AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
enable_dane=yes],
[AC_MSG_RESULT(no)
- AC_MSG_WARN([[
+ AC_MSG_WARN([[
***
*** libunbound was not found. Libdane will not be built.
*** ]])
unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
else
if test -f /var/lib/unbound/root.key;then
- unbound_root_key_file="/var/lib/unbound/root.key"
+ unbound_root_key_file="/var/lib/unbound/root.key"
else
if test -f /usr/share/dns/root.key;then
unbound_root_key_file="/usr/share/dns/root.key"
AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
with_tpm=yes],
[AC_MSG_RESULT(no)
- AC_MSG_WARN([[
+ AC_MSG_WARN([[
***
*** trousers was not found. TPM support will be disabled.
*** ]])
-include $(top_srcdir)/doc/doc.mk
invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_srcdir)/src -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
mv -f $@.tmp $@
invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls-cli.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
mv -f $@.tmp $@
invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
mv -f $@.tmp $@
invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
rm -f $@.tmp
invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
rm -f $@.tmp
invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
rm -f $@.tmp
invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
rm -f $@.tmp
invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
rm -f $@.tmp
invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
rm -f $@.tmp
invoke-tpmtool.texi: $(top_srcdir)/src/tpmtool-args.def invoke-p11tool.texi
- PATH="$(top_builddir)/src/:$${PATH}:" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
+ PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -Tagtexi-cmd.tpl $<; \
if [ ! -e $@ ]; then \
cp $(srcdir)/$@ .; \
fi; \
cha-gtls-app.texi cha-internals.texi cha-intro-tls.texi \
cha-library.texi cha-preface.texi cha-programs.texi \
sec-tls-app.texi cha-errors.texi cha-support.texi \
- cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \
+ cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \
cha-tokens.texi cha-crypto.texi cha-auth.texi
AUTOGENED_DOC = invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \
}
for (i = 0; i < obj_list_size; i++)
- gnutls_pkcs11_obj_deinit(obj_list[i]);
+ gnutls_pkcs11_obj_deinit(obj_list[i]);
gnutls_free(obj_list);
return 0;
This manual is last updated @value{UPDATED} for version
@value{VERSION} of GnuTLS.
-Copyright @copyright{} 2001-2015 Free Software Foundation, Inc.\\
-Copyright @copyright{} 2001-2015 Nikos Mavrogiannopoulos
+Copyright @copyright{} 2001-2016 Free Software Foundation, Inc.\\
+Copyright @copyright{} 2001-2016 Nikos Mavrogiannopoulos
@quotation
Permission is granted to copy, distribute and/or modify this document
COBJECTS = range.c record.c compress.c debug.c cipher.c \
mbuffers.c buffers.c handshake.c num.c errors.c dh.c kx.c \
- priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \
+ priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \
extensions.c auth.c sslv2_compat.c datum.c session_pack.c mpi.c \
pk.c cert.c global.c constate.c anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \
- mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \
- system/certs.c system/threads.c system/fastopen.c system/sockets.c \
+ mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c \
+ system/certs.c system/threads.c system/fastopen.c system/sockets.c \
system/inet_ntop.c system/iconv.c system/vasprintf.c vasprintf.h system.c \
- str.c state.c x509.c file.c supplemental.c \
- random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \
+ str.c state.c x509.c file.c supplemental.c \
+ random.c crypto-api.c privkey.c pcert.c pubkey.c locks.c dtls.c \
system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \
safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \
system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \
.explicit_iv = 8,
.cipher_iv = 12,
.tagsize = 16},
- { .name = "3DES-CBC",
+ { .name = "3DES-CBC",
.id = GNUTLS_CIPHER_3DES_CBC,
.blocksize = 8,
.keysize = 24,
};
#define GNUTLS_CIPHER_LOOP(b) \
- const cipher_entry_st *p; \
- for(p = algorithms; p->name != NULL; p++) { b ; }
+ const cipher_entry_st *p; \
+ for(p = algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_ALG_LOOP(a) \
- GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } )
+ GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break; } )
/* CIPHER functions */
#define GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x9A }
#define GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x9B }
-#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A }
-#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B }
+#define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A }
+#define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B }
#define GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x7C }
#define GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7D }
#define GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 { 0xC0,0x80 }
#define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x87 }
#define GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8A }
#define GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8B }
-#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E }
-#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F }
+#define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E }
+#define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F }
#define GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x90 }
#define GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x91 }
#define GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x92 }
#define GNUTLS_DHE_PSK_AES_256_GCM_SHA384 { 0x00, 0xAB }
#define GNUTLS_PSK_AES_256_CBC_SHA384 { 0x00,0xAF }
-#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 }
+#define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 }
#define GNUTLS_DHE_PSK_AES_256_CBC_SHA384 { 0x00,0xB3 }
-#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 }
+#define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 }
-#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C }
-#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D }
-#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E }
-#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 }
+#define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C }
+#define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D }
+#define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E }
+#define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 }
#define GNUTLS_RSA_PSK_AES_128_GCM_SHA256 { 0x00,0xAC }
#define GNUTLS_RSA_PSK_AES_256_GCM_SHA384 { 0x00,0xAD }
#define GNUTLS_RSA_PSK_AES_128_CBC_SHA256 { 0x00,0xB6 }
#define GNUTLS_RSA_PSK_AES_256_CBC_SHA384 { 0x00,0xB7 }
-#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 }
-#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 }
+#define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 }
+#define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 }
/* PSK - SHA256 HMAC */
#define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 }
/* ECC-ECDSA */
-#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 }
+#define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 }
#define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 }
#define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 }
#define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A }
};
#define CIPHER_SUITE_LOOP(b) { \
- const gnutls_cipher_suite_entry_st *p; \
- for(p = cs_algorithms; p->name != NULL; p++) { b ; } }
+ const gnutls_cipher_suite_entry_st *p; \
+ for(p = cs_algorithms; p->name != NULL; p++) { b ; } }
#define CIPHER_SUITE_ALG_LOOP(a, suite) \
- CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } )
+ CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } )
/* Cipher Suite's functions */
#define GNUTLS_ECC_CURVE_LOOP(b) \
{ const gnutls_ecc_curve_entry_st *p; \
- for(p = ecc_curves; p->name != NULL; p++) { b ; } }
+ for(p = ecc_curves; p->name != NULL; p++) { b ; } }
/* Returns the TLS id of the given curve
};
#define GNUTLS_KX_MAP_LOOP(b) \
- const gnutls_cred_map *p; \
- for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
+ const gnutls_cred_map *p; \
+ for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
- GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
+ GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
struct gnutls_kx_algo_entry {
const char *name;
};
#define GNUTLS_KX_LOOP(b) \
- const gnutls_kx_algo_entry *p; \
- for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
+ const gnutls_kx_algo_entry *p; \
+ for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_KX_ALG_LOOP(a) \
- GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
+ GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
/* Key EXCHANGE functions */
#define GNUTLS_HASH_LOOP(b) \
- const mac_entry_st *p; \
- for(p = hash_algorithms; p->name != NULL; p++) { b ; }
+ const mac_entry_st *p; \
+ for(p = hash_algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_HASH_ALG_LOOP(a) \
- GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
+ GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
const mac_entry_st *_gnutls_mac_to_entry(gnutls_mac_algorithm_t c)
{
GNUTLS_HASH_LOOP(
if (strcasecmp(p->name, name) == 0) {
if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
- ret = p->id;
+ ret = p->id;
break;
}
);
};
#define GNUTLS_VERSION_LOOP(b) \
- const version_entry_st *p; \
- for(p = sup_versions; p->name != NULL; p++) { b ; }
+ const version_entry_st *p; \
+ for(p = sup_versions; p->name != NULL; p++) { b ; }
#define GNUTLS_VERSION_ALG_LOOP(a) \
GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
};
#define GNUTLS_PK_MAP_LOOP(b) \
- const gnutls_pk_map *p; \
- for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
+ const gnutls_pk_map *p; \
+ for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
#define GNUTLS_PK_MAP_ALG_LOOP(a) \
- GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
+ GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
/* returns the gnutls_pk_algorithm_t which is compatible with
#define GNUTLS_PK_LOOP(b) \
{ const gnutls_pk_entry *p; \
- for(p = pk_algorithms; p->name != NULL; p++) { b ; } }
+ for(p = pk_algorithms; p->name != NULL; p++) { b ; } }
/**
#define GNUTLS_SEC_PARAM_LOOP(b) \
{ const gnutls_sec_params_entry *p; \
- for(p = sec_params; p->name != NULL; p++) { b ; } }
+ for(p = sec_params; p->name != NULL; p++) { b ; } }
/**
* gnutls_sec_param_to_pk_bits:
/* if no certificates were found then send:
* 0B 00 00 03 00 00 00 // Certificate with no certs
* instead of:
- * 0B 00 00 00 // empty certificate handshake
+ * 0B 00 00 00 // empty certificate handshake
*
* ( the above is the whole handshake message, not
* the one produced here )
}
ret = 0;
-error:
+ error:
_gnutls_mpi_release(&session->key.client_Y);
- gnutls_pk_params_clear(&session->key.dh_params);
+ gnutls_pk_params_clear(&session->key.dh_params);
return ret;
}
ret = data->length;
- error:
- gnutls_pk_params_clear(&session->key.dh_params);
+ error:
+ gnutls_pk_params_clear(&session->key.dh_params);
return ret;
}
goto cleanup;
}
-cleanup:
- gnutls_pk_params_clear(&session->key.ecdh_params);
+ cleanup:
+ gnutls_pk_params_clear(&session->key.ecdh_params);
return ret;
}
} else if (pk == GNUTLS_PK_ECDHX) {
ret =
_gnutls_buffer_append_data_prefix(data, 8,
- session->key.ecdh_params.raw_pub.data,
- session->key.ecdh_params.raw_pub.size);
+ session->key.ecdh_params.raw_pub.data,
+ session->key.ecdh_params.raw_pub.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = data->length;
-cleanup:
- gnutls_pk_params_clear(&session->key.ecdh_params);
+ cleanup:
+ gnutls_pk_params_clear(&session->key.ecdh_params);
return ret;
}
} else if (pk == GNUTLS_PK_ECDHX) {
ret =
- _gnutls_buffer_append_data_prefix(data, 8,
- session->key.ecdh_params.raw_pub.data,
- session->key.ecdh_params.raw_pub.size);
+ _gnutls_buffer_append_data_prefix(data, 8,
+ session->key.ecdh_params.raw_pub.data,
+ session->key.ecdh_params.raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
}
*
* struct {
* select (KeyExchangeAlgorithm) {
- * // other cases for rsa, diffie_hellman, etc.
- * case psk: // NEW
- * uint8_t psk_identity_hint<0..2^16-1>;
+ * // other cases for rsa, diffie_hellman, etc.
+ * case psk: // NEW
+ * uint8_t psk_identity_hint<0..2^16-1>;
* };
* } ServerKeyExchange;
*
cleanup:
if (fd != NULL)
fclose(fd);
-
- zeroize_key(line, line_size);
+
+ zeroize_key(line, line_size);
free(line);
return ret;
/* move to first ':' */
i = 0;
while ((i < line_size) && (line[i] != ':')
- && (line[i] != '\0')) {
+ && (line[i] != '\0')) {
i++;
}
/* The actual verification callback. */
static int auto_verify_cb(gnutls_session_t session)
{
- unsigned int status;
- int ret;
+ unsigned int status;
+ int ret;
- if (session->internals.vc_elements == 0) {
- ret = gnutls_certificate_verify_peers2(session, &status);
+ if (session->internals.vc_elements == 0) {
+ ret = gnutls_certificate_verify_peers2(session, &status);
} else {
- ret = gnutls_certificate_verify_peers(session, session->internals.vc_data,
+ ret = gnutls_certificate_verify_peers(session, session->internals.vc_data,
session->internals.vc_elements, &status);
- }
- if (ret < 0) {
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
- }
+ }
+ if (ret < 0) {
+ return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
+ }
- session->internals.vc_status = status;
+ session->internals.vc_status = status;
- if (status != 0) /* Certificate is not trusted */
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR);
+ if (status != 0) /* Certificate is not trusted */
+ return gnutls_assert_val(GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR);
- /* notify gnutls to continue handshake normally */
- return 0;
+ /* notify gnutls to continue handshake normally */
+ return 0;
}
/**
int err = get_errno(session);
_gnutls_read_log("READ: %d returned from %p, errno=%d\n",
- (int) i, fd, err);
+ (int) i, fd, err);
ret = errno_to_gerr(err, 1);
goto cleanup;
}
if (ret == -1) {
- gnutls_assert();
+ gnutls_assert();
break;
- }
+ }
total += ret;
unsigned int ms);
#define _gnutls_handshake_io_buffer_clear( session) \
- _mbuffer_head_clear( &session->internals.handshake_send_buffer); \
- _gnutls_handshake_recv_buffer_clear( session);
+ _mbuffer_head_clear( &session->internals.handshake_send_buffer); \
+ _gnutls_handshake_recv_buffer_clear( session);
#endif
memset(nonce, 0, 4);
memcpy(&nonce[4],
- UINT64DATA(params->write.sequence_number),
- 8);
+ UINT64DATA(params->write.sequence_number), 8);
- memxor(nonce, params->write.IV.data, 12);
+ memxor(nonce, params->write.IV.data, 12);
}
}
memset(nonce, 0, 4);
memcpy(&nonce[4], UINT64DATA(*sequence), 8);
- memxor(nonce, params->read.IV.data, 12);
+ memxor(nonce, params->read.IV.data, 12);
}
length =
if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- FAIL_IF_LIB_ERROR;
+ FAIL_IF_LIB_ERROR;
handle->e = e;
handle->handle = NULL;
if (unlikely(e == NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- FAIL_IF_LIB_ERROR;
+ FAIL_IF_LIB_ERROR;
memset(handle, 0, sizeof(*handle));
handle->etm = etm;
l = (textlen / blocksize) * blocksize;
if (l > 0) {
ret =
- _gnutls_cipher_encrypt2(&handle->cipher, text,
- l, ciphertext,
- ciphertextlen);
+ _gnutls_cipher_encrypt2(&handle->cipher, text,
+ l, ciphertext,
+ ciphertextlen);
if (ret < 0)
return gnutls_assert_val(ret);
MAC(handle, ciphertext, textlen);
ret =
- _gnutls_auth_cipher_tag(handle,
- ciphertext + textlen,
- handle->tag_size);
+ _gnutls_auth_cipher_tag(handle,
+ ciphertext + textlen,
+ handle->tag_size);
if (ret < 0)
return gnutls_assert_val(ret);
}
for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
if (IS_DTLS(session) && session->internals.priorities.compression.priority[i] != GNUTLS_COMP_NULL) {
- gnutls_assert();
- continue;
- }
+ gnutls_assert();
+ continue;
+ }
tmp =
_gnutls_compression_get_num(session->
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
ret = _gnutls_aead_cipher_encrypt(&h->ctx_enc,
- nonce, nonce_len,
- auth, auth_len,
- tag_size,
- ptext, ptext_len,
- ctext, *ctext_len);
+ nonce, nonce_len,
+ auth, auth_len,
+ tag_size,
+ ptext, ptext_len,
+ ctext, *ctext_len);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
return 0;
cleanup:
- if (free_s) gnutls_free(s);
- return ret;
+ if (free_s) gnutls_free(s);
+ return ret;
}
static const void *_get_algo(algo_list * al, int algo)
size_t data_size);
int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data,
- size_t data_size);
+ size_t data_size);
int _gnutls_datum_append(gnutls_datum_t * dat, const void *data,
size_t data_size);
if (dat->data != NULL) {
zeroize_temp_key(dat->data, dat->size);
gnutls_free(dat->data);
- }
+ }
dat->data = NULL;
dat->size = 0;
if (dat->data != NULL) {
zeroize_key(dat->data, dat->size);
gnutls_free(dat->data);
- }
+ }
dat->data = NULL;
dat->size = 0;
* Copyright (C) 2016 Red Hat, Inc.
*
* Authors: Fridolin Pokorny
- * Nikos Mavrogiannopoulos
+ * Nikos Mavrogiannopoulos
*
* This file is part of GNUTLS.
*
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* Authors: Jonathan Bastien-Filiatrault
- * Nikos Mavrogiannopoulos
+ * Nikos Mavrogiannopoulos
*
* This file is part of GNUTLS.
*
if (r != GNUTLS_E_INTERRUPTED) _rr = GNUTLS_E_AGAIN; \
else _rr = r; \
if (!(session->internals.flags & GNUTLS_NONBLOCK)) \
- millisleep(50); \
+ millisleep(50); \
return gnutls_assert_val(_rr); \
} \
}
/* pad and store y */
return 0;
cleanup:
- _gnutls_free_datum(out);
- return ret;
+ _gnutls_free_datum(out);
+ return ret;
}
ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR),
ERROR_ENTRY(N_(
- "A connection with inappropriate fallback was attempted."),
- GNUTLS_E_INAPPROPRIATE_FALLBACK),
+ "A connection with inappropriate fallback was attempted."),
+ GNUTLS_E_INAPPROPRIATE_FALLBACK),
ERROR_ENTRY(N_("An illegal TLS extension was received."),
GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION),
ERROR_ENTRY(N_("A TLS fatal alert has been received."),
} else {
/* 256 <= extdata->length < 512 */
pad_size = 512 - extdata->length;
- memset(pad, 0, pad_size);
+ memset(pad, 0, pad_size);
ret =
gnutls_buffer_append_data(extdata, pad,
#ifdef ENABLE_SRP
#define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \
- kx == GNUTLS_KX_SRP_DSS)?1:0)
+ kx == GNUTLS_KX_SRP_DSS)?1:0)
extern const extension_entry_st ext_mod_srp;
From RFC 6066. Client sends:
struct {
- CertificateStatusType status_type;
- select (status_type) {
- case ocsp: OCSPStatusRequest;
- } request;
+ CertificateStatusType status_type;
+ select (status_type) {
+ case ocsp: OCSPStatusRequest;
+ } request;
} CertificateStatusRequest;
enum { ocsp(1), (255) } CertificateStatusType;
struct {
- ResponderID responder_id_list<0..2^16-1>;
- Extensions request_extensions;
+ ResponderID responder_id_list<0..2^16-1>;
+ Extensions request_extensions;
} OCSPStatusRequest;
opaque ResponderID<1..2^16-1>;
*val = c - '0';
return true;
}
- if (c >= 'a' && c <= 'f') {
+ if (c >= 'a' && c <= 'f') {
*val = c - 'a' + 10;
return true;
}
- if (c >= 'A' && c <= 'F') {
+ if (c >= 'A' && c <= 'F') {
*val = c - 'A' + 10;
return true;
}
gnutls_assert();
goto error;
}
-
+
ret = _gnutls_rnd_ops.self_test();
if (ret < 0) {
gnutls_assert();
exponent1 INTEGER, -- (Usually large) d mod (p-1)
exponent2 INTEGER, -- (Usually large) d mod (q-1)
coefficient INTEGER, -- (Usually large) (inverse of q) mod p
- otherInfo RSAOtherInfo OPTIONAL
+ otherInfo RSAOtherInfo OPTIONAL
}
ProvableSeed ::= SEQUENCE {
}
RSAOtherInfo ::= CHOICE {
- otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation
- seed [1] ProvableSeed
+ otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation
+ seed [1] ProvableSeed
}
OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
0x0000-0xffff. */
#define EPOCH_READ_CURRENT 70000
#define EPOCH_WRITE_CURRENT 70001
-#define EPOCH_NEXT 70002
+#define EPOCH_NEXT 70002
struct record_parameters_st {
uint16_t epoch;
#define DEFAULT_MAX_EMPTY_RECORDS 200
#define ENABLE_COMPAT(x) \
- (x)->allow_large_records = 1; \
- (x)->no_etm = 1; \
- (x)->no_ext_master_secret = 1; \
- (x)->allow_key_usage_violation = 1; \
- (x)->allow_wrong_pms = 1; \
- (x)->dumbfw = 1
+ (x)->allow_large_records = 1; \
+ (x)->no_etm = 1; \
+ (x)->no_ext_master_secret = 1; \
+ (x)->allow_key_usage_violation = 1; \
+ (x)->allow_wrong_pms = 1; \
+ (x)->dumbfw = 1
/* DH and RSA parameters types.
*/
}
ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0,
- _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
+ _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
if (ret < 0) {
gnutls_assert();
_mbuffer_xfree(&bufel);
}
ret = call_hook_func(session, type, GNUTLS_HOOK_POST, 0,
- _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
+ _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel));
if (ret < 0) {
gnutls_assert();
return ret;
memcpy(session->security_parameters.cipher_suite,
session->internals.resumed_security_parameters.cipher_suite, 2);
- session->security_parameters.compression_method =
- session->internals.resumed_security_parameters.compression_method;
+ session->security_parameters.compression_method =
+ session->internals.resumed_security_parameters.compression_method;
_gnutls_epoch_set_cipher_suite
(session, EPOCH_NEXT,
/* The packets in gnutls_handshake (it's more broad than original TLS handshake)
*
- * Client Server
+ * Client Server
*
- * ClientHello -------->
- * <-------- ServerHello
+ * ClientHello -------->
+ * <-------- ServerHello
*
- * Certificate*
- * ServerKeyExchange*
- * <-------- CertificateRequest*
+ * Certificate*
+ * ServerKeyExchange*
+ * <-------- CertificateRequest*
*
- * <-------- ServerHelloDone
+ * <-------- ServerHelloDone
* Certificate*
* ClientKeyExchange
* CertificateVerify*
* [ChangeCipherSpec]
- * Finished -------->
- * NewSessionTicket
- * [ChangeCipherSpec]
- * <-------- Finished
+ * Finished -------->
+ * NewSessionTicket
+ * [ChangeCipherSpec]
+ * <-------- Finished
*
* (*): means optional packet.
*/
/* Handshake when resumming session:
- * Client Server
+ * Client Server
*
- * ClientHello -------->
- * ServerHello
- * [ChangeCipherSpec]
- * <-------- Finished
+ * ClientHello -------->
+ * ServerHello
+ * [ChangeCipherSpec]
+ * <-------- Finished
* [ChangeCipherSpec]
- * Finished -------->
+ * Finished -------->
*
*/
if (session->internals.handshake_timeout_ms &&
session->internals.handshake_endtime == 0)
session->internals.handshake_endtime = session->internals.handshake_start_time.tv_sec +
- session->internals.handshake_timeout_ms / 1000;
+ session->internals.handshake_timeout_ms / 1000;
}
if (session->internals.recv_state == RECV_STATE_FALSE_START) {
session->internals.handshake_large_loops++; \
return ret; \
} \
- /* a warning alert might interrupt handshake */ \
+ /* a warning alert might interrupt handshake */ \
if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \
gnutls_assert(); \
ERR( str, ret); \
gnutls_x509_crt_t crt, unsigned int flags);
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
- gnutls_x509_crt_t *crt, unsigned *ncrt,
- unsigned int flags);
+ gnutls_x509_crt_t *crt, unsigned *ncrt,
+ unsigned int flags);
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
gnutls_x509_crt_t * crt);
typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsize);
typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx,
- const void *nonce, size_t noncesize,
- const void *auth, size_t authsize,
- size_t tag_size,
- const void *plain, size_t plainsize,
- void *encr, size_t encrsize);
+ const void *nonce, size_t noncesize,
+ const void *auth, size_t authsize,
+ size_t tag_size,
+ const void *plain, size_t plainsize,
+ void *encr, size_t encrsize);
typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx,
- const void *nonce, size_t noncesize,
- const void *auth, size_t authsize,
- size_t tag_size,
- const void *encr, size_t encrsize,
- void *plain, size_t plainsize);
+ const void *nonce, size_t noncesize,
+ const void *auth, size_t authsize,
+ size_t tag_size,
+ const void *encr, size_t encrsize,
+ void *plain, size_t plainsize);
typedef void (*gnutls_cipher_deinit_func) (void *ctx);
int
ssize_t
gnutls_record_recv_packet(gnutls_session_t session,
- gnutls_packet_t *packet);
+ gnutls_packet_t *packet);
void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence);
void gnutls_packet_deinit(gnutls_packet_t packet);
unsigned gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
const char *hostname);
unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
- const char *hostname, unsigned int flags);
+ const char *hostname, unsigned int flags);
int
gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
const char *email, unsigned int flags);
inline static
int safe_memcmp(const void *s1, const void *s2, size_t n)
{
- if (n == 0)
- return 0;
- return memcmp(s1, s2, n);
+ if (n == 0)
+ return 0;
+ return memcmp(s1, s2, n);
}
#define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \
- _gnutls_mpi_clear(*mpi); \
- _gnutls_mpi_release(mpi); \
- }
+ _gnutls_mpi_clear(*mpi); \
+ _gnutls_mpi_release(mpi); \
+ }
#define zeroize_key(x, size) gnutls_memset(x, 0, size)
if (result != ASN1_SUCCESS)
{
warn();
- goto cleanup;
- }
+ goto cleanup;
+ }
DECR_LEN(ider_len, len2);
dflags |= DECODE_FLAG_INDEFINITE;
result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags);
- if (result != ASN1_SUCCESS)
+ if (result != ASN1_SUCCESS)
{
warn();
goto cleanup;
}
- DECR_LEN(ider_len, ber_len);
+ DECR_LEN(ider_len, ber_len);
- _asn1_set_value_lv (p, ptmp, vlen);
+ _asn1_set_value_lv (p, ptmp, vlen);
counter += ber_len;
free(ptmp);
if (result != ASN1_SUCCESS)
{
warn();
- goto cleanup;
- }
+ goto cleanup;
+ }
DECR_LEN(ider_len, len2);
_asn1_set_value_lv (p, der + counter, len2);
if (p)
{
- p->end = counter - 1;
+ p->end = counter - 1;
}
if (p == node && move != DOWN)
if (p[0] == 0 && p[1] == 0) /* EOC */
{
if (ber_len) *ber_len += 2;
- break;
- }
+ break;
+ }
/* no EOC */
der_len += 2;
{
*len = 0;
if (value)
- value[0] = 0;
+ value[0] = 0;
p = node->down;
while (p)
{
extern ASN1_API int
asn1_get_object_id_der (const unsigned char *der,
int der_len, int *ret_len,
- char *str, int str_size);
+ char *str, int str_size);
/* Compatibility types */
result = _gnutls_mpi_init_scan(ret_mpi, tmpstr, tmpstr_size);
if (overwrite)
- zeroize_key(tmpstr, tmpstr_size);
+ zeroize_key(tmpstr, tmpstr_size);
gnutls_free(tmpstr);
if (result < 0) {
static void
_stream_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
ctx->cipher->encrypt_block(ctx->ctx_ptr, length, dst, src);
}
static void
_stream_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
ctx->cipher->decrypt_block(ctx->ctx_ptr, length, dst, src);
}
static void
_cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
cbc_encrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block,
ctx->iv_size, ctx->iv,
static void
_cbc_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
cbc_decrypt(ctx->ctx_ptr, ctx->cipher->decrypt_block,
ctx->iv_size, ctx->iv,
static void
_chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx,
- size_t length, const uint8_t *nonce)
+ size_t length, const uint8_t *nonce)
{
chacha_poly1305_set_nonce(ctx, nonce);
}
-
+
struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1]; };
#define GCM_CTX_GET_KEY(ptr) (&((struct gcm_cast_st*)ptr)->key)
#define GCM_CTX_GET_CTX(ptr) (&((struct gcm_cast_st*)ptr)->gcm)
static void
_gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
gcm_encrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr),
GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block,
static void
_gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
- const uint8_t * src)
+ const uint8_t * src)
{
gcm_decrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr),
GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block,
const void *auth, size_t auth_size,
size_t tag_size,
const void *plain, size_t plain_size,
- void *encr, size_t encr_size)
+ void *encr, size_t encr_size)
{
struct nettle_cipher_ctx *ctx = _ctx;
const void *nonce, size_t nonce_size,
const void *auth, size_t auth_size,
size_t tag_size,
- const void *encr, size_t encr_size,
+ const void *encr, size_t encr_size,
void *plain, size_t plain_size)
{
struct nettle_cipher_ctx *ctx = _ctx;
free(tmp);
return 1;
fail:
- free(tmp);
- return 0;
+ free(tmp);
+ return 0;
}
*/
/* This file contains the functions needed for RSA/DSA public key
- * encryption and signatures.
+ * encryption and signatures.
*/
#include "gnutls_int.h"
static void
ecc_scalar_zclear (struct ecc_scalar *s)
{
- zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t));
- ecc_scalar_clear(s);
+ zeroize_key(s->p, ecc_size(s->ecc)*sizeof(mp_limb_t));
+ ecc_scalar_clear(s);
}
-static void
+static void
ecc_point_zclear (struct ecc_point *p)
{
- zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t));
- ecc_point_clear(p);
+ zeroize_key(p->p, ecc_size_a(p->ecc)*sizeof(mp_limb_t));
+ ecc_point_clear(p);
}
-
+
static void
_dsa_params_get(const gnutls_pk_params_st * pk_params,
struct dsa_params *pub)
#define DH_EXPONENT_SIZE(p_size) (2*_gnutls_pk_bits_to_subgroup_bits(p_size))
/* This is used for DH or ECDH key derivation. In DH for example
- * it is given the peers Y and our x, and calculates Y^x
+ * it is given the peers Y and our x, and calculates Y^x
*/
static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
gnutls_datum_t * out,
goto dh_cleanup;
}
- /* check if f==0,1, or f >= p-1.
+ /* check if f==0,1, or f >= p-1.
* or (ff=f+1) equivalently ff==1,2, ff >= p */
if ((_gnutls_mpi_cmp_ui(ff, 2) == 0)
|| (_gnutls_mpi_cmp_ui(ff, 1) == 0)
if (params->seed_size) {
ret =
- _dsa_generate_dss_pqg(&pub, &cert,
- index,
- params->seed_size, params->seed,
- NULL, NULL,
- level, q_bits);
+ _dsa_generate_dss_pqg(&pub, &cert,
+ index, params->seed_size, params->seed,
+ NULL, NULL, level, q_bits);
} else {
ret =
- dsa_generate_dss_pqg(&pub, &cert,
- index,
- NULL, rnd_func,
- NULL, NULL,
- level, q_bits);
+ dsa_generate_dss_pqg(&pub, &cert,
+ index, NULL, rnd_func,
+ NULL, NULL, level, q_bits);
}
if (ret != 1) {
gnutls_assert();
ret = 0;
goto cleanup;
fail:
- gnutls_free(pub_key->data);
- gnutls_free(priv_key->data);
+ gnutls_free(pub_key->data);
+ gnutls_free(priv_key->data);
cleanup:
- gnutls_pk_params_clear(¶ms);
- return ret;
+ gnutls_pk_params_clear(¶ms);
+ return ret;
}
/* Note that the value of Z will have the leading bytes stripped if they are zero -
ret = 0;
cleanup:
- gnutls_pk_params_clear(&pub);
- gnutls_pk_params_clear(&priv);
- return ret;
+ gnutls_pk_params_clear(&pub);
+ gnutls_pk_params_clear(&priv);
+ return ret;
}
int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
ret = 0;
goto cleanup;
fail:
- gnutls_free(y->data);
- gnutls_free(x->data);
- gnutls_free(k->data);
+ gnutls_free(y->data);
+ gnutls_free(x->data);
+ gnutls_free(k->data);
cleanup:
- gnutls_pk_params_clear(¶ms);
- return ret;
+ gnutls_pk_params_clear(¶ms);
+ return ret;
}
int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
ret = 0;
cleanup:
- gnutls_pk_params_clear(&pub);
- gnutls_pk_params_clear(&priv);
- return ret;
+ gnutls_pk_params_clear(&pub);
+ gnutls_pk_params_clear(&priv);
+ return ret;
}
#endif
ret =
dsa_generate_dss_keypair(&pub, y, x,
- NULL, rnd_func,
+ NULL, rnd_func,
NULL, NULL);
if (ret != 1) {
gnutls_assert();
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
- ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y],
+ ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y],
¶ms->params[ECC_K], NULL);
if (ret < 0) {
gnutls_assert();
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
ret = base64_decode_update(&ctx, &crcbuf_size, crcbuf,
- len-1, (uint8_t*)buf+1);
+ len-1, (uint8_t*)buf+1);
if (ret == 0)
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
if ((ssize_t)raw_size < BASE64_DECODE_LENGTH(len))
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
ret = base64_decode_update(&ctx, &raw_size, raw,
- len, (uint8_t*)buf);
+ len, (uint8_t*)buf);
if (ret == 0)
return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
/* FIXME: The read/write/putc/getc function cannot directly
- return an error code. It is stored in an error variable
- inside the string. Right now there is no code to
- return the error code or to reset it. */
+ return an error code. It is stored in an error variable
+ inside the string. Right now there is no code to
+ return the error code or to reset it. */
/**
* cdk_stream_open:
*/
int
gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_openpgp_privkey_t *key)
+ unsigned index,
+ gnutls_openpgp_privkey_t *key)
{
if (index >= res->ncerts) {
gnutls_assert();
*/
int
gnutls_certificate_get_openpgp_crt(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_openpgp_crt_t **crt_list,
- unsigned *crt_list_size)
+ unsigned index,
+ gnutls_openpgp_crt_t **crt_list,
+ unsigned *crt_list_size)
{
int ret;
unsigned i;
* Since: 3.4.0
**/
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
- gnutls_x509_crt_t *crt, unsigned *ncrt,
- unsigned int flags)
+ gnutls_x509_crt_t *crt, unsigned *ncrt,
+ unsigned int flags)
{
int ret;
unsigned i;
return 0;
cleanup:
- for (i=0;i<current;i++) {
- gnutls_pcert_deinit(&pcert[i]);
- }
- return ret;
+ for (i=0;i<current;i++) {
+ gnutls_pcert_deinit(&pcert[i]);
+ }
+ return ret;
}
* Since: 3.4.0
*/
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
- gnutls_x509_crt_t * crt)
+ gnutls_x509_crt_t * crt)
{
int ret;
* Since: 3.4.0
*/
int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert,
- gnutls_openpgp_crt_t * crt)
+ gnutls_openpgp_crt_t * crt)
{
int ret;
ret = 0;
cleanup:
- gnutls_free(tmp);
+ gnutls_free(tmp);
asn1_delete_structure(&sig);
return ret;
}
*/
int
encode_ber_digest_info(const mac_entry_st * e,
- const gnutls_datum_t * digest,
- gnutls_datum_t * output)
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output)
{
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
int result;
struct ck_function_list *module;
unsigned active;
unsigned trusted; /* in the sense of p11-kit trusted:
- * it can be used for verification */
+ * it can be used for verification */
struct ck_info info;
};
ret = 0;
cleanup:
- pkcs11_close_session(&sinfo);
- return ret;
+ pkcs11_close_session(&sinfo);
+ return ret;
}
/**
}
if (info != NULL) {
- if (!p11_kit_uri_match_token_info
- (info, &l_tinfo)
- || !p11_kit_uri_match_module_info(info,
- &providers
+ if (!p11_kit_uri_match_token_info(info, &l_tinfo) ||
+ !p11_kit_uri_match_module_info(info, &providers
[x].info)) {
continue;
- }
- }
+ }
+ }
rv = (module)->C_OpenSession(slots[z],
((flags & SESSION_WRITE) ? CKF_RW_SESSION : 0)
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
a[0].type = CKA_UNWRAP;
a[0].value = &b;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
a[0].type = CKA_PRIVATE;
a[0].value = &b;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
a[0].type = CKA_TRUSTED;
a[0].value = &b;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
a[0].type = CKA_SENSITIVE;
a[0].value = &b;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE;
a[0].type = CKA_EXTRACTABLE;
a[0].value = &b;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE;
a[0].type = CKA_NEVER_EXTRACTABLE;
a[0].value = &b;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE;
a[0].type = CKA_CERTIFICATE_CATEGORY;
a[0].value = &category;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && category == 2)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
a[0].type = CKA_ALWAYS_AUTHENTICATE;
a[0].value = &b;
rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, 1);
if (rv == CKR_OK && b != 0)
- pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH;
+ pobj->flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH;
/* now recover the object label/id */
a[0].type = CKA_LABEL;
ret = 0;
cleanup:
- gnutls_free(data.data);
- return ret;
+ gnutls_free(data.data);
+ return ret;
}
static int
static int
find_token_num_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info, void *input)
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
struct find_token_num *find_data = input;
while (pkcs11_find_objects
(sinfo->module, sinfo->pks, ctx, OBJECTS_A_TIME, &count) == CKR_OK
&& count > 0) {
- unsigned j;
- gnutls_datum_t id;
+ unsigned j;
+ gnutls_datum_t id;
find_data->p_list = gnutls_realloc_fast(find_data->p_list, (find_data->current+count)*sizeof(find_data->p_list[0]));
if (find_data->p_list == NULL) {
goto fail;
}
- for (j=0;j<count;j++) {
+ for (j=0;j<count;j++) {
a[0].type = CKA_ID;
a[0].value = certid_tmp;
a[0].value_len = sizeof certid_tmp;
/* not found */
continue;
}
- }
- }
+ }
+ }
ret =
gnutls_pkcs11_obj_init(&find_data->p_list
}
find_data->current++;
- }
+ }
}
pkcs11_find_objects_final(sinfo);
int retries = 0; \
int rret; \
ret = find_object (&key->sinfo, &key->pin, &key->ref, key->uinfo, \
- SESSION_LOGIN); \
+ SESSION_LOGIN); \
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { \
if (_gnutls_token_func) \
{ \
rret = pkcs11_call_token_func (key->uinfo, retries++); \
if (rret == 0) continue; \
- } \
+ } \
return gnutls_assert_val(ret); \
} else if (ret < 0) { \
- return gnutls_assert_val(ret); \
- } \
- break; \
+ return gnutls_assert_val(ret); \
+ } \
+ break; \
} while (1);
struct gnutls_pkcs11_privkey_st {
**/
int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
{
- FAIL_IF_LIB_ERROR;
+ FAIL_IF_LIB_ERROR;
*key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st));
if (*key == NULL) {
if (key->reauth) {
ret =
pkcs11_login(&key->sinfo, &key->pin,
- key->uinfo, 0, 1);
+ key->uinfo, 0, 1);
if (ret < 0) {
gnutls_assert();
_gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
p11_kit_uri_free(pkey->uinfo);
pkey->uinfo = NULL;
}
- gnutls_free(pkey->url);
- pkey->url = NULL;
+ gnutls_free(pkey->url);
+ pkey->url = NULL;
return ret;
}
if (key->reauth) {
ret =
pkcs11_login(&key->sinfo, &key->pin,
- key->uinfo, 0, 1);
+ key->uinfo, 0, 1);
if (ret < 0) {
gnutls_assert();
_gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
ret = gnutls_pubkey_import_x509(pub, crt, 0);
cleanup:
- gnutls_x509_crt_deinit(crt);
+ gnutls_x509_crt_deinit(crt);
return ret;
}
**/
int
gnutls_pkcs11_privkey_export_pubkey(gnutls_pkcs11_privkey_t pkey,
- gnutls_x509_crt_fmt_t fmt,
- gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t fmt,
+ gnutls_datum_t * data,
unsigned int flags)
{
int ret;
id_size = sizeof(id);
ret = gnutls_x509_crt_get_subject_key_id(crt, id, &id_size, NULL);
if (ret < 0) {
- id_size = sizeof(id);
+ id_size = sizeof(id);
ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
- }
+ }
}
a[1].value = id;
ret = 0;
cleanup:
- clean_pubkey(a, a_val);
+ clean_pubkey(a, a_val);
pkcs11_close_session(&sinfo);
return ret;
static int
delete_obj_url_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info, void *input)
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
struct delete_data_st *find_data = input;
struct ck_attribute a[4];
ret = 0;
cleanup:
- if (crt != NULL)
- gnutls_x509_crt_deinit(crt);
+ if (crt != NULL)
+ gnutls_x509_crt_deinit(crt);
if (finalize != 0)
pkcs11_find_objects_final(sinfo);
- gnutls_free(ext_data);
- return ret;
+ gnutls_free(ext_data);
+ return ret;
}
ret = 0;
cleanup:
- pkcs11_find_objects_final(sinfo);
+ pkcs11_find_objects_final(sinfo);
return ret;
}
ret = 0;
cleanup:
- if (deinit_spki)
- gnutls_free(spki.data);
+ if (deinit_spki)
+ gnutls_free(spki.data);
return ret;
}
*/
static int
_gnutls_PRF_raw(gnutls_mac_algorithm_t mac,
- const uint8_t * secret, unsigned int secret_size,
- const char *label, int label_size, const uint8_t * seed,
- int seed_size, int total_bytes, void *ret)
+ const uint8_t * secret, unsigned int secret_size,
+ const char *label, int label_size, const uint8_t * seed,
+ int seed_size, int total_bytes, void *ret)
{
int l_s, s_seed_size;
const uint8_t *s1, *s2;
if (mac != GNUTLS_MAC_UNKNOWN) {
result =
P_hash(mac, secret, secret_size,
- s_seed, s_seed_size,
+ s_seed, s_seed_size,
total_bytes, ret);
if (result < 0) {
gnutls_assert();
#ifdef ENABLE_FIPS140
int
_gnutls_prf_raw(gnutls_mac_algorithm_t mac,
- size_t master_size, const void *master,
- size_t label_size, const char *label,
- size_t seed_size, const char *seed, size_t outsize,
- char *out);
+ size_t master_size, const void *master,
+ size_t label_size, const char *label,
+ size_t seed_size, const char *seed, size_t outsize,
+ char *out);
/*-
* _gnutls_prf_raw:
-*/
int
_gnutls_prf_raw(gnutls_mac_algorithm_t mac,
- size_t master_size, const void *master,
- size_t label_size, const char *label,
- size_t seed_size, const char *seed, size_t outsize,
- char *out)
+ size_t master_size, const void *master,
+ size_t label_size, const char *label,
+ size_t seed_size, const char *seed, size_t outsize,
+ char *out)
{
return _gnutls_PRF_raw(mac,
master, master_size,
*/
int
gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t *key)
+ gnutls_pkcs11_privkey_t *key)
{
int ret;
*/
int
gnutls_privkey_export_x509(gnutls_privkey_t pkey,
- gnutls_x509_privkey_t *key)
+ gnutls_x509_privkey_t *key)
{
int ret;
*/
int
gnutls_privkey_export_openpgp(gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t *key)
+ gnutls_openpgp_privkey_t *key)
{
int ret;
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
cleanup:
- return ret;
+ return ret;
}
/**
if (_gnutls_record_buffer_get_size(session) > 0) {
int ret;
ret =
- _gnutls_record_buffer_get_packet(type, session,
- packet);
+ _gnutls_record_buffer_get_packet(type, session, packet);
if (ret < 0) {
if (IS_DTLS(session)) {
if (ret == GNUTLS_E_UNEXPECTED_PACKET) {
* prior to anything else. */
if (session->security_parameters.entity == GNUTLS_CLIENT &&
(session->internals.flags & GNUTLS_ENABLE_FALSE_START)) {
- /* Attempt to complete handshake */
+ /* Attempt to complete handshake */
session->internals.recv_state = RECV_STATE_FALSE_START_HANDLING;
ret = gnutls_handshake(session);
**/
ssize_t
gnutls_record_recv_packet(gnutls_session_t session,
- gnutls_packet_t *packet)
+ gnutls_packet_t *packet)
{
int ret;
return ret;
ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1,
- session->internals.record_timeout_ms);
+ session->internals.record_timeout_ms);
if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
return gnutls_assert_val(ret);
/* Format:
* 1 byte the credentials type
* 4 bytes the size of the whole structure
- * DH stuff
+ * DH stuff
* 2 bytes the size of secret key in bits
* 4 bytes the size of the prime
* x bytes the prime
* x bytes the generator
* 4 bytes the size of the public key
* x bytes the public key
- * RSA stuff
+ * RSA stuff
* 4 bytes the size of the modulus
* x bytes the modulus
* 4 bytes the size of the exponent
* x bytes the exponent
- * CERTIFICATES
+ * CERTIFICATES
* 4 bytes the length of the certificate list
* 4 bytes the size of first certificate
* x bytes the certificate
*
* 4 bytes the new record padding flag
* 4 bytes the ECC curve
- * -------------------
- * MAX: 169 bytes
+ * -------------------
+ * MAX: 169 bytes
*
*/
static int
* @hex_size: size of hex data
* @bin_data: output array with binary data
* @bin_size: when calling should hold maximum size of @bin_data,
- * on return will hold actual length of @bin_data.
+ * on return will hold actual length of @bin_data.
*
* Convert a buffer with hex data to binary data. This function
* unlike gnutls_hex_decode() can parse hex data with separators
#define MAX_DN 1024
#define BUFFER_APPEND(b, x, s) { \
- ret = _gnutls_buffer_append_data(b, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data(b, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
/* append data prefixed with 4-bytes length field*/
#define BUFFER_APPEND_PFX4(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 32, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_PFX3(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 24, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_PFX2(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 16, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_PFX1(b, x, s) { \
- ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_data_prefix(b, 8, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_APPEND_NUM(b, s) { \
- ret = _gnutls_buffer_append_prefix(b, 32, s); \
- if (ret < 0) { \
- gnutls_assert(); \
- return ret; \
- } \
+ ret = _gnutls_buffer_append_prefix(b, 32, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
}
#define BUFFER_POP(b, x, s) { \
- size_t is = s; \
- _gnutls_buffer_pop_data(b, x, &is); \
- if (is != s) { \
- ret = GNUTLS_E_PARSING_ERROR; \
- gnutls_assert(); \
- goto error; \
- } \
+ size_t is = s; \
+ _gnutls_buffer_pop_data(b, x, &is); \
+ if (is != s) { \
+ ret = GNUTLS_E_PARSING_ERROR; \
+ gnutls_assert(); \
+ goto error; \
+ } \
}
#define BUFFER_POP_DATUM(b, o) { \
- gnutls_datum_t d; \
- ret = _gnutls_buffer_pop_datum_prefix(b, &d); \
- if (ret >= 0) \
- ret = _gnutls_set_datum (o, d.data, d.size); \
- if (ret < 0) { \
- gnutls_assert(); \
- goto error; \
- } \
+ gnutls_datum_t d; \
+ ret = _gnutls_buffer_pop_datum_prefix(b, &d); \
+ if (ret >= 0) \
+ ret = _gnutls_set_datum (o, d.data, d.size); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
}
#define BUFFER_POP_NUM(b, o) { \
- size_t s; \
- ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
- if (ret < 0) { \
- gnutls_assert(); \
- goto error; \
- } \
- o = s; \
+ size_t s; \
+ ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
+ o = s; \
}
#define BUFFER_POP_CAST_NUM(b, o) { \
- size_t s; \
- ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
- if (ret < 0) { \
- gnutls_assert(); \
- goto error; \
- } \
- o = (void *) (intptr_t)(s); \
+ size_t s; \
+ ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
+ o = (void *) (intptr_t)(s); \
}
#endif
**/
int
gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_type_t type,
- gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func)
+ gnutls_supp_recv_func recv_func, gnutls_supp_send_func send_func)
{
gnutls_supplemental_entry tmp_entry;
int ret;
int
_gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
- const char *url);
+ const char *url);
void _gnutls_system_key_deinit(void);
int _gnutls_system_key_init(void);
*/
const char *
inet_ntop (int af, const void *restrict src,
- char *restrict dst, unsigned cnt)
+ char *restrict dst, unsigned cnt)
{
switch (af)
{
for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++)
{
if (words[i] == 0)
- {
- if (cur.base == -1)
- cur.base = i, cur.len = 1;
- else
- cur.len++;
- }
+ {
+ if (cur.base == -1)
+ cur.base = i, cur.len = 1;
+ else
+ cur.len++;
+ }
else
- {
- if (cur.base != -1)
- {
- if (best.base == -1 || cur.len > best.len)
- best = cur;
- cur.base = -1;
- }
- }
+ {
+ if (cur.base != -1)
+ {
+ if (best.base == -1 || cur.len > best.len)
+ best = cur;
+ cur.base = -1;
+ }
+ }
}
if (cur.base != -1)
{
if (best.base == -1 || cur.len > best.len)
- best = cur;
+ best = cur;
}
if (best.base != -1 && best.len < 2)
best.base = -1;
{
/* Are we inside the best run of 0x00's? */
if (best.base != -1 && i >= best.base && i < (best.base + best.len))
- {
- if (i == best.base)
- *tp++ = ':';
- continue;
- }
+ {
+ if (i == best.base)
+ *tp++ = ':';
+ continue;
+ }
/* Are we following an initial run of 0x00s or any real hex? */
if (i != 0)
- *tp++ = ':';
+ *tp++ = ':';
/* Is this address an encapsulated IPv4? */
if (i == 6 && best.base == 0 &&
- (best.len == 6 || (best.len == 5 && words[5] == 0xffff)))
- {
- if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp)))
- return (NULL);
- tp += strlen (tp);
- break;
- }
+ (best.len == 6 || (best.len == 5 && words[5] == 0xffff)))
+ {
+ if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp)))
+ return (NULL);
+ tp += strlen (tp);
+ break;
+ }
{
- int len = sprintf (tp, "%x", words[i]);
- if (len < 0)
- return NULL;
- tp += len;
+ int len = sprintf (tp, "%x", words[i]);
+ if (len < 0)
+ return NULL;
+ tp += len;
}
}
/* Was it a trailing run of 0x00's? */
int
gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter,
- unsigned cert_type,
- char **cert_url,
- char **key_url,
- char **label,
- gnutls_datum_t *der,
- unsigned int flags)
+ unsigned cert_type,
+ char **cert_url,
+ char **key_url,
+ char **label,
+ gnutls_datum_t *der,
+ unsigned int flags)
{
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
_gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
- const char *url)
+ const char *url)
{
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
#define _WIN32_WINNT 0x600
#endif
-
#include "gnutls_int.h"
#include "errors.h"
#include <gnutls/gnutls.h>
#include <urls.h>
#if !defined(_WIN32)
-# error should not be included
+#error should not be included
#endif
#include <wincrypt.h>
// MinGW headers may not have these defines
#ifndef NCRYPT_SHA1_ALGORITHM
-#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM
+#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM
#endif
#ifndef NCRYPT_SHA256_ALGORITHM
-#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM
+#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM
#endif
#ifndef NCRYPT_SHA384_ALGORITHM
-#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM
+#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM
#endif
#ifndef NCRYPT_SHA512_ALGORITHM
-#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM
+#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM
#endif
#ifndef NCRYPT_PAD_PKCS1_FLAG
#define NCRYPT_PAD_PKCS1_FLAG 2
#endif
#ifndef NCRYPT_ALGORITHM_PROPERTY
-#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name"
+#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name"
#endif
#ifndef CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID
#define CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID 99
};
typedef struct priv_st {
- DWORD dwKeySpec; /* CAPI key */
- HCRYPTPROV hCryptProv; /* CAPI keystore*/
- NCRYPT_KEY_HANDLE nc; /* CNG Keystore*/
+ DWORD dwKeySpec; /* CAPI key */
+ HCRYPTPROV hCryptProv; /* CAPI keystore */
+ NCRYPT_KEY_HANDLE nc; /* CNG Keystore */
gnutls_pk_algorithm_t pk;
gnutls_sign_algorithm_t sign_algo;
} priv_st;
-
-typedef SECURITY_STATUS (WINAPI *NCryptDeleteKeyFunc)(
- NCRYPT_KEY_HANDLE hKey,DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptOpenStorageProviderFunc)(
- NCRYPT_PROV_HANDLE *phProvider, LPCWSTR pszProviderName,
- DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptOpenKeyFunc)(
- NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey,
- LPCWSTR pszKeyName, DWORD dwLegacyKeySpec,
- DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptGetPropertyFunc)(
- NCRYPT_HANDLE hObject, LPCWSTR pszProperty,
- PBYTE pbOutput, DWORD cbOutput,
- DWORD *pcbResult, DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptFreeObjectFunc)(
- NCRYPT_HANDLE hObject);
-
-typedef SECURITY_STATUS (WINAPI *NCryptDecryptFunc)(
- NCRYPT_KEY_HANDLE hKey, PBYTE pbInput,
- DWORD cbInput, VOID *pPaddingInfo,
- PBYTE pbOutput, DWORD cbOutput,
- DWORD *pcbResult, DWORD dwFlags);
-
-typedef SECURITY_STATUS (WINAPI *NCryptSignHashFunc)(
- NCRYPT_KEY_HANDLE hKey, VOID* pPaddingInfo,
- PBYTE pbHashValue, DWORD cbHashValue,
- PBYTE pbSignature, DWORD cbSignature,
- DWORD* pcbResult, DWORD dwFlags);
-
-static int StrCmpW(const WCHAR *str1, const WCHAR *str2 )
+typedef SECURITY_STATUS(WINAPI * NCryptDeleteKeyFunc) (NCRYPT_KEY_HANDLE hKey,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI *
+ NCryptOpenStorageProviderFunc) (NCRYPT_PROV_HANDLE *
+ phProvider,
+ LPCWSTR pszProviderName,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI *
+ NCryptOpenKeyFunc) (NCRYPT_PROV_HANDLE hProvider,
+ NCRYPT_KEY_HANDLE * phKey,
+ LPCWSTR pszKeyName,
+ DWORD dwLegacyKeySpec,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI * NCryptGetPropertyFunc) (NCRYPT_HANDLE hObject,
+ LPCWSTR pszProperty,
+ PBYTE pbOutput,
+ DWORD cbOutput,
+ DWORD * pcbResult,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI * NCryptFreeObjectFunc) (NCRYPT_HANDLE hObject);
+
+typedef SECURITY_STATUS(WINAPI * NCryptDecryptFunc) (NCRYPT_KEY_HANDLE hKey,
+ PBYTE pbInput,
+ DWORD cbInput,
+ VOID * pPaddingInfo,
+ PBYTE pbOutput,
+ DWORD cbOutput,
+ DWORD * pcbResult,
+ DWORD dwFlags);
+
+typedef SECURITY_STATUS(WINAPI * NCryptSignHashFunc) (NCRYPT_KEY_HANDLE hKey,
+ VOID * pPaddingInfo,
+ PBYTE pbHashValue,
+ DWORD cbHashValue,
+ PBYTE pbSignature,
+ DWORD cbSignature,
+ DWORD * pcbResult,
+ DWORD dwFlags);
+
+static int StrCmpW(const WCHAR * str1, const WCHAR * str2)
{
- while (*str1 && (*str1 == *str2)) { str1++; str2++; }
+ while (*str1 && (*str1 == *str2)) {
+ str1++;
+ str2++;
+ }
return *str1 - *str2;
}
#define WIN_URL_SIZE 11
static int
-get_id(const char *url, uint8_t *bin, size_t *bin_size, unsigned cert)
+get_id(const char *url, uint8_t * bin, size_t * bin_size, unsigned cert)
{
int ret;
unsigned url_size = strlen(url);
gnutls_datum_t tmp;
if (cert != 0) {
- if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
+ if (url_size < sizeof(WIN_URL)
+ || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
} else {
- if (url_size < sizeof(WIN_URL) || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
+ if (url_size < sizeof(WIN_URL)
+ || strncmp(url, WIN_URL, WIN_URL_SIZE) != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
char t;
DWORD i;
- for (i = 0; i < cbData / 2; i++){
+ for (i = 0; i < cbData / 2; i++) {
t = pvData[i];
pvData[i] = pvData[cbData - 1 - i];
pvData[cbData - 1 - i] = t;
static
int capi_sign(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *raw_data,
- gnutls_datum_t *signature)
+ const gnutls_datum_t * raw_data, gnutls_datum_t * signature)
{
- priv_st *priv = (priv_st*)userdata;
- ALG_ID Algid;
+ priv_st *priv = (priv_st *) userdata;
+ ALG_ID Algid;
HCRYPTHASH hHash = NULL;
uint8_t digest[MAX_HASH_SIZE];
unsigned int digest_size;
gnutls_digest_algorithm_t algo;
DWORD size1 = 0, sizesize = sizeof(DWORD);
- DWORD ret_sig = 0;
+ DWORD ret_sig = 0;
int ret;
signature->data = NULL;
digest_size = raw_data->size;
- switch (digest_size) {
- case 16: Algid = CALG_MD5; break;
- //case 35: size=20; // DigestInfo SHA1
- case 20: Algid = CALG_SHA1; break;
- //case 51: size=32; // DigestInto SHA-256
- case 32: Algid = CALG_SHA_256; break;
- case 36: Algid = CALG_SSL3_SHAMD5; break;
- case 48: Algid = CALG_SHA_384; break;
- case 64: Algid = CALG_SHA_512; break;
- default:
- digest_size = sizeof(digest);
- ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ switch (digest_size) {
+ case 16:
+ Algid = CALG_MD5;
+ break;
+ //case 35: size=20; // DigestInfo SHA1
+ case 20:
+ Algid = CALG_SHA1;
+ break;
+ //case 51: size=32; // DigestInto SHA-256
+ case 32:
+ Algid = CALG_SHA_256;
+ break;
+ case 36:
+ Algid = CALG_SSL3_SHAMD5;
+ break;
+ case 48:
+ Algid = CALG_SHA_384;
+ break;
+ case 64:
+ Algid = CALG_SHA_512;
+ break;
+ default:
+ digest_size = sizeof(digest);
+ ret =
+ decode_ber_digest_info(raw_data, &algo, digest,
+ &digest_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- switch (algo) {
- case GNUTLS_DIG_SHA1: Algid = CALG_SHA1; break;
+ switch (algo) {
+ case GNUTLS_DIG_SHA1:
+ Algid = CALG_SHA1;
+ break;
#ifdef NCRYPT_SHA224_ALGORITHM
- case GNUTLS_DIG_SHA224: Algid = CALG_SHA_224; break;
+ case GNUTLS_DIG_SHA224:
+ Algid = CALG_SHA_224;
+ break;
#endif
- case GNUTLS_DIG_SHA256: Algid = CALG_SHA_256; break;
- case GNUTLS_DIG_SHA384: Algid = CALG_SHA_384; break;
- case GNUTLS_DIG_SHA512: Algid = CALG_SHA_512; break;
- default:
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
- }
+ case GNUTLS_DIG_SHA256:
+ Algid = CALG_SHA_256;
+ break;
+ case GNUTLS_DIG_SHA384:
+ Algid = CALG_SHA_384;
+ break;
+ case GNUTLS_DIG_SHA512:
+ Algid = CALG_SHA_512;
+ break;
+ default:
+ return
+ gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+ }
}
if (!CryptCreateHash(priv->hCryptProv, Algid, 0, 0, &hHash)) {
gnutls_assert();
- _gnutls_debug_log("error in create hash: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in create hash: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
if (!CryptSetHashParam(hHash, HP_HASHVAL, digest, 0)) {
gnutls_assert();
- _gnutls_debug_log("error in set hash val: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in set hash val: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
-
- if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&size1, &sizesize, 0) ||
- digest_size != size1) {
+ if (!CryptGetHashParam
+ (hHash, HP_HASHSIZE, (BYTE *) & size1, &sizesize, 0)
+ || digest_size != size1) {
gnutls_assert();
_gnutls_debug_log("error in hash size: %d\n", (int)size1);
ret = GNUTLS_E_PK_SIGN_FAILED;
if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, NULL, &ret_sig)) {
gnutls_assert();
- _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in pre-signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
signature->size = ret_sig;
- signature->data = (unsigned char*)gnutls_malloc(signature->size);
+ signature->data = (unsigned char *)gnutls_malloc(signature->size);
if (signature->data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- if (!CryptSignHash(hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) {
+ if (!CryptSignHash
+ (hHash, priv->dwKeySpec, NULL, 0, signature->data, &ret_sig)) {
gnutls_assert();
- _gnutls_debug_log("error in signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
signature->size = ret_sig;
return 0;
-fail:
+ fail:
if (hHash != 0)
CryptDestroyHash(hHash);
gnutls_free(signature->data);
static
int capi_decrypt(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *ciphertext,
- gnutls_datum_t *plaintext)
+ const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext)
{
- priv_st *priv = (priv_st*)userdata;
+ priv_st *priv = (priv_st *) userdata;
DWORD size = 0;
int ret;
}
plaintext->size = size = ciphertext->size;
- plaintext->data = (unsigned char*)gnutls_malloc(plaintext->size);
+ plaintext->data = (unsigned char *)gnutls_malloc(plaintext->size);
if (plaintext->data == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
memcpy(plaintext->data, ciphertext->data, size);
- if (0 == CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data, &size))
- {
+ if (0 ==
+ CryptDecrypt(priv->hCryptProv, 0, true, 0, plaintext->data,
+ &size)) {
gnutls_assert();
ret = GNUTLS_E_PK_DECRYPTION_FAILED;
goto fail;
}
return 0;
-fail:
+ fail:
gnutls_free(plaintext->data);
return ret;
}
static
void capi_deinit(gnutls_privkey_t key, void *userdata)
{
- priv_st *priv = (priv_st*)userdata;
+ priv_st *priv = (priv_st *) userdata;
CryptReleaseContext(priv->hCryptProv, 0);
gnutls_free(priv);
}
static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
{
- priv_st *priv = (priv_st*)userdata;
+ priv_st *priv = (priv_st *) userdata;
if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO)
return priv->pk;
static
int cng_sign(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *raw_data,
- gnutls_datum_t *signature)
+ const gnutls_datum_t * raw_data, gnutls_datum_t * signature)
{
priv_st *priv = userdata;
BCRYPT_PKCS1_PADDING_INFO _info;
DWORD ret_sig = 0;
int ret;
DWORD flags = 0;
- gnutls_datum_t data = {raw_data->data, raw_data->size};
+ gnutls_datum_t data = { raw_data->data, raw_data->size };
uint8_t digest[MAX_HASH_SIZE];
unsigned int digest_size;
gnutls_digest_algorithm_t algo;
flags = BCRYPT_PAD_PKCS1;
info = &_info;
- if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */
+ if (raw_data->size == 36) { /* TLS 1.0 MD5+SHA1 */
_info.pszAlgId = NULL;
} else {
digest_size = sizeof(digest);
- ret = decode_ber_digest_info(raw_data, &algo, digest, &digest_size);
+ ret =
+ decode_ber_digest_info(raw_data, &algo, digest,
+ &digest_size);
if (ret < 0)
return gnutls_assert_val(ret);
- switch(algo) {
- case GNUTLS_DIG_SHA1:
- _info.pszAlgId = NCRYPT_SHA1_ALGORITHM;
- break;
+ switch (algo) {
+ case GNUTLS_DIG_SHA1:
+ _info.pszAlgId = NCRYPT_SHA1_ALGORITHM;
+ break;
#ifdef NCRYPT_SHA224_ALGORITHM
- case GNUTLS_DIG_SHA224:
- _info.pszAlgId = NCRYPT_SHA224_ALGORITHM;
- break;
+ case GNUTLS_DIG_SHA224:
+ _info.pszAlgId = NCRYPT_SHA224_ALGORITHM;
+ break;
#endif
- case GNUTLS_DIG_SHA256:
- _info.pszAlgId = NCRYPT_SHA256_ALGORITHM;
- break;
- case GNUTLS_DIG_SHA384:
- _info.pszAlgId = NCRYPT_SHA384_ALGORITHM;
- break;
- case GNUTLS_DIG_SHA512:
- _info.pszAlgId = NCRYPT_SHA512_ALGORITHM;
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+ case GNUTLS_DIG_SHA256:
+ _info.pszAlgId = NCRYPT_SHA256_ALGORITHM;
+ break;
+ case GNUTLS_DIG_SHA384:
+ _info.pszAlgId = NCRYPT_SHA384_ALGORITHM;
+ break;
+ case GNUTLS_DIG_SHA512:
+ _info.pszAlgId = NCRYPT_SHA512_ALGORITHM;
+ break;
+ default:
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
}
data.data = digest;
data.size = digest_size;
NULL, 0, &ret_sig, flags);
if (FAILED(r)) {
gnutls_assert();
- _gnutls_debug_log("error in pre-signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in pre-signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
r = pNCryptSignHash(priv->nc, info, data.data, data.size,
- signature->data, signature->size,
- &ret_sig, flags);
+ signature->data, signature->size, &ret_sig, flags);
if (FAILED(r)) {
gnutls_assert();
- _gnutls_debug_log("error in signing: %d\n", (int)GetLastError());
+ _gnutls_debug_log("error in signing: %d\n",
+ (int)GetLastError());
ret = GNUTLS_E_PK_SIGN_FAILED;
goto fail;
}
static
int cng_decrypt(gnutls_privkey_t key, void *userdata,
- const gnutls_datum_t *ciphertext,
- gnutls_datum_t *plaintext)
+ const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext)
{
priv_st *priv = userdata;
SECURITY_STATUS r;
}
r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size,
- NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
+ NULL, NULL, 0, &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
if (FAILED(r)) {
gnutls_assert();
return GNUTLS_E_PK_DECRYPTION_FAILED;
}
r = pNCryptDecrypt(priv->nc, ciphertext->data, ciphertext->size,
- NULL, plaintext->data, plaintext->size,
- &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
+ NULL, plaintext->data, plaintext->size,
+ &ret_dec, NCRYPT_PAD_PKCS1_FLAG);
if (FAILED(r)) {
gnutls_assert();
ret = GNUTLS_E_PK_DECRYPTION_FAILED;
* Since: 3.4.0
*
-*/
-int
-_gnutls_privkey_import_system_url(gnutls_privkey_t pkey,
- const char *url)
+int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
{
uint8_t id[MAX_WID_SIZE];
HCERTSTORE store = NULL;
WCHAR algo_str[64];
DWORD algo_str_size = 0;
priv_st *priv;
- DWORD i,dwErrCode = 0;
-
+ DWORD i, dwErrCode = 0;
if (ncrypt_init == 0)
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_KEY_IDENTIFIER,
- &blob,
- NULL);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_KEY_IDENTIFIER,
+ &blob, NULL);
if (cert == NULL) {
char buf[64];
_gnutls_debug_log("cannot find ID: %s from %s\n",
- _gnutls_bin2hex(id, id_size,
- buf, sizeof(buf), NULL), url);
+ _gnutls_bin2hex(id, id_size,
+ buf, sizeof(buf), NULL), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
NULL, &kpi_size);
if (r == 0) {
_gnutls_debug_log("error in getting context: %d from %s\n",
- (int)GetLastError(), url);
+ (int)GetLastError(), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
kpi, &kpi_size);
if (r == 0) {
_gnutls_debug_log("error in getting context: %d from %s\n",
- (int)GetLastError(), url);
+ (int)GetLastError(), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0);
- if (!FAILED(r)) /* if this works carry on with CNG*/
- {
+ if (!FAILED(r)) { /* if this works carry on with CNG */
r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0);
if (FAILED(r)) {
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY,
- (BYTE*)algo_str, sizeof(algo_str),
- &algo_str_size, 0);
+ (BYTE *) algo_str, sizeof(algo_str),
+ &algo_str_size, 0);
if (FAILED(r)) {
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
priv->pk = GNUTLS_PK_EC;
priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512;
} else {
- _gnutls_debug_log("unknown key algorithm: %ls\n", algo_str);
+ _gnutls_debug_log("unknown key algorithm: %ls\n",
+ algo_str);
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
priv->nc = nc;
ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign,
- (enc_too!=0)?cng_decrypt:NULL,
- cng_deinit,
- cng_info, 0);
+ (enc_too !=
+ 0) ? cng_decrypt : NULL,
+ cng_deinit, cng_info, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
- /* this should be CAPI*/
- _gnutls_debug_log("error in opening CNG keystore: %x from %ls\n",
- (int) r, kpi->pwszProvName);
+ /* this should be CAPI */
+ _gnutls_debug_log
+ ("error in opening CNG keystore: %x from %ls\n", (int)r,
+ kpi->pwszProvName);
if (CryptAcquireContextW(&hCryptProv,
- kpi->pwszContainerName,
- kpi->pwszProvName,
- kpi->dwProvType,
- kpi->dwFlags)) {
+ kpi->pwszContainerName,
+ kpi->pwszProvName,
+ kpi->dwProvType, kpi->dwFlags)) {
for (i = 0; i < kpi->cProvParam; i++)
if (!CryptSetProvParam(hCryptProv,
- kpi->rgProvParam[i].dwParam,
- kpi->rgProvParam[i].pbData,
- kpi->rgProvParam[i].dwFlags))
- {
+ kpi->rgProvParam[i].
+ dwParam,
+ kpi->rgProvParam[i].
+ pbData,
+ kpi->rgProvParam[i].
+ dwFlags)) {
dwErrCode = GetLastError();
break;
};
}
if (ERROR_SUCCESS != dwErrCode) {
- _gnutls_debug_log("error in getting cryptprov: %d from %s\n",
- (int)GetLastError(), url);
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ _gnutls_debug_log
+ ("error in getting cryptprov: %d from %s\n",
+ (int)GetLastError(), url);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
{
BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2];
- PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *)buf;
+ PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf;
DWORD len = sizeof(buf);
- if (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_FIRST)) {
+ if (CryptGetProvParam
+ (hCryptProv, PP_ENUMALGS_EX, buf, &len,
+ CRYPT_FIRST)) {
DWORD hash = 0;
do {
switch (pAlgo->aiAlgid) {
- case CALG_RSA_SIGN:
- priv->pk = GNUTLS_PK_RSA;
- enc_too = 1;
- break;
- case CALG_DSS_SIGN:
- priv->pk = priv->pk == GNUTLS_PK_RSA ? GNUTLS_PK_RSA : GNUTLS_PK_DSA;
- break;
- case CALG_SHA1:
- hash = 1;
- break;
- case CALG_SHA_256:
- hash = 256;
- break;
- default:
- break;
+ case CALG_RSA_SIGN:
+ priv->pk = GNUTLS_PK_RSA;
+ enc_too = 1;
+ break;
+ case CALG_DSS_SIGN:
+ priv->pk =
+ priv->pk ==
+ GNUTLS_PK_RSA ?
+ GNUTLS_PK_RSA :
+ GNUTLS_PK_DSA;
+ break;
+ case CALG_SHA1:
+ hash = 1;
+ break;
+ case CALG_SHA_256:
+ hash = 256;
+ break;
+ default:
+ break;
}
- len = sizeof(buf); // reset the buffer size
- } while (CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, buf, &len, CRYPT_NEXT));
+ len = sizeof(buf); // reset the buffer size
+ } while (CryptGetProvParam
+ (hCryptProv, PP_ENUMALGS_EX, buf, &len,
+ CRYPT_NEXT));
if (priv->pk == GNUTLS_PK_DSA)
priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
else
- priv->sign_algo = (hash > 1) ? GNUTLS_SIGN_RSA_SHA256 : GNUTLS_SIGN_RSA_SHA1;
+ priv->sign_algo =
+ (hash >
+ 1) ? GNUTLS_SIGN_RSA_SHA256 :
+ GNUTLS_SIGN_RSA_SHA1;
}
}
priv->dwKeySpec = kpi->dwKeySpec;
ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign,
- (enc_too != 0) ? capi_decrypt : NULL,
- capi_deinit,
- capi_info, 0);
+ (enc_too !=
+ 0) ? capi_decrypt : NULL,
+ capi_deinit, capi_info, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
return ret;
}
-int
-_gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
+int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
{
uint8_t id[MAX_WID_SIZE];
HCERTSTORE store = NULL;
}
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_KEY_IDENTIFIER,
- &blob,
- NULL);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_KEY_IDENTIFIER,
+ &blob, NULL);
if (cert == NULL) {
char buf[64];
_gnutls_debug_log("cannot find ID: %s from %s\n",
- _gnutls_bin2hex(id, id_size,
- buf, sizeof(buf), NULL),
- url);
+ _gnutls_bin2hex(id, id_size,
+ buf, sizeof(buf), NULL), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
}
static
-int get_win_urls(const CERT_CONTEXT *cert, char **cert_url, char **key_url,
- char **label, gnutls_datum_t *der)
+int get_win_urls(const CERT_CONTEXT * cert, char **cert_url, char **key_url,
+ char **label, gnutls_datum_t * der)
{
BOOL r;
int ret;
DWORD tl_size;
- gnutls_datum_t tmp_label = {NULL, 0};
- char name[MAX_CN*2];
- char hex[MAX_WID_SIZE*2+1];
+ gnutls_datum_t tmp_label = { NULL, 0 };
+ char name[MAX_CN * 2];
+ char hex[MAX_WID_SIZE * 2 + 1];
gnutls_buffer_st str;
#ifdef WORDS_BIGENDIAN
const unsigned bigendian = 1;
if (cert_url)
*cert_url = NULL;
-
tl_size = sizeof(name);
r = CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
name, &tl_size);
- if (r != 0) { /* optional */
- ret = _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian);
+ if (r != 0) { /* optional */
+ ret =
+ _gnutls_ucs2_to_utf8(name, tl_size, &tmp_label, bigendian);
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (label)
- *label = (char*)tmp_label.data;
+ *label = (char *)tmp_label.data;
}
tl_size = sizeof(name);
goto fail;
}
- ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=cert", hex);
+ ret =
+ _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=cert", hex);
if (ret < 0) {
gnutls_assert();
goto fail;
goto fail;
}
- ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " ");
+ ret =
+ _gnutls_buffer_append_escape(&str, tmp_label.data,
+ tmp_label.size, " ");
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (cert_url)
- *cert_url = (char*)str.data;
+ *cert_url = (char *)str.data;
_gnutls_buffer_init(&str);
- ret = _gnutls_buffer_append_printf(&str, WIN_URL"id=%s;type=privkey", hex);
+ ret =
+ _gnutls_buffer_append_printf(&str, WIN_URL "id=%s;type=privkey",
+ hex);
if (ret < 0) {
gnutls_assert();
goto fail;
goto fail;
}
- ret = _gnutls_buffer_append_escape(&str, tmp_label.data, tmp_label.size, " ");
+ ret =
+ _gnutls_buffer_append_escape(&str, tmp_label.data,
+ tmp_label.size, " ");
if (ret < 0) {
gnutls_assert();
goto fail;
}
if (key_url)
- *key_url = (char*)str.data;
+ *key_url = (char *)str.data;
_gnutls_buffer_init(&str);
ret = 0;
goto cleanup;
fail:
- if (der)
- gnutls_free(der->data);
- if (cert_url)
- gnutls_free(*cert_url);
- if (key_url)
- gnutls_free(*key_url);
- if (label)
- gnutls_free(*label);
+ if (der)
+ gnutls_free(der->data);
+ if (cert_url)
+ gnutls_free(*cert_url);
+ if (key_url)
+ gnutls_free(*key_url);
+ if (label)
+ gnutls_free(*label);
cleanup:
- _gnutls_buffer_clear(&str);
- return ret;
+ _gnutls_buffer_clear(&str);
+ return ret;
}
/**
* Since: 3.4.0
**/
int
-gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter,
- unsigned cert_type,
- char **cert_url,
- char **key_url,
- char **label,
- gnutls_datum_t *der,
- unsigned int flags)
+gnutls_system_key_iter_get_info(gnutls_system_key_iter_t * iter,
+ unsigned cert_type,
+ char **cert_url,
+ char **key_url,
+ char **label,
+ gnutls_datum_t * der, unsigned int flags)
{
if (ncrypt_init == 0)
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
if ((*iter)->store == NULL) {
gnutls_free(*iter);
*iter = NULL;
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
}
- (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, NULL);
+ (*iter)->cert =
+ CertEnumCertificatesInStore((*iter)->store, NULL);
- return get_win_urls((*iter)->cert, cert_url, key_url, label, der);
+ return get_win_urls((*iter)->cert, cert_url, key_url, label,
+ der);
} else {
if ((*iter)->cert == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- (*iter)->cert = CertEnumCertificatesInStore((*iter)->store, (*iter)->cert);
- return get_win_urls((*iter)->cert, cert_url, key_url, label, der);
+ (*iter)->cert =
+ CertEnumCertificatesInStore((*iter)->store, (*iter)->cert);
+ return get_win_urls((*iter)->cert, cert_url, key_url, label,
+ der);
}
}
if (store != NULL) {
do {
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_KEY_IDENTIFIER,
- &blob,
- cert);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_KEY_IDENTIFIER,
+ &blob, cert);
if (cert && key_url) {
nc_size = sizeof(nc);
- r = CertGetCertificateContextProperty(cert, CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID,
- &nc, &nc_size);
+ r = CertGetCertificateContextProperty(cert,
+ CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID,
+ &nc,
+ &nc_size);
if (r != 0) {
pNCryptDeleteKey(nc, 0);
pNCryptFreeObject(nc);
if (cert && cert_url)
CertDeleteCertificateFromStore(cert);
- } while(cert != NULL);
+ } while (cert != NULL);
CertCloseStore(store, 0);
}
*
* Since: 3.4.0
**/
-int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t privkey,
- const char *label, char **cert_url, char **key_url)
+int gnutls_system_key_add_x509(gnutls_x509_crt_t crt,
+ gnutls_x509_privkey_t privkey, const char *label,
+ char **cert_url, char **key_url)
{
HCERTSTORE store = NULL;
CRYPT_DATA_BLOB pfx;
- gnutls_datum_t _pfx = {NULL, 0};
+ gnutls_datum_t _pfx = { NULL, 0 };
gnutls_pkcs12_t p12 = NULL;
gnutls_pkcs12_bag_t bag1 = NULL, bag2 = NULL;
uint8_t id[MAX_WID_SIZE];
goto cleanup;
}
- ret = gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size, sha);
+ ret =
+ gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size,
+ sha);
gnutls_free(data.data);
if (ret < 0) {
gnutls_assert();
blob.pbData = sha;
cert = CertFindCertificateInStore(store,
- X509_ASN_ENCODING,
- 0,
- CERT_FIND_SHA1_HASH,
- &blob,
- NULL);
+ X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_SHA1_HASH,
+ &blob, NULL);
if (cert == NULL) {
gnutls_assert();
ret = 0;
cleanup:
- if (p12 != NULL)
- gnutls_pkcs12_deinit(p12);
- if (bag1 != NULL)
- gnutls_pkcs12_bag_deinit(bag1);
- if (bag2 != NULL)
- gnutls_pkcs12_bag_deinit(bag2);
- if (store != NULL)
+ if (p12 != NULL)
+ gnutls_pkcs12_deinit(p12);
+ if (bag1 != NULL)
+ gnutls_pkcs12_bag_deinit(bag1);
+ if (bag2 != NULL)
+ gnutls_pkcs12_bag_deinit(bag2);
+ if (store != NULL)
CertCloseStore(store, 0);
gnutls_free(_pfx.data);
return ret;
return gnutls_assert_val(GNUTLS_E_CRYPTO_INIT_FAILED);
}
- pNCryptDeleteKey = (NCryptDeleteKeyFunc)GetProcAddress(ncrypt_lib, "NCryptDeleteKey");
+ pNCryptDeleteKey =
+ (NCryptDeleteKeyFunc) GetProcAddress(ncrypt_lib, "NCryptDeleteKey");
if (pNCryptDeleteKey == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptOpenStorageProvider = (NCryptOpenStorageProviderFunc)GetProcAddress(ncrypt_lib, "NCryptOpenStorageProvider");
+ pNCryptOpenStorageProvider =
+ (NCryptOpenStorageProviderFunc) GetProcAddress(ncrypt_lib,
+ "NCryptOpenStorageProvider");
if (pNCryptOpenStorageProvider == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptOpenKey = (NCryptOpenKeyFunc)GetProcAddress(ncrypt_lib, "NCryptOpenKey");
+ pNCryptOpenKey =
+ (NCryptOpenKeyFunc) GetProcAddress(ncrypt_lib, "NCryptOpenKey");
if (pNCryptOpenKey == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptGetProperty = (NCryptGetPropertyFunc)GetProcAddress(ncrypt_lib, "NCryptGetProperty");
+ pNCryptGetProperty =
+ (NCryptGetPropertyFunc) GetProcAddress(ncrypt_lib,
+ "NCryptGetProperty");
if (pNCryptGetProperty == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptFreeObject = (NCryptFreeObjectFunc)GetProcAddress(ncrypt_lib, "NCryptFreeObject");
+ pNCryptFreeObject =
+ (NCryptFreeObjectFunc) GetProcAddress(ncrypt_lib,
+ "NCryptFreeObject");
if (pNCryptFreeObject == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptDecrypt = (NCryptDecryptFunc)GetProcAddress(ncrypt_lib, "NCryptDecrypt");
+ pNCryptDecrypt =
+ (NCryptDecryptFunc) GetProcAddress(ncrypt_lib, "NCryptDecrypt");
if (pNCryptDecrypt == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
}
- pNCryptSignHash = (NCryptSignHashFunc)GetProcAddress(ncrypt_lib, "NCryptSignHash");
+ pNCryptSignHash =
+ (NCryptSignHashFunc) GetProcAddress(ncrypt_lib, "NCryptSignHash");
if (pNCryptSignHash == NULL) {
ret = GNUTLS_E_CRYPTO_INIT_FAILED;
goto fail;
/* hash and hex encode */
ret =
_gnutls_hash_fast((gnutls_digest_algorithm_t)hash_algo->id,
- skey->data, skey->size, phash);
+ skey->data, skey->size, phash);
if (ret < 0)
return gnutls_assert_val(ret);
* trust storage structure. The function is of the following form.
*
* int gnutls_tdb_store_func(const char* db_name, const char* host,
- * const char* service, time_t expiration,
- * const gnutls_datum_t* pubkey);
+ * const char* service, time_t expiration,
+ * const gnutls_datum_t* pubkey);
*
* The @db_name should be used to pass any private data to this function.
*
* trust storage structure. The function is of the following form.
*
* int gnutls_tdb_store_commitment_func(const char* db_name, const char* host,
- * const char* service, time_t expiration,
- * gnutls_digest_algorithm_t, const gnutls_datum_t* hash);
+ * const char* service, time_t expiration,
+ * gnutls_digest_algorithm_t, const gnutls_datum_t* hash);
*
* The @db_name should be used to pass any private data to this function.
*
* trust storage structure. The function is of the following form.
*
* int gnutls_tdb_verify_func(const char* db_name, const char* host,
- * const char* service, const gnutls_datum_t* pubkey);
+ * const char* service, const gnutls_datum_t* pubkey);
*
* The verify function should return zero on a match, %GNUTLS_E_CERTIFICATE_KEY_MISMATCH
* if there is a mismatch and any other negative error code otherwise.
}
ret =
- check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers,
- cand_issuers_size, &resp, &ocsp_status);
+ check_ocsp_response(session, peer_certificate_list[0], cred->tlist, cand_issuers,
+ cand_issuers_size, &resp, &ocsp_status);
if (ret < 0) {
CLEAR_CERTS;
/* Try to load the whole certificate chain from the PKCS #11 token */
for (i=0;i<MAX_PKCS11_CERT_CHAIN;i++) {
- ret = gnutls_x509_crt_check_issuer(crt, crt);
- if (i > 0 && ret != 0) {
- /* self signed */
- break;
- }
+ ret = gnutls_x509_crt_check_issuer(crt, crt);
+ if (i > 0 && ret != 0) {
+ /* self signed */
+ break;
+ }
ret = gnutls_pcert_import_x509(&ccert[i], crt, 0);
if (ret < 0) {
}
ret =
- gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size,
- GNUTLS_X509_CRT_LIST_SORT);
+ gnutls_pcert_import_x509_list(pcerts, cert_list, (unsigned int*)&cert_list_size,
+ GNUTLS_X509_CRT_LIST_SORT);
if (ret < 0) {
gnutls_assert();
goto cleanup;
return 0;
cleanup:
- gnutls_free(pcerts);
+ gnutls_free(pcerts);
_gnutls_str_array_clear(&names);
return ret;
}
*/
int
gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_x509_privkey_t *key)
+ unsigned index,
+ gnutls_x509_privkey_t *key)
{
if (index >= res->ncerts) {
gnutls_assert();
*/
int
gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
- unsigned index,
- gnutls_x509_crt_t **crt_list,
- unsigned *crt_list_size)
+ unsigned index,
+ gnutls_x509_crt_t **crt_list,
+ unsigned *crt_list_size)
{
int ret;
unsigned i;
**/
void
gnutls_certificate_get_trust_list(gnutls_certificate_credentials_t res,
- gnutls_x509_trust_list_t *tlist)
+ gnutls_x509_trust_list_t *tlist)
{
*tlist = res->tlist;
}
int _gnutls_x509_cert_verify_peers(gnutls_session_t session,
gnutls_typed_vdata_st * data,
- unsigned int elements,
+ unsigned int elements,
unsigned int *status);
#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE"
unsigned
_gnutls_check_valid_key_id(gnutls_datum_t *key_id,
- gnutls_x509_crt_t cert, time_t now)
+ gnutls_x509_crt_t cert, time_t now)
{
uint8_t id[MAX_KEY_ID_SIZE];
size_t id_size;
gnutls_datum_t * rpubkey);
int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt,
- gnutls_datum_t * rpubkey);
+ gnutls_datum_t * rpubkey);
typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t);
int
gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl,
gnutls_x509_crl_iter_t *iter,
- unsigned char *serial,
- size_t * serial_size, time_t * t)
+ unsigned char *serial,
+ size_t * serial_size, time_t * t)
{
int result, _serial_size;
ret = 0;
cleanup:
asn1_delete_structure(&c2);
- gnutls_free(extensions);
+ gnutls_free(extensions);
return ret;
}
*/
ret = 0;
cleanup:
- if (a_email != email) {
- idn_free(a_email);
+ if (a_email != email) {
+ idn_free(a_email);
}
- return ret;
+ return ret;
}
ret = 0;
cleanup:
- gnutls_x509_aki_deinit(aki);
- return ret;
+ gnutls_x509_aki_deinit(aki);
+ return ret;
}
**/
unsigned
gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
- const char *hostname, unsigned int flags)
+ const char *hostname, unsigned int flags)
{
char dnsname[MAX_CN];
size_t dnsnamesize;
*/
ret = 0;
cleanup:
- if (a_hostname != hostname) {
- idn_free(a_hostname);
+ if (a_hostname != hostname) {
+ idn_free(a_hostname);
}
- return ret;
+ return ret;
}
extern const asn1_static_node krb5_asn1_tab[];
-static void cleanup_principal(krb5_principal_data *princ)
+static void cleanup_principal(krb5_principal_data * princ)
{
- unsigned i;
- if (princ) {
- gnutls_free(princ->realm);
- for (i=0;i<princ->length;i++)
- gnutls_free(princ->data[i]);
+ unsigned i;
+ if (princ) {
+ gnutls_free(princ->realm);
+ for (i = 0; i < princ->length; i++)
+ gnutls_free(princ->data[i]);
memset(princ, 0, sizeof(*princ));
gnutls_free(princ);
- }
+ }
}
-static krb5_principal_data* name_to_principal(const char *_name)
+static krb5_principal_data *name_to_principal(const char *_name)
{
krb5_principal_data *princ;
char *p, *p2, *sp;
goto fail;
}
- princ->realm = gnutls_strdup(p+1);
+ princ->realm = gnutls_strdup(p + 1);
if (princ->realm == NULL) {
gnutls_assert();
goto fail;
if (p == p2) {
p = strtok_r(name, "/", &sp);
- while(p) {
+ while (p) {
if (pos == MAX_COMPONENTS) {
- _gnutls_debug_log("%s: Cannot parse names with more than %d components\n", __func__, MAX_COMPONENTS);
+ _gnutls_debug_log
+ ("%s: Cannot parse names with more than %d components\n",
+ __func__, MAX_COMPONENTS);
goto fail;
}
p = strtok_r(NULL, "/", &sp);
}
- if ((princ->length == 2) && (strcmp (princ->data[0], "krbtgt") == 0)) {
- princ->type = 2; /* KRB_NT_SRV_INST */
+ if ((princ->length == 2)
+ && (strcmp(princ->data[0], "krbtgt") == 0)) {
+ princ->type = 2; /* KRB_NT_SRV_INST */
} else {
- princ->type = 1; /* KRB_NT_PRINCIPAL */
+ princ->type = 1; /* KRB_NT_PRINCIPAL */
}
- } else { /* enterprise */
+ } else { /* enterprise */
princ->data[0] = gnutls_strdup(name);
if (princ->data[0] == NULL) {
gnutls_assert();
}
princ->length++;
- princ->type = 10; /* KRB_NT_ENTERPRISE */
+ princ->type = 10; /* KRB_NT_ENTERPRISE */
}
goto cleanup;
fail:
- cleanup_principal(princ);
- princ = NULL;
+ cleanup_principal(princ);
+ princ = NULL;
cleanup:
gnutls_free(name);
{
int ret, result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- krb5_principal_data * princ;
+ krb5_principal_data *princ;
unsigned i;
princ = name_to_principal(name);
goto cleanup;
}
- result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2);
+ result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.KRB5PrincipalName", &c2);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
}
result =
- asn1_write_value(c2, "principalName.name-type", &princ->type,
- 1);
+ asn1_write_value(c2, "principalName.name-type", &princ->type, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
for (i = 0; i < princ->length; i++) {
result =
- asn1_write_value(c2, "principalName.name-string",
- "NEW", 1);
+ asn1_write_value(c2, "principalName.name-string", "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
return ret;
}
-static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st *str)
+static int principal_to_str(ASN1_TYPE c2, gnutls_buffer_st * str)
{
- gnutls_datum_t realm = {NULL, 0};
- gnutls_datum_t component = {NULL, 0};
+ gnutls_datum_t realm = { NULL, 0 };
+ gnutls_datum_t component = { NULL, 0 };
unsigned char name_type[2];
int ret, result, len;
unsigned i;
}
len = sizeof(name_type);
- result = asn1_read_value(c2, "principalName.name-type", name_type, &len);
+ result =
+ asn1_read_value(c2, "principalName.name-type", name_type, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- if (len != 1 || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) {
+ if (len != 1
+ || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) {
ret = GNUTLS_E_INVALID_REQUEST;
goto cleanup;
}
- for (i=0;;i++) {
- snprintf(val, sizeof(val), "principalName.name-string.?%u", i+1);
+ for (i = 0;; i++) {
+ snprintf(val, sizeof(val), "principalName.name-string.?%u",
+ i + 1);
ret = _gnutls_x509_read_value(c2, val, &component);
- if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND
+ || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
break;
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (i>0) {
+ if (i > 0) {
ret = _gnutls_buffer_append_data(str, "/", 1);
if (ret < 0) {
gnutls_assert();
}
}
- ret = _gnutls_buffer_append_data(str, component.data, component.size);
+ ret =
+ _gnutls_buffer_append_data(str, component.data,
+ component.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
ret = 0;
cleanup:
_gnutls_free_datum(&component);
- gnutls_free(realm.data);
- return ret;
+ gnutls_free(realm.data);
+ return ret;
}
-int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t *name)
+int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der,
+ gnutls_datum_t * name)
{
int ret, result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
_gnutls_buffer_init(&str);
- result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2);
+ result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.KRB5PrincipalName", &c2);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
return _gnutls_buffer_to_datum(&str, name, 1);
cleanup:
- _gnutls_buffer_clear(&str);
+ _gnutls_buffer_clear(&str);
asn1_delete_structure(&c2);
return ret;
}
// for documentation see the implementation
static int name_constraints_intersect_nodes(name_constraints_node_st * nc1,
- name_constraints_node_st * nc2,
- name_constraints_node_st ** intersection);
+ name_constraints_node_st * nc2,
+ name_constraints_node_st ** intersection);
/*-
* is_nc_empty:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
-*/
static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t* name)
+ const gnutls_datum_t* name)
{
if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI &&
* Returns: Pointer to newly allocated node or NULL in case of memory error.
-*/
static name_constraints_node_st* name_constraints_node_new(unsigned type,
- unsigned char *data,
- unsigned int size)
+ unsigned char *data,
+ unsigned int size)
{
name_constraints_node_st *tmp = gnutls_malloc(sizeof(struct name_constraints_node_st));
if (tmp == NULL)
-*/
static
int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc,
- name_constraints_node_st * _nc2,
- name_constraints_node_st ** _nc_excluded)
+ name_constraints_node_st * _nc2,
+ name_constraints_node_st ** _nc_excluded)
{
name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL, *prev = NULL;
int ret, type, used;
}
// if the node from nc2 was not used for intersection, copy it to DEST
// Beware: also copies nodes other than DNS, email, IP,
- // since their counterpart may have been moved in phase 1.
+ // since their counterpart may have been moved in phase 1.
if (!used) {
tmp = name_constraints_node_new(nc2->type, nc2->name.data, nc2->name.size);
if (tmp == NULL) {
* Since: 3.3.0
**/
int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt,
- gnutls_x509_name_constraints_t nc,
- unsigned int flags,
- unsigned int *critical)
+ gnutls_x509_name_constraints_t nc,
+ unsigned int flags,
+ unsigned int *critical)
{
int ret;
gnutls_datum_t der = { NULL, 0 };
static
int name_constraints_add(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name,
- unsigned permitted)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name,
+ unsigned permitted)
{
struct name_constraints_node_st * tmp, *prev = NULL;
int ret;
* Since: 3.5.0
-*/
int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
- gnutls_x509_name_constraints_t nc2)
+ gnutls_x509_name_constraints_t nc2)
{
int ret;
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
return name_constraints_add(nc, type, name, 1);
}
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
return name_constraints_add(nc, type, name, 0);
}
* Since: 3.3.0
**/
int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt,
- gnutls_x509_name_constraints_t nc,
- unsigned int critical)
+ gnutls_x509_name_constraints_t nc,
+ unsigned int critical)
{
int ret;
gnutls_datum_t der;
* @nc1: name constraints node 1
* @nc2: name constraints node 2
* @_intersection: newly allocated node with intersected constraints,
- * NULL if the intersection is empty
+ * NULL if the intersection is empty
*
* Inspect 2 name constraints nodes (of possibly different types) and allocate
* a new node with intersection of given constraints.
-*/
static int
name_constraints_intersect_nodes(name_constraints_node_st * nc1,
- name_constraints_node_st * nc2,
- name_constraints_node_st ** _intersection)
+ name_constraints_node_st * nc2,
+ name_constraints_node_st ** _intersection)
{
// presume empty intersection
name_constraints_node_st *intersection = NULL;
* Since: 3.3.0
**/
unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- const gnutls_datum_t * name)
+ gnutls_x509_subject_alt_name_t type,
+ const gnutls_datum_t * name)
{
if (type == GNUTLS_SAN_DNSNAME)
return check_dns_constraints(nc, name);
* is present in the CA, _and_ the name in the end certificate contains
* the constrained element. */
static int check_unsupported_constraint2(gnutls_x509_crt_t cert,
- gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type)
+ gnutls_x509_name_constraints_t nc,
+ gnutls_x509_subject_alt_name_t type)
{
unsigned idx, found_one;
char name[MAX_CN];
* Since: 3.3.0
**/
unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc,
- gnutls_x509_subject_alt_name_t type,
- gnutls_x509_crt_t cert)
+ gnutls_x509_subject_alt_name_t type,
+ gnutls_x509_crt_t cert)
{
char name[MAX_CN];
size_t name_size;
/* ensure there is only a single CN, according to rfc6125 */
name_size = sizeof(name);
ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
- 1, 0, name, &name_size);
+ 1, 0, name, &name_size);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
return gnutls_assert_val(0);
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc,
- unsigned idx,
- unsigned *type, gnutls_datum_t * name)
+ unsigned idx,
+ unsigned *type, gnutls_datum_t * name)
{
unsigned int i;
struct name_constraints_node_st * tmp = nc->permitted;
* Since: 3.3.0
**/
int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc,
- unsigned idx,
- unsigned *type, gnutls_datum_t * name)
+ unsigned idx,
+ unsigned *type, gnutls_datum_t * name)
{
unsigned int i;
struct name_constraints_node_st * tmp = nc->excluded;
* corresponds to the CertID structure:
*
* <informalexample><programlisting>
- * CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- * serialNumber CertificateSerialNumber }
+ * CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ * serialNumber CertificateSerialNumber }
* </programlisting></informalexample>
*
* Each of the pointers to output variables may be NULL to indicate
* The information needed corresponds to the CertID structure:
*
* <informalexample><programlisting>
- * CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- * serialNumber CertificateSerialNumber }
+ * CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ * serialNumber CertificateSerialNumber }
* </programlisting></informalexample>
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
print_name(str, "\t\t\t", type, &dist, 0);
}
cleanup:
- gnutls_x509_crl_dist_points_deinit(dp);
+ gnutls_x509_crl_dist_points_deinit(dp);
}
static void
* @chain: the corresponding to key certificate chain (may be %NULL)
* @chain_len: will be updated with the number of additional (may be %NULL)
* @extra_certs: optional pointer to receive an array of additional
- * certificates found in the PKCS12 structure (may be %NULL).
+ * certificates found in the PKCS12 structure (may be %NULL).
* @extra_certs_len: will be updated with the number of additional
- * certs (may be %NULL).
+ * certs (may be %NULL).
* @crl: an optional structure to store the parsed CRL (may be %NULL).
* @flags: should be zero or one of GNUTLS_PKCS12_SP_*
*
* Since: 3.4.2
**/
int
-gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_t *data, unsigned flags)
+gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid,
+ gnutls_datum_t * data, unsigned flags)
{
int ret;
gnutls_pkcs7_attrs_st *r;
if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) {
ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING,
- data->data, data->size, &r->data);
+ data->data, data->size,
+ &r->data);
} else {
ret = _gnutls_set_datum(&r->data, data->data, data->size);
}
return 0;
fail:
- if (r) {
- gnutls_free(r->data.data);
- gnutls_free(r);
+ if (r) {
+ gnutls_free(r->data.data);
+ gnutls_free(r);
}
- gnutls_pkcs7_attrs_deinit(*list);
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_pkcs7_attrs_deinit(*list);
+ return GNUTLS_E_MEMORY_ERROR;
}
* Since: 3.4.2
**/
int
-gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutls_datum_t *data, unsigned flags)
+gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid,
+ gnutls_datum_t * data, unsigned flags)
{
unsigned i;
gnutls_pkcs7_attrs_st *p = list;
int ret;
- for (i=0;i<idx;i++) {
+ for (i = 0; i < idx; i++) {
p = p->next;
if (p == NULL)
break;
if (flags & GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING) {
ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- p->data.data, p->data.size, data, 1);
+ p->data.data, p->data.size,
+ data, 1);
} else {
ret = _gnutls_set_datum(data, p->data.data, p->data.size);
}
*
* Since: 3.4.2
**/
-void
-gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list)
+void gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list)
{
gnutls_pkcs7_attrs_st *r = list, *next;
- while(r) {
+ while (r) {
next = r->next;
gnutls_free(r->data.data);
#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
-static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] =
-{
+static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = {
{
- .schema = PBES1_DES_MD5,
- .name = "PBES1-DES-CBC-MD5",
- .flag = GNUTLS_PKCS_PBES1_DES_MD5,
- .cipher = GNUTLS_CIPHER_DES_CBC,
- .pbes2 = 0,
- .cipher_oid = PBES1_DES_MD5_OID,
- .write_oid = PBES1_DES_MD5_OID,
- .desc = NULL,
- .decrypt_only = 1
- },
+ .schema = PBES1_DES_MD5,
+ .name = "PBES1-DES-CBC-MD5",
+ .flag = GNUTLS_PKCS_PBES1_DES_MD5,
+ .cipher = GNUTLS_CIPHER_DES_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PBES1_DES_MD5_OID,
+ .write_oid = PBES1_DES_MD5_OID,
+ .desc = NULL,
+ .decrypt_only = 1},
{
- .schema = PBES2_3DES,
- .name = "PBES2-3DES-CBC",
- .flag = GNUTLS_PKCS_PBES2_3DES,
- .cipher = GNUTLS_CIPHER_3DES_CBC,
- .pbes2 = 1,
- .cipher_oid = DES_EDE3_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_3DES,
+ .name = "PBES2-3DES-CBC",
+ .flag = GNUTLS_PKCS_PBES2_3DES,
+ .cipher = GNUTLS_CIPHER_3DES_CBC,
+ .pbes2 = 1,
+ .cipher_oid = DES_EDE3_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_DES,
- .name = "PBES2-DES-CBC",
- .flag = GNUTLS_PKCS_PBES2_DES,
- .cipher = GNUTLS_CIPHER_DES_CBC,
- .pbes2 = 1,
- .cipher_oid = DES_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-des-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_DES,
+ .name = "PBES2-DES-CBC",
+ .flag = GNUTLS_PKCS_PBES2_DES,
+ .cipher = GNUTLS_CIPHER_DES_CBC,
+ .pbes2 = 1,
+ .cipher_oid = DES_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-des-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_128,
- .name = "PBES2-AES128-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_128,
- .cipher = GNUTLS_CIPHER_AES_128_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_128_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes128-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_128,
+ .name = "PBES2-AES128-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_128,
+ .cipher = GNUTLS_CIPHER_AES_128_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_128_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes128-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_192,
- .name = "PBES2-AES192-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_192,
- .cipher = GNUTLS_CIPHER_AES_192_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_192_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes192-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_192,
+ .name = "PBES2-AES192-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_192,
+ .cipher = GNUTLS_CIPHER_AES_192_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_192_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes192-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PBES2_AES_256,
- .name = "PBES2-AES256-CBC",
- .flag = GNUTLS_PKCS_PBES2_AES_256,
- .cipher = GNUTLS_CIPHER_AES_256_CBC,
- .pbes2 = 1,
- .cipher_oid = AES_256_CBC_OID,
- .write_oid = PBES2_OID,
- .desc = "PKIX1.pkcs-5-aes256-CBC-params",
- .decrypt_only = 0
- },
+ .schema = PBES2_AES_256,
+ .name = "PBES2-AES256-CBC",
+ .flag = GNUTLS_PKCS_PBES2_AES_256,
+ .cipher = GNUTLS_CIPHER_AES_256_CBC,
+ .pbes2 = 1,
+ .cipher_oid = AES_256_CBC_OID,
+ .write_oid = PBES2_OID,
+ .desc = "PKIX1.pkcs-5-aes256-CBC-params",
+ .decrypt_only = 0},
{
- .schema = PKCS12_ARCFOUR_SHA1,
- .name = "PKCS12-ARCFOUR-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_ARCFOUR,
- .cipher = GNUTLS_CIPHER_ARCFOUR,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
- .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_ARCFOUR_SHA1,
+ .name = "PKCS12-ARCFOUR-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_ARCFOUR,
+ .cipher = GNUTLS_CIPHER_ARCFOUR,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
+ .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{
- .schema = PKCS12_RC2_40_SHA1,
- .name = "PKCS12-RC2-40-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_RC2_40,
- .cipher = GNUTLS_CIPHER_RC2_40_CBC,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID,
- .write_oid = PKCS12_PBE_RC2_40_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_RC2_40_SHA1,
+ .name = "PKCS12-RC2-40-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_RC2_40,
+ .cipher = GNUTLS_CIPHER_RC2_40_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID,
+ .write_oid = PKCS12_PBE_RC2_40_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{
- .schema = PKCS12_3DES_SHA1,
- .name = "PKCS12-3DES-SHA1",
- .flag = GNUTLS_PKCS_PKCS12_3DES,
- .cipher = GNUTLS_CIPHER_3DES_CBC,
- .pbes2 = 0,
- .cipher_oid = PKCS12_PBE_3DES_SHA1_OID,
- .write_oid = PKCS12_PBE_3DES_SHA1_OID,
- .desc = NULL,
- .decrypt_only = 0
- },
+ .schema = PKCS12_3DES_SHA1,
+ .name = "PKCS12-3DES-SHA1",
+ .flag = GNUTLS_PKCS_PKCS12_3DES,
+ .cipher = GNUTLS_CIPHER_3DES_CBC,
+ .pbes2 = 0,
+ .cipher_oid = PKCS12_PBE_3DES_SHA1_OID,
+ .write_oid = PKCS12_PBE_3DES_SHA1_OID,
+ .desc = NULL,
+ .decrypt_only = 0},
{0, 0, 0, 0, 0}
};
int _gnutls_pkcs_flags_to_schema(unsigned int flags)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;
+ );
gnutls_assert();
_gnutls_debug_log
("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
- flags);
+ flags);
return PKCS12_3DES_SHA1;
}
*/
const char *gnutls_pkcs_schema_get_name(unsigned int schema)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;
+ );
return NULL;
}
-
/**
* gnutls_pkcs_schema_get_oid:
* @schema: Holds the PKCS #12 or PBES2 schema (%gnutls_pkcs_encrypt_flags_t)
*/
const char *gnutls_pkcs_schema_get_oid(unsigned int schema)
{
- PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;);
+ PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;
+ );
return NULL;
}
-static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned cipher)
+static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned
+ cipher)
{
- PBES2_SCHEMA_LOOP(
- if (_p->cipher == cipher && _p->pbes2 != 0) {
- return _p;
- });
+ PBES2_SCHEMA_LOOP(if (_p->cipher == cipher && _p->pbes2 != 0) {
+ return _p;}
+ ) ;
gnutls_assert();
return NULL;
int _gnutls_check_pkcs_cipher_schema(const char *oid)
{
if (strcmp(oid, PBES2_OID) == 0)
- return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */
+ return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */
- PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {return _p->schema;});
+ PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) {
+ return _p->schema;}
+ ) ;
_gnutls_debug_log
("PKCS #12 encryption schema OID '%s' is unsupported.\n", oid);
const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema)
{
- PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;);
+ PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;) ;
gnutls_assert();
return NULL;
/* Converts an OID to a gnutls cipher type.
*/
static int
-pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t *algo)
+pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t * algo)
{
*algo = 0;
- PBES2_SCHEMA_LOOP(if (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) {
- *algo = _p->cipher;
- return 0;
- }
- );
+ PBES2_SCHEMA_LOOP(if
+ (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) {
+ *algo = _p->cipher; return 0;}
+ ) ;
- _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n",
- oid);
+ _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
-
/* Decrypts a PKCS #7 encryptedData. The output is allocated
* and stored in dec.
*/
goto error;
}
- result =
- asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
result =
_gnutls_read_pkcs_schema_params(&schema, password,
- &data->data[params_start],
- params_len, &kdf_params, &enc_params);
+ &data->data[params_start],
+ params_len, &kdf_params,
+ &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
result =
_gnutls_pkcs_raw_decrypt_data(schema, pkcs7_asn,
- "encryptedContentInfo.encryptedContent", password,
- &kdf_params, &enc_params, &tmp);
+ "encryptedContentInfo.encryptedContent",
+ password, &kdf_params, &enc_params,
+ &tmp);
if (result < 0) {
gnutls_assert();
goto error;
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
return result;
}
int
-_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pkcs_cipher_schema_st **p,
- struct pbkdf2_params *kdf_params, char **oid)
+_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data,
+ const struct pkcs_cipher_schema_st **p,
+ struct pbkdf2_params *kdf_params, char **oid)
{
int result, len;
char enc_oid[MAX_OID_SIZE];
goto error;
}
- result =
- asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
result =
_gnutls_read_pkcs_schema_params(&schema, NULL,
- &data->data[params_start],
- params_len, kdf_params, &enc_params);
+ &data->data[params_start],
+ params_len, kdf_params,
+ &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
return result;
*/
result =
- _gnutls_pkcs_generate_key(schema, password, &kdf_params, &enc_params, &key);
+ _gnutls_pkcs_generate_key(schema, password, &kdf_params,
+ &enc_params, &key);
if (result < 0) {
gnutls_assert();
goto error;
}
result = _gnutls_pkcs_write_schema_params(schema, pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
if (result < 0) {
gnutls_assert();
goto error;
goto error;
}
-
- error:
+ error:
_gnutls_free_key_datum(&key);
_gnutls_free_datum(&tmp);
asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE);
*/
static int
read_pbkdf2_params(ASN1_TYPE pasn,
- const gnutls_datum_t * der,
- struct pbkdf2_params *params)
+ const gnutls_datum_t * der, struct pbkdf2_params *params)
{
int params_start, params_end;
int params_len, len, result;
*/
len = sizeof(oid);
result =
- asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid,
- &len);
+ asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
if (strcmp(oid, PBKDF2_OID) != 0) {
gnutls_assert();
_gnutls_debug_log
- ("PKCS #8 key derivation OID '%s' is unsupported.\n",
- oid);
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
return _gnutls_asn2err(result);
}
result =
_asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start],
- params_len, NULL);
+ params_len, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
/* read the keylength, if it is set.
*/
result =
- _gnutls_x509_read_uint(pbkdf2_asn, "keyLength",
- ¶ms->key_size);
+ _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", ¶ms->key_size);
if (result < 0) {
params->key_size = 0;
}
_gnutls_hard_log("keyLength: %d\n", params->key_size);
len = sizeof(oid);
- result =
- asn1_read_value(pbkdf2_asn, "prf.algorithm",
- oid, &len);
+ result = asn1_read_value(pbkdf2_asn, "prf.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
/* use the default MAC */
result = 0;
result = 0;
- error:
+ error:
asn1_delete_structure(&pbkdf2_asn);
return result;
/* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
*/
-static int
-read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
+static int read_pkcs12_kdf_params(ASN1_TYPE pasn, struct pbkdf2_params *params)
{
int result;
/* read the salt */
params->salt_size = sizeof(params->salt);
result =
- asn1_read_value(pasn, "salt", params->salt,
- ¶ms->salt_size);
+ asn1_read_value(pasn, "salt", params->salt, ¶ms->salt_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
/* read the iteration count
*/
result =
- _gnutls_x509_read_uint(pasn, "iterations",
- ¶ms->iter_count);
+ _gnutls_x509_read_uint(pasn, "iterations", ¶ms->iter_count);
if (result < 0) {
gnutls_assert();
goto error;
return 0;
- error:
+ error:
return result;
}
/* Writes the PBE parameters for PKCS-12 schemas.
*/
static int
-write_pkcs12_kdf_params(ASN1_TYPE pasn,
- const struct pbkdf2_params *kdf_params)
+write_pkcs12_kdf_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params)
{
int result;
return 0;
- error:
+ error:
return result;
}
static int
read_pbes2_enc_params(ASN1_TYPE pasn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params)
+ const gnutls_datum_t * der, struct pbe_enc_params *params)
{
int params_start, params_end;
int params_len, len, result;
/* Check the encryption algorithm
*/
len = sizeof(oid);
- result =
- asn1_read_value(pasn, "encryptionScheme.algorithm", oid,
- &len);
+ result = asn1_read_value(pasn, "encryptionScheme.algorithm", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
result =
_asn1_strict_der_decode(&pbe_asn, &der->data[params_start],
- params_len, NULL);
+ params_len, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
/* read the IV */
params->iv_size = sizeof(params->iv);
- result =
- asn1_read_value(pbe_asn, "", params->iv, ¶ms->iv_size);
+ result = asn1_read_value(pbe_asn, "", params->iv, ¶ms->iv_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
result = 0;
- error:
+ error:
asn1_delete_structure(&pbe_asn);
return result;
}
*/
int
_gnutls_read_pkcs_schema_params(schema_id * schema, const char *password,
- const uint8_t * data, int data_size,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params)
+ const uint8_t * data, int data_size,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params)
{
ASN1_TYPE pasn = ASN1_TYPE_EMPTY;
int result;
/* Decode the parameters.
*/
- result =
- _asn1_strict_der_decode(&pasn, data, data_size, NULL);
+ result = _asn1_strict_der_decode(&pasn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
*schema = p->schema;
return 0;
} else if (*schema == PBES1_DES_MD5) {
- return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, enc_params);
- } else { /* PKCS #12 schema */
+ return _gnutls_read_pbkdf1_params(data, data_size, kdf_params,
+ enc_params);
+ } else { /* PKCS #12 schema */
memset(enc_params, 0, sizeof(*enc_params));
p = _gnutls_pkcs_schema_get(*schema);
/* Decode the parameters.
*/
- result =
- _asn1_strict_der_decode(&pasn, data, data_size, NULL);
+ result = _asn1_strict_der_decode(&pasn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
if (enc_params->iv_size) {
result =
- _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 2 /*IV*/,
+ _gnutls_pkcs12_string_to_key(mac_to_entry
+ (GNUTLS_MAC_SHA1),
+ 2 /*IV*/,
kdf_params->salt,
- kdf_params->
- salt_size,
- kdf_params->
- iter_count,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
password,
- enc_params->
- iv_size,
+ enc_params->iv_size,
enc_params->iv);
if (result < 0) {
gnutls_assert();
int
_gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *root, const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t *decrypted_data)
+ const char *root, const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data)
{
int result;
- gnutls_datum_t enc = {NULL, 0};
+ gnutls_datum_t enc = { NULL, 0 };
uint8_t *key = NULL;
gnutls_datum_t dkey, d_iv;
cipher_hd_st ch;
if (schema == PBES1_DES_MD5) {
return _gnutls_decrypt_pbes1_des_md5_data(password, pass_len,
- kdf_params, enc_params,
- &enc, decrypted_data);
+ kdf_params,
+ enc_params, &enc,
+ decrypted_data);
}
if (kdf_params->key_size == 0) {
/* generate the key
*/
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
if (kdf_params->mac == GNUTLS_MAC_SHA1)
- pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+ pbkdf2_hmac_sha1(pass_len, (uint8_t *) password,
kdf_params->iter_count,
- kdf_params->salt_size, kdf_params->salt,
- key_size, key);
+ kdf_params->salt_size,
+ kdf_params->salt, key_size, key);
else if (kdf_params->mac == GNUTLS_MAC_SHA256)
- pbkdf2_hmac_sha256(pass_len, (uint8_t*)password,
- kdf_params->iter_count,
- kdf_params->salt_size, kdf_params->salt,
- key_size, key);
- else return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
- } else if (p != NULL) { /* PKCS 12 schema */
+ pbkdf2_hmac_sha256(pass_len, (uint8_t *) password,
+ kdf_params->iter_count,
+ kdf_params->salt_size,
+ kdf_params->salt, key_size, key);
+ else
+ return
+ gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+ } else if (p != NULL) { /* PKCS 12 schema */
result =
_gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 1 /*KEY*/,
+ 1 /*KEY*/,
kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count,
return 0;
- error:
+ error:
gnutls_free(enc.data);
gnutls_free(key);
if (ch_init != 0)
return result;
}
-
/* Writes the PBKDF2 parameters.
*/
static int
-write_pbkdf2_params(ASN1_TYPE pasn,
- const struct pbkdf2_params *kdf_params)
+write_pbkdf2_params(ASN1_TYPE pasn, const struct pbkdf2_params *kdf_params)
{
int result;
ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
result = _gnutls_asn2err(result);
goto error;
}
- _gnutls_hard_log("salt.specified.size: %d\n",
- kdf_params->salt_size);
+ _gnutls_hard_log("salt.specified.size: %d\n", kdf_params->salt_size);
/* write the iteration count
*/
result = 0;
- error:
+ error:
asn1_delete_structure(&pbkdf2_asn);
return result;
}
-
static int
-write_pbes2_enc_params(ASN1_TYPE pasn,
- const struct pbe_enc_params *params)
+write_pbes2_enc_params(ASN1_TYPE pasn, const struct pbe_enc_params *params)
{
int result;
ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
}
/* read the salt */
- result =
- asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
+ result = asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
result = 0;
- error:
+ error:
asn1_delete_structure(&pbe_asn);
return result;
*/
int
_gnutls_pkcs_generate_key(schema_id schema,
- const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+ const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key)
{
unsigned char rnd[2];
unsigned int pass_len = 0;
/* generate salt */
kdf_params->salt_size =
- MIN(sizeof(kdf_params->salt), (unsigned) (12 + (rnd[1] % 10)));
+ MIN(sizeof(kdf_params->salt), (unsigned)(12 + (rnd[1] % 10)));
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
enc_params->cipher = p->cipher;
} else if (p != NULL) {
/* non PBES2 algorithms */
return GNUTLS_E_RANDOM_FAILED;
}
- kdf_params->iter_count = 5*1024 + rnd[0];
+ kdf_params->iter_count = 5 * 1024 + rnd[0];
key->size = kdf_params->key_size =
gnutls_cipher_get_key_size(enc_params->cipher);
- enc_params->iv_size =
- gnutls_cipher_get_iv_size(enc_params->cipher);
+ enc_params->iv_size = gnutls_cipher_get_iv_size(enc_params->cipher);
key->data = gnutls_malloc(key->size);
if (key->data == NULL) {
gnutls_assert();
/* now generate the key.
*/
- if (p->pbes2 != 0) {
- pbkdf2_hmac_sha1(pass_len, (uint8_t*)password,
+ if (p->pbes2 != 0) {
+ pbkdf2_hmac_sha1(pass_len, (uint8_t *) password,
kdf_params->iter_count,
kdf_params->salt_size, kdf_params->salt,
kdf_params->key_size, key->data);
if (enc_params->iv_size) {
ret = _gnutls_rnd(GNUTLS_RND_NONCE,
- enc_params->iv,
- enc_params->iv_size);
+ enc_params->iv, enc_params->iv_size);
if (ret < 0) {
gnutls_assert();
return ret;
}
}
- } else { /* PKCS 12 schema */
+ } else { /* PKCS 12 schema */
ret =
_gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
- 1 /*KEY*/,
+ 1 /*KEY*/,
kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count,
*/
if (enc_params->iv_size) {
ret =
- _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
+ _gnutls_pkcs12_string_to_key(mac_to_entry
+ (GNUTLS_MAC_SHA1),
2 /*IV*/,
kdf_params->salt,
- kdf_params->
- salt_size,
- kdf_params->
- iter_count,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
password,
- enc_params->
- iv_size,
+ enc_params->iv_size,
enc_params->iv);
if (ret < 0) {
gnutls_assert();
}
}
-
return 0;
}
-
/* Encodes the parameters to be written in the encryptionAlgorithm.parameters
* part.
*/
int
_gnutls_pkcs_write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params)
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
{
int result;
ASN1_TYPE pasn = ASN1_TYPE_EMPTY;
p = _gnutls_pkcs_schema_get(schema);
- if (p != NULL && p->pbes2 != 0) { /* PBES2 */
+ if (p != NULL && p->pbes2 != 0) { /* PBES2 */
if ((result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.pkcs-5-PBES2-params",
}
result = _gnutls_x509_der_encode_and_copy(pasn, "",
- pkcs8_asn, where,
- 0);
+ pkcs8_asn, where, 0);
if (result < 0) {
gnutls_assert();
goto error;
asn1_delete_structure(&pasn);
- } else if (p != NULL) { /* PKCS #12 */
+ } else if (p != NULL) { /* PKCS #12 */
if ((result =
asn1_create_element(_gnutls_get_pkix(),
}
result = _gnutls_x509_der_encode_and_copy(pasn, "",
- pkcs8_asn, where,
- 0);
+ pkcs8_asn, where, 0);
if (result < 0) {
gnutls_assert();
goto error;
return 0;
- error:
+ error:
asn1_delete_structure(&pasn);
return result;
int
_gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted)
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted)
{
int result;
int data_size;
return 0;
- error:
+ error:
gnutls_free(data);
if (ch_init != 0)
_gnutls_cipher_deinit(&ch);
return result;
}
-
* which holds them. If raw is non null then the raw decoded
* data are copied (they are locally allocated) there.
*/
-static int
-_decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
+static int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
{
char oid[MAX_OID_SIZE];
ASN1_TYPE c2;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
int len, result;
len = sizeof(oid) - 1;
/* read the encapsulated content */
len = sizeof(oid) - 1;
- result = asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len);
+ result =
+ asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
- if (strcmp(oid, PLAIN_DATA_OID) != 0 && strcmp(oid, DIGESTED_DATA_OID) != 0) {
+ if (strcmp(oid, PLAIN_DATA_OID) != 0
+ && strcmp(oid, DIGESTED_DATA_OID) != 0) {
gnutls_assert();
- _gnutls_debug_log("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", oid);
+ _gnutls_debug_log
+ ("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n",
+ oid);
result = GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
goto cleanup;
}
gnutls_free(tmp.data);
return 0;
- cleanup:
+ cleanup:
if (c2)
asn1_delete_structure(&c2);
gnutls_free(tmp.data);
asn1_delete_structure(&pkcs7->pkcs7);
result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-7-ContentInfo",
- &pkcs7->pkcs7);
+ "PKIX1.pkcs-7-ContentInfo", &pkcs7->pkcs7);
if (result != ASN1_SUCCESS) {
result = _gnutls_asn2err(result);
gnutls_assert();
}
pkcs7->expanded = 1;
- result =
- asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
+ result = asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
if (result != ASN1_SUCCESS) {
result = _gnutls_asn2err(result);
gnutls_assert();
result = 0;
- cleanup:
+ cleanup:
if (need_free)
_gnutls_free_datum(&_data);
return result;
**/
int
gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
- unsigned indx, gnutls_datum_t *cert)
+ unsigned indx, gnutls_datum_t * cert)
{
int result, len;
char root2[ASN1_MAX_NAME_SIZE];
goto cleanup;
}
- result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
- root2, &start, &end);
+ result =
+ asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data,
+ tmp.size, root2, &start, &end);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return result;
}
size_t * certificate_size)
{
int ret;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
ret = gnutls_pkcs7_get_crt_raw2(pkcs7, indx, &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
- if ((unsigned) tmp.size > *certificate_size) {
+ if ((unsigned)tmp.size > *certificate_size) {
*certificate_size = tmp.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto cleanup;
if (certificate)
memcpy(certificate, tmp.data, tmp.size);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return ret;
}
-
/**
* gnutls_pkcs7_get_crt_count:
* @pkcs7: should contain a #gnutls_pkcs7_t type
/* Step 2. Count the CertificateSet */
- result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
+ result =
+ asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return 0; /* no certificates */
*
* Since: 3.4.2
**/
-void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info)
+void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st * info)
{
gnutls_free(info->sig.data);
gnutls_free(info->issuer_dn.data);
ret = _gnutls_x509_get_time(c2, "", 0);
cleanup:
- asn1_delete_structure(&c2);
- return ret;
+ asn1_delete_structure(&c2);
+ return ret;
}
/**
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
return 0;
*
* Since: 3.4.2
**/
-int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_pkcs7_signature_info_st *info)
+int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx,
+ gnutls_pkcs7_signature_info_st * info)
{
int ret, count, len;
char root[256];
char oid[MAX_OID_SIZE];
gnutls_pk_algorithm_t pk;
gnutls_sign_algorithm_t sig;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned i;
if (pkcs7 == NULL)
memset(info, 0, sizeof(*info));
info->signing_time = -1;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signatureAlgorithm.algorithm", idx + 1);
- len = sizeof(oid)-1;
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
}
/* use the digests algorithm */
- snprintf(root, sizeof(root), "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.digestAlgorithm.algorithm", idx + 1);
- len = sizeof(oid)-1;
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
}
/* read the issuer info */
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence",
+ idx + 1);
/* read the signature */
- ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, root, &info->issuer_dn);
+ ret =
+ _gnutls_x509_get_raw_field(pkcs7->signed_data, root,
+ &info->issuer_dn);
if (ret >= 0) {
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", idx + 1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber",
+ idx + 1);
/* read the signature */
- ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->signer_serial);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data, root,
+ &info->signer_serial);
if (ret < 0) {
gnutls_assert();
goto fail;
}
- } else { /* keyid */
- snprintf(root, sizeof(root), "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1);
+ } else { /* keyid */
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1);
/* read the signature */
- ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &info->issuer_keyid);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data, root,
+ &info->issuer_keyid);
if (ret < 0) {
gnutls_assert();
}
}
/* read the signing time */
- for (i=0;;i++) {
- snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.type", idx+1, i+1);
- len = sizeof(oid)-1;
+ for (i = 0;; i++) {
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signedAttrs.?%u.type", idx + 1,
+ i + 1);
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
break;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.signedAttrs.?%u.values.?1", idx+1, i+1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.signedAttrs.?%u.values.?1", idx + 1,
+ i + 1);
ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp);
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
tmp.data = NULL;
}
/* read the unsigned attrs */
- for (i=0;;i++) {
- snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.type", idx+1, i+1);
- len = sizeof(oid)-1;
+ for (i = 0;; i++) {
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.unsignedAttrs.?%u.type", idx + 1,
+ i + 1);
+ len = sizeof(oid) - 1;
ret = asn1_read_value(pkcs7->signed_data, root, oid, &len);
if (ret != ASN1_SUCCESS) {
break;
}
- snprintf(root, sizeof(root), "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx+1, i+1);
+ snprintf(root, sizeof(root),
+ "signerInfos.?%u.unsignedAttrs.?%u.values.?1", idx + 1,
+ i + 1);
ret = _gnutls_x509_read_value(pkcs7->signed_data, root, &tmp);
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
tmp.data = NULL;
goto fail;
}
- ret = gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
+ ret =
+ gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0);
gnutls_free(tmp.data);
tmp.data = NULL;
}
}
- return 0;
+ return 0;
fail:
gnutls_free(tmp.data);
gnutls_pkcs7_signature_info_deinit(info);
- return ret;
+ return ret;
unsupp_algo:
return GNUTLS_E_UNKNOWN_ALGORITHM;
}
* and matches our calculated hash */
static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root,
gnutls_sign_algorithm_t algo,
- const gnutls_datum_t *data)
+ const gnutls_datum_t * data)
{
unsigned hash;
- gnutls_datum_t tmp = {NULL, 0};
- gnutls_datum_t tmp2 = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
+ gnutls_datum_t tmp2 = { NULL, 0 };
uint8_t hash_output[MAX_HASH_SIZE];
unsigned hash_size, i;
char oid[MAX_OID_SIZE];
hash_size = gnutls_hash_get_len(hash);
if (data == NULL || data->data == NULL) {
- ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", &tmp);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", &tmp);
if (ret < 0) {
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
return gnutls_assert_val(ret);
/* now verify that hash matches */
- for (i=0;;i++) {
- snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i+1);
+ for (i = 0;; i++) {
+ snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i + 1);
ret = _gnutls_x509_decode_and_read_attribute(pkcs7->signed_data,
- name, oid, sizeof(oid), &tmp, 1, 0);
+ name, oid,
+ sizeof(oid), &tmp,
+ 1, 0);
if (ret < 0) {
if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
break;
}
if (strcmp(oid, ATTR_MESSAGE_DIGEST) == 0) {
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- tmp.data, tmp.size, &tmp2, 0);
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
+ tmp.data, tmp.size,
+ &tmp2, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (tmp2.size == hash_size && memcmp(hash_output, tmp2.data, tmp2.size) == 0) {
+ if (tmp2.size == hash_size
+ && memcmp(hash_output, tmp2.data, tmp2.size) == 0) {
msg_digest_ok = 1;
}
} else if (strcmp(oid, ATTR_CONTENT_TYPE) == 0) {
num_cont_types++;
/* check if it matches */
- ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, "encapContentInfo.eContentType", &tmp2);
+ ret =
+ _gnutls_x509_get_raw_field(pkcs7->signed_data,
+ "encapContentInfo.eContentType",
+ &tmp2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- if (tmp2.size != tmp.size || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) {
+ if (tmp2.size != tmp.size
+ || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) {
gnutls_assert();
ret = GNUTLS_E_PARSING_ERROR;
goto cleanup;
}
}
- gnutls_free(tmp.data);
- tmp.data = NULL;
- gnutls_free(tmp2.data);
- tmp2.data = NULL;
+ gnutls_free(tmp.data);
+ tmp.data = NULL;
+ gnutls_free(tmp2.data);
+ tmp2.data = NULL;
}
if (msg_digest_ok)
ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
cleanup:
- gnutls_free(tmp.data);
- gnutls_free(tmp2.data);
- return ret;
+ gnutls_free(tmp.data);
+ gnutls_free(tmp2.data);
+ return ret;
}
-
/* Returns the data to be used for signature verification. PKCS #7
* decided that this should not be an easy task.
*/
static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root,
- const gnutls_datum_t *data,
+ const gnutls_datum_t * data,
gnutls_sign_algorithm_t algo,
- gnutls_datum_t *sigdata)
+ gnutls_datum_t * sigdata)
{
int ret;
char name[256];
/* We have no signedAttrs. Use the provided data, or the encapsulated */
if (data == NULL || data->data == NULL) {
- ret = _gnutls_x509_read_value(pkcs7->signed_data, "encapContentInfo.eContent", sigdata);
+ ret =
+ _gnutls_x509_read_value(pkcs7->signed_data,
+ "encapContentInfo.eContent",
+ sigdata);
if (ret < 0) {
gnutls_assert();
return gnutls_assert_val(ret);
* Since: 3.4.8
**/
int
-gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_datum_t *data)
+gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx,
+ gnutls_datum_t * data)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
char root[128];
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
* Since: 3.4.2
**/
int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_t signer,
- unsigned idx,
- const gnutls_datum_t *data,
- unsigned flags)
+ gnutls_x509_crt_t signer,
+ unsigned idx,
+ const gnutls_datum_t * data, unsigned flags)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
- gnutls_datum_t sigdata = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
char root[128];
memset(&info, 0, sizeof(info));
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
goto cleanup;
}
- ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig);
+ ret =
+ gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata,
+ &info.sig);
if (ret < 0) {
gnutls_assert();
}
static
gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
- gnutls_typed_vdata_st *vdata, unsigned vdata_size,
- gnutls_pkcs7_signature_info_st *info)
+ gnutls_typed_vdata_st * vdata,
+ unsigned vdata_size,
+ gnutls_pkcs7_signature_info_st * info)
{
gnutls_x509_crt_t issuer = NULL, crt = NULL;
int ret, count;
uint8_t serial[128];
size_t serial_size;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned i, vtmp;
if (info->issuer_dn.data) {
- ret = gnutls_x509_trust_list_get_issuer_by_dn(tl, &info->issuer_dn, &issuer, 0);
+ ret =
+ gnutls_x509_trust_list_get_issuer_by_dn(tl,
+ &info->issuer_dn,
+ &issuer, 0);
if (ret < 0) {
gnutls_assert();
issuer = NULL;
}
if (info->issuer_keyid.data && issuer == NULL) {
- ret = gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, NULL, &info->issuer_keyid, &issuer, 0);
+ ret =
+ gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl,
+ NULL,
+ &info->
+ issuer_keyid,
+ &issuer,
+ 0);
if (ret < 0) {
gnutls_assert();
issuer = NULL;
}
/* check issuer's key purpose */
- for (i=0;i<vdata_size;i++) {
+ for (i = 0; i < vdata_size; i++) {
if (vdata[i].type == GNUTLS_DT_KEY_PURPOSE_OID) {
- ret = _gnutls_check_key_purpose(issuer, (char*)vdata[i].data, 0);
+ ret =
+ _gnutls_check_key_purpose(issuer,
+ (char *)vdata[i].data, 0);
if (ret == 0) {
gnutls_assert();
goto fail;
goto fail;
}
- if (serial_size == info->signer_serial.size && memcmp(info->signer_serial.data, serial, serial_size) == 0) {
+ if (serial_size == info->signer_serial.size
+ && memcmp(info->signer_serial.data, serial,
+ serial_size) == 0) {
/* issuer == signer */
return issuer;
}
goto fail;
}
- for (i=0;i<(unsigned)count;i++) {
+ for (i = 0; i < (unsigned)count; i++) {
/* Try to find the signer in the appended list. */
ret = gnutls_pkcs7_get_crt_raw2(pkcs7, 0, &tmp);
if (ret < 0) {
goto fail;
}
- if (serial_size != info->signer_serial.size || memcmp(info->signer_serial.data, serial, serial_size) != 0) {
+ if (serial_size != info->signer_serial.size
+ || memcmp(info->signer_serial.data, serial,
+ serial_size) != 0) {
gnutls_assert();
goto skip;
}
- ret = gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, vdata_size, 0, &vtmp, NULL);
+ ret =
+ gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata,
+ vdata_size, 0, &vtmp,
+ NULL);
if (ret < 0 || vtmp != 0) {
- gnutls_assert(); /* maybe next one is trusted */
+ gnutls_assert(); /* maybe next one is trusted */
skip:
gnutls_x509_crt_deinit(crt);
crt = NULL;
gnutls_free(tmp.data);
if (issuer)
gnutls_x509_crt_deinit(issuer);
-
+
return crt;
}
gnutls_typed_vdata_st * vdata,
unsigned int vdata_size,
unsigned idx,
- const gnutls_datum_t *data,
- unsigned flags)
+ const gnutls_datum_t * data, unsigned flags)
{
int count, ret;
- gnutls_datum_t tmpdata = {NULL, 0};
+ gnutls_datum_t tmpdata = { NULL, 0 };
gnutls_pkcs7_signature_info_st info;
gnutls_x509_crt_t signer;
- gnutls_datum_t sigdata = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
char root[128];
memset(&info, 0, sizeof(info));
if (pkcs7 == NULL)
return GNUTLS_E_INVALID_REQUEST;
- ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
- if (ret != ASN1_SUCCESS || idx+1 > (unsigned)count) {
+ ret =
+ asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count);
+ if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
signer = find_signer(pkcs7, tl, vdata, vdata_size, &info);
if (signer) {
- ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig);
+ ret =
+ gnutls_x509_crt_verify_data2(signer, info.algo, flags,
+ &sigdata, &info.sig);
if (ret < 0) {
gnutls_assert();
}
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
-
cleanup:
gnutls_free(tmpdata.data);
gnutls_free(sigdata.data);
asn1_write_value(pkcs7->signed_data, "crls", NULL, 0);
}
- result = asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
+ result =
+ asn1_number_of_elements(pkcs7->signed_data, "certificates", &count);
if (result != ASN1_SUCCESS || count == 0) {
asn1_write_value(pkcs7->signed_data, "certificates", NULL, 0);
}
/* Replace the old content with the new
*/
result =
- _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", pkcs7->pkcs7,
- "content", 0);
+ _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "",
+ pkcs7->pkcs7, "content",
+ 0);
if (result < 0) {
return gnutls_assert_val(result);
}
/* Write the content type of the signed data
*/
result =
- asn1_write_value(pkcs7->pkcs7, "contentType", SIGNED_DATA_OID, 1);
+ asn1_write_value(pkcs7->pkcs7, "contentType",
+ SIGNED_DATA_OID, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
if ((ret = reencode(pkcs7)) < 0)
return gnutls_assert_val(ret);
- return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7,
- out);
+ return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7, out);
}
/* Creates an empty signed data structure in the pkcs7
goto cleanup;
}
- result =
- asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
+ result = asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
/* Add no signerInfos.
*/
-
return 0;
- cleanup:
+ cleanup:
asn1_delete_structure(sdata);
return result;
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
+int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
{
int result;
/* The pkcs7 structure is new, so create the
* signedData.
*/
- result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
+ result =
+ create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
if (result < 0) {
gnutls_assert();
return result;
}
result =
- asn1_write_value(pkcs7->signed_data, "certificates.?LAST", "certificate", 1);
+ asn1_write_value(pkcs7->signed_data, "certificates.?LAST",
+ "certificate", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
}
result =
- asn1_write_value(pkcs7->signed_data, "certificates.?LAST.certificate",
- crt->data, crt->size);
+ asn1_write_value(pkcs7->signed_data,
+ "certificates.?LAST.certificate", crt->data,
+ crt->size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
-
result = 0;
- cleanup:
+ cleanup:
return result;
}
return 0;
}
-
/**
* gnutls_pkcs7_delete_crt:
* @pkcs7: The pkcs7 type
return 0;
- cleanup:
+ cleanup:
return result;
}
**/
int
gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
- unsigned indx, gnutls_datum_t *crl)
+ unsigned indx, gnutls_datum_t * crl)
{
int result;
char root2[ASN1_MAX_NAME_SIZE];
/* Get the raw CRL
*/
- result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
- root2, &start, &end);
+ result =
+ asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size,
+ root2, &start, &end);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_set_datum(crl, &tmp.data[start], end);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return result;
}
unsigned indx, void *crl, size_t * crl_size)
{
int ret;
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
ret = gnutls_pkcs7_get_crl_raw2(pkcs7, indx, &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
- if ((unsigned) tmp.size > *crl_size) {
+ if ((unsigned)tmp.size > *crl_size) {
*crl_size = tmp.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto cleanup;
if (crl)
memcpy(crl, tmp.data, tmp.size);
- cleanup:
+ cleanup:
_gnutls_free_datum(&tmp);
return ret;
}
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
+int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
{
int result;
/* The pkcs7 structure is new, so create the
* signedData.
*/
- result = create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
+ result =
+ create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data);
if (result < 0) {
gnutls_assert();
return result;
goto cleanup;
}
- result = asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, crl->size);
+ result =
+ asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data,
+ crl->size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
result = 0;
- cleanup:
+ cleanup:
return result;
}
return 0;
- cleanup:
+ cleanup:
return result;
}
-static int write_signer_id(ASN1_TYPE c2, const char *root, gnutls_x509_crt_t signer, unsigned flags)
+static int write_signer_id(ASN1_TYPE c2, const char *root,
+ gnutls_x509_crt_t signer, unsigned flags)
{
int result;
size_t serial_size;
const uint8_t ver = 3;
snprintf(name, sizeof(name), "%s.version", root);
- result =
- asn1_write_value(c2, name, &ver, 1);
+ result = asn1_write_value(c2, name, &ver, 1);
snprintf(name, sizeof(name), "%s.sid", root);
result = asn1_write_value(c2, name, "subjectKeyIdentifier", 1);
}
serial_size = sizeof(serial);
- result = gnutls_x509_crt_get_subject_key_id(signer, serial, &serial_size, NULL);
+ result =
+ gnutls_x509_crt_get_subject_key_id(signer, serial,
+ &serial_size, NULL);
if (result < 0)
return gnutls_assert_val(result);
}
} else {
serial_size = sizeof(serial);
- result = gnutls_x509_crt_get_serial(signer, serial, &serial_size);
+ result =
+ gnutls_x509_crt_get_serial(signer, serial, &serial_size);
if (result < 0)
return gnutls_assert_val(result);
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.serialNumber", root);
+ snprintf(name, sizeof(name),
+ "%s.sid.issuerAndSerialNumber.serialNumber", root);
result = asn1_write_value(c2, name, serial, serial_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.issuer", root);
- result = asn1_copy_node(c2, name, signer->cert, "tbsCertificate.issuer");
+ snprintf(name, sizeof(name),
+ "%s.sid.issuerAndSerialNumber.issuer", root);
+ result =
+ asn1_copy_node(c2, name, signer->cert,
+ "tbsCertificate.issuer");
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
return 0;
}
-static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs, unsigned already_set)
+static int add_attrs(ASN1_TYPE c2, const char *root, gnutls_pkcs7_attrs_t attrs,
+ unsigned already_set)
{
char name[256];
gnutls_pkcs7_attrs_st *p = attrs;
if (already_set == 0)
asn1_write_value(c2, root, NULL, 0);
} else {
- while(p != NULL) {
+ while (p != NULL) {
result = asn1_write_value(c2, root, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, p->oid, 1);
+ result = asn1_write_value(c2, name, p->oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
return _gnutls_asn2err(result);
}
- snprintf(name, sizeof(name), "%s.?LAST.values.?1", root);
- result = asn1_write_value(c2, name, p->data.data, p->data.size);
+ snprintf(name, sizeof(name), "%s.?LAST.values.?1",
+ root);
+ result =
+ asn1_write_value(c2, name, p->data.data,
+ p->data.size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
return 0;
}
-static int write_attributes(ASN1_TYPE c2, const char *root, const gnutls_datum_t *data,
- const mac_entry_st *me, gnutls_pkcs7_attrs_t other_attrs,
- unsigned flags)
+static int write_attributes(ASN1_TYPE c2, const char *root,
+ const gnutls_datum_t * data,
+ const mac_entry_st * me,
+ gnutls_pkcs7_attrs_t other_attrs, unsigned flags)
{
char name[256];
int result, ret;
uint8_t digest[MAX_HASH_SIZE];
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
unsigned digest_size;
unsigned already_set = 0;
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1);
+ result = asn1_write_value(c2, name, ATTR_SIGNING_TIME, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
already_set = 1;
}
-
ret = add_attrs(c2, root, other_attrs, already_set);
if (ret < 0) {
gnutls_assert();
}
snprintf(name, sizeof(name), "%s.?LAST.type", root);
- result =
- asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1);
+ result = asn1_write_value(c2, name, ATTR_CONTENT_TYPE, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
return ret;
}
- ret = _gnutls_x509_get_raw_field(c2, "encapContentInfo.eContentType", &tmp);
+ ret =
+ _gnutls_x509_get_raw_field(c2,
+ "encapContentInfo.eContentType",
+ &tmp);
if (ret < 0) {
gnutls_assert();
return ret;
}
snprintf(name, sizeof(name), "%s.?LAST", root);
- ret = _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST,
- c2, name,
- digest, digest_size, 1);
+ ret =
+ _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST,
+ c2, name, digest,
+ digest_size, 1);
if (ret < 0) {
gnutls_assert();
return ret;
int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_t signer,
gnutls_privkey_t signer_key,
- const gnutls_datum_t *data,
+ const gnutls_datum_t * data,
gnutls_pkcs7_attrs_t signed_attrs,
gnutls_pkcs7_attrs_t unsigned_attrs,
- gnutls_digest_algorithm_t dig,
- unsigned flags)
+ gnutls_digest_algorithm_t dig, unsigned flags)
{
int ret, result;
- gnutls_datum_t sigdata = {NULL, 0};
- gnutls_datum_t signature = {NULL, 0};
+ gnutls_datum_t sigdata = { NULL, 0 };
+ gnutls_datum_t signature = { NULL, 0 };
const mac_entry_st *me = hash_to_entry(dig);
unsigned pk, sigalgo;
return GNUTLS_E_INVALID_REQUEST;
if (pkcs7->signed_data == ASN1_TYPE_EMPTY) {
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", &pkcs7->signed_data);
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-SignedData",
+ &pkcs7->signed_data);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
}
if (!(flags & GNUTLS_PKCS7_EMBED_DATA)) {
- asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", NULL, 0);
}
}
asn1_write_value(pkcs7->signed_data, "version", &one, 1);
- result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContentType", PLAIN_DATA_OID, 0);
+ result =
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContentType", PLAIN_DATA_OID,
+ 0);
if (result != ASN1_SUCCESS) {
ret = _gnutls_asn2err(result);
goto cleanup;
}
- if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */
- result = asn1_write_value(pkcs7->signed_data, "encapContentInfo.eContent", data->data, data->size);
+ if (flags & GNUTLS_PKCS7_EMBED_DATA && data->data) { /* embed data */
+ result =
+ asn1_write_value(pkcs7->signed_data,
+ "encapContentInfo.eContent", data->data,
+ data->size);
if (result != ASN1_SUCCESS) {
ret = _gnutls_asn2err(result);
goto cleanup;
}
/* append digest info algorithm */
- result = asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1);
+ result =
+ asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
}
result =
- asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.algorithm", _gnutls_x509_digest_to_oid(me), 1);
+ asn1_write_value(pkcs7->signed_data,
+ "digestAlgorithms.?LAST.algorithm",
+ _gnutls_x509_digest_to_oid(me), 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- asn1_write_value(pkcs7->signed_data, "digestAlgorithms.?LAST.parameters", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "digestAlgorithms.?LAST.parameters", NULL, 0);
/* append signer's info */
result = asn1_write_value(pkcs7->signed_data, "signerInfos", "NEW", 1);
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", &one, 1);
+ asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version",
+ &one, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.algorithm", _gnutls_x509_digest_to_oid(me), 1);
+ asn1_write_value(pkcs7->signed_data,
+ "signerInfos.?LAST.digestAlgorithm.algorithm",
+ _gnutls_x509_digest_to_oid(me), 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
goto cleanup;
}
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.digestAlgorithm.parameters", NULL, 0);
+ asn1_write_value(pkcs7->signed_data,
+ "signerInfos.?LAST.digestAlgorithm.parameters", NULL,
+ 0);
- ret = write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, flags);
+ ret =
+ write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer,
+ flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", unsigned_attrs, 0);
+ ret =
+ add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs",
+ unsigned_attrs, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = write_attributes(pkcs7->signed_data, "signerInfos.?LAST.signedAttrs", data, me, signed_attrs, flags);
+ ret =
+ write_attributes(pkcs7->signed_data,
+ "signerInfos.?LAST.signedAttrs", data, me,
+ signed_attrs, flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
* that a generic RSA OID should be used. We switch to this "unexpected" value
* because some implementations cannot cope with the "expected" signature values.
*/
- ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig, 1);
+ ret =
+ _gnutls_x509_write_sig_params(pkcs7->signed_data,
+ "signerInfos.?LAST.signatureAlgorithm",
+ pk, dig, 1);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
/* sign the data */
- ret = figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, &sigdata);
+ ret =
+ figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo,
+ &sigdata);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature);
+ ret =
+ gnutls_privkey_sign_data(signer_key, dig, 0, &sigdata, &signature);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
result =
- asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", signature.data, signature.size);
+ asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature",
+ signature.data, signature.size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(result);
gnutls_free(signature.data);
return ret;
}
-
if (key->pk_algorithm == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) {
if (memcmp(ptr, PEM_KEY_PKCS8, sizeof(PEM_KEY_PKCS8)-1) == 0) {
result =
- _gnutls_fbase64_decode(PEM_KEY_PKCS8, begin_ptr,
- left, &_data);
+ _gnutls_fbase64_decode(PEM_KEY_PKCS8,
+ begin_ptr, left, &_data);
if (result >= 0) {
/* signal for PKCS #8 keys */
key->pk_algorithm = -1;
if (memcmp(ptr, PEM_KEY_RSA, sizeof(PEM_KEY_RSA)-1) == 0 ||
memcmp(ptr, PEM_KEY_ECC, sizeof(PEM_KEY_ECC)-1) == 0 ||
memcmp(ptr, PEM_KEY_DSA, sizeof(PEM_KEY_DSA)-1) == 0) {
- head_enc = 0;
+ head_enc = 0;
}
}
}
/* use the callback if any */
ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, sizeof(pin));
if (ret == 0) {
- password = pin;
+ password = pin;
}
ret =
ret = 0;
cleanup:
- gnutls_free(m1.data);
- gnutls_free(e1.data);
- gnutls_free(d1.data);
- gnutls_free(p1.data);
- gnutls_free(q1.data);
- gnutls_free(m2.data);
- gnutls_free(e2.data);
- gnutls_free(d2.data);
- gnutls_free(p2.data);
- gnutls_free(q2.data);
- return ret;
+ gnutls_free(m1.data);
+ gnutls_free(e1.data);
+ gnutls_free(d1.data);
+ gnutls_free(p1.data);
+ gnutls_free(q1.data);
+ gnutls_free(m2.data);
+ gnutls_free(e2.data);
+ gnutls_free(d2.data);
+ gnutls_free(p2.data);
+ gnutls_free(q2.data);
+ return ret;
}
static
ret = 0;
cleanup:
- gnutls_free(g1.data);
- gnutls_free(p1.data);
- gnutls_free(q1.data);
- gnutls_free(g2.data);
- gnutls_free(p2.data);
- gnutls_free(q2.data);
- return ret;
+ gnutls_free(g1.data);
+ gnutls_free(p1.data);
+ gnutls_free(q1.data);
+ gnutls_free(g2.data);
+ gnutls_free(p2.data);
+ gnutls_free(q2.data);
+ return ret;
}
/**
ret = cmp_dsa_key(key, okey);
cleanup:
- gnutls_x509_privkey_deinit(okey);
+ gnutls_x509_privkey_deinit(okey);
return ret;
}
*
**/
void gnutls_x509_privkey_set_flags(gnutls_x509_privkey_t key,
- unsigned int flags)
+ unsigned int flags)
{
key->flags |= flags;
}
case GNUTLS_PK_EC:
ret =
gnutls_x509_privkey_export2(pkey, GNUTLS_X509_FMT_DER,
- raw);
+ raw);
if (ret < 0) {
gnutls_assert();
goto error;
/* Whether a given year is a leap year. */
#define ISLEAP(year) \
- (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
+ (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
/*
** Given a struct tm representing a calendar time in UTC, convert it to
|| gtime >= 253402210800
#endif
) {
- if (tag)
- *tag = ASN1_TAG_GENERALIZEDTime;
- snprintf(str_time, str_time_size, "99991231235959Z");
- return 0;
+ if (tag)
+ *tag = ASN1_TAG_GENERALIZEDTime;
+ snprintf(str_time, str_time_size, "99991231235959Z");
+ return 0;
}
if (!gmtime_r(>ime, &_tm)) {
if (_tm.tm_year >= 150) {
if (tag)
- *tag = ASN1_TAG_GENERALIZEDTime;
+ *tag = ASN1_TAG_GENERALIZEDTime;
ret = strftime(str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm);
} else {
if (tag)
- *tag = ASN1_TAG_UTCTime;
+ *tag = ASN1_TAG_UTCTime;
ret = strftime(str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm);
}
if (!ret) {
|| gtime >= 253402210800
#endif
) {
- snprintf(str_time, str_time_size, "99991231235959Z");
- return 0;
+ snprintf(str_time, str_time_size, "99991231235959Z");
+ return 0;
}
if (!gmtime_r(>ime, &_tm)) {
* Since: 3.5.1
**/
unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat,
- gnutls_x509_crt_t cert)
+ gnutls_x509_crt_t cert)
{
int ret;
gnutls_x509_tlsfeatures_t cfeat;
static int
advance_iter(gnutls_x509_trust_list_t list,
- gnutls_x509_trust_list_iter_t iter)
+ gnutls_x509_trust_list_iter_t iter)
{
int ret;
**/
int
gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list,
- gnutls_x509_trust_list_iter_t *iter,
- gnutls_x509_crt_t *crt)
+ gnutls_x509_trust_list_iter_t *iter,
+ gnutls_x509_crt_t *crt)
{
int ret;
if (gnutls_x509_crl_get_this_update(crl_list[i]) >=
gnutls_x509_crl_get_this_update(list->node[hash].crls[x])) {
- gnutls_x509_crl_deinit(list->node[hash].crls[x]);
- list->node[hash].crls[x] = crl_list[i];
- goto next;
+ gnutls_x509_crl_deinit(list->node[hash].crls[x]);
+ list->node[hash].crls[x] = crl_list[i];
+ goto next;
} else {
/* The new is older, discard it */
gnutls_x509_crl_deinit(crl_list[i]);
if (issuer_version < 0) {
MARK_INVALID(0);
} else if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
- ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
- || issuer_version != 1)) {
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1)) {
if (check_if_ca(cert, issuer, &vparams->max_path, flags) != 1) {
MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_CA);
}
if (me == NULL) {
MARK_INVALID(0);
} else if (cert_signed_data.data != NULL &&
- cert_signature.data != NULL) {
+ cert_signature.data != NULL) {
ret =
_gnutls_x509_verify_data(me,
&cert_signed_data,
- &cert_signature,
+ &cert_signature,
issuer);
if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE);
/* check against issuer */
ret = gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1],
- &raw_issuer, GNUTLS_X509_FMT_DER,
- GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
+ &raw_issuer, GNUTLS_X509_FMT_DER,
+ GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT|GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
if (ret < 0) {
gnutls_assert();
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && clist_size > 2) {
/* check if the last certificate in the chain is present
* in our trusted list, and if yes, verify against it. */
ret = gnutls_pkcs11_crt_is_known(url, certificate_list[clist_size - 1],
- GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE);
+ GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_COMPARE);
if (ret != 0) {
return _gnutls_verify_crt_status(certificate_list, clist_size,
&certificate_list[clist_size - 1], 1, flags,
* Since: 3.5.0
**/
unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1,
- gnutls_x509_crt_t cert2)
+ gnutls_x509_crt_t cert2)
{
int ret;
bool result;
/* handle equally empty parameters with missing parameters */
if (sp1.size == 2 && memcmp(sp1.data, "\x05\x00", 2) == 0) {
empty1 = 1;
- _gnutls_free_datum(&sp1);
+ _gnutls_free_datum(&sp1);
}
if (sp2.size == 2 && memcmp(sp2.data, "\x05\x00", 2) == 0) {
empty2 = 1;
- _gnutls_free_datum(&sp2);
+ _gnutls_free_datum(&sp2);
}
if (empty1 != empty2 ||
ret = 0;
cleanup:
- _gnutls_free_datum(&sp1);
- _gnutls_free_datum(&sp2);
- return ret;
+ _gnutls_free_datum(&sp1);
+ _gnutls_free_datum(&sp2);
+ return ret;
}
/**
ret = 0;
cleanup:
- gnutls_free(dsig.data);
- return ret;
+ gnutls_free(dsig.data);
+ return ret;
}
/**
ret = 0;
cleanup:
- if (aki != NULL)
- gnutls_x509_aki_deinit(aki);
- gnutls_free(der.data);
- return ret;
+ if (aki != NULL)
+ gnutls_x509_aki_deinit(aki);
+ gnutls_free(der.data);
+ return ret;
}
/**
ret = 0;
cleanup:
- if (aki != NULL)
- gnutls_x509_aki_deinit(aki);
- gnutls_free(der.data);
- return ret;
+ if (aki != NULL)
+ gnutls_x509_aki_deinit(aki);
+ gnutls_free(der.data);
+ return ret;
}
/**
ret = 0;
cleanup:
- if (policies != NULL)
- gnutls_x509_policies_deinit(policies);
+ if (policies != NULL)
+ gnutls_x509_policies_deinit(policies);
_gnutls_free_datum(&tmpd);
return ret;
return 0; /* not revoked. */
fail:
- gnutls_x509_crl_iter_deinit(iter);
- return ret;
+ gnutls_x509_crl_iter_deinit(iter);
+ return ret;
}
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
ret = 0;
cleanup:
- gnutls_free(ext.data);
- if (p!=NULL)
- gnutls_x509_key_purpose_deinit(p);
+ gnutls_free(ext.data);
+ if (p!=NULL)
+ gnutls_x509_key_purpose_deinit(p);
return ret;
}
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
}
cleanup:
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
return ret;
}
result = asn1_read_value(c2, nptr, tmpoid, &len);
if (result == ASN1_VALUE_NOT_FOUND
|| result == ASN1_ELEMENT_NOT_FOUND) {
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
break;
}
ret = 0;
goto cleanup;
fail:
- memset(out, 0, sizeof(*out));
+ memset(out, 0, sizeof(*out));
cleanup:
asn1_delete_structure(&c2);
return ret;
**/
int
gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq, const char *oid,
- unsigned flags)
+ gnutls_x509_crq_t crq, const char *oid,
+ unsigned flags)
{
size_t i;
/* generate the extension.
*/
result =
- _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
- encoded_data.data, encoded_data.size,
- &prev_der_data,
- &der_data);
+ _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
+ encoded_data.data, encoded_data.size,
+ &prev_der_data, &der_data);
if (result < 0) {
gnutls_assert();
/* generate the extension.
*/
result =
- _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
- encoded_data.data, encoded_data.size,
- &prev_der_data,
- &der_data);
-
+ _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid,
+ encoded_data.data, encoded_data.size,
+ &prev_der_data, &der_data);
if (result < 0) {
gnutls_assert();
goto finish;
goto cleanup;
}
- cleanup:
- if (aia_ctx != NULL)
- gnutls_x509_aia_deinit(aia_ctx);
+ cleanup:
+ if (aia_ctx != NULL)
+ gnutls_x509_aia_deinit(aia_ctx);
_gnutls_free_datum(&new_der);
_gnutls_free_datum(&der);
&der_data, 0);
cleanup:
- if (policies != NULL)
- gnutls_x509_policies_deinit(policies);
+ if (policies != NULL)
+ gnutls_x509_policies_deinit(policies);
_gnutls_free_datum(&prev_der_data);
_gnutls_free_datum(&der_data);
GMP_LIBS=""
else
if test x$GMP_LIBS = x; then
- AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[
+ AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[
***
*** gmp was not found.
]])])
unsigned type;
/* used when parsing */
- unsigned found;
+ unsigned found;
};
static struct cfg_options available_options[] = {
i = 0; \
s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
do { \
- if (val && !strcmp(val->pzName, name)==0) \
- continue; \
- s_name[i] = strdup(val->v.strVal); \
- i++; \
- if (i>=MAX_ENTRIES) \
- break; \
+ if (val && !strcmp(val->pzName, name)==0) \
+ continue; \
+ s_name[i] = strdup(val->v.strVal); \
+ i++; \
+ if (i>=MAX_ENTRIES) \
+ break; \
} while((val = optionNextValue(pov, val)) != NULL); \
s_name[i] = NULL; \
} \
i = 0; \
s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
do { \
- if (val && !strcmp(val->pzName, name)==0) \
- continue; \
- len = strlen(val->v.strVal); \
- if (sizeof(str) > len) { \
- strcpy(str, val->v.strVal); \
+ if (val && !strcmp(val->pzName, name)==0) \
+ continue; \
+ len = strlen(val->v.strVal); \
+ if (sizeof(str) > len) { \
+ strcpy(str, val->v.strVal); \
} else { \
- memcpy(str, val->v.strVal, sizeof(str)-1); \
- str[sizeof(str)-1] = 0; \
+ memcpy(str, val->v.strVal, sizeof(str)-1); \
+ str[sizeof(str)-1] = 0; \
} \
- if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
- fprintf(stderr, "Error parsing %s\n", name); \
- exit(1); \
- } \
- p[0] = 0; \
- p++; \
- s_name[i] = strdup(str); \
- while(*p==' ' || *p == '\t') p++; \
- if (p[0] == 0) { \
- fprintf(stderr, "Error (2) parsing %s\n", name); \
- exit(1); \
- } \
- s_name[i+1] = strdup(p); \
- i+=2; \
- if (i>=MAX_ENTRIES) \
- break; \
+ if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
+ fprintf(stderr, "Error parsing %s\n", name); \
+ exit(1); \
+ } \
+ p[0] = 0; \
+ p++; \
+ s_name[i] = strdup(str); \
+ while(*p==' ' || *p == '\t') p++; \
+ if (p[0] == 0) { \
+ fprintf(stderr, "Error (2) parsing %s\n", name); \
+ exit(1); \
+ } \
+ s_name[i+1] = strdup(p); \
+ i+=2; \
+ if (i>=MAX_ENTRIES) \
+ break; \
} while((val = optionNextValue(pov, val)) != NULL); \
s_name[i] = NULL; \
} \
/* READ_NUMERIC only returns a long */
#define CHECK_LONG_OVERFLOW(x) \
if (x == LONG_MAX) { \
- fprintf(stderr, "overflow in number\n"); \
- exit(1); \
+ fprintf(stderr, "overflow in number\n"); \
+ exit(1); \
}
#define READ_NUMERIC(name, s_name) \
if (val != NULL) \
{ \
if (val->valType == OPARG_TYPE_NUMERIC) \
- s_name = val->v.longVal; \
+ s_name = val->v.longVal; \
else if (val->valType == OPARG_TYPE_STRING) \
- s_name = strtol(val->v.strVal, NULL, 10); \
+ s_name = strtol(val->v.strVal, NULL, 10); \
}
#define HEX_DECODE(hex, output, output_size) \
cmp = strcasecmp(val->pzName, available_options[j].name);
if (cmp == 0) {
- if (available_options[j].type != OPTION_MULTI_LINE &&
+ if (available_options[j].type != OPTION_MULTI_LINE &&
available_options[j].found != 0) {
fprintf(stderr, "Warning: multiple options found for '%s'; only the first will be taken into account.\n", available_options[j].name);
}
struct timespec r;
if (date==NULL || parse_datetime(&r, date, NULL) == 0) {
- fprintf(stderr, "Cannot parse date: %s\n", date);
- exit(1);
- }
-
- return r.tv_sec;
+ fprintf(stderr, "Cannot parse date: %s\n", date);
+ exit(1);
+ }
+
+ return r.tv_sec;
}
time_t get_activation_date(void)
{
if (batch && cfg.activation_date != NULL) {
- return get_date(cfg.activation_date);
+ return get_date(cfg.activation_date);
}
return time(NULL);
{
if (batch && cfg.revocation_date != NULL) {
- return get_date(cfg.revocation_date);
+ return get_date(cfg.revocation_date);
}
return time(NULL);
{
if (batch && cfg.this_update_date != NULL) {
- return get_date(cfg.this_update_date);
+ return get_date(cfg.this_update_date);
}
return time(NULL);
time_t secs = days;
time_t now = time(NULL);
- if (secs != (time_t)-1) {
- if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
- goto overflow;
- } else {
- secs *= 24*60*60;
- }
- }
-
- if (secs != (time_t)-1) {
- if (INT_ADD_OVERFLOW(secs, now)) {
- goto overflow;
- } else {
- secs += now;
- }
- }
-
- return secs;
+ if (secs != (time_t)-1) {
+ if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
+ goto overflow;
+ } else {
+ secs *= 24*60*60;
+ }
+ }
+
+ if (secs != (time_t)-1) {
+ if (INT_ADD_OVERFLOW(secs, now)) {
+ goto overflow;
+ } else {
+ secs += now;
+ }
+ }
+
+ return secs;
overflow:
- fprintf(stderr, "Overflow while parsing days\n");
- exit(1);
+ fprintf(stderr, "Overflow while parsing days\n");
+ exit(1);
}
static
{
if (batch) {
if (txt_val == NULL) {
- time_t secs;
-
- if (int_val == 0 || int_val < -2)
- secs = days_to_secs(365);
- else {
- secs = days_to_secs(int_val);
- }
+ time_t secs;
+
+ if (int_val == 0 || int_val < -2)
+ secs = days_to_secs(365);
+ else {
+ secs = days_to_secs(int_val);
+ }
return secs;
} else
void pkcs7_sign(common_info_st *, unsigned embed);
void pkcs7_generate(common_info_st *);
void pkcs8_info(void);
-void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
+void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
unsigned ignore_err, FILE *out, const char *tab);
void crq_info(void);
void smime_to_pkcs7(void);
}
ret =
- gnutls_x509_trust_list_add_trust_mem(list, &tmp,
- tmp2.data?&tmp2:NULL,
- cinfo->incert_format,
- 0, 0);
+ gnutls_x509_trust_list_add_trust_mem(list, &tmp,
+ tmp2.data?&tmp2:NULL,
+ cinfo->incert_format,
+ 0, 0);
if (ret < 0) {
int ret2 =
- gnutls_x509_trust_list_add_trust_mem(list, &tmp,
- tmp2.data?&tmp2:NULL,
+ gnutls_x509_trust_list_add_trust_mem(list, &tmp,
+ tmp2.data?&tmp2:NULL,
GNUTLS_X509_FMT_PEM,
0, 0);
if (ret2 >= 0)
vflags,
&output,
detailed_verification);
- } else {
+ } else {
ret =
gnutls_x509_trust_list_verify_crt(list, x509_cert_list,
x509_ncerts,
buf[size] = 0;
_verify_x509_mem(buf, size, NULL, 0, 0, OPT_ARG(VERIFY_PURPOSE),
- OPT_ARG(VERIFY_HOSTNAME), OPT_ARG(VERIFY_EMAIL));
+ OPT_ARG(VERIFY_HOSTNAME), OPT_ARG(VERIFY_EMAIL));
free(buf);
}
fprintf(outfile, "%s: %s\n", prefix, str.data);
cleanup:
- gnutls_x509_dn_deinit(dn);
- gnutls_free(str.data);
+ gnutls_x509_dn_deinit(dn);
+ gnutls_free(str.data);
}
static void print_raw(const char *prefix, const gnutls_datum_t *raw)
const char *str;
char *oid = NULL;
- ret = gnutls_pkcs12_bag_enc_info(bag,
+ ret = gnutls_pkcs12_bag_enc_info(bag,
&schema, &cipher, salt, &salt_size, &iter_count, &oid);
if (ret == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
fprintf(out, "\tSchema: unsupported (%s)\n", oid);
}
}
-void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
+void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
unsigned ignore_err, FILE *out, const char *tab)
{
int ret;
GNUTLS_HB_PEER_ALLOWED_TO_SEND);
#ifdef ENABLE_DTLS_SRTP
- if (HAVE_OPT(SRTP_PROFILES)) {
- ret =
- gnutls_srtp_set_profile_direct(session,
- OPT_ARG(SRTP_PROFILES),
- &err);
- if (ret == GNUTLS_E_INVALID_REQUEST)
- fprintf(stderr, "Syntax error at: %s\n", err);
- else if (ret != 0)
- fprintf(stderr, "Error in profiles: %s\n",
- gnutls_strerror(ret));
- else fprintf(stderr,"DTLS profile set to %s\n",
- OPT_ARG(SRTP_PROFILES));
-
- if (ret != 0) exit(1);
- }
+ if (HAVE_OPT(SRTP_PROFILES)) {
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ OPT_ARG(SRTP_PROFILES),
+ &err);
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ else if (ret != 0)
+ fprintf(stderr, "Error in profiles: %s\n",
+ gnutls_strerror(ret));
+ else fprintf(stderr,"DTLS profile set to %s\n",
+ OPT_ARG(SRTP_PROFILES));
+
+ if (ret != 0) exit(1);
+ }
#endif
cstr = dane_match_type_name(match);
if (cstr == NULL) cstr= "Unknown";
- fprintf(outfile, "Contents: %s (%.2x)\n", cstr, match);
- fprintf(outfile, "Data: %s\n", lbuffer);
+ fprintf(outfile, "Contents: %s (%.2x)\n", cstr, match);
+ fprintf(outfile, "Data: %s\n", lbuffer);
}
/* Verify the DANE data */
memset (__t, 0, (l).item_size); \
__t->prev = (void *) p; \
__t->next = (void *) q; \
- q->prev = (void *) __t; \
+ q->prev = (void *) __t; \
p->next = (void *) __t; \
(l).length++; \
}
}
if (nonce) {
- gnutls_datum_t rnonce;
+ gnutls_datum_t rnonce;
ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
exit(1);
}
- gnutls_free(rnonce.data);
+ gnutls_free(rnonce.data);
}
finish_ok:
}
if (nonce) {
- gnutls_datum_t rnonce;
+ gnutls_datum_t rnonce;
ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
if (ret < 0) {
exit(1);
}
- gnutls_free(rnonce.data);
+ gnutls_free(rnonce.data);
}
if (HAVE_OPT(LOAD_TRUST)) {
ret = gnutls_pkcs11_obj_export3(obj, info->outcert_format, &t);
if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
- exit(1);
- }
+ exit(1);
+ }
fwrite(t.data, 1, t.size, outfile);
gnutls_free(t.data);
if (info->outcert_format == GNUTLS_X509_FMT_PEM)
- fputs("\n\n", outfile);
+ fputs("\n\n", outfile);
gnutls_pkcs11_obj_deinit(obj);
ret = gnutls_x509_crt_import_pkcs11(xcrt, obj);
if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
- exit(1);
- }
+ exit(1);
+ }
ret = gnutls_pkcs11_obj_export3(obj, GNUTLS_X509_FMT_PEM, &t);
if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
- exit(1);
- }
+ exit(1);
+ }
fwrite(t.data, 1, t.size, outfile);
- fputs("\n\n", outfile);
- gnutls_free(t.data);
-
- gnutls_pkcs11_obj_deinit(obj);
-
- do {
- ret = gnutls_pkcs11_get_raw_issuer(url, xcrt, &t, GNUTLS_X509_FMT_PEM, 0);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
- __LINE__, gnutls_strerror(ret));
- exit(1);
- }
-
- fwrite(t.data, 1, t.size, outfile);
- fputs("\n\n", outfile);
-
- gnutls_x509_crt_deinit(xcrt);
-
- ret = gnutls_x509_crt_init(&xcrt);
- if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
- __LINE__, gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM);
- if (ret < 0) {
- fprintf(stderr, "Error in %s:%d: %s\n", __func__,
- __LINE__, gnutls_strerror(ret));
- exit(1);
- }
-
- gnutls_free(t.data);
-
- ret = gnutls_x509_crt_check_issuer(xcrt, xcrt);
- if (ret != 0) {
- /* self signed */
- break;
- }
-
- } while(1);
-
+ fputs("\n\n", outfile);
+ gnutls_free(t.data);
+
+ gnutls_pkcs11_obj_deinit(obj);
+
+ do {
+ ret = gnutls_pkcs11_get_raw_issuer(url, xcrt, &t, GNUTLS_X509_FMT_PEM, 0);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(t.data, 1, t.size, outfile);
+ fputs("\n\n", outfile);
+
+ gnutls_x509_crt_deinit(xcrt);
+
+ ret = gnutls_x509_crt_init(&xcrt);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(t.data);
+
+ ret = gnutls_x509_crt_check_issuer(xcrt, xcrt);
+ if (ret != 0) {
+ /* self signed */
+ break;
+ }
+
+ } while(1);
+
UNFIX;
return;
}
ret =
gnutls_pkcs11_privkey_export_pubkey(pkey,
- GNUTLS_X509_FMT_PEM, &pubkey,
- flags);
+ GNUTLS_X509_FMT_PEM, &pubkey,
+ flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
gnutls_strerror(ret));
GNUTLS_HB_PEER_ALLOWED_TO_SEND);
#ifdef ENABLE_DTLS_SRTP
- if (HAVE_OPT(SRTP_PROFILES)) {
- ret =
- gnutls_srtp_set_profile_direct(session,
- OPT_ARG(SRTP_PROFILES),
- &err);
- if (ret == GNUTLS_E_INVALID_REQUEST)
- fprintf(stderr, "Syntax error at: %s\n", err);
- else if (ret != 0)
- fprintf(stderr, "Error in profiles: %s\n",
- gnutls_strerror(ret));
- else fprintf(stderr,"DTLS profile set to %s\n",
- OPT_ARG(SRTP_PROFILES));
-
- if (ret != 0) exit(1);
- }
+ if (HAVE_OPT(SRTP_PROFILES)) {
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ OPT_ARG(SRTP_PROFILES),
+ &err);
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ else if (ret != 0)
+ fprintf(stderr, "Error in profiles: %s\n",
+ gnutls_strerror(ret));
+ else fprintf(stderr,"DTLS profile set to %s\n",
+ OPT_ARG(SRTP_PROFILES));
+
+ if (ret != 0) exit(1);
+ }
#endif
if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) !=
0) {
return "(error)";
- }
+ }
l = strlen(buf);
buf += l;
if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) !=
0) {
snprintf(buf, buflen, "%s", " unknown");
- }
+ }
return save_buf;
}
if (r == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
gnutls_heartbeat_pong(j->tls_session, 0);
} else if (r == GNUTLS_E_REHANDSHAKE) {
- try_rehandshake(j);
+ try_rehandshake(j);
} else {
j->http_state = HTTP_STATE_CLOSING;
if (r < 0) {
print = raw_to_string(prime.data, prime.size);
if (print) {
fprintf(fp, " Prime [%d bits]: %s\n", prime.size * 8,
- print);
+ print);
}
gnutls_dh_get_pubkey(session, &pubkey2);
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
LC_ALL="C" \
- VALGRIND="$(VALGRIND)" \
+ VALGRIND="$(VALGRIND)" \
LIBTOOL="$(LIBTOOL)" \
top_builddir="$(top_builddir)" \
srcdir="$(srcdir)"
rc = gnutls_x509_crl_init(&crl);
if (rc) {
printf("gnutls_x509_crl_init rc %d: %s\n", rc,
- gnutls_strerror(rc));
+ gnutls_strerror(rc));
return 1;
}
rc = gnutls_x509_crl_import(crl, &crldatum, GNUTLS_X509_FMT_PEM);
if (rc) {
printf("gnutls_x509_crl_import rc %d: %s\n", rc,
- gnutls_strerror(rc));
+ gnutls_strerror(rc));
return 1;
}
rc = gnutls_certificate_set_x509_crl(crt, &crl, 1);
if (rc < 0) {
printf("gnutls_certificate_set_x509_crl rc %d: %s\n",
- rc, gnutls_strerror(rc));
+ rc, gnutls_strerror(rc));
return 1;
}
GNUTLS_CRT_PRINT_ONELINE, &tmp);
if (debug)
printf("\tCertificate %d: %.*s\n", (int)j,
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
}
ret =
gnutls_x509_trust_list_verify_crt2(tl, certs, j,
- vdata, 1,
- chains
- [i].verify_flags,
- &verify_status1,
- NULL);
+ vdata, 1,
+ chains
+ [i].verify_flags,
+ &verify_status1,
+ NULL);
} else {
ret =
gnutls_x509_trust_list_verify_crt(tl, certs, j,
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_datum_t * output);
int _gnutls_ucs2_to_utf8(const void *data, size_t size,
- gnutls_datum_t * output, unsigned be);
+ gnutls_datum_t * output, unsigned be);
#define DEBUG
if (debug)
printf("Chain '%s' (%d)...\n", crl_list[i].name,
- (int) i);
+ (int) i);
if (debug > 2)
printf("\tAdding CRL...");
&tmp);
if (debug)
printf("\tCRL: %.*s\n",
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
ret = gnutls_x509_crl_get_signature_algorithm(crl);
if (debug)
printf("Chain '%s' (%d)...\n", crl_list[i].name,
- (int) i);
+ (int) i);
if (debug > 2)
printf("\tAdding CRL...");
&tmp);
if (debug)
printf("\tCRL: %.*s\n",
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
if (debug > 2)
gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp);
if (debug)
printf("\tCA Certificate: %.*s\n", tmp.size,
- tmp.data);
+ tmp.data);
gnutls_free(tmp.data);
if (debug)
if (debug)
printf("Chain '%s' (%d)...\n", crq_list[i].name,
- (int) i);
+ (int) i);
if (debug > 2)
printf("\tAdding CRL...");
&tmp);
if (debug)
printf("\tCRL: %.*s\n",
- tmp.size, tmp.data);
+ tmp.size, tmp.data);
gnutls_free(tmp.data);
ret = gnutls_x509_crq_get_signature_algorithm(crq);
crq_key_id_len = 0;
ret =
gnutls_x509_crq_get_key_id(crq, 0, crq_key_id,
- &crq_key_id_len);
+ &crq_key_id_len);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret));
}
malloc(sizeof(unsigned char) * crq_key_id_len);
ret =
gnutls_x509_crq_get_key_id(crq, 0, crq_key_id,
- &crq_key_id_len);
+ &crq_key_id_len);
if (ret != GNUTLS_E_SUCCESS) {
fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret));
}
gnutls_certificate_allocate_credentials(&x509_cred);
ret = gnutls_certificate_set_x509_key_file(x509_cred, "system:cert", "system:key",
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n",
gnutls_strerror(ret));
*/
gnutls_certificate_allocate_credentials(&x509_cred);
ret = gnutls_certificate_set_x509_key_file(x509_cred, "nomyurl:cert", "nomyurl:key",
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret != GNUTLS_E_FILE_ERROR) {
fail("server: gnutls_certificate_set_x509_key_file unexpected error (%s)\n\n",
gnutls_strerror(ret));
}
ret = gnutls_certificate_set_x509_key_file(x509_cred, "myurl:cert", "myurl:key",
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n",
gnutls_strerror(ret));
int bogus;
const char *cert;
const char *ca;
- unsigned expected_status; /* if cert is non-null */
- int expected_verify_ret; /* if cert is non-null */
+ unsigned expected_status; /* if cert is non-null */
+ int expected_verify_ret; /* if cert is non-null */
};
const struct data_entry_st data_entries[] = {
{
- .name = "Entry parsing",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char *)
- "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
- (char *)
- "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 3,
- .secure = 1,
- .bogus = 0
- },
- { /* as the previous but with first byte invalid */
- .name = "Cert verification (single entry)",
- .queries = {
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Entry parsing",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
+ (char *)
+ "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88",
+ NULL},
+ .q_size = {35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 3,
+ .secure = 1,
+ .bogus = 0},
+ { /* as the previous but with first byte invalid */
+ .name = "Cert verification (single entry)",
+ .queries = {
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ NULL},
+ .q_size = {35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "Cert verification (multi entries)",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- (char *)
- "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 3,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Cert verification (multi entries)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ (char *)
+ "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
+ NULL},
+ .q_size = { 35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 3,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "Cert verification (invalid hash)",
- .queries = {
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = DANE_VERIFY_CERT_DIFFERS,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Cert verification (invalid hash)",
+ .queries = {
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = DANE_VERIFY_CERT_DIFFERS,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "Cert verification (bogus data)",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE,
- .expected_status = -1,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
- "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
- "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
- "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
- "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
- "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
- "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
- "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
- "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
- "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
- "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
- "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
- "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
- "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
- "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
- "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
- "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
- "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
- "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
- "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
- "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
- "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
- "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
- "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
- "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
- "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "Cert verification (bogus data)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE,
+ .expected_status = -1,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n"
+ "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n"
+ "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n"
+ "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n"
+ "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n"
+ "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n"
+ "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n"
+ "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n"
+ "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n"
+ "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n"
+ "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n"
+ "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n"
+ "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n"
+ "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n"
+ "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n"
+ "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n"
+ "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n"
+ "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n"
+ "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n"
+ "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n"
+ "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n"
+ "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n"
+ "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n"
+ "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n"
+ "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n"
+ "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n"
+ "-----END CERTIFICATE-----\n"},
{
- .name = "CA verification (valid)",
- .queries = {
- (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
- "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
- "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
- "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
- "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
- "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
- "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
- "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
- "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
- "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
- "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
- "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
- "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
- "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
- "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
- "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
- "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
- "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
- "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
- "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
- "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
- "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
- "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
- "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
- "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
- "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
- "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
- "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
- "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
- "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
- "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
- "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
- "hrA=\n"
- "-----END CERTIFICATE-----\n",
- .ca = "-----BEGIN CERTIFICATE-----\n"
- "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
- "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
- "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
- "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
- "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
- "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
- "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
- "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
- "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
- "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
- "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
- "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
- "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
- "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
- "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
- "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
- "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
- "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
- "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
- "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
- "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
- "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
- "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
- "cPUeybQ=\n"
- "-----END CERTIFICATE-----\n"
- },
+ .name = "CA verification (valid)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
+ "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
+ "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
+ "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
+ "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
+ "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
+ "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
+ "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
+ "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
+ "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
+ "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
+ "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
+ "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
+ "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
+ "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
+ "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
+ "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
+ "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
+ "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
+ "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
+ "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
+ "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
+ "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
+ "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
+ "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
+ "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
+ "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
+ "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
+ "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
+ "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
+ "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
+ "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
+ "hrA=\n" "-----END CERTIFICATE-----\n",
+ .ca = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
+ "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
+ "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
+ "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
+ "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
+ "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
+ "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
+ "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
+ "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+ "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
+ "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
+ "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
+ "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
+ "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
+ "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
+ "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
+ "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
+ "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
+ "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
+ "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
+ "cPUeybQ=\n" "-----END CERTIFICATE-----\n"},
{
- .name = "CA verification (invalid)",
- .queries = {
- (char*)"\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- NULL},
- .q_size = {
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 1,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
- "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
- "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
- "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
- "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
- "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
- "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
- "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
- "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
- "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
- "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
- "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
- "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
- "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
- "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
- "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
- "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
- "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
- "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
- "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
- "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
- "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
- "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
- "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
- "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
- "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
- "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
- "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
- "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
- "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
- "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
- "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
- "hrA=\n"
- "-----END CERTIFICATE-----\n",
- .ca = "-----BEGIN CERTIFICATE-----\n"
- "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
- "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
- "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
- "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
- "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
- "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
- "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
- "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
- "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
- "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
- "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
- "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
- "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
- "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
- "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
- "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
- "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
- "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
- "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
- "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
- "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
- "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
- "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
- "cPUeybQ=\n"
- "-----END CERTIFICATE-----\n"
- },
- { /* as the previous but with first byte invalid */
- .name = "CA verification (multiple entries)",
- .queries = {
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char *)
- "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
- (char *)
- "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
- (char*)
- "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
- NULL},
- .q_size = {
- 35,
- 35,
- 35,
- 35,
- 0},
- .expected_ret = 0,
- .no_queries = 4,
- .secure = 1,
- .bogus = 0,
- .expected_verify_ret = 0,
- .expected_status = 0,
- .cert = "-----BEGIN CERTIFICATE-----\n"
- "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
- "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
- "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
- "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
- "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
- "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
- "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
- "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
- "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
- "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
- "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
- "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
- "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
- "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
- "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
- "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
- "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
- "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
- "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
- "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
- "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
- "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
- "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
- "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
- "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
- "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
- "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
- "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
- "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
- "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
- "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
- "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
- "hrA=\n"
- "-----END CERTIFICATE-----\n",
- .ca = "-----BEGIN CERTIFICATE-----\n"
- "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
- "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
- "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
- "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
- "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
- "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
- "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
- "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
- "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
- "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
- "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
- "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
- "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
- "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
- "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
- "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
- "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
- "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
- "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
- "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
- "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
- "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
- "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
- "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
- "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
- "cPUeybQ=\n"
- "-----END CERTIFICATE-----\n"
- }
+ .name = "CA verification (invalid)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ NULL},
+ .q_size = { 35, 0},
+ .expected_ret = 0,
+ .no_queries = 1,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
+ "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
+ "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
+ "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
+ "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
+ "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
+ "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
+ "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
+ "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
+ "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
+ "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
+ "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
+ "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
+ "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
+ "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
+ "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
+ "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
+ "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
+ "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
+ "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
+ "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
+ "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
+ "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
+ "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
+ "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
+ "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
+ "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
+ "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
+ "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
+ "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
+ "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
+ "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
+ "hrA=\n" "-----END CERTIFICATE-----\n",
+ .ca = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
+ "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
+ "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
+ "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
+ "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
+ "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
+ "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
+ "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
+ "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+ "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
+ "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
+ "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
+ "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
+ "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
+ "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
+ "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
+ "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
+ "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
+ "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
+ "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
+ "cPUeybQ=\n" "-----END CERTIFICATE-----\n"},
+ { /* as the previous but with first byte invalid */
+ .name = "CA verification (multiple entries)",
+ .queries = {
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe",
+ (char *)
+ "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0",
+ (char *)
+ "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3",
+ NULL},
+ .q_size = { 35, 35, 35, 35, 0},
+ .expected_ret = 0,
+ .no_queries = 4,
+ .secure = 1,
+ .bogus = 0,
+ .expected_verify_ret = 0,
+ .expected_status = 0,
+ .cert = "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
+ "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n"
+ "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n"
+ "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n"
+ "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n"
+ "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n"
+ "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n"
+ "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n"
+ "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n"
+ "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n"
+ "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n"
+ "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n"
+ "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n"
+ "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n"
+ "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n"
+ "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n"
+ "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n"
+ "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n"
+ "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n"
+ "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n"
+ "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n"
+ "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n"
+ "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n"
+ "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n"
+ "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n"
+ "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n"
+ "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n"
+ "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n"
+ "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n"
+ "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n"
+ "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n"
+ "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n"
+ "hrA=\n" "-----END CERTIFICATE-----\n",
+ .ca = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
+ "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
+ "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
+ "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
+ "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
+ "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
+ "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
+ "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
+ "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+ "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
+ "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
+ "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
+ "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
+ "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
+ "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
+ "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
+ "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
+ "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
+ "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
+ "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
+ "cPUeybQ=\n" "-----END CERTIFICATE-----\n"}
};
static time_t mytime(time_t * t)
return then;
}
-static void crt_to_der(gnutls_datum_t *chain, const char *pem, unsigned size)
+static void crt_to_der(gnutls_datum_t * chain, const char *pem, unsigned size)
{
int ret;
gnutls_x509_crt_t crt;
- gnutls_datum_t input = {(void*)pem, size};
+ gnutls_datum_t input = { (void *)pem, size };
gnutls_x509_crt_init(&crt);
for (j = 0; j < sizeof(data_entries) / sizeof(data_entries[0]); j++) {
if (debug)
- success("running test[%d]: %s\n", j, data_entries[j].name);
+ success("running test[%d]: %s\n", j,
+ data_entries[j].name);
ret =
dane_raw_tlsa(s, &r, data_entries[j].queries,
- data_entries[j].q_size, data_entries[j].secure,
+ data_entries[j].q_size,
+ data_entries[j].secure,
data_entries[j].bogus);
if (ret != data_entries[j].expected_ret) {
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
}
ret =
dane_query_to_raw_tlsa(r, &entries, &r_data, &r_data_len,
&secure, &bogus);
if (ret < 0) {
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
}
if (entries != data_entries[j].no_queries)
for (i = 0; i < entries; i++) {
if (r_data_len[i] != data_entries[j].q_size[i])
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
if (memcmp
(r_data[i], data_entries[j].queries[i],
r_data_len[i]) != 0)
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
}
- if (data_entries[j].cert) { /* verify cert */
+ if (data_entries[j].cert) { /* verify cert */
gnutls_datum_t chain[2];
unsigned status = 0;
unsigned chain_size = 1;
- crt_to_der(&chain[0], data_entries[j].cert, strlen(data_entries[j].cert));
+ crt_to_der(&chain[0], data_entries[j].cert,
+ strlen(data_entries[j].cert));
if (data_entries[j].ca) {
- crt_to_der(&chain[1], data_entries[j].ca, strlen(data_entries[j].ca));
+ crt_to_der(&chain[1], data_entries[j].ca,
+ strlen(data_entries[j].ca));
chain_size++;
}
- ret = dane_verify_crt_raw(NULL, chain, chain_size, GNUTLS_CRT_X509, r,
- 0, 0, &status);
+ ret =
+ dane_verify_crt_raw(NULL, chain, chain_size,
+ GNUTLS_CRT_X509, r, 0, 0,
+ &status);
if (ret != data_entries[j].expected_verify_ret)
- fail("test[%d]: %d: %s\n", j, __LINE__, dane_strerror(ret));
+ fail("test[%d]: %d: %s\n", j, __LINE__,
+ dane_strerror(ret));
- if (ret >= 0 && status != data_entries[j].expected_status) {
+ if (ret >= 0
+ && status != data_entries[j].expected_status) {
fail("tests[%d]: expected verif. status %x, got %x\n", j, data_entries[j].expected_status, status);
}
free(chain[0].data);
}
if (debug)
- success("completed test[%d]: %s\n", j, data_entries[j].name);
+ success("completed test[%d]: %s\n", j,
+ data_entries[j].name);
gnutls_free(r_data);
gnutls_free(r_data_len);
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
ret = gnutls_handshake(session);
}
while (ret < 0
- && gnutls_error_is_fatal(ret) == 0);
+ && gnutls_error_is_fatal(ret) == 0);
if (ret == 0)
break;
}
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
ret = gnutls_handshake(session);
}
while (ret < 0
- && gnutls_error_is_fatal(ret) == 0);
+ && gnutls_error_is_fatal(ret) == 0);
if (ret == 0)
break;
}
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
NULL) >= 0);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
NULL) >= 0);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
ret = gnutls_handshake(session);
}
while (ret < 0
- && gnutls_error_is_fatal(ret) == 0);
+ && gnutls_error_is_fatal(ret) == 0);
if (ret == 0)
break;
}
do {
ret =
gnutls_record_send(session, buffer,
- strlen(buffer));
+ strlen(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
};
typedef struct {
- unsigned char i[8];
+ unsigned char i[8];
} uint64;
#define gnutls_assert_val(x) x
*
* **** Available parameters ****
*
- * -nb enable nonblocking operations on sessions
- * -batch read test identifiers from stdin and run them
- * -d increase debug level by one
- * -r replay messages (very crude replay mechanism)
- * -d <n> set debug level to <n>
- * -die don't start new tests after the first detected failure
- * -timeout <n> set handshake timeout to <n> seconds. Tests that don't make progress
- * within twice this time will be forcibly killed. (default: 120)
+ * -nb enable nonblocking operations on sessions
+ * -batch read test identifiers from stdin and run them
+ * -d increase debug level by one
+ * -r replay messages (very crude replay mechanism)
+ * -d <n> set debug level to <n>
+ * -die don't start new tests after the first detected failure
+ * -timeout <n> set handshake timeout to <n> seconds. Tests that don't make progress
+ * within twice this time will be forcibly killed. (default: 120)
* -retransmit <n> set retransmit timeout to <n> milliseconds (default: 100)
- * -j <n> run up to <n> tests in parallel
- * -full use full handshake with mutual certificate authentication
- * -resume use resumed handshake
+ * -j <n> run up to <n> tests in parallel
+ * -full use full handshake with mutual certificate authentication
+ * -resume use resumed handshake
* -shello <perm> run only one test, with the server hello flight permuted as <perm>
* -sfinished <perm> run only one test, with the server finished flight permuted as <perm>
* -cfinished <perm> run only one test, with the client finished flight permuted as <perm>
* <packet name> run only one test, drop <packet name> three times
- * valid values for <packet name> are:
- * SHello, SCertificate, SKeyExchange, SCertificateRequest, SHelloDone,
- * CCertificate, CKeyExchange, CCertificateVerify, CChangeCipherSpec,
- * CFinished, SChangeCipherSpec, SFinished
- * using *Certificate* without -full will yield unexpected results
+ * valid values for <packet name> are:
+ * SHello, SCertificate, SKeyExchange, SCertificateRequest, SHelloDone,
+ * CCertificate, CKeyExchange, CCertificateVerify, CChangeCipherSpec,
+ * CFinished, SChangeCipherSpec, SFinished
+ * using *Certificate* without -full will yield unexpected results
*
*
* **** Permutation handling ****
do \
{ \
if (cret == GNUTLS_E_AGAIN) \
- { \
- side = "client"; \
- cret = gnutls_handshake (c); \
- if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \
- } \
+ { \
+ side = "client"; \
+ cret = gnutls_handshake (c); \
+ if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \
+ } \
if (sret == GNUTLS_E_AGAIN) \
- { \
- side = "server"; \
- sret = gnutls_handshake (s); \
- if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \
- } \
+ { \
+ side = "server"; \
+ sret = gnutls_handshake (s); \
+ if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \
+ } \
} \
while ((cret == GNUTLS_E_AGAIN || (cret == 0 && sret == GNUTLS_E_AGAIN)) && (sret == GNUTLS_E_AGAIN || (sret == 0 && cret == GNUTLS_E_AGAIN))); \
if (cret != clierr || sret != serverr) \
do \
{ \
if (cret == GNUTLS_E_LARGE_PACKET) \
- { \
- unsigned int mtu = gnutls_dtls_get_mtu(s); \
- gnutls_dtls_set_mtu(s, mtu/2); \
- } \
+ { \
+ unsigned int mtu = gnutls_dtls_get_mtu(s); \
+ gnutls_dtls_set_mtu(s, mtu/2); \
+ } \
if (cret < 0 && gnutls_error_is_fatal(cret) == 0) \
- { \
- side = "client"; \
- cret = gnutls_handshake (c); \
- } \
+ { \
+ side = "client"; \
+ cret = gnutls_handshake (c); \
+ } \
if (sret == GNUTLS_E_LARGE_PACKET) \
- { \
- unsigned int mtu = gnutls_dtls_get_mtu(s); \
- gnutls_dtls_set_mtu(s, mtu/2); \
- } \
+ { \
+ unsigned int mtu = gnutls_dtls_get_mtu(s); \
+ gnutls_dtls_set_mtu(s, mtu/2); \
+ } \
if (sret < 0 && gnutls_error_is_fatal(sret) == 0) \
- { \
- side = "server"; \
- sret = gnutls_handshake (s); \
- } \
+ { \
+ side = "server"; \
+ sret = gnutls_handshake (s); \
+ } \
} \
while (((gnutls_error_is_fatal(cret) == 0 && gnutls_error_is_fatal(sret) == 0)) && (cret < 0 || sret < 0)); \
if (cret != clierr || sret != serverr) \
do \
{ \
do \
- { \
- side = "server"; \
- ret = gnutls_record_recv (s, buf, buflen); \
- } \
+ { \
+ side = "server"; \
+ ret = gnutls_record_recv (s, buf, buflen); \
+ } \
while(ret == GNUTLS_E_AGAIN); \
if (ret == 0) \
- fail ("server: didn't receive any data\n"); \
+ fail ("server: didn't receive any data\n"); \
else if (ret < 0) \
- { \
- fail ("server: error: %s\n", gnutls_strerror (ret)); \
- } \
+ { \
+ fail ("server: error: %s\n", gnutls_strerror (ret)); \
+ } \
else \
- { \
- transferred += ret; \
- } \
+ { \
+ transferred += ret; \
+ } \
side = "server"; \
ns = record_send_loop (server, msg, msglen, retry_send_with_null); \
if (ns < 0) fail ("server send error: %s\n", gnutls_strerror (ret)); \
do \
- { \
- side = "client"; \
- ret = gnutls_record_recv (client, buf, buflen); \
- } \
+ { \
+ side = "client"; \
+ ret = gnutls_record_recv (client, buf, buflen); \
+ } \
while(ret == GNUTLS_E_AGAIN); \
if (ret == 0) \
- { \
- fail ("client: Peer has closed the TLS connection\n"); \
- } \
+ { \
+ fail ("client: Peer has closed the TLS connection\n"); \
+ } \
else if (ret < 0) \
- { \
- if (debug) \
- fputs ("!", stdout); \
- fail ("client: Error: %s\n", gnutls_strerror (ret)); \
- } \
+ { \
+ if (debug) \
+ fputs ("!", stdout); \
+ fail ("client: Error: %s\n", gnutls_strerror (ret)); \
+ } \
else \
- { \
- if (msglen != ret || memcmp (buf, msg, msglen) != 0) \
- { \
- fail ("client: Transmitted data do not match\n"); \
- } \
- /* echo back */ \
- side = "client"; \
- ns = record_send_loop (client, buf, msglen, retry_send_with_null); \
- if (ns < 0) fail ("client send error: %s\n", gnutls_strerror (ret)); \
- transferred += ret; \
- if (debug) \
- fputs (".", stdout); \
- } \
+ { \
+ if (msglen != ret || memcmp (buf, msg, msglen) != 0) \
+ { \
+ fail ("client: Transmitted data do not match\n"); \
+ } \
+ /* echo back */ \
+ side = "client"; \
+ ns = record_send_loop (client, buf, msglen, retry_send_with_null); \
+ if (ns < 0) fail ("client send error: %s\n", gnutls_strerror (ret)); \
+ transferred += ret; \
+ if (debug) \
+ fputs (".", stdout); \
+ } \
} \
while (transferred < 70000)
while (ret == GNUTLS_E_AGAIN) {
ret =
gnutls_record_send(session, retry_data,
- retry_sizeofdata);
+ retry_sizeofdata);
}
return ret;
do {
ret =
gnutls_record_send(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
gnutls_record_send(client, TESTDATA, sizeof(TESTDATA) - 1);
if (ret < 0) {
myfail("%d: error sending false start data: %s\n",
- __LINE__, gnutls_strerror(ret));
+ __LINE__, gnutls_strerror(ret));
exit(1);
}
ret = gnutls_record_recv(server, buffer, sizeof(buffer));
if (ret < 0) {
myfail("%d: error receiving data: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
if (ret != sizeof(TESTDATA) - 1) {
gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1);
if (ret < 0) {
myfail("%d: error sending false start data: %s\n",
- __LINE__, gnutls_strerror(ret));
+ __LINE__, gnutls_strerror(ret));
exit(1);
}
} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
myfail("%d: error receiving data: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
} else if (testno == TEST_RECV_SEND) {
side = "server";
gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1);
if (ret < 0) {
myfail("%d: error sending false start data: %s\n",
- __LINE__, gnutls_strerror(ret));
+ __LINE__, gnutls_strerror(ret));
exit(1);
}
ret = gnutls_record_recv(client, buffer, sizeof(buffer));
if (ret < 0) {
myfail("%d: error receiving data: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
if (ret != sizeof(TESTDATA) - 1) {
ret = gnutls_bye(server, GNUTLS_SHUT_WR);
if (ret < 0) {
myfail("%d: error in server bye: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
side = "client";
ret = gnutls_bye(client, GNUTLS_SHUT_RDWR);
if (ret < 0) {
myfail("%d: error in client bye: %s\n", __LINE__,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
}
success("%5s%s \tok\n", dtls?"dtls-":"", name);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* Certificate with no SAN nor CN. */
char pem1[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: O=GnuTLS hostname check test CA\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
- " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
- " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
- " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
- " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
- " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
- " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
- " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
- " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: O=GnuTLS hostname check test CA\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
+ " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
+ " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
+ " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
+ " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
+ " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
+ " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
+ " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
+ " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " fd845ded8c28ba5e78d6c1844ceafd24\n"
- " SHA-1 fingerprint:\n"
- " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " fd845ded8c28ba5e78d6c1844ceafd24\n"
+ " SHA-1 fingerprint:\n"
+ " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
/* Certificate with CN but no SAN. */
char pem2[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: CN=www.example.org\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
- " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
- " Subject: CN=www.example.org\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
- " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
- " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
- " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
- " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
- " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
- " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
- " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: CN=www.example.org\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
+ " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
+ " Subject: CN=www.example.org\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
+ " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
+ " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
+ " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
+ " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
+ " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
+ " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
+ " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " 30cda7de4f0360892547974f45111ac1\n"
- " SHA-1 fingerprint:\n"
- " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " 30cda7de4f0360892547974f45111ac1\n"
+ " SHA-1 fingerprint:\n"
+ " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
/* Certificate with SAN but no CN. */
char pem3[] =
"X.509 Certificate Information:"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: O=GnuTLS hostname check test CA\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
- " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: www.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
- " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
- " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
- " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
- " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
- " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
- " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
- " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: O=GnuTLS hostname check test CA\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
+ " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: www.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
+ " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
+ " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
+ " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
+ " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
+ " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
+ " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
+ " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " df3f57d00c8149bd826b177d6ea4f369\n"
- " SHA-1 fingerprint:\n"
- " e95e56e2acac305f72ea6f698c11624663a595bd\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " df3f57d00c8149bd826b177d6ea4f369\n"
+ " SHA-1 fingerprint:\n"
+ " e95e56e2acac305f72ea6f698c11624663a595bd\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
/* Certificate with wildcard SAN but no CN. */
char pem4[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer:\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
- " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
- " Subject:\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: *.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
- " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
- " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
- " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
- " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
- " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
- " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
- " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer:\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
+ " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
+ " Subject:\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: *.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
+ " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
+ " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
+ " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
+ " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
+ " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
+ " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
+ " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
"Other Information:\n"
- " MD5 fingerprint:\n"
- " a411da7b0fa064d214116d5f94e06c24\n"
- " SHA-1 fingerprint:\n"
- " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " MD5 fingerprint:\n"
+ " a411da7b0fa064d214116d5f94e06c24\n"
+ " SHA-1 fingerprint:\n"
+ " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n"
/* Certificate with multiple wildcards SAN but no CN. */
char pem6[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:00:51 UTC 2008\n"
- " Not After: Sat May 17 11:00:54 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: *.*.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:00:51 UTC 2008\n"
+ " Not After: Sat May 17 11:00:54 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: *.*.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
/* Certificate with prefixed and suffixed wildcard SAN but no CN. */
char pem7[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:02:43 UTC 2008\n"
- " Not After: Sat May 17 11:02:45 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: foo*bar.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:02:43 UTC 2008\n"
+ " Not After: Sat May 17 11:02:45 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: foo*bar.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
/* Certificate with ending wildcard SAN but no CN. */
char pem8[] =
"X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:24:38 UTC 2008\n"
- " Not After: Sat May 17 11:24:40 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: www.example.*\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:24:38 UTC 2008\n"
+ " Not After: Sat May 17 11:24:40 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: www.example.*\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
"\n"
"-----BEGIN CERTIFICATE-----\n"
"MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
" bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n"
" Public key's random art:\n"
" +--[ RSA 2048]----+\n"
- " | |\n"
- " | . |\n"
- " | . + |\n"
+ " | |\n"
+ " | . |\n"
+ " | . + |\n"
" | . .= . |\n"
- " | .S+oo |\n"
- " | E+.+ |\n"
+ " | .S+oo |\n"
+ " | E+.+ |\n"
" | . +. *.o |\n"
" | . oo.=..+ o |\n"
" | ooo.+Bo . |\n"
block_size = 2*hash_size + 2*key_size + 2 *iv_size;
ret = gnutls_prf(session, 13, "key expansion", 1, 0, NULL, block_size,
- (void*)key_material);
+ (void*)key_material);
if (ret < 0) {
fprintf(stderr, "error in %d\n", __LINE__);
gnutls_perror(ret);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-KX-ALL:+RSA",
NULL);
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-KX-ALL:+RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS",
NULL);
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* Use default priorities */
ret =
gnutls_priority_set_direct(session,
- "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
- &p);
+ "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ &p);
if (ret < 0) {
fail("error in setting priority: %s\n", p);
exit(1);
const gnutls_datum_t server_cert = {
server_cert_pem,
- sizeof(server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
/* Use default priorities */
ret =
gnutls_priority_set_direct(session,
- "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
- &p);
+ "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ &p);
if (ret < 0) {
fail("error in setting priority: %s\n", p);
exit(1);
do {
ret =
gnutls_record_recv(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
if (debug)
}
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
- || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
if (ret < 0) {
fail("recv: %s\n", gnutls_strerror(ret));
success("Ping sent.\n");
}
while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
+ || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
fail("ping: %s\n", gnutls_strerror(ret));
do {
ret =
gnutls_record_recv(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
if (debug)
}
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
- || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
} else {
do {
ret =
success("Ping sent.\n");
}
while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
+ || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
fail("ping: %s\n", gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 12);
+ gnutls_dtls_get_data_mtu(session) + 12);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 5048);
+ gnutls_dtls_get_data_mtu(session) + 5048);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
gnutls_dtls_set_mtu(session, MAX_MTU);
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 12);
+ gnutls_dtls_get_data_mtu(session) + 12);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) + 5048);
+ gnutls_dtls_get_data_mtu(session) + 5048);
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret > 16384 || ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session) - 16);
+ gnutls_dtls_get_data_mtu(session) - 16);
if (ret < 0) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
if (ret != GNUTLS_E_LARGE_PACKET) {
terminate();
fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
do {
ret =
gnutls_record_send(session, buffer,
- gnutls_dtls_get_data_mtu(session));
+ gnutls_dtls_get_data_mtu(session));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
static int client_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
{
- fd_set rfds;
- struct timeval tv;
- int ret;
- int fd = (long int)ptr;
+ fd_set rfds;
+ struct timeval tv;
+ int ret;
+ int fd = (long int)ptr;
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
+ FD_ZERO(&rfds);
+ FD_SET(fd, &rfds);
- tv.tv_sec = 0;
- tv.tv_usec = ms * 1000;
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
- while (tv.tv_usec >= 1000000) {
- tv.tv_usec -= 1000000;
- tv.tv_sec++;
- }
+ while (tv.tv_usec >= 1000000) {
+ tv.tv_usec -= 1000000;
+ tv.tv_sec++;
+ }
- ret = select(fd + 1, &rfds, NULL, NULL, &tv);
- if (ret <= 0)
- return ret;
+ ret = select(fd + 1, &rfds, NULL, NULL, &tv);
+ if (ret <= 0)
+ return ret;
- return ret;
+ return ret;
}
static ssize_t client_pull(gnutls_transport_ptr_t ptr, void *data, size_t len)
{
- int fd = (long int)ptr;
+ int fd = (long int)ptr;
ssize_t ret;
ret = recv(fd, data, len, 0);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_int(session, fd);
- gnutls_transport_set_pull_function(session, client_pull);
+ gnutls_transport_set_pull_function(session, client_pull);
gnutls_transport_set_pull_timeout_function(session, client_pull_timeout);
/* Perform the TLS handshake
GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
ret =
gnutls_priority_set_direct(server,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
cret =
gnutls_priority_set_direct(client,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (cret < 0)
exit(1);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_init(&server, GNUTLS_SERVER);
ret =
gnutls_priority_set_direct(server,
- "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_init(&client, GNUTLS_CLIENT);
ret =
gnutls_priority_set_direct(client,
- "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
ret =
gnutls_priority_set_direct(server,
- "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
cret =
gnutls_priority_set_direct(client,
- "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
- NULL);
+ "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
if (cret < 0)
exit(1);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
do {
ret =
gnutls_record_send(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, sd);
NULL);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_ext_register("ext_server", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-CBC",
NULL);
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
block_size = 2*hash_size + 2*key_size + 2 *iv_size;
ret = gnutls_prf(session, 13, "key expansion", 1, 0, NULL, block_size,
- (void*)key_material);
+ (void*)key_material);
if (ret < 0) {
fprintf(stderr, "error in %d\n", __LINE__);
gnutls_perror(ret);
do {
ret =
gnutls_record_send(session, buffer,
- sizeof(buffer));
+ sizeof(buffer));
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
*/
gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, sd);
gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_transport_set_int(session, sd);
ret = gnutls_handshake(session);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_session_set_verify_function(server,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
/* Init client */
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_session_set_verify_function(client,
- client_callback);
+ client_callback);
HANDSHAKE(client, server);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_session_set_verify_function(server,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
/* Init client */
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_session_set_verify_function(client,
- client_callback);
+ client_callback);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_CERTIFICATE_ERROR, GNUTLS_E_AGAIN);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_session_set_verify_function(server,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
/* Init client */
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_session_set_verify_function(client,
- client_callback);
+ client_callback);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_CERTIFICATE_ERROR);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_transport_set_int(session, sd);
NULL);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_supplemental_recv(session, 1);
gnutls_supplemental_send(session, 1);
ret =
gnutls_x509_privkey_import(pkey, &server_key,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL:-CIPHER-ALL:+AES-128-GCM",
NULL);
exit(1);
ret = gnutls_certificate_set_x509_key_mem(clientx509cred,
- &cli_cert, &cli_key,
- GNUTLS_X509_FMT_PEM);
+ &cli_cert, &cli_key,
+ GNUTLS_X509_FMT_PEM);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_certificate_set_verify_function(serverx509cred,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_handshake_set_post_client_hello_function(server,
post_client_hello_callback);
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_certificate_set_verify_function(clientx509cred,
- client_callback);
+ client_callback);
HANDSHAKE(client, server);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
gnutls_certificate_set_verify_function(serverx509cred,
- server_callback);
+ server_callback);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_handshake_set_post_client_hello_function(server,
post_client_hello_callback);
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_certificate_set_verify_function(clientx509cred,
- client_callback);
+ client_callback);
append_alpn(client);
HANDSHAKE(client, server);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
ret = gnutls_set_default_priority(server);
if (ret < 0)
exit(1);
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_priority_set_direct(server,
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
#ifndef ENABLE_FIPS140
"NORMAL:-CIPHER-ALL:+ARCFOUR-128",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* 4: simple intersection
* --------P:203.0.113.0/24--------
* --P:203.0.113.0/26--
- * A B C
+ * A B C
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
{
/* 5: empty intersection
* --P:127.0.113.0/24--
- * --P:255.0.113.0/24--
- * A B C
+ * --P:255.0.113.0/24--
+ * A B C
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
{
/* 6: mediocre intersection
* --------P:127.0.113.0/24--------
- * --P:127.0.113.0/26-- --P:255.0.113.0/24--
- * A B C D
+ * --P:127.0.113.0/26-- --P:255.0.113.0/24--
+ * A B C D
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
/* 7: difficult intersection
* --------P:0.0.0.0/3--------------- --P:88.0.0.0/5--
* --P:0.0.0.0/5-- --P:16.0.0.0/5-- ----P:64.0.0.0/3----
- * A B C D E F G H
+ * A B C D E F G H
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
/* 8: IPv6 intersection
* --------P:affb::/16----- --P:affd:0000::/20--
* --P:affb:aa00::/24--
- * A B C D E F G
+ * A B C D E F G
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
/* 9: IPv4 and IPv6 in a common test case
* IPv4 with empty intersection, but IPv6 gets restricted as well
* --P:127.0.113.0/24--
- * --P:255.0.113.0/24--
- * A B C
+ * --P:255.0.113.0/24--
+ * A B C
*
* --P:bfa6::/16--
- * D E
+ * D E
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
/* 10: IPv4 and IPv6 in a common test case
* both IPv4 and IPv6 have empty intersection
* --P:127.0.113.0/24--
- * --P:255.0.113.0/24--
- * A B C
+ * --P:255.0.113.0/24--
+ * A B C
*
* --P:bfa6::/16--
- * --P:cfa6::/16--
- * D E F
+ * --P:cfa6::/16--
+ * D E F
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
/* 11: 1 IPv4 range and 1 IPv6 range in a common test case
* (no overlap)
* --P:127.0.113.0/24--
- * A B
+ * A B
*
* --P:bfa6::/16--
- * C D
+ * C D
*/
int ret;
gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc;
TESTS = $(dist_check_SCRIPTS)
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
- LC_ALL="C" \
- VALGRIND="$(VALGRIND)" \
- LIBTOOL="$(LIBTOOL)" \
- top_builddir="$(top_builddir)" \
+ LC_ALL="C" \
+ VALGRIND="$(VALGRIND)" \
+ LIBTOOL="$(LIBTOOL)" \
+ top_builddir="$(top_builddir)" \
srcdir="$(srcdir)"
if WINDOWS
if (strlen(REQ1INFO) != d.size ||
memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(REQ1INFO), REQ1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(REQ1INFO), REQ1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp request print failed\n");
exit(1);
}
if (strlen(REQ1INFO) != d.size ||
memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(REQ1INFO), REQ1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(REQ1INFO), REQ1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp request print failed\n");
exit(1);
}
}
ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1,
- issuer, subject);
+ issuer, subject);
if (ret != 0) {
fail("gnutls_ocsp_add_cert %d\n", ret);
exit(1);
if (strlen(REQ1INFO) != d.size ||
memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(REQ1INFO), REQ1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(REQ1INFO), REQ1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp request print failed\n");
exit(1);
}
if (strlen(RESP1INFO) != d.size ||
memcmp(RESP1INFO, d.data, strlen(RESP1INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(RESP1INFO), RESP1INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(RESP1INFO), RESP1INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp response print failed\n");
exit(1);
}
if (memcmp(RESP2INFO, d.data, strlen(RESP2INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(RESP2INFO), RESP2INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(RESP2INFO), RESP2INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp response print failed\n");
exit(1);
}
if (memcmp(RESP3INFO, d.data, strlen(RESP3INFO)) != 0) {
printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen(RESP3INFO), RESP3INFO, (int) d.size,
- (int) d.size, d.data);
+ strlen(RESP3INFO), RESP3INFO, (int) d.size,
+ (int) d.size, d.data);
fail("ocsp response 3 print failed\n");
exit(1);
}
sent =
gnutls_record_send(session, message,
- sizeof(message));
+ sizeof(message));
if (sent != sizeof(message))
fail("client sent %li vs. %li\n",
(long) sent, (long) sizeof(message));
if (debug)
printf("server process %i (child %i)\n",
- getpid(), child);
+ getpid(), child);
err = gnutls_init(&session, GNUTLS_SERVER);
if (err != 0)
stored_cli_cert.data =
gnutls_malloc(d[0].size);
memcpy(stored_cli_cert.data,
- d[0].data, d[0].size);
+ d[0].data, d[0].size);
stored_cli_cert.size = d[0].size;
}
}
received =
gnutls_record_recv(session, greetings,
- sizeof(greetings));
+ sizeof(greetings));
if (received != sizeof(message)
|| memcmp(greetings, message, sizeof(message)))
fail("server received %li vs. %li\n",
if (debug)
printf("server process %i (child %i)\n", getpid(),
- child);
+ child);
err = gnutls_init(&session, GNUTLS_SERVER);
if (err != 0)
received =
gnutls_record_recv(session, greetings,
- sizeof(greetings));
+ sizeof(greetings));
if (received != sizeof(g_message)
|| memcmp(greetings, g_message, sizeof(g_message)))
fail("server received %li vs. %li\n",
/* put the x509 credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- xcred);
+ xcred);
gnutls_transport_set_int(session, sd);
* Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* pgps2kgnu: test GNU extensions to the OpenPGP S2K specification.
- * at the moment, we just test the "GNU dummy" S2K
- * extension.
+ * at the moment, we just test the "GNU dummy" S2K
+ * extension.
*
* This file is part of GnuTLS.
/* Test capability of reading the gnu-dummy OpenPGP S2K extension.
See: doc/DETAILS from gnupg
- http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00023.html
+ http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00023.html
*/
static void tls_log_func(int level, const char *str)
rc = gnutls_openpgp_privkey_init(&key);
if (rc) {
printf("gnutls_openpgp_privkey_init rc %d: %s\n",
- rc, gnutls_strerror(rc));
+ rc, gnutls_strerror(rc));
return 1;
}
0);
if (rc) {
printf("gnutls_openpgp_privkey_import rc %d: %s\n",
- rc, gnutls_strerror(rc));
+ rc, gnutls_strerror(rc));
return 1;
}
if (debug)
printf("ij: %d.%d: %s\n", i, j,
- _gnutls_bin2hex(key, sizeof(key),
- tmp, sizeof(tmp),
- NULL));
+ _gnutls_bin2hex(key, sizeof(key),
+ tmp, sizeof(tmp),
+ NULL));
x++;
}
}
if (debug)
printf("tv[%d]: %s\n", i,
- _gnutls_bin2hex(key, tv[i].keylen, tmp,
- sizeof(tmp), NULL));
+ _gnutls_bin2hex(key, tv[i].keylen, tmp,
+ sizeof(tmp), NULL));
}
if (debug)
printf("\n");
tmp.size = strlen((char *) tmp.data);
ret = gnutls_x509_privkey_import_pkcs8(key, &tmp,
- GNUTLS_X509_FMT_PEM,
- keys[i].password,
- 0);
+ GNUTLS_X509_FMT_PEM,
+ keys[i].password,
+ 0);
gnutls_x509_privkey_deinit(key);
if (ret != keys[i].expected_result) {
printf("fail[%d]: %d: %s\n", (int) i, ret,
- gnutls_strerror(ret));
+ gnutls_strerror(ret));
return 1;
}
ret =
gnutls_pkcs12_simple_parse(pkcs12, password, &pkey, &chain,
- &chain_size, &extras, &extras_size,
- NULL, 0);
+ &chain_size, &extras, &extras_size,
+ NULL, 0);
if (ret < 0)
fail("pkcs12_simple_parse failed %d: %s\n", ret,
gnutls_strerror(ret));
#include <string.h>
#include <stdlib.h>
-# define PRIVATE_KEY \
- "-----BEGIN PRIVATE KEY-----\n" \
+# define PRIVATE_KEY \
+ "-----BEGIN PRIVATE KEY-----\n" \
"MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n" \
"BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE\n" \
"Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9\n" \
"L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd\n" \
"a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W\n" \
"nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp\n" \
- "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \
+ "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \
"-----END PRIVATE KEY-----\n"
#define TRY(label_size, label, extra_size, extra, size, exp) \
{ \
ret = gnutls_prf_rfc5705(session, label_size, label, extra_size, extra, size, \
- (void*)key_material); \
+ (void*)key_material); \
if (ret < 0) { \
fprintf(stderr, "gnutls_prf_rfc5705: error in %d\n", __LINE__); \
gnutls_perror(ret); \
#define TRY_OLD(label_size, label, extra_size, extra, size, exp) \
{ \
ret = gnutls_prf(session, label_size, label, 1, extra_size, extra, size, \
- (void*)key_material); \
+ (void*)key_material); \
if (ret < 0) { \
fprintf(stderr, "gnutls_prf: error in %d\n", __LINE__); \
gnutls_perror(ret); \
/* check whether gnutls_prf matches gnutls_prf_rfc5705 when no context is given */
ret = gnutls_prf(session, 4, "aaaa", 0, 0, NULL, 64,
- (void*)key_material);
+ (void*)key_material);
if (ret < 0) {
fprintf(stderr, "gnutls_prf: error in %d\n", __LINE__);
gnutls_perror(ret);
}
ret = gnutls_prf_rfc5705(session, 4, "aaaa", 0, NULL, 64,
- (void*)key_material2);
+ (void*)key_material2);
if (ret < 0) {
fprintf(stderr, "gnutls_prf_rfc5705: error in %d\n", __LINE__);
gnutls_perror(ret);
}
ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
&server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_handshake_set_random(session, &hsrnd);
gnutls_transport_set_int(session, fd);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* switch server's certificate and rehandshake */
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred2);
+ serverx509cred2);
HANDSHAKE(client, server);
gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* switch server's certificate and rehandshake */
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred2);
+ clientx509cred2);
HANDSHAKE(client, server);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* switch server's certificate and rehandshake */
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred2);
+ clientx509cred2);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SESSION_USER_ID_CHANGED);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* switch server's certificate and rehandshake */
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred2);
+ serverx509cred2);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_SESSION_USER_ID_CHANGED, GNUTLS_E_AGAIN);
else
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_PSK,
- serverpskcred);
+ serverpskcred);
gnutls_priority_set_direct(server,
prio,
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK,
- clientpskcred);
+ clientpskcred);
if (ret < 0)
exit(1);
/* switch client's username and rehandshake */
ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK,
- clientpskcred2);
+ clientpskcred2);
if (ret < 0)
exit(1);
else
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_SRP,
- server_srp_cred);
+ server_srp_cred);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- server_x509_cred);
+ server_x509_cred);
gnutls_priority_set_direct(server,
prio,
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- client_x509_cred);
+ client_x509_cred);
if (ret < 0)
exit(1);
return res;
memcpy(res.data, cache_db[i].session_data,
- res.size);
+ res.size);
if (debug) {
unsigned j;
printf("data:\n");
for (j = 0; j < res.size; j++) {
printf("%02x ",
- res.data[j] & 0xFF);
+ res.data[j] & 0xFF);
if ((j + 1) % 16 == 0)
printf("\n");
}
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_set_default_priority(server);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
}
static int hsk_hook_cb(gnutls_session_t session, unsigned int htype, unsigned post,
- unsigned int incoming, const gnutls_datum_t *_msg)
+ unsigned int incoming, const gnutls_datum_t *_msg)
{
unsigned size;
gnutls_datum msg = {_msg->data, _msg->size};
return res;
memcpy(res.data, cache_db[i].session_data,
- res.size);
+ res.size);
#ifdef DEBUG_CACHE
if (debug) {
printf("data:\n");
for (j = 0; j < res.size; j++) {
printf("%02x ",
- res.data[j] & 0xFF);
+ res.data[j] & 0xFF);
if ((j + 1) % 16 == 0)
printf("\n");
}
ret =
gnutls_x509_privkey_import(key, &key_dat[i],
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("gnutls_x509_privkey_import\n");
ret =
gnutls_pubkey_encrypt_data(pubkey, 0, &hash_data,
- &out);
+ &out);
if (ret < 0)
fail("gnutls_pubkey_encrypt_data\n");
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
if (debug) {
printf("GnuTLS header version %s.\n", GNUTLS_VERSION);
printf("GnuTLS library version %s.\n",
- gnutls_check_version(NULL));
+ gnutls_check_version(NULL));
}
if (!gnutls_check_version_numeric(GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH)) {
for (i = 0; algs[i]; i++) {
if (debug)
printf("pk_list[%d] = %d = %s = %d\n",
- (int) i, algs[i],
- gnutls_pk_algorithm_get_name(algs
+ (int) i, algs[i],
+ gnutls_pk_algorithm_get_name(algs
[i]),
- gnutls_pk_get_id
- (gnutls_pk_algorithm_get_name
+ gnutls_pk_get_id
+ (gnutls_pk_algorithm_get_name
(algs[i])));
if (gnutls_pk_get_id
(gnutls_pk_algorithm_get_name(algs[i]))
for (i = 0; algs[i]; i++) {
if (debug)
printf("sign_list[%d] = %d = %s = %d\n",
- (int) i, algs[i],
- gnutls_sign_algorithm_get_name(algs
+ (int) i, algs[i],
+ gnutls_sign_algorithm_get_name(algs
[i]),
- gnutls_sign_get_id
- (gnutls_sign_algorithm_get_name
+ gnutls_sign_get_id
+ (gnutls_sign_algorithm_get_name
(algs[i])));
if (gnutls_sign_get_id
(gnutls_sign_algorithm_get_name(algs[i])) !=
static int
myaes_gcm_encrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *plain, size_t plain_size,
- void *encr, size_t encr_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *plain, size_t plain_size,
+ void *encr, size_t encr_size)
{
/* proper AEAD cipher */
struct myaes_gcm_ctx *ctx = _ctx;
static int
myaes_gcm_decrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *encr, size_t encr_size,
- void *plain, size_t plain_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *encr, size_t encr_size,
+ void *plain, size_t plain_size)
{
uint8_t tag[16];
struct myaes_gcm_ctx *ctx = _ctx;
static int
myaes_gcm_encrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *plain, size_t plain_size,
- void *encr, size_t encr_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *plain, size_t plain_size,
+ void *encr, size_t encr_size)
{
abort();
}
static int
myaes_gcm_decrypt(void *_ctx,
- const void *nonce, size_t nonce_size,
- const void *auth, size_t auth_size,
- size_t tag_size,
- const void *encr, size_t encr_size,
- void *plain, size_t plain_size)
+ const void *nonce, size_t nonce_size,
+ const void *auth, size_t auth_size,
+ size_t tag_size,
+ const void *encr, size_t encr_size,
+ void *plain, size_t plain_size)
{
abort();
}
gnutls_credentials_set(session, GNUTLS_CRD_SRP, s_srp_cred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- s_x509_cred);
+ s_x509_cred);
return session;
}
gnutls_srp_allocate_server_credentials(&s_srp_cred);
gnutls_srp_set_server_credentials_file(s_srp_cred, "tpasswd",
- "tpasswd.conf");
+ "tpasswd.conf");
gnutls_certificate_allocate_credentials(&s_x509_cred);
gnutls_certificate_set_x509_key_mem(s_x509_cred,
"-----END CERTIFICATE-----\n",
NULL,
/* Name constraints (critical):
- Permitted: DNSname: example.com */
+ Permitted: DNSname: example.com */
"-----BEGIN CERTIFICATE-----\n"
"MIIC/zCCAeegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
"MCIYDzIwMTUwMzI1MDc1ODQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
{ "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH), 0, NULL},
{ "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB128), 0, NULL},
{ "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
- GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
{ "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB192),
- GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
{ "name constraints: empty CN, empty SAN, permitted dns range", nc_good0, &nc_good0[2], 0, 0, 0, 1427270515},
{ "name constraints: dns in permitted range", nc_good1, &nc_good1[4], 0, 0, NULL, 1412850586},
{ "name constraints: ipv6 in permitted range", nc_good2, &nc_good2[4], 0, 0, NULL, 1467193927},
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server,
"NORMAL",
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
do {
ret =
gnutls_record_recv(session, buffer,
- MAX_BUF);
+ MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
} while (ret > 0);
GNUTLS_X509_FMT_PEM);
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
gnutls_priority_set_direct(server, "NORMAL", NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_certificate_allocate_credentials(&clientx509cred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
gnutls_priority_set_direct(client, "NORMAL", NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
if (ret < 0)
fail("init %d\n", ret);
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_crt_init(&crt) >= 0);
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ assert(gnutls_x509_crt_init(&crt) >= 0);
- assert(gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM) >= 0);
+ assert(gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM) >= 0);
- assert(gnutls_x509_crt_get_tlsfeatures(crt, feat, 0, &critical) >= 0);
- assert(critical == 0);
+ assert(gnutls_x509_crt_get_tlsfeatures(crt, feat, 0, &critical) >= 0);
+ assert(critical == 0);
- assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
- assert(out == 5);
+ assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
+ assert(out == 5);
- assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) != 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) != 0);
- /* append more features */
- assert(gnutls_x509_tlsfeatures_add(feat, 6) >= 0);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
+ /* append more features */
+ assert(gnutls_x509_tlsfeatures_add(feat, 6) >= 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- /* check whether a single TLSFeat with another value will fail verification */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether a single TLSFeat with another value will fail verification */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
- assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0);
+ assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0);
- gnutls_x509_tlsfeatures_deinit(feat);
- gnutls_x509_crt_deinit(crt);
+ gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
}
if (ret < 0)
fail("init %d\n", ret);
- /* init and write >1 features
- */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* init and write >1 features
+ */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 2) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 3) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 5) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 7) >= 0);
- assert(gnutls_x509_tlsfeatures_add(feat, 11) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 2) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 3) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 5) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 7) >= 0);
+ assert(gnutls_x509_tlsfeatures_add(feat, 11) >= 0);
- assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
+ assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- /* re-load and read
- */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* re-load and read
+ */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
+ assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
- assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
- assert(out == 2);
+ assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0);
+ assert(out == 2);
- assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) >= 0);
- assert(out == 3);
+ assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) >= 0);
+ assert(out == 3);
- assert(gnutls_x509_tlsfeatures_get(feat, 2, &out) >= 0);
- assert(out == 5);
+ assert(gnutls_x509_tlsfeatures_get(feat, 2, &out) >= 0);
+ assert(out == 5);
- assert(gnutls_x509_tlsfeatures_get(feat, 3, &out) >= 0);
- assert(out == 7);
+ assert(gnutls_x509_tlsfeatures_get(feat, 3, &out) >= 0);
+ assert(out == 7);
- assert(gnutls_x509_tlsfeatures_get(feat, 4, &out) >= 0);
- assert(out == 11);
+ assert(gnutls_x509_tlsfeatures_get(feat, 4, &out) >= 0);
+ assert(out == 11);
- gnutls_x509_tlsfeatures_deinit(feat);
- gnutls_free(der.data);
+ gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_free(der.data);
- /* check whether no feature is acceptable */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether no feature is acceptable */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
+ assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
+ assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0);
- assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- gnutls_free(der.data);
+ gnutls_free(der.data);
- /* check whether we can add a reasonable number of features */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether we can add a reasonable number of features */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- for (i=0;i<128;i++) {
- ret = gnutls_x509_tlsfeatures_add(feat, i);
- if (ret < 0) {
- assert(i>=32);
- assert(ret == GNUTLS_E_INTERNAL_ERROR);
- }
- }
+ for (i=0;i<128;i++) {
+ ret = gnutls_x509_tlsfeatures_add(feat, i);
+ if (ret < 0) {
+ assert(i>=32);
+ assert(ret == GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
- /* check whether we can import a very long list */
- assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
+ /* check whether we can import a very long list */
+ assert(gnutls_x509_tlsfeatures_init(&feat) >= 0);
- assert(gnutls_x509_ext_import_tlsfeatures(&der_long, feat, 0) == GNUTLS_E_INTERNAL_ERROR);
+ assert(gnutls_x509_ext_import_tlsfeatures(&der_long, feat, 0) == GNUTLS_E_INTERNAL_ERROR);
- gnutls_x509_tlsfeatures_deinit(feat);
+ gnutls_x509_tlsfeatures_deinit(feat);
gnutls_global_deinit();
}
test_cli_serv(gnutls_certificate_credentials_t server_cred,
gnutls_certificate_credentials_t client_cred,
const char *prio, const char *host,
- void *priv, callback_func *client_cb, callback_func *server_cb)
+ void *priv, callback_func *client_cb, callback_func *server_cb)
{
int exit_code = EXIT_SUCCESS;
int ret;
/* Init server */
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- server_cred);
+ server_cred);
gnutls_priority_set_direct(server, prio, NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
assert(gnutls_server_name_set(client, GNUTLS_NAME_DNS, host, strlen(host))>=0);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- client_cred);
+ client_cred);
if (ret < 0)
exit(1);
printf("\t;; ");
for (i = 0; i < len; i++) {
printf("%d%d%d%d%d%d%d%d ",
- (str[i] & 0xFF) & 0x80 ? 1 : 0,
- (str[i] & 0xFF) & 0x40 ? 1 : 0,
- (str[i] & 0xFF) & 0x20 ? 1 : 0,
- (str[i] & 0xFF) & 0x10 ? 1 : 0,
- (str[i] & 0xFF) & 0x08 ? 1 : 0,
- (str[i] & 0xFF) & 0x04 ? 1 : 0,
- (str[i] & 0xFF) & 0x02 ? 1 : 0,
- (str[i] & 0xFF) & 0x01 ? 1 : 0);
+ (str[i] & 0xFF) & 0x80 ? 1 : 0,
+ (str[i] & 0xFF) & 0x40 ? 1 : 0,
+ (str[i] & 0xFF) & 0x20 ? 1 : 0,
+ (str[i] & 0xFF) & 0x10 ? 1 : 0,
+ (str[i] & 0xFF) & 0x08 ? 1 : 0,
+ (str[i] & 0xFF) & 0x04 ? 1 : 0,
+ (str[i] & 0xFF) & 0x02 ? 1 : 0,
+ (str[i] & 0xFF) & 0x01 ? 1 : 0);
if ((i + 1) % 3 == 0)
printf(" ");
if ((i + 1) % 6 == 0 && i + 1 < len)
if (debug || error_count > 0)
printf("Self test `%s' finished with %d errors\n", argv[0],
- error_count);
+ error_count);
return error_count ? 1 : 0;
}
gnutls_init(&server, GNUTLS_SERVER|flags);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ serverx509cred);
assert(gnutls_priority_set_direct(server,
server_prio,
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
/* test the raw interface DigestInfo
*/
- ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info);
+ ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info);
assert(ret >= 0);
ret =
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(
HCERTSTORE hCertStore, DWORD dwCertEncodingType,
DWORD dwFindFlags, DWORD dwFindType,
- const void *pvFindPara, PCCERT_CONTEXT pPrevCertContext)
+ const void *pvFindPara, PCCERT_CONTEXT pPrevCertContext)
{
//CRYPT_HASH_BLOB *blob = (void*)pvFindPara;
__declspec(dllexport)
BOOL WINAPI CryptDecrypt(HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final,
- DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
+ DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
{
return 0;
}
oid_len = sizeof(oid);
ret =
gnutls_x509_crt_get_extension_info(cert, i, oid, &oid_len,
- &critical);
+ &critical);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
if (i != 9) {
fail("unexpected number of extensions: %d\n",
vdata.size = NAME_SIZE;
ret =
gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1,
- 0, &status, NULL);
+ 0, &status, NULL);
if (ret < 0 || status != 0)
fail("gnutls_x509_trust_list_verify_crt2 - 1: status: %x\n", status);
vdata.size = NAME_SIZE-2;
ret =
gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1,
- 0, &status, NULL);
+ 0, &status, NULL);
if (ret < 0 || status == 0)
fail("gnutls_x509_trust_list_verify_crt2 - 2: status: %x\n", status);
ret =
gnutls_x509_privkey_export2(get_key,
- GNUTLS_X509_FMT_PEM,
- &get_datum);
+ GNUTLS_X509_FMT_PEM,
+ &get_datum);
if (ret < 0)
fail("gnutls_x509_privkey_export2");
n_get_ca_crts = 0;
trust_iter = NULL;
while (gnutls_x509_trust_list_iter_get_ca(trust_list,
- &trust_iter,
- &get_ca_crt) !=
- GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ &trust_iter,
+ &get_ca_crt) !=
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
ret =
gnutls_x509_crt_export2(get_ca_crt,
- GNUTLS_X509_FMT_PEM,
- &get_datum);
+ GNUTLS_X509_FMT_PEM,
+ &get_datum);
if (ret < 0)
fail("gnutls_x509_crt_export2");
if (nreqs != 1) {
fail("client: invoked to provide client cert, but %d CAs are requested by server.\n",
- nreqs);
+ nreqs);
return -1;
}
if (val.value.size == strlen(EXPECT_RDN0)
&& strncmp((char *) val.value.data,
- EXPECT_RDN0, val.value.size) == 0) {
+ EXPECT_RDN0, val.value.size) == 0) {
if (debug)
success
("client: RND 0 correct.\n");
ret =
gnutls_x509_privkey_import(key, &key_dat[i],
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("gnutls_x509_privkey_import\n");
fail("gnutls_privkey_import_x509\n");
ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0,
- &hash_data, &signature2);
+ &hash_data, &signature2);
if (ret < 0)
fail("gnutls_privkey_sign_hash\n");
ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0,
- &raw_data, &signature);
+ &raw_data, &signature);
if (ret < 0)
fail("gnutls_x509_privkey_sign_hash\n");
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- &hash_data, &signature2);
+ &hash_data, &signature2);
if (ret < 0)
fail("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n");
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- &invalid_hash_data,
- &signature2);
+ &invalid_hash_data,
+ &signature2);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
fail("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n");
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo,
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
- &hash_data,
- &signature);
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
+ &hash_data,
+ &signature);
if (ret < 0)
fail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n");
/* test the legacy API */
ret =
gnutls_privkey_sign_raw_data(privkey, 0,
- &hash_data,
- &signature);
+ &hash_data,
+ &signature);
if (ret < 0)
fail("gnutls_privkey_sign_raw_data: %s\n",
gnutls_strerror(ret));
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo,
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
- &hash_data,
- &signature);
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
+ &hash_data,
+ &signature);
if (ret < 0)
fail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n");
}
ret =
gnutls_pubkey_verify_hash2(pubkey,
- sign_algo, 0,
- hash_data, &signature);
+ sign_algo, 0,
+ hash_data, &signature);
if (ret < 0)
ERR(__LINE__);
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey,
- sign_algo, 0,
- &invalid_hash_data,
- &signature);
+ sign_algo, 0,
+ &invalid_hash_data,
+ &signature);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
ERR(__LINE__);
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- hash_data, &signature);
+ hash_data, &signature);
if (ret < 0)
ERR(__LINE__);
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
- &invalid_hash_data,
- &signature);
+ &invalid_hash_data,
+ &signature);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
ERR(__LINE__);
ret =
gnutls_pubkey_verify_hash2(pubkey,
- sign_algo,
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
- hash_data,
- &signature);
+ sign_algo,
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
+ hash_data,
+ &signature);
if (ret < 0)
ERR(__LINE__);
projects / thirdparty / gnutls.git / commitdiff
