl_t));
- if (x509_crl_list == NULL)
- error (EXIT_FAILURE, 0, "memory error");
-
- tmp.data = (char *) ptr;
- tmp.size = cert_size;
- tmp.size -=
- (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert);
-
- ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i,
- gnutls_strerror (ret));
-
- ret = gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i,
- gnutls_strerror (ret));
-
- /* now we move ptr after the pem header */
- ptr = strstr (ptr, CRL_SEP);
- if (ptr != NULL)
- ptr++;
-
- i++;
+ x509_crl_list =
+ (gnutls_x509_crl_t *) realloc (x509_crl_list,
+ i * sizeof (gnutls_x509_crl_t));
+ if (x509_crl_list == NULL)
+ error (EXIT_FAILURE, 0, "memory error");
+
+ tmp.data = (char *) ptr;
+ tmp.size = cert_size;
+ tmp.size -=
+ (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert);
+
+ ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i,
+ gnutls_strerror (ret));
+
+ ret = gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i,
+ gnutls_strerror (ret));
+
+ /* now we move ptr after the pem header */
+ ptr = strstr (ptr, CRL_SEP);
+ if (ptr != NULL)
+ ptr++;
+
+ i++;
}
while ((ptr = strstr (ptr, CRL_SEP)) != NULL);
do
{
x509_cert_list =
- (gnutls_x509_crt_t *) realloc (x509_cert_list,
- i * sizeof (gnutls_x509_crt_t));
+ (gnutls_x509_crt_t *) realloc (x509_cert_list,
+ i * sizeof (gnutls_x509_crt_t));
if (x509_cert_list == NULL)
- error (EXIT_FAILURE, 0, "memory error");
+ error (EXIT_FAILURE, 0, "memory error");
tmp.data = (char *) ptr;
tmp.size = cert_size;
tmp.size -=
- (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert);
+ (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert);
ret = gnutls_x509_crt_init (&x509_cert_list[i - 1]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i,
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i,
+ gnutls_strerror (ret));
ret =
- gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp,
- GNUTLS_X509_FMT_PEM);
+ gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp,
+ GNUTLS_X509_FMT_PEM);
if (ret < 0)
- error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i,
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i,
+ gnutls_strerror (ret));
if (i - 1 != 0)
- {
- /* verify the previous certificate using this one
- * as CA.
- */
-
- name_size = sizeof (name);
- ret =
- gnutls_x509_crt_get_dn (x509_cert_list[i - 2], name, &name_size);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret));
-
- fprintf (outfile, "Certificate[%d]: %s\n", i - 2, name);
-
- /* print issuer
- */
- issuer_name_size = sizeof (issuer_name);
- ret =
- gnutls_x509_crt_get_issuer_dn (x509_cert_list[i - 2],
- issuer_name, &issuer_name_size);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "get_issuer_dn: %s",
- gnutls_strerror (ret));
-
- fprintf (outfile, "\tIssued by: %s\n", issuer_name);
-
- /* Get the Issuer's name
- */
- name_size = sizeof (name);
- ret =
- gnutls_x509_crt_get_dn (x509_cert_list[i - 1], name, &name_size);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret));
-
- fprintf (outfile, "\tVerifying against certificate[%d].\n", i - 1);
-
- if (strcmp (issuer_name, name) != 0)
- {
- fprintf (stderr, "Error: Issuer's name: %s\n", name);
- error (EXIT_FAILURE, 0,
- "issuer name does not match the next certificate");
- }
-
- fprintf (outfile, "\tVerification output: ");
- print_verification_res (x509_cert_list[i - 2],
- x509_cert_list[i - 1], x509_crl_list,
- x509_ncrls,
- GNUTLS_VERIFY_DO_NOT_ALLOW_SAME);
- fprintf (outfile, ".\n\n");
-
- }
+ {
+ /* verify the previous certificate using this one
+ * as CA.
+ */
+
+ name_size = sizeof (name);
+ ret =
+ gnutls_x509_crt_get_dn (x509_cert_list[i - 2], name, &name_size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret));
+
+ fprintf (outfile, "Certificate[%d]: %s\n", i - 2, name);
+
+ /* print issuer
+ */
+ issuer_name_size = sizeof (issuer_name);
+ ret =
+ gnutls_x509_crt_get_issuer_dn (x509_cert_list[i - 2],
+ issuer_name, &issuer_name_size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "get_issuer_dn: %s",
+ gnutls_strerror (ret));
+
+ fprintf (outfile, "\tIssued by: %s\n", issuer_name);
+
+ /* Get the Issuer's name
+ */
+ name_size = sizeof (name);
+ ret =
+ gnutls_x509_crt_get_dn (x509_cert_list[i - 1], name, &name_size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret));
+
+ fprintf (outfile, "\tVerifying against certificate[%d].\n", i - 1);
+
+ if (strcmp (issuer_name, name) != 0)
+ {
+ fprintf (stderr, "Error: Issuer's name: %s\n", name);
+ error (EXIT_FAILURE, 0,
+ "issuer name does not match the next certificate");
+ }
+
+ fprintf (outfile, "\tVerification output: ");
+ print_verification_res (x509_cert_list[i - 2],
+ x509_cert_list[i - 1], x509_crl_list,
+ x509_ncrls,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME);
+ fprintf (outfile, ".\n\n");
+
+ }
/* now we move ptr after the pem header
*/
ptr = strstr (ptr, CERT_SEP);
if (ptr != NULL)
- ptr++;
+ ptr++;
i++;
}
*/
name_size = sizeof (name);
ret = gnutls_x509_crt_get_dn (x509_cert_list[x509_ncerts - 1], name,
- &name_size);
+ &name_size);
if (ret < 0)
error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret));
issuer_name_size = sizeof (issuer_name);
ret =
gnutls_x509_crt_get_issuer_dn (x509_cert_list[x509_ncerts - 1],
- issuer_name, &issuer_name_size);
+ issuer_name, &issuer_name_size);
if (ret < 0)
error (EXIT_FAILURE, 0, "get_issuer_dn: %s", gnutls_strerror (ret));
fprintf (outfile, "\tVerification output: ");
print_verification_res (x509_cert_list[x509_ncerts - 1],
- x509_cert_list[x509_ncerts - 1], x509_crl_list,
- /* we add GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT since it is
- * self signed. */
- x509_ncrls,
- GNUTLS_VERIFY_DO_NOT_ALLOW_SAME |
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+ x509_cert_list[x509_ncerts - 1], x509_crl_list,
+ /* we add GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT since it is
+ * self signed. */
+ x509_ncrls,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME |
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
fprintf (outfile, ".\n\n");
int verify_status;
ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts,
- &x509_cert_list[x509_ncerts - 1], 1,
- x509_crl_list,
- x509_ncrls,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT |
- GNUTLS_VERIFY_DO_NOT_ALLOW_SAME,
- &verify_status);
+ &x509_cert_list[x509_ncerts - 1], 1,
+ x509_crl_list,
+ x509_ncrls,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT |
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME,
+ &verify_status);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
fprintf (outfile, "Chain verification output: ");
if (verify_status & GNUTLS_CERT_INVALID)
{
- fprintf (outfile, "Not verified");
+ fprintf (outfile, "Not verified");
}
else
{
- fprintf (outfile, "Verified");
+ fprintf (outfile, "Verified");
}
if (verify_status & GNUTLS_CERT_SIGNER_NOT_CA)
{
- fprintf (outfile, ", ");
- fprintf (outfile, "Issuer is not a CA");
+ fprintf (outfile, ", ");
+ fprintf (outfile, "Issuer is not a CA");
}
if (verify_status & GNUTLS_CERT_INSECURE_ALGORITHM)
{
- fprintf (outfile, ", ");
- fprintf (outfile, "Insecure algorithm");
+ fprintf (outfile, ", ");
+ fprintf (outfile, "Insecure algorithm");
}
fprintf (outfile, ".\n");
static void
print_verification_res (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crl_t * crl_list, int crl_list_size,
- unsigned int flags)
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crl_t * crl_list, int crl_list_size,
+ unsigned int flags)
{
unsigned int output;
int comma = 0;
if (output & GNUTLS_CERT_SIGNER_NOT_CA)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Issuer is not a CA");
comma = 1;
}
if (output & GNUTLS_CERT_INSECURE_ALGORITHM)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Insecure algorithm");
comma = 1;
}
if (output & GNUTLS_CERT_NOT_ACTIVATED)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Not activated");
comma = 1;
}
if (output & GNUTLS_CERT_EXPIRED)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Expired");
comma = 1;
}
error (EXIT_FAILURE, 0, "revocation check: %s", gnutls_strerror (ret));
if (ret == 1)
- { /* revoked */
+ { /* revoked */
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
comma = 1;
fprintf (outfile, "Revoked");
}
if (output & GNUTLS_CERT_SIGNER_NOT_CA)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Issuer is not a CA");
comma = 1;
}
if (output & GNUTLS_CERT_INSECURE_ALGORITHM)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
fprintf (outfile, "Insecure algorithm");
comma = 1;
}
if (gnutls_x509_crl_get_this_update (crl) > now)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
comma = 1;
fprintf (outfile, "Issued in the future!");
}
if (gnutls_x509_crl_get_next_update (crl) < now)
{
if (comma)
- fprintf (outfile, ", ");
+ fprintf (outfile, ", ");
comma = 1;
fprintf (outfile, "CRL is not up to date");
}
size = buffer_size;
result =
gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format,
- password, flags, buffer, &size);
+ password, flags, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result));
result = gnutls_pkcs12_bag_init (&bag);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
result = gnutls_pkcs12_bag_set_crt (bag, crts[i]);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_crt[%d]: %s", i,
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "set_crt[%d]: %s", i,
+ gnutls_strerror (result));
indx = result;
result = gnutls_pkcs12_bag_set_friendly_name (bag, indx, name);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
+ gnutls_strerror (result));
size = sizeof (_key_id);
result = gnutls_x509_crt_get_key_id (crts[i], 0, _key_id, &size);
if (result < 0)
- error (EXIT_FAILURE, 0, "key_id[%d]: %s", i,
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "key_id[%d]: %s", i,
+ gnutls_strerror (result));
key_id.data = _key_id;
key_id.size = size;
result = gnutls_pkcs12_bag_set_key_id (bag, indx, &key_id);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
+ gnutls_strerror (result));
if (info.export)
- flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
+ flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
else
- flags = cipher_to_flags (info.pkcs_cipher);
+ flags = cipher_to_flags (info.pkcs_cipher);
result = gnutls_pkcs12_bag_encrypt (bag, pass, flags);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_encrypt: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_encrypt: %s", gnutls_strerror (result));
result = gnutls_pkcs12_set_bag (pkcs12, bag);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
}
if (key)
result = gnutls_pkcs12_bag_init (&kbag);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
if (info.export)
- flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
+ flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
else
- flags = cipher_to_flags (info.pkcs_cipher);
+ flags = cipher_to_flags (info.pkcs_cipher);
size = buffer_size;
result =
- gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER,
- pass, flags, buffer, &size);
+ gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER,
+ pass, flags, buffer, &size);
if (result < 0)
- error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result));
data.data = buffer;
data.size = size;
result =
- gnutls_pkcs12_bag_set_data (kbag,
- GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data);
+ gnutls_pkcs12_bag_set_data (kbag,
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_set_data: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_set_data: %s", gnutls_strerror (result));
indx = result;
result = gnutls_pkcs12_bag_set_friendly_name (kbag, indx, name);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
+ gnutls_strerror (result));
size = sizeof (_key_id);
result = gnutls_x509_privkey_get_key_id (key, 0, _key_id, &size);
if (result < 0)
- error (EXIT_FAILURE, 0, "key_id: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "key_id: %s", gnutls_strerror (result));
key_id.data = _key_id;
key_id.size = size;
result = gnutls_pkcs12_bag_set_key_id (kbag, indx, &key_id);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
- gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
+ gnutls_strerror (result));
result = gnutls_pkcs12_set_bag (pkcs12, kbag);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
}
result = gnutls_pkcs12_generate_mac (pkcs12, pass);
{
type = gnutls_pkcs12_bag_get_type (bag, i);
if (type < 0)
- error (EXIT_FAILURE, 0, "get_type: %s", gnutls_strerror (type));
+ error (EXIT_FAILURE, 0, "get_type: %s", gnutls_strerror (type));
fprintf (stderr, "\tType: %s\n", BAGTYPE (type));
name = NULL;
result = gnutls_pkcs12_bag_get_friendly_name (bag, i, (char **) &name);
if (result < 0)
- error (EXIT_FAILURE, 0, "get_friendly_name: %s",
- gnutls_strerror (type));
+ error (EXIT_FAILURE, 0, "get_friendly_name: %s",
+ gnutls_strerror (type));
if (name)
- fprintf (outfile, "\tFriendly name: %s\n", name);
+ fprintf (outfile, "\tFriendly name: %s\n", name);
id.data = NULL;
id.size = 0;
result = gnutls_pkcs12_bag_get_key_id (bag, i, &id);
if (result < 0)
- error (EXIT_FAILURE, 0, "get_key_id: %s", gnutls_strerror (type));
+ error (EXIT_FAILURE, 0, "get_key_id: %s", gnutls_strerror (type));
fprintf (outfile, "\tKey ID: %s\n", raw_to_string (id.data, id.size));
result = gnutls_pkcs12_bag_get_data (bag, i, &cdata);
if (result < 0)
- error (EXIT_FAILURE, 0, "get_data: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "get_data: %s", gnutls_strerror (result));
switch (type)
- {
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- str = "ENCRYPTED PRIVATE KEY";
- break;
- case GNUTLS_BAG_PKCS8_KEY:
- str = "PRIVATE KEY";
- break;
- case GNUTLS_BAG_CERTIFICATE:
- str = "CERTIFICATE";
- break;
- case GNUTLS_BAG_CRL:
- str = "CRL";
- break;
- case GNUTLS_BAG_ENCRYPTED:
- case GNUTLS_BAG_EMPTY:
- default:
- str = NULL;
- }
+ {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ str = "ENCRYPTED PRIVATE KEY";
+ break;
+ case GNUTLS_BAG_PKCS8_KEY:
+ str = "PRIVATE KEY";
+ break;
+ case GNUTLS_BAG_CERTIFICATE:
+ str = "CERTIFICATE";
+ break;
+ case GNUTLS_BAG_CRL:
+ str = "CRL";
+ break;
+ case GNUTLS_BAG_ENCRYPTED:
+ case GNUTLS_BAG_EMPTY:
+ default:
+ str = NULL;
+ }
if (str != NULL)
- {
- gnutls_pem_base64_encode_alloc (str, &cdata, &out);
- fprintf (outfile, "%s\n", out.data);
+ {
+ gnutls_pem_base64_encode_alloc (str, &cdata, &out);
+ fprintf (outfile, "%s\n", out.data);
- gnutls_free (out.data);
- }
+ gnutls_free (out.data);
+ }
}
}
{
result = gnutls_pkcs12_bag_init (&bag);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
result = gnutls_pkcs12_get_bag (pkcs12, indx, bag);
if (result < 0)
- break;
+ break;
result = gnutls_pkcs12_bag_get_count (bag);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_count: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_count: %s", gnutls_strerror (result));
fprintf (outfile, "BAG #%d\n", indx);
result = gnutls_pkcs12_bag_get_type (bag, 0);
if (result < 0)
- error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
if (result == GNUTLS_BAG_ENCRYPTED)
- {
- fprintf (stderr, "\tType: %s\n", BAGTYPE (result));
- fprintf (stderr, "\n\tDecrypting...\n");
+ {
+ fprintf (stderr, "\tType: %s\n", BAGTYPE (result));
+ fprintf (stderr, "\n\tDecrypting...\n");
- result = gnutls_pkcs12_bag_decrypt (bag, pass);
+ result = gnutls_pkcs12_bag_decrypt (bag, pass);
- if (result < 0)
- {
- error (0, 0, "bag_decrypt: %s", gnutls_strerror (result));
- continue;
- }
+ if (result < 0)
+ {
+ error (0, 0, "bag_decrypt: %s", gnutls_strerror (result));
+ continue;
+ }
- result = gnutls_pkcs12_bag_get_count (bag);
- if (result < 0)
- error (EXIT_FAILURE, 0, "encrypted bag_count: %s",
- gnutls_strerror (result));
- }
+ result = gnutls_pkcs12_bag_get_count (bag);
+ if (result < 0)
+ error (EXIT_FAILURE, 0, "encrypted bag_count: %s",
+ gnutls_strerror (result));
+ }
print_bag_data (bag);
size = buffer_size;
result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, buffer, &size);
if (result < 0)
- break;
+ break;
data.data = buffer;
data.size = size;
result = gnutls_pem_base64_encode_alloc ("CERTIFICATE", &data, &b64);
if (result < 0)
- error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result));
fputs (b64.data, outfile);
gnutls_free (b64.data);
size = buffer_size;
result = gnutls_pkcs7_get_crl_raw (pkcs7, indx, buffer, &size);
if (result < 0)
- break;
+ break;
data.data = buffer;
data.size = size;
result = gnutls_pem_base64_encode_alloc ("X509 CRL", &data, &b64);
if (result < 0)
- error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result));
+ error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result));
fputs (b64.data, outfile);
gnutls_free (b64.data);
{
len = getline (&lineptr, &linesize, infile);
if (len == -1)
- error (EXIT_FAILURE, 0, "cannot find RFC 2822 header/body separator");
+ error (EXIT_FAILURE, 0, "cannot find RFC 2822 header/body separator");
}
while (strcmp (lineptr, "\r\n") != 0 && strcmp (lineptr, "\n") != 0);
{
len = getline (&lineptr, &linesize, infile);
if (len == -1)
- error (EXIT_FAILURE, 0, "message has RFC 2822 header but no body");
+ error (EXIT_FAILURE, 0, "message has RFC 2822 header but no body");
}
while (strcmp (lineptr, "\r\n") == 0 && strcmp (lineptr, "\n") == 0);
do
{
while (len > 0
- && (lineptr[len - 1] == '\r' || lineptr[len - 1] == '\n'))
- lineptr[--len] = '\0';
+ && (lineptr[len - 1] == '\r' || lineptr[len - 1] == '\n'))
+ lineptr[--len] = '\0';
if (strcmp (lineptr, "") != 0)
- fprintf (outfile, "%s\n", lineptr);
+ fprintf (outfile, "%s\n", lineptr);
len = getline (&lineptr, &linesize, infile);
}
while (len != -1);
if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
p = PACKAGE_STRING;
version_etc (stdout, program_name, p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", "Simon Josefsson", (char *) NULL);
+ "Nikos Mavrogiannopoulos", "Simon Josefsson", (char *) NULL);
}
static void
{
ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
if (ret < 0)
- {
- error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
- gnutls_strerror (ret));
- }
+ {
+ error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
+ gnutls_strerror (ret));
+ }
}
else
{
ret = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e);
if (ret < 0)
- fprintf (stderr, "Error in key RSA data export: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "Error in key RSA data export: %s\n",
+ gnutls_strerror (ret));
else
- {
- print_rsa_pkey (&m, &e, NULL, NULL, NULL, NULL, NULL, NULL);
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
+ {
+ print_rsa_pkey (&m, &e, NULL, NULL, NULL, NULL, NULL, NULL);
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
}
else if (ret == GNUTLS_PK_DSA)
{
ret = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y);
if (ret < 0)
- fprintf (stderr, "Error in key DSA data export: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "Error in key DSA data export: %s\n",
+ gnutls_strerror (ret));
else
- {
- print_dsa_pkey (NULL, &y, &p, &q, &g);
- gnutls_free (y.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- }
+ {
+ print_dsa_pkey (NULL, &y, &p, &q, &g);
+ gnutls_free (y.data);
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ }
}
ret = gnutls_pubkey_get_key_usage (pubkey, &usage);
if (ret < 0)
{
error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
}
fprintf (outfile, "Public Key Usage:\n");
if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0)
{
fprintf (stderr, "Error in key id calculation: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
}
else
{
ssize_t socket_recv (const socket_st * socket, void *buffer, int buffer_size);
ssize_t socket_send (const socket_st * socket, const void *buffer,
- int buffer_size);
+ int buffer_size);
void socket_open (socket_st * hd, const char *hostname, const char *service);
void socket_connect (const socket_st * hd);
void socket_bye (socket_st * socket);
if (strlen (str) != 16)
{
fprintf (stderr,
- "The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
+ "The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
exit (1);
}
if (x509_certfile != NULL && x509_keyfile != NULL)
{
if (strncmp (x509_certfile, "pkcs11:", 7) == 0)
- {
- crt_num = 1;
- gnutls_x509_crt_init (&x509_crt[0]);
-
- ret =
- gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, 0);
-
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- ret =
- gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading cert file.\n");
- exit (1);
- }
- x509_crt_size = 1;
- }
+ {
+ crt_num = 1;
+ gnutls_x509_crt_init (&x509_crt[0]);
+
+ ret =
+ gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, 0);
+
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ ret =
+ gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile,
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** Error loading cert file.\n");
+ exit (1);
+ }
+ x509_crt_size = 1;
+ }
else
- {
-
- data = load_file (x509_certfile);
- if (data.data == NULL)
- {
- fprintf (stderr, "*** Error loading cert file.\n");
- exit (1);
- }
-
- crt_num = MAX_CRT;
- ret =
- gnutls_x509_crt_list_import (x509_crt, &crt_num, &data,
- GNUTLS_X509_FMT_PEM,
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fprintf (stderr,
- "*** Error loading cert file: Too many certs %d\n",
- crt_num);
-
- }
- else
- {
- fprintf (stderr,
- "*** Error loading cert file: %s\n",
- gnutls_strerror (ret));
- }
- exit (1);
- }
- x509_crt_size = ret;
- }
+ {
+
+ data = load_file (x509_certfile);
+ if (data.data == NULL)
+ {
+ fprintf (stderr, "*** Error loading cert file.\n");
+ exit (1);
+ }
+
+ crt_num = MAX_CRT;
+ ret =
+ gnutls_x509_crt_list_import (x509_crt, &crt_num, &data,
+ GNUTLS_X509_FMT_PEM,
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ if (ret < 0)
+ {
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ fprintf (stderr,
+ "*** Error loading cert file: Too many certs %d\n",
+ crt_num);
+
+ }
+ else
+ {
+ fprintf (stderr,
+ "*** Error loading cert file: %s\n",
+ gnutls_strerror (ret));
+ }
+ exit (1);
+ }
+ x509_crt_size = ret;
+ }
fprintf (stderr, "Processed %d client certificates...\n", ret);
unload_file (data);
if (strncmp (x509_keyfile, "pkcs11:", 7) == 0)
- {
- gnutls_pkcs11_privkey_init (&pkcs11_key);
-
- ret =
- gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
- }
+ {
+ gnutls_pkcs11_privkey_init (&pkcs11_key);
+
+ ret =
+ gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0);
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** Error loading url: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
+ }
else
- {
- data = load_file (x509_keyfile);
- if (data.data == NULL)
- {
- fprintf (stderr, "*** Error loading key file.\n");
- exit (1);
- }
-
- gnutls_x509_privkey_init (&x509_key);
-
- ret =
- gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- unload_file (data);
- }
+ {
+ data = load_file (x509_keyfile);
+ if (data.data == NULL)
+ {
+ fprintf (stderr, "*** Error loading key file.\n");
+ exit (1);
+ }
+
+ gnutls_x509_privkey_init (&x509_key);
+
+ ret =
+ gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** Error loading key file: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
+
+ unload_file (data);
+ }
fprintf (stderr, "Processed %d client X.509 certificates...\n",
- x509_crt_size);
+ x509_crt_size);
}
#ifdef ENABLE_OPENPGP
if (pgp_certfile != NULL && pgp_keyfile != NULL)
{
data = load_file (pgp_certfile);
if (data.data == NULL)
- {
- fprintf (stderr, "*** Error loading PGP cert file.\n");
- exit (1);
- }
+ {
+ fprintf (stderr, "*** Error loading PGP cert file.\n");
+ exit (1);
+ }
gnutls_openpgp_crt_init (&pgp_crt);
ret =
- gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64);
+ gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
- {
- fprintf (stderr,
- "*** Error loading PGP cert file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr,
+ "*** Error loading PGP cert file: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
unload_file (data);
if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0)
- {
- gnutls_pkcs11_privkey_init (&pkcs11_key);
-
- ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
- }
+ {
+ gnutls_pkcs11_privkey_init (&pkcs11_key);
+
+ ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0);
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** Error loading url: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
+ }
else
- {
-
- data = load_file (pgp_keyfile);
- if (data.data == NULL)
- {
- fprintf (stderr, "*** Error loading PGP key file.\n");
- exit (1);
- }
-
- gnutls_openpgp_privkey_init (&pgp_key);
-
- ret =
- gnutls_openpgp_privkey_import (pgp_key, &data,
- GNUTLS_OPENPGP_FMT_BASE64, NULL,
- 0);
- if (ret < 0)
- {
- fprintf (stderr,
- "*** Error loading PGP key file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- unload_file (data);
- }
+ {
+
+ data = load_file (pgp_keyfile);
+ if (data.data == NULL)
+ {
+ fprintf (stderr, "*** Error loading PGP key file.\n");
+ exit (1);
+ }
+
+ gnutls_openpgp_privkey_init (&pgp_key);
+
+ ret =
+ gnutls_openpgp_privkey_import (pgp_key, &data,
+ GNUTLS_OPENPGP_FMT_BASE64, NULL,
+ 0);
+ if (ret < 0)
+ {
+ fprintf (stderr,
+ "*** Error loading PGP key file: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
+
+ unload_file (data);
+ }
if (info.pgp_subkey != NULL)
- {
- gnutls_openpgp_keyid_t keyid;
-
- if (strcasecmp (info.pgp_subkey, "auto") == 0)
- {
- ret = gnutls_openpgp_crt_get_auth_subkey (pgp_crt, keyid, 1);
- if (ret < 0)
- {
- fprintf (stderr,
- "*** Error setting preferred sub key id (%s): %s\n",
- info.pgp_subkey, gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- get_keyid (keyid, info.pgp_subkey);
-
- ret = gnutls_openpgp_crt_set_preferred_key_id (pgp_crt, keyid);
- if (ret >= 0)
- ret =
- gnutls_openpgp_privkey_set_preferred_key_id (pgp_key, keyid);
- if (ret < 0)
- {
- fprintf (stderr,
- "*** Error setting preferred sub key id (%s): %s\n",
- info.pgp_subkey, gnutls_strerror (ret));
- exit (1);
- }
- }
+ {
+ gnutls_openpgp_keyid_t keyid;
+
+ if (strcasecmp (info.pgp_subkey, "auto") == 0)
+ {
+ ret = gnutls_openpgp_crt_get_auth_subkey (pgp_crt, keyid, 1);
+ if (ret < 0)
+ {
+ fprintf (stderr,
+ "*** Error setting preferred sub key id (%s): %s\n",
+ info.pgp_subkey, gnutls_strerror (ret));
+ exit (1);
+ }
+ }
+ else
+ get_keyid (keyid, info.pgp_subkey);
+
+ ret = gnutls_openpgp_crt_set_preferred_key_id (pgp_crt, keyid);
+ if (ret >= 0)
+ ret =
+ gnutls_openpgp_privkey_set_preferred_key_id (pgp_key, keyid);
+ if (ret < 0)
+ {
+ fprintf (stderr,
+ "*** Error setting preferred sub key id (%s): %s\n",
+ info.pgp_subkey, gnutls_strerror (ret));
+ exit (1);
+ }
+ }
fprintf (stderr, "Processed 1 client PGP certificate...\n");
}
{
printf ("*** Verifying server certificate failed...\n");
if (!insecure)
- return -1;
+ return -1;
}
return 0;
static int
cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st)
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st)
{
char issuer_dn[256];
int i, ret;
/* Print the server's trusted CAs
*/
if (nreqs > 0)
- printf ("- Server's trusted authorities:\n");
+ printf ("- Server's trusted authorities:\n");
else
- printf ("- Server did not send us any trusted authorities names.\n");
+ printf ("- Server did not send us any trusted authorities names.\n");
/* print the names (if any) */
for (i = 0; i < nreqs; i++)
- {
- len = sizeof (issuer_dn);
- ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
- if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
- }
- }
+ {
+ len = sizeof (issuer_dn);
+ ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
+ if (ret >= 0)
+ {
+ printf (" [%d]: ", i);
+ printf ("%s\n", issuer_dn);
+ }
+ }
}
/* Select a certificate and return it.
int i, match = 0;
if (x509_crt_size > 0)
- {
- ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]);
- if (ret < 0)
- {
- /* error reading signature algorithm */
- return -1;
- }
- cert_algo = ret;
-
- i = 0;
- do
- {
- ret =
- gnutls_sign_algorithm_get_requested (session, i, &req_algo);
- if (ret >= 0 && cert_algo == req_algo)
- {
- match = 1;
- break;
- }
-
- /* server has not requested anything specific */
- if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- match = 1;
- break;
- }
- i++;
- }
- while (ret >= 0);
-
- if (match == 0)
- {
- printf
- ("- Could not find a suitable certificate to send to server\n");
- return -1;
- }
-
- if (x509_key != NULL)
- {
- st->key.x509 = x509_key;
- st->key_type = GNUTLS_PRIVKEY_X509;
- }
- else if (pkcs11_key != NULL)
- {
- st->key.pkcs11 = pkcs11_key;
- st->key_type = GNUTLS_PRIVKEY_PKCS11;
- }
- else
- {
- printf ("- Could not find a suitable key to send to server\n");
- return -1;
- }
-
- st->ncerts = x509_crt_size;
-
- st->cert.x509 = x509_crt;
-
- st->deinit_all = 0;
-
- return 0;
- }
+ {
+ ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]);
+ if (ret < 0)
+ {
+ /* error reading signature algorithm */
+ return -1;
+ }
+ cert_algo = ret;
+
+ i = 0;
+ do
+ {
+ ret =
+ gnutls_sign_algorithm_get_requested (session, i, &req_algo);
+ if (ret >= 0 && cert_algo == req_algo)
+ {
+ match = 1;
+ break;
+ }
+
+ /* server has not requested anything specific */
+ if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ match = 1;
+ break;
+ }
+ i++;
+ }
+ while (ret >= 0);
+
+ if (match == 0)
+ {
+ printf
+ ("- Could not find a suitable certificate to send to server\n");
+ return -1;
+ }
+
+ if (x509_key != NULL)
+ {
+ st->key.x509 = x509_key;
+ st->key_type = GNUTLS_PRIVKEY_X509;
+ }
+ else if (pkcs11_key != NULL)
+ {
+ st->key.pkcs11 = pkcs11_key;
+ st->key_type = GNUTLS_PRIVKEY_PKCS11;
+ }
+ else
+ {
+ printf ("- Could not find a suitable key to send to server\n");
+ return -1;
+ }
+
+ st->ncerts = x509_crt_size;
+
+ st->cert.x509 = x509_crt;
+
+ st->deinit_all = 0;
+
+ return 0;
+ }
}
else if (st->cert_type == GNUTLS_CRT_OPENPGP)
{
if (pgp_crt != NULL)
- {
-
- if (pgp_key != NULL)
- {
- st->key.pgp = pgp_key;
- st->key_type = GNUTLS_PRIVKEY_OPENPGP;
- }
- else if (pkcs11_key != NULL)
- {
- st->key.pkcs11 = pkcs11_key;
- st->key_type = GNUTLS_PRIVKEY_PKCS11;
- }
- else
- {
- printf ("- Could not find a suitable key to send to server\n");
- return -1;
- }
-
- st->ncerts = 1;
-
- st->cert.pgp = pgp_crt;
-
- st->deinit_all = 0;
-
- return 0;
- }
+ {
+
+ if (pgp_key != NULL)
+ {
+ st->key.pgp = pgp_key;
+ st->key_type = GNUTLS_PRIVKEY_OPENPGP;
+ }
+ else if (pkcs11_key != NULL)
+ {
+ st->key.pkcs11 = pkcs11_key;
+ st->key_type = GNUTLS_PRIVKEY_PKCS11;
+ }
+ else
+ {
+ printf ("- Could not find a suitable key to send to server\n");
+ return -1;
+ }
+
+ st->ncerts = 1;
+
+ st->cert.pgp = pgp_crt;
+
+ st->deinit_all = 0;
+
+ return 0;
+ }
}
printf ("- Successfully sent %d certificate(s) to server.\n", st->ncerts);
{
gnutls_handshake_set_private_extensions (session, 1);
gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
- strlen (hostname));
+ strlen (hostname));
if (cert_type_priority[0])
- gnutls_certificate_type_set_priority (session, cert_type_priority);
+ gnutls_certificate_type_set_priority (session, cert_type_priority);
}
if (cipher_priority[0])
if (record_max_size > 0 && disable_extensions == 0)
{
if (gnutls_record_set_max_size (session, record_max_size) < 0)
- {
- fprintf (stderr,
- "Cannot set the maximum record size to %d.\n",
- record_max_size);
- fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n");
- exit (1);
- }
+ {
+ fprintf (stderr,
+ "Cannot set the maximum record size to %d.\n",
+ record_max_size);
+ fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n");
+ exit (1);
+ }
}
#ifdef ENABLE_SESSION_TICKET
alert = gnutls_alert_get (hd->session);
str = gnutls_alert_get_name (alert);
if (str == NULL)
- str = str_unknown;
+ str = str_unknown;
printf ("*** Received alert [%d]: %s\n", alert, str);
/* In SRP if the alert is MISSING_SRP_USERNAME,
if (i == 1)
- {
- hd.session = init_tls_session (hostname);
- gnutls_session_set_data (hd.session, session_data,
- session_data_size);
- free (session_data);
- }
+ {
+ hd.session = init_tls_session (hostname);
+ gnutls_session_set_data (hd.session, session_data,
+ session_data_size);
+ free (session_data);
+ }
ret = do_handshake (&hd);
if (ret < 0)
- {
- fprintf (stderr, "*** Handshake has failed\n");
- gnutls_perror (ret);
- gnutls_deinit (hd.session);
- return 1;
- }
+ {
+ fprintf (stderr, "*** Handshake has failed\n");
+ gnutls_perror (ret);
+ gnutls_deinit (hd.session);
+ return 1;
+ }
else
- {
- printf ("- Handshake was completed\n");
- if (gnutls_session_is_resumed (hd.session) != 0)
- printf ("*** This is a resumed session\n");
- }
+ {
+ printf ("- Handshake was completed\n");
+ if (gnutls_session_is_resumed (hd.session) != 0)
+ printf ("*** This is a resumed session\n");
+ }
if (resume != 0 && i == 0)
- {
+ {
- gnutls_session_get_data (hd.session, NULL, &session_data_size);
- session_data = malloc (session_data_size);
+ gnutls_session_get_data (hd.session, NULL, &session_data_size);
+ session_data = malloc (session_data_size);
- gnutls_session_get_data (hd.session, session_data,
- &session_data_size);
+ gnutls_session_get_data (hd.session, session_data,
+ &session_data_size);
- gnutls_session_get_id (hd.session, NULL, &session_id_size);
+ gnutls_session_get_id (hd.session, NULL, &session_id_size);
- session_id = malloc (session_id_size);
- gnutls_session_get_id (hd.session, session_id, &session_id_size);
+ session_id = malloc (session_id_size);
+ gnutls_session_get_id (hd.session, session_id, &session_id_size);
- /* print some information */
- print_info (hd.session, hostname, info.insecure);
+ /* print some information */
+ print_info (hd.session, hostname, info.insecure);
- printf ("- Disconnecting\n");
- socket_bye (&hd);
+ printf ("- Disconnecting\n");
+ socket_bye (&hd);
- printf
- ("\n\n- Connecting again- trying to resume previous session\n");
- socket_open (&hd, hostname, service);
- socket_connect (&hd);
- }
+ printf
+ ("\n\n- Connecting again- trying to resume previous session\n");
+ socket_open (&hd, hostname, service);
+ socket_connect (&hd);
+ }
else
- {
- break;
- }
+ {
+ break;
+ }
}
after_handshake:
ret = do_handshake (&hd);
if (ret < 0)
- {
- fprintf (stderr, "*** ReHandshake has failed\n");
- gnutls_perror (ret);
- gnutls_deinit (hd.session);
- return 1;
- }
+ {
+ fprintf (stderr, "*** ReHandshake has failed\n");
+ gnutls_perror (ret);
+ gnutls_deinit (hd.session);
+ return 1;
+ }
else
- {
- printf ("- ReHandshake was completed\n");
- }
+ {
+ printf ("- ReHandshake was completed\n");
+ }
}
#ifndef _WIN32
for (;;)
{
if (starttls_alarmed && !hd.secure)
- {
- /* Warning! Do not touch this text string, it is used by
- external programs to search for when gnutls-cli has
- reached this point. */
- fprintf (stderr, "*** Starting TLS handshake\n");
- ret = do_handshake (&hd);
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake has failed\n");
- user_term = 1;
- retval = 1;
- break;
- }
- }
+ {
+ /* Warning! Do not touch this text string, it is used by
+ external programs to search for when gnutls-cli has
+ reached this point. */
+ fprintf (stderr, "*** Starting TLS handshake\n");
+ ret = do_handshake (&hd);
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** Handshake has failed\n");
+ user_term = 1;
+ retval = 1;
+ break;
+ }
+ }
FD_ZERO (&rset);
FD_SET (fileno (stdin), &rset);
err = select (maxfd + 1, &rset, NULL, NULL, &tv);
if (err < 0)
- continue;
+ continue;
if (FD_ISSET (hd.fd, &rset))
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = socket_recv (&hd, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (handle_error (&hd, ret) < 0 && user_term == 0)
- {
- fprintf (stderr,
- "*** Server has terminated the connection abnormally.\n");
- retval = 1;
- break;
- }
- else if (ret > 0)
- {
- if (verbose != 0)
- printf ("- Received[%d]: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fflush (stdout);
- }
-
- if (user_term != 0)
- break;
- }
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = socket_recv (&hd, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ printf ("- Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (handle_error (&hd, ret) < 0 && user_term == 0)
+ {
+ fprintf (stderr,
+ "*** Server has terminated the connection abnormally.\n");
+ retval = 1;
+ break;
+ }
+ else if (ret > 0)
+ {
+ if (verbose != 0)
+ printf ("- Received[%d]: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fflush (stdout);
+ }
+
+ if (user_term != 0)
+ break;
+ }
if (FD_ISSET (fileno (stdin), &rset))
- {
- if ((bytes = read (fileno (stdin), buffer, MAX_BUF - 1)) <= 0)
- {
- if (hd.secure == 0)
- {
- /* Warning! Do not touch this text string, it is
- used by external programs to search for when
- gnutls-cli has reached this point. */
- fprintf (stderr, "*** Starting TLS handshake\n");
- ret = do_handshake (&hd);
- clearerr (stdin);
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake has failed\n");
- user_term = 1;
- retval = 1;
- break;
- }
- }
- else
- {
- user_term = 1;
- break;
- }
- continue;
- }
-
- if (crlf != 0)
- {
- char *b = strchr (buffer, '\n');
- if (b != NULL)
- {
- strcpy (b, "\r\n");
- bytes++;
- }
- }
-
- ret = socket_send (&hd, buffer, bytes);
-
- if (ret > 0)
- {
- if (verbose != 0)
- printf ("- Sent: %d bytes\n", ret);
- }
- else
- handle_error (&hd, ret);
-
- }
+ {
+ if ((bytes = read (fileno (stdin), buffer, MAX_BUF - 1)) <= 0)
+ {
+ if (hd.secure == 0)
+ {
+ /* Warning! Do not touch this text string, it is
+ used by external programs to search for when
+ gnutls-cli has reached this point. */
+ fprintf (stderr, "*** Starting TLS handshake\n");
+ ret = do_handshake (&hd);
+ clearerr (stdin);
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** Handshake has failed\n");
+ user_term = 1;
+ retval = 1;
+ break;
+ }
+ }
+ else
+ {
+ user_term = 1;
+ break;
+ }
+ continue;
+ }
+
+ if (crlf != 0)
+ {
+ char *b = strchr (buffer, '\n');
+ if (b != NULL)
+ {
+ strcpy (b, "\r\n");
+ bytes++;
+ }
+ }
+
+ ret = socket_send (&hd, buffer, bytes);
+
+ if (ret > 0)
+ {
+ if (verbose != 0)
+ printf ("- Sent: %d bytes\n", ret);
+ }
+ else
+ handle_error (&hd, ret);
+
+ }
}
if (user_term != 0)
if (gaa (argc, argv, &info) != -1)
{
fprintf (stderr,
- "Error in the arguments. Use the --help or -h parameters to get more information.\n");
+ "Error in the arguments. Use the --help or -h parameters to get more information.\n");
exit (1);
}
if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
p = PACKAGE_STRING;
version_etc (stdout, program_name, p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
+ "Nikos Mavrogiannopoulos", (char *) NULL);
}
ret = do_handshake (socket);
if (ret == 0)
- {
- printf ("*** Rehandshake was performed.\n");
- }
+ {
+ printf ("*** Rehandshake was performed.\n");
+ }
else
- {
- printf ("*** Rehandshake Failed.\n");
- }
+ {
+ printf ("*** Rehandshake Failed.\n");
+ }
}
}
int ret;
gnutls_transport_set_ptr (socket->session,
- (gnutls_transport_ptr_t)
- gl_fd_to_handle (socket->fd));
+ (gnutls_transport_ptr_t)
+ gl_fd_to_handle (socket->fd));
do
{
ret = gnutls_handshake (socket->session);
if (ret < 0)
- {
- handle_error (socket, ret);
- }
+ {
+ handle_error (socket, ret);
+ }
}
while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
static int
srp_username_callback (gnutls_session_t session,
- char **username, char **password)
+ char **username, char **password)
{
if (srp_username == NULL || srp_passwd == NULL)
{
len = getline (&tmp, &n, stdin);
if (tmp == NULL)
- {
- fprintf (stderr, "No username given, aborting...\n");
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ {
+ fprintf (stderr, "No username given, aborting...\n");
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
if (tmp[strlen (tmp) - 1] == '\n')
- tmp[strlen (tmp) - 1] = '\0';
+ tmp[strlen (tmp) - 1] = '\0';
if (tmp[strlen (tmp) - 1] == '\r')
- tmp[strlen (tmp) - 1] = '\0';
+ tmp[strlen (tmp) - 1] = '\0';
*username = gnutls_strdup (tmp);
free (tmp);
if (ret < 0)
{
fprintf (stderr, "Error deriving password: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
gnutls_free (*username);
return ret;
}
if (x509_cafile != NULL)
{
ret = gnutls_certificate_set_x509_trust_file (xcred,
- x509_cafile, x509ctype);
+ x509_cafile, x509ctype);
if (ret < 0)
- {
- fprintf (stderr, "Error setting the x509 trust file\n");
- }
+ {
+ fprintf (stderr, "Error setting the x509 trust file\n");
+ }
else
- {
- printf ("Processed %d CA certificate(s).\n", ret);
- }
+ {
+ printf ("Processed %d CA certificate(s).\n", ret);
+ }
}
#ifdef ENABLE_PKI
if (x509_crlfile != NULL)
{
ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile,
- x509ctype);
+ x509ctype);
if (ret < 0)
- {
- fprintf (stderr, "Error setting the x509 CRL file\n");
- }
+ {
+ fprintf (stderr, "Error setting the x509 CRL file\n");
+ }
else
- {
- printf ("Processed %d CRL(s).\n", ret);
- }
+ {
+ printf ("Processed %d CRL(s).\n", ret);
+ }
}
#endif
if (pgp_keyring != NULL)
{
ret =
- gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring,
- GNUTLS_OPENPGP_FMT_BASE64);
+ gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring,
+ GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
- {
- fprintf (stderr, "Error setting the OpenPGP keyring file\n");
- }
+ {
+ fprintf (stderr, "Error setting the OpenPGP keyring file\n");
+ }
}
#endif
{
/* SRP stuff */
if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
- {
- fprintf (stderr, "SRP authentication error\n");
- }
+ {
+ fprintf (stderr, "SRP authentication error\n");
+ }
gnutls_srp_set_client_credentials_function (srp_cred,
- srp_username_callback);
+ srp_username_callback);
}
#endif
if (psk_username && psk_key.data)
{
ret = gnutls_psk_set_client_credentials (psk_cred,
- psk_username, &psk_key,
- GNUTLS_PSK_KEY_HEX);
+ psk_username, &psk_key,
+ GNUTLS_PSK_KEY_HEX);
if (ret < 0)
- {
- fprintf (stderr, "Error setting the PSK credentials: %s\n",
- gnutls_strerror (ret));
- }
+ {
+ fprintf (stderr, "Error setting the PSK credentials: %s\n",
+ gnutls_strerror (ret));
+ }
}
gnutls_psk_set_client_credentials_function (psk_cred, psk_callback);
#endif
if (socket->secure)
do
{
- ret = gnutls_record_recv (socket->session, buffer, buffer_size);
+ ret = gnutls_record_recv (socket->session, buffer, buffer_size);
}
while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
else
do
{
- ret = recv (socket->fd, buffer, buffer_size, 0);
+ ret = recv (socket->fd, buffer, buffer_size, 0);
}
while (ret == -1 && errno == EINTR);
if (socket->secure)
do
{
- ret = gnutls_record_send (socket->session, buffer, buffer_size);
+ ret = gnutls_record_send (socket->session, buffer, buffer_size);
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
else
do
{
- ret = send (socket->fd, buffer, buffer_size, 0);
+ ret = send (socket->fd, buffer, buffer_size, 0);
}
while (ret == -1 && errno == EINTR);
if (ret > 0 && ret != buffer_size && verbose)
fprintf (stderr,
- "*** Only sent %d bytes instead of %d.\n", ret, buffer_size);
+ "*** Only sent %d bytes instead of %d.\n", ret, buffer_size);
return ret;
}
if (socket->secure)
{
do
- ret = gnutls_bye (socket->session, GNUTLS_SHUT_WR);
+ ret = gnutls_bye (socket->session, GNUTLS_SHUT_WR);
while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
if (ret < 0)
- fprintf (stderr, "*** gnutls_bye() error: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "*** gnutls_bye() error: %s\n",
+ gnutls_strerror (ret));
gnutls_deinit (socket->session);
socket->session = NULL;
}
free (socket->hostname);
free (socket->service);
- shutdown (socket->fd, SHUT_RDWR); /* no more receptions */
+ shutdown (socket->fd, SHUT_RDWR); /* no more receptions */
close (socket->fd);
socket->fd = -1;
if (err < 0)
{
fprintf (stderr, "Cannot connect to %s:%s: %s\n", hd->hostname,
- hd->service, strerror (errno));
+ hd->service, strerror (errno));
exit (1);
}
}
if ((err = getaddrinfo (hostname, service, &hints, &res)))
{
fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service,
- gai_strerror (err));
+ gai_strerror (err));
exit (1);
}
{
sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
if (sd == -1)
- continue;
+ continue;
if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
- portname, sizeof (portname),
- NI_NUMERICHOST | NI_NUMERICSERV)) != 0)
- {
- fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err));
- freeaddrinfo (res);
- exit (1);
- }
+ portname, sizeof (portname),
+ NI_NUMERICHOST | NI_NUMERICSERV)) != 0)
+ {
+ fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err));
+ freeaddrinfo (res);
+ exit (1);
+ }
break;
}
for (i = 0; i < raw_size; i++)
{
sprintf (&(buf[i * 3]), "%02X%s", raw[i],
- (i == raw_size - 1) ? "" : ":");
+ (i == raw_size - 1) ? "" : ":");
}
buf[sizeof (buf) - 1] = '\0';
gnutls_x509_crt_init (&crt);
ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
+ {
+ fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
+ return;
+ }
printf (" - Certificate[%d] info:\n - ", j);
if (verbose)
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
else
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
+ ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
if (ret == 0)
- {
- printf ("%s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
+ {
+ printf ("%s\n", cinfo.data);
+ gnutls_free (cinfo.data);
+ }
if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
- p, &size);
- }
- if (ret < 0)
- {
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- fputs ("\n", stdout);
- fputs (p, stdout);
- fputs ("\n", stdout);
-
- gnutls_free (p);
- }
+ {
+ size_t size = 0;
+ char *p = NULL;
+
+ ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "gnutls_malloc\n");
+ exit (1);
+ }
+
+ ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
+ p, &size);
+ }
+ if (ret < 0)
+ {
+ fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
+ return;
+ }
+
+ fputs ("\n", stdout);
+ fputs (p, stdout);
+ fputs ("\n", stdout);
+
+ gnutls_free (p);
+ }
if (j == 0 && hostname != NULL)
- {
- /* Check the hostname of the first certificate if it matches
- * the name of the host we connected to.
- */
- if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
- hostname_ok = 1;
- else
- hostname_ok = 2;
- }
+ {
+ /* Check the hostname of the first certificate if it matches
+ * the name of the host we connected to.
+ */
+ if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
+ hostname_ok = 1;
+ else
+ hostname_ok = 2;
+ }
gnutls_x509_crt_deinit (crt);
}
if (hostname_ok == 1)
{
printf ("- The hostname in the certificate does NOT match '%s'\n",
- hostname);
+ hostname);
if (!insecure)
- exit (1);
+ exit (1);
}
else if (hostname_ok == 2)
{
static void
print_openpgp_info (gnutls_session_t session, const char *hostname,
- int insecure)
+ int insecure)
{
gnutls_openpgp_crt_t crt;
gnutls_openpgp_crt_init (&crt);
ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
- GNUTLS_OPENPGP_FMT_RAW);
+ GNUTLS_OPENPGP_FMT_RAW);
if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
+ {
+ fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
+ return;
+ }
if (verbose)
- ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
else
- ret =
- gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
+ ret =
+ gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
if (ret == 0)
- {
- printf (" - %s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
+ {
+ printf (" - %s\n", cinfo.data);
+ gnutls_free (cinfo.data);
+ }
if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
-
- ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- }
- if (ret < 0)
- {
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- fputs (p, stdout);
- fputs ("\n", stdout);
-
- gnutls_free (p);
- }
+ {
+ size_t size = 0;
+ char *p = NULL;
+
+ ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "gnutls_malloc\n");
+ exit (1);
+ }
+
+ ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ }
+ if (ret < 0)
+ {
+ fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
+ return;
+ }
+
+ fputs (p, stdout);
+ fputs ("\n", stdout);
+
+ gnutls_free (p);
+ }
if (hostname != NULL)
- {
- /* Check the hostname of the first certificate if it matches
- * the name of the host we connected to.
- */
- if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
- hostname_ok = 1;
- else
- hostname_ok = 2;
- }
+ {
+ /* Check the hostname of the first certificate if it matches
+ * the name of the host we connected to.
+ */
+ if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
+ hostname_ok = 1;
+ else
+ hostname_ok = 2;
+ }
gnutls_openpgp_crt_deinit (crt);
}
if (hostname_ok == 1)
{
printf ("- The hostname in the certificate does NOT match '%s'\n",
- hostname);
+ hostname);
if (!insecure)
- exit (1);
+ exit (1);
}
else if (hostname_ok == 2)
{
if (rc < 0)
{
printf ("- Could not verify certificate (err: %s)\n",
- gnutls_strerror (rc));
+ gnutls_strerror (rc));
return;
}
if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
{
if (status & GNUTLS_CERT_REVOKED)
- printf ("- Peer's certificate chain revoked\n");
+ printf ("- Peer's certificate chain revoked\n");
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Peer's certificate issuer is unknown\n");
+ printf ("- Peer's certificate issuer is unknown\n");
if (status & GNUTLS_CERT_SIGNER_NOT_CA)
- printf ("- Peer's certificate issuer is not a CA\n");
+ printf ("- Peer's certificate issuer is not a CA\n");
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- printf ("- Peer's certificate chain uses insecure algorithm\n");
+ printf ("- Peer's certificate chain uses insecure algorithm\n");
if (status & GNUTLS_CERT_NOT_ACTIVATED)
- printf
- ("- Peer's certificate chain uses not yet valid certificate\n");
+ printf
+ ("- Peer's certificate chain uses not yet valid certificate\n");
if (status & GNUTLS_CERT_EXPIRED)
- printf ("- Peer's certificate chain uses expired certificate\n");
+ printf ("- Peer's certificate chain uses expired certificate\n");
if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's certificate is NOT trusted\n");
+ printf ("- Peer's certificate is NOT trusted\n");
else
- printf ("- Peer's certificate is trusted\n");
+ printf ("- Peer's certificate is trusted\n");
}
else
{
if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's key is invalid\n");
+ printf ("- Peer's key is invalid\n");
else
- printf ("- Peer's key is valid\n");
+ printf ("- Peer's key is valid\n");
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Could not find a signer of the peer's key\n");
+ printf ("- Could not find a signer of the peer's key\n");
}
}
printf (" - Using prime: %d bits\n", gnutls_dh_get_prime_bits (session));
printf (" - Secret key: %d bits\n", gnutls_dh_get_secret_bits (session));
printf (" - Peer's public key: %d bits\n",
- gnutls_dh_get_peers_public_bits (session));
+ gnutls_dh_get_peers_public_bits (session));
if (print_cert)
{
ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
if (ret)
- {
- fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
- goto out;
- }
+ {
+ fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
+ goto out;
+ }
ret = gnutls_dh_params_init (&dh_params);
if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
- goto out;
- }
+ {
+ fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
+ goto out;
+ }
ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen);
if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
- goto out;
- }
+ {
+ fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
+ goto out;
+ }
ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data, ¶ms_data_size);
+ GNUTLS_X509_FMT_PEM,
+ params_data, ¶ms_data_size);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
- goto out;
- }
+ {
+ fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
+ goto out;
+ }
params_data = gnutls_malloc (params_data_size);
if (!params_data)
- {
- fprintf (stderr, "gnutls_malloc %d\n", ret);
- goto out;
- }
+ {
+ fprintf (stderr, "gnutls_malloc %d\n", ret);
+ goto out;
+ }
ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data, ¶ms_data_size);
+ GNUTLS_X509_FMT_PEM,
+ params_data, ¶ms_data_size);
if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
- goto out;
- }
+ {
+ fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
+ goto out;
+ }
printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
- params_data);
+ params_data);
out:
gnutls_free (params_data);
* side.
*/
if (gnutls_srp_server_get_username (session) != NULL)
- printf ("- SRP authentication. Connected as '%s'\n",
- gnutls_srp_server_get_username (session));
+ printf ("- SRP authentication. Connected as '%s'\n",
+ gnutls_srp_server_get_username (session));
break;
#endif
#ifdef ENABLE_PSK
/* This returns NULL in server side.
*/
if (gnutls_psk_client_get_hint (session) != NULL)
- printf ("- PSK authentication. PSK hint '%s'\n",
- gnutls_psk_client_get_hint (session));
+ printf ("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint (session));
/* This returns NULL in client side.
*/
if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
+ printf ("- PSK authentication. Connected as '%s'\n",
+ gnutls_psk_server_get_username (session));
if (kx == GNUTLS_KX_DHE_PSK)
- print_dh_info (session, "Ephemeral ");
+ print_dh_info (session, "Ephemeral ");
break;
#endif
case GNUTLS_CRD_IA:
break;
case GNUTLS_CRD_CERTIFICATE:
{
- char dns[256];
- size_t dns_size = sizeof (dns);
- unsigned int type;
-
- /* This fails in client side */
- if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
- {
- printf ("- Given server name[%d]: %s\n", type, dns);
- }
+ char dns[256];
+ size_t dns_size = sizeof (dns);
+ unsigned int type;
+
+ /* This fails in client side */
+ if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
+ {
+ printf ("- Given server name[%d]: %s\n", type, dns);
+ }
}
if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- print_dh_info (session, "Ephemeral ");
+ print_dh_info (session, "Ephemeral ");
print_cert_info (session, hostname, insecure);
int rc;
rc =
- gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
+ gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
if (rc)
- fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc));
+ fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc));
else
- {
- size_t i;
-
- printf ("- Channel binding 'tls-unique': ");
- for (i = 0; i < cb.size; i++)
- printf ("%02x", cb.data[i]);
- printf ("\n");
- }
+ {
+ size_t i;
+
+ printf ("- Channel binding 'tls-unique': ");
+ for (i = 0; i < cb.size; i++)
+ printf ("%02x", cb.data[i]);
+ printf ("\n");
+ }
}
/* Warning: Do not print anything more here. The 'Compression:'
printf ("Unknown\n");
if (!insecure)
- exit (1);
+ exit (1);
break;
case GNUTLS_CRT_X509:
printf ("X.509\n");
printf ("Cipher suites:\n");
for (i = 0; (name = gnutls_cipher_suite_info
- (i, id, &kx, &cipher, &mac, &version)); i++)
+ (i, id, &kx, &cipher, &mac, &version)); i++)
{
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name,
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- if (verbose)
- printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
- gnutls_kx_get_name (kx),
- gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
+ printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name,
+ (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name (version));
+ if (verbose)
+ printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
+ gnutls_kx_get_name (kx),
+ gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
}
}
printf ("Certificate types: ");
for (; *p; p++)
{
- printf ("%s", gnutls_certificate_type_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_certificate_type_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
printf ("Protocols: ");
for (; *p; p++)
{
- printf ("%s", gnutls_protocol_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_protocol_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
printf ("Ciphers: ");
for (; *p; p++)
{
- printf ("%s", gnutls_cipher_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_cipher_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
printf ("MACs: ");
for (; *p; p++)
{
- printf ("%s", gnutls_mac_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_mac_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
printf ("Key exchange algorithms: ");
for (; *p; p++)
{
- printf ("%s", gnutls_kx_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_kx_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
printf ("Compression: ");
for (; *p; p++)
{
- printf ("%s", gnutls_compression_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_compression_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
printf ("Public Key Systems: ");
for (; *p; p++)
{
- printf ("%s", gnutls_pk_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_pk_algorithm_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
printf ("PK-signatures: ");
for (; *p; p++)
{
- printf ("%s", gnutls_sign_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
+ printf ("%s", gnutls_sign_algorithm_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
}
}
}
DEPRECATED;
for (j = i = 0; i < protocols_size; i++)
- {
- if (strncasecmp (protocols[i], "SSL", 3) == 0)
- protocol_priority[j++] = GNUTLS_SSL3;
- else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_1;
- else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_2;
- else if (strncasecmp (protocols[i], "TLS", 3) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_0;
- else
- fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
- }
+ {
+ if (strncasecmp (protocols[i], "SSL", 3) == 0)
+ protocol_priority[j++] = GNUTLS_SSL3;
+ else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
+ protocol_priority[j++] = GNUTLS_TLS1_1;
+ else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
+ protocol_priority[j++] = GNUTLS_TLS1_2;
+ else if (strncasecmp (protocols[i], "TLS", 3) == 0)
+ protocol_priority[j++] = GNUTLS_TLS1_0;
+ else
+ fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
+ }
protocol_priority[j] = 0;
}
}
{
DEPRECATED;
for (j = i = 0; i < nciphers; i++)
- {
- if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
- else if (strncasecmp (ciphers[i], "AES", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
- else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
- else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
- else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
+ {
+ if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
+ else if (strncasecmp (ciphers[i], "AES", 3) == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
+ else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
+ else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
+ else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
#ifdef ENABLE_CAMELLIA
- else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
- else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
+ else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
+ else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
#endif
- else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_NULL;
- else
- fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
- }
+ else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
+ cipher_priority[j++] = GNUTLS_CIPHER_NULL;
+ else
+ fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
+ }
cipher_priority[j] = 0;
}
}
{
DEPRECATED;
for (j = i = 0; i < nmacs; i++)
- {
- if (strncasecmp (macs[i], "MD5", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_MD5;
- else if (strncasecmp (macs[i], "RMD", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_RMD160;
- else if (strncasecmp (macs[i], "SHA512", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA512;
- else if (strncasecmp (macs[i], "SHA384", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA384;
- else if (strncasecmp (macs[i], "SHA256", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA256;
- else if (strncasecmp (macs[i], "SHA", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA1;
- else
- fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
- }
+ {
+ if (strncasecmp (macs[i], "MD5", 3) == 0)
+ mac_priority[j++] = GNUTLS_MAC_MD5;
+ else if (strncasecmp (macs[i], "RMD", 3) == 0)
+ mac_priority[j++] = GNUTLS_MAC_RMD160;
+ else if (strncasecmp (macs[i], "SHA512", 6) == 0)
+ mac_priority[j++] = GNUTLS_MAC_SHA512;
+ else if (strncasecmp (macs[i], "SHA384", 6) == 0)
+ mac_priority[j++] = GNUTLS_MAC_SHA384;
+ else if (strncasecmp (macs[i], "SHA256", 6) == 0)
+ mac_priority[j++] = GNUTLS_MAC_SHA256;
+ else if (strncasecmp (macs[i], "SHA", 3) == 0)
+ mac_priority[j++] = GNUTLS_MAC_SHA1;
+ else
+ fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
+ }
mac_priority[j] = 0;
}
}
{
DEPRECATED;
for (j = i = 0; i < nctype; i++)
- {
- if (strncasecmp (ctype[i], "OPE", 3) == 0)
- cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
- else if (strncasecmp (ctype[i], "X", 1) == 0)
- cert_type_priority[j++] = GNUTLS_CRT_X509;
- else
- fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
- }
+ {
+ if (strncasecmp (ctype[i], "OPE", 3) == 0)
+ cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
+ else if (strncasecmp (ctype[i], "X", 1) == 0)
+ cert_type_priority[j++] = GNUTLS_CRT_X509;
+ else
+ fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
+ }
cert_type_priority[j] = 0;
}
}
{
DEPRECATED;
for (j = i = 0; i < nkx; i++)
- {
- if (strcasecmp (kx[i], "SRP") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP;
- else if (strcasecmp (kx[i], "SRP-RSA") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP_RSA;
- else if (strcasecmp (kx[i], "SRP-DSS") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP_DSS;
- else if (strcasecmp (kx[i], "RSA") == 0)
- kx_priority[j++] = GNUTLS_KX_RSA;
- else if (strcasecmp (kx[i], "PSK") == 0)
- kx_priority[j++] = GNUTLS_KX_PSK;
- else if (strcasecmp (kx[i], "DHE-PSK") == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_PSK;
- else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
- kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
- else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_RSA;
- else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_DSS;
- else if (strncasecmp (kx[i], "ANON", 4) == 0)
- kx_priority[j++] = GNUTLS_KX_ANON_DH;
- else
- fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
- }
+ {
+ if (strcasecmp (kx[i], "SRP") == 0)
+ kx_priority[j++] = GNUTLS_KX_SRP;
+ else if (strcasecmp (kx[i], "SRP-RSA") == 0)
+ kx_priority[j++] = GNUTLS_KX_SRP_RSA;
+ else if (strcasecmp (kx[i], "SRP-DSS") == 0)
+ kx_priority[j++] = GNUTLS_KX_SRP_DSS;
+ else if (strcasecmp (kx[i], "RSA") == 0)
+ kx_priority[j++] = GNUTLS_KX_RSA;
+ else if (strcasecmp (kx[i], "PSK") == 0)
+ kx_priority[j++] = GNUTLS_KX_PSK;
+ else if (strcasecmp (kx[i], "DHE-PSK") == 0)
+ kx_priority[j++] = GNUTLS_KX_DHE_PSK;
+ else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
+ kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
+ else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
+ kx_priority[j++] = GNUTLS_KX_DHE_RSA;
+ else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
+ kx_priority[j++] = GNUTLS_KX_DHE_DSS;
+ else if (strncasecmp (kx[i], "ANON", 4) == 0)
+ kx_priority[j++] = GNUTLS_KX_ANON_DH;
+ else
+ fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
+ }
kx_priority[j] = 0;
}
}
{
DEPRECATED;
for (j = i = 0; i < ncomp; i++)
- {
- if (strncasecmp (comp[i], "NUL", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_NULL;
- else if (strncasecmp (comp[i], "ZLI", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_DEFLATE;
- else if (strncasecmp (comp[i], "DEF", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_DEFLATE;
- else if (strncasecmp (comp[i], "LZO", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_LZO;
- else
- fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
- }
+ {
+ if (strncasecmp (comp[i], "NUL", 3) == 0)
+ comp_priority[j++] = GNUTLS_COMP_NULL;
+ else if (strncasecmp (comp[i], "ZLI", 3) == 0)
+ comp_priority[j++] = GNUTLS_COMP_DEFLATE;
+ else if (strncasecmp (comp[i], "DEF", 3) == 0)
+ comp_priority[j++] = GNUTLS_COMP_DEFLATE;
+ else if (strncasecmp (comp[i], "LZO", 3) == 0)
+ comp_priority[j++] = GNUTLS_COMP_LZO;
+ else
+ fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
+ }
comp_priority[j] = 0;
}
}
static int
pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max)
{
const char *password;
int len;
static char cached_pin[32] = "";
printf ("PIN required for token '%s' with URL '%s'\n", token_label,
- token_url);
+ token_url);
if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
printf ("*** This is the final try before locking!\n");
if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
if (flags == 0 && cached_url != NULL)
{
if (strcmp (cached_url, token_url) == 0)
- {
- strcpy (pin, cached_pin);
- return 0;
- }
+ {
+ strcpy (pin, cached_pin);
+ return 0;
+ }
}
password = getpass ("Enter pin: ");
#ifndef __attribute__
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec) /* empty */
+#define __attribute__(Spec) /* empty */
#endif
#endif
int print_info (gnutls_session_t state, const char *hostname, int insecure);
void print_cert_info (gnutls_session_t state, const char *hostname,
- int insecure);
+ int insecure);
void print_list (int verbose);
void parse_comp (char **comp, int ncomp, int *comp_priority);
void parse_macs (char **macs, int nmacs, int *mac_priority);
void parse_ciphers (char **ciphers, int nciphers, int *cipher_priority);
void parse_protocols (char **protocols, int protocols_size,
- int *protocol_priority);
+ int *protocol_priority);
const char *raw_to_string (const unsigned char *raw, size_t raw_size);
int service_to_port (const char *service);
void pkcs11_common (void);
#include <gnutls/gnutls.h>
#include <gnutls/extra.h>
#include <crypt-gaa.h>
-#include "../lib/random.h" /* for random */
+#include "../lib/random.h" /* for random */
#include <sys/types.h>
#include <sys/stat.h>
*/
int crypt_int (const char *username, const char *passwd, int salt,
- char *tpasswd_conf, char *tpasswd, int uindex);
+ char *tpasswd_conf, char *tpasswd, int uindex);
static int read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n,
- char *str);
+ char *str);
static int _verify_passwd_int (const char *username, const char *passwd,
- char *verifier, char *salt,
- const gnutls_datum_t * g,
- const gnutls_datum_t * n);
+ char *verifier, char *salt,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * n);
static void
print_num (const char *msg, const gnutls_datum_t * num)
for (i = 0; i < num->size; i++)
{
if (i != 0 && i % 12 == 0)
- printf ("\n\t");
+ printf ("\n\t");
else if (i != 0 && i != num->size)
- printf (":");
+ printf (":");
printf ("%.2x", num->data[i]);
}
printf ("\n\n");
{
if (index == 1)
- {
- n = gnutls_srp_1024_group_prime;
- g = gnutls_srp_1024_group_generator;
- }
+ {
+ n = gnutls_srp_1024_group_prime;
+ g = gnutls_srp_1024_group_generator;
+ }
else if (index == 2)
- {
- n = gnutls_srp_1536_group_prime;
- g = gnutls_srp_1536_group_generator;
- }
+ {
+ n = gnutls_srp_1536_group_prime;
+ g = gnutls_srp_1536_group_generator;
+ }
else
- {
- n = gnutls_srp_2048_group_prime;
- g = gnutls_srp_2048_group_generator;
- }
+ {
+ n = gnutls_srp_2048_group_prime;
+ g = gnutls_srp_2048_group_generator;
+ }
printf ("\nGroup %d, of %d bits:\n", index, n.size * 8);
print_num ("Generator", &g);
print_num ("Prime", &n);
if (gnutls_srp_base64_encode_alloc (&n, &str_n) < 0)
- {
- fprintf (stderr, "Could not encode\n");
- return -1;
- }
+ {
+ fprintf (stderr, "Could not encode\n");
+ return -1;
+ }
if (gnutls_srp_base64_encode_alloc (&g, &str_g) < 0)
- {
- fprintf (stderr, "Could not encode\n");
- return -1;
- }
+ {
+ fprintf (stderr, "Could not encode\n");
+ return -1;
+ }
sprintf (line, "%d:%s:%s\n", index, str_n.data, str_g.data);
*/
static int
_verify_passwd_int (const char *username, const char *passwd,
- char *verifier, char *salt,
- const gnutls_datum_t * g, const gnutls_datum_t * n)
+ char *verifier, char *salt,
+ const gnutls_datum_t * g, const gnutls_datum_t * n)
{
char _salt[1024];
gnutls_datum_t tmp, raw_salt, new_verifier;
{
p = fgets (line, sizeof (line) - 1, fd2);
if (p == NULL)
- break;
+ break;
fputs (line, fd);
}
/* move to first ':' */
i = 0;
while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
+ {
+ i++;
+ }
if (strncmp (username, line, MAX (i, strlen (username))) == 0)
- {
- /* find the index */
- pos = strrchr (line, ':');
- pos++;
- fclose (fd);
- return atoi (pos);
- }
+ {
+ /* find the index */
+ pos = strrchr (line, ':');
+ pos++;
+ fclose (fd);
+ return atoi (pos);
+ }
}
fclose (fd);
*/
static int
verify_passwd (char *conffile, char *tpasswd, char *username,
- const char *passwd)
+ const char *passwd)
{
FILE *fd;
char line[5 * 1024];
*/
i = 0;
while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
+ {
+ i++;
+ }
if (strncmp (username, line, MAX (i, strlen (username))) == 0)
- {
- char *verifier_pos, *salt_pos;
-
- pos = strchr (line, ':');
- fclose (fd);
- if (pos == NULL)
- {
- fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
- return -1;
- }
- pos++;
- verifier_pos = pos;
-
- /* Move to the salt */
- pos = strchr (pos, ':');
- if (pos == NULL)
- {
- fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
- return -1;
- }
- pos++;
- salt_pos = pos;
-
- return _verify_passwd_int (username, passwd,
- verifier_pos, salt_pos, &g, &n);
- }
+ {
+ char *verifier_pos, *salt_pos;
+
+ pos = strchr (line, ':');
+ fclose (fd);
+ if (pos == NULL)
+ {
+ fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
+ return -1;
+ }
+ pos++;
+ verifier_pos = pos;
+
+ /* Move to the salt */
+ pos = strchr (pos, ':');
+ if (pos == NULL)
+ {
+ fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
+ return -1;
+ }
+ pos++;
+ salt_pos = pos;
+
+ return _verify_passwd_int (username, passwd,
+ verifier_pos, salt_pos, &g, &n);
+ }
}
fclose (fd);
pwd = getpwuid (getuid ());
if (pwd == NULL)
- {
- fprintf (stderr, "No such user\n");
- return -1;
- }
+ {
+ fprintf (stderr, "No such user\n");
+ return -1;
+ }
info.username = pwd->pw_name;
#else
if (info.verify != 0)
{
return verify_passwd (info.passwd_conf, info.passwd,
- info.username, passwd);
+ info.username, passwd);
}
return crypt_int (info.username, passwd, salt_size,
- info.passwd_conf, info.passwd, info.index);
+ info.passwd_conf, info.passwd, info.index);
}
static char *
_srp_crypt (const char *username, const char *passwd, int salt_size,
- const gnutls_datum_t * g, const gnutls_datum_t * n)
+ const gnutls_datum_t * g, const gnutls_datum_t * n)
{
char salt[128];
static char result[1024];
int
crypt_int (const char *username, const char *passwd, int salt_size,
- char *tpasswd_conf, char *tpasswd, int uindex)
+ char *tpasswd_conf, char *tpasswd, int uindex)
{
FILE *fd;
char *cr;
}
do
- { /* find the specified uindex in file */
+ { /* find the specified uindex in file */
p = fgets (line, sizeof (line) - 1, fd);
iindex = atoi (p);
}
int put;
if (strlen (tpasswd) > sizeof (tmpname) + 5)
- {
- fprintf (stderr, "file '%s' is tooooo long\n", tpasswd);
- return -1;
- }
+ {
+ fprintf (stderr, "file '%s' is tooooo long\n", tpasswd);
+ return -1;
+ }
strcpy (tmpname, tpasswd);
strcat (tmpname, ".tmp");
if (stat (tmpname, &st) != -1)
- {
- fprintf (stderr, "file '%s' is locked\n", tpasswd);
- return -1;
- }
+ {
+ fprintf (stderr, "file '%s' is locked\n", tpasswd);
+ return -1;
+ }
if (filecopy (tpasswd, tmpname) != 0)
- {
- fprintf (stderr, "Cannot copy '%s' to '%s'\n", tpasswd, tmpname);
- return -1;
- }
+ {
+ fprintf (stderr, "Cannot copy '%s' to '%s'\n", tpasswd, tmpname);
+ return -1;
+ }
fd = fopen (tpasswd, "w");
if (fd == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for write\n", tpasswd);
- remove (tmpname);
- return -1;
- }
+ {
+ fprintf (stderr, "Cannot open '%s' for write\n", tpasswd);
+ remove (tmpname);
+ return -1;
+ }
fd2 = fopen (tmpname, "r");
if (fd2 == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for read\n", tmpname);
- remove (tmpname);
- return -1;
- }
+ {
+ fprintf (stderr, "Cannot open '%s' for read\n", tmpname);
+ remove (tmpname);
+ return -1;
+ }
put = 0;
do
- {
- p = fgets (line, sizeof (line) - 1, fd2);
- if (p == NULL)
- break;
-
- pp = strchr (line, ':');
- if (pp == NULL)
- continue;
-
- if (strncmp (p, username,
- MAX (strlen (username), (unsigned int) (pp - p))) == 0)
- {
- put = 1;
- fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
- }
- else
- {
- fputs (line, fd);
- }
- }
+ {
+ p = fgets (line, sizeof (line) - 1, fd2);
+ if (p == NULL)
+ break;
+
+ pp = strchr (line, ':');
+ if (pp == NULL)
+ continue;
+
+ if (strncmp (p, username,
+ MAX (strlen (username), (unsigned int) (pp - p))) == 0)
+ {
+ put = 1;
+ fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
+ }
+ else
+ {
+ fputs (line, fd);
+ }
+ }
while (1);
if (put == 0)
- {
- fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
- }
+ {
+ fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
+ }
fclose (fd);
fclose (fd2);
index = atoi (str);
- p = strrchr (str, ':'); /* we have g */
+ p = strrchr (str, ':'); /* we have g */
if (p == NULL)
{
return -1;
}
/* now go for n - modulo */
- p = strrchr (str, ':'); /* we have n */
+ p = strrchr (str, ':'); /* we have n */
if (p == NULL)
{
return -1;
if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
p = PACKAGE_STRING;
version_etc (stdout, "srptool", p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
+ "Nikos Mavrogiannopoulos", (char *) NULL);
}
if (gaa (argc, argv, &info) != -1)
{
fprintf (stderr, "Try `%s --help' for more information.\n",
- program_name);
+ program_name);
exit (1);
}
{
ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+ fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
else
- {
- ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
- gnutls_strerror (ret));
- }
+ {
+ ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
+ gnutls_strerror (ret));
+ }
}
else
{
ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+ fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
}
if (info.outfile)
{
outfile = safe_open_rw (info.outfile, 0);
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", info.outfile);
+ error (EXIT_FAILURE, errno, "%s", info.outfile);
}
else
outfile = stdout;
{
case ACTION_PKCS11_LIST:
pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
- info.pkcs11_login, info.pkcs11_detailed_url, &cinfo);
+ info.pkcs11_login, info.pkcs11_detailed_url, &cinfo);
break;
case ACTION_PKCS11_TOKENS:
pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
break;
case ACTION_PKCS11_MECHANISMS:
pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login,
- &cinfo);
+ &cinfo);
break;
case ACTION_PKCS11_EXPORT_URL:
pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
break;
case ACTION_PKCS11_WRITE_URL:
pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
- info.pkcs11_trusted, info.pkcs11_login, &cinfo);
+ info.pkcs11_trusted, info.pkcs11_login, &cinfo);
break;
case ACTION_PKCS11_TOKEN_INIT:
pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
#include "certtool-common.h"
void pkcs11_list (FILE * outfile, const char *url, int type,
- unsigned int login, unsigned int detailed,
- common_info_st *);
+ unsigned int login, unsigned int detailed,
+ common_info_st *);
void pkcs11_mechanism_list (FILE * outfile, const char *url,
- unsigned int login, common_info_st *);
+ unsigned int login, common_info_st *);
void pkcs11_export (FILE * outfile, const char *pkcs11_url,
- unsigned int login, common_info_st *);
+ unsigned int login, common_info_st *);
void pkcs11_token_list (FILE * outfile, unsigned int detailed,
- common_info_st *);
+ common_info_st *);
void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
- int trusted, unsigned int login, common_info_st *);
+ int trusted, unsigned int login, common_info_st *);
void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
- unsigned int login, common_info_st *);
+ unsigned int login, common_info_st *);
void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char *label,
- common_info_st *);
+ common_info_st *);
#define PKCS11_TYPE_CRT_ALL 1
#define PKCS11_TYPE_TRUSTED 2
static int
pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max)
{
const char *password;
int len;
static char cached_pin[32] = "";
printf ("PIN required for token '%s' with URL '%s'\n", token_label,
- token_url);
+ token_url);
if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
printf ("*** This is the final try before locking!\n");
if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
if (flags == 0 && cached_url != NULL)
{
if (strcmp (cached_url, token_url) == 0)
- {
- strcpy (pin, cached_pin);
- return 0;
- }
+ {
+ strcpy (pin, cached_pin);
+ return 0;
+ }
}
password = getpass ("Enter pin: ");
void
pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
- common_info_st * info)
+ common_info_st * info)
{
int ret;
unsigned int obj_flags = 0;
if (!batch)
{
pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login,
- GNUTLS_PKCS11_URL_LIB, info);
+ GNUTLS_PKCS11_URL_LIB, info);
ret =
- read_yesno ("Are you sure you want to delete those objects? (y/N): ");
+ read_yesno ("Are you sure you want to delete those objects? (y/N): ");
if (ret == 0)
- {
- exit (1);
- }
+ {
+ exit (1);
+ }
}
ret = gnutls_pkcs11_delete_url (url, obj_flags);
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
*/
void
pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
- unsigned int detailed, common_info_st * info)
+ unsigned int detailed, common_info_st * info)
{
gnutls_pkcs11_obj_t *crt_list;
gnutls_x509_crt_t xcrt;
}
ret = gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url,
- attrs, obj_flags);
+ attrs, obj_flags);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
fprintf (stderr, "Error in crt_list_import (1): %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
{
crt_list = realloc (crt_list, sizeof (*crt_list) * crt_list_size);
if (crt_list == NULL)
- {
- fprintf (stderr, "Memory error\n");
- exit (1);
- }
+ {
+ fprintf (stderr, "Memory error\n");
+ exit (1);
+ }
ret =
- gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url,
- attrs, obj_flags);
+ gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url,
+ attrs, obj_flags);
if (ret < 0)
- {
- fprintf (stderr, "Error in crt_list_import: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in crt_list_import: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
}
for (i = 0; i < crt_list_size; i++)
ret = gnutls_pkcs11_obj_export_url (crt_list[i], detailed, &output);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output);
fprintf (outfile, "\tType: %s\n",
- gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type
- (crt_list[i])));
+ gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type
+ (crt_list[i])));
size = sizeof (buf);
ret =
- gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf,
- &size);
+ gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf,
+ &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "\tLabel: %s\n", buf);
size = sizeof (buf);
ret =
- gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX,
- buf, &size);
+ gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX,
+ buf, &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "\tID: %s\n\n", buf);
if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL
- || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
- continue;
+ || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
+ continue;
ret = gnutls_x509_crt_init (&xcrt);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt_list[i]);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
#if 0
size = buffer_size;
ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fwrite (buffer, 1, size, outfile);
fputs ("\n\n", outfile);
void
pkcs11_export (FILE * outfile, const char *url, unsigned int login,
- common_info_st * info)
+ common_info_st * info)
{
gnutls_pkcs11_obj_t crt;
gnutls_x509_crt_t xcrt;
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
case GNUTLS_PKCS11_OBJ_X509_CRT:
ret = gnutls_x509_crt_init (&xcrt);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
size = buffer_size;
ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fwrite (buffer, 1, size, outfile);
gnutls_x509_crt_deinit (xcrt);
case GNUTLS_PKCS11_OBJ_PUBKEY:
ret = gnutls_pubkey_init (&pubkey);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
ret = gnutls_pubkey_import_pkcs11 (pubkey, crt, 0);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fwrite (buffer, 1, size, outfile);
gnutls_pubkey_deinit (pubkey);
break;
default:
{
- gnutls_datum data, enc;
-
- size = buffer_size;
- ret = gnutls_pkcs11_obj_export (crt, buffer, &size);
- if (ret < 0)
- {
- break;
- }
-
- data.data = buffer;
- data.size = size;
-
- ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fwrite (enc.data, 1, enc.size, outfile);
-
- gnutls_free (enc.data);
- break;
+ gnutls_datum data, enc;
+
+ size = buffer_size;
+ ret = gnutls_pkcs11_obj_export (crt, buffer, &size);
+ if (ret < 0)
+ {
+ break;
+ }
+
+ data.data = buffer;
+ data.size = size;
+
+ ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
+
+ fwrite (enc.data, 1, enc.size, outfile);
+
+ gnutls_free (enc.data);
+ break;
}
}
fputs ("\n\n", outfile);
void
pkcs11_token_list (FILE * outfile, unsigned int detailed,
- common_info_st * info)
+ common_info_st * info)
{
int ret;
int i;
{
ret = gnutls_pkcs11_token_get_url (i, detailed, &url);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
+ break;
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "Token %d:\n\tURL: %s\n", i, url);
size = sizeof (buf);
ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf,
- &size);
+ gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf,
+ &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "\tLabel: %s\n", buf);
size = sizeof (buf);
ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER,
- buf, &size);
+ gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER,
+ buf, &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "\tManufacturer: %s\n", buf);
size = sizeof (buf);
ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf,
- &size);
+ gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf,
+ &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "\tModel: %s\n", buf);
size = sizeof (buf);
ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf,
- &size);
+ gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf,
+ &size);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
fprintf (outfile, "\tSerial: %s\n", buf);
fprintf (outfile, "\n\n");
void
pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
- unsigned int login, common_info_st * info)
+ unsigned int login, common_info_st * info)
{
gnutls_x509_crt_t xcrt;
gnutls_x509_privkey_t xkey;
if (secret_key != NULL)
{
ret =
- gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
- flags |
- GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
+ flags |
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
}
xcrt = load_cert (0, info);
if (xcrt != NULL)
{
if (trusted)
- flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL);
}
if (xkey != NULL)
{
ret =
- gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage,
- flags |
- GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage,
+ flags |
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
}
if (xkey == NULL && xcrt == NULL && secret_key == NULL)
{
fprintf (stderr,
- "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
+ "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
exit (1);
}
void
pkcs11_init (FILE * outfile, const char *url, const char *label,
- common_info_st * info)
+ common_info_st * info)
{
int ret;
char *pin;
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
void
pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login,
- common_info_st * info)
+ common_info_st * info)
{
int ret;
int idx;
{
ret = gnutls_pkcs11_token_get_mechanism (url, idx++, &mechanism);
if (ret >= 0)
- {
- str = NULL;
- if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0]))
- str = mech_list[mechanism];
- if (str == NULL)
- str = "UNKNOWN";
-
- fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str);
- }
+ {
+ str = NULL;
+ if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0]))
+ str = mech_list[mechanism];
+ if (str == NULL)
+ str = "UNKNOWN";
+
+ fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str);
+ }
}
while (ret >= 0);
{
ret = gnutls_dh_params_generate2 (dh_params, bits);
if (ret < 0)
- {
- fprintf (stderr, "Error generating parameters: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error generating parameters: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
ret = gnutls_dh_params_export_raw (dh_params, &p, &g, NULL);
if (ret < 0)
- {
- fprintf (stderr, "Error exporting parameters: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error exporting parameters: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
}
else
{
#ifdef ENABLE_SRP
if (bits <= 1024)
- {
- p = gnutls_srp_1024_group_prime;
- g = gnutls_srp_1024_group_generator;
- }
+ {
+ p = gnutls_srp_1024_group_prime;
+ g = gnutls_srp_1024_group_generator;
+ }
else if (bits <= 1536)
- {
- p = gnutls_srp_1536_group_prime;
- g = gnutls_srp_1536_group_generator;
- }
+ {
+ p = gnutls_srp_1536_group_prime;
+ g = gnutls_srp_1536_group_generator;
+ }
else
- {
- p = gnutls_srp_2048_group_prime;
- g = gnutls_srp_2048_group_generator;
- }
+ {
+ p = gnutls_srp_2048_group_prime;
+ g = gnutls_srp_2048_group_generator;
+ }
ret = gnutls_dh_params_import_raw (dh_params, &p, &g);
if (ret < 0)
- {
- fprintf (stderr, "Error exporting parameters: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error exporting parameters: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
#else
fprintf (stderr, "Parameters unavailable as SRP disabled.\n");
#endif
fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size);
for (i = 0; i < g.size; i++)
- {
- if (i % 7 == 0)
- fprintf (outfile, "\n\t");
- fprintf (outfile, "0x%.2x", g.data[i]);
- if (i != g.size - 1)
- fprintf (outfile, ", ");
- }
+ {
+ if (i % 7 == 0)
+ fprintf (outfile, "\n\t");
+ fprintf (outfile, "0x%.2x", g.data[i]);
+ if (i != g.size - 1)
+ fprintf (outfile, ", ");
+ }
fprintf (outfile, "\n};\n\n");
}
fprintf (outfile, "\nGenerator: ");
for (i = 0; i < g.size; i++)
- {
- if (i != 0 && i % 12 == 0)
- fprintf (outfile, "\n\t");
- else if (i != 0 && i != g.size)
- fprintf (outfile, ":");
+ {
+ if (i != 0 && i % 12 == 0)
+ fprintf (outfile, "\n\t");
+ else if (i != 0 && i != g.size)
+ fprintf (outfile, ":");
- fprintf (outfile, "%.2x", g.data[i]);
- }
+ fprintf (outfile, "%.2x", g.data[i]);
+ }
fprintf (outfile, "\n\n");
}
fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size);
for (i = 0; i < p.size; i++)
- {
- if (i % 7 == 0)
- fprintf (outfile, "\n\t");
- fprintf (outfile, "0x%.2x", p.data[i]);
- if (i != p.size - 1)
- fprintf (outfile, ", ");
- }
+ {
+ if (i % 7 == 0)
+ fprintf (outfile, "\n\t");
+ fprintf (outfile, "0x%.2x", p.data[i]);
+ if (i != p.size - 1)
+ fprintf (outfile, ", ");
+ }
fprintf (outfile, "\n};\n");
}
fprintf (outfile, "Prime: ");
for (i = 0; i < p.size; i++)
- {
- if (i != 0 && i % 12 == 0)
- fprintf (outfile, "\n\t");
- else if (i != 0 && i != p.size)
- fprintf (outfile, ":");
- fprintf (outfile, "%.2x", p.data[i]);
- }
+ {
+ if (i != 0 && i % 12 == 0)
+ fprintf (outfile, "\n\t");
+ else if (i != 0 && i != p.size)
+ fprintf (outfile, ":");
+ fprintf (outfile, "%.2x", p.data[i]);
+ }
fprintf (outfile, "\n\n");
}
if (!cparams)
- { /* generate a PKCS#3 structure */
+ { /* generate a PKCS#3 structure */
size_t len = buffer_size;
ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
- buffer, &len);
+ buffer, &len);
if (ret == 0)
- {
- fprintf (outfile, "\n%s", buffer);
- }
+ {
+ fprintf (outfile, "\n%s", buffer);
+ }
else
- {
- fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
- }
+ {
+ fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
+ }
}
#include <gnutls/extra.h>
#include <psk-gaa.h>
-#include "../lib/random.h" /* for random */
+#include "../lib/random.h" /* for random */
#include <sys/types.h>
#include <sys/stat.h>
#include "getpass.h"
static int write_key (const char *username, const char *key, int key_size,
- char *passwd_file);
+ char *passwd_file);
#define KPASSWD "/etc/passwd.psk"
#define MAX_KEY_SIZE 64
pwd = getpwuid (getuid ());
if (pwd == NULL)
- {
- fprintf (stderr, "No such user\n");
- return -1;
- }
+ {
+ fprintf (stderr, "No such user\n");
+ return -1;
+ }
info.username = pwd->pw_name;
#else
{
p = fgets (line, sizeof (line) - 1, fd2);
if (p == NULL)
- break;
+ break;
fputs (line, fd);
}
static int
write_key (const char *username, const char *key, int key_size,
- char *passwd_file)
+ char *passwd_file)
{
FILE *fd;
char line[5 * 1024];
{
p = fgets (line, sizeof (line) - 1, fd2);
if (p == NULL)
- break;
+ break;
pp = strchr (line, ':');
if (pp == NULL)
- continue;
+ continue;
if (strncmp (p, username,
- MAX (strlen (username), (unsigned int) (pp - p))) == 0)
- {
- put = 1;
- fprintf (fd, "%s:%s\n", username, key);
- }
+ MAX (strlen (username), (unsigned int) (pp - p))) == 0)
+ {
+ put = 1;
+ fprintf (fd, "%s:%s\n", username, key);
+ }
else
- {
- fputs (line, fd);
- }
+ {
+ fputs (line, fd);
+ }
}
while (1);
if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
p = PACKAGE_STRING;
version_etc (stdout, "psktool", p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
+ "Nikos Mavrogiannopoulos", (char *) NULL);
}
#define HTTP_STATE_CLOSING 3
LIST_TYPE_DECLARE (listener_item, char *http_request; char *http_response;
- int request_length; int response_length;
- int response_written; int http_state;
- int listen_socket; int fd;
- gnutls_session_t tls_session;
- int handshake_ok;
+ int request_length; int response_length;
+ int response_written; int http_state;
+ int listen_socket; int fd;
+ gnutls_session_t tls_session;
+ int handshake_ok;
);
static const char *
}
ret = gnutls_dh_params_import_pkcs3 (dh_params, ¶ms,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0)
{
static int
get_params (gnutls_session_t session, gnutls_params_type_t type,
- gnutls_params_st * st)
+ gnutls_params_st * st)
{
if (type == GNUTLS_PARAMS_RSA_EXPORT)
{
if (rsa_params == NULL)
- return -1;
+ return -1;
st->params.rsa_export = rsa_params;
}
else if (type == GNUTLS_PARAMS_DH)
{
if (dh_params == NULL)
- return -1;
+ return -1;
st->params.dh = dh_params;
}
else
else
{
if (require_cert)
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
else
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
}
return session;
#define tmp2 &http_buffer[strlen(http_buffer)], len-strlen(http_buffer)
static char *
peer_print_info (gnutls_session_t session, int *ret_length,
- const char *header)
+ const char *header)
{
const char *tmp;
unsigned char sesid[32];
{
http_buffer = malloc (len);
if (http_buffer == NULL)
- return NULL;
+ return NULL;
strcpy (http_buffer, HTTP_BEGIN);
strcpy (&http_buffer[sizeof (HTTP_BEGIN) - 1], DEFAULT_DATA);
strcpy (&http_buffer[sizeof (HTTP_BEGIN) + sizeof (DEFAULT_DATA) - 2],
- HTTP_END);
+ HTTP_END);
*ret_length =
- sizeof (DEFAULT_DATA) + sizeof (HTTP_BEGIN) + sizeof (HTTP_END) - 3;
+ sizeof (DEFAULT_DATA) + sizeof (HTTP_BEGIN) + sizeof (HTTP_END) - 3;
return http_buffer;
}
cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
for (i = 0; i < cert_list_size; i++)
- {
- gnutls_x509_crt_t cert;
- gnutls_datum_t info;
-
- if (gnutls_x509_crt_init (&cert) == 0 &&
- gnutls_x509_crt_import (cert, &cert_list[i],
- GNUTLS_X509_FMT_DER) == 0 &&
- gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_FULL, &info) == 0)
- {
- const char *post = "</PRE><P><PRE>";
-
- crtinfo = realloc (crtinfo, ncrtinfo + info.size +
- strlen (post) + 1);
- if (crtinfo == NULL)
- return NULL;
- memcpy (crtinfo + ncrtinfo, info.data, info.size);
- ncrtinfo += info.size;
- memcpy (crtinfo + ncrtinfo, post, strlen (post));
- ncrtinfo += strlen (post);
- crtinfo[ncrtinfo] = '\0';
- gnutls_free (info.data);
- }
- }
+ {
+ gnutls_x509_crt_t cert;
+ gnutls_datum_t info;
+
+ if (gnutls_x509_crt_init (&cert) == 0 &&
+ gnutls_x509_crt_import (cert, &cert_list[i],
+ GNUTLS_X509_FMT_DER) == 0 &&
+ gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_FULL, &info) == 0)
+ {
+ const char *post = "</PRE><P><PRE>";
+
+ crtinfo = realloc (crtinfo, ncrtinfo + info.size +
+ strlen (post) + 1);
+ if (crtinfo == NULL)
+ return NULL;
+ memcpy (crtinfo + ncrtinfo, info.data, info.size);
+ ncrtinfo += info.size;
+ memcpy (crtinfo + ncrtinfo, post, strlen (post));
+ ncrtinfo += strlen (post);
+ crtinfo[ncrtinfo] = '\0';
+ gnutls_free (info.data);
+ }
+ }
}
http_buffer = malloc (len);
snprintf (tmp2, "%.2X", sesid[i]);
snprintf (tmp2, "</i></p>\n");
snprintf (tmp2,
- "<h5>If your browser supports session resuming, then you should see the "
- "same session ID, when you press the <b>reload</b> button.</h5>\n");
+ "<h5>If your browser supports session resuming, then you should see the "
+ "same session ID, when you press the <b>reload</b> button.</h5>\n");
/* Here unlike print_info() we use the kx algorithm to distinguish
* the functions to call.
if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
{
- snprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns);
+ snprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns);
}
}
if (kx_alg == GNUTLS_KX_SRP)
{
snprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
- gnutls_srp_server_get_username (session));
+ gnutls_srp_server_get_username (session));
}
#endif
if (kx_alg == GNUTLS_KX_PSK)
{
snprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
- gnutls_psk_server_get_username (session));
+ gnutls_psk_server_get_username (session));
}
#endif
if (kx_alg == GNUTLS_KX_ANON_DH)
{
snprintf (tmp2,
- "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
- gnutls_dh_get_prime_bits (session));
+ "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
+ gnutls_dh_get_prime_bits (session));
}
#endif
if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS)
{
snprintf (tmp2,
- "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
- gnutls_dh_get_prime_bits (session));
+ "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
+ gnutls_dh_get_prime_bits (session));
}
/* print session information */
if (tmp == NULL)
tmp = str_unknown;
snprintf (tmp2,
- "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
- tmp);
+ "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
+ tmp);
if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE)
{
tmp =
- gnutls_certificate_type_get_name (gnutls_certificate_type_get
- (session));
+ gnutls_certificate_type_get_name (gnutls_certificate_type_get
+ (session));
if (tmp == NULL)
- tmp = str_unknown;
+ tmp = str_unknown;
snprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n",
- tmp);
+ tmp);
}
tmp = gnutls_kx_get_name (kx_alg);
snprintf (tmp2, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp);
tmp = gnutls_cipher_suite_get_name (kx_alg,
- gnutls_cipher_get (session),
- gnutls_mac_get (session));
+ gnutls_cipher_get (session),
+ gnutls_mac_get (session));
if (tmp == NULL)
tmp = str_unknown;
snprintf (tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n",
- tmp);
+ tmp);
if (crtinfo)
{
}
snprintf (tmp2, "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" HTTP_END,
- header);
+ header);
*ret_length = strlen (http_buffer);
static const char *
human_addr (const struct sockaddr *sa, socklen_t salen,
- char *buf, size_t buflen)
+ char *buf, size_t buflen)
{
const char *save_buf = buf;
size_t l;
{
/* Print what we are doing. */
{
- char topbuf[512];
+ char topbuf[512];
- fprintf (stderr, "%s listening on %s...",
- name, human_addr (ptr->ai_addr, ptr->ai_addrlen,
- topbuf, sizeof (topbuf)));
+ fprintf (stderr, "%s listening on %s...",
+ name, human_addr (ptr->ai_addr, ptr->ai_addrlen,
+ topbuf, sizeof (topbuf)));
}
if ((s = socket (ptr->ai_family, ptr->ai_socktype,
- ptr->ai_protocol)) < 0)
- {
- perror ("socket() failed");
- continue;
- }
+ ptr->ai_protocol)) < 0)
+ {
+ perror ("socket() failed");
+ continue;
+ }
yes = 1;
if (setsockopt (s, SOL_SOCKET, SO_REUSEADDR,
- (const void *) &yes, sizeof (yes)) < 0)
- {
- perror ("setsockopt() failed");
- failed:
- close (s);
- continue;
- }
+ (const void *) &yes, sizeof (yes)) < 0)
+ {
+ perror ("setsockopt() failed");
+ failed:
+ close (s);
+ continue;
+ }
if (bind (s, ptr->ai_addr, ptr->ai_addrlen) < 0)
- {
- perror ("bind() failed");
- goto failed;
- }
+ {
+ perror ("bind() failed");
+ goto failed;
+ }
if (listen (s, 10) < 0)
- {
- perror ("listen() failed");
- goto failed;
- }
+ {
+ perror ("listen() failed");
+ goto failed;
+ }
/* new list entry for the connection */
lappend (listener_list);
for (i = 0; i < len; i++)
{
if (data[i] == '\r' && data[i + 1] == '\n' && data[i + 1] == 0)
- {
- data[i] = '\n';
- data[i + 1] = 0;
- break;
- }
+ {
+ data[i] = '\n';
+ data[i + 1] = 0;
+ break;
+ }
}
}
static void
get_response (gnutls_session_t session, char *request,
- char **response, int *response_length)
+ char **response, int *response_length)
{
char *p, *h;
if (http != 0)
{
if (strncmp (request, "GET ", 4))
- goto unimplemented;
+ goto unimplemented;
if (!(h = strchr (request, '\n')))
- goto unimplemented;
+ goto unimplemented;
*h++ = '\0';
while (*h == '\r' || *h == '\n')
- h++;
+ h++;
if (!(p = strchr (request + 4, ' ')))
- goto unimplemented;
+ goto unimplemented;
*p = '\0';
}
/* *response = peer_print_info(session, request+4, h, response_length); */
strip (request);
fprintf (stderr, "received: %s\n", request);
if (request[0] == request[1] && request[0] == '*')
- {
- if (strncmp
- (request, "**REHANDSHAKE**",
- sizeof ("**REHANDSHAKE**") - 1) == 0)
- {
- fprintf (stderr, "*** Sending rehandshake request\n");
- gnutls_rehandshake (session);
- }
- *response = NULL;
- *response_length = 0;
- return;
- }
+ {
+ if (strncmp
+ (request, "**REHANDSHAKE**",
+ sizeof ("**REHANDSHAKE**") - 1) == 0)
+ {
+ fprintf (stderr, "*** Sending rehandshake request\n");
+ gnutls_rehandshake (session);
+ }
+ *response = NULL;
+ *response_length = 0;
+ return;
+ }
*response = strdup (request);
*response_length = ((*response) ? strlen (*response) : 0);
}
{
int last_alert = gnutls_alert_get (session);
if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
- printf
- ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n");
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
+ printf
+ ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n");
else
- printf ("* Received alert '%d': %s.\n", last_alert,
- gnutls_alert_get_name (last_alert));
+ printf ("* Received alert '%d': %s.\n", last_alert,
+ gnutls_alert_get_name (last_alert));
}
}
signal (SIGHUP, SIG_IGN);
signal (SIGTERM, terminate);
if (signal (SIGINT, terminate) == SIG_IGN)
- signal (SIGINT, SIG_IGN); /* e.g. background process */
+ signal (SIGINT, SIG_IGN); /* e.g. background process */
#endif
sockets_init ();
if (x509_cafile != NULL)
{
if ((ret = gnutls_certificate_set_x509_trust_file
- (cert_cred, x509_cafile, x509ctype)) < 0)
- {
- fprintf (stderr, "Error reading '%s'\n", x509_cafile);
- GERR (ret);
- exit (1);
- }
+ (cert_cred, x509_cafile, x509ctype)) < 0)
+ {
+ fprintf (stderr, "Error reading '%s'\n", x509_cafile);
+ GERR (ret);
+ exit (1);
+ }
else
- {
- printf ("Processed %d CA certificate(s).\n", ret);
- }
+ {
+ printf ("Processed %d CA certificate(s).\n", ret);
+ }
}
#ifdef ENABLE_PKI
if (x509_crlfile != NULL)
{
if ((ret = gnutls_certificate_set_x509_crl_file
- (cert_cred, x509_crlfile, x509ctype)) < 0)
- {
- fprintf (stderr, "Error reading '%s'\n", x509_crlfile);
- GERR (ret);
- exit (1);
- }
+ (cert_cred, x509_crlfile, x509ctype)) < 0)
+ {
+ fprintf (stderr, "Error reading '%s'\n", x509_crlfile);
+ GERR (ret);
+ exit (1);
+ }
else
- {
- printf ("Processed %d CRL(s).\n", ret);
- }
+ {
+ printf ("Processed %d CRL(s).\n", ret);
+ }
}
#endif
if (pgp_keyring != NULL)
{
ret =
- gnutls_certificate_set_openpgp_keyring_file (cert_cred, pgp_keyring,
- GNUTLS_OPENPGP_FMT_BASE64);
+ gnutls_certificate_set_openpgp_keyring_file (cert_cred, pgp_keyring,
+ GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
- {
- fprintf (stderr, "Error setting the OpenPGP keyring file\n");
- GERR (ret);
- }
+ {
+ fprintf (stderr, "Error setting the OpenPGP keyring file\n");
+ GERR (ret);
+ }
}
if (pgp_certfile != NULL)
{
if (info.pgp_subkey != NULL)
- ret = gnutls_certificate_set_openpgp_key_file2
- (cert_cred, pgp_certfile, pgp_keyfile, info.pgp_subkey,
- GNUTLS_OPENPGP_FMT_BASE64);
+ ret = gnutls_certificate_set_openpgp_key_file2
+ (cert_cred, pgp_certfile, pgp_keyfile, info.pgp_subkey,
+ GNUTLS_OPENPGP_FMT_BASE64);
else
- ret = gnutls_certificate_set_openpgp_key_file
- (cert_cred, pgp_certfile, pgp_keyfile, GNUTLS_OPENPGP_FMT_BASE64);
+ ret = gnutls_certificate_set_openpgp_key_file
+ (cert_cred, pgp_certfile, pgp_keyfile, GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
- {
- fprintf (stderr,
- "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
- ret, pgp_certfile, pgp_keyfile);
- GERR (ret);
- }
+ {
+ fprintf (stderr,
+ "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
+ ret, pgp_certfile, pgp_keyfile);
+ GERR (ret);
+ }
}
#endif
if (x509_certfile != NULL)
if ((ret = gnutls_certificate_set_x509_key_file
- (cert_cred, x509_certfile, x509_keyfile, x509ctype)) < 0)
+ (cert_cred, x509_certfile, x509_keyfile, x509ctype)) < 0)
{
- fprintf (stderr,
- "Error reading '%s' or '%s'\n", x509_certfile, x509_keyfile);
- GERR (ret);
- exit (1);
+ fprintf (stderr,
+ "Error reading '%s' or '%s'\n", x509_certfile, x509_keyfile);
+ GERR (ret);
+ exit (1);
}
if (x509_dsacertfile != NULL)
if ((ret = gnutls_certificate_set_x509_key_file
- (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype)) < 0)
+ (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype)) < 0)
{
- fprintf (stderr, "Error reading '%s' or '%s'\n",
- x509_dsacertfile, x509_dsakeyfile);
- GERR (ret);
- exit (1);
+ fprintf (stderr, "Error reading '%s' or '%s'\n",
+ x509_dsacertfile, x509_dsakeyfile);
+ GERR (ret);
+ exit (1);
}
gnutls_certificate_set_params_function (cert_cred, get_params);
gnutls_srp_allocate_server_credentials (&srp_cred);
if ((ret =
- gnutls_srp_set_server_credentials_file (srp_cred, srp_passwd,
- srp_passwd_conf)) < 0)
- {
- /* only exit is this function is not disabled
- */
- fprintf (stderr, "Error while setting SRP parameters\n");
- GERR (ret);
- }
+ gnutls_srp_set_server_credentials_file (srp_cred, srp_passwd,
+ srp_passwd_conf)) < 0)
+ {
+ /* only exit is this function is not disabled
+ */
+ fprintf (stderr, "Error while setting SRP parameters\n");
+ GERR (ret);
+ }
}
#endif
gnutls_psk_allocate_server_credentials (&psk_cred);
if ((ret =
- gnutls_psk_set_server_credentials_file (psk_cred, psk_passwd)) < 0)
- {
- /* only exit is this function is not disabled
- */
- fprintf (stderr, "Error while setting PSK parameters\n");
- GERR (ret);
- }
+ gnutls_psk_set_server_credentials_file (psk_cred, psk_passwd)) < 0)
+ {
+ /* only exit is this function is not disabled
+ */
+ fprintf (stderr, "Error while setting PSK parameters\n");
+ GERR (ret);
+ }
if (info.psk_hint)
- {
- ret = gnutls_psk_set_server_credentials_hint (psk_cred,
- info.psk_hint);
- if (ret)
- {
- fprintf (stderr, "Error setting PSK identity hint.\n");
- GERR (ret);
- }
- }
+ {
+ ret = gnutls_psk_set_server_credentials_hint (psk_cred,
+ info.psk_hint);
+ if (ret)
+ {
+ fprintf (stderr, "Error setting PSK identity hint.\n");
+ GERR (ret);
+ }
+ }
gnutls_psk_set_server_params_function (psk_cred, get_params);
}
{
#ifndef _WIN32
- val = fcntl (j->fd, F_GETFL, 0);
- if ((val == -1) || (fcntl (j->fd, F_SETFL, val | O_NONBLOCK) < 0))
- {
- perror ("fcntl()");
- exit (1);
- }
+ val = fcntl (j->fd, F_GETFL, 0);
+ if ((val == -1) || (fcntl (j->fd, F_SETFL, val | O_NONBLOCK) < 0))
+ {
+ perror ("fcntl()");
+ exit (1);
+ }
#endif
- if (j->listen_socket)
- {
- FD_SET (j->fd, &rd);
- n = MAX (n, j->fd);
- }
- if (j->http_state == HTTP_STATE_REQUEST)
- {
- FD_SET (j->fd, &rd);
- n = MAX (n, j->fd);
- }
- if (j->http_state == HTTP_STATE_RESPONSE)
- {
- FD_SET (j->fd, &wr);
- n = MAX (n, j->fd);
- }
+ if (j->listen_socket)
+ {
+ FD_SET (j->fd, &rd);
+ n = MAX (n, j->fd);
+ }
+ if (j->http_state == HTTP_STATE_REQUEST)
+ {
+ FD_SET (j->fd, &rd);
+ n = MAX (n, j->fd);
+ }
+ if (j->http_state == HTTP_STATE_RESPONSE)
+ {
+ FD_SET (j->fd, &wr);
+ n = MAX (n, j->fd);
+ }
}
lloopend (listener_list, j);
/* core operation */
n = select (n + 1, &rd, &wr, NULL, NULL);
if (n == -1 && errno == EINTR)
- continue;
+ continue;
if (n < 0)
- {
- perror ("select()");
- exit (1);
- }
+ {
+ perror ("select()");
+ exit (1);
+ }
/* read or write to each connection as indicated by select()'s return argument */
lloopstart (listener_list, j)
{
- /* a new connection has arrived */
- if (FD_ISSET (j->fd, &rd) && j->listen_socket)
- {
- gnutls_session_t tls_session;
-
- tls_session = initialize_session ();
-
- calen = sizeof (client_address);
- memset (&client_address, 0, calen);
- accept_fd = accept (j->fd, (struct sockaddr *) &client_address,
- &calen);
-
- if (accept_fd < 0)
- {
- perror ("accept()");
- }
- else
- {
- time_t tt;
- char *ctt;
-
- /* new list entry for the connection */
- lappend (listener_list);
- j = listener_list.tail;
- j->http_request = (char *) strdup ("");
- j->http_state = HTTP_STATE_REQUEST;
- j->fd = accept_fd;
-
- j->tls_session = tls_session;
- gnutls_transport_set_ptr (tls_session,
- (gnutls_transport_ptr_t)
- gl_fd_to_handle (accept_fd));
- j->handshake_ok = 0;
-
- if (verbose == 0)
- {
- tt = time (0);
- ctt = ctime (&tt);
- ctt[strlen (ctt) - 1] = 0;
-
- printf ("\n* Accepted connection from %s on %s\n",
- human_addr ((struct sockaddr *)
- &client_address, calen, topbuf,
- sizeof (topbuf)), ctt);
- }
- }
- }
-
- if (FD_ISSET (j->fd, &rd) && !j->listen_socket)
- {
+ /* a new connection has arrived */
+ if (FD_ISSET (j->fd, &rd) && j->listen_socket)
+ {
+ gnutls_session_t tls_session;
+
+ tls_session = initialize_session ();
+
+ calen = sizeof (client_address);
+ memset (&client_address, 0, calen);
+ accept_fd = accept (j->fd, (struct sockaddr *) &client_address,
+ &calen);
+
+ if (accept_fd < 0)
+ {
+ perror ("accept()");
+ }
+ else
+ {
+ time_t tt;
+ char *ctt;
+
+ /* new list entry for the connection */
+ lappend (listener_list);
+ j = listener_list.tail;
+ j->http_request = (char *) strdup ("");
+ j->http_state = HTTP_STATE_REQUEST;
+ j->fd = accept_fd;
+
+ j->tls_session = tls_session;
+ gnutls_transport_set_ptr (tls_session,
+ (gnutls_transport_ptr_t)
+ gl_fd_to_handle (accept_fd));
+ j->handshake_ok = 0;
+
+ if (verbose == 0)
+ {
+ tt = time (0);
+ ctt = ctime (&tt);
+ ctt[strlen (ctt) - 1] = 0;
+
+ printf ("\n* Accepted connection from %s on %s\n",
+ human_addr ((struct sockaddr *)
+ &client_address, calen, topbuf,
+ sizeof (topbuf)), ctt);
+ }
+ }
+ }
+
+ if (FD_ISSET (j->fd, &rd) && !j->listen_socket)
+ {
/* read partial GET request */
- char buf[1024];
- int r, ret;
-
- if (j->handshake_ok == 0)
- {
- r = gnutls_handshake (j->tls_session);
- if (r < 0 && gnutls_error_is_fatal (r) == 0)
- {
- check_alert (j->tls_session, r);
- /* nothing */
- }
- else if (r < 0 && gnutls_error_is_fatal (r) == 1)
- {
- check_alert (j->tls_session, r);
- fprintf (stderr, "Error in handshake\n");
- GERR (r);
-
- do
- {
- ret =
- gnutls_alert_send_appropriate (j->tls_session, r);
- }
- while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
- j->http_state = HTTP_STATE_CLOSING;
- }
- else if (r == 0)
- {
- if (gnutls_session_is_resumed (j->tls_session) != 0
- && verbose == 0)
- printf ("*** This is a resumed session\n");
-
- if (verbose == 0)
- {
- printf ("\n* Successful handshake from %s\n",
- human_addr ((struct sockaddr *)
- &client_address, calen, topbuf,
- sizeof (topbuf)));
- print_info (j->tls_session, NULL, 1);
- }
- j->handshake_ok = 1;
- }
- }
-
- if (j->handshake_ok == 1)
- {
- r = gnutls_record_recv (j->tls_session, buf,
- MIN (1024, SMALL_READ_TEST));
- if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
- {
- /* do nothing */
- }
- else if (r <= 0)
- {
- if (r == GNUTLS_E_REHANDSHAKE)
- {
- fprintf (stderr, "*** Received hello message\n");
- do
- {
- r = gnutls_handshake (j->tls_session);
- }
- while (r == GNUTLS_E_INTERRUPTED
- || r == GNUTLS_E_AGAIN);
-
- if (r < 0)
- {
- do
- {
- ret = gnutls_alert_send_appropriate
- (j->tls_session, r);
- }
- while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
-
- GERR (r);
- j->http_state = HTTP_STATE_CLOSING;
- }
- }
- else
- {
- j->http_state = HTTP_STATE_CLOSING;
- if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
- {
- check_alert (j->tls_session, r);
- fprintf (stderr, "Error while receiving data\n");
- GERR (r);
- }
- }
- }
- else
- {
- j->http_request =
- realloc (j->http_request, j->request_length + r + 1);
- if (j->http_request != NULL)
- {
- memcpy (j->http_request + j->request_length, buf, r);
- j->request_length += r;
- j->http_request[j->request_length] = '\0';
- }
- else
- j->http_state = HTTP_STATE_CLOSING;
-
- }
+ char buf[1024];
+ int r, ret;
+
+ if (j->handshake_ok == 0)
+ {
+ r = gnutls_handshake (j->tls_session);
+ if (r < 0 && gnutls_error_is_fatal (r) == 0)
+ {
+ check_alert (j->tls_session, r);
+ /* nothing */
+ }
+ else if (r < 0 && gnutls_error_is_fatal (r) == 1)
+ {
+ check_alert (j->tls_session, r);
+ fprintf (stderr, "Error in handshake\n");
+ GERR (r);
+
+ do
+ {
+ ret =
+ gnutls_alert_send_appropriate (j->tls_session, r);
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ j->http_state = HTTP_STATE_CLOSING;
+ }
+ else if (r == 0)
+ {
+ if (gnutls_session_is_resumed (j->tls_session) != 0
+ && verbose == 0)
+ printf ("*** This is a resumed session\n");
+
+ if (verbose == 0)
+ {
+ printf ("\n* Successful handshake from %s\n",
+ human_addr ((struct sockaddr *)
+ &client_address, calen, topbuf,
+ sizeof (topbuf)));
+ print_info (j->tls_session, NULL, 1);
+ }
+ j->handshake_ok = 1;
+ }
+ }
+
+ if (j->handshake_ok == 1)
+ {
+ r = gnutls_record_recv (j->tls_session, buf,
+ MIN (1024, SMALL_READ_TEST));
+ if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
+ {
+ /* do nothing */
+ }
+ else if (r <= 0)
+ {
+ if (r == GNUTLS_E_REHANDSHAKE)
+ {
+ fprintf (stderr, "*** Received hello message\n");
+ do
+ {
+ r = gnutls_handshake (j->tls_session);
+ }
+ while (r == GNUTLS_E_INTERRUPTED
+ || r == GNUTLS_E_AGAIN);
+
+ if (r < 0)
+ {
+ do
+ {
+ ret = gnutls_alert_send_appropriate
+ (j->tls_session, r);
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ GERR (r);
+ j->http_state = HTTP_STATE_CLOSING;
+ }
+ }
+ else
+ {
+ j->http_state = HTTP_STATE_CLOSING;
+ if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
+ {
+ check_alert (j->tls_session, r);
+ fprintf (stderr, "Error while receiving data\n");
+ GERR (r);
+ }
+ }
+ }
+ else
+ {
+ j->http_request =
+ realloc (j->http_request, j->request_length + r + 1);
+ if (j->http_request != NULL)
+ {
+ memcpy (j->http_request + j->request_length, buf, r);
+ j->request_length += r;
+ j->http_request[j->request_length] = '\0';
+ }
+ else
+ j->http_state = HTTP_STATE_CLOSING;
+
+ }
/* check if we have a full HTTP header */
- j->http_response = NULL;
- if (j->http_request != NULL)
- {
- if ((http == 0 && strchr (j->http_request, '\n'))
- || strstr (j->http_request, "\r\n\r\n")
- || strstr (j->http_request, "\n\n"))
- {
- get_response (j->tls_session, j->http_request,
- &j->http_response, &j->response_length);
- j->http_state = HTTP_STATE_RESPONSE;
- j->response_written = 0;
- }
- }
- }
- }
- if (FD_ISSET (j->fd, &wr))
- {
+ j->http_response = NULL;
+ if (j->http_request != NULL)
+ {
+ if ((http == 0 && strchr (j->http_request, '\n'))
+ || strstr (j->http_request, "\r\n\r\n")
+ || strstr (j->http_request, "\n\n"))
+ {
+ get_response (j->tls_session, j->http_request,
+ &j->http_response, &j->response_length);
+ j->http_state = HTTP_STATE_RESPONSE;
+ j->response_written = 0;
+ }
+ }
+ }
+ }
+ if (FD_ISSET (j->fd, &wr))
+ {
/* write partial response request */
- int r;
-
- if (j->handshake_ok == 0)
- {
- r = gnutls_handshake (j->tls_session);
- if (r < 0 && gnutls_error_is_fatal (r) == 0)
- {
- check_alert (j->tls_session, r);
- /* nothing */
- }
- else if (r < 0 && gnutls_error_is_fatal (r) == 1)
- {
- int ret;
-
- j->http_state = HTTP_STATE_CLOSING;
- check_alert (j->tls_session, r);
- fprintf (stderr, "Error in handshake\n");
- GERR (r);
-
- do
- {
- ret =
- gnutls_alert_send_appropriate (j->tls_session, r);
- }
- while (ret == GNUTLS_E_AGAIN);
- }
- else if (r == 0)
- {
- if (gnutls_session_is_resumed (j->tls_session) != 0
- && verbose == 0)
- printf ("*** This is a resumed session\n");
- if (verbose == 0)
- {
- printf ("- connection from %s\n",
- human_addr ((struct sockaddr *)
- &client_address, calen, topbuf,
- sizeof (topbuf)));
-
- print_info (j->tls_session, NULL, 1);
- }
- j->handshake_ok = 1;
- }
- }
-
- if (j->handshake_ok == 1 && j->http_response != NULL)
- {
- /* FIXME if j->http_response == NULL? */
- r = gnutls_record_send (j->tls_session,
- j->http_response +
- j->response_written,
- MIN (j->response_length -
- j->response_written,
- SMALL_READ_TEST));
- if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
- {
- /* do nothing */
- }
- else if (r <= 0)
- {
- if (http != 0)
- j->http_state = HTTP_STATE_CLOSING;
- else
- {
- j->http_state = HTTP_STATE_REQUEST;
- free (j->http_response);
- j->response_length = 0;
- j->request_length = 0;
- j->http_request[0] = 0;
- }
-
- if (r < 0)
- {
- fprintf (stderr, "Error while sending data\n");
- GERR (r);
- }
- check_alert (j->tls_session, r);
- }
- else
- {
- j->response_written += r;
+ int r;
+
+ if (j->handshake_ok == 0)
+ {
+ r = gnutls_handshake (j->tls_session);
+ if (r < 0 && gnutls_error_is_fatal (r) == 0)
+ {
+ check_alert (j->tls_session, r);
+ /* nothing */
+ }
+ else if (r < 0 && gnutls_error_is_fatal (r) == 1)
+ {
+ int ret;
+
+ j->http_state = HTTP_STATE_CLOSING;
+ check_alert (j->tls_session, r);
+ fprintf (stderr, "Error in handshake\n");
+ GERR (r);
+
+ do
+ {
+ ret =
+ gnutls_alert_send_appropriate (j->tls_session, r);
+ }
+ while (ret == GNUTLS_E_AGAIN);
+ }
+ else if (r == 0)
+ {
+ if (gnutls_session_is_resumed (j->tls_session) != 0
+ && verbose == 0)
+ printf ("*** This is a resumed session\n");
+ if (verbose == 0)
+ {
+ printf ("- connection from %s\n",
+ human_addr ((struct sockaddr *)
+ &client_address, calen, topbuf,
+ sizeof (topbuf)));
+
+ print_info (j->tls_session, NULL, 1);
+ }
+ j->handshake_ok = 1;
+ }
+ }
+
+ if (j->handshake_ok == 1 && j->http_response != NULL)
+ {
+ /* FIXME if j->http_response == NULL? */
+ r = gnutls_record_send (j->tls_session,
+ j->http_response +
+ j->response_written,
+ MIN (j->response_length -
+ j->response_written,
+ SMALL_READ_TEST));
+ if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
+ {
+ /* do nothing */
+ }
+ else if (r <= 0)
+ {
+ if (http != 0)
+ j->http_state = HTTP_STATE_CLOSING;
+ else
+ {
+ j->http_state = HTTP_STATE_REQUEST;
+ free (j->http_response);
+ j->response_length = 0;
+ j->request_length = 0;
+ j->http_request[0] = 0;
+ }
+
+ if (r < 0)
+ {
+ fprintf (stderr, "Error while sending data\n");
+ GERR (r);
+ }
+ check_alert (j->tls_session, r);
+ }
+ else
+ {
+ j->response_written += r;
/* check if we have written a complete response */
- if (j->response_written == j->response_length)
- {
- if (http != 0)
- j->http_state = HTTP_STATE_CLOSING;
- else
- {
- j->http_state = HTTP_STATE_REQUEST;
- free (j->http_response);
- j->response_length = 0;
- j->request_length = 0;
- j->http_request[0] = 0;
- }
- }
- }
- }
- else
- {
- j->request_length = 0;
- j->http_request[0] = 0;
- j->http_state = HTTP_STATE_REQUEST;
- }
- }
+ if (j->response_written == j->response_length)
+ {
+ if (http != 0)
+ j->http_state = HTTP_STATE_CLOSING;
+ else
+ {
+ j->http_state = HTTP_STATE_REQUEST;
+ free (j->http_response);
+ j->response_length = 0;
+ j->request_length = 0;
+ j->http_request[0] = 0;
+ }
+ }
+ }
+ }
+ else
+ {
+ j->request_length = 0;
+ j->http_request[0] = 0;
+ j->http_state = HTTP_STATE_REQUEST;
+ }
+ }
}
lloopend (listener_list, j);
/* loop through all connections, closing those that are in error */
lloopstart (listener_list, j)
{
- if (j->http_state == HTTP_STATE_CLOSING)
- {
- ldeleteinc (listener_list, j);
- }
+ if (j->http_state == HTTP_STATE_CLOSING)
+ {
+ ldeleteinc (listener_list, j);
+ }
}
lloopend (listener_list, j);
}
if (gaa (argc, argv, &info) != -1)
{
fprintf (stderr,
- "Error in the arguments. Use the --help or -h parameters to get more information.\n");
+ "Error in the arguments. Use the --help or -h parameters to get more information.\n");
exit (1);
}
if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
p = PACKAGE_STRING;
version_etc (stdout, program_name, p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
+ "Nikos Mavrogiannopoulos", (char *) NULL);
}
/* session resuming support */
for (i = 0; i < ssl_session_cache; i++)
{
if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
- res.size = cache_db[i].session_data_size;
+ memcmp (key.data, cache_db[i].session_id, key.size) == 0)
+ {
+ res.size = cache_db[i].session_data_size;
- res.data = gnutls_malloc (res.size);
- if (res.data == NULL)
- return res;
+ res.data = gnutls_malloc (res.size);
+ if (res.data == NULL)
+ return res;
- memcpy (res.data, cache_db[i].session_data, res.size);
+ memcpy (res.data, cache_db[i].session_data, res.size);
- return res;
- }
+ return res;
+ }
}
return res;
}
for (i = 0; i < ssl_session_cache; i++)
{
if (key.size == (unsigned int) cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
+ memcmp (key.data, cache_db[i].session_id, key.size) == 0)
+ {
- cache_db[i].session_id_size = 0;
- cache_db[i].session_data_size = 0;
+ cache_db[i].session_id_size = 0;
+ cache_db[i].session_data_size = 0;
- return 0;
- }
+ return 0;
+ }
}
return -1;
if (ret < 0 && verbose > 1)
{
if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- alert = gnutls_alert_get (session);
- printf ("\n");
- printf ("*** Received alert [%d]: %s\n",
- alert, gnutls_alert_get_name (alert));
- }
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ {
+ alert = gnutls_alert_get (session);
+ printf ("\n");
+ printf ("*** Received alert [%d]: %s\n",
+ alert, gnutls_alert_get_name (alert));
+ }
}
if (ret < 0)
buf[sizeof (buf) - 1] = 0;
sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":" "%s", protocol_str, rest);
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
+ ALL_KX ":" "%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
{
p++;
while (*p != 0 && *p != '\r' && *p != '\n')
- {
- putc (*p, stdout);
- p++;
- i++;
- if (i > 128)
- break;
- }
+ {
+ putc (*p, stdout);
+ p++;
+ i++;
+ if (i > 128)
+ break;
+ }
}
return TEST_SUCCEED;
int ret;
sprintf (prio_str, INIT_STR
- "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
return TEST_IGNORE;
sprintf (prio_str, INIT_STR
- "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
{
ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2);
if (ret2 >= 0)
- {
- printf ("\n");
-
- print = raw_to_string (exp2.data, exp2.size);
- if (print)
- printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
-
- print = raw_to_string (mod2.data, mod2.size);
- if (print)
- printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
-
- if (mod2.size != mod.size || exp2.size != exp.size ||
- memcmp (mod2.data, mod.data, mod.size) != 0 ||
- memcmp (exp2.data, exp.data, exp.size) != 0)
- {
- printf
- (" (server uses different public keys per connection)\n");
- }
- }
+ {
+ printf ("\n");
+
+ print = raw_to_string (exp2.data, exp2.size);
+ if (print)
+ printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
+
+ print = raw_to_string (mod2.data, mod2.size);
+ if (print)
+ printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
+
+ if (mod2.size != mod.size || exp2.size != exp.size ||
+ memcmp (mod2.data, mod.data, mod.size) != 0 ||
+ memcmp (exp2.data, exp.data, exp.size) != 0)
+ {
+ printf
+ (" (server uses different public keys per connection)\n");
+ }
+ }
}
return ret;
int ret;
sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":%%SAFE_RENEGOTIATION", protocol_str);
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
+ ALL_KX ":%%SAFE_RENEGOTIATION", protocol_str);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
- ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION");
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
+ ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION");
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
return TEST_IGNORE;
sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
print = raw_to_string (gen.data, gen.size);
if (print)
- printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
+ printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
print = raw_to_string (prime.data, prime.size);
if (print)
- printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
+ printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
gnutls_dh_get_pubkey (session, &pubkey2);
print = raw_to_string (pubkey2.data, pubkey2.size);
if (print)
- printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
+ printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
if (pubkey2.data && pubkey2.size == pubkey.size &&
- memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
- {
- printf (" (public key seems to be static among sessions)\n");
- }
+ memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
+ {
+ printf (" (public key seems to be static among sessions)\n");
+ }
}
return ret;
}
{
int ret;
sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
- ALL_MACS ":" ALL_KX ":%s", rest);
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
+ ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
#endif
sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":%s", protocol_str, rest);
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
+ ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
alarm (secs);
#else
setsockopt ((int) gnutls_transport_get_ptr (session), SOL_SOCKET,
- SO_RCVTIMEO, (char *) &secs, sizeof (int));
+ SO_RCVTIMEO, (char *) &secs, sizeof (int));
#endif
do
int ret;
sprintf (prio_str, INIT_STR
- "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
#ifdef ENABLE_CAMELLIA
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
#else
sprintf (prio_str,
- INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
#endif
int ret;
sprintf (prio_str,
- INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:+MD5:" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":%s:+MD5:" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":+COMP-ZLIB:" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":+COMP-ZLIB:" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR "+ARCFOUR-40:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" "+RSA-EXPORT" ":%s", protocol_str, rest);
+ INIT_STR "+ARCFOUR-40:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" "+RSA-EXPORT" ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
+ INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
return TEST_IGNORE;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX
- ":%s", rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX
+ ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
return TEST_IGNORE;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
{
/* disable TLS 1.0 */
if (ssl3_ok != 0)
- {
- strcpy (protocol_str, "+VERS-SSL3.0");
- }
+ {
+ strcpy (protocol_str, "+VERS-SSL3.0");
+ }
}
return ret;
* SSL 3.0 then the handshake will fail.
*/
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+RSA:%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+RSA:%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
{
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
}
void _gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major,
- unsigned char minor);
+ unsigned char major,
+ unsigned char minor);
test_code_t
test_version_rollback (gnutls_session_t session)
* connection will fail.
*/
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 3, 0);
* and we connect using a 5.5 record version.
*/
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 5, 5);
}
void _gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+ unsigned char major, unsigned char minor);
test_code_t
test_rsa_pms_version_check (gnutls_session_t session)
* A normal server would abort this handshake.
*/
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
+ _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
ret = do_handshake (session);
return ret;
int ret;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+ANON-DH:%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+ANON-DH:%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
return TEST_IGNORE;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
return TEST_IGNORE;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
*/
static int
cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st)
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st)
{
char issuer_dn[256];
int i, ret;
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
- }
+ {
+ printf (" [%d]: ", i);
+ printf ("%s\n", issuer_dn);
+ }
}
return -1;
return TEST_IGNORE;
sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
test_code_t test_version_oob (gnutls_session_t session);
test_code_t test_zlib (gnutls_session_t session);
int _test_srp_username_callback (gnutls_session_t session,
- char **username, char **password);
+ char **username, char **password);
if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0)
{
fprintf (stderr, "Cannot resolve %s: %s\n", hostname,
- gai_strerror (err));
+ gai_strerror (err));
exit (1);
}
/* X509 stuff */
if (gnutls_certificate_allocate_credentials (&xcred) < 0)
- { /* space for 2 certificates */
+ { /* space for 2 certificates */
fprintf (stderr, "memory error\n");
exit (1);
}
{
if (tls_tests[i].test_name == NULL)
- break; /* finished */
+ break; /* finished */
/* if neither of SSL3 and TLSv1 are supported, exit
*/
if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
- {
- fprintf (stderr,
- "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
- break;
- }
+ {
+ fprintf (stderr,
+ "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
+ break;
+ }
sd = -1;
for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
- {
- sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
- if (sd == -1)
- {
- continue;
- }
-
- getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
- NULL, 0, NI_NUMERICHOST);
- if (tt++ == 0)
- printf ("Connecting to '%s:%d'...\n", buffer, port);
- if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
- {
- close (sd);
- sd = -1;
- continue;
- }
- }
+ {
+ sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
+ if (sd == -1)
+ {
+ continue;
+ }
+
+ getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
+ NULL, 0, NI_NUMERICHOST);
+ if (tt++ == 0)
+ printf ("Connecting to '%s:%d'...\n", buffer, port);
+ if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
+ {
+ close (sd);
+ sd = -1;
+ continue;
+ }
+ }
ERR (err, "connect") gnutls_init (&state, GNUTLS_CLIENT);
gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t)
- gl_fd_to_handle (sd));
+ gl_fd_to_handle (sd));
do
- {
- printf ("Checking %s...", tls_tests[i].test_name);
-
- ret = tls_tests[i].func (state);
-
- if (ret == TEST_SUCCEED)
- printf (" %s\n", tls_tests[i].suc_str);
- else if (ret == TEST_FAILED)
- printf (" %s\n", tls_tests[i].fail_str);
- else if (ret == TEST_UNSURE)
- printf (" %s\n", tls_tests[i].unsure_str);
- else if (ret == TEST_IGNORE)
- {
- printf (" N/A\n");
- i++;
- }
- }
+ {
+ printf ("Checking %s...", tls_tests[i].test_name);
+
+ ret = tls_tests[i].func (state);
+
+ if (ret == TEST_SUCCEED)
+ printf (" %s\n", tls_tests[i].suc_str);
+ else if (ret == TEST_FAILED)
+ printf (" %s\n", tls_tests[i].fail_str);
+ else if (ret == TEST_UNSURE)
+ printf (" %s\n", tls_tests[i].unsure_str);
+ else if (ret == TEST_IGNORE)
+ {
+ printf (" N/A\n");
+ i++;
+ }
+ }
while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL);
gnutls_deinit (state);
- shutdown (sd, SHUT_RDWR); /* no more receptions */
+ shutdown (sd, SHUT_RDWR); /* no more receptions */
close (sd);
i++;
if (gaa (argc, argv, &info) != -1)
{
fprintf (stderr,
- "Error in the arguments. Use the -h or --help parameters to get more info.\n");
+ "Error in the arguments. Use the -h or --help parameters to get more info.\n");
exit (1);
}
if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
p = PACKAGE_STRING;
version_etc (stdout, "gnutls-cli-debug", p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
+ "Nikos Mavrogiannopoulos", (char *) NULL);
}
else
{
if (debug)
- success ("client: Handshake was completed\n");
+ success ("client: Handshake was completed\n");
}
if (debug)
success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
gnutls_record_send (session, MSG, strlen (MSG));
if (ret == 0)
{
if (debug)
- success ("client: Peer has closed the TLS connection\n");
+ success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
}
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
if (debug)
success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (debug)
success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
/* see the Getting peer's information example */
/* print_info(session); */
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
/* do not wait for the peer to close the connection.
*/
if (rc)
{
printf ("gnutls_certificate_allocate_credentials rc %d: %s\n",
- rc, gnutls_strerror (rc));
+ rc, gnutls_strerror (rc));
return 1;
}
rc = gnutls_certificate_set_x509_crl_mem (crt, &crldatum,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (rc != 1)
{
printf ("gnutls_certificate_set_x509_crl_mem num %d\n", rc);
if (rc)
{
printf ("gnutls_certificate_set_x509_crl rc %d: %s\n",
- rc, gnutls_strerror (rc));
+ rc, gnutls_strerror (rc));
return 1;
}
size_t j;
if (debug)
- printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i);
+ printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i);
for (j = 0; chains[i].chain[j]; j++)
- {
- if (debug > 2)
- printf ("\tAdding certificate %d...", (int) j);
-
- ret = gnutls_x509_crt_init (&certs[j]);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d,%d]: %s",
- (int) i, (int) j, gnutls_strerror (ret));
-
- tmp.data = (char *) chains[i].chain[j];
- tmp.size = strlen (chains[i].chain[j]);
-
- ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM);
- if (debug > 2)
- printf ("done\n");
- if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s",
- (int) i, (int) j, gnutls_strerror (ret));
-
- gnutls_x509_crt_print (certs[j], GNUTLS_CRT_PRINT_ONELINE, &tmp);
- if (debug)
- printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data);
- gnutls_free (tmp.data);
- }
+ {
+ if (debug > 2)
+ printf ("\tAdding certificate %d...", (int) j);
+
+ ret = gnutls_x509_crt_init (&certs[j]);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d,%d]: %s",
+ (int) i, (int) j, gnutls_strerror (ret));
+
+ tmp.data = (char *) chains[i].chain[j];
+ tmp.size = strlen (chains[i].chain[j]);
+
+ ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM);
+ if (debug > 2)
+ printf ("done\n");
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s",
+ (int) i, (int) j, gnutls_strerror (ret));
+
+ gnutls_x509_crt_print (certs[j], GNUTLS_CRT_PRINT_ONELINE, &tmp);
+ if (debug)
+ printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data);
+ gnutls_free (tmp.data);
+ }
if (debug > 2)
- printf ("\tAdding CA certificate...");
+ printf ("\tAdding CA certificate...");
ret = gnutls_x509_crt_init (&ca);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s",
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s",
+ gnutls_strerror (ret));
tmp.data = (char *) *chains[i].ca;
tmp.size = strlen (*chains[i].ca);
ret = gnutls_x509_crt_import (ca, &tmp, GNUTLS_X509_FMT_PEM);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s",
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s",
+ gnutls_strerror (ret));
if (debug > 2)
- printf ("done\n");
+ printf ("done\n");
gnutls_x509_crt_print (ca, GNUTLS_CRT_PRINT_ONELINE, &tmp);
if (debug)
- printf ("\tCA Certificate: %.*s\n", tmp.size, tmp.data);
+ printf ("\tCA Certificate: %.*s\n", tmp.size, tmp.data);
gnutls_free (tmp.data);
if (debug)
- printf ("\tVerifying...");
+ printf ("\tVerifying...");
ret = gnutls_x509_crt_list_verify (certs, j,
- &ca, 1, NULL, 0,
- chains[i].verify_flags,
- &verify_status);
+ &ca, 1, NULL, 0,
+ chains[i].verify_flags,
+ &verify_status);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d,%d]: %s",
- (int) i, (int) j, gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d,%d]: %s",
+ (int) i, (int) j, gnutls_strerror (ret));
if (verify_status != chains[i].expected_verify_result)
- {
- fail ("chain[%s]: verify_status: %d expected: %d\n", chains[i].name,
- verify_status, chains[i].expected_verify_result);
+ {
+ fail ("chain[%s]: verify_status: %d expected: %d\n", chains[i].name,
+ verify_status, chains[i].expected_verify_result);
#if 0
- j = 0;
- do
- {
- fprintf (stderr, "%s\n", chains[i].chain[j]);
- }
- while (chains[i].chain[++j] != NULL);
+ j = 0;
+ do
+ {
+ fprintf (stderr, "%s\n", chains[i].chain[j]);
+ }
+ while (chains[i].chain[++j] != NULL);
#endif
- if (!debug)
- exit (1);
- }
+ if (!debug)
+ exit (1);
+ }
else if (debug)
- printf ("done\n");
+ printf ("done\n");
if (debug)
- printf ("\tCleanup...");
+ printf ("\tCleanup...");
gnutls_x509_crt_deinit (ca);
for (j = 0; chains[i].chain[j]; j++)
- gnutls_x509_crt_deinit (certs[j]);
+ gnutls_x509_crt_deinit (certs[j]);
if (debug)
- printf ("done\n\n\n");
+ printf ("done\n\n\n");
}
gnutls_global_deinit ();
ret = gnutls_x509_crq_get_challenge_password (crq, smallbuf, &s);
if (ret != 0 || s != 3 || strcmp (smallbuf, "foo") != 0)
fail ("gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n",
- ret, (int) s, smallbuf);
+ ret, (int) s, smallbuf);
s = 0;
ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL);
fail ("gnutls_x509_crq_get_extension_data\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "foo", 3, 1);
+ "foo", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "bar", 3, 1);
+ "bar", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "apa", 3, 0);
+ "apa", 3, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "foo", 3, 1);
+ "foo", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
{
ret = gnutls_x509_crq_init (&crq);
if (ret < 0)
- fail ("gnutls_x509_crq_init: %d\n", ret);
+ fail ("gnutls_x509_crq_init: %d\n", ret);
ret = gnutls_x509_privkey_init (&pkey);
if (ret < 0)
- {
- fail ("gnutls_x509_privkey_init: %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_privkey_init: %d\n", ret);
+ }
ret = gnutls_x509_privkey_generate (pkey, algorithm, 1024, 0);
if (ret < 0)
- {
- fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret);
+ }
else if (debug)
- {
- success ("Key[%s] generation ok: %d\n",
- gnutls_pk_algorithm_get_name (algorithm), ret);
- }
+ {
+ success ("Key[%s] generation ok: %d\n",
+ gnutls_pk_algorithm_get_name (algorithm), ret);
+ }
pkey_key_id_len = 0;
ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id,
- &pkey_key_id_len);
+ &pkey_key_id_len);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
- ret);
- }
+ {
+ fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
+ ret);
+ }
pkey_key_id = malloc (sizeof (unsigned char) * pkey_key_id_len);
ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id,
- &pkey_key_id_len);
+ &pkey_key_id_len);
if (ret != GNUTLS_E_SUCCESS)
- {
- fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
- ret);
- }
+ {
+ fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
+ ret);
+ }
ret = gnutls_x509_crq_set_version (crq, 1);
if (ret < 0)
- {
- fail ("gnutls_x509_crq_set_version: %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_crq_set_version: %d\n", ret);
+ }
ret = gnutls_x509_crq_set_key (crq, pkey);
if (ret < 0)
- {
- fail ("gnutls_x509_crq_set_key: %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_crq_set_key: %d\n", ret);
+ }
ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
- 0, "CN-Test", 7);
+ 0, "CN-Test", 7);
if (ret < 0)
- {
- fail ("gnutls_x509_crq_set_dn_by_oid: %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_crq_set_dn_by_oid: %d\n", ret);
+ }
ret = gnutls_x509_crq_sign (crq, pkey);
if (ret)
- {
- fail ("gnutls_x509_crq_sign: %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_crq_sign: %d\n", ret);
+ }
crq_key_id_len = 0;
ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
+ }
crq_key_id = malloc (sizeof (unsigned char) * crq_key_id_len);
ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len);
if (ret != GNUTLS_E_SUCCESS)
- {
- fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
- }
+ {
+ fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
+ }
if (crq_key_id_len == pkey_key_id_len)
- {
- ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len);
- if (ret == 0)
- {
- if (debug)
- success ("Key ids are identical. OK.\n");
- }
- else
- {
- fail ("Key ids differ incorrectly: %d\n", ret);
- }
- }
+ {
+ ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len);
+ if (ret == 0)
+ {
+ if (debug)
+ success ("Key ids are identical. OK.\n");
+ }
+ else
+ {
+ fail ("Key ids differ incorrectly: %d\n", ret);
+ }
+ }
else
- {
- fail ("Key_id lengths differ incorrectly: %d - %d\n",
- (int) crq_key_id_len, (int) pkey_key_id_len);
- }
+ {
+ fail ("Key_id lengths differ incorrectly: %d - %d\n",
+ (int) crq_key_id_len, (int) pkey_key_id_len);
+ }
if (pkey_key_id)
- {
- free (pkey_key_id);
- pkey_key_id = NULL;
- }
+ {
+ free (pkey_key_id);
+ pkey_key_id = NULL;
+ }
if (crq_key_id)
- {
- free (crq_key_id);
- crq_key_id = NULL;
- }
+ {
+ free (crq_key_id);
+ crq_key_id = NULL;
+ }
gnutls_x509_crq_deinit (crq);
gnutls_x509_privkey_deinit (pkey);
{
ret = gnutls_x509_crt_init (&certs[i]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d]: %s", (int) i,
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d]: %s", (int) i,
+ gnutls_strerror (ret));
tmp.data = (char *) pem_certs[i];
tmp.size = strlen (pem_certs[i]);
ret = gnutls_x509_crt_import (certs[i], &tmp, GNUTLS_X509_FMT_PEM);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d]: %s", (int) i,
- gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d]: %s", (int) i,
+ gnutls_strerror (ret));
}
ret = gnutls_x509_crt_init (&ca);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
tmp.data = (char *) pem_ca;
tmp.size = strlen (pem_ca);
ret = gnutls_x509_crt_import (ca, &tmp, GNUTLS_X509_FMT_PEM);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
ret = gnutls_x509_crt_list_verify (certs, CHAIN_LENGTH,
- &ca, 1,
- NULL, 0,
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
- &verify_status);
+ &ca, 1,
+ NULL, 0,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
+ &verify_status);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d]: %s", (int) i,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
if (verify_status != (GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID))
error (EXIT_FAILURE, 0, "verify_status: %d", verify_status);
ret = gnutls_x509_crt_init (&self_cert);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
tmp.data = (char *) pem_self_cert;
tmp.size = strlen (pem_self_cert);
ret = gnutls_x509_crt_import (self_cert, &tmp, GNUTLS_X509_FMT_PEM);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
ret = gnutls_x509_crt_list_verify (&self_cert, 1,
- &self_cert, 1,
- NULL, 0,
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
- &verify_status);
+ &self_cert, 1,
+ NULL, 0,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
+ &verify_status);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d]: %s", (int) i,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
if (verify_status != 0)
error (EXIT_FAILURE, 0, "verify_status: %d", verify_status);
gnutls_psk_allocate_client_credentials (&pskcred);
gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
+ GNUTLS_PSK_KEY_HEX);
/* Initialize TLS session
*/
else
{
if (debug)
- success ("client: Handshake was completed\n");
+ success ("client: Handshake was completed\n");
}
gnutls_record_send (session, MSG, strlen (MSG));
if (ret == 0)
{
if (debug)
- success ("client: Peer has closed the TLS connection\n");
+ success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- fputc (buffer[ii], stdout);
+ fputc (buffer[ii], stdout);
fputs ("\n", stdout);
}
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
/* These are global */
gnutls_psk_server_credentials_t server_pskcred;
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
if (debug)
success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
/* do not wait for the peer to close the connection.
*/
for (i = 0; ret == 0; i++)
for (j = 0; ret == 0; j++)
{
- ret = gnutls_x509_dn_get_rdn_ava (dn, i, j, &ava);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- {
- if (j > 0)
- {
- j = 0;
- ret = 0;
- }
- break;
- }
- if (ret < 0)
- fail ("get_rdn_ava %d\n", ret);
- if (debug)
- printf ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", i, j,
- ava.oid.size, ava.oid.data, ava.value.size, ava.value.data);
+ ret = gnutls_x509_dn_get_rdn_ava (dn, i, j, &ava);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ {
+ if (j > 0)
+ {
+ j = 0;
+ ret = 0;
+ }
+ break;
+ }
+ if (ret < 0)
+ fail ("get_rdn_ava %d\n", ret);
+ if (debug)
+ printf ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", i, j,
+ ava.oid.size, ava.oid.data, ava.value.size, ava.value.data);
}
}
if (out.size != strlen (info) || strcmp (out.data, info) != 0)
fail ("comparison fail (%d/%d)\nexpect: %s\n got: %.*s\n",
- out.size, (int) strlen (info), info, out.size, out.data);
+ out.size, (int) strlen (info), info, out.size, out.data);
gnutls_x509_crt_deinit (cert);
gnutls_global_deinit ();
else
{
if (memcmp (digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0"
- "\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0)
- {
- if (debug)
- success ("_gnutls_hmac_fast(MD5) OK\n");
- }
+ "\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0)
+ {
+ if (debug)
+ success ("_gnutls_hmac_fast(MD5) OK\n");
+ }
else
- {
- hexprint (digest, 16);
- fail ("_gnutls_hmac_fast(MD5) failure\n");
- }
+ {
+ hexprint (digest, 16);
+ fail ("_gnutls_hmac_fast(MD5) failure\n");
+ }
}
err =
_gnutls_hmac_fast (GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
- digest);
+ digest);
if (err < 0)
fail ("_gnutls_hmac_fast(SHA1) failed: %d\n", err);
else
{
if (memcmp (digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8"
- "\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa",
- 20) == 0)
- {
- if (debug)
- success ("_gnutls_hmac_fast(SHA1) OK\n");
- }
+ "\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa",
+ 20) == 0)
+ {
+ if (debug)
+ success ("_gnutls_hmac_fast(SHA1) OK\n");
+ }
else
- {
- hexprint (digest, 20);
- fail ("_gnutls_hmac_fast(SHA1) failure\n");
- }
+ {
+ hexprint (digest, 20);
+ fail ("_gnutls_hmac_fast(SHA1) failure\n");
+ }
}
err = _gnutls_pbkdf2_sha1 ("password", 8, "salt", 4, 4711, digest, 16);
else
{
if (memcmp (digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15"
- "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0)
- {
- if (debug)
- success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
- }
+ "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0)
+ {
+ if (debug)
+ success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
+ }
else
- {
- hexprint (digest, 16);
- fail ("_gnutls_pkcs5_pbkdf2_sha1() failure\n");
- }
+ {
+ hexprint (digest, 16);
+ fail ("_gnutls_pkcs5_pbkdf2_sha1() failure\n");
+ }
}
gnutls_global_deinit ();
do
{
if (cret == GNUTLS_E_AGAIN)
- {
- //success ("loop invoking client:\n");
- cret = gnutls_handshake (client);
- //success ("client %d: %s\n", cret, gnutls_strerror (cret));
- }
+ {
+ //success ("loop invoking client:\n");
+ cret = gnutls_handshake (client);
+ //success ("client %d: %s\n", cret, gnutls_strerror (cret));
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- //success ("loop invoking server:\n");
- sret = gnutls_handshake (server);
- //success ("server %d: %s\n", sret, gnutls_strerror (sret));
- }
+ {
+ //success ("loop invoking server:\n");
+ sret = gnutls_handshake (server);
+ //success ("server %d: %s\n", sret, gnutls_strerror (sret));
+ }
}
while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN);
ret = gnutls_record_recv (server, buffer, MAX_BUF);
if (ret == 0)
- fail ("server: didn't receive any data\n");
+ fail ("server: didn't receive any data\n");
else if (ret < 0)
- {
+ {
// if (debug)
// fputs ("#", stdout);
- if (ret != GNUTLS_E_AGAIN)
- {
- fail ("server: error: %s\n", gnutls_strerror (ret));
- break;
- }
- }
+ if (ret != GNUTLS_E_AGAIN)
+ {
+ fail ("server: error: %s\n", gnutls_strerror (ret));
+ break;
+ }
+ }
else
- {
- transferred += ret;
+ {
+ transferred += ret;
// if (debug)
// fputs ("*", stdout);
- }
+ }
msglen = strlen (MSG);
do
- {
- ns = gnutls_record_send (server, MSG, msglen);
- }
+ {
+ ns = gnutls_record_send (server, MSG, msglen);
+ }
while (ns == GNUTLS_E_AGAIN);
ret = gnutls_record_recv (client, buffer, MAX_BUF);
if (ret == 0)
- {
- fail ("client: Peer has closed the TLS connection\n");
- }
+ {
+ fail ("client: Peer has closed the TLS connection\n");
+ }
else if (ret < 0)
- {
- if (debug)
- fputs ("!", stdout);
- if (ret != GNUTLS_E_AGAIN)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- break;
- }
- }
+ {
+ if (debug)
+ fputs ("!", stdout);
+ if (ret != GNUTLS_E_AGAIN)
+ {
+ fail ("client: Error: %s\n", gnutls_strerror (ret));
+ break;
+ }
+ }
else
- {
- if (msglen != ret || memcmp (buffer, MSG, msglen) != 0)
- {
- fail ("client: Transmitted data do not match\n");
- }
-
- /* echo back */
- do
- {
- ns = gnutls_record_send (client, buffer, msglen);
- }
- while (ns == GNUTLS_E_AGAIN);
-
- transferred += ret;
- if (debug)
- fputs (".", stdout);
- }
+ {
+ if (msglen != ret || memcmp (buffer, MSG, msglen) != 0)
+ {
+ fail ("client: Transmitted data do not match\n");
+ }
+
+ /* echo back */
+ do
+ {
+ ns = gnutls_record_send (client, buffer, msglen);
+ }
+ while (ns == GNUTLS_E_AGAIN);
+
+ transferred += ret;
+ if (debug)
+ fputs (".", stdout);
+ }
}
while (transferred < 70000);
if (debug)
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL", NULL);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = 1;
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL", NULL);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
do
{
if (cret == GNUTLS_E_AGAIN)
- {
- if (debug)
- success ("loop invoking client:\n");
- cret = gnutls_handshake (client);
- if (debug)
- success ("client %d: %s\n", cret, gnutls_strerror (cret));
- }
+ {
+ if (debug)
+ success ("loop invoking client:\n");
+ cret = gnutls_handshake (client);
+ if (debug)
+ success ("client %d: %s\n", cret, gnutls_strerror (cret));
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- if (debug)
- success ("loop invoking server:\n");
- sret = gnutls_handshake (server);
- if (debug)
- success ("server %d: %s\n", sret, gnutls_strerror (sret));
- }
+ {
+ if (debug)
+ success ("loop invoking server:\n");
+ sret = gnutls_handshake (server);
+ if (debug)
+ success ("server %d: %s\n", sret, gnutls_strerror (sret));
+ }
}
while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN);
else
{
if (debug)
- {
- printf ("server: received %d: ", ret);
- for (n = 0; n < ret; n++)
- fputc (buffer[n], stdout);
- fputs ("\n", stdout);
- }
+ {
+ printf ("server: received %d: ", ret);
+ for (n = 0; n < ret; n++)
+ fputc (buffer[n], stdout);
+ fputs ("\n", stdout);
+ }
}
ns = gnutls_record_send (server, MSG, strlen (MSG));
else
{
if (debug)
- {
- printf ("client: received %d: ", ret);
- for (n = 0; n < ret; n++)
- fputc (buffer[n], stdout);
- fputs ("\n", stdout);
- }
+ {
+ printf ("client: received %d: ", ret);
+ for (n = 0; n < ret; n++)
+ fputc (buffer[n], stdout);
+ fputs ("\n", stdout);
+ }
}
gnutls_bye (client, GNUTLS_SHUT_RDWR);
fprintf (stderr, "|<%d>| %s", level, str);
}
-#define RND_BITS 510 /* not multiple of 8 */
+#define RND_BITS 510 /* not multiple of 8 */
void
doit (void)
{
if (ret == 0)
{
if (debug)
- success ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)");
+ success ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)");
}
else
{
if (ret == 0)
{
if (debug)
- success ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)");
+ success ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)");
}
else
{
ssize_t sent;
if (debug)
- printf ("client process %i\n", getpid ());
+ printf ("client process %i\n", getpid ());
err = gnutls_init (&session, GNUTLS_CLIENT);
if (err != 0)
- fail ("client session %d\n", err);
+ fail ("client session %d\n", err);
gnutls_set_default_priority (session);
gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[0]);
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[0]);
err = gnutls_certificate_allocate_credentials (&cred);
if (err != 0)
- fail ("client credentials %d\n", err);
+ fail ("client credentials %d\n", err);
err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path, priv_key_path,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
if (err != 0)
- fail ("client openpgp keys %d\n", err);
+ fail ("client openpgp keys %d\n", err);
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
if (err != 0)
- fail ("client credential_set %d\n", err);
+ fail ("client credential_set %d\n", err);
gnutls_protocol_set_priority (session, protocols);
gnutls_certificate_type_set_priority (session, cert_types);
err = gnutls_handshake (session);
if (err != 0)
- fail ("client handshake %d\n", err);
+ fail ("client handshake %d\n", err);
else if (debug)
- printf ("client handshake successful\n");
+ printf ("client handshake successful\n");
sent = gnutls_record_send (session, message, sizeof (message));
if (sent != sizeof (message))
- fail ("client sent %li vs. %li\n",
- (long) sent, (long) sizeof (message));
+ fail ("client sent %li vs. %li\n",
+ (long) sent, (long) sizeof (message));
err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
if (err != 0)
- fail ("client bye %d\n", err);
+ fail ("client bye %d\n", err);
if (debug)
- printf ("client done\n");
+ printf ("client done\n");
}
else
{
const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
if (debug)
- printf ("server process %i (child %i)\n", getpid (), child);
+ printf ("server process %i (child %i)\n", getpid (), child);
err = gnutls_init (&session, GNUTLS_SERVER);
if (err != 0)
- fail ("server session %d\n", err);
+ fail ("server session %d\n", err);
gnutls_set_default_priority (session);
gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[1]);
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[1]);
err = gnutls_certificate_allocate_credentials (&cred);
if (err != 0)
- fail ("server credentials %d\n", err);
+ fail ("server credentials %d\n", err);
err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path, priv_key_path,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
if (err != 0)
- fail ("server openpgp keys %d\n", err);
+ fail ("server openpgp keys %d\n", err);
err = gnutls_dh_params_init (&dh_params);
if (err)
- fail ("server DH params init %d\n", err);
+ fail ("server DH params init %d\n", err);
err =
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
if (err)
- fail ("server DH params generate %d\n", err);
+ fail ("server DH params generate %d\n", err);
gnutls_certificate_set_dh_params (cred, dh_params);
rsa_data.data =
- (unsigned char *) read_binary_file (rsa_params_path, &rsa_size);
+ (unsigned char *) read_binary_file (rsa_params_path, &rsa_size);
if (rsa_data.data == NULL)
- fail ("server rsa params error\n");
+ fail ("server rsa params error\n");
rsa_data.size = rsa_size;
err = gnutls_rsa_params_init (&rsa_params);
if (err)
- fail ("server RSA params init %d\n", err);
+ fail ("server RSA params init %d\n", err);
err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (err)
- fail ("server RSA params import %d\n", err);
+ fail ("server RSA params import %d\n", err);
gnutls_certificate_set_rsa_export_params (cred, rsa_params);
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
if (err != 0)
- fail ("server credential_set %d\n", err);
+ fail ("server credential_set %d\n", err);
gnutls_protocol_set_priority (session, protocols);
gnutls_certificate_type_set_priority (session, cert_types);
err = gnutls_handshake (session);
if (err != 0)
- fail ("server handshake %d\n", err);
+ fail ("server handshake %d\n", err);
received = gnutls_record_recv (session, greetings, sizeof (greetings));
if (received != sizeof (message)
- || memcmp (greetings, message, sizeof (message)))
- fail ("server received %li vs. %li\n",
- (long) received, (long) sizeof (message));
+ || memcmp (greetings, message, sizeof (message)))
+ fail ("server received %li vs. %li\n",
+ (long) received, (long) sizeof (message));
err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
if (err != 0)
- fail ("server bye %d\n", err);
+ fail ("server bye %d\n", err);
if (debug)
- printf ("server done\n");
+ printf ("server done\n");
done = wait (&status);
if (done < 0)
- fail ("wait %s\n", strerror (errno));
+ fail ("wait %s\n", strerror (errno));
if (done != child)
- fail ("who's that?! %d\n", done);
+ fail ("who's that?! %d\n", done);
if (WIFEXITED (status))
- {
- if (WEXITSTATUS (status) != 0)
- fail ("child exited with status %d\n", WEXITSTATUS (status));
- }
+ {
+ if (WEXITSTATUS (status) != 0)
+ fail ("child exited with status %d\n", WEXITSTATUS (status));
+ }
else if (WIFSIGNALED (status))
- fail ("child stopped by signal %d\n", WTERMSIG (status));
+ fail ("child stopped by signal %d\n", WTERMSIG (status));
else
- fail ("child failed: %d\n", status);
+ fail ("child failed: %d\n", status);
}
}
data.data = raw_keyring;
data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]);
ret = gnutls_openpgp_keyring_import (keyring, &data,
- GNUTLS_OPENPGP_FMT_RAW);
+ GNUTLS_OPENPGP_FMT_RAW);
if (ret < 0)
fail ("keyring-import %d\n", ret);
tb = localtime (×tamp);
sprintf (buf, "%04d-%02d-%02d", tb->tm_year + 1900, tb->tm_mon + 1,
- tb->tm_mday);
+ tb->tm_mday);
return buf;
}
success ("Setting key files...\n");
ret = gnutls_certificate_set_openpgp_key_mem (xcred, &cert, &key,
- GNUTLS_OPENPGP_FMT_BASE64);
+ GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
{
fail ("Could not set key files...\n");
if (debug)
success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
/* see the Getting peer's information example */
if (debug)
if (ret == 0)
{
if (debug)
- success ("client: Peer has closed the TLS connection\n");
+ success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
}
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
gnutls_certificate_allocate_credentials (&pgp_cred);
ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt,
- &server_key, "auto",
- GNUTLS_OPENPGP_FMT_BASE64);
+ &server_key, "auto",
+ GNUTLS_OPENPGP_FMT_BASE64);
if (err < 0)
{
fail ("Could not set server key files...\n");
if (debug)
success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (debug)
success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
/* see the Getting peer's information example */
if (debug)
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
/* do not wait for the peer to close the connection.
*/
MD5_Final (&(md[0]), &c);
if (memcmp (md, "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
- "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof (md)) != 0)
+ "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof (md)) != 0)
{
hexprint (md, sizeof (md));
fail ("MD5 failure\n");
if (rc)
{
printf ("gnutls_openpgp_privkey_init rc %d: %s\n",
- rc, gnutls_strerror (rc));
+ rc, gnutls_strerror (rc));
return 1;
}
rc = gnutls_openpgp_privkey_import (key, &keydatum,
- GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
+ GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
if (rc)
{
printf ("gnutls_openpgp_privkey_import rc %d: %s\n",
- rc, gnutls_strerror (rc));
+ rc, gnutls_strerror (rc));
return 1;
}
{
ret = gnutls_pkcs12_bag_init (&bag);
if (ret < 0)
- error (EXIT_FAILURE, 0, "bag_init: %d", ret);
+ error (EXIT_FAILURE, 0, "bag_init: %d", ret);
ret = gnutls_pkcs12_bag_set_crt (bag, i == 0 ? client : ca);
if (ret < 0)
- error (EXIT_FAILURE, 0, "set_crt: %d", ret);
+ error (EXIT_FAILURE, 0, "set_crt: %d", ret);
indx = ret;
ret = gnutls_pkcs12_bag_set_friendly_name (bag, indx,
- i == 0 ? "client" : "ca");
+ i == 0 ? "client" : "ca");
if (ret < 0)
- error (EXIT_FAILURE, 0, "set_friendly_name: %d", ret);
+ error (EXIT_FAILURE, 0, "set_friendly_name: %d", ret);
size = sizeof (key_id_buf);
ret = gnutls_x509_crt_get_key_id (i == 0 ? client : ca, 0,
- key_id_buf, &size);
+ key_id_buf, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "get_key_id: %d", ret);
+ error (EXIT_FAILURE, 0, "get_key_id: %d", ret);
key_id.data = key_id_buf;
key_id.size = size;
ret = gnutls_pkcs12_bag_set_key_id (bag, indx, &key_id);
if (ret < 0)
- error (EXIT_FAILURE, 0, "bag_set_key_id: %d", ret);
+ error (EXIT_FAILURE, 0, "bag_set_key_id: %d", ret);
ret = gnutls_pkcs12_bag_encrypt (bag, "pass",
- i == 0 ? GNUTLS_PKCS8_USE_PKCS12_3DES
- : GNUTLS_PKCS_USE_PKCS12_RC2_40);
+ i == 0 ? GNUTLS_PKCS8_USE_PKCS12_3DES
+ : GNUTLS_PKCS_USE_PKCS12_RC2_40);
if (ret < 0)
- error (EXIT_FAILURE, 0, "bag_encrypt: %d: %s", ret,
- i == 0 ? "3DES" : "RC2-40");
+ error (EXIT_FAILURE, 0, "bag_encrypt: %d: %s", ret,
+ i == 0 ? "3DES" : "RC2-40");
ret = gnutls_pkcs12_set_bag (pkcs12, bag);
if (ret < 0)
- error (EXIT_FAILURE, 0, "set_bag: %d", ret);
+ error (EXIT_FAILURE, 0, "set_bag: %d", ret);
gnutls_pkcs12_bag_deinit (bag);
}
for (i = 1; i < 4; i++)
{
for (j = 0; j < 3; j++)
- {
- rc =
- _gnutls_pkcs12_string_to_key (i, salt[j], strlen (salt[j]),
- j + i + 15, pw[j], sizeof (key),
- key);
- if (rc < 0)
- fail ("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc);
-
- if (strcmp (_gnutls_bin2hex (key, sizeof (key),
- tmp, sizeof (tmp), NULL),
- values[x]) != 0)
- fail ("_gnutls_pkcs12_string_to_key failed[1]\n");
-
- if (debug)
- printf ("ij: %d.%d: %s\n", i, j,
- _gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp),
- NULL));
- x++;
- }
+ {
+ rc =
+ _gnutls_pkcs12_string_to_key (i, salt[j], strlen (salt[j]),
+ j + i + 15, pw[j], sizeof (key),
+ key);
+ if (rc < 0)
+ fail ("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc);
+
+ if (strcmp (_gnutls_bin2hex (key, sizeof (key),
+ tmp, sizeof (tmp), NULL),
+ values[x]) != 0)
+ fail ("_gnutls_pkcs12_string_to_key failed[1]\n");
+
+ if (debug)
+ printf ("ij: %d.%d: %s\n", i, j,
+ _gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp),
+ NULL));
+ x++;
+ }
}
if (debug)
printf ("\n");
for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
{
rc = _gnutls_pkcs12_string_to_key (tv[i].id, tv[i].salt, 8,
- tv[i].iter, tv[i].password,
- tv[i].keylen, key);
+ tv[i].iter, tv[i].password,
+ tv[i].keylen, key);
if (rc < 0)
- fail ("_gnutls_pkcs12_string_to_key failed[2]: %d\n", rc);
+ fail ("_gnutls_pkcs12_string_to_key failed[2]: %d\n", rc);
if (memcmp (_gnutls_bin2hex (key, tv[i].keylen,
- tmp, sizeof (tmp), NULL),
- tv[i].key, tv[i].keylen) != 0)
- fail ("_gnutls_pkcs12_string_to_key failed[3]\n");
+ tmp, sizeof (tmp), NULL),
+ tv[i].key, tv[i].keylen) != 0)
+ fail ("_gnutls_pkcs12_string_to_key failed[3]\n");
if (debug)
- printf ("tv[%d]: %s\n", i,
- _gnutls_bin2hex (key, tv[i].keylen, tmp, sizeof (tmp), NULL));
+ printf ("tv[%d]: %s\n", i,
+ _gnutls_bin2hex (key, tv[i].keylen, tmp, sizeof (tmp), NULL));
}
if (debug)
printf ("\n");
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
- return 1;
+ return 1;
tmp.data = (char *) keys[i].pkcs12key;
tmp.size = strlen (tmp.data);
ret = gnutls_x509_privkey_import_pkcs8 (key, &tmp,
- GNUTLS_X509_FMT_PEM,
- keys[i].password, 0);
+ GNUTLS_X509_FMT_PEM,
+ keys[i].password, 0);
if (ret != keys[i].expected_result)
- {
- printf ("fail[%d]: %d: %s\n", (int) i, ret, gnutls_strerror (ret));
- return 1;
- }
+ {
+ printf ("fail[%d]: %d: %s\n", (int) i, ret, gnutls_strerror (ret));
+ return 1;
+ }
gnutls_x509_privkey_deinit (key);
}
gnutls_psk_allocate_client_credentials (&pskcred);
gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
+ GNUTLS_PSK_KEY_HEX);
/* Initialize TLS session
*/
else
{
if (debug)
- success ("client: Handshake was completed\n");
+ success ("client: Handshake was completed\n");
}
gnutls_record_send (session, MSG, strlen (MSG));
if (ret == 0)
{
if (debug)
- success ("client: Peer has closed the TLS connection\n");
+ success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
}
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
/* These are global */
gnutls_psk_server_credentials_t server_pskcred;
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
if (debug)
success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
/* do not wait for the peer to close the connection.
*/
gnutls_anon_allocate_client_credentials (&anoncred);
for (t = 0; t < 2; t++)
- { /* connect 2 times to the server */
+ { /* connect 2 times to the server */
/* connect to the peer
*/
sd = tcp_connect ();
#ifdef ENABLE_SESSION_TICKET
if (params->enable_session_ticket_client)
- gnutls_session_ticket_enable_client (session);
+ gnutls_session_ticket_enable_client (session);
#endif
if (t > 0)
- {
- /* if this is not the first time we connect */
- gnutls_session_set_data (session, session_data.data,
- session_data.size);
- gnutls_free (session_data.data);
- }
+ {
+ /* if this is not the first time we connect */
+ gnutls_session_set_data (session, session_data.data,
+ session_data.size);
+ gnutls_free (session_data.data);
+ }
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
+ {
+ fail ("client: Handshake failed\n");
+ gnutls_perror (ret);
+ goto end;
+ }
else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
+ {
+ if (debug)
+ success ("client: Handshake was completed\n");
+ }
if (t == 0)
- { /* the first time we connect */
- /* get the session data size */
- ret = gnutls_session_get_data2 (session, &session_data);
- if (ret < 0)
- fail ("Getting resume data failed\n");
- }
+ { /* the first time we connect */
+ /* get the session data size */
+ ret = gnutls_session_get_data2 (session, &session_data);
+ if (ret < 0)
+ fail ("Getting resume data failed\n");
+ }
else
- { /* the second time we connect */
-
- /* check if we actually resumed the previous session */
- if (gnutls_session_is_resumed (session) != 0)
- {
- if (params->expect_resume)
- {
- if (debug)
- success ("- Previous session was resumed\n");
- }
- else
- fail ("- Previous session was resumed\n");
- }
- else
- {
- if (params->expect_resume)
- fail ("*** Previous session was NOT resumed\n");
- else
- {
- if (debug)
- success
- ("*** Previous session was NOT resumed (expected)\n");
- }
- }
- }
+ { /* the second time we connect */
+
+ /* check if we actually resumed the previous session */
+ if (gnutls_session_is_resumed (session) != 0)
+ {
+ if (params->expect_resume)
+ {
+ if (debug)
+ success ("- Previous session was resumed\n");
+ }
+ else
+ fail ("- Previous session was resumed\n");
+ }
+ else
+ {
+ if (params->expect_resume)
+ fail ("*** Previous session was NOT resumed\n");
+ else
+ {
+ if (debug)
+ success
+ ("*** Previous session was NOT resumed (expected)\n");
+ }
+ }
+ }
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
+ {
+ if (debug)
+ success ("client: Peer has closed the TLS connection\n");
+ goto end;
+ }
else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
+ {
+ fail ("client: Error: %s\n", gnutls_strerror (ret));
+ goto end;
+ }
if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
+ {
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
+ }
gnutls_bye (session, GNUTLS_SHUT_RDWR);
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
if (debug)
- success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ success ("server: connection from %s, port %d\n",
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- return;
- }
+ {
+ close (sd);
+ gnutls_deinit (session);
+ fail ("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ return;
+ }
if (debug)
- success ("server: Handshake was completed\n");
+ success ("server: Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
i = 0;
for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
+ }
/* do not wait for the peer to close the connection.
*/
gnutls_bye (session, GNUTLS_SHUT_WR);
for (i = 0; resume_tests[i].desc; i++)
{
if (debug)
- printf ("%s\n", resume_tests[i].desc);
+ printf ("%s\n", resume_tests[i].desc);
global_start ();
if (error_count)
- return;
+ return;
child = fork ();
if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
+ {
+ perror ("fork");
+ fail ("fork");
+ return;
+ }
if (child)
- {
- int status;
- /* parent */
- server (&resume_tests[i]);
- wait (&status);
- global_stop ();
- }
+ {
+ int status;
+ /* parent */
+ server (&resume_tests[i]);
+ wait (&status);
+ global_stop ();
+ }
else
- {
- client (&resume_tests[i]);
- gnutls_global_deinit ();
- exit (0);
- }
+ {
+ client (&resume_tests[i]);
+ gnutls_global_deinit ();
+ exit (0);
+ }
}
}
unsigned int i;
printf ("key:\n");
for (i = 0; i < key.size; i++)
- {
- printf ("%02x ", key.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
+ {
+ printf ("%02x ", key.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf ("\n");
+ }
printf ("\n");
printf ("data:\n");
for (i = 0; i < data.size; i++)
- {
- printf ("%02x ", data.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
+ {
+ printf ("%02x ", data.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf ("\n");
+ }
printf ("\n");
}
unsigned int i;
printf ("key:\n");
for (i = 0; i < key.size; i++)
- {
- printf ("%02x ", key.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
+ {
+ printf ("%02x ", key.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf ("\n");
+ }
printf ("\n");
}
for (i = 0; i < TLS_SESSION_CACHE; i++)
{
if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
- if (debug)
- success ("resume db fetch... return info\n");
-
- res.size = cache_db[i].session_data_size;
-
- res.data = gnutls_malloc (res.size);
- if (res.data == NULL)
- return res;
-
- memcpy (res.data, cache_db[i].session_data, res.size);
-
- if (debug)
- {
- unsigned int i;
- printf ("data:\n");
- for (i = 0; i < res.size; i++)
- {
- printf ("%02x ", res.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
- printf ("\n");
- }
-
- return res;
- }
+ memcmp (key.data, cache_db[i].session_id, key.size) == 0)
+ {
+ if (debug)
+ success ("resume db fetch... return info\n");
+
+ res.size = cache_db[i].session_data_size;
+
+ res.data = gnutls_malloc (res.size);
+ if (res.data == NULL)
+ return res;
+
+ memcpy (res.data, cache_db[i].session_data, res.size);
+
+ if (debug)
+ {
+ unsigned int i;
+ printf ("data:\n");
+ for (i = 0; i < res.size; i++)
+ {
+ printf ("%02x ", res.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf ("\n");
+ }
+ printf ("\n");
+ }
+
+ return res;
+ }
}
return res;
}
for (i = 0; i < TLS_SESSION_CACHE; i++)
{
if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
+ memcmp (key.data, cache_db[i].session_id, key.size) == 0)
+ {
- cache_db[i].session_id_size = 0;
- cache_db[i].session_data_size = 0;
+ cache_db[i].session_id_size = 0;
+ cache_db[i].session_data_size = 0;
- return 0;
- }
+ return 0;
+ }
}
return -1;
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL", NULL);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = 1;
!gnutls_safe_renegotiation_status (server))
{
tls_log_func (0,
- "Rehandshaked session not using safe renegotiation!\n");
+ "Rehandshaked session not using safe renegotiation!\n");
exit_code = EXIT_FAILURE;
}
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL);
gnutls_init (&client, GNUTLS_CLIENT);
gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
+ NULL);
gnutls_transport_set_push_function (client, client_push);
gnutls_transport_set_pull_function (client, client_pull);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS)
- && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS));
+ && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED)
exit_code = EXIT_FAILURE;
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL", NULL);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = 1;
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = 1;
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = 1;
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
+ NULL);
gnutls_transport_set_push_function (server, server_push);
gnutls_transport_set_pull_function (server, server_pull);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS)
- && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS));
+ && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS));
if (cret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL", NULL);
gnutls_init (&client, GNUTLS_CLIENT);
gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
+ NULL);
gnutls_transport_set_push_function (client, client_push);
gnutls_transport_set_pull_function (client, client_pull);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_AGAIN
- && sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_AGAIN
+ && sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_AGAIN && sret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
exit_code = 1;
gnutls_safe_renegotiation_status (server))
{
tls_log_func (0,
- "Rehandshaked session not using safe renegotiation!\n");
+ "Rehandshaked session not using safe renegotiation!\n");
exit_code = EXIT_FAILURE;
}
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
+ NULL);
gnutls_transport_set_push_function (server, server_push);
gnutls_transport_set_pull_function (server, server_pull);
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
{
static int max_iter = 0;
if (max_iter++ > 10)
- abort ();
+ abort ();
if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
}
while (
- /* Not done: */
- !(sret == GNUTLS_E_AGAIN
- && cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+ /* Not done: */
+ !(sret == GNUTLS_E_AGAIN
+ && cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
if (sret != GNUTLS_E_AGAIN && cret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
exit_code = 1;
gnutls_safe_renegotiation_status (server))
{
tls_log_func (0,
- "Rehandshaked session not using safe renegotiation!\n");
+ "Rehandshaked session not using safe renegotiation!\n");
exit_code = EXIT_FAILURE;
}
if (debug_level > 0)
{
if (exit_code == 0)
- puts ("Self-test successful");
+ puts ("Self-test successful");
else
- puts ("Self-test failed");
+ puts ("Self-test failed");
}
return exit_code;
if (debug)
success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
- file, password);
+ file, password);
ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred,
- file,
- GNUTLS_X509_FMT_DER,
- password);
+ file,
+ GNUTLS_X509_FMT_DER,
+ password);
if (ret < 0)
fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret));
if (debug)
success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
- file, password);
+ file, password);
ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred,
- file,
- GNUTLS_X509_FMT_DER,
- password);
+ file,
+ GNUTLS_X509_FMT_DER,
+ password);
if (ret < 0)
fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret));
for (i = 0; algs[i]; i++)
{
- if (debug)
- printf ("pk_list[%d] = %d = %s = %d\n", (int) i, algs[i],
- gnutls_pk_algorithm_get_name (algs[i]),
- gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])));
- if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))
- != algs[i])
- fail ("gnutls_pk id's doesn't match\n");
+ if (debug)
+ printf ("pk_list[%d] = %d = %s = %d\n", (int) i, algs[i],
+ gnutls_pk_algorithm_get_name (algs[i]),
+ gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])));
+ if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))
+ != algs[i])
+ fail ("gnutls_pk id's doesn't match\n");
}
pk = gnutls_pk_get_id ("foo");
for (i = 0; algs[i]; i++)
{
- if (debug)
- printf ("sign_list[%d] = %d = %s = %d\n", (int) i, algs[i],
- gnutls_sign_algorithm_get_name (algs[i]),
- gnutls_sign_get_id (gnutls_sign_algorithm_get_name
- (algs[i])));
- if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i])) !=
- algs[i])
- fail ("gnutls_sign id's doesn't match\n");
+ if (debug)
+ printf ("sign_list[%d] = %d = %s = %d\n", (int) i, algs[i],
+ gnutls_sign_algorithm_get_name (algs[i]),
+ gnutls_sign_get_id (gnutls_sign_algorithm_get_name
+ (algs[i])));
+ if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i])) !=
+ algs[i])
+ fail ("gnutls_sign id's doesn't match\n");
}
pk = gnutls_sign_get_id ("foo");
static int
client_avp (gnutls_session_t session, void *ptr,
- const char *last, size_t lastlen, char **new, size_t * newlen)
+ const char *last, size_t lastlen, char **new, size_t * newlen)
{
static int iter = 0;
const char *p;
if (debug)
{
if (last)
- printf ("client: received %d bytes AVP: `%.*s'\n",
- (int) lastlen, (int) lastlen, last);
+ printf ("client: received %d bytes AVP: `%.*s'\n",
+ (int) lastlen, (int) lastlen, last);
else
- printf ("client: new application phase\n");
+ printf ("client: new application phase\n");
}
switch (iter)
else
{
if (debug)
- success ("client: Handshake was completed\n");
+ success ("client: Handshake was completed\n");
}
/*
else
{
if (debug)
- success ("client: TLS/IA handshake\n");
+ success ("client: TLS/IA handshake\n");
ret = gnutls_ia_handshake (session);
if (ret < 0)
- {
- fail ("client: TLS/IA handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
+ {
+ fail ("client: TLS/IA handshake failed\n");
+ gnutls_perror (ret);
+ goto end;
+ }
else
- {
- if (debug)
- success ("client: TLS/IA Handshake was completed\n");
- }
+ {
+ if (debug)
+ success ("client: TLS/IA Handshake was completed\n");
+ }
}
gnutls_record_send (session, MSG, strlen (MSG));
if (ret == 0)
{
if (debug)
- success ("client: Peer has closed the TLS connection\n");
+ success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
}
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
static int
server_avp (gnutls_session_t session, void *ptr,
- const char *last, size_t lastlen, char **new, size_t * newlen)
+ const char *last, size_t lastlen, char **new, size_t * newlen)
{
static int iter = 0;
const char *p;
if (last && debug)
printf ("server: received %d bytes AVP: `%.*s'\n",
- (int) lastlen, (int) lastlen, last);
+ (int) lastlen, (int) lastlen, last);
gnutls_ia_permute_inner_secret (session, 3, "foo");
if (strcmp (p, "1") == 0)
{
if (debug)
- success ("server: Sending IntermediatePhaseFinished...\n");
+ success ("server: Sending IntermediatePhaseFinished...\n");
return 1;
}
if (strcmp (p, "2") == 0)
{
if (debug)
- success ("server: Sending FinalPhaseFinished...\n");
+ success ("server: Sending FinalPhaseFinished...\n");
return 2;
}
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
if (debug)
success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
else
{
if (debug)
- success ("server: TLS/IA handshake\n");
+ success ("server: TLS/IA handshake\n");
ret = gnutls_ia_handshake (session);
if (ret < 0)
- {
- fail ("server: TLS/IA handshake failed\n");
- gnutls_perror (ret);
- return;
- }
+ {
+ fail ("server: TLS/IA handshake failed\n");
+ gnutls_perror (ret);
+ return;
+ }
else
- {
- if (debug)
- success ("server: TLS/IA Handshake was completed\n");
- }
+ {
+ if (debug)
+ success ("server: TLS/IA Handshake was completed\n");
+ }
}
/* see the Getting peer's information example */
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
else if (ret < 0)
- {
- if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- gnutls_alert_description_t alert;
- const char *err;
- alert = gnutls_alert_get (session);
- err = gnutls_alert_get_name (alert);
- if (err)
- printf ("Fatal alert: %s\n", err);
- }
-
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
+ {
+ if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ {
+ gnutls_alert_description_t alert;
+ const char *err;
+ alert = gnutls_alert_get (session);
+ err = gnutls_alert_get_name (alert);
+ if (err)
+ printf ("Fatal alert: %s\n", err);
+ }
+
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
/* do not wait for the peer to close the connection.
*/
for (i = 0; i < len; i++)
{
if (((str[i] & 0xFF) >= 'A' && (str[i] & 0xFF) <= 'Z') ||
- ((str[i] & 0xFF) >= 'a' && (str[i] & 0xFF) <= 'z') ||
- ((str[i] & 0xFF) >= '0' && (str[i] & 0xFF) <= '9')
- || (str[i] & 0xFF) == ' ' || (str[i] & 0xFF) == '.')
- printf ("%c", (str[i] & 0xFF));
+ ((str[i] & 0xFF) >= 'a' && (str[i] & 0xFF) <= 'z') ||
+ ((str[i] & 0xFF) >= '0' && (str[i] & 0xFF) <= '9')
+ || (str[i] & 0xFF) == ' ' || (str[i] & 0xFF) == '.')
+ printf ("%c", (str[i] & 0xFF));
else
- printf ("\\x%02X", (str[i] & 0xFF));
+ printf ("\\x%02X", (str[i] & 0xFF));
if ((i + 1) % 16 == 0 && (i + 1) < len)
- printf ("'\n\t'");
+ printf ("'\n\t'");
}
printf ("\n");
}
{
printf ("%02x ", (str[i] & 0xFF));
if ((i + 1) % 8 == 0)
- printf (" ");
+ printf (" ");
if ((i + 1) % 16 == 0 && i + 1 < len)
- printf ("\n\t;; ");
+ printf ("\n\t;; ");
}
printf ("\n");
}
for (i = 0; i < len; i++)
{
printf ("%d%d%d%d%d%d%d%d ",
- (str[i] & 0xFF) & 0x80 ? 1 : 0,
- (str[i] & 0xFF) & 0x40 ? 1 : 0,
- (str[i] & 0xFF) & 0x20 ? 1 : 0,
- (str[i] & 0xFF) & 0x10 ? 1 : 0,
- (str[i] & 0xFF) & 0x08 ? 1 : 0,
- (str[i] & 0xFF) & 0x04 ? 1 : 0,
- (str[i] & 0xFF) & 0x02 ? 1 : 0, (str[i] & 0xFF) & 0x01 ? 1 : 0);
+ (str[i] & 0xFF) & 0x80 ? 1 : 0,
+ (str[i] & 0xFF) & 0x40 ? 1 : 0,
+ (str[i] & 0xFF) & 0x20 ? 1 : 0,
+ (str[i] & 0xFF) & 0x10 ? 1 : 0,
+ (str[i] & 0xFF) & 0x08 ? 1 : 0,
+ (str[i] & 0xFF) & 0x04 ? 1 : 0,
+ (str[i] & 0xFF) & 0x02 ? 1 : 0, (str[i] & 0xFF) & 0x01 ? 1 : 0);
if ((i + 1) % 3 == 0)
- printf (" ");
+ printf (" ");
if ((i + 1) % 6 == 0 && i + 1 < len)
- printf ("\n\t;; ");
+ printf ("\n\t;; ");
}
printf ("\n");
}
{
do
if (strcmp (argv[argc - 1], "-v") == 0 ||
- strcmp (argv[argc - 1], "--verbose") == 0)
+ strcmp (argv[argc - 1], "--verbose") == 0)
debug = 1;
else if (strcmp (argv[argc - 1], "-b") == 0 ||
- strcmp (argv[argc - 1], "--break-on-error") == 0)
+ strcmp (argv[argc - 1], "--break-on-error") == 0)
break_on_error = 1;
else if (strcmp (argv[argc - 1], "-h") == 0 ||
- strcmp (argv[argc - 1], "-?") == 0 ||
- strcmp (argv[argc - 1], "--help") == 0)
+ strcmp (argv[argc - 1], "-?") == 0 ||
+ strcmp (argv[argc - 1], "--help") == 0)
{
- printf ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n",
- argv[0]);
- return 1;
+ printf ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n",
+ argv[0]);
+ return 1;
}
while (argc-- > 1);
#ifndef __attribute__
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec) /* empty */
+#define __attribute__(Spec) /* empty */
#endif
#endif
for (alt_name_count = 0;; ++alt_name_count)
{
ret =
- gnutls_x509_crt_get_issuer_alt_name (cert, alt_name_count, data,
- &data_len, &critical);
+ gnutls_x509_crt_get_issuer_alt_name (cert, alt_name_count, data,
+ &data_len, &critical);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
+ break;
if (ret < 0)
- fail ("get_issuer_alt_name: %d\n", ret);
+ fail ("get_issuer_alt_name: %d\n", ret);
// TODO: print out / check results
if (GNUTLS_SAN_URI == ret)
- {
- if (strcmp (data, "http://ca.su.se") != 0)
- {
- fail ("unexpected issuer GNUTLS_SAN_URI: %s\n", data);
- }
- }
+ {
+ if (strcmp (data, "http://ca.su.se") != 0)
+ {
+ fail ("unexpected issuer GNUTLS_SAN_URI: %s\n", data);
+ }
+ }
else if (GNUTLS_SAN_RFC822NAME == ret)
- {
- if (strcmp (data, "ca@su.se") != 0)
- {
- fail ("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data);
- }
- }
+ {
+ if (strcmp (data, "ca@su.se") != 0)
+ {
+ fail ("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data);
+ }
+ }
else
- {
- fail ("unexpected alt name type: %d\n", ret);
- }
+ {
+ fail ("unexpected alt name type: %d\n", ret);
+ }
data_len = MAX_DATA_SIZE;
}
gnutls_global_init ();
fprintf (stderr,
- "This test will perform some checks on X.509 certificate\n");
+ "This test will perform some checks on X.509 certificate\n");
fprintf (stderr, "verification functions.\n\n");
for (;;)
file = test_files[i++].test_file;
if (file == NULL)
- break;
+ break;
x = _verify_x509_file (file, CA_FILE);
if (x < 0)
- {
- fprintf (stderr, "Unexpected error: %d\n", x);
- exit (1);
- }
+ {
+ fprintf (stderr, "Unexpected error: %d\n", x);
+ exit (1);
+ }
printf ("Test %d, file %s: ", i, file);
if (x != exp_result)
- {
- printf ("failed.\n");
- fflush (stdout);
- fprintf (stderr, "Unexpected error in verification.\n");
- fprintf (stderr, "Certificate was found to be: \n");
- print_res (x);
- }
+ {
+ printf ("failed.\n");
+ fflush (stdout);
+ fprintf (stderr, "Unexpected error in verification.\n");
+ fprintf (stderr, "Certificate was found to be: \n");
+ print_res (x);
+ }
else
- {
- printf ("ok.");
+ {
+ printf ("ok.");
- printf ("\n");
- }
+ printf ("\n");
+ }
}
printf ("\n");
*/
int
_verify_x509_mem (const char *cert, int cert_size,
- const char *ca, int ca_size, const char *crl, int crl_size)
+ const char *ca, int ca_size, const char *crl, int crl_size)
{
int siz, i;
const char *ptr;
if (ret < 0)
{
fprintf (stderr, "Error parsing the CA certificate: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
if (ret < 0)
{
fprintf (stderr, "Error parsing the CA certificate: %s\n",
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
i = 1;
- if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */
+ if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */
do
{
- x509_crl_list =
- (gnutls_x509_crl *) realloc (x509_crl_list,
- i * sizeof (gnutls_x509_crl));
- if (x509_crl_list == NULL)
- {
- fprintf (stderr, "memory error\n");
- exit (1);
- }
-
- tmp.data = (char *) ptr;
- tmp.size = siz;
-
- ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]);
- if (ret < 0)
- {
- fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i,
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret =
- gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i,
- gnutls_strerror (ret));
- exit (1);
- }
-
- /* now we move ptr after the pem header */
- ptr = strstr (ptr, CRL_SEP);
- if (ptr != NULL)
- ptr++;
-
- i++;
+ x509_crl_list =
+ (gnutls_x509_crl *) realloc (x509_crl_list,
+ i * sizeof (gnutls_x509_crl));
+ if (x509_crl_list == NULL)
+ {
+ fprintf (stderr, "memory error\n");
+ exit (1);
+ }
+
+ tmp.data = (char *) ptr;
+ tmp.size = siz;
+
+ ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i,
+ gnutls_strerror (ret));
+ exit (1);
+ }
+
+ ret =
+ gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i,
+ gnutls_strerror (ret));
+ exit (1);
+ }
+
+ /* now we move ptr after the pem header */
+ ptr = strstr (ptr, CRL_SEP);
+ if (ptr != NULL)
+ ptr++;
+
+ i++;
}
while ((ptr = strstr (ptr, CRL_SEP)) != NULL);
do
{
x509_cert_list =
- (gnutls_x509_crt *) realloc (x509_cert_list,
- i * sizeof (gnutls_x509_crt));
+ (gnutls_x509_crt *) realloc (x509_cert_list,
+ i * sizeof (gnutls_x509_crt));
if (x509_cert_list == NULL)
- {
- fprintf (stderr, "memory error\n");
- exit (1);
- }
+ {
+ fprintf (stderr, "memory error\n");
+ exit (1);
+ }
tmp.data = (char *) ptr;
tmp.size = siz;
ret = gnutls_x509_crt_init (&x509_cert_list[i - 1]);
if (ret < 0)
- {
- fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i,
+ gnutls_strerror (ret));
+ exit (1);
+ }
ret =
- gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp,
- GNUTLS_X509_FMT_PEM);
+ gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp,
+ GNUTLS_X509_FMT_PEM);
if (ret < 0)
- {
- fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i,
- gnutls_strerror (ret));
- exit (1);
- }
+ {
+ fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i,
+ gnutls_strerror (ret));
+ exit (1);
+ }
/* now we move ptr after the pem header */
ptr = strstr (ptr, CERT_SEP);
if (ptr != NULL)
- ptr++;
+ ptr++;
i++;
}
x509_ncerts = i - 1;
ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts,
- &x509_ca, 1, x509_crl_list, x509_ncrls,
- 0, &output);
+ &x509_ca, 1, x509_crl_list, x509_ncrls,
+ 0, &output);
gnutls_x509_crt_deinit (x509_ca);
static int
cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st)
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st)
{
int result;
gnutls_x509_dn_t dn;
gnutls_x509_ava_st val;
if (debug)
- success ("client: imported DN.\n");
+ success ("client: imported DN.\n");
if (gnutls_x509_dn_get_rdn_ava (dn, 0, 0, &val) == 0)
- {
- if (debug)
- success ("client: got RDN 0.\n");
-
- if (val.value.size == strlen (EXPECT_RDN0)
- && strncmp (val.value.data, EXPECT_RDN0, val.value.size) == 0)
- {
- if (debug)
- success ("client: RND 0 correct.\n");
- }
- else
- {
- fail ("client: RND 0 bad: %.*s\n",
- val.value.size, val.value.data);
- return -1;
- }
- }
+ {
+ if (debug)
+ success ("client: got RDN 0.\n");
+
+ if (val.value.size == strlen (EXPECT_RDN0)
+ && strncmp (val.value.data, EXPECT_RDN0, val.value.size) == 0)
+ {
+ if (debug)
+ success ("client: RND 0 correct.\n");
+ }
+ else
+ {
+ fail ("client: RND 0 bad: %.*s\n",
+ val.value.size, val.value.data);
+ return -1;
+ }
+ }
else
- {
- fail ("client: could not retrieve RDN 0.\n");
- return -1;
- }
+ {
+ fail ("client: could not retrieve RDN 0.\n");
+ return -1;
+ }
gnutls_x509_dn_deinit (dn);
}
else
{
if (debug)
- success ("client: Handshake was completed\n");
+ success ("client: Handshake was completed\n");
}
if (debug)
success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
/* see the Getting peer's information example */
if (debug)
if (ret == 0)
{
if (debug)
- success ("client: Peer has closed the TLS connection\n");
+ success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
}
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (debug)
success ("Launched, generating DH parameters...\n");
if (debug)
success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (debug)
success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
/* see the Getting peer's information example */
if (debug)
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
/* do not wait for the peer to close the connection.
*/
#if defined WIFEXITED && defined WEXITSTATUS
if (WIFEXITED (status) && WEXITSTATUS (status))
- {
- fail ("server: client failed with exit status %d\n",
- WEXITSTATUS (status));
- }
+ {
+ fail ("server: client failed with exit status %d\n",
+ WEXITSTATUS (status));
+ }
#endif
#if defined WIFSIGNALED && defined WTERMSIG
if (WIFSIGNALED (status))
- {
- fail ("server: client failed with fatal signal %d\n",
- WTERMSIG (status));
- }
+ {
+ fail ("server: client failed with fatal signal %d\n",
+ WTERMSIG (status));
+ }
#endif
}
*/
gnutls_certificate_set_x509_trust_mem (xcred, &ca, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_mem (xcred, &cert, &key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
/* Initialize TLS session
*/
if (debug)
success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
/* see the Getting peer's information example */
if (debug)
if (ret == strlen (MSG))
{
if (debug)
- success ("client: sent record.\n");
+ success ("client: sent record.\n");
}
else
{
if (ret == GNUTLS_E_REHANDSHAKE)
{
if (debug)
- success ("client: doing handshake!\n");
+ success ("client: doing handshake!\n");
ret = gnutls_handshake (session);
if (ret == 0)
- {
- if (debug)
- success ("client: handshake complete, reading again.\n");
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- }
+ {
+ if (debug)
+ success ("client: handshake complete, reading again.\n");
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+ }
else
- {
- fail ("client: handshake failed.\n");
- }
+ {
+ fail ("client: handshake failed.\n");
+ }
}
if (ret == 0)
{
if (debug)
- success ("client: Peer has closed the TLS connection\n");
+ success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
+ {
+ fputc (buffer[ii], stdout);
+ }
fputs ("\n", stdout);
}
#define SA struct sockaddr
#define MAX_BUF 1024
-#define PORT 5556 /* listen to 5556 port */
+#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
+ sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (debug)
success ("Launched, generating DH parameters...\n");
if (debug)
success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
{
success ("server: Handshake was completed\n");
success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
}
/* see the Getting peer's information example */
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ }
else if (ret > 0)
- {
- gnutls_certificate_server_set_request (session,
- GNUTLS_CERT_REQUEST);
-
- if (debug)
- success ("server: got data, forcing rehandshake.\n");
-
- ret = gnutls_rehandshake (session);
- if (ret < 0)
- {
- fail ("server: rehandshake failed\n");
- gnutls_perror (ret);
- break;
- }
-
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- fail ("server: (re)handshake failed\n");
- gnutls_perror (ret);
- break;
- }
-
- if (debug)
- success ("server: rehandshake complete.\n");
-
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
+ {
+ gnutls_certificate_server_set_request (session,
+ GNUTLS_CERT_REQUEST);
+
+ if (debug)
+ success ("server: got data, forcing rehandshake.\n");
+
+ ret = gnutls_rehandshake (session);
+ if (ret < 0)
+ {
+ fail ("server: rehandshake failed\n");
+ gnutls_perror (ret);
+ break;
+ }
+
+ ret = gnutls_handshake (session);
+ if (ret < 0)
+ {
+ fail ("server: (re)handshake failed\n");
+ gnutls_perror (ret);
+ break;
+ }
+
+ if (debug)
+ success ("server: rehandshake complete.\n");
+
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
/* do not wait for the peer to close the connection.
*/
if (ret < 0)
fail ("gnutls_x509_privkey_import\n");
- ret = gnutls_x509_privkey_sign_hash2 (key, GNUTLS_DIG_SHA1, 0, &hash_data,
- &signature2);
+ ret =
+ gnutls_x509_privkey_sign_hash2 (key, GNUTLS_DIG_SHA1, 0, &hash_data,
+ &signature2);
if (ret < 0)
fail ("gnutls_x509_privkey_sign_hash\n");
- ret = gnutls_x509_privkey_sign_data2 (key, GNUTLS_DIG_SHA1, 0, &raw_data,
- &signature);
+ ret =
+ gnutls_x509_privkey_sign_data2 (key, GNUTLS_DIG_SHA1, 0, &raw_data,
+ &signature);
if (ret < 0)
fail ("gnutls_x509_privkey_sign_hash\n");