ADDFLAGS ?=
CFGFLAGS ?= --enable-gtk-doc --enable-gtk-doc-pdf $(ADDFLAGS) $(WFLAGS)
-INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./lib/minitasn1/ -e ^./lib/build-aux/ -e ^./lib/gl/ -e ^./gl/ -e ^./libextra/gl/ -e ^./src/cfg/ -e -gaa.[ch] -e asn1_tab.c`
+INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./lib/minitasn1/ -e ^./lib/build-aux/ -e ^./lib/gl/ -e ^./gl/ -e ^./libextra/gl/ -e ^./src/cfg/ -e -gaa.[ch] -e asn1_tab.c -e ^./tests/suite/`
ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile)
.DEFAULT_GOAL := bootstrap
else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
{
if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
- {
- _set_priority (&(*priority_cache)->protocol, protocol_priority);
- }
- else
- {
+ {
+ _set_priority (&(*priority_cache)->protocol,
+ protocol_priority);
+ }
+ else
+ {
if ((algo =
gnutls_protocol_get_id (&broken_list[i][6])) !=
GNUTLS_VERSION_UNKNOWN)
- fn (&(*priority_cache)->protocol, algo);
- else
+ fn (&(*priority_cache)->protocol, algo);
+ else
goto error;
- }
+ }
} /* now check if the element is something like -ALGO */
else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
{
if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0)
- {
- _set_priority (&(*priority_cache)->compression, comp_priority);
- }
- else
- {
- if ((algo =
+ {
+ _set_priority (&(*priority_cache)->compression,
+ comp_priority);
+ }
+ else
+ {
+ if ((algo =
gnutls_compression_get_id (&broken_list[i][6])) !=
- GNUTLS_COMP_UNKNOWN)
- fn (&(*priority_cache)->compression, algo);
- else
- goto error;
- }
+ GNUTLS_COMP_UNKNOWN)
+ fn (&(*priority_cache)->compression, algo);
+ else
+ goto error;
+ }
} /* now check if the element is something like -ALGO */
else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
{
if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
- {
- _set_priority (&(*priority_cache)->cert_type, cert_type_priority);
- }
- else
- {
- if ((algo =
+ {
+ _set_priority (&(*priority_cache)->cert_type,
+ cert_type_priority);
+ }
+ else
+ {
+ if ((algo =
gnutls_certificate_type_get_id (&broken_list[i][7])) !=
- GNUTLS_CRT_UNKNOWN)
- fn (&(*priority_cache)->cert_type, algo);
- else
- goto error;
- }
+ GNUTLS_CRT_UNKNOWN)
+ fn (&(*priority_cache)->cert_type, algo);
+ else
+ goto error;
+ }
} /* now check if the element is something like -ALGO */
else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0)
{
if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0)
- {
- _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
- }
- else
- {
- if ((algo =
+ {
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+ else
+ {
+ if ((algo =
gnutls_sign_get_id (&broken_list[i][6])) !=
- GNUTLS_SIGN_UNKNOWN)
+ GNUTLS_SIGN_UNKNOWN)
fn (&(*priority_cache)->sign_algo, algo);
- else
- goto error;
- }
+ else
+ goto error;
+ }
} /* now check if the element is something like -ALGO */
else
goto error;
int
gnutls_session_channel_binding (gnutls_session_t session,
gnutls_channel_binding_t cbtype,
- gnutls_datum_t *cb)
+ gnutls_datum_t * cb)
{
if (cbtype != GNUTLS_CB_TLS_UNIQUE)
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
gnutls_sign_func
gnutls_sign_callback_get (gnutls_session_t session, void **userdata);
-int gnutls_ext_register (int type,
+ int gnutls_ext_register (int type,
const char *name,
gnutls_ext_parse_type_t parse_type,
gnutls_ext_recv_func recv_func,
gnutls_ext_send_func send_func)
-_GNUTLS_GCC_ATTR_DEPRECATED;
+ _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef void (*gnutls_finished_callback_func) (gnutls_session_t session,
- const void *finished,
- size_t len);
-void gnutls_session_set_finished_function (gnutls_session_t session,
- gnutls_finished_callback_func func)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef void (*gnutls_finished_callback_func) (gnutls_session_t session,
+ const void *finished,
+ size_t len);
+ void gnutls_session_set_finished_function (gnutls_session_t session,
+ gnutls_finished_callback_func
+ func)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* returns security values.
* Do not use them unless you know what you're doing. Those are dangerous since
*/
#define GNUTLS_MASTER_SIZE 48
#define GNUTLS_RANDOM_SIZE 32
-const void *gnutls_session_get_server_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-const void *gnutls_session_get_client_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-const void *gnutls_session_get_master_secret (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-
-int gnutls_psk_netconf_derive_key (const char *password,
- const char *psk_identity,
- const char *psk_identity_hint,
- gnutls_datum_t * output_key) _GNUTLS_GCC_ATTR_DEPRECATED;
+ const void *gnutls_session_get_server_random (gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ const void *gnutls_session_get_client_random (gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ const void *gnutls_session_get_master_secret (gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_psk_netconf_derive_key (const char *password,
+ const char *psk_identity,
+ const char *psk_identity_hint,
+ gnutls_datum_t *
+ output_key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
#endif /* _GNUTLS_COMPAT_H */
* Enumeration of support channel binding types.
*/
typedef enum
- {
- GNUTLS_CB_TLS_UNIQUE
- } gnutls_channel_binding_t;
+ {
+ GNUTLS_CB_TLS_UNIQUE
+ } gnutls_channel_binding_t;
/* If you want to change this, then also change the define in
* gnutls_int.h, and recompile.
int gnutls_session_channel_binding (gnutls_session_t session,
gnutls_channel_binding_t cbtype,
- gnutls_datum_t *cb);
+ gnutls_datum_t * cb);
/* checks if this session is a resumed one
*/
/* flags */
typedef enum
{
- GNUTLS_PKCS11_PIN_USER = (1<<0),
- GNUTLS_PKCS11_PIN_SO = (1<<1),
- GNUTLS_PKCS11_PIN_FINAL_TRY = (1<<2),
- GNUTLS_PKCS11_PIN_COUNT_LOW = (1<<3)
+ GNUTLS_PKCS11_PIN_USER = (1 << 0),
+ GNUTLS_PKCS11_PIN_SO = (1 << 1),
+ GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
+ GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3)
} gnutls_pkcs11_pin_flag_t;
typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt,
const char *token_url,
const char *token_label,
- unsigned int flags /*gnutls_pkcs11_pin_flag_t*/,
- char *pin,
- size_t pin_max);
+ unsigned int flags
+ /*gnutls_pkcs11_pin_flag_t */ ,
+ char *pin, size_t pin_max);
struct gnutls_pkcs11_obj_st;
typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t* key,
- const char *label,
- unsigned int key_usage /* GNUTLS_KEY_* */,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_copy_secret_key (const char *token_url,
+ gnutls_datum_t * key, const char *label,
+ unsigned int key_usage /* GNUTLS_KEY_* */ ,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
typedef enum
{
int
gnutls_pkcs11_token_init (const char *token_url,
- const char* so_pin,
- const char *label);
+ const char *so_pin, const char *label);
int
-gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
- unsigned long *mechanism);
+gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
+ unsigned long *mechanism);
-int
-gnutls_pkcs11_token_set_pin (const char *token_url,
- const char* oldpin, const char* newpin, unsigned int flags/*gnutls_pkcs11_pin_flag_t*/);
+int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */
+ );
int gnutls_pkcs11_token_get_url (unsigned int seq,
gnutls_pkcs11_url_type_t detailed,
certificate);
const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t);
-int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
- unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs,
- unsigned int flags /* must be zero */);
+int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /* must be zero */
+ );
/* private key functions...*/
#include <fcntl.h>
#include <locks.h>
#ifdef HAVE_GETRUSAGE
-# include <sys/resource.h>
+#include <sys/resource.h>
#endif
#include "egd.h"
}
int
-pkcs11_find_slot (pakchois_module_t** module, ck_slot_id_t *slot,
- struct pkcs11_url_info *info, struct token_info* _tinfo)
+pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot,
+ struct pkcs11_url_info *info, struct token_info *_tinfo)
{
int x, z;
/* ok found */
*module = providers[x].module;
*slot = providers[x].slots[z];
-
+
if (_tinfo != NULL)
- memcpy(_tinfo, &tinfo, sizeof(tinfo));
+ memcpy (_tinfo, &tinfo, sizeof (tinfo));
return 0;
}
}
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
ck_slot_id_t slot;
struct token_info tinfo;
- ret = pkcs11_find_slot(&module, &slot, info, &tinfo);
+ ret = pkcs11_find_slot (&module, &slot, info, &tinfo);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
CKF_SERIAL_SESSION, NULL, NULL, &pks);
if (rv != CKR_OK)
{
- gnutls_assert();
+ gnutls_assert ();
return pkcs11_rv_to_err (rv);
}
if (flags & SESSION_LOGIN)
{
- ret = pkcs11_login (pks, &tinfo, (flags & SESSION_SO)?1:0);
+ ret = pkcs11_login (pks, &tinfo, (flags & SESSION_SO) ? 1 : 0);
if (ret < 0)
{
gnutls_assert ();
if (flags & SESSION_LOGIN)
{
- ret = pkcs11_login (pks, &info, (flags & SESSION_SO)?1:0);
+ ret = pkcs11_login (pks, &info, (flags & SESSION_SO) ? 1 : 0);
if (ret < 0)
{
gnutls_assert ();
unsigned int
pkcs11_obj_flags_to_int (unsigned int flags)
{
-unsigned int ret_flags = 0;
+ unsigned int ret_flags = 0;
if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
- ret_flags |= SESSION_LOGIN;
-
+ ret_flags |= SESSION_LOGIN;
+
return ret_flags;
}
size_t key_ids_size;
};
-int pkcs11_login (pakchois_session_t * pks,
- const struct token_info *info, int so)
+int
+pkcs11_login (pakchois_session_t * pks, const struct token_info *info, int so)
{
int attempt = 0, ret;
ck_rv_t rv;
* required. */
if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
{
- if (pakchois_login (pks, (so==0)?CKU_USER:CKU_SO, NULL, 0) == CKR_OK)
+ if (pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0) ==
+ CKR_OK)
{
return 0;
}
flags = 0;
if (so == 0)
- {
+ {
flags |= GNUTLS_PKCS11_PIN_USER;
if (tinfo.flags & CKF_USER_PIN_COUNT_LOW)
flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
}
else
- {
+ {
flags |= GNUTLS_PKCS11_PIN_SO;
if (tinfo.flags & CKF_SO_PIN_COUNT_LOW)
flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
}
pin_len = strlen (pin);
- rv = pakchois_login (pks, (so==0)?CKU_USER:CKU_SO,
- (unsigned char *) pin, pin_len);
+ rv = pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO,
+ (unsigned char *) pin, pin_len);
/* Try to scrub the pin off the stack. Clever compilers will
* probably optimize this away, oh well. */
* Returns: zero on success or a negative value on error.
**/
int
-gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
- unsigned long* mechanism)
+gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
+ unsigned long *mechanism)
{
int ret;
ck_rv_t rv;
}
- ret = pkcs11_find_slot(&module, &slot, &info, &tinfo);
+ ret = pkcs11_find_slot (&module, &slot, &info, &tinfo);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
- count = sizeof(mlist)/sizeof(mlist[0]);
- rv = pakchois_get_mechanism_list(module, slot, mlist, &count);
+ count = sizeof (mlist) / sizeof (mlist[0]);
+ rv = pakchois_get_mechanism_list (module, slot, mlist, &count);
if (rv != CKR_OK)
{
- gnutls_assert();
+ gnutls_assert ();
return pkcs11_rv_to_err (rv);
}
if (idx >= count)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
-
+
*mechanism = mlist[idx];
return 0;
int pkcs11_rv_to_err (ck_rv_t rv);
int pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info);
int
-pkcs11_find_slot (pakchois_module_t** module, ck_slot_id_t *slot,
- struct pkcs11_url_info *info, struct token_info* _tinfo);
+pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot,
+ struct pkcs11_url_info *info, struct token_info *_tinfo);
int pkcs11_get_info (struct pkcs11_url_info *info,
gnutls_pkcs11_obj_info_t itype, void *output,
size_t * output_size);
-int pkcs11_login (pakchois_session_t * pks,
- const struct token_info *info, int admin);
+int pkcs11_login (pakchois_session_t * pks,
+ const struct token_info *info, int admin);
extern gnutls_pkcs11_token_callback_t token_func;
extern void *token_data;
#define SESSION_WRITE (1<<0)
#define SESSION_LOGIN (1<<1)
-#define SESSION_SO (1<<2) /* security officer session */
+#define SESSION_SO (1<<2) /* security officer session */
int pkcs11_open_session (pakchois_session_t ** _pks,
struct pkcs11_url_info *info, unsigned int flags);
int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t* key,
- const char *label,
- unsigned int key_usage,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
+int
+gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
{
int ret;
pakchois_session_t *pks;
}
/* generate a unique ID */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof(id));
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof (id));
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
a[4].value_len = sizeof (keytype);
a[5].type = CKA_ID;
a[5].value = id;
- a[5].value_len = sizeof(id);
+ a[5].value_len = sizeof (id);
a_val = 6;
**/
int
gnutls_pkcs11_token_init (const char *token_url,
- const char* so_pin,
- const char *label)
+ const char *so_pin, const char *label)
{
int ret;
struct pkcs11_url_info info;
return ret;
}
- ret = pkcs11_find_slot(&module, &slot, &info, NULL);
+ ret = pkcs11_find_slot (&module, &slot, &info, NULL);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
/* so it seems memset has other uses than zeroing! */
- memset(flabel, ' ', sizeof(flabel));
+ memset (flabel, ' ', sizeof (flabel));
if (label != NULL)
- memcpy(flabel, label, strlen(label));
+ memcpy (flabel, label, strlen (label));
- rv = pakchois_init_token(module, slot, (char*)so_pin, strlen(so_pin), flabel);
+ rv =
+ pakchois_init_token (module, slot, (char *) so_pin, strlen (so_pin),
+ flabel);
if (rv != CKR_OK)
{
gnutls_assert ();
**/
int
gnutls_pkcs11_token_set_pin (const char *token_url,
- const char* oldpin,
- const char* newpin,
- unsigned int flags)
+ const char *oldpin,
+ const char *newpin, unsigned int flags)
{
int ret;
pakchois_session_t *pks;
return ret;
}
- if (((flags & GNUTLS_PKCS11_PIN_USER) && oldpin == NULL) ||
- (flags & GNUTLS_PKCS11_PIN_SO))
- ses_flags = SESSION_WRITE|SESSION_LOGIN|SESSION_SO;
- else
- ses_flags = SESSION_WRITE|SESSION_LOGIN;
+ if (((flags & GNUTLS_PKCS11_PIN_USER) && oldpin == NULL) ||
+ (flags & GNUTLS_PKCS11_PIN_SO))
+ ses_flags = SESSION_WRITE | SESSION_LOGIN | SESSION_SO;
+ else
+ ses_flags = SESSION_WRITE | SESSION_LOGIN;
ret = pkcs11_open_session (&pks, &info, ses_flags);
if (ret < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return ret;
}
if (oldpin == NULL)
{
- rv = pakchois_init_pin(pks, (char*)newpin, strlen(newpin));
+ rv = pakchois_init_pin (pks, (char *) newpin, strlen (newpin));
if (rv != CKR_OK)
{
gnutls_assert ();
}
else
{
- rv = pakchois_set_pin(pks,
- (char*)oldpin, strlen(oldpin),
- (char*)newpin, strlen(newpin));
+ rv = pakchois_set_pin (pks,
+ (char *) oldpin, strlen (oldpin),
+ (char *) newpin, strlen (newpin));
if (rv != CKR_OK)
{
gnutls_assert ();
}
if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
- ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) || issuer_version != 1))
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1))
{
if (check_if_ca (cert, issuer, flags) == 0)
{
parameters field is not present, or it contains 0x05 0x00. */
if (!(result == ASN1_ELEMENT_NOT_FOUND ||
(result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
- memcmp(str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
+ memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
{
gnutls_assert ();
asn1_delete_structure (&dinfo);
}
gnutls_datum_t *
-load_secret_key (int mand, common_info_st* info)
+load_secret_key (int mand, common_info_st * info)
{
unsigned char raw_key[64];
- size_t raw_key_size = sizeof(raw_key);
+ size_t raw_key_size = sizeof (raw_key);
static gnutls_datum_t key;
gnutls_datum_t hex_key;
int ret;
return NULL;
}
- hex_key.data = (char*)info->secret_key;
- hex_key.size = strlen(info->secret_key);
-
- ret = gnutls_hex_decode( &hex_key, raw_key, &raw_key_size);
+ hex_key.data = (char *) info->secret_key;
+ hex_key.size = strlen (info->secret_key);
+
+ ret = gnutls_hex_decode (&hex_key, raw_key, &raw_key_size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
+ error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
key.data = raw_key;
key.size = raw_key_size;
-
+
return &key;
}
* @mand should be non zero if it is required to read a private key.
*/
gnutls_x509_privkey_t
-load_private_key (int mand, common_info_st* info)
+load_private_key (int mand, common_info_st * info)
{
gnutls_x509_privkey_t key;
int ret;
* null will be returned if the certificate loading fails.
*/
gnutls_x509_crt_t
-load_cert (int mand, common_info_st* info)
+load_cert (int mand, common_info_st * info)
{
gnutls_x509_crt_t *crt;
size_t size;
/* Loads a certificate list
*/
gnutls_x509_crt_t *
-load_cert_list (int mand, size_t * crt_size, common_info_st* info)
+load_cert_list (int mand, size_t * crt_size, common_info_st * info)
{
FILE *fd;
static gnutls_x509_crt_t crt[MAX_CERTS];
/* Load the Certificate Request.
*/
gnutls_x509_crq_t
-load_request (common_info_st* info)
+load_request (common_info_st * info)
{
gnutls_x509_crq_t crq;
int ret;
/* Load the CA's private key.
*/
gnutls_x509_privkey_t
-load_ca_private_key (common_info_st* info)
+load_ca_private_key (common_info_st * info)
{
gnutls_x509_privkey_t key;
int ret;
/* Loads the CA's certificate
*/
gnutls_x509_crt_t
-load_ca_cert (common_info_st* info)
+load_ca_cert (common_info_st * info)
{
gnutls_x509_crt_t crt;
int ret;
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info->ca);
+ error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s",
+ info->ca);
ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
free (dat.data);
* @mand should be non zero if it is required to read a public key.
*/
gnutls_pubkey_t
-load_pubkey (int mand, common_info_st* info)
+load_pubkey (int mand, common_info_st * info)
{
gnutls_pubkey_t key;
int ret;
#ifndef CERTTOOL_COMMON_H
-# define CERTTOOL_COMMON_H
+#define CERTTOOL_COMMON_H
#include <gnutls/x509.h>
#include <stdio.h>
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
-typedef struct common_info {
- const char* secret_key;
- const char* privkey;
- const char* pubkey;
+typedef struct common_info
+{
+ const char *secret_key;
+ const char *privkey;
+ const char *pubkey;
int pkcs8;
int incert_format;
- const char* cert;
-
- const char* request;
- const char* ca;
- const char* ca_privkey;
+ const char *cert;
+
+ const char *request;
+ const char *ca;
+ const char *ca_privkey;
} common_info_st;
-gnutls_x509_privkey_t load_private_key (int mand, common_info_st* info);
-gnutls_x509_crq_t load_request (common_info_st* info);
-gnutls_x509_privkey_t load_ca_private_key (common_info_st* info);
-gnutls_x509_crt_t load_ca_cert (common_info_st* info);
-gnutls_x509_crt_t load_cert (int mand, common_info_st* info);
-gnutls_datum* load_secret_key (int mand, common_info_st* info);
-gnutls_pubkey_t load_pubkey (int mand, common_info_st* info);
-gnutls_x509_crt_t *load_cert_list (int mand, size_t * size, common_info_st* info);
+gnutls_x509_privkey_t load_private_key (int mand, common_info_st * info);
+gnutls_x509_crq_t load_request (common_info_st * info);
+gnutls_x509_privkey_t load_ca_private_key (common_info_st * info);
+gnutls_x509_crt_t load_ca_cert (common_info_st * info);
+gnutls_x509_crt_t load_cert (int mand, common_info_st * info);
+gnutls_datum *load_secret_key (int mand, common_info_st * info);
+gnutls_pubkey_t load_pubkey (int mand, common_info_st * info);
+gnutls_x509_crt_t *load_cert_list (int mand, size_t * size,
+ common_info_st * info);
/* returns the bits specified in cmd */
int get_bits (gnutls_pk_algorithm_t);
/* prime.c */
int generate_prime (int how);
-FILE * safe_open_rw (const char *file, int privkey_op);
+FILE *safe_open_rw (const char *file, int privkey_op);
extern unsigned char buffer[];
extern const int buffer_size;
void crq_info (void);
void smime_to_pkcs7 (void);
void pkcs12_info (void);
-void generate_pkcs12 (common_info_st*);
-void generate_pkcs8 (common_info_st*);
+void generate_pkcs12 (common_info_st *);
+void generate_pkcs8 (common_info_st *);
void verify_chain (void);
-void verify_crl (common_info_st* cinfo);
-void pubkey_info (gnutls_x509_crt crt, common_info_st*);
+void verify_crl (common_info_st * cinfo);
+void pubkey_info (gnutls_x509_crt crt, common_info_st *);
void pgp_privkey_info (void);
void pgp_ring_info (void);
-void certificate_info (int, common_info_st*);
+void certificate_info (int, common_info_st *);
void pgp_certificate_info (void);
void crl_info (void);
void privkey_info (void);
static void gaa_parser (int argc, char **argv);
-void generate_self_signed (common_info_st*);
-void generate_request (common_info_st* );
+void generate_self_signed (common_info_st *);
+void generate_request (common_info_st *);
static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
unsigned int all);
static gnutls_x509_crt_t
generate_certificate (gnutls_x509_privkey_t * ret_key,
- gnutls_x509_crt_t ca_crt, int proxy, common_info_st* cinfo)
+ gnutls_x509_crt_t ca_crt, int proxy,
+ common_info_st * cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key = NULL;
}
static gnutls_x509_crl_t
-generate_crl (gnutls_x509_crt_t ca_crt, common_info_st* cinfo)
+generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
{
gnutls_x509_crl_t crl;
gnutls_x509_crt_t *crts;
}
void
-generate_self_signed (common_info_st* cinfo)
+generate_self_signed (common_info_st * cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;
}
static void
-generate_signed_certificate (common_info_st* cinfo)
+generate_signed_certificate (common_info_st * cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;
}
static void
-generate_proxy_certificate (common_info_st* cinfo)
+generate_proxy_certificate (common_info_st * cinfo)
{
gnutls_x509_crt_t crt, eecrt;
gnutls_x509_privkey_t key, eekey;
}
static void
-generate_signed_crl (common_info_st* cinfo)
+generate_signed_crl (common_info_st * cinfo)
{
gnutls_x509_crl_t crl;
int result;
}
static void
-update_signed_certificate (common_info_st* cinfo)
+update_signed_certificate (common_info_st * cinfo)
{
gnutls_x509_crt_t crt;
size_t size;
if ((ret = gnutls_global_init_extra ()) < 0)
error (EXIT_FAILURE, 0, "global_init_extra: %s", gnutls_strerror (ret));
- memset(&cinfo, 0, sizeof(cinfo));
+ memset (&cinfo, 0, sizeof (cinfo));
cinfo.privkey = info.privkey;
cinfo.pubkey = info.pubkey;
cinfo.pkcs8 = info.pkcs8;
#define MAX_CRTS 500
void
-certificate_info (int pubkey, common_info_st* cinfo)
+certificate_info (int pubkey, common_info_st * cinfo)
{
gnutls_x509_crt_t crt[MAX_CRTS];
size_t size;
/* Generate a PKCS #10 certificate request.
*/
void
-generate_request (common_info_st* cinfo)
+generate_request (common_info_st * cinfo)
{
gnutls_x509_crq_t crq;
gnutls_x509_privkey_t key;
}
void
-verify_crl (common_info_st* cinfo)
+verify_crl (common_info_st * cinfo)
{
size_t size, dn_size;
char dn[128];
void
-generate_pkcs8 (common_info_st* cinfo)
+generate_pkcs8 (common_info_st * cinfo)
{
gnutls_x509_privkey_t key;
int result;
#include <unistd.h>
void
-generate_pkcs12 (common_info_st* cinfo)
+generate_pkcs12 (common_info_st * cinfo)
{
gnutls_pkcs12_t pkcs12;
gnutls_x509_crt_t *crts;
}
void
-pubkey_info (gnutls_x509_crt crt, common_info_st* cinfo)
+pubkey_info (gnutls_x509_crt crt, common_info_st * cinfo)
{
gnutls_pubkey_t pubkey;
unsigned int bits, usage;
psk_callback (gnutls_session_t session, char **username, gnutls_datum_t * key)
{
const char *hint = gnutls_psk_client_get_hint (session);
- unsigned char* rawkey;
+ unsigned char *rawkey;
char *passwd;
int ret;
size_t res_size;
}
tmp.data = passwd;
- tmp.size = strlen(passwd);
-
- res_size = tmp.size/2+1;
- rawkey = gnutls_malloc(res_size);
+ tmp.size = strlen (passwd);
+
+ res_size = tmp.size / 2 + 1;
+ rawkey = gnutls_malloc (res_size);
if (rawkey == NULL)
return GNUTLS_E_MEMORY_ERROR;
- ret = gnutls_hex_decode(&tmp, rawkey, &res_size);
+ ret = gnutls_hex_decode (&tmp, rawkey, &res_size);
if (ret < 0)
{
fprintf (stderr, "Error deriving password: %s\n",
gnutls_free (*username);
return ret;
}
-
+
key->data = rawkey;
key->size = res_size;
gnutls_datum cb;
int rc;
- rc = gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
+ rc =
+ gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
if (rc)
fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc));
else
else
outfile = stdout;
- memset(&cinfo, 0, sizeof(cinfo));
+ memset (&cinfo, 0, sizeof (cinfo));
cinfo.secret_key = info.secret_key;
cinfo.privkey = info.privkey;
cinfo.pkcs8 = info.pkcs8;
pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
break;
case ACTION_PKCS11_MECHANISMS:
- pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
+ pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login,
+ &cinfo);
break;
case ACTION_PKCS11_EXPORT_URL:
pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
#ifndef P11TOOL_H
-# define P11TOOL_H
+#define P11TOOL_H
#include "certtool-common.h"
void pkcs11_list (FILE * outfile, const char *url, int type,
- unsigned int login, unsigned int detailed, common_info_st*);
-void pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login, common_info_st*);
+ unsigned int login, unsigned int detailed,
+ common_info_st *);
+void pkcs11_mechanism_list (FILE * outfile, const char *url,
+ unsigned int login, common_info_st *);
void pkcs11_export (FILE * outfile, const char *pkcs11_url,
- unsigned int login, common_info_st*);
-void pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st*);
+ unsigned int login, common_info_st *);
+void pkcs11_token_list (FILE * outfile, unsigned int detailed,
+ common_info_st *);
void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
- int trusted, unsigned int login, common_info_st*);
+ int trusted, unsigned int login, common_info_st *);
void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
- unsigned int login, common_info_st*);
-void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char* label, common_info_st*);
+ unsigned int login, common_info_st *);
+void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char *label,
+ common_info_st *);
#define PKCS11_TYPE_CRT_ALL 1
#define PKCS11_TYPE_TRUSTED 2
}
void
-pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, common_info_st* info)
+pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
+ common_info_st * info)
{
int ret;
unsigned int obj_flags = 0;
*/
void
pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
- unsigned int detailed, common_info_st* info)
+ unsigned int detailed, common_info_st * info)
{
gnutls_pkcs11_obj_t *crt_list;
gnutls_x509_crt_t xcrt;
}
void
-pkcs11_export (FILE * outfile, const char *url, unsigned int login, common_info_st* info)
+pkcs11_export (FILE * outfile, const char *url, unsigned int login,
+ common_info_st * info)
{
gnutls_pkcs11_obj_t crt;
gnutls_x509_crt_t xcrt;
}
void
-pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st* info)
+pkcs11_token_list (FILE * outfile, unsigned int detailed,
+ common_info_st * info)
{
int ret;
int i;
void
pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
- unsigned int login, common_info_st* info)
+ unsigned int login, common_info_st * info)
{
gnutls_x509_crt_t xcrt;
gnutls_x509_privkey_t xkey;
int ret;
unsigned int flags = 0;
unsigned int key_usage = 0;
- gnutls_datum_t* secret_key;
+ gnutls_datum_t *secret_key;
if (login)
flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
if (url == NULL)
url = "pkcs11:";
- secret_key = load_secret_key(0, info);
+ secret_key = load_secret_key (0, info);
if (secret_key != NULL)
{
ret =
gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
- flags |
- GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ flags |
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
}
void
-pkcs11_init (FILE * outfile, const char *url, const char *label, common_info_st* info)
+pkcs11_init (FILE * outfile, const char *url, const char *label,
+ common_info_st * info)
{
int ret;
- char * pin;
+ char *pin;
char so_pin[32];
pkcs11_common ();
if (url == NULL)
{
- fprintf(stderr, "No token URL given to initialize!\n");
- exit(1);
+ fprintf (stderr, "No token URL given to initialize!\n");
+ exit (1);
}
pin = getpass ("Enter Security Officer's PIN: ");
if (pin == NULL)
- exit(0);
-
- strcpy(so_pin, pin);
+ exit (0);
+
+ strcpy (so_pin, pin);
pin = getpass ("Enter new User's PIN: ");
if (pin == NULL)
- exit(0);
-
- ret =
- gnutls_pkcs11_token_init (url, so_pin, label);
+ exit (0);
+
+ ret = gnutls_pkcs11_token_init (url, so_pin, label);
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
- ret =
- gnutls_pkcs11_token_set_pin (url, NULL, pin, GNUTLS_PKCS11_PIN_USER);
+ ret = gnutls_pkcs11_token_set_pin (url, NULL, pin, GNUTLS_PKCS11_PIN_USER);
if (ret < 0)
{
fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
+ gnutls_strerror (ret));
exit (1);
}
return;
}
-const char* mech_list[] = {
+const char *mech_list[] = {
[0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
[1] = "CKM_RSA_PKCS",
[2] = "CKM_RSA_9796",
void
pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login,
- common_info_st* info)
+ common_info_st * info)
{
int ret;
int idx;
unsigned int obj_flags = 0;
unsigned long mechanism;
- const char* str;
+ const char *str;
if (login)
obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
if (url == NULL)
url = "pkcs11:";
-
+
idx = 0;
- do
+ do
{
- ret = gnutls_pkcs11_token_get_mechanism(url, idx++, &mechanism);
+ ret = gnutls_pkcs11_token_get_mechanism (url, idx++, &mechanism);
if (ret >= 0)
- {
- str = NULL;
- if (mechanism <= sizeof(mech_list)/sizeof(mech_list[0]))
- str = mech_list[mechanism];
- if (str == NULL) str = "UNKNOWN";
-
- fprintf(outfile, "[0x%.4lx] %s\n", mechanism, str);
- }
- } while(ret >= 0);
+ {
+ str = NULL;
+ if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0]))
+ str = mech_list[mechanism];
+ if (str == NULL)
+ str = "UNKNOWN";
+
+ fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str);
+ }
+ }
+ while (ret >= 0);
return;
snprintf (tmp2, "%.2X", sesid[i]);
snprintf (tmp2, "</i></p>\n");
snprintf (tmp2,
- "<h5>If your browser supports session resuming, then you should see the "
- "same session ID, when you press the <b>reload</b> button.</h5>\n");
+ "<h5>If your browser supports session resuming, then you should see the "
+ "same session ID, when you press the <b>reload</b> button.</h5>\n");
/* Here unlike print_info() we use the kx algorithm to distinguish
* the functions to call.
if (kx_alg == GNUTLS_KX_SRP)
{
snprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
- gnutls_srp_server_get_username (session));
+ gnutls_srp_server_get_username (session));
}
#endif
if (kx_alg == GNUTLS_KX_PSK)
{
snprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
- gnutls_psk_server_get_username (session));
+ gnutls_psk_server_get_username (session));
}
#endif
if (kx_alg == GNUTLS_KX_ANON_DH)
{
snprintf (tmp2,
- "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
- gnutls_dh_get_prime_bits (session));
+ "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
+ gnutls_dh_get_prime_bits (session));
}
#endif
if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS)
{
snprintf (tmp2,
- "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
- gnutls_dh_get_prime_bits (session));
+ "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
+ gnutls_dh_get_prime_bits (session));
}
/* print session information */
if (tmp == NULL)
tmp = str_unknown;
snprintf (tmp2,
- "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
- tmp);
+ "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
+ tmp);
if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE)
{
(session));
if (tmp == NULL)
tmp = str_unknown;
- snprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", tmp);
+ snprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n",
+ tmp);
}
tmp = gnutls_kx_get_name (kx_alg);
if (tmp == NULL)
tmp = str_unknown;
snprintf (tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n",
- tmp);
+ tmp);
if (crtinfo)
{
- snprintf(tmp2, "<hr><PRE>%s\n</PRE>\n", crtinfo);
+ snprintf (tmp2, "<hr><PRE>%s\n</PRE>\n", crtinfo);
free (crtinfo);
}
- snprintf(tmp2, "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" HTTP_END, header);
+ snprintf (tmp2, "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" HTTP_END,
+ header);
*ret_length = strlen (http_buffer);
verify_status, chains[i].expected_verify_result);
#if 0
- j=0;
- do
- {
- fprintf(stderr, "%s\n", chains[i].chain[j]);
- }
- while(chains[i].chain[++j] != NULL);
+ j = 0;
+ do
+ {
+ fprintf (stderr, "%s\n", chains[i].chain[j]);
+ }
+ while (chains[i].chain[++j] != NULL);
#endif
if (!debug)
if (err)
fail ("server DH params init %d\n", err);
- err = gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ err =
+ gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
if (err)
fail ("server DH params generate %d\n", err);