commit 9181dd0a072670d61a2e6839f23d7e33165ca089 parent 484e65d76e26874485e906f5221156442bb52467 Author: Christian Grothoff <christian@grothoff.org> Date: Sun, 24 Aug 2008 18:03:05 +0000 indenting Diffstat:
151 files changed, 3723 insertions(+), 3643 deletions(-)
diff --git a/doc/examples/basicauthentication.c b/doc/examples/basicauthentication.c @@ -11,60 +11,75 @@ #define PASSWORD "and his password" -char* string_to_base64 (const char *message); +char *string_to_base64 (const char *message); -int ask_for_authentication (struct MHD_Connection *connection, const char *realm) +int +ask_for_authentication (struct MHD_Connection *connection, const char *realm) { int ret; struct MHD_Response *response; char *headervalue; const char *strbase = "Basic realm="; - + response = MHD_create_response_from_data (0, NULL, MHD_NO, MHD_NO); - if (!response) return MHD_NO; - + if (!response) + return MHD_NO; + headervalue = malloc (strlen (strbase) + strlen (realm) + 1); - if (!headervalue) return MHD_NO; + if (!headervalue) + return MHD_NO; strcpy (headervalue, strbase); strcat (headervalue, realm); - + ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue); - free (headervalue); - if (!ret) {MHD_destroy_response (response); return MHD_NO;} + free (headervalue); + if (!ret) + { + MHD_destroy_response (response); + return MHD_NO; + } ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response); - + MHD_destroy_response (response); return ret; } -int is_authenticated (struct MHD_Connection *connection, - const char *username, const char *password) +int +is_authenticated (struct MHD_Connection *connection, + const char *username, const char *password) { const char *headervalue; char *expected_b64, *expected; - const char *strbase = "Basic "; + const char *strbase = "Basic "; int authenticated; - headervalue = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "Authorization"); - if (NULL == headervalue) return 0; - if (0 != strncmp (headervalue, strbase, strlen (strbase))) return 0; + headervalue = + MHD_lookup_connection_value (connection, MHD_HEADER_KIND, + "Authorization"); + if (NULL == headervalue) + return 0; + if (0 != strncmp (headervalue, strbase, strlen (strbase))) + return 0; expected = malloc (strlen (username) + 1 + strlen (password) + 1); - if (NULL == expected) return 0; + if (NULL == expected) + return 0; strcpy (expected, username); strcat (expected, ":"); - strcat (expected, password); + strcat (expected, password); expected_b64 = string_to_base64 (expected); - if (NULL == expected_b64) return 0; - + if (NULL == expected_b64) + return 0; + strcpy (expected, strbase); - authenticated = (strcmp (headervalue + strlen (strbase), expected_b64) == 0); + authenticated = + (strcmp (headervalue + strlen (strbase), expected_b64) == 0); free (expected_b64); @@ -72,15 +87,19 @@ int is_authenticated (struct MHD_Connection *connection, } -int secret_page (struct MHD_Connection *connection) +int +secret_page (struct MHD_Connection *connection) { int ret; struct MHD_Response *response; const char *page = "<html><body>A secret.</body></html>"; - - response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); - if (!response) return MHD_NO; - + + response = + MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO, + MHD_NO); + if (!response) + return MHD_NO; + ret = MHD_queue_response (connection, MHD_HTTP_OK, response); MHD_destroy_response (response); @@ -88,64 +107,78 @@ int secret_page (struct MHD_Connection *connection) } -int answer_to_connection (void *cls, struct MHD_Connection *connection, - const char *url, const char *method, const char *version, - const char *upload_data, unsigned int *upload_data_size, - void **con_cls) +int +answer_to_connection (void *cls, struct MHD_Connection *connection, + const char *url, const char *method, + const char *version, const char *upload_data, + unsigned int *upload_data_size, void **con_cls) { - if (0 != strcmp(method, "GET")) return MHD_NO; - if (NULL == *con_cls) {*con_cls = connection; return MHD_YES;} + if (0 != strcmp (method, "GET")) + return MHD_NO; + if (NULL == *con_cls) + { + *con_cls = connection; + return MHD_YES; + } + + if (!is_authenticated (connection, USER, PASSWORD)) + return ask_for_authentication (connection, REALM); - if (!is_authenticated (connection, USER, PASSWORD)) - return ask_for_authentication (connection, REALM); - return secret_page (connection); } -int main () +int +main () { struct MHD_Daemon *daemon; - daemon = MHD_start_daemon(MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, - &answer_to_connection, NULL, MHD_OPTION_END); - if (NULL == daemon) return 1; + daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, + &answer_to_connection, NULL, MHD_OPTION_END); + if (NULL == daemon) + return 1; - getchar (); + getchar (); MHD_stop_daemon (daemon); return 0; } -char* string_to_base64 (const char *message) +char * +string_to_base64 (const char *message) { - const char *lookup = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + const char *lookup = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; unsigned long l; int i; char *tmp; size_t length = strlen (message); - + tmp = malloc (length * 2); - if (NULL == tmp) return tmp; + if (NULL == tmp) + return tmp; tmp[0] = 0; - for (i = 0; i < length; i += 3) + for (i = 0; i < length; i += 3) { - l = ( ((unsigned long) message[i])<<16 ) - | (((i+1) < length) ? (((unsigned long) message[i+1])<<8 ) : 0 ) - | (((i+2) < length) ? ( (unsigned long) message[i+2] ) : 0 ); + l = (((unsigned long) message[i]) << 16) + | (((i + 1) < length) ? (((unsigned long) message[i + 1]) << 8) : 0) + | (((i + 2) < length) ? ((unsigned long) message[i + 2]) : 0); + + strncat (tmp, &lookup[(l >> 18) & 0x3F], 1); + strncat (tmp, &lookup[(l >> 12) & 0x3F], 1); - strncat (tmp, &lookup[(l>>18) & 0x3F], 1); - strncat (tmp, &lookup[(l>>12) & 0x3F], 1); - - if (i+1 < length) strncat (tmp, &lookup[(l>> 6) & 0x3F], 1); - if (i+2 < length) strncat (tmp, &lookup[l & 0x3F], 1); + if (i + 1 < length) + strncat (tmp, &lookup[(l >> 6) & 0x3F], 1); + if (i + 2 < length) + strncat (tmp, &lookup[l & 0x3F], 1); } - if (length % 3) strncat (tmp, "===", 3-length%3); - + if (length % 3) + strncat (tmp, "===", 3 - length % 3); + return tmp; } diff --git a/doc/examples/hellobrowser.c b/doc/examples/hellobrowser.c @@ -5,30 +5,36 @@ #define PORT 8888 -int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, - const char *method, const char *version, const char *upload_data, - unsigned int *upload_data_size, void **con_cls) +int +answer_to_connection (void *cls, struct MHD_Connection *connection, + const char *url, const char *method, + const char *version, const char *upload_data, + unsigned int *upload_data_size, void **con_cls) { - const char *page = "<html><body>Hello, browser!</body></html>"; + const char *page = "<html><body>Hello, browser!</body></html>"; struct MHD_Response *response; int ret; - response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); + response = + MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO, + MHD_NO); ret = MHD_queue_response (connection, MHD_HTTP_OK, response); MHD_destroy_response (response); return ret; } -int main () +int +main () { struct MHD_Daemon *daemon; - daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, + daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, &answer_to_connection, NULL, MHD_OPTION_END); - if (NULL == daemon) return 1; + if (NULL == daemon) + return 1; - getchar (); + getchar (); MHD_stop_daemon (daemon); return 0; diff --git a/doc/examples/logging.c b/doc/examples/logging.c @@ -6,32 +6,39 @@ #define PORT 8888 -int print_out_key (void *cls, enum MHD_ValueKind kind, const char *key, const char *value) +int +print_out_key (void *cls, enum MHD_ValueKind kind, const char *key, + const char *value) { printf ("%s = %s\n", key, value); return MHD_YES; } -int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, - const char *method, const char *version, const char *upload_data, - unsigned int *upload_data_size, void **con_cls) +int +answer_to_connection (void *cls, struct MHD_Connection *connection, + const char *url, const char *method, + const char *version, const char *upload_data, + unsigned int *upload_data_size, void **con_cls) { printf ("New request %s for %s using version %s\n", method, url, version); - MHD_get_connection_values (connection, MHD_HEADER_KIND, print_out_key, NULL); + MHD_get_connection_values (connection, MHD_HEADER_KIND, print_out_key, + NULL); return MHD_NO; } -int main () +int +main () { struct MHD_Daemon *daemon; daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, &answer_to_connection, NULL, MHD_OPTION_END); - if (NULL == daemon) return 1; + if (NULL == daemon) + return 1; - getchar (); + getchar (); MHD_stop_daemon (daemon); return 0; diff --git a/doc/examples/responseheaders.c b/doc/examples/responseheaders.c @@ -9,31 +9,33 @@ #define MIMETYPE "image/png" -long get_file_size (const char *filename) +long +get_file_size (const char *filename) { FILE *fp; - + fp = fopen (filename, "rb"); - if (fp) + if (fp) { long size; - if ( (0 != fseek (fp, 0, SEEK_END)) - || (-1 == (size = ftell (fp))) ) + if ((0 != fseek (fp, 0, SEEK_END)) || (-1 == (size = ftell (fp)))) size = 0; - + fclose (fp); return size; - } - else + } + else return 0; } -int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, - const char *method, const char *version, const char *upload_data, - unsigned int *upload_data_size, void **con_cls) +int +answer_to_connection (void *cls, struct MHD_Connection *connection, + const char *url, const char *method, + const char *version, const char *upload_data, + unsigned int *upload_data_size, void **con_cls) { unsigned char *buffer = NULL; struct MHD_Response *response; @@ -41,44 +43,53 @@ int answer_to_connection (void *cls, struct MHD_Connection *connection, const ch FILE *fp; int ret = 0; - if (0 != strcmp(method, "GET")) return MHD_NO; + if (0 != strcmp (method, "GET")) + return MHD_NO; size = get_file_size (FILENAME); if (size != 0) { fp = fopen (FILENAME, "rb"); - if (fp) + if (fp) { buffer = malloc (size); - - if (buffer) - if (size == fread (buffer, 1, size, fp)) ret = 1; - - fclose(fp); - } + + if (buffer) + if (size == fread (buffer, 1, size, fp)) + ret = 1; + + fclose (fp); + } } - if (!ret) + if (!ret) { - const char *errorstr = "<html><body>An internal server error has occured!\ + const char *errorstr = + "<html><body>An internal server error has occured!\ </body></html>"; - if (buffer) free(buffer); - - response = MHD_create_response_from_data(strlen(errorstr), (void*)errorstr, - MHD_NO, MHD_NO); + if (buffer) + free (buffer); + + response = + MHD_create_response_from_data (strlen (errorstr), (void *) errorstr, + MHD_NO, MHD_NO); if (response) - { - ret = MHD_queue_response (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, response); + { + ret = + MHD_queue_response (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, + response); MHD_destroy_response (response); - return MHD_YES; - } - else return MHD_NO; + return MHD_YES; + } + else + return MHD_NO; } - response = MHD_create_response_from_data (size, (void*)buffer, MHD_YES, MHD_NO); + response = + MHD_create_response_from_data (size, (void *) buffer, MHD_YES, MHD_NO); MHD_add_response_header (response, "Content-Type", MIMETYPE); @@ -89,18 +100,19 @@ int answer_to_connection (void *cls, struct MHD_Connection *connection, const ch } -int main () +int +main () { struct MHD_Daemon *daemon; - daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, + daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, &answer_to_connection, NULL, MHD_OPTION_END); - if (NULL == daemon) return 1; + if (NULL == daemon) + return 1; - getchar (); + getchar (); MHD_stop_daemon (daemon); return 0; } - diff --git a/doc/examples/simplepost.c b/doc/examples/simplepost.c @@ -15,30 +15,36 @@ struct connection_info_struct { int connectiontype; char *answerstring; - struct MHD_PostProcessor *postprocessor; + struct MHD_PostProcessor *postprocessor; }; -const char* askpage = "<html><body>\ +const char *askpage = "<html><body>\ What's your name, Sir?<br>\ <form action=\"/namepost\" method=\"post\">\ <input name=\"name\" type=\"text\"\ <input type=\"submit\" value=\" Send \"></form>\ </body></html>"; -const char* greatingpage = "<html><body><h1>Welcome, %s!</center></h1></body></html>"; +const char *greatingpage = + "<html><body><h1>Welcome, %s!</center></h1></body></html>"; -const char* errorpage = "<html><body>This doesn't seem to be right.</body></html>"; +const char *errorpage = + "<html><body>This doesn't seem to be right.</body></html>"; -int send_page (struct MHD_Connection *connection, const char* page) +int +send_page (struct MHD_Connection *connection, const char *page) { int ret; struct MHD_Response *response; - - response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); - if (!response) return MHD_NO; - + + response = + MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO, + MHD_NO); + if (!response) + return MHD_NO; + ret = MHD_queue_response (connection, MHD_HTTP_OK, response); MHD_destroy_response (response); @@ -46,12 +52,15 @@ int send_page (struct MHD_Connection *connection, const char* page) } -int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, - const char *filename, const char *content_type, - const char *transfer_encoding, const char *data, size_t off, size_t size) +int +iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, + const char *filename, const char *content_type, + const char *transfer_encoding, const char *data, size_t off, + size_t size) { - struct connection_info_struct *con_info = (struct connection_info_struct*) coninfo_cls; - + struct connection_info_struct *con_info = + (struct connection_info_struct *) coninfo_cls; + if (0 == strcmp (key, "name")) { @@ -59,12 +68,14 @@ int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, { char *answerstring; answerstring = malloc (MAXANSWERSIZE); - if (!answerstring) return MHD_NO; - + if (!answerstring) + return MHD_NO; + snprintf (answerstring, MAXANSWERSIZE, greatingpage, data); - con_info->answerstring = answerstring; - } - else con_info->answerstring = NULL; + con_info->answerstring = answerstring; + } + else + con_info->answerstring = NULL; return MHD_NO; } @@ -72,91 +83,104 @@ int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, return MHD_YES; } -void request_completed (void *cls, struct MHD_Connection *connection, void **con_cls, - enum MHD_RequestTerminationCode toe) +void +request_completed (void *cls, struct MHD_Connection *connection, + void **con_cls, enum MHD_RequestTerminationCode toe) { - struct connection_info_struct *con_info = (struct connection_info_struct*) *con_cls; + struct connection_info_struct *con_info = + (struct connection_info_struct *) *con_cls; - if (NULL == con_info) return; + if (NULL == con_info) + return; if (con_info->connectiontype == POST) { - MHD_destroy_post_processor (con_info->postprocessor); - if (con_info->answerstring) free (con_info->answerstring); + MHD_destroy_post_processor (con_info->postprocessor); + if (con_info->answerstring) + free (con_info->answerstring); } - + free (con_info); - *con_cls = NULL; + *con_cls = NULL; } -int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, - const char *method, const char *version, const char *upload_data, - unsigned int *upload_data_size, void **con_cls) +int +answer_to_connection (void *cls, struct MHD_Connection *connection, + const char *url, const char *method, + const char *version, const char *upload_data, + unsigned int *upload_data_size, void **con_cls) { - if(NULL == *con_cls) + if (NULL == *con_cls) { struct connection_info_struct *con_info; con_info = malloc (sizeof (struct connection_info_struct)); - if (NULL == con_info) return MHD_NO; + if (NULL == con_info) + return MHD_NO; con_info->answerstring = NULL; - if (0 == strcmp (method, "POST")) - { - con_info->postprocessor = MHD_create_post_processor (connection, POSTBUFFERSIZE, - iterate_post, (void*) con_info); + if (0 == strcmp (method, "POST")) + { + con_info->postprocessor = + MHD_create_post_processor (connection, POSTBUFFERSIZE, + iterate_post, (void *) con_info); - if (NULL == con_info->postprocessor) + if (NULL == con_info->postprocessor) { - free (con_info); + free (con_info); return MHD_NO; } con_info->connectiontype = POST; - } - else con_info->connectiontype = GET; + } + else + con_info->connectiontype = GET; + + *con_cls = (void *) con_info; - *con_cls = (void*) con_info; - return MHD_YES; } - if (0 == strcmp (method, "GET")) + if (0 == strcmp (method, "GET")) { - return send_page (connection, askpage); - } - - if (0 == strcmp (method, "POST")) + return send_page (connection, askpage); + } + + if (0 == strcmp (method, "POST")) { struct connection_info_struct *con_info = *con_cls; - if (*upload_data_size != 0) + if (*upload_data_size != 0) { - MHD_post_process(con_info->postprocessor, upload_data, *upload_data_size); + MHD_post_process (con_info->postprocessor, upload_data, + *upload_data_size); *upload_data_size = 0; - + return MHD_YES; - } - else - if (NULL != con_info->answerstring) return send_page (connection, con_info->answerstring); - } + } + else if (NULL != con_info->answerstring) + return send_page (connection, con_info->answerstring); + } - return send_page(connection, errorpage); + return send_page (connection, errorpage); } -int main () +int +main () { struct MHD_Daemon *daemon; daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, - &answer_to_connection, NULL, MHD_OPTION_NOTIFY_COMPLETED, - request_completed, NULL, MHD_OPTION_END); - if (NULL == daemon) return 1; + &answer_to_connection, NULL, + MHD_OPTION_NOTIFY_COMPLETED, request_completed, + NULL, MHD_OPTION_END); + if (NULL == daemon) + return 1; - getchar (); + getchar (); MHD_stop_daemon (daemon); diff --git a/src/daemon/connection.c b/src/daemon/connection.c @@ -178,19 +178,17 @@ MHD_get_connection_values (struct MHD_Connection *connection, */ int MHD_set_connection_value (struct MHD_Connection *connection, - enum MHD_ValueKind kind, - const char *key, - const char *value) + enum MHD_ValueKind kind, + const char *key, const char *value) { - struct MHD_HTTP_Header * pos; + struct MHD_HTTP_Header *pos; - pos = MHD_pool_allocate(connection->pool, - sizeof(struct MHD_HTTP_Header), - MHD_NO); + pos = MHD_pool_allocate (connection->pool, + sizeof (struct MHD_HTTP_Header), MHD_NO); if (pos == NULL) return MHD_NO; - pos->header = (char*) key; - pos->value = (char*) value; + pos->header = (char *) key; + pos->value = (char *) value; pos->kind = kind; pos->next = connection->headers_received; connection->headers_received = pos; @@ -590,7 +588,7 @@ build_header_response (struct MHD_Connection *connection) while (pos != NULL) { if (pos->kind == kind) - off += SPRINTF (&data[off], "%s: %s\r\n", pos->header, pos->value); + off += SPRINTF (&data[off], "%s: %s\r\n", pos->header, pos->value); pos = pos->next; } if (connection->state == MHD_CONNECTION_FOOTERS_RECEIVED) @@ -1592,8 +1590,8 @@ MHD_connection_handle_write (struct MHD_Connection *connection) break; case MHD_CONNECTION_CONTINUE_SENDING: ret = SEND (connection->socket_fd, - &HTTP_100_CONTINUE[connection-> - continue_message_write_offset], + &HTTP_100_CONTINUE + [connection->continue_message_write_offset], strlen (HTTP_100_CONTINUE) - connection->continue_message_write_offset, MSG_NOSIGNAL); @@ -1612,8 +1610,8 @@ MHD_connection_handle_write (struct MHD_Connection *connection) fprintf (stderr, "Sent 100 continue response: `%.*s'\n", ret, - &HTTP_100_CONTINUE[connection-> - continue_message_write_offset]); + &HTTP_100_CONTINUE + [connection->continue_message_write_offset]); #endif connection->continue_message_write_offset += ret; break; @@ -1646,13 +1644,13 @@ MHD_connection_handle_write (struct MHD_Connection *connection) if (connection->daemon->options & MHD_USE_SSL) { ret = MHD_gnutls_record_send (connection->tls_session, - &connection->response-> - data[connection-> + &connection->response->data + [connection-> response_write_position - response->data_start], - response->data_size - - (connection->response_write_position - - response->data_start)); + response->data_size - + (connection->response_write_position + - response->data_start)); } else #endif @@ -1698,8 +1696,7 @@ MHD_connection_handle_write (struct MHD_Connection *connection) do_write (connection); check_write_done (connection, (connection->response->total_size == - connection-> - response_write_position) ? + connection->response_write_position) ? MHD_CONNECTION_BODY_SENT : MHD_CONNECTION_CHUNKED_BODY_UNREADY); break; @@ -1829,13 +1826,13 @@ MHD_connection_handle_idle (struct MHD_Connection *connection) connection->state = MHD_CONNECTION_CONTINUE_SENDING; break; } - if (connection->response != NULL) - { - /* we refused (no upload allowed!) */ - connection->remaining_upload_size = 0; - /* force close, in case client still tries to upload... */ - connection->read_closed = MHD_YES; - } + if (connection->response != NULL) + { + /* we refused (no upload allowed!) */ + connection->remaining_upload_size = 0; + /* force close, in case client still tries to upload... */ + connection->read_closed = MHD_YES; + } connection->state = (connection->remaining_upload_size == 0) ? MHD_CONNECTION_FOOTERS_RECEIVED : MHD_CONNECTION_CONTINUE_SENT; continue; @@ -1995,9 +1992,9 @@ MHD_connection_handle_idle (struct MHD_Connection *connection) connection, &connection->client_context, MHD_REQUEST_TERMINATED_COMPLETED_OK); - end = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - MHD_HTTP_HEADER_CONNECTION); + end = + MHD_lookup_connection_value (connection, MHD_HEADER_KIND, + MHD_HTTP_HEADER_CONNECTION); connection->client_context = NULL; connection->continue_message_write_offset = 0; connection->responseCode = 0; diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c @@ -49,9 +49,8 @@ * (or if the infoType is unknown) */ const union MHD_ConnectionInfo * -MHD_get_connection_info (struct MHD_Connection * connection, - enum MHD_ConnectionInfoType infoType, - ...) +MHD_get_connection_info (struct MHD_Connection *connection, + enum MHD_ConnectionInfoType infoType, ...) { if (connection->tls_session == NULL) return NULL; @@ -59,19 +58,26 @@ MHD_get_connection_info (struct MHD_Connection * connection, { #if HTTPS_SUPPORT case MHD_SESSION_INFO_CIPHER_ALGO: - return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_bulk_cipher_algorithm; + return (const union MHD_ConnectionInfo *) &connection-> + tls_session->security_parameters.read_bulk_cipher_algorithm; case MHD_SESSION_INFO_KX_ALGO: - return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.kx_algorithm; + return (const union MHD_ConnectionInfo *) &connection-> + tls_session->security_parameters.kx_algorithm; case MHD_SESSION_INFO_CREDENTIALS_TYPE: - return (const union MHD_ConnectionInfo*) &connection->tls_session->key->cred->algorithm; + return (const union MHD_ConnectionInfo *) &connection-> + tls_session->key->cred->algorithm; case MHD_SESSION_INFO_MAC_ALGO: - return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_mac_algorithm; + return (const union MHD_ConnectionInfo *) &connection-> + tls_session->security_parameters.read_mac_algorithm; case MHD_SESSION_INFO_COMPRESSION_METHOD: - return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_compression_algorithm; + return (const union MHD_ConnectionInfo *) &connection-> + tls_session->security_parameters.read_compression_algorithm; case MHD_SESSION_INFO_PROTOCOL: - return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.version; + return (const union MHD_ConnectionInfo *) &connection-> + tls_session->security_parameters.version; case MHD_SESSION_INFO_CERT_TYPE: - return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.cert_type; + return (const union MHD_ConnectionInfo *) &connection-> + tls_session->security_parameters.cert_type; #endif default: return NULL; @@ -85,7 +91,7 @@ MHD_get_connection_info (struct MHD_Connection * connection, * @param connection: the connection to close */ static void -MHD_tls_connection_close (struct MHD_Connection * connection) +MHD_tls_connection_close (struct MHD_Connection *connection) { MHD_gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); connection->tls_session->internals.read_eof = 1; @@ -139,13 +145,13 @@ MHD_tls_connection_close_err (struct MHD_Connection *connection, * error code is returned in case of an error. **/ static ssize_t -MHDS_con_read (struct MHD_Connection * connection) +MHDS_con_read (struct MHD_Connection *connection) { /* no special handling when GNUTLS_E_AGAIN is returned since this function is called from within a select loop */ ssize_t size = MHD_gnutls_record_recv (connection->tls_session, - &connection->read_buffer[connection-> - read_buffer_offset], - connection->read_buffer_size); + &connection->read_buffer + [connection->read_buffer_offset], + connection->read_buffer_size); return size; } @@ -153,10 +159,12 @@ static ssize_t MHDS_con_write (struct MHD_Connection *connection) { ssize_t sent = MHD_gnutls_record_send (connection->tls_session, - &connection->write_buffer[connection-> - write_buffer_send_offset], - connection->write_buffer_append_offset - - connection->write_buffer_send_offset); + &connection->write_buffer + [connection-> + write_buffer_send_offset], + connection->write_buffer_append_offset + - + connection->write_buffer_send_offset); return sent; } @@ -191,7 +199,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection) switch (connection->state) { - /* on newly created connections we might reach here before any reply has been received */ + /* on newly created connections we might reach here before any reply has been received */ case MHD_TLS_CONNECTION_INIT: return MHD_YES; /* close connection if necessary */ @@ -301,7 +309,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) * done to decrypt alert message */ mhd_gtls_recv_int (connection->tls_session, GNUTLS_ALERT, - GNUTLS_HANDSHAKE_FINISHED, 0, 0); + GNUTLS_HANDSHAKE_FINISHED, 0, 0); /* CLOSE_NOTIFY */ if (connection->tls_session->internals.last_alert == @@ -318,7 +326,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) MHD_DLOG (connection->daemon, "Received TLS alert: %s\n", MHD_gnutls_alert_get_name ((int) connection->tls_session-> - internals.last_alert)); + internals.last_alert)); #endif return MHD_YES; } diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c @@ -86,9 +86,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) return -1; } return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred, - daemon->https_cert_path, - daemon->https_key_path, - GNUTLS_X509_FMT_PEM); + daemon->https_cert_path, + daemon->https_key_path, + GNUTLS_X509_FMT_PEM); } /* certificate & key loaded from memory */ else if (daemon->https_mem_cert && daemon->https_mem_key) @@ -98,8 +98,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) cert.data = (unsigned char *) daemon->https_mem_cert; cert.size = strlen (daemon->https_mem_cert); - return MHD_gnutls_certificate_set_x509_key_mem (daemon->x509_cred, &cert, - &key, GNUTLS_X509_FMT_PEM); + return MHD_gnutls_certificate_set_x509_key_mem (daemon->x509_cred, + &cert, &key, + GNUTLS_X509_FMT_PEM); } else { @@ -121,16 +122,18 @@ MHD_TLS_init (struct MHD_Daemon *daemon) case MHD_GNUTLS_CRD_ANON: ret = MHD_gnutls_anon_allocate_server_credentials (&daemon->anon_cred); ret += MHD_gnutls_dh_params_init (&daemon->dh_params); - if (ret != 0) { - return GNUTLS_E_MEMORY_ERROR; - } + if (ret != 0) + { + return GNUTLS_E_MEMORY_ERROR; + } MHD_gnutls_dh_params_generate2 (daemon->dh_params, 1024); - MHD_gnutls_anon_set_server_dh_params (daemon->anon_cred, daemon->dh_params); + MHD_gnutls_anon_set_server_dh_params (daemon->anon_cred, + daemon->dh_params); return 0; case MHD_GNUTLS_CRD_CERTIFICATE: - ret = MHD_gnutls_certificate_allocate_credentials (&daemon->x509_cred) ; - if (ret != 0) - return GNUTLS_E_MEMORY_ERROR; + ret = MHD_gnutls_certificate_allocate_credentials (&daemon->x509_cred); + if (ret != 0) + return GNUTLS_E_MEMORY_ERROR; return MHD_init_daemon_certificate (daemon); default: #if HAVE_MESSAGES @@ -178,9 +181,8 @@ MHD_get_fdset (struct MHD_Daemon *daemon, int fd; if ((daemon == NULL) || (read_fd_set == NULL) || (write_fd_set == NULL) - || (except_fd_set == NULL) || (max_fd == NULL) || (-1 == (fd = daemon-> - socket_fd)) - || (daemon->shutdown == MHD_YES) + || (except_fd_set == NULL) || (max_fd == NULL) + || (-1 == (fd = daemon->socket_fd)) || (daemon->shutdown == MHD_YES) || ((daemon->options & MHD_USE_THREAD_PER_CONNECTION) != 0)) return MHD_NO; @@ -324,13 +326,14 @@ MHD_TLS_init_connection (void *data) { /* set needed credentials for certificate authentication. */ case MHD_GNUTLS_CRD_CERTIFICATE: - MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, - con->daemon->x509_cred); + MHD_gnutls_credentials_set (con->tls_session, + MHD_GNUTLS_CRD_CERTIFICATE, + con->daemon->x509_cred); break; case MHD_GNUTLS_CRD_ANON: /* set needed credentials for anonymous authentication. */ MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON, - con->daemon->anon_cred); + con->daemon->anon_cred); MHD_gnutls_dh_set_prime_bits (con->tls_session, 1024); break; default: @@ -349,8 +352,8 @@ MHD_TLS_init_connection (void *data) */ MHD_gnutls_transport_set_ptr (con->tls_session, - (gnutls_transport_ptr_t) ((void *) con-> - socket_fd)); + (gnutls_transport_ptr_t) ((void *) + con->socket_fd)); return MHD_handle_connection (data); } @@ -432,9 +435,9 @@ MHD_accept_connection (struct MHD_Daemon *daemon) } if ((daemon->max_connections == 0) || ((daemon->per_ip_connection_limit - != 0) && (daemon-> - per_ip_connection_limit <= - have))) + != 0) + && (daemon->per_ip_connection_limit + <= have))) { /* above connection limit - reject */ #if HAVE_MESSAGES @@ -834,7 +837,7 @@ MHD_start_daemon_va (unsigned int options, return NULL; retVal = malloc (sizeof (struct MHD_Daemon)); if (retVal == NULL) - return NULL; + return NULL; memset (retVal, 0, sizeof (struct MHD_Daemon)); retVal->options = options; retVal->port = port; @@ -883,8 +886,8 @@ MHD_start_daemon_va (unsigned int options, case MHD_OPTION_PER_IP_CONNECTION_LIMIT: retVal->per_ip_connection_limit = va_arg (ap, unsigned int); break; - case MHD_OPTION_SOCK_ADDR: - servaddr = va_arg (ap, struct sockaddr *); + case MHD_OPTION_SOCK_ADDR: + servaddr = va_arg (ap, struct sockaddr *); break; #if HTTPS_SUPPORT case MHD_OPTION_PROTOCOL_VERSION: @@ -921,8 +924,8 @@ MHD_start_daemon_va (unsigned int options, #endif default: #if HAVE_MESSAGES - if ( (opt >= MHD_OPTION_HTTPS_KEY_PATH) && - (opt <= MHD_OPTION_TLS_COMP_ALGO) ) + if ((opt >= MHD_OPTION_HTTPS_KEY_PATH) && + (opt <= MHD_OPTION_TLS_COMP_ALGO)) { fprintf (stderr, "MHD HTTPS option %d passed to MHD compiled without HTTPS support\n", @@ -932,7 +935,7 @@ MHD_start_daemon_va (unsigned int options, { fprintf (stderr, "Invalid option %d! (Did you terminate the list with MHD_OPTION_END?)\n", - opt); + opt); } #endif abort (); @@ -949,7 +952,7 @@ MHD_start_daemon_va (unsigned int options, if ((options & MHD_USE_DEBUG) != 0) fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno)); #endif - free(retVal); + free (retVal); return NULL; } if ((SETSOCKOPT (socket_fd, @@ -974,19 +977,19 @@ MHD_start_daemon_va (unsigned int options, if (NULL == servaddr) { if ((options & MHD_USE_IPv6) != 0) - { - memset (&servaddr6, 0, sizeof (struct sockaddr_in6)); - servaddr6.sin6_family = AF_INET6; - servaddr6.sin6_port = htons (port); - servaddr = (struct sockaddr *) &servaddr6; - } + { + memset (&servaddr6, 0, sizeof (struct sockaddr_in6)); + servaddr6.sin6_family = AF_INET6; + servaddr6.sin6_port = htons (port); + servaddr = (struct sockaddr *) &servaddr6; + } else - { - memset (&servaddr4, 0, sizeof (struct sockaddr_in)); - servaddr4.sin_family = AF_INET; - servaddr4.sin_port = htons (port); - servaddr = (struct sockaddr *) &servaddr4; - } + { + memset (&servaddr4, 0, sizeof (struct sockaddr_in)); + servaddr4.sin_family = AF_INET; + servaddr4.sin_port = htons (port); + servaddr = (struct sockaddr *) &servaddr4; + } } retVal->socket_fd = socket_fd; if (BIND (socket_fd, servaddr, addrlen) < 0) @@ -997,7 +1000,7 @@ MHD_start_daemon_va (unsigned int options, "Failed to bind to port %u: %s\n", port, STRERROR (errno)); #endif CLOSE (socket_fd); - free(retVal); + free (retVal); return NULL; } @@ -1010,7 +1013,7 @@ MHD_start_daemon_va (unsigned int options, "Failed to listen for connections: %s\n", STRERROR (errno)); #endif CLOSE (socket_fd); - free(retVal); + free (retVal); return NULL; } @@ -1026,20 +1029,19 @@ MHD_start_daemon_va (unsigned int options, return NULL; } #endif - if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || + if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options & MHD_USE_SELECT_INTERNALLY))) && (0 != pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal))) { #if HAVE_MESSAGES - MHD_DLOG (retVal, - "Failed to create listen thread: %s\n", - STRERROR (errno)); + MHD_DLOG (retVal, + "Failed to create listen thread: %s\n", STRERROR (errno)); #endif free (retVal); CLOSE (socket_fd); return NULL; - } + } return retVal; } diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h @@ -183,13 +183,13 @@ extern "C" typedef void *gnutls_transport_ptr_t; struct MHD_gtls_session_int; - typedef struct MHD_gtls_session_int * mhd_gtls_session_t; + typedef struct MHD_gtls_session_int *mhd_gtls_session_t; struct MHD_gtls_dh_params_int; - typedef struct MHD_gtls_dh_params_int * mhd_gtls_dh_params_t; + typedef struct MHD_gtls_dh_params_int *mhd_gtls_dh_params_t; - struct MHD_gtls_x509_privkey_int; /* XXX ugly. */ - typedef struct MHD_gtls_x509_privkey_int * mhd_gtls_rsa_params_t; /* XXX ugly. */ + struct MHD_gtls_x509_privkey_int; /* XXX ugly. */ + typedef struct MHD_gtls_x509_privkey_int *mhd_gtls_rsa_params_t; /* XXX ugly. */ struct MHD_gtls_priority_st; typedef struct MHD_gtls_priority_st *gnutls_priority_t; @@ -212,7 +212,8 @@ extern "C" int deinit; } gnutls_params_st; - typedef int gnutls_params_function (mhd_gtls_session_t, gnutls_params_type_t, + typedef int gnutls_params_function (mhd_gtls_session_t, + gnutls_params_type_t, gnutls_params_st *); /* internal functions */ @@ -220,7 +221,7 @@ extern "C" void MHD_gnutls_global_deinit (void); int MHD_gnutls_init (mhd_gtls_session_t * session, - gnutls_connection_end_t con_end); + gnutls_connection_end_t con_end); void MHD_gnutls_deinit (mhd_gtls_session_t session); int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how); @@ -228,10 +229,10 @@ extern "C" int MHD_gnutls_rehandshake (mhd_gtls_session_t session); gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session); int MHD_gnutls_alert_send (mhd_gtls_session_t session, - gnutls_alert_level_t level, - gnutls_alert_description_t desc); + gnutls_alert_level_t level, + gnutls_alert_description_t desc); int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err); - const char * MHD_gnutls_alert_get_name (gnutls_alert_description_t alert); + const char *MHD_gnutls_alert_get_name (gnutls_alert_description_t alert); // enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session); // enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session); @@ -241,41 +242,51 @@ extern "C" // enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t // session); - size_t MHD_gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); - size_t MHD_gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm algorithm); + size_t MHD_gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm + algorithm); + size_t MHD_gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm + algorithm); /* the name of the specified algorithms */ - const char * MHD_gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm algorithm); - const char * MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm algorithm); - const char * MHD_gnutls_compression_get_name (enum MHD_GNUTLS_CompressionMethod - algorithm); - const char * MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); - const char * MHD_gnutls_certificate_type_get_name (enum MHD_GNUTLS_CertificateType - type); + const char *MHD_gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm + algorithm); + const char *MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm + algorithm); + const char *MHD_gnutls_compression_get_name (enum + MHD_GNUTLS_CompressionMethod + algorithm); + const char *MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm + algorithm); + const char *MHD_gnutls_certificate_type_get_name (enum + MHD_GNUTLS_CertificateType + type); enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); - enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char *name); + enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char + *name); enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); - enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char *name); + enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char + *name); /* list supported algorithms */ - const enum MHD_GNUTLS_CipherAlgorithm * MHD_gtls_cipher_list (void); - const enum MHD_GNUTLS_HashAlgorithm * MHD_gtls_mac_list (void); - const enum MHD_GNUTLS_CompressionMethod * MHD_gtls_compression_list (void); - const enum MHD_GNUTLS_Protocol * MHD_gtls_protocol_list (void); - const enum MHD_GNUTLS_CertificateType * MHD_gtls_certificate_type_list (void); - const enum MHD_GNUTLS_KeyExchangeAlgorithm * MHD_gtls_kx_list (void); + const enum MHD_GNUTLS_CipherAlgorithm *MHD_gtls_cipher_list (void); + const enum MHD_GNUTLS_HashAlgorithm *MHD_gtls_mac_list (void); + const enum MHD_GNUTLS_CompressionMethod *MHD_gtls_compression_list (void); + const enum MHD_GNUTLS_Protocol *MHD_gtls_protocol_list (void); + const enum MHD_GNUTLS_CertificateType + *MHD_gtls_certificate_type_list (void); + const enum MHD_GNUTLS_KeyExchangeAlgorithm *MHD_gtls_kx_list (void); /* error functions */ int MHD_gtls_error_is_fatal (int error); int MHD_gtls_error_to_alert (int err, int *level); void MHD_gtls_perror (int error); - const char * MHD_gtls_strerror (int error); + const char *MHD_gtls_strerror (int error); void MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, - int allow); + int allow); gnutls_handshake_description_t MHD_gtls_handshake_get_last_out (mhd_gtls_session_t session); gnutls_handshake_description_t @@ -284,10 +295,10 @@ extern "C" /* * Record layer functions. */ - ssize_t MHD_gnutls_record_send (mhd_gtls_session_t session, const void *data, - size_t sizeofdata); + ssize_t MHD_gnutls_record_send (mhd_gtls_session_t session, + const void *data, size_t sizeofdata); ssize_t MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, - size_t sizeofdata); + size_t sizeofdata); /* provides extra compatibility */ void MHD_gtls_record_disable_padding (mhd_gtls_session_t session); @@ -295,20 +306,21 @@ extern "C" int MHD_gnutls_record_get_direction (mhd_gtls_session_t session); size_t MHD_gnutls_record_get_max_size (mhd_gtls_session_t session); - ssize_t MHD_gnutls_record_set_max_size (mhd_gtls_session_t session, size_t size); + ssize_t MHD_gnutls_record_set_max_size (mhd_gtls_session_t session, + size_t size); int MHD_gnutls_prf (mhd_gtls_session_t session, - size_t label_size, const char *label, - int server_random_first, - size_t extra_size, const char *extra, - size_t outsize, char *out); - - int MHD_gnutls_prf_raw (mhd_gtls_session_t session, size_t label_size, const char *label, - size_t seed_size, const char *seed, + int server_random_first, + size_t extra_size, const char *extra, size_t outsize, char *out); + int MHD_gnutls_prf_raw (mhd_gtls_session_t session, + size_t label_size, const char *label, + size_t seed_size, const char *seed, + size_t outsize, char *out); + /* * TLS Extensions */ @@ -318,12 +330,12 @@ extern "C" } gnutls_server_name_type_t; int MHD_gnutls_server_name_set (mhd_gtls_session_t session, - gnutls_server_name_type_t type, - const void *name, size_t name_length); + gnutls_server_name_type_t type, + const void *name, size_t name_length); int MHD_gnutls_server_name_get (mhd_gtls_session_t session, - void *data, size_t * data_length, - unsigned int *type, unsigned int indx); + void *data, size_t * data_length, + unsigned int *type, unsigned int indx); /* Opaque PRF Input * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt @@ -331,7 +343,7 @@ extern "C" void MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, - size_t len, unsigned char *data); + size_t len, unsigned char *data); typedef int (*gnutls_oprfi_callback_func) (mhd_gtls_session_t session, void *userdata, @@ -341,8 +353,8 @@ extern "C" void MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, - gnutls_oprfi_callback_func cb, - void *userdata); + gnutls_oprfi_callback_func cb, + void *userdata); /* Supplemental data, RFC 4680. */ typedef enum @@ -350,31 +362,36 @@ extern "C" GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 } gnutls_supplemental_data_format_type_t; - const char * MHD_gtls_supplemental_get_name + const char *MHD_gtls_supplemental_get_name (gnutls_supplemental_data_format_type_t type); - int MHD_gnutls_cipher_set_priority (mhd_gtls_session_t session, const int *list); - int MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, const int *list); + int MHD_gnutls_cipher_set_priority (mhd_gtls_session_t session, + const int *list); + int MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, + const int *list); int MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, - const int *list); - int MHD_gnutls_kx_set_priority (mhd_gtls_session_t session, const int *list); + const int *list); + int MHD_gnutls_kx_set_priority (mhd_gtls_session_t session, + const int *list); int MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session, - const int *list); + const int *list); int MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, - const int *list); + const int *list); int MHD_tls_set_default_priority (gnutls_priority_t *, const char *priority, - const char **err_pos); + const char **err_pos); void MHD_gnutls_priority_deinit (gnutls_priority_t); int MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t); int MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, - const char *priority, const char **err_pos); + const char *priority, + const char **err_pos); /* get the currently used protocol version */ - enum MHD_GNUTLS_Protocol MHD_gnutls_protocol_get_version (mhd_gtls_session_t session); + enum MHD_GNUTLS_Protocol MHD_gnutls_protocol_get_version (mhd_gtls_session_t + session); - const char * MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version); + const char *MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version); /* * get/set session @@ -388,23 +405,24 @@ extern "C" // gnutls_datum_t * data); int MHD_gtls_session_get_id (mhd_gtls_session_t session, void *session_id, - size_t * session_id_size); + size_t * session_id_size); /* returns security values. * Do not use them unless you know what you're doing. */ - const void * MHD_gtls_session_get_server_random (mhd_gtls_session_t session); - const void * MHD_gtls_session_get_client_random (mhd_gtls_session_t session); - const void * MHD_gtls_session_get_master_secret (mhd_gtls_session_t session); + const void *MHD_gtls_session_get_server_random (mhd_gtls_session_t session); + const void *MHD_gtls_session_get_client_random (mhd_gtls_session_t session); + const void *MHD_gtls_session_get_master_secret (mhd_gtls_session_t session); int MHD_gtls_session_is_resumed (mhd_gtls_session_t session); typedef int (*gnutls_handshake_post_client_hello_func) (mhd_gtls_session_t); - void MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t, - gnutls_handshake_post_client_hello_func); + void + MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t, + gnutls_handshake_post_client_hello_func); void MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, - size_t max); + size_t max); /* * Functions for setting/clearing credentials @@ -415,47 +433,49 @@ extern "C" * cred is a structure defined by the kx algorithm */ int MHD_gnutls_credentials_set (mhd_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, void *cred); + enum MHD_GNUTLS_CredentialsType type, + void *cred); /* Credential structures - used in MHD_gnutls_credentials_set(); */ struct mhd_gtls_certificate_credentials_st; typedef struct mhd_gtls_certificate_credentials_st - * mhd_gtls_cert_credentials_t; - typedef mhd_gtls_cert_credentials_t - mhd_gtls_cert_server_credentials; - typedef mhd_gtls_cert_credentials_t - mhd_gtls_cert_client_credentials; + *mhd_gtls_cert_credentials_t; + typedef mhd_gtls_cert_credentials_t mhd_gtls_cert_server_credentials; + typedef mhd_gtls_cert_credentials_t mhd_gtls_cert_client_credentials; typedef struct mhd_gtls_anon_server_credentials_st - * mhd_gtls_anon_server_credentials_t; + *mhd_gtls_anon_server_credentials_t; typedef struct mhd_gtls_anon_client_credentials_st - * mhd_gtls_anon_client_credentials_t; + *mhd_gtls_anon_client_credentials_t; - void MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t - sc); + void + MHD_gnutls_anon_free_server_credentials + (mhd_gtls_anon_server_credentials_t sc); int - MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t - * sc); + MHD_gnutls_anon_allocate_server_credentials + (mhd_gtls_anon_server_credentials_t * sc); - void MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, - mhd_gtls_dh_params_t dh_params); + void + MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t + res, + mhd_gtls_dh_params_t dh_params); void - MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t - res, - gnutls_params_function * func); + MHD_gnutls_anon_set_server_params_function + (mhd_gtls_anon_server_credentials_t res, gnutls_params_function * func); - void MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t - sc); + void + MHD_gnutls_anon_free_client_credentials + (mhd_gtls_anon_client_credentials_t sc); int - MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t - * sc); + MHD_gnutls_anon_allocate_client_credentials + (mhd_gtls_anon_client_credentials_t * sc); void MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t - sc); + sc); int MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t - * res); + * res); void MHD_gnutls_certificate_free_keys (mhd_gtls_cert_credentials_t sc); void MHD_gnutls_certificate_free_cas (mhd_gtls_cert_credentials_t sc); @@ -463,46 +483,50 @@ extern "C" void MHD_gnutls_certificate_free_crls (mhd_gtls_cert_credentials_t sc); void MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, - mhd_gtls_dh_params_t dh_params); + mhd_gtls_dh_params_t dh_params); void MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t - res, - mhd_gtls_rsa_params_t rsa_params); + res, + mhd_gtls_rsa_params_t + rsa_params); void MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t - res, unsigned int flags); + res, unsigned int flags); void MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t - res, unsigned int max_bits, - unsigned int max_depth); + res, unsigned int max_bits, + unsigned int max_depth); int MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t - res, const char *CAFILE, - gnutls_x509_crt_fmt_t type); + res, const char *CAFILE, + gnutls_x509_crt_fmt_t type); int MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t - res, const gnutls_datum_t * CA, - gnutls_x509_crt_fmt_t type); + res, + const gnutls_datum_t * CA, + gnutls_x509_crt_fmt_t type); int MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t - res, const char *crlfile, - gnutls_x509_crt_fmt_t type); + res, const char *crlfile, + gnutls_x509_crt_fmt_t type); int MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t - res, const gnutls_datum_t * CRL, - gnutls_x509_crt_fmt_t type); + res, + const gnutls_datum_t * CRL, + gnutls_x509_crt_fmt_t type); /* * CERTFILE is an x509 certificate in PEM form. * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). */ int MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t - res, const char *CERTFILE, - const char *KEYFILE, - gnutls_x509_crt_fmt_t type); + res, const char *CERTFILE, + const char *KEYFILE, + gnutls_x509_crt_fmt_t type); int MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t - res, const gnutls_datum_t * CERT, - const gnutls_datum_t * KEY, - gnutls_x509_crt_fmt_t type); + res, + const gnutls_datum_t * CERT, + const gnutls_datum_t * KEY, + gnutls_x509_crt_fmt_t type); - void MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, - int status); + void MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t + session, int status); /* * New functions to allow setting already parsed X.509 stuff. @@ -539,12 +563,13 @@ extern "C" extern void MHD_gtls_global_set_mem_functions (gnutls_alloc_function gt_alloc_func, - gnutls_alloc_function - gt_secure_alloc_func, - gnutls_is_secure_function - gt_is_secure_func, - gnutls_realloc_function gt_realloc_func, - gnutls_free_function gt_free_func); + gnutls_alloc_function + gt_secure_alloc_func, + gnutls_is_secure_function + gt_is_secure_func, + gnutls_realloc_function + gt_realloc_func, + gnutls_free_function gt_free_func); /* For use in callbacks */ extern gnutls_alloc_function gnutls_malloc; @@ -565,7 +590,7 @@ extern "C" int MHD_gnutls_dh_params_init (mhd_gtls_dh_params_t * dh_params); void MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params); int MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, - unsigned int bits); + unsigned int bits); // int MHD_gnutls_dh_params_import_raw (mhd_gtls_dh_params_t dh_params, // const gnutls_datum_t * prime, // const gnutls_datum_t * generator); @@ -586,7 +611,7 @@ extern "C" int MHD_gnutls_rsa_params_init (mhd_gtls_rsa_params_t * rsa_params); void MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params); int MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, - unsigned int bits); + unsigned int bits); // int gnutls_rsa_params_import_raw (mhd_gtls_rsa_params_t rsa_params, // const gnutls_datum_t * m, @@ -604,23 +629,23 @@ extern "C" /* * Session stuff */ - typedef ssize_t (* mhd_gtls_pull_func) (gnutls_transport_ptr_t, void *, - size_t); - typedef ssize_t (* mhd_gtls_push_func) (gnutls_transport_ptr_t, const void *, - size_t); + typedef ssize_t (*mhd_gtls_pull_func) (gnutls_transport_ptr_t, void *, + size_t); + typedef ssize_t (*mhd_gtls_push_func) (gnutls_transport_ptr_t, const void *, + size_t); void MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, - gnutls_transport_ptr_t ptr); + gnutls_transport_ptr_t ptr); void MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, - gnutls_transport_ptr_t recv_ptr, - gnutls_transport_ptr_t send_ptr); + gnutls_transport_ptr_t recv_ptr, + gnutls_transport_ptr_t send_ptr); void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); void MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, - mhd_gtls_push_func push_func); + mhd_gtls_push_func push_func); void MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, - mhd_gtls_pull_func pull_func); + mhd_gtls_pull_func pull_func); void MHD_gnutls_transport_set_errno (mhd_gtls_session_t session, int err); void MHD_gnutls_transport_set_global_errno (int err); @@ -629,14 +654,14 @@ extern "C" * session specific */ void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr); - void * MHD_gtls_session_get_ptr (mhd_gtls_session_t session); + void *MHD_gtls_session_get_ptr (mhd_gtls_session_t session); /* * this function returns the hash of the given data. */ int MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, - const gnutls_datum_t * data, void *result, - size_t * result_size); + const gnutls_datum_t * data, void *result, + size_t * result_size); /* * SRP @@ -810,8 +835,9 @@ extern "C" req_ca_rdn, int nreqs, const - enum MHD_GNUTLS_PublicKeyAlgorithm - * pk_algos, + enum + MHD_GNUTLS_PublicKeyAlgorithm + *pk_algos, int pk_algos_length, gnutls_retr_st *); @@ -822,31 +848,34 @@ extern "C" /* * Functions that allow auth_info_t structures handling */ - enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (mhd_gtls_session_t session); - enum MHD_GNUTLS_CredentialsType + enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (mhd_gtls_session_t + session); + enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_server_get_type (mhd_gtls_session_t session); - enum MHD_GNUTLS_CredentialsType + enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_client_get_type (mhd_gtls_session_t session); /* * DH */ - void MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits); + void MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, + unsigned int bits); int MHD_gnutls_dh_get_secret_bits (mhd_gtls_session_t session); int MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session); int MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session); - int MHD_gnutls_dh_get_group (mhd_gtls_session_t session, gnutls_datum_t * raw_gen, - gnutls_datum_t * raw_prime); + int MHD_gnutls_dh_get_group (mhd_gtls_session_t session, + gnutls_datum_t * raw_gen, + gnutls_datum_t * raw_prime); int MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, - gnutls_datum_t * raw_key); + gnutls_datum_t * raw_key); /* * RSA */ int MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, - gnutls_datum_t * exponent, - gnutls_datum_t * modulus); + gnutls_datum_t * exponent, + gnutls_datum_t * modulus); int MHD_gtls_rsa_export_get_modulus_bits (mhd_gtls_session_t session); /* External signing callback. Experimental. */ @@ -858,9 +887,10 @@ extern "C" gnutls_datum_t * signature); void MHD_gtls_sign_callback_set (mhd_gtls_session_t session, - gnutls_sign_func sign_func, void *userdata); - gnutls_sign_func - MHD_gtls_sign_callback_get (mhd_gtls_session_t session, void **userdata); + gnutls_sign_func sign_func, + void *userdata); + gnutls_sign_func MHD_gtls_sign_callback_get (mhd_gtls_session_t session, + void **userdata); /* These are set on the credentials structure. */ @@ -872,39 +902,44 @@ extern "C" gnutls_certificate_server_retrieve_function * func); void MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, - gnutls_certificate_request_t - req); + gnutls_certificate_request_t + req); /* get data from the session */ - const gnutls_datum_t * MHD_gtls_certificate_get_peers (mhd_gtls_session_t - session, - unsigned int - *list_size); - const gnutls_datum_t * MHD_gtls_certificate_get_ours (mhd_gtls_session_t + const gnutls_datum_t *MHD_gtls_certificate_get_peers (mhd_gtls_session_t + session, + unsigned int + *list_size); + const gnutls_datum_t *MHD_gtls_certificate_get_ours (mhd_gtls_session_t + session); + + time_t MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t + session); + time_t MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session); - time_t MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session); - time_t MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session); - - int MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session); + int MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t + session); int MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, - unsigned int *status); + unsigned int *status); /* this is obsolete (?). */ int MHD_gtls_certificate_verify_peers (mhd_gtls_session_t session); - int MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, - char *result, size_t * result_size); + int MHD_gtls_pem_base64_encode (const char *msg, + const gnutls_datum_t * data, char *result, + size_t * result_size); int MHD_gtls_pem_base64_decode (const char *header, - const gnutls_datum_t * b64_data, - unsigned char *result, size_t * result_size); + const gnutls_datum_t * b64_data, + unsigned char *result, + size_t * result_size); int MHD_gtls_pem_base64_encode_alloc (const char *msg, - const gnutls_datum_t * data, - gnutls_datum_t * result); + const gnutls_datum_t * data, + gnutls_datum_t * result); int MHD_gtls_pem_base64_decode_alloc (const char *header, - const gnutls_datum_t * b64_data, - gnutls_datum_t * result); + const gnutls_datum_t * b64_data, + gnutls_datum_t * result); // void // gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t diff --git a/src/daemon/https/lgl/des.h b/src/daemon/https/lgl/des.h @@ -47,8 +47,7 @@ typedef struct /* Check whether the 8 byte key is weak. Does not check the parity * bits of the key but simple ignore them. */ -extern bool -gl_des_is_weak_key (const char * key); +extern bool gl_des_is_weak_key (const char *key); /* * DES @@ -58,19 +57,17 @@ gl_des_is_weak_key (const char * key); /* Fill a DES context CTX with subkeys calculated from 64bit KEY. * Does not check parity bits, but simply ignore them. Does not check * for weak keys. */ -extern void -gl_des_setkey (gl_des_ctx *ctx, const char * key); +extern void gl_des_setkey (gl_des_ctx * ctx, const char *key); /* Fill a DES context CTX with subkeys calculated from 64bit KEY, with * weak key checking. Does not check parity bits, but simply ignore * them. */ -extern bool -gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen); +extern bool gl_des_makekey (gl_des_ctx * ctx, const char *key, size_t keylen); /* Electronic Codebook Mode DES encryption/decryption of data * according to 'mode'. */ extern void -gl_des_ecb_crypt (gl_des_ctx *ctx, const char * from, char * to, int mode); +gl_des_ecb_crypt (gl_des_ctx * ctx, const char *from, char *to, int mode); #define gl_des_ecb_encrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 0) #define gl_des_ecb_decrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 1) @@ -83,9 +80,7 @@ gl_des_ecb_crypt (gl_des_ctx *ctx, const char * from, char * to, int mode); * 64bit keys in KEY1 and KEY2. Does not check the parity bits of the * keys, but simply ignore them. Does not check for weak keys. */ extern void -gl_3des_set2keys (gl_3des_ctx *ctx, - const char * key1, - const char * key2); +gl_3des_set2keys (gl_3des_ctx * ctx, const char *key1, const char *key2); /* * Fill a Triple-DES context CTX with subkeys calculated from three @@ -93,27 +88,20 @@ gl_3des_set2keys (gl_3des_ctx *ctx, * of the keys, but simply ignore them. Does not check for weak * keys. */ extern void -gl_3des_set3keys (gl_3des_ctx *ctx, - const char * key1, - const char * key2, - const char * key3); +gl_3des_set3keys (gl_3des_ctx * ctx, + const char *key1, const char *key2, const char *key3); /* Fill a Triple-DES context CTX with subkeys calculated from three * concatenated 64bit keys in KEY, with weak key checking. Does not * check the parity bits of the keys, but simply ignore them. */ extern bool -gl_3des_makekey (gl_3des_ctx *ctx, - const char * key, - size_t keylen); +gl_3des_makekey (gl_3des_ctx * ctx, const char *key, size_t keylen); /* Electronic Codebook Mode Triple-DES encryption/decryption of data * according to 'mode'. Sometimes this mode is named 'EDE' mode * (Encryption-Decryption-Encryption). */ extern void -gl_3des_ecb_crypt (gl_3des_ctx *ctx, - const char * from, - char * to, - int mode); +gl_3des_ecb_crypt (gl_3des_ctx * ctx, const char *from, char *to, int mode); #define gl_3des_ecb_encrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,0) #define gl_3des_ecb_decrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,1) diff --git a/src/daemon/https/lgl/gc.h b/src/daemon/https/lgl/gc.h @@ -25,37 +25,37 @@ # include <stddef.h> enum Gc_rc - { - GC_OK = 0, - GC_MALLOC_ERROR, - GC_INIT_ERROR, - GC_RANDOM_ERROR, - GC_INVALID_CIPHER, - GC_INVALID_HASH, - GC_PKCS5_INVALID_ITERATION_COUNT, - GC_PKCS5_INVALID_DERIVED_KEY_LENGTH, - GC_PKCS5_DERIVED_KEY_TOO_LONG - }; +{ + GC_OK = 0, + GC_MALLOC_ERROR, + GC_INIT_ERROR, + GC_RANDOM_ERROR, + GC_INVALID_CIPHER, + GC_INVALID_HASH, + GC_PKCS5_INVALID_ITERATION_COUNT, + GC_PKCS5_INVALID_DERIVED_KEY_LENGTH, + GC_PKCS5_DERIVED_KEY_TOO_LONG +}; typedef enum Gc_rc Gc_rc; /* Hash types. */ enum Gc_hash - { - GC_MD4, - GC_MD5, - GC_SHA1, - GC_MD2, - GC_RMD160, - GC_SHA256, - GC_SHA384, - GC_SHA512 - }; +{ + GC_MD4, + GC_MD5, + GC_SHA1, + GC_MD2, + GC_RMD160, + GC_SHA256, + GC_SHA384, + GC_SHA512 +}; typedef enum Gc_hash Gc_hash; enum Gc_hash_mode - { - GC_HMAC = 1 - }; +{ + GC_HMAC = 1 +}; typedef enum Gc_hash_mode Gc_hash_mode; typedef void *gc_hash_handle; @@ -71,88 +71,71 @@ typedef void *gc_hash_handle; /* Cipher types. */ enum Gc_cipher - { - GC_AES128, - GC_AES192, - GC_AES256, - GC_3DES, - GC_DES, - GC_ARCFOUR128, - GC_ARCFOUR40, - GC_ARCTWO40, - GC_CAMELLIA128, - GC_CAMELLIA256 - }; +{ + GC_AES128, + GC_AES192, + GC_AES256, + GC_3DES, + GC_DES, + GC_ARCFOUR128, + GC_ARCFOUR40, + GC_ARCTWO40, + GC_CAMELLIA128, + GC_CAMELLIA256 +}; typedef enum Gc_cipher Gc_cipher; enum Gc_cipher_mode - { - GC_ECB, - GC_CBC, - GC_STREAM - }; +{ + GC_ECB, + GC_CBC, + GC_STREAM +}; typedef enum Gc_cipher_mode Gc_cipher_mode; -typedef void * gc_cipher_handle; +typedef void *gc_cipher_handle; /* Call before respectively after any other functions. */ -Gc_rc gc_init(void); -void gc_done(void); +Gc_rc gc_init (void); +void gc_done (void); /* Memory allocation (avoid). */ -typedef void *(*gc_malloc_t)(size_t n); -typedef int (*gc_secure_check_t)(const void *); -typedef void *(*gc_realloc_t)(void *p, - size_t n); -typedef void (*gc_free_t)(void *); -void gc_set_allocators(gc_malloc_t func_malloc, - gc_malloc_t secure_malloc, - gc_secure_check_t secure_check, - gc_realloc_t func_realloc, - gc_free_t func_free); +typedef void *(*gc_malloc_t) (size_t n); +typedef int (*gc_secure_check_t) (const void *); +typedef void *(*gc_realloc_t) (void *p, size_t n); +typedef void (*gc_free_t) (void *); +void gc_set_allocators (gc_malloc_t func_malloc, + gc_malloc_t secure_malloc, + gc_secure_check_t secure_check, + gc_realloc_t func_realloc, gc_free_t func_free); /* Randomness. */ -Gc_rc gc_nonce(char *data, - size_t datalen); -Gc_rc gc_pseudo_random(char *data, - size_t datalen); -Gc_rc gc_random(char *data, - size_t datalen); +Gc_rc gc_nonce (char *data, size_t datalen); +Gc_rc gc_pseudo_random (char *data, size_t datalen); +Gc_rc gc_random (char *data, size_t datalen); /* Ciphers. */ -Gc_rc gc_cipher_open(Gc_cipher cipher, - Gc_cipher_mode mode, - gc_cipher_handle *outhandle); -Gc_rc gc_cipher_setkey(gc_cipher_handle handle, - size_t keylen, - const char *key); -Gc_rc gc_cipher_setiv(gc_cipher_handle handle, - size_t ivlen, - const char *iv); -Gc_rc gc_cipher_encrypt_inline(gc_cipher_handle handle, - size_t len, - char *data); -Gc_rc gc_cipher_decrypt_inline(gc_cipher_handle handle, - size_t len, - char *data); -Gc_rc gc_cipher_close(gc_cipher_handle handle); +Gc_rc gc_cipher_open (Gc_cipher cipher, + Gc_cipher_mode mode, gc_cipher_handle * outhandle); +Gc_rc gc_cipher_setkey (gc_cipher_handle handle, + size_t keylen, const char *key); +Gc_rc gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv); +Gc_rc gc_cipher_encrypt_inline (gc_cipher_handle handle, + size_t len, char *data); +Gc_rc gc_cipher_decrypt_inline (gc_cipher_handle handle, + size_t len, char *data); +Gc_rc gc_cipher_close (gc_cipher_handle handle); /* Hashes. */ -Gc_rc gc_hash_open(Gc_hash hash, - Gc_hash_mode mode, - gc_hash_handle *outhandle); -Gc_rc gc_hash_clone(gc_hash_handle handle, - gc_hash_handle *outhandle); -size_t gc_hash_digest_length(Gc_hash hash); -void gc_hash_hmac_setkey(gc_hash_handle handle, - size_t len, - const char *key); -void gc_hash_write(gc_hash_handle handle, - size_t len, - const char *data); -const char *gc_hash_read(gc_hash_handle handle); -void gc_hash_close(gc_hash_handle handle); +Gc_rc gc_hash_open (Gc_hash hash, + Gc_hash_mode mode, gc_hash_handle * outhandle); +Gc_rc gc_hash_clone (gc_hash_handle handle, gc_hash_handle * outhandle); +size_t gc_hash_digest_length (Gc_hash hash); +void gc_hash_hmac_setkey (gc_hash_handle handle, size_t len, const char *key); +void gc_hash_write (gc_hash_handle handle, size_t len, const char *data); +const char *gc_hash_read (gc_hash_handle handle); +void gc_hash_close (gc_hash_handle handle); /* Compute a hash value over buffer IN of INLEN bytes size using the algorithm HASH, placing the result in the pre-allocated buffer OUT. @@ -160,34 +143,18 @@ void gc_hash_close(gc_hash_handle handle); GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer must be 16 bytes. The return value is 0 (GC_OK) on success, or another Gc_rc error code. */ -Gc_rc gc_hash_buffer(Gc_hash hash, - const void *in, - size_t inlen, - char *out); +Gc_rc gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *out); /* One-call interface. */ -Gc_rc gc_md2(const void *in, - size_t inlen, - void *resbuf); -Gc_rc gc_md4(const void *in, - size_t inlen, - void *resbuf); -Gc_rc gc_md5(const void *in, - size_t inlen, - void *resbuf); -Gc_rc gc_sha1(const void *in, - size_t inlen, - void *resbuf); -Gc_rc gc_hmac_md5(const void *key, - size_t keylen, - const void *in, - size_t inlen, - char *resbuf); -Gc_rc gc_hmac_sha1(const void *key, - size_t keylen, - const void *in, - size_t inlen, - char *resbuf); +Gc_rc gc_md2 (const void *in, size_t inlen, void *resbuf); +Gc_rc gc_md4 (const void *in, size_t inlen, void *resbuf); +Gc_rc gc_md5 (const void *in, size_t inlen, void *resbuf); +Gc_rc gc_sha1 (const void *in, size_t inlen, void *resbuf); +Gc_rc gc_hmac_md5 (const void *key, + size_t keylen, const void *in, size_t inlen, char *resbuf); +Gc_rc gc_hmac_sha1 (const void *key, + size_t keylen, + const void *in, size_t inlen, char *resbuf); /* Derive cryptographic keys from a password P of length PLEN, with salt S of length SLEN, placing the result in pre-allocated buffer @@ -196,13 +163,10 @@ Gc_rc gc_hmac_sha1(const void *key, counts are 1000-20000). This function "stretches" the key to be exactly dkLen bytes long. GC_OK is returned on success, otherwise an Gc_rc error code is returned. */ -Gc_rc gc_pbkdf2_sha1(const char *P, - size_t Plen, - const char *S, - size_t Slen, - unsigned int c, - char *DK, - size_t dkLen); +Gc_rc gc_pbkdf2_sha1 (const char *P, + size_t Plen, + const char *S, + size_t Slen, unsigned int c, char *DK, size_t dkLen); /* TODO: diff --git a/src/daemon/https/lgl/gettext.h b/src/daemon/https/lgl/gettext.h @@ -131,8 +131,7 @@ inline #endif static const char * pgettext_aux (const char *domain, - const char *msg_ctxt_id, const char *msgid, - int category) + const char *msg_ctxt_id, const char *msgid, int category) { const char *translation = dcgettext (domain, msg_ctxt_id, category); if (translation == msg_ctxt_id) @@ -150,9 +149,8 @@ inline #endif static const char * npgettext_aux (const char *domain, - const char *msg_ctxt_id, const char *msgid, - const char *msgid_plural, unsigned long int n, - int category) + const char *msg_ctxt_id, const char *msgid, + const char *msgid_plural, unsigned long int n, int category) { const char *translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); @@ -190,8 +188,7 @@ inline #endif static const char * dcpgettext_expr (const char *domain, - const char *msgctxt, const char *msgid, - int category) + const char *msgctxt, const char *msgid, int category) { size_t msgctxt_len = strlen (msgctxt) + 1; size_t msgid_len = strlen (msgid) + 1; @@ -202,8 +199,7 @@ dcpgettext_expr (const char *domain, char buf[1024]; char *msg_ctxt_id = (msgctxt_len + msgid_len <= sizeof (buf) - ? buf - : (char *) malloc (msgctxt_len + msgid_len)); + ? buf : (char *) malloc (msgctxt_len + msgid_len)); if (msg_ctxt_id != NULL) #endif { @@ -213,10 +209,10 @@ dcpgettext_expr (const char *domain, translation = dcgettext (domain, msg_ctxt_id, category); #if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS if (msg_ctxt_id != buf) - free (msg_ctxt_id); + free (msg_ctxt_id); #endif if (translation != msg_ctxt_id) - return translation; + return translation; } return msgid; } @@ -235,9 +231,8 @@ inline #endif static const char * dcnpgettext_expr (const char *domain, - const char *msgctxt, const char *msgid, - const char *msgid_plural, unsigned long int n, - int category) + const char *msgctxt, const char *msgid, + const char *msgid_plural, unsigned long int n, int category) { size_t msgctxt_len = strlen (msgctxt) + 1; size_t msgid_len = strlen (msgid) + 1; @@ -248,21 +243,21 @@ dcnpgettext_expr (const char *domain, char buf[1024]; char *msg_ctxt_id = (msgctxt_len + msgid_len <= sizeof (buf) - ? buf - : (char *) malloc (msgctxt_len + msgid_len)); + ? buf : (char *) malloc (msgctxt_len + msgid_len)); if (msg_ctxt_id != NULL) #endif { memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); msg_ctxt_id[msgctxt_len - 1] = '\004'; memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); - translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); + translation = + dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); #if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS if (msg_ctxt_id != buf) - free (msg_ctxt_id); + free (msg_ctxt_id); #endif if (!(translation == msg_ctxt_id || translation == msgid_plural)) - return translation; + return translation; } return (n == 1 ? msgid : msgid_plural); } diff --git a/src/daemon/https/lgl/hmac.h b/src/daemon/https/lgl/hmac.h @@ -28,7 +28,7 @@ RESBUF buffer. Return 0 on success. */ int hmac_md5 (const void *key, size_t keylen, - const void *buffer, size_t buflen, void *resbuf); + const void *buffer, size_t buflen, void *resbuf); /* Compute Hashed Message Authentication Code with SHA-1, over BUFFER data of BUFLEN bytes using the KEY of KEYLEN bytes, writing the @@ -36,6 +36,6 @@ hmac_md5 (const void *key, size_t keylen, success. */ int hmac_sha1 (const void *key, size_t keylen, - const void *in, size_t inlen, void *resbuf); + const void *in, size_t inlen, void *resbuf); #endif /* HMAC_H */ diff --git a/src/daemon/https/lgl/md5.h b/src/daemon/https/lgl/md5.h @@ -74,21 +74,23 @@ struct md5_ctx /* Initialize structure containing state of computation. (RFC 1321, 3.3: Step 3) */ -extern void __md5_init_ctx (struct md5_ctx *ctx) __THROW; +extern void +__md5_init_ctx (struct md5_ctx *ctx) + __THROW; /* Starting with the result of former calls of this function (or the initialization function update the context for the next LEN bytes starting at BUFFER. It is necessary that LEN is a multiple of 64!!! */ -extern void __md5_process_block (const void *buffer, size_t len, - struct md5_ctx *ctx) __THROW; + extern void __md5_process_block (const void *buffer, size_t len, + struct md5_ctx *ctx) __THROW; /* Starting with the result of former calls of this function (or the initialization function update the context for the next LEN bytes starting at BUFFER. It is NOT required that LEN is a multiple of 64. */ -extern void __md5_process_bytes (const void *buffer, size_t len, - struct md5_ctx *ctx) __THROW; + extern void __md5_process_bytes (const void *buffer, size_t len, + struct md5_ctx *ctx) __THROW; /* Process the remaining bytes in the buffer and put result from CTX in first 16 bytes following RESBUF. The result is always in little @@ -97,7 +99,8 @@ extern void __md5_process_bytes (const void *buffer, size_t len, IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit boundary. */ -extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW; + extern void *__md5_finish_ctx (struct md5_ctx *ctx, + void *resbuf) __THROW; /* Put result from CTX in first 16 bytes following RESBUF. The result is @@ -106,19 +109,20 @@ extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW; IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit boundary. */ -extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW; + extern void *__md5_read_ctx (const struct md5_ctx *ctx, + void *resbuf) __THROW; /* Compute MD5 message digest for bytes read from STREAM. The resulting message digest number will be written into the 16 bytes beginning at RESBLOCK. */ -extern int __md5_stream (FILE *stream, void *resblock) __THROW; + extern int __md5_stream (FILE * stream, void *resblock) __THROW; /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message digest. */ -extern void *__md5_buffer (const char *buffer, size_t len, - void *resblock) __THROW; + extern void *__md5_buffer (const char *buffer, size_t len, + void *resblock) __THROW; #endif /* md5.h */ diff --git a/src/daemon/https/lgl/printf-args.h b/src/daemon/https/lgl/printf-args.h @@ -77,13 +77,11 @@ typedef enum TYPE_COUNT_INT_POINTER, TYPE_COUNT_LONGINT_POINTER #if HAVE_LONG_LONG_INT -, TYPE_COUNT_LONGLONGINT_POINTER + , TYPE_COUNT_LONGLONGINT_POINTER #endif #if ENABLE_UNISTDIO - /* The unistdio extensions. */ -, TYPE_U8_STRING -, TYPE_U16_STRING -, TYPE_U32_STRING + /* The unistdio extensions. */ + , TYPE_U8_STRING, TYPE_U16_STRING, TYPE_U32_STRING #endif } arg_type; @@ -93,42 +91,42 @@ typedef struct arg_type type; union { - signed char a_schar; - unsigned char a_uchar; - short a_short; - unsigned short a_ushort; - int a_int; - unsigned int a_uint; - long int a_longint; - unsigned long int a_ulongint; + signed char a_schar; + unsigned char a_uchar; + short a_short; + unsigned short a_ushort; + int a_int; + unsigned int a_uint; + long int a_longint; + unsigned long int a_ulongint; #if HAVE_LONG_LONG_INT - long long int a_longlongint; - unsigned long long int a_ulonglongint; + long long int a_longlongint; + unsigned long long int a_ulonglongint; #endif - float a_float; - double a_double; - long double a_longdouble; - int a_char; + float a_float; + double a_double; + long double a_longdouble; + int a_char; #if HAVE_WINT_T - wint_t a_wide_char; + wint_t a_wide_char; #endif - const char* a_string; + const char *a_string; #if HAVE_WCHAR_T - const wchar_t* a_wide_string; + const wchar_t *a_wide_string; #endif - void* a_pointer; - signed char * a_count_schar_pointer; - short * a_count_short_pointer; - int * a_count_int_pointer; - long int * a_count_longint_pointer; + void *a_pointer; + signed char *a_count_schar_pointer; + short *a_count_short_pointer; + int *a_count_int_pointer; + long int *a_count_longint_pointer; #if HAVE_LONG_LONG_INT - long long int * a_count_longlongint_pointer; + long long int *a_count_longlongint_pointer; #endif #if ENABLE_UNISTDIO /* The unistdio extensions. */ - const uint8_t * a_u8_string; - const uint16_t * a_u16_string; - const uint32_t * a_u32_string; + const uint8_t *a_u8_string; + const uint16_t *a_u16_string; + const uint32_t *a_u32_string; #endif } a; @@ -149,6 +147,6 @@ STATIC #else extern #endif -int PRINTF_FETCHARGS (va_list args, arguments *a); +int PRINTF_FETCHARGS (va_list args, arguments * a); #endif /* _PRINTF_ARGS_H */ diff --git a/src/daemon/https/lgl/printf-parse.h b/src/daemon/https/lgl/printf-parse.h @@ -25,11 +25,11 @@ #include "printf-args.h" /* Flags */ -#define FLAG_GROUP 1 /* ' flag */ -#define FLAG_LEFT 2 /* - flag */ -#define FLAG_SHOWSIGN 4 /* + flag */ -#define FLAG_SPACE 8 /* space flag */ -#define FLAG_ALT 16 /* # flag */ +#define FLAG_GROUP 1 /* ' flag */ +#define FLAG_LEFT 2 /* - flag */ +#define FLAG_SHOWSIGN 4 /* + flag */ +#define FLAG_SPACE 8 /* space flag */ +#define FLAG_ALT 16 /* # flag */ #define FLAG_ZERO 32 /* arg_index value indicating that no argument is consumed. */ @@ -41,16 +41,16 @@ /* A parsed directive. */ typedef struct { - const char* dir_start; - const char* dir_end; + const char *dir_start; + const char *dir_end; int flags; - const char* width_start; - const char* width_end; + const char *width_start; + const char *width_end; size_t width_arg_index; - const char* precision_start; - const char* precision_end; + const char *precision_start; + const char *precision_end; size_t precision_arg_index; - char conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ + char conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ size_t arg_index; } char_directive; @@ -70,16 +70,16 @@ char_directives; /* A parsed directive. */ typedef struct { - const uint8_t* dir_start; - const uint8_t* dir_end; + const uint8_t *dir_start; + const uint8_t *dir_end; int flags; - const uint8_t* width_start; - const uint8_t* width_end; + const uint8_t *width_start; + const uint8_t *width_end; size_t width_arg_index; - const uint8_t* precision_start; - const uint8_t* precision_end; + const uint8_t *precision_start; + const uint8_t *precision_end; size_t precision_arg_index; - uint8_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ + uint8_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ size_t arg_index; } u8_directive; @@ -97,16 +97,16 @@ u8_directives; /* A parsed directive. */ typedef struct { - const uint16_t* dir_start; - const uint16_t* dir_end; + const uint16_t *dir_start; + const uint16_t *dir_end; int flags; - const uint16_t* width_start; - const uint16_t* width_end; + const uint16_t *width_start; + const uint16_t *width_end; size_t width_arg_index; - const uint16_t* precision_start; - const uint16_t* precision_end; + const uint16_t *precision_start; + const uint16_t *precision_end; size_t precision_arg_index; - uint16_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ + uint16_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ size_t arg_index; } u16_directive; @@ -124,16 +124,16 @@ u16_directives; /* A parsed directive. */ typedef struct { - const uint32_t* dir_start; - const uint32_t* dir_end; + const uint32_t *dir_start; + const uint32_t *dir_end; int flags; - const uint32_t* width_start; - const uint32_t* width_end; + const uint32_t *width_start; + const uint32_t *width_end; size_t width_arg_index; - const uint32_t* precision_start; - const uint32_t* precision_end; + const uint32_t *precision_start; + const uint32_t *precision_end; size_t precision_arg_index; - uint32_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ + uint32_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ size_t arg_index; } u32_directive; @@ -157,22 +157,20 @@ u32_directives; arguments and the needed count of arguments. */ #if ENABLE_UNISTDIO extern int - ulc_printf_parse (const char *format, char_directives *d, arguments *a); +ulc_printf_parse (const char *format, char_directives * d, arguments * a); extern int - u8_printf_parse (const uint8_t *format, u8_directives *d, arguments *a); +u8_printf_parse (const uint8_t * format, u8_directives * d, arguments * a); extern int - u16_printf_parse (const uint16_t *format, u16_directives *d, - arguments *a); +u16_printf_parse (const uint16_t * format, u16_directives * d, arguments * a); extern int - u32_printf_parse (const uint32_t *format, u32_directives *d, - arguments *a); +u32_printf_parse (const uint32_t * format, u32_directives * d, arguments * a); #else # ifdef STATIC STATIC # else extern # endif -int printf_parse (const char *format, char_directives *d, arguments *a); +int printf_parse (const char *format, char_directives * d, arguments * a); #endif #endif /* _PRINTF_PARSE_H */ diff --git a/src/daemon/https/lgl/rijndael-alg-fst.c b/src/daemon/https/lgl/rijndael-alg-fst.c @@ -135,6 +135,7 @@ static const uint32_t Te0[256] = { 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, }; + static const uint32_t Te1[256] = { 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, @@ -201,6 +202,7 @@ static const uint32_t Te1[256] = { 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, }; + static const uint32_t Te2[256] = { 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, @@ -267,6 +269,7 @@ static const uint32_t Te2[256] = { 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f, 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, }; + static const uint32_t Te3[256] = { 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, @@ -333,6 +336,7 @@ static const uint32_t Te3[256] = { 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e, 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, }; + static const uint32_t Te4[256] = { 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, @@ -399,6 +403,7 @@ static const uint32_t Te4[256] = { 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616, }; + static const uint32_t Td0[256] = { 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, @@ -465,6 +470,7 @@ static const uint32_t Td0[256] = { 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742, }; + static const uint32_t Td1[256] = { 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, @@ -531,6 +537,7 @@ static const uint32_t Td1[256] = { 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857, }; + static const uint32_t Td2[256] = { 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3, @@ -597,6 +604,7 @@ static const uint32_t Td2[256] = { 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8, }; + static const uint32_t Td3[256] = { 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, @@ -663,6 +671,7 @@ static const uint32_t Td3[256] = { 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064, 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0, }; + static const uint32_t Td4[256] = { 0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5, 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, @@ -729,6 +738,7 @@ static const uint32_t Td4[256] = { 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, 0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d, }; + static const uint32_t rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, diff --git a/src/daemon/https/lgl/rijndael-alg-fst.h b/src/daemon/https/lgl/rijndael-alg-fst.h @@ -56,12 +56,12 @@ #define RIJNDAEL_MAXNR 14 int rijndaelKeySetupEnc (uint32_t rk[ /*4*(Nr + 1) */ ], - const char cipherKey[], size_t keyBits); + const char cipherKey[], size_t keyBits); int rijndaelKeySetupDec (uint32_t rk[ /*4*(Nr + 1) */ ], - const char cipherKey[], size_t keyBits); + const char cipherKey[], size_t keyBits); void rijndaelEncrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, - const char pt[16], char ct[16]); + const char pt[16], char ct[16]); void rijndaelDecrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, - const char ct[16], char pt[16]); + const char ct[16], char pt[16]); #endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/src/daemon/https/lgl/rijndael-api-fst.h b/src/daemon/https/lgl/rijndael-api-fst.h @@ -95,15 +95,15 @@ typedef enum typedef enum { - RIJNDAEL_DIR_ENCRYPT = 0, /* Are we encrypting? */ - RIJNDAEL_DIR_DECRYPT = 1 /* Are we decrypting? */ + RIJNDAEL_DIR_ENCRYPT = 0, /* Are we encrypting? */ + RIJNDAEL_DIR_DECRYPT = 1 /* Are we decrypting? */ } rijndael_direction; typedef enum { - RIJNDAEL_MODE_ECB = 1, /* Are we ciphering in ECB mode? */ - RIJNDAEL_MODE_CBC = 2, /* Are we ciphering in CBC mode? */ - RIJNDAEL_MODE_CFB1 = 3 /* Are we ciphering in 1-bit CFB mode? */ + RIJNDAEL_MODE_ECB = 1, /* Are we ciphering in ECB mode? */ + RIJNDAEL_MODE_CBC = 2, /* Are we ciphering in CBC mode? */ + RIJNDAEL_MODE_CFB1 = 3 /* Are we ciphering in 1-bit CFB mode? */ } rijndael_mode; /* The structure for key information */ @@ -125,8 +125,8 @@ typedef struct /* The structure for cipher information */ typedef struct -{ /* changed order of the components */ - rijndael_mode mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ +{ /* changed order of the components */ + rijndael_mode mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ /* A possible Initialization Vector for ciphering */ char IV[RIJNDAEL_MAX_IV_SIZE]; } rijndaelCipherInstance; @@ -137,16 +137,16 @@ typedef struct from KEYMATERIAL, a hex string, of KEYLEN size. KEYLEN should be 128, 192 or 256. Returns 0 on success, or an error code. */ extern rijndael_rc -rijndaelMakeKey (rijndaelKeyInstance *key, rijndael_direction direction, - size_t keyLen, const char *keyMaterial); +rijndaelMakeKey (rijndaelKeyInstance * key, rijndael_direction direction, + size_t keyLen, const char *keyMaterial); /* Initialize cipher state CIPHER for encryption MODE (e.g., RIJNDAEL_MODE_CBC) with initialization vector IV, a hex string of 2*RIJNDAEL_MAX_IV_SIZE length. IV may be NULL for modes that do not need an IV (i.e., RIJNDAEL_MODE_ECB). */ extern rijndael_rc -rijndaelCipherInit (rijndaelCipherInstance *cipher, - rijndael_mode mode, const char *IV); +rijndaelCipherInit (rijndaelCipherInstance * cipher, + rijndael_mode mode, const char *IV); /* Encrypt data in INPUT, of INPUTLEN/8 bytes length, placing the output in the pre-allocated OUTBUFFER which must hold at least @@ -156,10 +156,9 @@ rijndaelCipherInit (rijndaelCipherInstance *cipher, calling this function. Return the number of bits written, or a negative rijndael_rc error code. */ extern int -rijndaelBlockEncrypt (rijndaelCipherInstance *cipher, - const rijndaelKeyInstance *key, - const char *input, size_t inputLen, - char *outBuffer); +rijndaelBlockEncrypt (rijndaelCipherInstance * cipher, + const rijndaelKeyInstance * key, + const char *input, size_t inputLen, char *outBuffer); /* Encrypt data in INPUT, of INPUTOCTETS bytes length, placing the output in the pre-allocated OUTBUFFER which must hold at least @@ -171,10 +170,9 @@ rijndaelBlockEncrypt (rijndaelCipherInstance *cipher, calling this function. Return the number of bits written, or a negative rijndael_rc error code. */ extern int -rijndaelPadEncrypt (rijndaelCipherInstance *cipher, - const rijndaelKeyInstance *key, - const char *input, size_t inputOctets, - char *outBuffer); +rijndaelPadEncrypt (rijndaelCipherInstance * cipher, + const rijndaelKeyInstance * key, + const char *input, size_t inputOctets, char *outBuffer); /* Decrypt data in INPUT, of INPUTLEN/8 bytes length, placing the output in the pre-allocated OUTBUFFER which must hold at least @@ -184,10 +182,9 @@ rijndaelPadEncrypt (rijndaelCipherInstance *cipher, calling this function. Return the number of bits written, or a negative rijndael_rc error code. */ extern int -rijndaelBlockDecrypt (rijndaelCipherInstance *cipher, - const rijndaelKeyInstance *key, - const char *input, size_t inputLen, - char *outBuffer); +rijndaelBlockDecrypt (rijndaelCipherInstance * cipher, + const rijndaelKeyInstance * key, + const char *input, size_t inputLen, char *outBuffer); /* Decrypt data in INPUT, of INPUTOCTETS bytes length, placing the output in the pre-allocated OUTBUFFER which must hold at least @@ -199,9 +196,8 @@ rijndaelBlockDecrypt (rijndaelCipherInstance *cipher, calling this function. Return the number of bits written, or a negative rijndael_rc error code. */ extern int -rijndaelPadDecrypt (rijndaelCipherInstance *cipher, - const rijndaelKeyInstance *key, - const char *input, size_t inputOctets, - char *outBuffer); +rijndaelPadDecrypt (rijndaelCipherInstance * cipher, + const rijndaelKeyInstance * key, + const char *input, size_t inputOctets, char *outBuffer); #endif /* __RIJNDAEL_API_FST_H */ diff --git a/src/daemon/https/lgl/sha1.h b/src/daemon/https/lgl/sha1.h @@ -45,14 +45,14 @@ extern void sha1_init_ctx (struct sha1_ctx *ctx); starting at BUFFER. It is necessary that LEN is a multiple of 64!!! */ extern void sha1_process_block (const void *buffer, size_t len, - struct sha1_ctx *ctx); + struct sha1_ctx *ctx); /* Starting with the result of former calls of this function (or the initialization function update the context for the next LEN bytes starting at BUFFER. It is NOT required that LEN is a multiple of 64. */ extern void sha1_process_bytes (const void *buffer, size_t len, - struct sha1_ctx *ctx); + struct sha1_ctx *ctx); /* Process the remaining bytes in the buffer and put result from CTX in first 20 bytes following RESBUF. The result is always in little @@ -76,7 +76,7 @@ extern void *sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf); /* Compute SHA1 message digest for bytes read from STREAM. The resulting message digest number will be written into the 20 bytes beginning at RESBLOCK. */ -extern int sha1_stream (FILE *stream, void *resblock); +extern int sha1_stream (FILE * stream, void *resblock); /* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The result is always in little endian byte order, so that a byte-wise diff --git a/src/daemon/https/lgl/vasnprintf.h b/src/daemon/https/lgl/vasnprintf.h @@ -27,7 +27,7 @@ #ifndef __attribute__ /* This feature is available in gcc versions 2.5 and later. */ # if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) || __STRICT_ANSI__ -# define __attribute__(Spec) /* empty */ +# define __attribute__(Spec) /* empty */ # endif /* The __-protected variants of `format' and `printf' attributes are accepted by gcc versions 2.6.4 (effectively 2.7) and later. */ @@ -38,7 +38,8 @@ #endif #ifdef __cplusplus -extern "C" { +extern "C" +{ #endif /* Write formatted output to a string dynamically allocated with malloc(). @@ -69,13 +70,15 @@ extern "C" { # define asnprintf rpl_asnprintf # define vasnprintf rpl_vasnprintf #endif -extern char * asnprintf (char *resultbuf, size_t *lengthp, const char *format, ...) - __attribute__ ((__format__ (__printf__, 3, 4))); -extern char * vasnprintf (char *resultbuf, size_t *lengthp, const char *format, va_list args) - __attribute__ ((__format__ (__printf__, 3, 0))); + extern char *asnprintf (char *resultbuf, size_t * lengthp, + const char *format, ...) + __attribute__ ((__format__ (__printf__, 3, 4))); + extern char *vasnprintf (char *resultbuf, size_t * lengthp, + const char *format, va_list args) + __attribute__ ((__format__ (__printf__, 3, 0))); #ifdef __cplusplus } #endif -#endif /* _VASNPRINTF_H */ +#endif /* _VASNPRINTF_H */ diff --git a/src/daemon/https/lgl/xsize.h b/src/daemon/https/lgl/xsize.h @@ -51,9 +51,9 @@ /* Sum of two sizes, with overflow check. */ static inline size_t #if __GNUC__ >= 3 -__attribute__ ((__pure__)) + __attribute__ ((__pure__)) #endif -xsum (size_t size1, size_t size2) + xsum (size_t size1, size_t size2) { size_t sum = size1 + size2; return (sum >= size1 ? sum : SIZE_MAX); @@ -62,9 +62,9 @@ xsum (size_t size1, size_t size2) /* Sum of three sizes, with overflow check. */ static inline size_t #if __GNUC__ >= 3 -__attribute__ ((__pure__)) + __attribute__ ((__pure__)) #endif -xsum3 (size_t size1, size_t size2, size_t size3) + xsum3 (size_t size1, size_t size2, size_t size3) { return xsum (xsum (size1, size2), size3); } @@ -72,9 +72,9 @@ xsum3 (size_t size1, size_t size2, size_t size3) /* Sum of four sizes, with overflow check. */ static inline size_t #if __GNUC__ >= 3 -__attribute__ ((__pure__)) + __attribute__ ((__pure__)) #endif -xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) + xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) { return xsum (xsum (xsum (size1, size2), size3), size4); } @@ -82,9 +82,9 @@ xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) /* Maximum of two sizes, with overflow check. */ static inline size_t #if __GNUC__ >= 3 -__attribute__ ((__pure__)) + __attribute__ ((__pure__)) #endif -xmax (size_t size1, size_t size2) + xmax (size_t size1, size_t size2) { /* No explicit check is needed here, because for any n: max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */ @@ -106,4 +106,3 @@ xmax (size_t size1, size_t size2) ((SIZE) != SIZE_MAX) #endif /* _XSIZE_H */ - diff --git a/src/daemon/https/minitasn1/coding.c b/src/daemon/https/minitasn1/coding.c @@ -385,7 +385,7 @@ _asn1_complete_explicit_tag (node_asn * node, unsigned char *der, p = node->down; /* When there are nested tags we must complete them reverse to the order they were created. This is because completing a tag - modifies all data within it, including the incomplete tags + modifies all data within it, including the incomplete tags which store buffer positions -- simon@josefsson.org 2002-09-06 */ while (p->right) diff --git a/src/daemon/https/minitasn1/decoding.c b/src/daemon/https/minitasn1/decoding.c @@ -2557,7 +2557,7 @@ asn1_expand_any_defined_by (ASN1_TYPE definitions, ASN1_TYPE * element) if ((result == ASN1_SUCCESS) && (!strcmp (p3->value, value))) { - p2 = p2->right; /* pointer to the structure to + p2 = p2->right; /* pointer to the structure to use for expansion */ while ((p2) && (p2->type & CONST_ASSIGN)) p2 = p2->right; @@ -2747,7 +2747,7 @@ asn1_expand_octet_string (ASN1_TYPE definitions, ASN1_TYPE * element, && (!strcmp (objectNode->value, value))) { - p2 = p2->right; /* pointer to the structure to + p2 = p2->right; /* pointer to the structure to use for expansion */ while ((p2) && (p2->type & CONST_ASSIGN)) p2 = p2->right; diff --git a/src/daemon/https/minitasn1/element.h b/src/daemon/https/minitasn1/element.h @@ -3,11 +3,12 @@ #define _ELEMENT_H -asn1_retCode _asn1_append_sequence_set(node_asn *node); +asn1_retCode _asn1_append_sequence_set (node_asn * node); -asn1_retCode _asn1_convert_integer(const char *value,unsigned char *value_out, - int value_out_size, int *len); +asn1_retCode _asn1_convert_integer (const char *value, + unsigned char *value_out, + int value_out_size, int *len); -void _asn1_hierarchical_name(node_asn *node,char *name,int name_size); +void _asn1_hierarchical_name (node_asn * node, char *name, int name_size); #endif diff --git a/src/daemon/https/minitasn1/errors.h b/src/daemon/https/minitasn1/errors.h @@ -25,6 +25,6 @@ #include "int.h" -void _libtasn1_log( const char *fmt, ...); +void _libtasn1_log (const char *fmt, ...); #endif /* ERRORS_H */ diff --git a/src/daemon/https/minitasn1/gstr.h b/src/daemon/https/minitasn1/gstr.h @@ -1,5 +1,5 @@ -void _asn1_str_cpy( char* dest, size_t dest_tot_size, const char* src); -void _asn1_str_cat( char* dest, size_t dest_tot_size, const char* src); +void _asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src); +void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src); #define Estrcpy(x,y) _asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y) #define Estrcat(x,y) _asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y) diff --git a/src/daemon/https/minitasn1/int.h b/src/daemon/https/minitasn1/int.h @@ -34,7 +34,7 @@ #include <mem.h> -#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ +#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ /* Define used for visiting trees. */ #define UP 1 @@ -82,13 +82,13 @@ #define CONST_EXPLICIT (1<<11) #define CONST_IMPLICIT (1<<12) -#define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ +#define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ #define CONST_OPTION (1<<14) #define CONST_DEFAULT (1<<15) #define CONST_TRUE (1<<16) #define CONST_FALSE (1<<17) -#define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ +#define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ #define CONST_MIN_MAX (1<<19) #define CONST_1_PARAM (1<<20) diff --git a/src/daemon/https/minitasn1/libtasn1.h b/src/daemon/https/minitasn1/libtasn1.h @@ -24,7 +24,7 @@ #ifndef LIBTASN1_H # define LIBTASN1_H -#include <stdio.h> /* for FILE* */ +#include <stdio.h> /* for FILE* */ #ifdef __cplusplus extern "C" @@ -36,14 +36,14 @@ extern "C" #include <sys/types.h> #include <time.h> -#define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ +#define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ /* inside a file with ASN1 definitons */ -#define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ +#define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ /* of a description message */ /* (null character included) */ - typedef int asn1_retCode; /* type returned by libtasn1 functions */ + typedef int asn1_retCode; /* type returned by libtasn1 functions */ /*****************************************/ /* Errors returned by libtasn1 functions */ @@ -78,10 +78,10 @@ extern "C" /*****************************************/ /* Constants returned by asn1_read_tag */ /*****************************************/ -#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ -#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ -#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ -#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ +#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ +#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ +#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ +#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ #define ASN1_CLASS_STRUCTURED 0x20 /*****************************************/ @@ -107,13 +107,13 @@ extern "C" struct node_asn_struct { - char *name; /* Node name */ - unsigned int type; /* Node type */ - unsigned char *value; /* Node value */ + char *name; /* Node name */ + unsigned int type; /* Node type */ + unsigned char *value; /* Node value */ int value_len; - struct node_asn_struct *down; /* Pointer to the son node */ - struct node_asn_struct *right; /* Pointer to the brother node */ - struct node_asn_struct *left; /* Pointer to the next list element */ + struct node_asn_struct *down; /* Pointer to the son node */ + struct node_asn_struct *right; /* Pointer to the brother node */ + struct node_asn_struct *left; /* Pointer to the next list element */ }; typedef struct node_asn_struct node_asn; @@ -124,9 +124,9 @@ extern "C" struct static_struct_asn { - const char *name; /* Node name */ - unsigned int type; /* Node type */ - const void *value; /* Node value */ + const char *name; /* Node name */ + unsigned int type; /* Node type */ + const void *value; /* Node value */ }; typedef struct static_struct_asn ASN1_ARRAY_TYPE; @@ -138,68 +138,68 @@ extern "C" /***********************************/ asn1_retCode asn1_parser2tree (const char *file_name, - ASN1_TYPE * definitions, - char *errorDescription); + ASN1_TYPE * definitions, + char *errorDescription); asn1_retCode asn1_parser2array (const char *inputFileName, - const char *outputFileName, - const char *vectorName, - char *errorDescription); + const char *outputFileName, + const char *vectorName, + char *errorDescription); asn1_retCode asn1_array2tree (const ASN1_ARRAY_TYPE * array, - ASN1_TYPE * definitions, - char *errorDescription); + ASN1_TYPE * definitions, + char *errorDescription); - void asn1_print_structure (FILE *out, ASN1_TYPE structure, const char *name, - int mode); + void asn1_print_structure (FILE * out, ASN1_TYPE structure, + const char *name, int mode); asn1_retCode asn1_create_element (ASN1_TYPE definitions, - const char *source_name, - ASN1_TYPE * element); + const char *source_name, + ASN1_TYPE * element); asn1_retCode asn1_delete_structure (ASN1_TYPE * structure); asn1_retCode asn1_delete_element (ASN1_TYPE structure, - const char *element_name); + const char *element_name); asn1_retCode asn1_write_value (ASN1_TYPE node_root, const char *name, - const void *ivalue, int len); + const void *ivalue, int len); asn1_retCode asn1_read_value (ASN1_TYPE root, const char *name, - void *ivalue, int *len); + void *ivalue, int *len); asn1_retCode asn1_number_of_elements (ASN1_TYPE element, const char *name, - int *num); + int *num); asn1_retCode asn1_der_coding (ASN1_TYPE element, const char *name, - void *ider, int *len, char *ErrorDescription); + void *ider, int *len, char *ErrorDescription); asn1_retCode asn1_der_decoding (ASN1_TYPE * element, const void *ider, - int len, char *errorDescription); + int len, char *errorDescription); asn1_retCode asn1_der_decoding_element (ASN1_TYPE * structure, - const char *elementName, - const void *ider, int len, - char *errorDescription); + const char *elementName, + const void *ider, int len, + char *errorDescription); asn1_retCode asn1_der_decoding_startEnd (ASN1_TYPE element, - const void *ider, int len, - const char *name_element, - int *start, int *end); + const void *ider, int len, + const char *name_element, + int *start, int *end); asn1_retCode asn1_expand_any_defined_by (ASN1_TYPE definitions, - ASN1_TYPE * element); + ASN1_TYPE * element); asn1_retCode asn1_expand_octet_string (ASN1_TYPE definitions, - ASN1_TYPE * element, - const char *octetName, - const char *objectName); + ASN1_TYPE * element, + const char *octetName, + const char *objectName); asn1_retCode asn1_read_tag (node_asn * root, const char *name, - int *tagValue, int *classValue); + int *tagValue, int *classValue); const char *asn1_find_structure_from_oid (ASN1_TYPE definitions, - const char *oidValue); + const char *oidValue); const char *asn1_check_version (const char *req_version); @@ -210,37 +210,37 @@ extern "C" /* DER utility functions. */ int asn1_get_tag_der (const unsigned char *der, int der_len, - unsigned char *cls, int *len, unsigned long *tag); + unsigned char *cls, int *len, unsigned long *tag); void asn1_octet_der (const unsigned char *str, int str_len, - unsigned char *der, int *der_len); + unsigned char *der, int *der_len); asn1_retCode asn1_get_octet_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, - int str_size, int *str_len); + int *ret_len, unsigned char *str, + int str_size, int *str_len); void asn1_bit_der (const unsigned char *str, int bit_len, - unsigned char *der, int *der_len); + unsigned char *der, int *der_len); asn1_retCode asn1_get_bit_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, - int str_size, int *bit_len); + int *ret_len, unsigned char *str, + int str_size, int *bit_len); signed long asn1_get_length_der (const unsigned char *der, int der_len, - int *len); + int *len); void asn1_length_der (unsigned long int len, unsigned char *ans, - int *ans_len); + int *ans_len); /* Other utility functions. */ ASN1_TYPE asn1_find_node (ASN1_TYPE pointer, const char *name); asn1_retCode asn1_copy_node (ASN1_TYPE dst, const char *dst_name, - ASN1_TYPE src, const char *src_name); + ASN1_TYPE src, const char *src_name); #ifdef __cplusplus } #endif -#endif /* LIBTASN1_H */ +#endif /* LIBTASN1_H */ diff --git a/src/daemon/https/minitasn1/mem.h b/src/daemon/https/minitasn1/mem.h @@ -23,5 +23,3 @@ #define _asn1_strdup strdup #endif /* MEM_H */ - - diff --git a/src/daemon/https/minitasn1/parser_aux.c b/src/daemon/https/minitasn1/parser_aux.c @@ -161,7 +161,7 @@ asn1_find_node (ASN1_TYPE pointer, const char *name) p = p->down; - /* The identifier "?LAST" indicates the last element + /* The identifier "?LAST" indicates the last element in the right chain. */ if (!strcmp (n, "?LAST")) { diff --git a/src/daemon/https/minitasn1/parser_aux.h b/src/daemon/https/minitasn1/parser_aux.h @@ -6,58 +6,45 @@ /***************************************/ /* Functions used by ASN.1 parser */ /***************************************/ -node_asn * -_asn1_add_node(unsigned int type); +node_asn *_asn1_add_node (unsigned int type); -node_asn * -_asn1_set_value(node_asn *node,const void *value,unsigned int len); +node_asn *_asn1_set_value (node_asn * node, const void *value, + unsigned int len); -node_asn * -_asn1_set_name(node_asn *node,const char *name); +node_asn *_asn1_set_name (node_asn * node, const char *name); -node_asn * -_asn1_set_right(node_asn *node,node_asn *right); +node_asn *_asn1_set_right (node_asn * node, node_asn * right); -node_asn * -_asn1_get_right(node_asn *node); +node_asn *_asn1_get_right (node_asn * node); -node_asn * -_asn1_get_last_right(node_asn *node); +node_asn *_asn1_get_last_right (node_asn * node); -node_asn * -_asn1_set_down(node_asn *node,node_asn *down); +node_asn *_asn1_set_down (node_asn * node, node_asn * down); -char * -_asn1_get_name(node_asn *node); +char *_asn1_get_name (node_asn * node); -node_asn * -_asn1_get_down(node_asn *node); +node_asn *_asn1_get_down (node_asn * node); -node_asn * -_asn1_mod_type(node_asn *node,unsigned int value); +node_asn *_asn1_mod_type (node_asn * node, unsigned int value); -void -_asn1_remove_node(node_asn *node); +void _asn1_remove_node (node_asn * node); -void _asn1_delete_list(void); +void _asn1_delete_list (void); -void _asn1_delete_list_and_nodes(void); +void _asn1_delete_list_and_nodes (void); -char * _asn1_ltostr(long v,char *str); +char *_asn1_ltostr (long v, char *str); -node_asn * _asn1_find_up(node_asn *node); +node_asn *_asn1_find_up (node_asn * node); -asn1_retCode _asn1_change_integer_value(ASN1_TYPE node); +asn1_retCode _asn1_change_integer_value (ASN1_TYPE node); -asn1_retCode _asn1_expand_object_id(ASN1_TYPE node); +asn1_retCode _asn1_expand_object_id (ASN1_TYPE node); -asn1_retCode _asn1_type_set_config(ASN1_TYPE node); +asn1_retCode _asn1_type_set_config (ASN1_TYPE node); -asn1_retCode _asn1_check_identifier(ASN1_TYPE node); +asn1_retCode _asn1_check_identifier (ASN1_TYPE node); -asn1_retCode _asn1_set_default_tag(ASN1_TYPE node); +asn1_retCode _asn1_set_default_tag (ASN1_TYPE node); #endif - - - diff --git a/src/daemon/https/minitasn1/structure.h b/src/daemon/https/minitasn1/structure.h @@ -8,16 +8,16 @@ #ifndef _STRUCTURE_H #define _STRUCTURE_H -asn1_retCode _asn1_create_static_structure(node_asn *pointer, - char* output_file_name,char *vector_name); +asn1_retCode _asn1_create_static_structure (node_asn * pointer, + char *output_file_name, + char *vector_name); -node_asn* _asn1_copy_structure3(node_asn *source_node); +node_asn *_asn1_copy_structure3 (node_asn * source_node); -node_asn* _asn1_copy_structure2(node_asn *root,const char *source_name); +node_asn *_asn1_copy_structure2 (node_asn * root, const char *source_name); -node_asn * _asn1_add_node_only(unsigned int type); +node_asn *_asn1_add_node_only (unsigned int type); -node_asn * _asn1_find_left(node_asn *node); +node_asn *_asn1_find_left (node_asn * node); #endif - diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c @@ -41,15 +41,17 @@ #include <auth_dh_common.h> static int mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t, opaque **); -static int mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t, opaque *, size_t); -static int mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t, opaque *, size_t); +static int mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t, opaque *, + size_t); +static int mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t, opaque *, + size_t); const mhd_gtls_mod_auth_st mhd_gtls_anon_auth_struct = { "ANON", NULL, NULL, mhd_gtls_gen_anon_server_kx, - mhd_gtls_gen_dh_common_client_kx, /* this can be shared */ + mhd_gtls_gen_dh_common_client_kx, /* this can be shared */ NULL, NULL, @@ -92,7 +94,7 @@ mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t session, opaque ** data) if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, - sizeof (anon_auth_info_st), 1)) < 0) + sizeof (anon_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -112,7 +114,7 @@ mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t session, opaque ** data) static int mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { mhd_gtls_anon_server_credentials_t cred; int bits; @@ -151,7 +153,7 @@ mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data, int mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { int ret; @@ -159,7 +161,7 @@ mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data, /* set auth_info */ if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, - sizeof (anon_auth_info_st), 1)) < 0) + sizeof (anon_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h @@ -43,6 +43,6 @@ typedef struct mhd_gtls_anon_client_credentials_st typedef struct mhd_gtls_anon_auth_info_st { mhd_gtls_dh_info_st dh; -} * mhd_anon_auth_info_t; +} *mhd_anon_auth_info_t; typedef struct mhd_gtls_anon_auth_info_st anon_auth_info_st; diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c @@ -50,7 +50,7 @@ static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); -/* Copies data from a internal certificate struct (gnutls_cert) to +/* Copies data from a internal certificate struct (gnutls_cert) to * exported certificate struct (cert_auth_info_t) */ static int @@ -81,8 +81,7 @@ _gnutls_copy_certificate_auth_info (cert_auth_info_t info, if (cert->raw.size > 0) { ret = - _gnutls_set_datum (&info-> - raw_certificate_list[i], + _gnutls_set_datum (&info->raw_certificate_list[i], cert[i].raw.data, cert[i].raw.size); if (ret < 0) { @@ -113,9 +112,10 @@ clear: * -1 otherwise. */ inline static int -_gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm * - pk_algos, int pk_algos_length, - enum MHD_GNUTLS_PublicKeyAlgorithm algo_to_check) +_gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm + *pk_algos, int pk_algos_length, + enum MHD_GNUTLS_PublicKeyAlgorithm + algo_to_check) { int i; for (i = 0; i < pk_algos_length; i++) @@ -129,7 +129,7 @@ _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm * } -/* Returns the issuer's Distinguished name in odn, of the certificate +/* Returns the issuer's Distinguished name in odn, of the certificate * specified in cert. */ static int @@ -179,13 +179,13 @@ _gnutls_cert_get_issuer_dn (gnutls_cert * cert, gnutls_datum_t * odn) /* Locates the most appropriate x509 certificate using the * given DN. If indx == -1 then no certificate was found. * - * That is to guess which certificate to use, based on the + * That is to guess which certificate to use, based on the * CAs and sign algorithms supported by the peer server. */ static int _find_x509_cert (const mhd_gtls_cert_credentials_t cred, opaque * _data, size_t _data_size, - const enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, + const enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, int pk_algos_length, int *indx) { unsigned size; @@ -210,8 +210,8 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred, for (j = 0; j < cred->cert_list_length[i]; j++) { if ((result = - _gnutls_cert_get_issuer_dn (&cred-> - cert_list[i][j], &odn)) < 0) + _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], + &odn)) < 0) { gnutls_assert (); return result; @@ -271,7 +271,7 @@ get_issuers_num (mhd_gtls_session_t session, opaque * data, ssize_t data_size) if (data_size > 0) do { - /* This works like DECR_LEN() + /* This works like DECR_LEN() */ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; DECR_LENGTH_COM (data_size, 2, goto error); @@ -348,14 +348,16 @@ static int call_get_cert_callback (mhd_gtls_session_t session, gnutls_datum_t * issuers_dn, int issuers_dn_length, - enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) + enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, + int pk_algos_length) { unsigned i; gnutls_cert *local_certs = NULL; gnutls_privkey *local_key = NULL; gnutls_retr_st st; int ret; - enum MHD_GNUTLS_CertificateType type = gnutls_certificate_type_get (session); + enum MHD_GNUTLS_CertificateType type = + gnutls_certificate_type_get (session); mhd_gtls_cert_credentials_t cred; cred = (mhd_gtls_cert_credentials_t) @@ -411,8 +413,8 @@ call_get_cert_callback (mhd_gtls_session_t session, } mhd_gtls_selected_certs_set (session, local_certs, - (local_certs != NULL) ? st.ncerts : 0, - local_key, 1); + (local_certs != NULL) ? st.ncerts : 0, + local_key, 1); ret = 0; @@ -443,7 +445,8 @@ cleanup: static int _select_client_cert (mhd_gtls_session_t session, opaque * _data, size_t _data_size, - enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) + enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, + int pk_algos_length) { int result; int indx = -1; @@ -464,7 +467,7 @@ _select_client_cert (mhd_gtls_session_t session, if (cred->client_get_cert_callback != NULL) { - /* use a callback to get certificate + /* use a callback to get certificate */ if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) issuers_dn_length = 0; @@ -523,9 +526,9 @@ _select_client_cert (mhd_gtls_session_t session, if (indx >= 0) { mhd_gtls_selected_certs_set (session, - &cred->cert_list[indx][0], - cred->cert_list_length[indx], - &cred->pkey[indx], 0); + &cred->cert_list[indx][0], + cred->cert_list_length[indx], + &cred->pkey[indx], 0); } else { @@ -553,11 +556,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) gnutls_privkey *apr_pkey; int apr_cert_list_length; - /* find the appropriate certificate + /* find the appropriate certificate */ if ((ret = mhd_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -576,7 +579,7 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) * instead of: * 0B 00 00 00 // empty certificate handshake * - * ( the above is the whole handshake message, not + * ( the above is the whole handshake message, not * the one produced here ) */ @@ -600,7 +603,8 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) } int -mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) +mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, + opaque ** data) { switch (session->security_parameters.cert_type) { @@ -614,7 +618,8 @@ mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data } int -mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data) +mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, + opaque ** data) { switch (session->security_parameters.cert_type) { @@ -632,7 +637,7 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) int mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { int size, len, ret; opaque *p = data; @@ -655,7 +660,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 1)) < 0) + sizeof (cert_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -703,7 +708,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, } /* Ok we now allocate the memory to hold the - * certificate list + * certificate list */ peer_certificate_list = @@ -734,8 +739,8 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, if ((ret = mhd_gtls_x509_raw_cert_to_gcert (&peer_certificate_list - [j], &tmp, - CERT_ONLY_EXTENSIONS)) < 0) + [j], &tmp, + CERT_ONLY_EXTENSIONS)) < 0) { gnutls_assert (); goto cleanup; @@ -775,7 +780,7 @@ cleanup: int mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { switch (session->security_parameters.cert_type) { @@ -792,7 +797,7 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN } CertificateSigType; -/* Checks if we support the given signature algorithm +/* Checks if we support the given signature algorithm * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm * if true; */ @@ -810,7 +815,7 @@ _gnutls_check_supported_sign_algo (CertificateSigType algo) int mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { int size, ret; opaque *p; @@ -832,7 +837,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) + sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); return ret; @@ -898,7 +903,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, return ret; } - /* We should reply with a certificate message, + /* We should reply with a certificate message, * even if we have no certificate to send. */ session->key->certificate_requested = 1; @@ -907,7 +912,8 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, } int -mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) +mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, + opaque ** data) { int ret; gnutls_cert *apr_cert_list; @@ -920,7 +926,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = mhd_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -930,8 +936,8 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) { if ((ret = mhd_gtls_tls_sign_hdata (session, - &apr_cert_list[0], - apr_pkey, &signature)) < 0) + &apr_cert_list[0], + apr_pkey, &signature)) < 0) { gnutls_assert (); return ret; @@ -960,7 +966,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) int mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { int size, ret; ssize_t dsize = data_size; @@ -986,9 +992,9 @@ mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, sig.size = size; ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY); + session->security_parameters.cert_type, + &info->raw_certificate_list[0], + CERT_NO_COPY); if (ret < 0) { @@ -1029,7 +1035,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq + size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq */ if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && @@ -1079,7 +1085,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) } -/* This function will return the appropriate certificate to use. +/* This function will return the appropriate certificate to use. * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. * The return value is a negative value on error. * @@ -1088,9 +1094,9 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) */ int mhd_gtls_get_selected_cert (mhd_gtls_session_t session, - gnutls_cert ** apr_cert_list, - int *apr_cert_list_length, - gnutls_privkey ** apr_pkey) + gnutls_cert ** apr_cert_list, + int *apr_cert_list_length, + gnutls_privkey ** apr_pkey) { if (session->security_parameters.entity == GNUTLS_SERVER) { @@ -1110,7 +1116,7 @@ mhd_gtls_get_selected_cert (mhd_gtls_session_t session, } else - { /* CLIENT SIDE + { /* CLIENT SIDE */ /* we have already decided which certificate @@ -1223,8 +1229,8 @@ mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session) void mhd_gtls_selected_certs_set (mhd_gtls_session_t session, - gnutls_cert * certs, int ncerts, - gnutls_privkey * key, int need_free) + gnutls_cert * certs, int ncerts, + gnutls_privkey * key, int need_free) { mhd_gtls_selected_certs_deinit (session); @@ -1248,7 +1254,8 @@ mhd_gtls_selected_certs_set (mhd_gtls_session_t session, */ int mhd_gtls_server_select_cert (mhd_gtls_session_t session, - enum MHD_GNUTLS_PublicKeyAlgorithm requested_algo) + enum MHD_GNUTLS_PublicKeyAlgorithm + requested_algo) { unsigned i; int idx, ret; @@ -1276,12 +1283,12 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session, for (i = 0; i < cred->ncerts; i++) { - /* find one compatible certificate + /* find one compatible certificate */ if (requested_algo == GNUTLS_PK_ANY || requested_algo == cred->cert_list[i][0].subject_pk_algorithm) { - /* if cert type matches + /* if cert type matches */ if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type) @@ -1298,9 +1305,9 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session, if (idx >= 0 && ret == 0) { mhd_gtls_selected_certs_set (session, - &cred->cert_list[idx][0], - cred->cert_list_length[idx], - &cred->pkey[idx], 0); + &cred->cert_list[idx][0], + cred->cert_list_length[idx], + &cred->pkey[idx], 0); } else /* Certificate does not support REQUESTED_ALGO. */ diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h @@ -53,9 +53,9 @@ typedef struct mhd_gtls_certificate_credentials_st /* contains the number of the certificates in a * row (should be 1 for OpenPGP keys). */ - unsigned ncerts; /* contains the number of columns in cert_list. - * This is the same with the number of pkeys. - */ + unsigned ncerts; /* contains the number of columns in cert_list. + * This is the same with the number of pkeys. + */ gnutls_privkey *pkey; /* private keys. It contains ncerts private @@ -75,16 +75,16 @@ typedef struct mhd_gtls_certificate_credentials_st /* X509 specific stuff */ gnutls_x509_crt_t *x509_ca_list; - unsigned x509_ncas; /* number of CAs in the ca_list - */ + unsigned x509_ncas; /* number of CAs in the ca_list + */ gnutls_x509_crl_t *x509_crl_list; - unsigned x509_ncrls; /* number of CRLs in the crl_list - */ + unsigned x509_ncrls; /* number of CRLs in the crl_list + */ - unsigned int verify_flags; /* flags to be used at - * certificate verification. - */ + unsigned int verify_flags; /* flags to be used at + * certificate verification. + */ unsigned int verify_depth; unsigned int verify_bits; @@ -107,9 +107,9 @@ typedef struct mhd_gtls_rsa_info_st typedef struct mhd_gtls_cert_auth_info_st { - int certificate_requested; /* if the peer requested certificate - * this is non zero; - */ + int certificate_requested; /* if the peer requested certificate + * this is non zero; + */ /* These (dh/rsa) are just copies from the credentials_t structure. * They must be freed. @@ -117,11 +117,11 @@ typedef struct mhd_gtls_cert_auth_info_st mhd_gtls_dh_info_st dh; rsa_info_st rsa_export; - gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the - * peer. - */ - unsigned int ncerts; /* holds the size of the list above */ -} * cert_auth_info_t; + gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the + * peer. + */ + unsigned int ncerts; /* holds the size of the list above */ +} *cert_auth_info_t; typedef struct mhd_gtls_cert_auth_info_st cert_auth_info_st; @@ -133,26 +133,27 @@ int mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t, opaque **); int mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t, opaque **); int mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t, opaque **); int mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t, opaque *, size_t); -int mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t, opaque *, size_t); -int mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t, opaque *, size_t); +int mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t, opaque *, + size_t); +int mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t, opaque *, + size_t); int mhd_gtls_get_selected_cert (mhd_gtls_session_t session, - gnutls_cert ** apr_cert_list, - int *apr_cert_list_length, - gnutls_privkey ** apr_pkey); + gnutls_cert ** apr_cert_list, + int *apr_cert_list_length, + gnutls_privkey ** apr_pkey); int mhd_gtls_server_select_cert (struct MHD_gtls_session_int *, - enum MHD_GNUTLS_PublicKeyAlgorithm); + enum MHD_GNUTLS_PublicKeyAlgorithm); void mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session); void mhd_gtls_selected_certs_set (mhd_gtls_session_t session, - gnutls_cert * certs, int ncerts, - gnutls_privkey * key, int need_free); + gnutls_cert * certs, int ncerts, + gnutls_privkey * key, int need_free); #define _gnutls_proc_cert_client_certificate mhd_gtls_proc_cert_server_certificate -mhd_gtls_rsa_params_t mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t - rsa_params, - gnutls_params_function - * func, - mhd_gtls_session_t); +mhd_gtls_rsa_params_t +mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params, + gnutls_params_function * func, + mhd_gtls_session_t); #endif diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c @@ -52,8 +52,8 @@ mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh) int mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, - opaque * data, size_t _data_size, - mpi_t g, mpi_t p) + opaque * data, size_t _data_size, + mpi_t g, mpi_t p) { uint16_t n_Y; size_t _n_Y; @@ -108,7 +108,7 @@ mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t session, opaque ** data) *data = NULL; X = mhd_gtls_calc_dh_secret (&x, session->key->client_g, - session->key->client_p); + session->key->client_p); if (X == NULL || x == NULL) { gnutls_assert (); @@ -170,7 +170,7 @@ error: int mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, - opaque * data, size_t _data_size, int psk) + opaque * data, size_t _data_size, int psk) { uint16_t n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p; @@ -251,7 +251,7 @@ mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, } mhd_gtls_dh_set_group (session, session->key->client_g, - session->key->client_p); + session->key->client_p); mhd_gtls_dh_set_peer_public (session, session->key->client_Y); ret = n_Y + n_p + n_g + 6; @@ -265,7 +265,7 @@ mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, * be inserted */ int mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t session, - mpi_t g, mpi_t p, opaque ** data, int psk) + mpi_t g, mpi_t p, opaque ** data, int psk) { mpi_t x, X; size_t n_X, n_g, n_p; diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h @@ -37,12 +37,12 @@ typedef struct void mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh); int mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t, opaque **); int mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, - opaque * data, size_t _data_size, - mpi_t p, mpi_t g); + opaque * data, size_t _data_size, + mpi_t p, mpi_t g); int mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t, mpi_t g, mpi_t p, - opaque ** data, int psk); + opaque ** data, int psk); int mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, - opaque * data, size_t _data_size, - int psk); + opaque * data, size_t _data_size, + int psk); #endif diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c @@ -49,15 +49,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_dhe_rsa_auth_struct = { mhd_gtls_gen_cert_client_certificate, gen_dhe_server_kx, mhd_gtls_gen_dh_common_client_kx, - mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - mhd_gtls_gen_cert_server_cert_req, /* server cert request */ + mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + mhd_gtls_gen_cert_server_cert_req, /* server cert request */ mhd_gtls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, proc_dhe_server_kx, proc_dhe_client_kx, - mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - mhd_gtls_proc_cert_cert_req /* proc server cert request */ + mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + mhd_gtls_proc_cert_cert_req /* proc server cert request */ }; const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = { @@ -66,15 +66,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = { mhd_gtls_gen_cert_client_certificate, gen_dhe_server_kx, mhd_gtls_gen_dh_common_client_kx, - mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - mhd_gtls_gen_cert_server_cert_req, /* server cert request */ + mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + mhd_gtls_gen_cert_server_cert_req, /* server cert request */ mhd_gtls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, proc_dhe_server_kx, proc_dhe_client_kx, - mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - mhd_gtls_proc_cert_cert_req /* proc server cert request */ + mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + mhd_gtls_proc_cert_cert_req /* proc server cert request */ }; @@ -105,7 +105,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = mhd_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -124,7 +124,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data) g = mpis[1]; if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) + sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); return ret; @@ -149,7 +149,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data) { if ((ret = mhd_gtls_tls_sign_params (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature)) < 0) + apr_pkey, &ddata, &signature)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -217,15 +217,16 @@ proc_dhe_server_kx (mhd_gtls_session_t session, opaque * data, if ((ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY)) < 0) + session->security_parameters.cert_type, + &info->raw_certificate_list[0], + CERT_NO_COPY)) < 0) { gnutls_assert (); return ret; } - ret = mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); + ret = + mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); mhd_gtls_gcert_deinit (&peer_cert); if (ret < 0) diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c @@ -51,15 +51,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_rsa_auth_struct = { mhd_gtls_gen_cert_client_certificate, NULL, /* gen server kx */ _gnutls_gen_rsa_client_kx, - mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - mhd_gtls_gen_cert_server_cert_req, /* server cert request */ + mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + mhd_gtls_gen_cert_server_cert_req, /* server cert request */ mhd_gtls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, NULL, /* proc server kx */ _gnutls_proc_rsa_client_kx, /* proc client kx */ - mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - mhd_gtls_proc_cert_cert_req /* proc server cert request */ + mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + mhd_gtls_proc_cert_cert_req /* proc server cert request */ }; /* This function reads the RSA parameters from peer's certificate; @@ -86,9 +86,9 @@ _gnutls_get_public_rsa_params (mhd_gtls_session_t session, ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_ONLY_PUBKEY | CERT_NO_COPY); + session->security_parameters.cert_type, + &info->raw_certificate_list[0], + CERT_ONLY_PUBKEY | CERT_NO_COPY); if (ret < 0) { @@ -179,7 +179,7 @@ _gnutls_get_private_rsa_params (mhd_gtls_session_t session, rsa_params = mhd_gtls_certificate_get_rsa_params (cred->rsa_params, - cred->params_func, session); + cred->params_func, session); /* EXPORT case: */ if (rsa_params == NULL) { @@ -219,7 +219,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { - /* SSL 3.0 + /* SSL 3.0 */ ciphertext.data = data; ciphertext.size = data_size; @@ -247,7 +247,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, return ret; } - ret = mhd_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ + ret = mhd_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) { @@ -315,7 +315,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, -/* return RSA(random) using the peers public key +/* return RSA(random) using the peers public key */ int _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) @@ -376,7 +376,7 @@ _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) if ((ret = mhd_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key, - params, params_len, 2)) < 0) + params, params_len, 2)) < 0) { gnutls_assert (); return ret; diff --git a/src/daemon/https/tls/auth_rsa_export.c b/src/daemon/https/tls/auth_rsa_export.c @@ -54,15 +54,15 @@ const mhd_gtls_mod_auth_st rsa_export_auth_struct = { mhd_gtls_gen_cert_client_certificate, gen_rsa_export_server_kx, _gnutls_gen_rsa_client_kx, - mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - mhd_gtls_gen_cert_server_cert_req, /* server cert request */ + mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + mhd_gtls_gen_cert_server_cert_req, /* server cert request */ mhd_gtls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, proc_rsa_export_server_kx, _gnutls_proc_rsa_client_kx, /* proc client kx */ - mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - mhd_gtls_proc_cert_cert_req /* proc server cert request */ + mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + mhd_gtls_proc_cert_cert_req /* proc server cert request */ }; static int @@ -91,7 +91,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = mhd_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -108,7 +108,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) rsa_params = mhd_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func, - session); + session); rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params); if (rsa_mpis == NULL) { @@ -117,7 +117,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) } if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) + sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); return ret; @@ -157,7 +157,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) { if ((ret = mhd_gtls_tls_sign_params (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature)) < 0) + apr_pkey, &ddata, &signature)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -205,9 +205,9 @@ _gnutls_peers_cert_less_512 (mhd_gtls_session_t session) if ((ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY)) < 0) + session->security_parameters.cert_type, + &info->raw_certificate_list[0], + CERT_NO_COPY)) < 0) { gnutls_assert (); return 0; @@ -289,7 +289,7 @@ proc_rsa_export_server_kx (mhd_gtls_session_t session, } mhd_gtls_rsa_export_set_pubkey (session, session->key->rsa[1], - session->key->rsa[0]); + session->key->rsa[0]); /* VERIFY SIGNATURE */ @@ -305,15 +305,16 @@ proc_rsa_export_server_kx (mhd_gtls_session_t session, if ((ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY)) < 0) + session->security_parameters.cert_type, + &info->raw_certificate_list[0], + CERT_NO_COPY)) < 0) { gnutls_assert (); return ret; } - ret = mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); + ret = + mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); mhd_gtls_gcert_deinit (&peer_cert); if (ret < 0) diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c @@ -47,7 +47,7 @@ inline static int _gnutls_cert_type2num (int record_size); int mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { int new_type = -1, ret, i; ssize_t data_size = _data_size; @@ -103,7 +103,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, /* Check if we support this cert_type */ if ((ret = mhd_gtls_session_cert_type_supported (session, - new_type)) < 0) + new_type)) < 0) { gnutls_assert (); continue; @@ -144,7 +144,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, */ int mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { unsigned len, i; @@ -180,9 +180,9 @@ mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, for (i = 0; i < len; i++) { - data[i + 1] = _gnutls_cert_type2num (session->internals. - priorities.cert_type. - priority[i]); + data[i + 1] = + _gnutls_cert_type2num (session->internals. + priorities.cert_type.priority[i]); } return len + 1; } diff --git a/src/daemon/https/tls/ext_cert_type.h b/src/daemon/https/tls/ext_cert_type.h @@ -26,6 +26,6 @@ * extensions draft. */ int mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); int mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, - size_t); + size_t); diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c @@ -33,7 +33,7 @@ int mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, - const opaque * data, size_t data_size) + const opaque * data, size_t data_size) { mhd_gtls_ext_st *ext = &session->security_parameters.extensions; @@ -68,7 +68,7 @@ mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, */ int mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { mhd_gtls_ext_st *ext = &session->security_parameters.extensions; @@ -86,7 +86,8 @@ mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, else #endif { - struct gnutls_ia_server_credentials_st * cred = (struct gnutls_ia_server_credentials_st*) + struct gnutls_ia_server_credentials_st *cred = + (struct gnutls_ia_server_credentials_st *) mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); if (cred) diff --git a/src/daemon/https/tls/ext_inner_application.h b/src/daemon/https/tls/ext_inner_application.h @@ -23,7 +23,6 @@ */ int mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, size_t data_size); int mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, - opaque * data, size_t); + opaque * data, size_t); diff --git a/src/daemon/https/tls/ext_max_record.c b/src/daemon/https/tls/ext_max_record.c @@ -42,7 +42,7 @@ int mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { ssize_t new_size; ssize_t data_size = _data_size; @@ -103,7 +103,7 @@ mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, */ int mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { uint16_t len; /* this function sends the client extension data (dnsname) */ @@ -122,7 +122,7 @@ mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, data[0] = (uint8_t) mhd_gtls_mre_record2num (session->internals. - proposed_record_size); + proposed_record_size); return len; } @@ -142,9 +142,9 @@ mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, } data[0] = - (uint8_t) mhd_gtls_mre_record2num (session-> - security_parameters. - max_record_recv_size); + (uint8_t) + mhd_gtls_mre_record2num + (session->security_parameters.max_record_recv_size); return len; } diff --git a/src/daemon/https/tls/ext_max_record.h b/src/daemon/https/tls/ext_max_record.h @@ -28,6 +28,6 @@ int mhd_gtls_mre_num2record (int num); int mhd_gtls_mre_record2num (uint16_t record_size); int mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, - const opaque * data, size_t data_size); -int mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, - size_t); + const opaque * data, size_t data_size); +int mhd_gtls_max_record_send_params (mhd_gtls_session_t session, + opaque * data, size_t); diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c @@ -112,7 +112,7 @@ oprfi_recv_client (mhd_gtls_session_t session, int mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session, - const opaque * data, size_t data_size) + const opaque * data, size_t data_size) { #if MHD_DEBUG_TLS if (session->security_parameters.entity == GNUTLS_CLIENT) @@ -123,7 +123,8 @@ mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session, } int -oprfi_send_client (mhd_gtls_session_t session, opaque * data, size_t _data_size) +oprfi_send_client (mhd_gtls_session_t session, opaque * data, + size_t _data_size) { opaque *p = data; ssize_t data_size = _data_size; @@ -144,7 +145,8 @@ oprfi_send_client (mhd_gtls_session_t session, opaque * data, size_t _data_size) } int -oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size) +oprfi_send_server (mhd_gtls_session_t session, opaque * data, + size_t _data_size) { opaque *p = data; int ret; @@ -180,11 +182,12 @@ oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size) DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); mhd_gtls_write_uint16 (session->security_parameters. - extensions.oprfi_server_len, p); + extensions.oprfi_server_len, p); p += 2; - DECR_LENGTH_RET (data_size, session->security_parameters. - extensions.oprfi_server_len, GNUTLS_E_SHORT_MEMORY_BUFFER); + DECR_LENGTH_RET (data_size, + session->security_parameters.extensions.oprfi_server_len, + GNUTLS_E_SHORT_MEMORY_BUFFER); memcpy (p, session->security_parameters.extensions.oprfi_server, session->security_parameters.extensions.oprfi_server_len); @@ -194,9 +197,9 @@ oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size) int mhd_gtls_oprfi_send_params (mhd_gtls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { - return oprfi_send_server (session, data, data_size); + return oprfi_send_server (session, data, data_size); } /** @@ -214,7 +217,7 @@ mhd_gtls_oprfi_send_params (mhd_gtls_session_t session, **/ void MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, - size_t len, unsigned char *data) + size_t len, unsigned char *data) { session->security_parameters.extensions.oprfi_client_len = len; session->security_parameters.extensions.oprfi_client = data; @@ -242,7 +245,7 @@ MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, **/ void MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, - gnutls_oprfi_callback_func cb, void *userdata) + gnutls_oprfi_callback_func cb, void *userdata) { session->security_parameters.extensions.oprfi_cb = cb; session->security_parameters.extensions.oprfi_userdata = userdata; diff --git a/src/daemon/https/tls/ext_oprfi.h b/src/daemon/https/tls/ext_oprfi.h @@ -25,9 +25,7 @@ #include <gnutls_int.h> int mhd_gtls_oprfi_recv_params (mhd_gtls_session_t state, - const opaque * data, - size_t data_size); + const opaque * data, size_t data_size); int mhd_gtls_oprfi_send_params (mhd_gtls_session_t state, - opaque * data, - size_t data_size); + opaque * data, size_t data_size); diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c @@ -40,7 +40,7 @@ int mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { int i; const unsigned char *p; @@ -125,7 +125,7 @@ mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, */ int mhd_gtls_server_name_send_params (mhd_gtls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { int total_size = 0; #if MHD_DEBUG_TLS @@ -234,8 +234,8 @@ mhd_gtls_server_name_send_params (mhd_gtls_session_t session, **/ int MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, - size_t * data_length, - unsigned int *type, unsigned int indx) + size_t * data_length, + unsigned int *type, unsigned int indx) { char *_data = data; #if MHD_DEBUG_TLS @@ -259,8 +259,8 @@ MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, session->security_parameters.extensions.server_names[indx]. name_length; memcpy (data, - session->security_parameters.extensions.server_names[indx]. - name, *data_length); + session->security_parameters.extensions.server_names[indx].name, + *data_length); if (*type == GNUTLS_NAME_DNS) /* null terminate */ _data[(*data_length)] = 0; @@ -296,8 +296,8 @@ MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, **/ int MHD_gnutls_server_name_set (mhd_gtls_session_t session, - gnutls_server_name_type_t type, - const void *name, size_t name_length) + gnutls_server_name_type_t type, + const void *name, size_t name_length) { int server_names; diff --git a/src/daemon/https/tls/ext_server_name.h b/src/daemon/https/tls/ext_server_name.h @@ -23,6 +23,6 @@ */ int mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); int mhd_gtls_server_name_send_params (mhd_gtls_session_t session, - opaque * data, size_t); + opaque * data, size_t); diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c @@ -116,7 +116,7 @@ MHD_gnutls_alert_get_name (gnutls_alert_description_t alert) **/ int MHD_gnutls_alert_send (mhd_gtls_session_t session, gnutls_alert_level_t level, - gnutls_alert_description_t desc) + gnutls_alert_description_t desc) { uint8_t data[2]; int ret; diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c @@ -37,7 +37,7 @@ typedef struct { enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; enum MHD_GNUTLS_CredentialsType client_type; - enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server + enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server * needs to set */ } gnutls_cred_map; @@ -130,7 +130,7 @@ static const gnutls_pk_map mhd_gtls_pk_mappings[] = { typedef struct { const char *name; - enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */ + enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */ int major; /* defined by the protocol */ int minor; /* defined by the protocol */ int supported; /* 0 not supported, > 0 is supported */ @@ -165,7 +165,8 @@ static const gnutls_version_entry mhd_gtls_sup_versions[] = { }; /* Keep the contents of this struct the same as the previous one. */ -static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = { MHD_GNUTLS_SSL3, +static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = +{ MHD_GNUTLS_SSL3, MHD_GNUTLS_TLS1_0, MHD_GNUTLS_TLS1_1, MHD_GNUTLS_TLS1_2, @@ -272,7 +273,7 @@ static const gnutls_cipher_entry mhd_gtls_algorithms[] = { /* Keep the contents of this struct the same as the previous one. */ static const enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_supported_ciphers[] = - { MHD_GNUTLS_CIPHER_AES_256_CBC, +{ MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_DES_CBC, @@ -327,7 +328,8 @@ static const gnutls_hash_entry mhd_gtls_hash_algorithms[] = { }; /* Keep the contents of this struct the same as the previous one. */ -static const enum MHD_GNUTLS_HashAlgorithm mhd_gtls_supported_macs[] = { MHD_GNUTLS_MAC_SHA1, +static const enum MHD_GNUTLS_HashAlgorithm mhd_gtls_supported_macs[] = +{ MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_MAC_MD5, MHD_GNUTLS_MAC_SHA256, MHD_GNUTLS_MAC_NULL, @@ -364,7 +366,9 @@ gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = 0} }; -static const enum MHD_GNUTLS_CompressionMethod mhd_gtls_supported_compressions[] = { +static const enum MHD_GNUTLS_CompressionMethod + mhd_gtls_supported_compressions[] = +{ #ifdef HAVE_LIBZ MHD_GNUTLS_COMP_DEFLATE, #endif @@ -444,7 +448,8 @@ static const mhd_gtls_kx_algo_entry_t mhd_gtls_kx_algorithms[] = { }; /* Keep the contents of this struct the same as the previous one. */ -static const enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_supported_kxs[] = { +static const enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_supported_kxs[] = +{ #ifdef ENABLE_ANON MHD_GNUTLS_KX_ANON_DH, #endif @@ -482,9 +487,9 @@ typedef struct enum MHD_GNUTLS_CipherAlgorithm block_algorithm; enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; enum MHD_GNUTLS_HashAlgorithm mac_algorithm; - enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported - * from 'version' and above; - */ + enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported + * from 'version' and above; + */ } mhd_gtls_cipher_suite_entry; /* RSA with NULL cipher and MD5 MAC @@ -763,7 +768,7 @@ static const mhd_gtls_cipher_suite_entry mhd_gtls_cs_algorithms[] = { int mhd_gtls_mac_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algorithm) + enum MHD_GNUTLS_HashAlgorithm algorithm) { /* actually returns the priority */ unsigned int i; for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) @@ -889,10 +894,11 @@ mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) /* Compression Functions */ int mhd_gtls_compression_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algorithm) + enum MHD_GNUTLS_CompressionMethod algorithm) { /* actually returns the priority */ unsigned int i; - for (i = 0; i < session->internals.priorities.compression.num_algorithms; i++) + for (i = 0; i < session->internals.priorities.compression.num_algorithms; + i++) { if (session->internals.priorities.compression.priority[i] == algorithm) return i; @@ -980,7 +986,8 @@ mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm) } int -mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm) +mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod + algorithm) { int ret = -1; /* avoid prefix */ @@ -989,7 +996,8 @@ mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm) } int -mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod algorithm) +mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod + algorithm) { int ret = -1; /* avoid prefix */ @@ -1036,7 +1044,7 @@ mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) /* returns the priority */ int mhd_gtls_cipher_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algorithm) + enum MHD_GNUTLS_CipherAlgorithm algorithm) { unsigned int i; for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) @@ -1172,7 +1180,7 @@ mhd_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) int mhd_gtls_kx_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) + enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) { unsigned int i; for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) @@ -1265,7 +1273,8 @@ mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) /* Version */ int -mhd_gtls_version_priority (mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol version) +mhd_gtls_version_priority (mhd_gtls_session_t session, + enum MHD_GNUTLS_Protocol version) { /* actually returns the priority */ unsigned int i; @@ -1293,7 +1302,8 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session) return MHD_GNUTLS_VERSION_UNKNOWN; } else - for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) + for (i = 0; i < session->internals.priorities.protocol.num_algorithms; + i++) { if (session->internals.priorities.protocol.priority[i] < min) min = session->internals.priorities.protocol.priority[i]; @@ -1315,7 +1325,8 @@ mhd_gtls_version_max (mhd_gtls_session_t session) return MHD_GNUTLS_VERSION_UNKNOWN; } else - for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) + for (i = 0; i < session->internals.priorities.protocol.num_algorithms; + i++) { if (session->internals.priorities.protocol.priority[i] > max) max = session->internals.priorities.protocol.priority[i]; @@ -1412,7 +1423,7 @@ mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol version) int mhd_gtls_version_is_supported (mhd_gtls_session_t session, - const enum MHD_GNUTLS_Protocol version) + const enum MHD_GNUTLS_Protocol version) { int ret = 0; @@ -1444,7 +1455,8 @@ mhd_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, int server) } enum MHD_GNUTLS_CredentialsType -mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, int server) +mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, + int server) { enum MHD_GNUTLS_CredentialsType ret = -1; if (server) @@ -1674,7 +1686,7 @@ _gnutls_bsort (mhd_gtls_session_t session, void *_base, size_t nmemb, int mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, - cipher_suite_st ** ciphers) + cipher_suite_st ** ciphers) { #ifdef SORT_DEBUG @@ -1710,7 +1722,7 @@ mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, int mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, - cipher_suite_st ** _ciphers) + cipher_suite_st ** _ciphers) { unsigned int i, ret_count, j; @@ -1758,16 +1770,16 @@ mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, continue; if (mhd_gtls_kx_priority (session, - mhd_gtls_cipher_suite_get_kx_algo (&tmp_ciphers - [i])) < 0) + mhd_gtls_cipher_suite_get_kx_algo + (&tmp_ciphers[i])) < 0) continue; if (mhd_gtls_mac_priority (session, - mhd_gtls_cipher_suite_get_mac_algo - (&tmp_ciphers[i])) < 0) + mhd_gtls_cipher_suite_get_mac_algo + (&tmp_ciphers[i])) < 0) continue; if (mhd_gtls_cipher_priority (session, - mhd_gtls_cipher_suite_get_cipher_algo - (&tmp_ciphers[i])) < 0) + mhd_gtls_cipher_suite_get_cipher_algo + (&tmp_ciphers[i])) < 0) continue; memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st)); @@ -1816,7 +1828,7 @@ mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms int mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, - uint8_t ** comp) + uint8_t ** comp) { unsigned int i, j; @@ -1826,8 +1838,9 @@ mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) { - int tmp = mhd_gtls_compression_get_num (session->internals.priorities. - compression.priority[i]); + int tmp = + mhd_gtls_compression_get_num (session->internals.priorities. + compression.priority[i]); /* remove private compression algorithms, if requested. */ @@ -1888,8 +1901,9 @@ MHD_gtls_certificate_type_get_id (const char *name) return ret; } -static const enum MHD_GNUTLS_CertificateType mhd_gtls_supported_certificate_types[] = - { MHD_GNUTLS_CRT_X509, +static const enum MHD_GNUTLS_CertificateType + mhd_gtls_supported_certificate_types[] = +{ MHD_GNUTLS_CRT_X509, 0 }; @@ -2005,7 +2019,8 @@ mhd_gtls_x509_oid2sign_algorithm (const char *oid) } gnutls_sign_algorithm_t -mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, enum MHD_GNUTLS_HashAlgorithm mac) +mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, + enum MHD_GNUTLS_HashAlgorithm mac) { gnutls_sign_algorithm_t ret = 0; @@ -2021,7 +2036,7 @@ mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, enum MHD_GNUTLS const char * mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk, - enum MHD_GNUTLS_HashAlgorithm mac) + enum MHD_GNUTLS_HashAlgorithm mac) { gnutls_sign_algorithm_t sign; const char *ret = NULL; diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h @@ -31,83 +31,106 @@ enum MHD_GNUTLS_Protocol mhd_gtls_version_lowest (mhd_gtls_session_t session); enum MHD_GNUTLS_Protocol mhd_gtls_version_max (mhd_gtls_session_t session); int mhd_gtls_version_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_Protocol version); + enum MHD_GNUTLS_Protocol version); int mhd_gtls_version_is_supported (mhd_gtls_session_t session, - const enum MHD_GNUTLS_Protocol version); + const enum MHD_GNUTLS_Protocol version); int mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver); int mhd_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver); enum MHD_GNUTLS_Protocol mhd_gtls_version_get (int major, int minor); /* Functions for MACs. */ int mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); -enum MHD_GNUTLS_HashAlgorithm mhd_gtls_x509_oid2mac_algorithm (const char *oid); -const char * mhd_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac); +enum MHD_GNUTLS_HashAlgorithm mhd_gtls_x509_oid2mac_algorithm (const char + *oid); +const char *mhd_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac); /* Functions for cipher suites. */ int mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, - cipher_suite_st ** ciphers); + cipher_suite_st ** ciphers); int mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, - cipher_suite_st ** ciphers); + cipher_suite_st ** ciphers); int mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, - uint8_t ** comp); -const char * mhd_gtls_cipher_suite_get_name (cipher_suite_st * algorithm); + uint8_t ** comp); +const char *mhd_gtls_cipher_suite_get_name (cipher_suite_st * algorithm); enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_cipher_suite_get_cipher_algo (const - cipher_suite_st - * algorithm); -enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_cipher_suite_get_kx_algo (const cipher_suite_st - * algorithm); + cipher_suite_st + * + algorithm); +enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_cipher_suite_get_kx_algo (const + cipher_suite_st + * + algorithm); enum MHD_GNUTLS_HashAlgorithm mhd_gtls_cipher_suite_get_mac_algo (const - cipher_suite_st * - algorithm); -enum MHD_GNUTLS_Protocol mhd_gtls_cipher_suite_get_version (const cipher_suite_st * - algorithm); + cipher_suite_st + * + algorithm); +enum MHD_GNUTLS_Protocol mhd_gtls_cipher_suite_get_version (const + cipher_suite_st * + algorithm); cipher_suite_st mhd_gtls_cipher_suite_get_suite_name (cipher_suite_st * - algorithm); + algorithm); /* Functions for ciphers. */ -int mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); +int mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm + algorithm); int mhd_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm); int mhd_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm); int mhd_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); -int mhd_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm); +int mhd_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm + algorithm); /* Functions for key exchange. */ -int mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); -int mhd_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); -mhd_gtls_mod_auth_st * mhd_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); +int mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm + algorithm); +int mhd_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm + algorithm); +mhd_gtls_mod_auth_st *mhd_gtls_kx_auth_struct (enum + MHD_GNUTLS_KeyExchangeAlgorithm + algorithm); int mhd_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); /* Functions for compression. */ int mhd_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm); -int mhd_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod algorithm); +int mhd_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod + algorithm); enum MHD_GNUTLS_CompressionMethod mhd_gtls_compression_get_id (int num); -int mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm); +int mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod + algorithm); int mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod - algorithm); -int mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm); + algorithm); +int mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod + algorithm); /* Type to KX mappings. */ -enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, - int server); -enum MHD_GNUTLS_CredentialsType mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm - algorithm, int server); +enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_map_kx_get_kx (enum + MHD_GNUTLS_CredentialsType + type, + int server); +enum MHD_GNUTLS_CredentialsType mhd_gtls_map_kx_get_cred (enum + MHD_GNUTLS_KeyExchangeAlgorithm + algorithm, + int server); /* KX to PK mapping. */ -enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_map_pk_get_pk (enum MHD_GNUTLS_KeyExchangeAlgorithm - kx_algorithm); -enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_x509_oid2pk_algorithm (const char *oid); -const char * mhd_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk); +enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_map_pk_get_pk (enum + MHD_GNUTLS_KeyExchangeAlgorithm + kx_algorithm); +enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_x509_oid2pk_algorithm (const char + *oid); +const char *mhd_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk); enum encipher_type { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; -enum encipher_type mhd_gtls_kx_encipher_type (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); +enum encipher_type mhd_gtls_kx_encipher_type (enum + MHD_GNUTLS_KeyExchangeAlgorithm + algorithm); struct mhd_gtls_compression_entry { const char *name; enum MHD_GNUTLS_CompressionMethod id; - int num; /* the number reserved in TLS for the specific compression method */ + int num; /* the number reserved in TLS for the specific compression method */ /* used in zlib compressor */ int window_bits; @@ -118,24 +141,30 @@ typedef struct mhd_gtls_compression_entry gnutls_compression_entry; /* Functions for sign algorithms. */ gnutls_sign_algorithm_t mhd_gtls_x509_oid2sign_algorithm (const char *oid); -gnutls_sign_algorithm_t mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, - enum MHD_GNUTLS_HashAlgorithm mac); -const char * mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm, - enum MHD_GNUTLS_HashAlgorithm mac); +gnutls_sign_algorithm_t mhd_gtls_x509_pk_to_sign (enum + MHD_GNUTLS_PublicKeyAlgorithm + pk, + enum + MHD_GNUTLS_HashAlgorithm + mac); +const char *mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm, + enum MHD_GNUTLS_HashAlgorithm mac); int mhd_gtls_mac_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algorithm); + enum MHD_GNUTLS_HashAlgorithm algorithm); int mhd_gtls_cipher_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algorithm); + enum MHD_GNUTLS_CipherAlgorithm algorithm); int mhd_gtls_kx_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); + enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); int mhd_gtls_compression_priority (mhd_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algorithm); - -enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char* name); -enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char* name); -enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char* name); -enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char* name); -enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char* name); + enum MHD_GNUTLS_CompressionMethod + algorithm); + +enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); +enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); +enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); +enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); +enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char + *name); #endif diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c @@ -43,7 +43,8 @@ static const int anon_dummy; * helper function is provided in order to free (deallocate) it. **/ void -MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t sc) +MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t + sc) { gnutls_free (sc); @@ -59,12 +60,12 @@ MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t sc) * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t * - sc) + MHD_gnutls_anon_allocate_server_credentials + (mhd_gtls_anon_server_credentials_t * sc) { *sc = gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st)); if (*sc == NULL) - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; return 0; } @@ -78,7 +79,8 @@ MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t * helper function is provided in order to free (deallocate) it. **/ void -MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t sc) +MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t + sc) { } @@ -92,8 +94,8 @@ MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t sc) * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t * - sc) + MHD_gnutls_anon_allocate_client_credentials + (mhd_gtls_anon_client_credentials_t * sc) { /* anon_dummy is only there for *sc not to be null. * it is not used at all; @@ -114,7 +116,7 @@ MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t **/ void MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, - mhd_gtls_dh_params_t dh_params) + mhd_gtls_dh_params_t dh_params) { res->dh_params = dh_params; } @@ -129,8 +131,9 @@ MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, * callback should return zero on success. **/ void -MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t res, - gnutls_params_function * func) +MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t + res, + gnutls_params_function * func) { res->params_func = func; } diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c @@ -60,7 +60,7 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session) } } -/* +/* * This creates a linked list of the form: * { algorithm, credentials, pointer to next } */ @@ -71,17 +71,17 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session) * @cred: is a pointer to a structure. * * Sets the needed credentials for the specified type. - * Eg username, password - or public and private keys etc. + * Eg username, password - or public and private keys etc. * The (void* cred) parameter is a structure that depends on the * specified type and on the current session (client or server). - * [ In order to minimize memory usage, and share credentials between + * [ In order to minimize memory usage, and share credentials between * several threads gnutls keeps a pointer to cred, and not the whole cred - * structure. Thus you will have to keep the structure allocated until + * structure. Thus you will have to keep the structure allocated until * you call MHD_gnutls_deinit(). ] * * For GNUTLS_CRD_ANON cred should be mhd_gtls_anon_client_credentials_t in case of a client. * In case of a server it should be mhd_gtls_anon_server_credentials_t. - * + * * For GNUTLS_CRD_SRP cred should be gnutls_srp_client_credentials_t * in case of a client, and gnutls_srp_server_credentials_t, in case * of a server. @@ -91,7 +91,7 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session) **/ int MHD_gnutls_credentials_set (mhd_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, void *cred) + enum MHD_GNUTLS_CredentialsType type, void *cred) { auth_cred_st *ccred = NULL, *pcred = NULL; int exists = 0; @@ -156,7 +156,7 @@ MHD_gnutls_credentials_set (mhd_gtls_session_t session, * Returns type of credentials for the current authentication schema. * The returned information is to be used to distinguish the function used * to access authentication data. - * + * * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), * the same function are to be used to access the authentication data. **/ @@ -170,8 +170,8 @@ MHD_gtls_auth_get_type (mhd_gtls_session_t session) return mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite), server); + (&session->security_parameters. + current_cipher_suite), server); } /** @@ -181,15 +181,15 @@ MHD_gtls_auth_get_type (mhd_gtls_session_t session) * Returns the type of credentials that were used for server authentication. * The returned information is to be used to distinguish the function used * to access authentication data. - * + * **/ enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_server_get_type (mhd_gtls_session_t session) { return mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite), 1); + (&session->security_parameters. + current_cipher_suite), 1); } /** @@ -199,34 +199,35 @@ MHD_gtls_auth_server_get_type (mhd_gtls_session_t session) * Returns the type of credentials that were used for client authentication. * The returned information is to be used to distinguish the function used * to access authentication data. - * + * **/ enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_client_get_type (mhd_gtls_session_t session) { return mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite), 0); + (&session->security_parameters. + current_cipher_suite), 0); } -/* +/* * This returns a pointer to the linked list. Don't * free that!!! */ const void * mhd_gtls_get_kx_cred (mhd_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err) + enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err) { int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; return mhd_gtls_get_cred (session->key, - mhd_gtls_map_kx_get_cred (algo, server), err); + mhd_gtls_map_kx_get_cred (algo, server), err); } const void * -mhd_gtls_get_cred (mhd_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type, int *err) +mhd_gtls_get_cred (mhd_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type, + int *err) { const void *retval = NULL; int _err = -1; @@ -354,8 +355,8 @@ mhd_gtls_free_auth_info (mhd_gtls_session_t session) */ int mhd_gtls_auth_info_set (mhd_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, int size, - int allow_change) + enum MHD_GNUTLS_CredentialsType type, int size, + int allow_change) { if (session->key->auth_info == NULL) { @@ -378,7 +379,8 @@ mhd_gtls_auth_info_set (mhd_gtls_session_t session, * ciphersuite which is negotiated has different authentication * schema. */ - if (MHD_gtls_auth_get_type (session) != session->key->auth_info_type) + if (MHD_gtls_auth_get_type (session) != + session->key->auth_info_type) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -392,7 +394,8 @@ mhd_gtls_auth_info_set (mhd_gtls_session_t session, * certificate (in order to prevent revealing the certificate's contents, * to passive eavesdropers. */ - if (MHD_gtls_auth_get_type (session) != session->key->auth_info_type) + if (MHD_gtls_auth_get_type (session) != + session->key->auth_info_type) { mhd_gtls_free_auth_info (session); diff --git a/src/daemon/https/tls/gnutls_auth.h b/src/daemon/https/tls/gnutls_auth.h @@ -27,24 +27,25 @@ typedef struct mhd_gtls_mod_auth_st_int { - const char *name; /* null terminated */ - int (* mhd_gtls_gen_server_certificate) (mhd_gtls_session_t, opaque **); - int (* mhd_gtls_gen_client_certificate) (mhd_gtls_session_t, opaque **); - int (* mhd_gtls_gen_server_kx) (mhd_gtls_session_t, opaque **); - int (* mhd_gtls_gen_client_kx) (mhd_gtls_session_t, opaque **); /* used in SRP */ - int (* mhd_gtls_gen_client_cert_vrfy) (mhd_gtls_session_t, opaque **); - int (* mhd_gtls_gen_server_certificate_request) (mhd_gtls_session_t, - opaque **); + const char *name; /* null terminated */ + int (*mhd_gtls_gen_server_certificate) (mhd_gtls_session_t, opaque **); + int (*mhd_gtls_gen_client_certificate) (mhd_gtls_session_t, opaque **); + int (*mhd_gtls_gen_server_kx) (mhd_gtls_session_t, opaque **); + int (*mhd_gtls_gen_client_kx) (mhd_gtls_session_t, opaque **); /* used in SRP */ + int (*mhd_gtls_gen_client_cert_vrfy) (mhd_gtls_session_t, opaque **); + int (*mhd_gtls_gen_server_certificate_request) (mhd_gtls_session_t, + opaque **); - int (* mhd_gtls_process_server_certificate) (mhd_gtls_session_t, opaque *, - size_t); - int (* mhd_gtls_process_client_certificate) (mhd_gtls_session_t, opaque *, - size_t); - int (* mhd_gtls_process_server_kx) (mhd_gtls_session_t, opaque *, size_t); - int (* mhd_gtls_process_client_kx) (mhd_gtls_session_t, opaque *, size_t); - int (* mhd_gtls_process_client_cert_vrfy) (mhd_gtls_session_t, opaque *, size_t); - int (* mhd_gtls_process_server_certificate_request) (mhd_gtls_session_t, - opaque *, size_t); + int (*mhd_gtls_process_server_certificate) (mhd_gtls_session_t, opaque *, + size_t); + int (*mhd_gtls_process_client_certificate) (mhd_gtls_session_t, opaque *, + size_t); + int (*mhd_gtls_process_server_kx) (mhd_gtls_session_t, opaque *, size_t); + int (*mhd_gtls_process_client_kx) (mhd_gtls_session_t, opaque *, size_t); + int (*mhd_gtls_process_client_cert_vrfy) (mhd_gtls_session_t, opaque *, + size_t); + int (*mhd_gtls_process_server_certificate_request) (mhd_gtls_session_t, + opaque *, size_t); } mhd_gtls_mod_auth_st; #endif diff --git a/src/daemon/https/tls/gnutls_auth_int.h b/src/daemon/https/tls/gnutls_auth_int.h @@ -22,11 +22,12 @@ * */ -const void * mhd_gtls_get_cred (mhd_gtls_key_st key, - enum MHD_GNUTLS_CredentialsType kx, int *err); -const void * mhd_gtls_get_kx_cred (mhd_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err); -void * mhd_gtls_get_auth_info (mhd_gtls_session_t session); +const void *mhd_gtls_get_cred (mhd_gtls_key_st key, + enum MHD_GNUTLS_CredentialsType kx, int *err); +const void *mhd_gtls_get_kx_cred (mhd_gtls_session_t session, + enum MHD_GNUTLS_KeyExchangeAlgorithm algo, + int *err); +void *mhd_gtls_get_auth_info (mhd_gtls_session_t session); int mhd_gtls_auth_info_set (mhd_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, int size, - int allow_change); + enum MHD_GNUTLS_CredentialsType type, int size, + int allow_change); diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c @@ -800,9 +800,9 @@ mhd_gtls_io_write_buffered (mhd_gtls_session_t session, { session->internals.record_send_buffer_prev_size += n - left; - retval = _gnutls_buffer_insert (&session->internals. - record_send_buffer, - &ptr[n - left], left); + retval = + _gnutls_buffer_insert (&session->internals.record_send_buffer, + &ptr[n - left], left); if (retval < 0) { gnutls_assert (); diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h @@ -23,32 +23,32 @@ */ int mhd_gnutls_record_buffer_put (content_type_t type, - mhd_gtls_session_t session, opaque * data, - size_t length); + mhd_gtls_session_t session, opaque * data, + size_t length); int mhd_gnutls_record_buffer_get_size (content_type_t type, - mhd_gtls_session_t session); + mhd_gtls_session_t session); int mhd_gtls_record_buffer_get (content_type_t type, - mhd_gtls_session_t session, opaque * data, - size_t length); + mhd_gtls_session_t session, opaque * data, + size_t length); ssize_t mhd_gtls_io_read_buffered (mhd_gtls_session_t, opaque ** iptr, - size_t n, content_type_t); + size_t n, content_type_t); void mhd_gtls_io_clear_read_buffer (mhd_gtls_session_t); int mhd_gtls_io_clear_peeked_data (mhd_gtls_session_t session); ssize_t mhd_gtls_io_write_buffered (mhd_gtls_session_t, const void *iptr, - size_t n); + size_t n); ssize_t mhd_gtls_io_write_buffered2 (mhd_gtls_session_t, const void *iptr, - size_t n, const void *iptr2, size_t n2); + size_t n, const void *iptr2, size_t n2); int mhd_gtls_handshake_buffer_get_size (mhd_gtls_session_t session); int mhd_gtls_handshake_buffer_peek (mhd_gtls_session_t session, opaque * data, - size_t length); + size_t length); int mhd_gtls_handshake_buffer_put (mhd_gtls_session_t session, opaque * data, - size_t length); + size_t length); int mhd_gtls_handshake_buffer_clear (mhd_gtls_session_t session); int mhd_gtls_handshake_buffer_empty (mhd_gtls_session_t session); int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session, - opaque ** data_ptr, size_t * length); + opaque ** data_ptr, size_t * length); #define _gnutls_handshake_io_buffer_clear( session) \ mhd_gtls_buffer_clear( &session->internals.handshake_send_buffer); \ @@ -56,11 +56,11 @@ int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session, session->internals.handshake_send_buffer_prev_size = 0 ssize_t mhd_gtls_handshake_io_recv_int (mhd_gtls_session_t, content_type_t, - gnutls_handshake_description_t, void *, - size_t); + gnutls_handshake_description_t, + void *, size_t); ssize_t mhd_gtls_handshake_io_send_int (mhd_gtls_session_t, content_type_t, - gnutls_handshake_description_t, - const void *, size_t); + gnutls_handshake_description_t, + const void *, size_t); ssize_t mhd_gtls_io_write_flush (mhd_gtls_session_t session); ssize_t mhd_gtls_handshake_io_write_flush (mhd_gtls_session_t session); diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c @@ -141,8 +141,8 @@ MHD_gnutls_certificate_free_ca_names (mhd_gtls_cert_credentials_t sc) -*/ mhd_gtls_rsa_params_t mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params, - gnutls_params_function * func, - mhd_gtls_session_t session) + gnutls_params_function * func, + mhd_gtls_session_t session) { gnutls_params_st params; int ret; @@ -210,7 +210,7 @@ MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t sc) **/ int MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t * - res) + res) { *res = gnutls_calloc (1, sizeof (mhd_gtls_cert_credentials_st)); @@ -232,8 +232,8 @@ MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t * */ int mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm ** alg, - int *alg_size) + enum MHD_GNUTLS_KeyExchangeAlgorithm + **alg, int *alg_size) { enum MHD_GNUTLS_KeyExchangeAlgorithm kx; enum MHD_GNUTLS_PublicKeyAlgorithm pk; @@ -297,7 +297,7 @@ mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session, **/ void MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, - gnutls_certificate_request_t req) + gnutls_certificate_request_t req) { session->internals.send_cert_req = req; } @@ -461,7 +461,7 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert) **/ int MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, - unsigned int *status) + unsigned int *status) { cert_auth_info_t info; @@ -549,9 +549,9 @@ MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session) switch (gnutls_certificate_type_get (session)) { case MHD_GNUTLS_CRT_X509: - return _gnutls_x509_get_raw_crt_expiration_time (&info-> - raw_certificate_list - [0]); + return + _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list + [0]); default: return (time_t) - 1; } @@ -588,9 +588,9 @@ MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session) switch (gnutls_certificate_type_get (session)) { case MHD_GNUTLS_CRT_X509: - return _gnutls_x509_get_raw_crt_activation_time (&info-> - raw_certificate_list - [0]); + return + _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list + [0]); default: return (time_t) - 1; } @@ -598,9 +598,9 @@ MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session) int mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, - enum MHD_GNUTLS_CertificateType type, - const gnutls_datum_t * raw_cert, - int flags /* OR of ConvFlags */ ) + enum MHD_GNUTLS_CertificateType type, + const gnutls_datum_t * raw_cert, + int flags /* OR of ConvFlags */ ) { switch (type) { @@ -614,9 +614,9 @@ mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, int mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, - enum MHD_GNUTLS_CertificateType type, - const gnutls_datum_t * raw_key, - int key_enc /* DER or PEM */ ) + enum MHD_GNUTLS_CertificateType type, + const gnutls_datum_t * raw_key, + int key_enc /* DER or PEM */ ) { switch (type) { @@ -640,8 +640,8 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, */ int mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, - const gnutls_datum_t * derCert, - int flags /* OR of ConvFlags */ ) + const gnutls_datum_t * derCert, + int flags /* OR of ConvFlags */ ) { int ret; gnutls_x509_crt_t cert; @@ -671,7 +671,7 @@ mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, */ int mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, - gnutls_x509_crt_t cert, unsigned int flags) + gnutls_x509_crt_t cert, unsigned int flags) { int ret = 0; @@ -791,7 +791,7 @@ mhd_gtls_gcert_deinit (gnutls_cert * cert) **/ void MHD_gtls_sign_callback_set (mhd_gtls_session_t session, - gnutls_sign_func sign_func, void *userdata) + gnutls_sign_func sign_func, void *userdata) { session->internals.sign_func = sign_func; session->internals.sign_func_userdata = userdata; diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h @@ -29,7 +29,7 @@ #include <libtasn1.h> #include "x509.h" -#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ +#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PUBLIC_PARAMS 4 @@ -50,21 +50,21 @@ typedef struct gnutls_cert { - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm - * RSA: [0] is modulus - * [1] is public exponent - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is public key - */ - int params_size; /* holds the size of MPI params */ + mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public + * key algorithm + * RSA: [0] is modulus + * [1] is public exponent + * DSA: [0] is p + * [1] is q + * [2] is g + * [3] is public key + */ + int params_size; /* holds the size of MPI params */ enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm; - unsigned int key_usage; /* bits from KEY_* - */ + unsigned int key_usage; /* bits from KEY_* + */ unsigned int version; /* holds the type (PGP, X509) @@ -77,9 +77,9 @@ typedef struct gnutls_cert typedef struct gnutls_privkey_int { - mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm - */ + mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public + * key algorithm + */ /* * RSA: [0] is modulus * [1] is public exponent @@ -93,12 +93,12 @@ typedef struct gnutls_privkey_int * [3] is y (public key) * [4] is x (private key) */ - int params_size; /* holds the number of params */ + int params_size; /* holds the number of params */ enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; } gnutls_privkey; -struct MHD_gtls_session_int; /* because mhd_gtls_session_t is not defined when this file is included */ +struct MHD_gtls_session_int; /* because mhd_gtls_session_t is not defined when this file is included */ typedef enum ConvFlags { @@ -108,25 +108,25 @@ typedef enum ConvFlags } ConvFlags; int mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, - const gnutls_datum_t * derCert, - int flags); + const gnutls_datum_t * derCert, + int flags); int mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert, - unsigned int flags); + unsigned int flags); void mhd_gtls_gkey_deinit (gnutls_privkey * key); void mhd_gtls_gcert_deinit (gnutls_cert * cert); int mhd_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session, - enum MHD_GNUTLS_KeyExchangeAlgorithm ** alg, - int *alg_size); + enum MHD_GNUTLS_KeyExchangeAlgorithm + **alg, int *alg_size); int mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, - enum MHD_GNUTLS_CertificateType type, - const gnutls_datum_t * raw_cert, - int flags /* OR of ConvFlags */ ); + enum MHD_GNUTLS_CertificateType type, + const gnutls_datum_t * raw_cert, + int flags /* OR of ConvFlags */ ); int mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, - enum MHD_GNUTLS_CertificateType type, - const gnutls_datum_t * raw_key, - int key_enc /* DER or PEM */ ); + enum MHD_GNUTLS_CertificateType type, + const gnutls_datum_t * raw_key, + int key_enc /* DER or PEM */ ); #endif diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c @@ -69,9 +69,9 @@ is_read_comp_null (mhd_gtls_session_t session) */ int mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, - size_t headers_size, const opaque * data, - size_t data_size, opaque * ciphertext, - size_t ciphertext_size, content_type_t type, int random_pad) + size_t headers_size, const opaque * data, + size_t data_size, opaque * ciphertext, + size_t ciphertext_size, content_type_t type, int random_pad) { gnutls_datum_t plain; gnutls_datum_t comp; @@ -100,8 +100,8 @@ mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, } ret = mhd_gtls_compressed2ciphertext (session, &ciphertext[headers_size], - ciphertext_size - headers_size, - comp, type, random_pad); + ciphertext_size - headers_size, + comp, type, random_pad); if (free_comp) _gnutls_free_datum (&comp); @@ -125,8 +125,8 @@ mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, */ int mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, - size_t ciphertext_size, uint8_t * data, - size_t max_data_size, content_type_t type) + size_t ciphertext_size, uint8_t * data, + size_t max_data_size, content_type_t type) { gnutls_datum_t gtxt; gnutls_datum_t gcipher; @@ -140,7 +140,7 @@ mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, ret = mhd_gtls_ciphertext2compressed (session, data, max_data_size, - gcipher, type); + gcipher, type); if (ret < 0) { return ret; @@ -290,9 +290,9 @@ calc_enc_length (mhd_gtls_session_t session, int data_size, */ int mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, - opaque * cipher_data, int cipher_size, - gnutls_datum_t compressed, - content_type_t _type, int random_pad) + opaque * cipher_data, int cipher_size, + gnutls_datum_t compressed, + content_type_t _type, int random_pad) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -303,14 +303,14 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, uint8_t major, minor; int hash_size = mhd_gnutls_hash_get_algo_len (session->security_parameters. - write_mac_algorithm); + write_mac_algorithm); enum MHD_GNUTLS_Protocol ver; int blocksize = mhd_gtls_cipher_get_block_size (session->security_parameters. - write_bulk_cipher_algorithm); + write_bulk_cipher_algorithm); cipher_type_t block_algo = mhd_gtls_cipher_is_block (session->security_parameters. - write_bulk_cipher_algorithm); + write_bulk_cipher_algorithm); opaque *data_ptr; @@ -336,15 +336,15 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, if (td != GNUTLS_MAC_FAILED) { /* actually when the algorithm in not the NULL one */ - mhd_gnutls_hash (td, - UINT64DATA (session->connection_state. - write_sequence_number), 8); + mhd_gnutls_hash (td, + UINT64DATA (session->connection_state. + write_sequence_number), 8); - mhd_gnutls_hash (td, &type, 1); + mhd_gnutls_hash (td, &type, 1); if (ver >= MHD_GNUTLS_TLS1_0) { /* TLS 1.0 or higher */ - mhd_gnutls_hash (td, &major, 1); - mhd_gnutls_hash (td, &minor, 1); + mhd_gnutls_hash (td, &major, 1); + mhd_gnutls_hash (td, &minor, 1); } mhd_gnutls_hash (td, &c_length, 2); mhd_gnutls_hash (td, compressed.data, compressed.size); @@ -401,8 +401,9 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, /* Actual encryption (inplace). */ - ret = mhd_gtls_cipher_encrypt (session->connection_state. - write_cipher_state, cipher_data, length); + ret = + mhd_gtls_cipher_encrypt (session->connection_state.write_cipher_state, + cipher_data, length); if (ret < 0) { gnutls_assert (); @@ -417,9 +418,9 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, */ int mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, - opaque * compress_data, - int compress_size, - gnutls_datum_t ciphertext, uint8_t type) + opaque * compress_data, + int compress_size, + gnutls_datum_t ciphertext, uint8_t type) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -432,14 +433,15 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol ver; int hash_size = mhd_gnutls_hash_get_algo_len (session->security_parameters. - read_mac_algorithm); + read_mac_algorithm); ver = MHD_gnutls_protocol_get_version (session); minor = mhd_gtls_version_get_minor (ver); major = mhd_gtls_version_get_major (ver); - blocksize = mhd_gtls_cipher_get_block_size (session->security_parameters. - read_bulk_cipher_algorithm); + blocksize = + mhd_gtls_cipher_get_block_size (session->security_parameters. + read_bulk_cipher_algorithm); /* initialize MAC */ @@ -462,10 +464,10 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, (session->security_parameters.read_bulk_cipher_algorithm)) { case CIPHER_STREAM: - if ((ret = mhd_gtls_cipher_decrypt (session->connection_state. - read_cipher_state, - ciphertext.data, - ciphertext.size)) < 0) + if ((ret = + mhd_gtls_cipher_decrypt (session->connection_state. + read_cipher_state, ciphertext.data, + ciphertext.size)) < 0) { gnutls_assert (); return ret; @@ -481,10 +483,10 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, return GNUTLS_E_DECRYPTION_FAILED; } - if ((ret = mhd_gtls_cipher_decrypt (session->connection_state. - read_cipher_state, - ciphertext.data, - ciphertext.size)) < 0) + if ((ret = + mhd_gtls_cipher_decrypt (session->connection_state. + read_cipher_state, ciphertext.data, + ciphertext.size)) < 0) { gnutls_assert (); return ret; @@ -541,20 +543,20 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, */ if (td != GNUTLS_MAC_FAILED) { - mhd_gnutls_hash (td, - UINT64DATA (session->connection_state. - read_sequence_number), 8); + mhd_gnutls_hash (td, + UINT64DATA (session->connection_state. + read_sequence_number), 8); - mhd_gnutls_hash (td, &type, 1); + mhd_gnutls_hash (td, &type, 1); if (ver >= MHD_GNUTLS_TLS1_0) { /* TLS 1.x */ - mhd_gnutls_hash (td, &major, 1); - mhd_gnutls_hash (td, &minor, 1); + mhd_gnutls_hash (td, &major, 1); + mhd_gnutls_hash (td, &minor, 1); } mhd_gnutls_hash (td, &c_length, 2); if (length > 0) - mhd_gnutls_hash (td, ciphertext.data, length); + mhd_gnutls_hash (td, ciphertext.data, length); mac_deinit (td, MAC, ver); } diff --git a/src/daemon/https/tls/gnutls_cipher.h b/src/daemon/https/tls/gnutls_cipher.h @@ -23,19 +23,18 @@ */ int mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, - size_t headers_size, const opaque * data, - size_t data_size, opaque * ciphertext, - size_t ciphertext_size, content_type_t type, - int random_pad); + size_t headers_size, const opaque * data, + size_t data_size, opaque * ciphertext, + size_t ciphertext_size, content_type_t type, + int random_pad); int mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, - size_t ciphertext_size, uint8_t * data, size_t data_size, - content_type_t type); + size_t ciphertext_size, uint8_t * data, + size_t data_size, content_type_t type); int mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, - opaque * cipher_data, int cipher_size, - gnutls_datum_t compressed, - content_type_t _type, int random_pad); + opaque * cipher_data, int cipher_size, + gnutls_datum_t compressed, + content_type_t _type, int random_pad); int mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, - opaque * compress_data, - int compress_size, - gnutls_datum_t ciphertext, uint8_t type); + opaque * compress_data, int compress_size, + gnutls_datum_t ciphertext, uint8_t type); diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c @@ -29,7 +29,7 @@ cipher_hd_t mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, - const gnutls_datum_t * key, const gnutls_datum_t * iv) + const gnutls_datum_t * key, const gnutls_datum_t * iv) { cipher_hd_t ret = NULL; int err = GC_INVALID_CIPHER; /* doesn't matter */ @@ -110,7 +110,7 @@ mhd_gtls_cipher_encrypt (cipher_hd_t handle, void *text, int textlen) int mhd_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext, - int ciphertextlen) + int ciphertextlen) { if (handle != GNUTLS_CIPHER_FAILED) { diff --git a/src/daemon/https/tls/gnutls_cipher_int.h b/src/daemon/https/tls/gnutls_cipher_int.h @@ -29,18 +29,15 @@ #define GNUTLS_CIPHER_FAILED NULL // TODO gc_cipher_handle -> void * x3 -void * mhd_gtls_cipher_init(enum MHD_GNUTLS_CipherAlgorithm cipher, - const gnutls_datum_t * key, - const gnutls_datum_t * iv); +void *mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, + const gnutls_datum_t * key, + const gnutls_datum_t * iv); -int mhd_gtls_cipher_encrypt(void * handle, - void *text, - int textlen); +int mhd_gtls_cipher_encrypt (void *handle, void *text, int textlen); -int mhd_gtls_cipher_decrypt(void * handle, - void *ciphertext, - int ciphertextlen); +int mhd_gtls_cipher_decrypt (void *handle, + void *ciphertext, int ciphertextlen); -void mhd_gnutls_cipher_deinit(void * handle); +void mhd_gnutls_cipher_deinit (void *handle); #endif /* GNUTLS_CIPHER_INT */ diff --git a/src/daemon/https/tls/gnutls_compress.c b/src/daemon/https/tls/gnutls_compress.c @@ -43,8 +43,8 @@ _gnutls_m_plaintext2compressed (mhd_gtls_session_t session, size = mhd_gtls_compress (session->connection_state.write_compression_state, - plaintext->data, plaintext->size, &data, - MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE); + plaintext->data, plaintext->size, &data, + MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE); if (size < 0) { gnutls_assert (); @@ -65,9 +65,9 @@ _gnutls_m_compressed2plaintext (mhd_gtls_session_t session, opaque *data; size = - mhd_gtls_decompress (session->connection_state. - read_compression_state, compressed->data, - compressed->size, &data, MAX_RECORD_RECV_SIZE); + mhd_gtls_decompress (session->connection_state.read_compression_state, + compressed->data, compressed->size, &data, + MAX_RECORD_RECV_SIZE); if (size < 0) { gnutls_assert (); diff --git a/src/daemon/https/tls/gnutls_compress.h b/src/daemon/https/tls/gnutls_compress.h @@ -23,8 +23,8 @@ */ int _gnutls_m_plaintext2compressed (mhd_gtls_session_t session, - gnutls_datum_t * compressed, - const gnutls_datum_t *plaintext); + gnutls_datum_t * compressed, + const gnutls_datum_t * plaintext); int _gnutls_m_compressed2plaintext (mhd_gtls_session_t session, - gnutls_datum_t * plain, - const gnutls_datum_t* compressed); + gnutls_datum_t * plain, + const gnutls_datum_t * compressed); diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c @@ -130,8 +130,8 @@ mhd_gtls_comp_deinit (comp_hd_t handle, int d) int mhd_gtls_compress (comp_hd_t handle, const opaque * plain, - size_t plain_size, opaque ** compressed, - size_t max_comp_size) + size_t plain_size, opaque ** compressed, + size_t max_comp_size) { int compressed_size = GNUTLS_E_COMPRESSION_FAILED; @@ -205,8 +205,8 @@ mhd_gtls_compress (comp_hd_t handle, const opaque * plain, int mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, - size_t compressed_size, opaque ** plain, - size_t max_record_size) + size_t compressed_size, opaque ** plain, + size_t max_record_size) { int plain_size = GNUTLS_E_DECOMPRESSION_FAILED; diff --git a/src/daemon/https/tls/gnutls_compress_int.h b/src/daemon/https/tls/gnutls_compress_int.h @@ -41,9 +41,9 @@ comp_hd_t mhd_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod, int d); void mhd_gtls_comp_deinit (comp_hd_t handle, int d); int mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, - size_t compressed_size, opaque ** plain, - size_t max_record_size); + size_t compressed_size, opaque ** plain, + size_t max_record_size); int mhd_gtls_compress (comp_hd_t, const opaque * plain, size_t plain_size, - opaque ** compressed, size_t max_comp_size); + opaque ** compressed, size_t max_comp_size); #endif diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c @@ -99,19 +99,16 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, if (session->security_parameters.version == MHD_GNUTLS_SSL3) { /* SSL 3 */ ret = - mhd_gnutls_ssl3_generate_random (session-> - security_parameters. - master_secret, - TLS_MASTER_SIZE, rnd, - 2 * TLS_RANDOM_SIZE, - block_size, key_block); + mhd_gnutls_ssl3_generate_random + (session->security_parameters.master_secret, TLS_MASTER_SIZE, rnd, + 2 * TLS_RANDOM_SIZE, block_size, key_block); } else { /* TLS 1.0 */ ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, - TLS_MASTER_SIZE, keyexp, keyexp_length, - rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); + TLS_MASTER_SIZE, keyexp, keyexp_length, + rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); } if (ret < 0) @@ -123,7 +120,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, mhd_gtls_bin2hex (key_block, block_size, buf, - sizeof (buf))); + sizeof (buf))); pos = 0; if (hash_size > 0) @@ -193,20 +190,20 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, { /* SSL 3 */ ret = mhd_gnutls_ssl3_hash_md5 (&key_block[pos], - key_size, rrnd, - 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - client_write_key); + key_size, rrnd, + 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + client_write_key); } else { /* TLS 1.0 */ ret = mhd_gtls_PRF (session, &key_block[pos], key_size, - cliwrite, cliwrite_length, - rrnd, - 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, client_write_key); + cliwrite, cliwrite_length, + rrnd, + 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, client_write_key); } if (ret < 0) @@ -225,17 +222,17 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, { /* SSL 3 */ ret = mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, - rnd, 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - server_write_key); + rnd, 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + server_write_key); } else { /* TLS 1.0 */ ret = mhd_gtls_PRF (session, &key_block[pos], key_size, - servwrite, servwrite_length, - rrnd, 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, server_write_key); + servwrite, servwrite_length, + rrnd, 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, server_write_key); } if (ret < 0) @@ -263,8 +260,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", client_write_key_size, mhd_gtls_bin2hex (client_write_key, - client_write_key_size, buf, - sizeof (buf))); + client_write_key_size, buf, + sizeof (buf))); if (_gnutls_sset_datum (&session->cipher_specs.server_write_key, @@ -279,8 +276,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", server_write_key_size, mhd_gtls_bin2hex (server_write_key, - server_write_key_size, buf, - sizeof (buf))); + server_write_key_size, buf, + sizeof (buf))); if (free_keys != 0) { @@ -326,8 +323,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, if (session->security_parameters.version == MHD_GNUTLS_SSL3) { /* SSL 3 */ ret = mhd_gnutls_ssl3_hash_md5 ("", 0, - rrnd, TLS_RANDOM_SIZE * 2, - IV_size, iv_block); + rrnd, TLS_RANDOM_SIZE * 2, + IV_size, iv_block); if (ret < 0) { @@ -338,15 +335,15 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, } ret = mhd_gnutls_ssl3_hash_md5 ("", 0, rnd, - TLS_RANDOM_SIZE * 2, - IV_size, &iv_block[IV_size]); + TLS_RANDOM_SIZE * 2, + IV_size, &iv_block[IV_size]); } else { /* TLS 1.0 */ ret = mhd_gtls_PRF (session, "", 0, - ivblock, ivblock_length, rrnd, - 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); + ivblock, ivblock_length, rrnd, + 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); } if (ret < 0) @@ -505,37 +502,35 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) if (session->internals.resumed == RESUME_FALSE) { rc = mhd_gtls_set_read_cipher (session, - mhd_gtls_cipher_suite_get_cipher_algo - (&session->security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_cipher_algo + (&session->security_parameters. + current_cipher_suite)); if (rc < 0) return rc; rc = mhd_gtls_set_read_mac (session, - mhd_gtls_cipher_suite_get_mac_algo - (&session->security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_mac_algo + (&session->security_parameters. + current_cipher_suite)); if (rc < 0) return rc; rc = mhd_gtls_set_kx (session, - mhd_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_kx_algo + (&session->security_parameters. + current_cipher_suite)); if (rc < 0) return rc; rc = mhd_gtls_set_read_compression (session, - session->internals. - compression_method); + session->internals. + compression_method); if (rc < 0) return rc; } else { /* RESUME_TRUE */ - _gnutls_cpy_read_security_parameters (&session-> - security_parameters, - &session-> - internals. + _gnutls_cpy_read_security_parameters (&session->security_parameters, + &session->internals. resumed_security_parameters); } @@ -545,9 +540,10 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) return rc; _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", - session, mhd_gtls_cipher_suite_get_name (&session-> - security_parameters. - current_cipher_suite)); + session, + mhd_gtls_cipher_suite_get_name + (&session->security_parameters. + current_cipher_suite)); if (mhd_gtls_compression_is_ok (session->security_parameters.read_compression_algorithm) != 0) @@ -572,12 +568,13 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) mhd_gnutls_cipher_deinit (session->connection_state.read_cipher_state); if (session->connection_state.read_compression_state != NULL) - mhd_gtls_comp_deinit (session->connection_state.read_compression_state, 1); + mhd_gtls_comp_deinit (session->connection_state.read_compression_state, + 1); mac_size = mhd_gnutls_hash_get_algo_len (session->security_parameters. - read_mac_algorithm); + read_mac_algorithm); _gnutls_handshake_log ("HSK[%x]: Initializing internal [read] cipher sessions\n", session); @@ -589,14 +586,12 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) */ session->connection_state.read_cipher_state = mhd_gtls_cipher_init (session->security_parameters. - read_bulk_cipher_algorithm, - &session->cipher_specs. - client_write_key, - &session->cipher_specs.client_write_IV); - if (session->connection_state.read_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters. - read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) + read_bulk_cipher_algorithm, + &session->cipher_specs.client_write_key, + &session->cipher_specs.client_write_IV); + if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED + && session->security_parameters.read_bulk_cipher_algorithm != + MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -607,8 +602,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) */ if (mac_size > 0) { - if (_gnutls_sset_datum (&session->connection_state. - read_mac_secret, + if (_gnutls_sset_datum (&session->connection_state.read_mac_secret, session->cipher_specs. client_write_mac_secret.data, session->cipher_specs. @@ -625,15 +619,14 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) case GNUTLS_CLIENT: session->connection_state.read_cipher_state = mhd_gtls_cipher_init (session->security_parameters. - read_bulk_cipher_algorithm, - &session->cipher_specs. - server_write_key, - &session->cipher_specs.server_write_IV); + read_bulk_cipher_algorithm, + &session->cipher_specs.server_write_key, + &session->cipher_specs.server_write_IV); if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED - && session->security_parameters. - read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) + && session->security_parameters.read_bulk_cipher_algorithm != + MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -644,8 +637,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) */ if (mac_size > 0) { - if (_gnutls_sset_datum (&session->connection_state. - read_mac_secret, + if (_gnutls_sset_datum (&session->connection_state.read_mac_secret, session->cipher_specs. server_write_mac_secret.data, session->cipher_specs. @@ -665,7 +657,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) session->connection_state.read_compression_state = mhd_gtls_comp_init (session->security_parameters. - read_compression_algorithm, 1); + read_compression_algorithm, 1); if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED) { @@ -695,37 +687,35 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) if (session->internals.resumed == RESUME_FALSE) { rc = mhd_gtls_set_write_cipher (session, - mhd_gtls_cipher_suite_get_cipher_algo - (&session->security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_cipher_algo + (&session->security_parameters. + current_cipher_suite)); if (rc < 0) return rc; rc = mhd_gtls_set_write_mac (session, - mhd_gtls_cipher_suite_get_mac_algo - (&session->security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_mac_algo + (&session->security_parameters. + current_cipher_suite)); if (rc < 0) return rc; rc = mhd_gtls_set_kx (session, - mhd_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_kx_algo + (&session->security_parameters. + current_cipher_suite)); if (rc < 0) return rc; rc = mhd_gtls_set_write_compression (session, - session->internals. - compression_method); + session->internals. + compression_method); if (rc < 0) return rc; } else { /* RESUME_TRUE */ - _gnutls_cpy_write_security_parameters (&session-> - security_parameters, - &session-> - internals. + _gnutls_cpy_write_security_parameters (&session->security_parameters, + &session->internals. resumed_security_parameters); } @@ -734,9 +724,9 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) return rc; _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session, - mhd_gtls_cipher_suite_get_name (&session-> - security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_name + (&session->security_parameters. + current_cipher_suite)); if (mhd_gtls_compression_is_ok (session->security_parameters.write_compression_algorithm) != 0) @@ -763,12 +753,12 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); if (session->connection_state.write_compression_state != NULL) - mhd_gtls_comp_deinit (session->connection_state. - write_compression_state, 0); + mhd_gtls_comp_deinit (session->connection_state.write_compression_state, + 0); mac_size = mhd_gnutls_hash_get_algo_len (session->security_parameters. - write_mac_algorithm); + write_mac_algorithm); _gnutls_handshake_log ("HSK[%x]: Initializing internal [write] cipher sessions\n", session); @@ -780,15 +770,14 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) */ session->connection_state.write_cipher_state = mhd_gtls_cipher_init (session->security_parameters. - write_bulk_cipher_algorithm, - &session->cipher_specs. - server_write_key, - &session->cipher_specs.server_write_IV); + write_bulk_cipher_algorithm, + &session->cipher_specs.server_write_key, + &session->cipher_specs.server_write_IV); if (session->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED - && session->security_parameters. - write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) + && session->security_parameters.write_bulk_cipher_algorithm != + MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -800,8 +789,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) */ if (mac_size > 0) { - if (_gnutls_sset_datum (&session->connection_state. - write_mac_secret, + if (_gnutls_sset_datum (&session->connection_state.write_mac_secret, session->cipher_specs. server_write_mac_secret.data, session->cipher_specs. @@ -819,15 +807,14 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) case GNUTLS_CLIENT: session->connection_state.write_cipher_state = mhd_gtls_cipher_init (session->security_parameters. - write_bulk_cipher_algorithm, - &session->cipher_specs. - client_write_key, - &session->cipher_specs.client_write_IV); + write_bulk_cipher_algorithm, + &session->cipher_specs.client_write_key, + &session->cipher_specs.client_write_IV); if (session->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED - && session->security_parameters. - write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) + && session->security_parameters.write_bulk_cipher_algorithm != + MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -837,8 +824,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) */ if (mac_size > 0) { - if (_gnutls_sset_datum (&session->connection_state. - write_mac_secret, + if (_gnutls_sset_datum (&session->connection_state.write_mac_secret, session->cipher_specs. client_write_mac_secret.data, session->cipher_specs. @@ -859,7 +845,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) session->connection_state.write_compression_state = mhd_gtls_comp_init (session->security_parameters. - write_compression_algorithm, 0); + write_compression_algorithm, 0); if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED) { @@ -874,7 +860,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) */ int mhd_gtls_set_read_cipher (mhd_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo) + enum MHD_GNUTLS_CipherAlgorithm algo) { if (mhd_gtls_cipher_is_ok (algo) == 0) @@ -900,7 +886,7 @@ mhd_gtls_set_read_cipher (mhd_gtls_session_t session, int mhd_gtls_set_write_cipher (mhd_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo) + enum MHD_GNUTLS_CipherAlgorithm algo) { if (mhd_gtls_cipher_is_ok (algo) == 0) @@ -929,7 +915,7 @@ mhd_gtls_set_write_cipher (mhd_gtls_session_t session, */ int mhd_gtls_set_read_compression (mhd_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo) + enum MHD_GNUTLS_CompressionMethod algo) { if (mhd_gtls_compression_is_ok (algo) == 0) @@ -947,7 +933,7 @@ mhd_gtls_set_read_compression (mhd_gtls_session_t session, int mhd_gtls_set_write_compression (mhd_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo) + enum MHD_GNUTLS_CompressionMethod algo) { if (mhd_gtls_compression_is_ok (algo) == 0) @@ -966,7 +952,8 @@ mhd_gtls_set_write_compression (mhd_gtls_session_t session, /* Sets the specified kx algorithm into pending session */ int -mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorithm algo) +mhd_gtls_set_kx (mhd_gtls_session_t session, + enum MHD_GNUTLS_KeyExchangeAlgorithm algo) { if (mhd_gtls_kx_is_ok (algo) == 0) @@ -991,7 +978,8 @@ mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorith /* Sets the specified mac algorithm into pending session */ int -mhd_gtls_set_read_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm algo) +mhd_gtls_set_read_mac (mhd_gtls_session_t session, + enum MHD_GNUTLS_HashAlgorithm algo) { if (mhd_gnutls_mac_is_ok (algo) == 0) @@ -1015,7 +1003,8 @@ mhd_gtls_set_read_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm } int -mhd_gtls_set_write_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm algo) +mhd_gtls_set_write_mac (mhd_gtls_session_t session, + enum MHD_GNUTLS_HashAlgorithm algo) { if (mhd_gnutls_mac_is_ok (algo) == 0) diff --git a/src/daemon/https/tls/gnutls_constate.h b/src/daemon/https/tls/gnutls_constate.h @@ -26,15 +26,16 @@ int mhd_gtls_connection_state_init (mhd_gtls_session_t session); int mhd_gtls_read_connection_state_init (mhd_gtls_session_t session); int mhd_gtls_write_connection_state_init (mhd_gtls_session_t session); int mhd_gtls_set_write_cipher (mhd_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo); + enum MHD_GNUTLS_CipherAlgorithm algo); int mhd_gtls_set_write_mac (mhd_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algo); + enum MHD_GNUTLS_HashAlgorithm algo); int mhd_gtls_set_read_cipher (mhd_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo); + enum MHD_GNUTLS_CipherAlgorithm algo); int mhd_gtls_set_read_mac (mhd_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algo); + enum MHD_GNUTLS_HashAlgorithm algo); int mhd_gtls_set_read_compression (mhd_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo); + enum MHD_GNUTLS_CompressionMethod algo); int mhd_gtls_set_write_compression (mhd_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo); -int mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorithm algo); + enum MHD_GNUTLS_CompressionMethod algo); +int mhd_gtls_set_kx (mhd_gtls_session_t session, + enum MHD_GNUTLS_KeyExchangeAlgorithm algo); diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c @@ -68,7 +68,7 @@ mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat) int mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_alloc_function galloc_func) + size_t data_size, gnutls_alloc_function galloc_func) { if (data_size == 0 || data == NULL) { @@ -89,8 +89,8 @@ mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, int mhd_gtls_datum_append_m (gnutls_datum_t * dst, const void *data, - size_t data_size, - gnutls_realloc_function grealloc_func) + size_t data_size, + gnutls_realloc_function grealloc_func) { dst->data = grealloc_func (dst->data, data_size + dst->size); diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h @@ -28,12 +28,12 @@ void mhd_gtls_write_datum32 (opaque * dest, gnutls_datum_t dat); void mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat); int mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_alloc_function); + size_t data_size, gnutls_alloc_function); #define _gnutls_set_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_malloc) #define _gnutls_sset_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_secure_malloc) int mhd_gtls_datum_append_m (gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_realloc_function); + size_t data_size, gnutls_realloc_function); #define _gnutls_datum_append(x,y,z) mhd_gtls_datum_append_m(x,y,z, gnutls_realloc) void mhd_gtls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function); diff --git a/src/daemon/https/tls/gnutls_dh.c b/src/daemon/https/tls/gnutls_dh.c @@ -26,8 +26,8 @@ #include <gnutls_errors.h> -/* - --Example-- +/* + --Example-- you: X = g ^ x mod p; peer:Y = g ^ y mod p; @@ -77,7 +77,7 @@ mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime) do { _gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM); - /* Check whether x is zero. + /* Check whether x is zero. */ } while (_gnutls_mpi_cmp_ui (x, 0) == 0); @@ -134,8 +134,8 @@ mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime) -*/ mhd_gtls_dh_params_t mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, - gnutls_params_function * func, - mhd_gtls_session_t session) + gnutls_params_function * func, + mhd_gtls_session_t session) { gnutls_params_st params; int ret; diff --git a/src/daemon/https/tls/gnutls_dh.h b/src/daemon/https/tls/gnutls_dh.h @@ -25,14 +25,14 @@ #ifndef GNUTLS_DH_H # define GNUTLS_DH_H -const mpi_t * mhd_gtls_dh_params_to_mpi (mhd_gtls_dh_params_t); +const mpi_t *mhd_gtls_dh_params_to_mpi (mhd_gtls_dh_params_t); mpi_t mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime); mpi_t mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime); int mhd_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits); mhd_gtls_dh_params_t mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, - gnutls_params_function * func, - mhd_gtls_session_t session); + gnutls_params_function * func, + mhd_gtls_session_t session); #endif diff --git a/src/daemon/https/tls/gnutls_dh_primes.c b/src/daemon/https/tls/gnutls_dh_primes.c @@ -197,7 +197,8 @@ MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params) * **/ int -MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, unsigned int bits) +MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, + unsigned int bits) { int ret; diff --git a/src/daemon/https/tls/gnutls_errors.c b/src/daemon/https/tls/gnutls_errors.c @@ -260,7 +260,7 @@ static const gnutls_error_entry mhd_gtls_error_algorithms[] = { * @error: is an error returned by a gnutls function. Error should be a negative value. * * If a function returns a negative value you may feed that value - * to this function to see if it is fatal. Returns 1 for a fatal + * to this function to see if it is fatal. Returns 1 for a fatal * error 0 otherwise. However you may want to check the * error code manually, since some non-fatal errors to the protocol * may be fatal for you (your program). @@ -290,7 +290,7 @@ MHD_gtls_error_is_fatal (int error) * MHD_gtls_perror - prints a string to stderr with a description of an error * @error: is an error returned by a gnutls function. Error is always a negative value. * - * This function is like perror(). The only difference is that it accepts an + * This function is like perror(). The only difference is that it accepts an * error number returned by a gnutls function. **/ void diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c @@ -142,8 +142,8 @@ _gnutls_extension_list_check (mhd_gtls_session_t session, uint16_t type) int mhd_gtls_parse_extensions (mhd_gtls_session_t session, - mhd_gtls_ext_parse_type_t parse_type, - const opaque * data, int data_size) + mhd_gtls_ext_parse_type_t parse_type, + const opaque * data, int data_size) { int next, ret; int pos = 0; @@ -159,9 +159,8 @@ mhd_gtls_parse_extensions (mhd_gtls_session_t session, { _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", session, - mhd_gtls_extension_get_name (session-> - internals. - extensions_sent[i])); + mhd_gtls_extension_get_name + (session->internals.extensions_sent[i])); } #endif @@ -236,7 +235,7 @@ _gnutls_extension_list_add (mhd_gtls_session_t session, uint16_t type) int mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { int size; uint16_t pos = 0; diff --git a/src/daemon/https/tls/gnutls_extensions.h b/src/daemon/https/tls/gnutls_extensions.h @@ -24,16 +24,18 @@ #include <gnutls_int.h> -const char * mhd_gtls_extension_get_name (uint16_t type); -int mhd_gtls_parse_extensions (mhd_gtls_session_t, mhd_gtls_ext_parse_type_t, const opaque *, int); +const char *mhd_gtls_extension_get_name (uint16_t type); +int mhd_gtls_parse_extensions (mhd_gtls_session_t, mhd_gtls_ext_parse_type_t, + const opaque *, int); int mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, - size_t data_size); + size_t data_size); -typedef int (* mhd_gtls_ext_recv_func) (mhd_gtls_session_t, const opaque *, size_t); /* recv data */ -typedef int (* mhd_gtls_ext_send_func) (mhd_gtls_session_t, opaque *, size_t); /* send data */ +typedef int (*mhd_gtls_ext_recv_func) (mhd_gtls_session_t, const opaque *, size_t); /* recv data */ +typedef int (*mhd_gtls_ext_send_func) (mhd_gtls_session_t, opaque *, size_t); /* send data */ mhd_gtls_ext_send_func mhd_gtls_ext_func_send (uint16_t type); -mhd_gtls_ext_recv_func mhd_gtls_ext_func_recv (uint16_t type, mhd_gtls_ext_parse_type_t); +mhd_gtls_ext_recv_func mhd_gtls_ext_func_recv (uint16_t type, + mhd_gtls_ext_parse_type_t); typedef struct { diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c @@ -121,13 +121,14 @@ int _gnutls_is_secure_mem_null (const void *); * This function must be called before MHD_gnutls_global_init() is called. * **/ -void MHD_gtls_global_set_mem_functions(gnutls_alloc_function alloc_func, - gnutls_alloc_function - secure_alloc_func, - gnutls_is_secure_function - is_secure_func, - gnutls_realloc_function realloc_func, - gnutls_free_function free_func) +void +MHD_gtls_global_set_mem_functions (gnutls_alloc_function alloc_func, + gnutls_alloc_function + secure_alloc_func, + gnutls_is_secure_function + is_secure_func, + gnutls_realloc_function realloc_func, + gnutls_free_function free_func) { gnutls_secure_malloc = secure_alloc_func; gnutls_malloc = alloc_func; @@ -147,7 +148,7 @@ void MHD_gtls_global_set_mem_functions(gnutls_alloc_function alloc_func, gnutls_calloc = calloc; } else - { /* use the included ones */ + { /* use the included ones */ gnutls_calloc = mhd_gtls_calloc; } gnutls_strdup = mhd_gtls_strdup; @@ -350,7 +351,7 @@ MHD_gnutls_global_deinit (void) **/ void MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, - mhd_gtls_pull_func pull_func) + mhd_gtls_pull_func pull_func) { session->internals._gnutls_pull_func = pull_func; } @@ -371,7 +372,7 @@ MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, **/ void MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, - mhd_gtls_push_func push_func) + mhd_gtls_push_func push_func) { session->internals._gnutls_push_func = push_func; } diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c @@ -59,7 +59,7 @@ #define FALSE 0 static int _gnutls_server_select_comp_method (mhd_gtls_session_t session, - opaque * data, int datalen); + opaque * data, int datalen); /* Clears the handshake hash buffers and handles. @@ -82,19 +82,16 @@ static void resume_copy_required_values (mhd_gtls_session_t session) { /* get the new random values */ - memcpy (session->internals.resumed_security_parameters. - server_random, + memcpy (session->internals.resumed_security_parameters.server_random, session->security_parameters.server_random, TLS_RANDOM_SIZE); - memcpy (session->internals.resumed_security_parameters. - client_random, + memcpy (session->internals.resumed_security_parameters.client_random, session->security_parameters.client_random, TLS_RANDOM_SIZE); /* keep the ciphersuite and compression * That is because the client must see these in our * hello message. */ - memcpy (session->security_parameters.current_cipher_suite. - suite, + memcpy (session->security_parameters.current_cipher_suite.suite, session->internals.resumed_security_parameters. current_cipher_suite.suite, 2); @@ -108,15 +105,15 @@ resume_copy_required_values (mhd_gtls_session_t session) session->internals.resumed_security_parameters.entity; mhd_gtls_set_current_version (session, - session->internals. - resumed_security_parameters.version); + session->internals. + resumed_security_parameters.version); session->security_parameters.cert_type = session->internals.resumed_security_parameters.cert_type; memcpy (session->security_parameters.session_id, - session->internals.resumed_security_parameters. - session_id, sizeof (session->security_parameters.session_id)); + session->internals.resumed_security_parameters.session_id, + sizeof (session->security_parameters.session_id)); session->security_parameters.session_id_size = session->internals.resumed_security_parameters.session_id_size; } @@ -173,11 +170,11 @@ _gnutls_ssl3_finished (mhd_gtls_session_t session, int type, opaque * ret) mhd_gnutls_hash (td_sha, mesg, siz); mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, - session->security_parameters. - master_secret, TLS_MASTER_SIZE); + session->security_parameters. + master_secret, TLS_MASTER_SIZE); mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); + session->security_parameters. + master_secret, TLS_MASTER_SIZE); return 0; } @@ -238,7 +235,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret) } return mhd_gtls_PRF (session, session->security_parameters.master_secret, - TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); + TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); } /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data @@ -271,7 +268,7 @@ mhd_gtls_tls_create_random (opaque * dst) */ int mhd_gtls_negotiate_version (mhd_gtls_session_t session, - enum MHD_GNUTLS_Protocol adv_version) + enum MHD_GNUTLS_Protocol adv_version) { int ret; @@ -302,7 +299,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session, int mhd_gtls_user_hello_func (mhd_gtls_session_t session, - enum MHD_GNUTLS_Protocol adv_version) + enum MHD_GNUTLS_Protocol adv_version) { int ret; @@ -393,10 +390,9 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, } else { - mhd_gtls_generate_session_id (session->security_parameters. - session_id, - &session->security_parameters. - session_id_size); + mhd_gtls_generate_session_id (session->security_parameters.session_id, + &session->security_parameters. + session_id_size); session->internals.resumed = RESUME_FALSE; } @@ -424,7 +420,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, */ if (neg_version >= MHD_GNUTLS_TLS1_0) { - ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ + ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { gnutls_assert (); @@ -441,7 +437,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, if (neg_version >= MHD_GNUTLS_TLS1_0) { - ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ + ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { gnutls_assert (); @@ -495,8 +491,10 @@ _gnutls_handshake_hash_pending (mhd_gtls_session_t session) if (siz > 0) { - mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, data, siz); - mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, data, siz); + mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, data, + siz); + mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, data, + siz); } mhd_gtls_handshake_buffer_empty (session); @@ -554,7 +552,7 @@ _gnutls_send_finished (mhd_gtls_session_t session, int again) ret = mhd_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_FINISHED); + GNUTLS_HANDSHAKE_FINISHED); return ret; } @@ -572,7 +570,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session) ret = mhd_gtls_recv_handshake (session, &vrfy, &vrfysize, - GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); + GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); if (ret < 0) { ERR ("recv finished int", ret); @@ -601,8 +599,8 @@ _gnutls_recv_finished (mhd_gtls_session_t session) { ret = _gnutls_ssl3_finished (session, - (session->security_parameters. - entity + 1) % 2, data); + (session->security_parameters.entity + 1) % 2, + data); } else { /* TLS 1.0 */ @@ -671,14 +669,14 @@ _gnutls_server_find_pk_algos_in_ciphersuites (const opaque * */ int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, - int datalen) + int datalen) { int x, i, j; cipher_suite_st *ciphers, cs; int retval, err; - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms - * supported by the peer. - */ + enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms + * supported by the peer. + */ pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); @@ -741,8 +739,8 @@ mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, _gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, mhd_gtls_cipher_suite_get_name (&cs)); - memcpy (session->security_parameters.current_cipher_suite. - suite, ciphers[i].suite, 2); + memcpy (session->security_parameters.current_cipher_suite.suite, + ciphers[i].suite, 2); retval = 0; goto finish; } @@ -763,8 +761,8 @@ finish: if (mhd_gtls_get_kx_cred (session, mhd_gtls_cipher_suite_get_kx_algo (&session->security_parameters. - current_cipher_suite), - &err) == NULL && err != 0) + current_cipher_suite), &err) == NULL + && err != 0) { gnutls_assert (); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -777,8 +775,8 @@ finish: */ session->internals.auth_struct = mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); + (&session->security_parameters. + current_cipher_suite)); if (session->internals.auth_struct == NULL) { @@ -828,7 +826,7 @@ _gnutls_server_select_comp_method (mhd_gtls_session_t session, _gnutls_handshake_log ("HSK[%x]: Selected Compression Method: %s\n", session, MHD_gnutls_compression_get_name (session->internals. - compression_method)); + compression_method)); return 0; @@ -883,9 +881,9 @@ _gnutls_handshake_hash_add_sent (mhd_gtls_session_t session, if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr, - datalen); + datalen); mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr, - datalen); + datalen); } return 0; @@ -899,8 +897,8 @@ _gnutls_handshake_hash_add_sent (mhd_gtls_session_t session, */ int mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, - uint32_t i_datasize, - gnutls_handshake_description_t type) + uint32_t i_datasize, + gnutls_handshake_description_t type) { int ret; uint8_t *data; @@ -954,7 +952,7 @@ mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, ret = mhd_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type, - data, datasize); + data, datasize); _gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", session, _gnutls_handshake2str (type), datasize); @@ -1007,7 +1005,7 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session, { ret = mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, dataptr, SSL2_HEADERS); + type, dataptr, SSL2_HEADERS); if (ret < 0) { @@ -1030,14 +1028,13 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session, { ret = mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, - &dataptr[session-> - internals. - handshake_header_buffer. - header_size], - HANDSHAKE_HEADER_SIZE - - session->internals. - handshake_header_buffer.header_size); + type, + &dataptr + [session->internals. + handshake_header_buffer.header_size], + HANDSHAKE_HEADER_SIZE - + session->internals. + handshake_header_buffer.header_size); if (ret <= 0) { gnutls_assert (); @@ -1155,8 +1152,8 @@ _gnutls_handshake_hash_add_recvd (mhd_gtls_session_t session, */ int mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, - int *datalen, gnutls_handshake_description_t type, - Optional optional) + int *datalen, gnutls_handshake_description_t type, + Optional optional) { int ret; uint32_t length32 = 0; @@ -1205,7 +1202,7 @@ mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, { ret = mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, dataptr, length32); + type, dataptr, length32); if (ret <= 0) { gnutls_assert (); @@ -1222,8 +1219,8 @@ mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, session->internals. handshake_header_buffer.header, session->internals. - handshake_header_buffer. - header_size, dataptr, length32); + handshake_header_buffer.header_size, + dataptr, length32); if (ret < 0) { gnutls_assert (); @@ -1286,7 +1283,8 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) int i, err; z = 1; - cipher_suite_num = mhd_gtls_supported_ciphersuites (session, &cipher_suites); + cipher_suite_num = + mhd_gtls_supported_ciphersuites (session, &cipher_suites); if (cipher_suite_num < 0) { gnutls_assert (); @@ -1313,19 +1311,19 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); _gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, - mhd_gtls_cipher_suite_get_name (&session-> - security_parameters. - current_cipher_suite)); + mhd_gtls_cipher_suite_get_name + (&session->security_parameters. + current_cipher_suite)); /* check if the credentials (username, public key etc.) are ok. * Actually checks if they exist. */ if (mhd_gtls_get_kx_cred - (session, mhd_gtls_cipher_suite_get_kx_algo (&session-> - security_parameters. - current_cipher_suite), - &err) == NULL && err != 0) + (session, + mhd_gtls_cipher_suite_get_kx_algo + (&session->security_parameters.current_cipher_suite), &err) == NULL + && err != 0) { gnutls_assert (); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -1338,8 +1336,8 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) */ session->internals.auth_struct = mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); + (&session->security_parameters. + current_cipher_suite)); if (session->internals.auth_struct == NULL) { @@ -1358,14 +1356,15 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) /* This function sets the given comp method to the session. */ static int -_gnutls_client_set_comp_method (mhd_gtls_session_t session, opaque comp_method) +_gnutls_client_set_comp_method (mhd_gtls_session_t session, + opaque comp_method) { int comp_methods_num; uint8_t *compression_methods; int i; comp_methods_num = mhd_gtls_supported_compression_methods (session, - &compression_methods); + &compression_methods); if (comp_methods_num < 0) { gnutls_assert (); @@ -1410,21 +1409,19 @@ _gnutls_client_check_if_resuming (mhd_gtls_session_t session, session_id_len); _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, mhd_gtls_bin2hex (session_id, session_id_len, buf, - sizeof (buf))); + sizeof (buf))); if (session_id_len > 0 && session->internals.resumed_security_parameters.session_id_size == session_id_len && memcmp (session_id, - session->internals.resumed_security_parameters. - session_id, session_id_len) == 0) + session->internals.resumed_security_parameters.session_id, + session_id_len) == 0) { /* resume session */ - memcpy (session->internals. - resumed_security_parameters.server_random, + memcpy (session->internals.resumed_security_parameters.server_random, session->security_parameters.server_random, TLS_RANDOM_SIZE); - memcpy (session->internals. - resumed_security_parameters.client_random, + memcpy (session->internals.resumed_security_parameters.client_random, session->security_parameters.client_random, TLS_RANDOM_SIZE); session->internals.resumed = RESUME_TRUE; /* we are resuming */ @@ -1536,7 +1533,7 @@ _gnutls_read_server_hello (mhd_gtls_session_t session, */ if (version >= MHD_GNUTLS_TLS1_0) { - ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ + ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { gnutls_assert (); @@ -1627,7 +1624,8 @@ _gnutls_copy_comp_methods (mhd_gtls_session_t session, uint8_t *compression_methods, comp_num; int datalen, pos; - ret = mhd_gtls_supported_compression_methods (session, &compression_methods); + ret = + mhd_gtls_supported_compression_methods (session, &compression_methods); if (ret < 0) { gnutls_assert (); @@ -1841,7 +1839,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again) ret = mhd_gtls_send_handshake (session, data, datalen, - GNUTLS_HANDSHAKE_CLIENT_HELLO); + GNUTLS_HANDSHAKE_CLIENT_HELLO); gnutls_free (data); return ret; @@ -1883,7 +1881,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) */ gnutls_assert (); ret = MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, - GNUTLS_A_UNKNOWN_PSK_IDENTITY); + GNUTLS_A_UNKNOWN_PSK_IDENTITY); if (ret < 0) { gnutls_assert (); @@ -1932,7 +1930,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, mhd_gtls_bin2hex (SessionID, session_id_len, - buf, sizeof (buf))); + buf, sizeof (buf))); memcpy (&data[pos], session->security_parameters.current_cipher_suite.suite, 2); @@ -1940,7 +1938,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) comp = (uint8_t) mhd_gtls_compression_get_num (session-> - internals.compression_method); + internals.compression_method); data[pos++] = comp; @@ -1954,7 +1952,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) ret = mhd_gtls_send_handshake (session, data, datalen, - GNUTLS_HANDSHAKE_SERVER_HELLO); + GNUTLS_HANDSHAKE_SERVER_HELLO); gnutls_afree (data); return ret; @@ -2137,7 +2135,7 @@ _gnutls_send_supplemental (mhd_gtls_session_t session, int again) if (again) ret = mhd_gtls_send_handshake (session, NULL, 0, - GNUTLS_HANDSHAKE_SUPPLEMENTAL); + GNUTLS_HANDSHAKE_SUPPLEMENTAL); else { mhd_gtls_buffer buf; @@ -2151,7 +2149,7 @@ _gnutls_send_supplemental (mhd_gtls_session_t session, int again) } ret = mhd_gtls_send_handshake (session, buf.data, buf.length, - GNUTLS_HANDSHAKE_SUPPLEMENTAL); + GNUTLS_HANDSHAKE_SUPPLEMENTAL); mhd_gtls_buffer_clear (&buf); } @@ -2168,8 +2166,8 @@ _gnutls_recv_supplemental (mhd_gtls_session_t session) _gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session); ret = mhd_gtls_recv_handshake (session, &data, &datalen, - GNUTLS_HANDSHAKE_SUPPLEMENTAL, - OPTIONAL_PACKET); + GNUTLS_HANDSHAKE_SUPPLEMENTAL, + OPTIONAL_PACKET); if (ret < 0) { gnutls_assert (); @@ -2290,12 +2288,12 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session) if (session->internals.resumed_security_parameters.session_id_size > 0) _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session, mhd_gtls_bin2hex (session->internals. - resumed_security_parameters. - session_id, - session->internals. - resumed_security_parameters. - session_id_size, buf, - sizeof (buf))); + resumed_security_parameters. + session_id, + session->internals. + resumed_security_parameters. + session_id_size, buf, + sizeof (buf))); #endif switch (STATE) @@ -2310,8 +2308,8 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session) /* receive the server hello */ ret = mhd_gtls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_SERVER_HELLO, - MANDATORY_PACKET); + GNUTLS_HANDSHAKE_SERVER_HELLO, + MANDATORY_PACKET); STATE = STATE2; IMED_RET ("recv hello", ret); @@ -2351,8 +2349,8 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session) if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = mhd_gtls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, - MANDATORY_PACKET); + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, + MANDATORY_PACKET); STATE = STATE6; IMED_RET ("recv server hello done", ret); @@ -2469,7 +2467,8 @@ _gnutls_recv_handshake_final (mhd_gtls_session_t session, int init) { case STATE0: case STATE30: - ret = mhd_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); + ret = + mhd_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); STATE = STATE30; if (ret <= 0) { @@ -2530,8 +2529,8 @@ mhd_gtls_handshake_server (mhd_gtls_session_t session) case STATE1: ret = mhd_gtls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_CLIENT_HELLO, - MANDATORY_PACKET); + GNUTLS_HANDSHAKE_CLIENT_HELLO, + MANDATORY_PACKET); STATE = STATE1; IMED_RET ("recv hello", ret); @@ -2671,7 +2670,7 @@ mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len) int mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, - uint32_t data_size) + uint32_t data_size) { uint8_t type; @@ -2701,7 +2700,7 @@ mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, inline static int check_server_params (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorithm kx, - enum MHD_GNUTLS_KeyExchangeAlgorithm * alg, int alg_size) + enum MHD_GNUTLS_KeyExchangeAlgorithm *alg, int alg_size) { int cred_type; mhd_gtls_dh_params_t dh_params = NULL; @@ -2717,17 +2716,17 @@ check_server_params (mhd_gtls_session_t session, int delete; mhd_gtls_cert_credentials_t x509_cred = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, - cred_type, NULL); + cred_type, NULL); if (x509_cred != NULL) { dh_params = mhd_gtls_get_dh_params (x509_cred->dh_params, - x509_cred->params_func, session); + x509_cred->params_func, session); rsa_params = mhd_gtls_certificate_get_rsa_params (x509_cred->rsa_params, - x509_cred->params_func, - session); + x509_cred->params_func, + session); } /* Check also if the certificate supports the @@ -2752,13 +2751,14 @@ check_server_params (mhd_gtls_session_t session, { mhd_gtls_anon_server_credentials_t anon_cred = (mhd_gtls_anon_server_credentials_t) mhd_gtls_get_cred (session->key, - cred_type, NULL); + cred_type, + NULL); if (anon_cred != NULL) { dh_params = mhd_gtls_get_dh_params (anon_cred->dh_params, - anon_cred->params_func, session); + anon_cred->params_func, session); } #endif #ifdef ENABLE_PSK @@ -2767,13 +2767,13 @@ check_server_params (mhd_gtls_session_t session, { gnutls_psk_server_credentials_t psk_cred = (gnutls_psk_server_credentials_t) mhd_gtls_get_cred (session->key, - cred_type, NULL); + cred_type, NULL); if (psk_cred != NULL) { dh_params = - mhd_gtls_get_dh_params (psk_cred->dh_params, psk_cred->params_func, - session); + mhd_gtls_get_dh_params (psk_cred->dh_params, + psk_cred->params_func, session); } #endif } @@ -2816,9 +2816,10 @@ check_server_params (mhd_gtls_session_t session, */ int mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, - cipher_suite_st ** cipherSuites, - int numCipherSuites, - enum MHD_GNUTLS_PublicKeyAlgorithm requested_pk_algo) + cipher_suite_st ** cipherSuites, + int numCipherSuites, + enum MHD_GNUTLS_PublicKeyAlgorithm + requested_pk_algo) { int ret = 0; @@ -2838,8 +2839,8 @@ mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, cert_cred = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, - MHD_GNUTLS_CRD_CERTIFICATE, - NULL); + MHD_GNUTLS_CRD_CERTIFICATE, + NULL); /* If there are certificate credentials, find an appropriate certificate * or disable them; @@ -2953,13 +2954,15 @@ mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, * **/ void -MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, size_t max) +MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, + size_t max) { session->internals.max_handshake_data_buffer_size = max; } void -mhd_gtls_set_adv_version (mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol ver) +mhd_gtls_set_adv_version (mhd_gtls_session_t session, + enum MHD_GNUTLS_Protocol ver) { set_adv_version (session, mhd_gtls_version_get_major (ver), mhd_gtls_version_get_minor (ver)); @@ -2969,7 +2972,7 @@ enum MHD_GNUTLS_Protocol mhd_gtls_get_adv_version (mhd_gtls_session_t session) { return mhd_gtls_version_get (_gnutls_get_adv_version_major (session), - _gnutls_get_adv_version_minor (session)); + _gnutls_get_adv_version_minor (session)); } /** diff --git a/src/daemon/https/tls/gnutls_handshake.h b/src/daemon/https/tls/gnutls_handshake.h @@ -26,15 +26,16 @@ typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; int mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, - uint32_t i_datasize, - gnutls_handshake_description_t type); + uint32_t i_datasize, + gnutls_handshake_description_t type); int mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, - uint32_t data_size); + uint32_t data_size); int mhd_gtls_send_hello (mhd_gtls_session_t session, int again); -int mhd_gtls_recv_hello (mhd_gtls_session_t session, opaque * data, int datalen); +int mhd_gtls_recv_hello (mhd_gtls_session_t session, opaque * data, + int datalen); int mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t **, int *, - gnutls_handshake_description_t, - Optional optional); + gnutls_handshake_description_t, + Optional optional); int mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len); int mhd_gtls_handshake_common (mhd_gtls_session_t session); int mhd_gtls_handshake_server (mhd_gtls_session_t session); @@ -42,15 +43,18 @@ void mhd_gtls_set_server_random (mhd_gtls_session_t session, uint8_t * rnd); void mhd_gtls_set_client_random (mhd_gtls_session_t session, uint8_t * rnd); int mhd_gtls_tls_create_random (opaque * dst); int mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, - cipher_suite_st ** cipherSuites, - int numCipherSuites, - enum MHD_GNUTLS_PublicKeyAlgorithm); + cipher_suite_st ** cipherSuites, + int numCipherSuites, + enum + MHD_GNUTLS_PublicKeyAlgorithm); int mhd_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen); int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, - int datalen); + int datalen); -int mhd_gtls_negotiate_version( mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol adv_version); -int mhd_gtls_user_hello_func( mhd_gtls_session_t, enum MHD_GNUTLS_Protocol adv_version); +int mhd_gtls_negotiate_version (mhd_gtls_session_t session, + enum MHD_GNUTLS_Protocol adv_version); +int mhd_gtls_user_hello_func (mhd_gtls_session_t, + enum MHD_GNUTLS_Protocol adv_version); #if MHD_DEBUG_TLS int mhd_gtls_handshake_client (mhd_gtls_session_t session); diff --git a/src/daemon/https/tls/gnutls_hash_int.c b/src/daemon/https/tls/gnutls_hash_int.c @@ -145,7 +145,7 @@ mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest) mac_hd_t mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, - const void *key, int keylen) + const void *key, int keylen) { mac_hd_t ret; int result; @@ -204,7 +204,7 @@ get_padsize (enum MHD_GNUTLS_HashAlgorithm algorithm) mac_hd_t mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, - int keylen) + int keylen) { mac_hd_t ret; opaque ipad[48]; @@ -259,7 +259,7 @@ mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest) mhd_gnutls_hash (td, opad, padsize); block = mhd_gnutls_hash_get_algo_len (handle->algorithm); - mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ + mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ mhd_gnutls_hash (td, ret, block); mhd_gnutls_hash_deinit (td, digest); @@ -268,8 +268,8 @@ mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest) void mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, - void *digest, opaque * key, - uint32_t key_size) + void *digest, opaque * key, + uint32_t key_size) { opaque ret[MAX_HASH_SIZE]; mac_hd_t td; @@ -300,7 +300,7 @@ mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, if (key_size > 0) mhd_gnutls_hash (handle, key, key_size); mhd_gnutls_hash (handle, ipad, padsize); - mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ + mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ mhd_gnutls_hash (td, ret, block); @@ -362,7 +362,8 @@ ssl3_md5 (int i, opaque * secret, int secret_len, return ret; } - mhd_gnutls_hash (td, tmp, mhd_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); + mhd_gnutls_hash (td, tmp, + mhd_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); mhd_gnutls_hash_deinit (td, digest); return 0; @@ -370,8 +371,8 @@ ssl3_md5 (int i, opaque * secret, int secret_len, int mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, - void *second, int second_len, int ret_len, - opaque * ret) + void *second, int second_len, int ret_len, + opaque * ret) { opaque digest[MAX_HASH_SIZE]; mac_hd_t td; @@ -403,8 +404,8 @@ mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, int mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, - void *rnd, int rnd_len, - int ret_bytes, opaque * ret) + void *rnd, int rnd_len, + int ret_bytes, opaque * ret) { int i = 0, copy, output_bytes; opaque digest[MAX_HASH_SIZE]; diff --git a/src/daemon/https/tls/gnutls_hash_int.h b/src/daemon/https/tls/gnutls_hash_int.h @@ -43,28 +43,29 @@ typedef mac_hd_t GNUTLS_HASH_HANDLE; #define GNUTLS_MAC_FAILED NULL mac_hd_t mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, - const void *key, int keylen); + const void *key, int keylen); void mhd_gnutls_hmac_deinit (mac_hd_t handle, void *digest); -mac_hd_t mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, - int keylen); +mac_hd_t mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, + void *key, int keylen); void mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest); -GNUTLS_HASH_HANDLE mhd_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm algorithm); +GNUTLS_HASH_HANDLE mhd_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm + algorithm); int mhd_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm); int mhd_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, - size_t textlen); + size_t textlen); void mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest); int mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, - void *rnd, int random_len, int bytes, - opaque * ret); + void *rnd, int random_len, int bytes, + opaque * ret); int mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second, - int second_len, int ret_len, opaque * ret); + int second_len, int ret_len, opaque * ret); void mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest, - opaque * key, uint32_t key_size); + opaque * key, uint32_t key_size); GNUTLS_HASH_HANDLE mhd_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle); diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h @@ -55,7 +55,7 @@ */ #define MAX_HASH_SIZE 64 -#define MAX_LOG_SIZE 1024 /* maximum size of log message */ +#define MAX_LOG_SIZE 1024 /* maximum size of log message */ #define MAX_SRP_USERNAME 128 #define MAX_SERVER_NAME_SIZE 128 @@ -107,25 +107,25 @@ typedef unsigned char opaque; typedef struct - { - opaque pint[3]; - } uint24; +{ + opaque pint[3]; +} uint24; #include <gnutls_mpi.h> typedef enum change_cipher_spec_t - { - GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 - } change_cipher_spec_t; +{ + GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 +} change_cipher_spec_t; typedef enum handshake_state_t - { - STATE0 = 0, STATE1, STATE2, - STATE3, STATE4, STATE5, - STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, - STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62, - STATE70, STATE71 - } handshake_state_t; +{ + STATE0 = 0, STATE1, STATE2, + STATE3, STATE4, STATE5, + STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, + STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62, + STATE70, STATE71 +} handshake_state_t; #include <gnutls_str.h> @@ -143,88 +143,87 @@ typedef mhd_gtls_string mhd_gtls_buffer; #define MAX_CIPHERSUITES 256 typedef enum extensions_t - { GNUTLS_EXTENSION_SERVER_NAME = 0, - GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, - GNUTLS_EXTENSION_CERT_TYPE = 9, +{ GNUTLS_EXTENSION_SERVER_NAME = 0, + GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, + GNUTLS_EXTENSION_CERT_TYPE = 9, #ifdef ENABLE_OPRFI - GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI, + GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI, #endif - GNUTLS_EXTENSION_SRP = 12, - GNUTLS_EXTENSION_INNER_APPLICATION = 37703 - } extensions_t; + GNUTLS_EXTENSION_SRP = 12, + GNUTLS_EXTENSION_INNER_APPLICATION = 37703 +} extensions_t; typedef enum - { CIPHER_STREAM, CIPHER_BLOCK} cipher_type_t; +{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t; typedef enum valid_session_t - { VALID_TRUE, VALID_FALSE} valid_session_t; +{ VALID_TRUE, VALID_FALSE } valid_session_t; typedef enum resumable_session_t - { RESUME_TRUE, - RESUME_FALSE - } resumable_session_t; +{ RESUME_TRUE, + RESUME_FALSE +} resumable_session_t; /* Record Protocol */ typedef enum content_type_t - { - GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, - GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, - GNUTLS_INNER_APPLICATION = 24 - } content_type_t; +{ + GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, + GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, + GNUTLS_INNER_APPLICATION = 24 +} content_type_t; #define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1 #define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2 /* STATE (stop) */ -typedef void (*LOG_FUNC)(int, - const char *); +typedef void (*LOG_FUNC) (int, const char *); /* Store & Retrieve functions defines: */ typedef struct mhd_gtls_auth_cred_st - { - enum MHD_GNUTLS_CredentialsType algorithm; +{ + enum MHD_GNUTLS_CredentialsType algorithm; - /* the type of credentials depends on algorithm - */ - void *credentials; - struct mhd_gtls_auth_cred_st *next; - } auth_cred_st; + /* the type of credentials depends on algorithm + */ + void *credentials; + struct mhd_gtls_auth_cred_st *next; +} auth_cred_st; struct mhd_gtls_key - { - /* For DH KX */ - gnutls_datum_t key; - mpi_t KEY; - mpi_t client_Y; - mpi_t client_g; - mpi_t client_p; - mpi_t dh_secret; - /* for SRP */ - mpi_t A; - mpi_t B; - mpi_t u; - mpi_t b; - mpi_t a; - mpi_t x; - /* RSA: e, m - */ - mpi_t rsa[2]; - - /* this is used to hold the peers authentication data - */ - /* auth_info_t structures SHOULD NOT contain malloced - * elements. Check gnutls_session_pack.c, and gnutls_auth.c. - * Rememember that this should be calloced! - */ - void *auth_info; - enum MHD_GNUTLS_CredentialsType auth_info_type; - int auth_info_size; /* needed in order to store to db for restoring - */ - uint8_t crypt_algo; - - auth_cred_st *cred; /* used to specify keys/certificates etc */ - - int certificate_requested; +{ + /* For DH KX */ + gnutls_datum_t key; + mpi_t KEY; + mpi_t client_Y; + mpi_t client_g; + mpi_t client_p; + mpi_t dh_secret; + /* for SRP */ + mpi_t A; + mpi_t B; + mpi_t u; + mpi_t b; + mpi_t a; + mpi_t x; + /* RSA: e, m + */ + mpi_t rsa[2]; + + /* this is used to hold the peers authentication data + */ + /* auth_info_t structures SHOULD NOT contain malloced + * elements. Check gnutls_session_pack.c, and gnutls_auth.c. + * Rememember that this should be calloced! + */ + void *auth_info; + enum MHD_GNUTLS_CredentialsType auth_info_type; + int auth_info_size; /* needed in order to store to db for restoring + */ + uint8_t crypt_algo; + + auth_cred_st *cred; /* used to specify keys/certificates etc */ + + int certificate_requested; /* some ciphersuites use this * to provide client authentication. * 1 if client auth was requested @@ -233,8 +232,8 @@ struct mhd_gtls_key * holds 1 if we should wait * for a client certificate verify */ - }; -typedef struct mhd_gtls_key * mhd_gtls_key_st; +}; +typedef struct mhd_gtls_key *mhd_gtls_key_st; /* STATE (cont) */ #include <gnutls_hash_int.h> @@ -243,45 +242,45 @@ typedef struct mhd_gtls_key * mhd_gtls_key_st; #include <gnutls_cert.h> typedef struct - { - uint8_t suite[2]; - } cipher_suite_st; +{ + uint8_t suite[2]; +} cipher_suite_st; /* This structure holds parameters got from TLS extension * mechanism. (some extensions may hold parameters in auth_info_t * structures also - see SRP). */ typedef struct - { - opaque name[MAX_SERVER_NAME_SIZE]; - unsigned name_length; - gnutls_server_name_type_t type; - } server_name_st; +{ + opaque name[MAX_SERVER_NAME_SIZE]; + unsigned name_length; + gnutls_server_name_type_t type; +} server_name_st; #define MAX_SERVER_NAME_EXTENSIONS 3 typedef struct - { - server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; - /* limit server_name extensions */ - unsigned server_names_size; +{ + server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; + /* limit server_name extensions */ + unsigned server_names_size; - opaque srp_username[MAX_SRP_USERNAME + 1]; + opaque srp_username[MAX_SRP_USERNAME + 1]; - /* TLS/IA data. */ - int gnutls_ia_enable, gnutls_ia_peer_enable; - int gnutls_ia_allowskip, gnutls_ia_peer_allowskip; + /* TLS/IA data. */ + int gnutls_ia_enable, gnutls_ia_peer_enable; + int gnutls_ia_allowskip, gnutls_ia_peer_allowskip; - /* Used by extensions that enable supplemental data. */ - int do_recv_supplemental, do_send_supplemental; + /* Used by extensions that enable supplemental data. */ + int do_recv_supplemental, do_send_supplemental; - /* Opaque PRF input. */ - gnutls_oprfi_callback_func oprfi_cb; - void *oprfi_userdata; - opaque *oprfi_client; - uint16_t oprfi_client_len; - opaque *oprfi_server; - uint16_t oprfi_server_len; - } mhd_gtls_ext_st; + /* Opaque PRF input. */ + gnutls_oprfi_callback_func oprfi_cb; + void *oprfi_userdata; + opaque *oprfi_client; + uint16_t oprfi_client_len; + opaque *oprfi_server; + uint16_t oprfi_server_len; +} mhd_gtls_ext_st; /* This flag indicates for an extension whether * it is useful to application level or TLS level only. @@ -289,11 +288,11 @@ typedef struct * before the user_hello callback is called. */ typedef enum tls_ext_parse_type_t - { - EXTENSION_ANY, - EXTENSION_APPLICATION, - EXTENSION_TLS - } mhd_gtls_ext_parse_type_t; +{ + EXTENSION_ANY, + EXTENSION_APPLICATION, + EXTENSION_TLS +} mhd_gtls_ext_parse_type_t; /* auth_info_t structures now MAY contain malloced * elements. @@ -314,349 +313,349 @@ typedef enum tls_ext_parse_type_t * the handshake is in progress is the cipher suite value. */ typedef struct - { - gnutls_connection_end_t entity; - enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; - /* we've got separate write/read bulk/macs because - * there is a time in handshake where the peer has - * null cipher and we don't - */ - enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm; - enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm; - enum MHD_GNUTLS_CompressionMethod read_compression_algorithm; - - enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm; - enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm; - enum MHD_GNUTLS_CompressionMethod write_compression_algorithm; - - /* this is the ciphersuite we are going to use - * moved here from internals in order to be restored - * on resume; - */ - cipher_suite_st current_cipher_suite; - opaque master_secret[TLS_MASTER_SIZE]; - opaque client_random[TLS_RANDOM_SIZE]; - opaque server_random[TLS_RANDOM_SIZE]; - opaque session_id[TLS_MAX_SESSION_ID_SIZE]; - uint8_t session_id_size; - time_t timestamp; - mhd_gtls_ext_st extensions; - - /* The send size is the one requested by the programmer. - * The recv size is the one negotiated with the peer. - */ - uint16_t max_record_send_size; - uint16_t max_record_recv_size; - /* holds the negotiated certificate type */ - enum MHD_GNUTLS_CertificateType cert_type; - enum MHD_GNUTLS_Protocol version; /* moved here */ - /* For TLS/IA. XXX: Move to IA credential? */ - opaque inner_secret[TLS_MASTER_SIZE]; - } mhd_gtls_security_param_st; +{ + gnutls_connection_end_t entity; + enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; + /* we've got separate write/read bulk/macs because + * there is a time in handshake where the peer has + * null cipher and we don't + */ + enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm; + enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm; + enum MHD_GNUTLS_CompressionMethod read_compression_algorithm; + + enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm; + enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm; + enum MHD_GNUTLS_CompressionMethod write_compression_algorithm; + + /* this is the ciphersuite we are going to use + * moved here from internals in order to be restored + * on resume; + */ + cipher_suite_st current_cipher_suite; + opaque master_secret[TLS_MASTER_SIZE]; + opaque client_random[TLS_RANDOM_SIZE]; + opaque server_random[TLS_RANDOM_SIZE]; + opaque session_id[TLS_MAX_SESSION_ID_SIZE]; + uint8_t session_id_size; + time_t timestamp; + mhd_gtls_ext_st extensions; + + /* The send size is the one requested by the programmer. + * The recv size is the one negotiated with the peer. + */ + uint16_t max_record_send_size; + uint16_t max_record_recv_size; + /* holds the negotiated certificate type */ + enum MHD_GNUTLS_CertificateType cert_type; + enum MHD_GNUTLS_Protocol version; /* moved here */ + /* For TLS/IA. XXX: Move to IA credential? */ + opaque inner_secret[TLS_MASTER_SIZE]; +} mhd_gtls_security_param_st; /* This structure holds the generated keys */ typedef struct - { - gnutls_datum_t server_write_mac_secret; - gnutls_datum_t client_write_mac_secret; - gnutls_datum_t server_write_IV; - gnutls_datum_t client_write_IV; - gnutls_datum_t server_write_key; - gnutls_datum_t client_write_key; - int generated_keys; /* zero if keys have not - * been generated. Non zero - * otherwise. - */ - } mhd_gtls_cipher_specs_st; +{ + gnutls_datum_t server_write_mac_secret; + gnutls_datum_t client_write_mac_secret; + gnutls_datum_t server_write_IV; + gnutls_datum_t client_write_IV; + gnutls_datum_t server_write_key; + gnutls_datum_t client_write_key; + int generated_keys; /* zero if keys have not + * been generated. Non zero + * otherwise. + */ +} mhd_gtls_cipher_specs_st; typedef struct - { - cipher_hd_t write_cipher_state; - cipher_hd_t read_cipher_state; - comp_hd_t read_compression_state; - comp_hd_t write_compression_state; - gnutls_datum_t read_mac_secret; - gnutls_datum_t write_mac_secret; - uint64 read_sequence_number; - uint64 write_sequence_number; - } mhd_gtls_conn_stat_st; +{ + cipher_hd_t write_cipher_state; + cipher_hd_t read_cipher_state; + comp_hd_t read_compression_state; + comp_hd_t write_compression_state; + gnutls_datum_t read_mac_secret; + gnutls_datum_t write_mac_secret; + uint64 read_sequence_number; + uint64 write_sequence_number; +} mhd_gtls_conn_stat_st; typedef struct - { - unsigned int priority[MAX_ALGOS]; - unsigned int num_algorithms; - } mhd_gtls_priority_st; +{ + unsigned int priority[MAX_ALGOS]; + unsigned int num_algorithms; +} mhd_gtls_priority_st; /* For the external api */ struct MHD_gtls_priority_st - { - mhd_gtls_priority_st cipher; - mhd_gtls_priority_st mac; - mhd_gtls_priority_st kx; - mhd_gtls_priority_st compression; - mhd_gtls_priority_st protocol; +{ + mhd_gtls_priority_st cipher; + mhd_gtls_priority_st mac; + mhd_gtls_priority_st kx; + mhd_gtls_priority_st compression; + mhd_gtls_priority_st protocol; - /* certificate type : x509, OpenPGP, etc. */ - mhd_gtls_priority_st cert_type; + /* certificate type : x509, OpenPGP, etc. */ + mhd_gtls_priority_st cert_type; - /* to disable record padding */ - int no_padding; - }; + /* to disable record padding */ + int no_padding; +}; /* DH and RSA parameters types. */ typedef struct MHD_gtls_dh_params_int - { - /* [0] is the prime, [1] is the generator. - */ - mpi_t params[2]; - } mhd_gtls_dh_params_st; +{ + /* [0] is the prime, [1] is the generator. + */ + mpi_t params[2]; +} mhd_gtls_dh_params_st; typedef struct - { - mhd_gtls_dh_params_t dh_params; - int free_dh_params; - mhd_gtls_rsa_params_t rsa_params; - int free_rsa_params; - } mhd_gtls_internal_params_st; +{ + mhd_gtls_dh_params_t dh_params; + int free_dh_params; + mhd_gtls_rsa_params_t rsa_params; + int free_rsa_params; +} mhd_gtls_internal_params_st; typedef struct - { - opaque header[HANDSHAKE_HEADER_SIZE]; - /* this holds the number of bytes in the handshake_header[] */ - size_t header_size; - /* this holds the length of the handshake packet */ - size_t packet_length; - gnutls_handshake_description_t recv_type; - } mhd_gtls_handshake_header_buffer_st; +{ + opaque header[HANDSHAKE_HEADER_SIZE]; + /* this holds the number of bytes in the handshake_header[] */ + size_t header_size; + /* this holds the length of the handshake packet */ + size_t packet_length; + gnutls_handshake_description_t recv_type; +} mhd_gtls_handshake_header_buffer_st; typedef struct - { - mhd_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */ - mhd_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake - * message */ - mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ - mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ - - mhd_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ - mhd_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */ - resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ - handshake_state_t handshake_state; /* holds - * a number which indicates where - * the handshake procedure has been - * interrupted. If it is 0 then - * no interruption has happened. - */ - - valid_session_t valid_connection; /* true or FALSE - if this session is valid */ - - int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write - */ - int may_not_write; - int read_eof; /* non-zero if we have received a closure alert. */ - - int last_alert; /* last alert received */ - int last_alert_level; /* last alert level */ - - /* The last handshake messages sent or received. - */ - int last_handshake_in; - int last_handshake_out; - - /* this is the compression method we are going to use */ - enum MHD_GNUTLS_CompressionMethod compression_method; - - /* priorities */ - struct MHD_gtls_priority_st priorities; - - /* resumed session */ - resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ - mhd_gtls_security_param_st resumed_security_parameters; - - /* sockets internals */ - int lowat; - - /* These buffers are used in the handshake - * protocol only. freed using _gnutls_handshake_io_buffer_clear(); - */ - mhd_gtls_buffer handshake_send_buffer; - size_t handshake_send_buffer_prev_size; - content_type_t handshake_send_buffer_type; - gnutls_handshake_description_t handshake_send_buffer_htype; - content_type_t handshake_recv_buffer_type; - gnutls_handshake_description_t handshake_recv_buffer_htype; - mhd_gtls_buffer handshake_recv_buffer; - - /* this buffer holds a record packet -mostly used for - * non blocking IO. - */ - mhd_gtls_buffer record_recv_buffer; - mhd_gtls_buffer record_send_buffer; /* holds cached data - * for the gnutls_io_write_buffered() - * function. - */ - size_t record_send_buffer_prev_size; /* holds the - * data written in the previous runs. - */ - size_t record_send_buffer_user_size; /* holds the - * size of the user specified data to - * send. - */ - - /* 0 if no peeked data was kept, 1 otherwise. - */ - int have_peeked_data; - - int expire_time; /* after expire_time seconds this session will expire */ - struct mhd_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ - - /* TODO rm */ - int v2_hello; /* 0 if the client hello is v3+. - * non-zero if we got a v2 hello. - */ - /* keeps the headers of the handshake packet - */ - mhd_gtls_handshake_header_buffer_st handshake_header_buffer; - - /* this is the highest version available - * to the peer. (advertized version). - * This is obtained by the Handshake Client Hello - * message. (some implementations read the Record version) - */ - uint8_t adv_version_major; - uint8_t adv_version_minor; - - /* if this is non zero a certificate request message - * will be sent to the client. - only if the ciphersuite - * supports it. - */ - int send_cert_req; - - /* bits to use for DHE and DHA - * use _gnutls_dh_get_prime_bits() and MHD_gnutls_dh_set_prime_bits() - * to access it. - */ - uint16_t dh_prime_bits; - - size_t max_handshake_data_buffer_size; - - /* PUSH & PULL functions. - */ - mhd_gtls_pull_func _gnutls_pull_func; - mhd_gtls_push_func _gnutls_push_func; - /* Holds the first argument of PUSH and PULL - * functions; - */ - gnutls_transport_ptr_t transport_recv_ptr; - gnutls_transport_ptr_t transport_send_ptr; - - /* post client hello callback (server side only) - */ - gnutls_handshake_post_client_hello_func user_hello_func; - - /* Holds the record size requested by the - * user. - */ - uint16_t proposed_record_size; - - /* holds the selected certificate and key. - * use mhd_gtls_selected_certs_deinit() and mhd_gtls_selected_certs_set() - * to change them. - */ - gnutls_cert *selected_cert_list; - int selected_cert_list_length; - gnutls_privkey *selected_key; - int selected_need_free; - - /* holds the extensions we sent to the peer - * (in case of a client) - */ - uint16_t extensions_sent[MAX_EXT_TYPES]; - uint16_t extensions_sent_size; - - /* is 0 if we are to send the whole PGP key, or non zero - * if the fingerprint is to be sent. - */ - int pgp_fingerprint; - - /* This holds the default version that our first - * record packet will have. */ - opaque default_record_version[2]; - - int cbc_protection_hack; - - void *user_ptr; - - int enable_private; /* non zero to - * enable cipher suites - * which have 0xFF status. - */ - - /* Holds 0 if the last called function was interrupted while - * receiving, and non zero otherwise. - */ - int direction; - - /* If non zero the server will not advertize the CA's he - * trusts (do not send an RDN sequence). - */ - int ignore_rdn_sequence; - - /* This is used to set an arbitary version in the RSA - * PMS secret. Can be used by clients to test whether the - * server checks that version. (** only used in gnutls-cli-debug) - */ - opaque rsa_pms_version[2]; - - char *srp_username; - char *srp_password; - - /* Here we cache the DH or RSA parameters got from the - * credentials structure, or from a callback. That is to - * minimize external calls. - */ - mhd_gtls_internal_params_st params; - - /* This buffer is used by the record recv functions, - * as a temporary store buffer. - */ - gnutls_datum_t recv_buffer; - - /* To avoid using global variables, and especially on Windows where - * the application may use a different errno variable than GnuTLS, - * it is possible to use MHD_gnutls_transport_set_errno to set a - * session-specific errno variable in the user-replaceable push/pull - * functions. This value is used by the send/recv functions. (The - * strange name of this variable is because 'errno' is typically - * #define'd.) - */ - int errnum; - - /* Function used to perform public-key signing operation during +{ + mhd_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */ + mhd_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake + * message */ + mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ + mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ + + mhd_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ + mhd_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */ + resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ + handshake_state_t handshake_state; /* holds + * a number which indicates where + * the handshake procedure has been + * interrupted. If it is 0 then + * no interruption has happened. + */ + + valid_session_t valid_connection; /* true or FALSE - if this session is valid */ + + int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write + */ + int may_not_write; + int read_eof; /* non-zero if we have received a closure alert. */ + + int last_alert; /* last alert received */ + int last_alert_level; /* last alert level */ + + /* The last handshake messages sent or received. + */ + int last_handshake_in; + int last_handshake_out; + + /* this is the compression method we are going to use */ + enum MHD_GNUTLS_CompressionMethod compression_method; + + /* priorities */ + struct MHD_gtls_priority_st priorities; + + /* resumed session */ + resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ + mhd_gtls_security_param_st resumed_security_parameters; + + /* sockets internals */ + int lowat; + + /* These buffers are used in the handshake + * protocol only. freed using _gnutls_handshake_io_buffer_clear(); + */ + mhd_gtls_buffer handshake_send_buffer; + size_t handshake_send_buffer_prev_size; + content_type_t handshake_send_buffer_type; + gnutls_handshake_description_t handshake_send_buffer_htype; + content_type_t handshake_recv_buffer_type; + gnutls_handshake_description_t handshake_recv_buffer_htype; + mhd_gtls_buffer handshake_recv_buffer; + + /* this buffer holds a record packet -mostly used for + * non blocking IO. + */ + mhd_gtls_buffer record_recv_buffer; + mhd_gtls_buffer record_send_buffer; /* holds cached data + * for the gnutls_io_write_buffered() + * function. + */ + size_t record_send_buffer_prev_size; /* holds the + * data written in the previous runs. + */ + size_t record_send_buffer_user_size; /* holds the + * size of the user specified data to + * send. + */ + + /* 0 if no peeked data was kept, 1 otherwise. + */ + int have_peeked_data; + + int expire_time; /* after expire_time seconds this session will expire */ + struct mhd_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ + + /* TODO rm */ + int v2_hello; /* 0 if the client hello is v3+. + * non-zero if we got a v2 hello. + */ + /* keeps the headers of the handshake packet + */ + mhd_gtls_handshake_header_buffer_st handshake_header_buffer; + + /* this is the highest version available + * to the peer. (advertized version). + * This is obtained by the Handshake Client Hello + * message. (some implementations read the Record version) + */ + uint8_t adv_version_major; + uint8_t adv_version_minor; + + /* if this is non zero a certificate request message + * will be sent to the client. - only if the ciphersuite + * supports it. + */ + int send_cert_req; + + /* bits to use for DHE and DHA + * use _gnutls_dh_get_prime_bits() and MHD_gnutls_dh_set_prime_bits() + * to access it. + */ + uint16_t dh_prime_bits; + + size_t max_handshake_data_buffer_size; + + /* PUSH & PULL functions. + */ + mhd_gtls_pull_func _gnutls_pull_func; + mhd_gtls_push_func _gnutls_push_func; + /* Holds the first argument of PUSH and PULL + * functions; + */ + gnutls_transport_ptr_t transport_recv_ptr; + gnutls_transport_ptr_t transport_send_ptr; + + /* post client hello callback (server side only) + */ + gnutls_handshake_post_client_hello_func user_hello_func; + + /* Holds the record size requested by the + * user. + */ + uint16_t proposed_record_size; + + /* holds the selected certificate and key. + * use mhd_gtls_selected_certs_deinit() and mhd_gtls_selected_certs_set() + * to change them. + */ + gnutls_cert *selected_cert_list; + int selected_cert_list_length; + gnutls_privkey *selected_key; + int selected_need_free; + + /* holds the extensions we sent to the peer + * (in case of a client) + */ + uint16_t extensions_sent[MAX_EXT_TYPES]; + uint16_t extensions_sent_size; + + /* is 0 if we are to send the whole PGP key, or non zero + * if the fingerprint is to be sent. + */ + int pgp_fingerprint; + + /* This holds the default version that our first + * record packet will have. */ + opaque default_record_version[2]; + + int cbc_protection_hack; + + void *user_ptr; + + int enable_private; /* non zero to + * enable cipher suites + * which have 0xFF status. + */ + + /* Holds 0 if the last called function was interrupted while + * receiving, and non zero otherwise. + */ + int direction; + + /* If non zero the server will not advertize the CA's he + * trusts (do not send an RDN sequence). + */ + int ignore_rdn_sequence; + + /* This is used to set an arbitary version in the RSA + * PMS secret. Can be used by clients to test whether the + * server checks that version. (** only used in gnutls-cli-debug) + */ + opaque rsa_pms_version[2]; + + char *srp_username; + char *srp_password; + + /* Here we cache the DH or RSA parameters got from the + * credentials structure, or from a callback. That is to + * minimize external calls. + */ + mhd_gtls_internal_params_st params; + + /* This buffer is used by the record recv functions, + * as a temporary store buffer. + */ + gnutls_datum_t recv_buffer; + + /* To avoid using global variables, and especially on Windows where + * the application may use a different errno variable than GnuTLS, + * it is possible to use MHD_gnutls_transport_set_errno to set a + * session-specific errno variable in the user-replaceable push/pull + * functions. This value is used by the send/recv functions. (The + * strange name of this variable is because 'errno' is typically + * #define'd.) + */ + int errnum; + + /* Function used to perform public-key signing operation during handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also MHD_gtls_sign_callback_set(). */ - gnutls_sign_func sign_func; - void *sign_func_userdata; + gnutls_sign_func sign_func; + void *sign_func_userdata; /* If you add anything here, check mhd_gtls_handshake_internal_state_clear(). */ - } mhd_gtls_internals_st; +} mhd_gtls_internals_st; struct MHD_gtls_session_int - { - mhd_gtls_security_param_st security_parameters; - mhd_gtls_cipher_specs_st cipher_specs; - mhd_gtls_conn_stat_st connection_state; - mhd_gtls_internals_st internals; - mhd_gtls_key_st key; - }; +{ + mhd_gtls_security_param_st security_parameters; + mhd_gtls_cipher_specs_st cipher_specs; + mhd_gtls_conn_stat_st connection_state; + mhd_gtls_internals_st internals; + mhd_gtls_key_st key; +}; /* functions */ -void mhd_gtls_set_current_version(mhd_gtls_session_t session, - enum MHD_GNUTLS_Protocol version); +void mhd_gtls_set_current_version (mhd_gtls_session_t session, + enum MHD_GNUTLS_Protocol version); -void mhd_gtls_free_auth_info(mhd_gtls_session_t session); +void mhd_gtls_free_auth_info (mhd_gtls_session_t session); /* These two macros return the advertized TLS version of * the peer. @@ -671,8 +670,7 @@ void mhd_gtls_free_auth_info(mhd_gtls_session_t session); session->internals.adv_version_major = major; \ session->internals.adv_version_minor = minor -void mhd_gtls_set_adv_version(mhd_gtls_session_t, - enum MHD_GNUTLS_Protocol); -enum MHD_GNUTLS_Protocol mhd_gtls_get_adv_version(mhd_gtls_session_t); +void mhd_gtls_set_adv_version (mhd_gtls_session_t, enum MHD_GNUTLS_Protocol); +enum MHD_GNUTLS_Protocol mhd_gtls_get_adv_version (mhd_gtls_session_t); #endif /* GNUTLS_INT_H */ diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c @@ -63,13 +63,13 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, mhd_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, - sizeof (buf))); + sizeof (buf))); _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, mhd_gtls_bin2hex (session->security_parameters. - client_random, 32, buf, sizeof (buf))); + client_random, 32, buf, sizeof (buf))); _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, mhd_gtls_bin2hex (session->security_parameters. - server_random, 32, buf, sizeof (buf))); + server_random, 32, buf, sizeof (buf))); if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { @@ -82,10 +82,10 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) ret = mhd_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, - rnd, 2 * TLS_RANDOM_SIZE, - TLS_MASTER_SIZE, - session->security_parameters. - master_secret); + rnd, 2 * TLS_RANDOM_SIZE, + TLS_MASTER_SIZE, + session->security_parameters. + master_secret); } else if (session->security_parameters.extensions.oprfi_client_len > 0 && @@ -108,18 +108,18 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) session->security_parameters. extensions.oprfi_server_len, mhd_gtls_bin2hex (session->security_parameters. - extensions.oprfi_client, - session->security_parameters. - extensions.oprfi_client_len, - buf, sizeof (buf))); + extensions.oprfi_client, + session->security_parameters. + extensions.oprfi_client_len, buf, + sizeof (buf))); _gnutls_hard_log ("INT: SERVER OPRFI[%d]: %s\n", session->security_parameters. extensions.oprfi_server_len, mhd_gtls_bin2hex (session->security_parameters. - extensions.oprfi_server, - session->security_parameters. - extensions.oprfi_server_len, - buf, sizeof (buf))); + extensions.oprfi_server, + session->security_parameters. + extensions.oprfi_server_len, buf, + sizeof (buf))); memcpy (rnd, session->security_parameters.client_random, TLS_RANDOM_SIZE); @@ -136,9 +136,9 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) session->security_parameters.extensions.oprfi_server_len); ret = mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, - MASTER_SECRET, strlen (MASTER_SECRET), - rnd, rndlen, TLS_MASTER_SIZE, - session->security_parameters.master_secret); + MASTER_SECRET, strlen (MASTER_SECRET), + rnd, rndlen, TLS_MASTER_SIZE, + session->security_parameters.master_secret); gnutls_free (rnd); } @@ -153,9 +153,9 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) ret = mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, - MASTER_SECRET, strlen (MASTER_SECRET), - rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE, - session->security_parameters.master_secret); + MASTER_SECRET, strlen (MASTER_SECRET), + rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE, + session->security_parameters.master_secret); } /* TLS/IA inner secret is derived from the master secret. */ @@ -170,8 +170,8 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) _gnutls_hard_log ("INT: MASTER SECRET: %s\n", mhd_gtls_bin2hex (session->security_parameters. - master_secret, TLS_MASTER_SIZE, buf, - sizeof (buf))); + master_secret, TLS_MASTER_SIZE, buf, + sizeof (buf))); return ret; } @@ -179,7 +179,7 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) /* This is called when we want to receive the key exchange message of the * server. It does nothing if this type of message is not required - * by the selected ciphersuite. + * by the selected ciphersuite. */ int mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) @@ -197,8 +197,8 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) if (again == 0) { data_size = - session->internals.auth_struct-> - mhd_gtls_gen_server_kx (session, &data); + session->internals.auth_struct->mhd_gtls_gen_server_kx (session, + &data); if (data_size == GNUTLS_E_INT_RET_0) { @@ -215,7 +215,7 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) ret = mhd_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); gnutls_free (data); if (ret < 0) @@ -230,7 +230,8 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) * client. */ int -mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again) +mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, + int again) { uint8_t *data = NULL; int data_size = 0; @@ -260,7 +261,7 @@ mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again) } ret = mhd_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); gnutls_free (data); if (ret < 0) @@ -273,7 +274,7 @@ mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again) /* This is the function for the client to send the key - * exchange message + * exchange message */ int mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) @@ -292,8 +293,8 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) if (again == 0) { data_size = - session->internals.auth_struct-> - mhd_gtls_gen_client_kx (session, &data); + session->internals.auth_struct->mhd_gtls_gen_client_kx (session, + &data); if (data_size < 0) { gnutls_assert (); @@ -302,7 +303,7 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) } ret = mhd_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); gnutls_free (data); if (ret < 0) @@ -319,7 +320,8 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) * verify message */ int -mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again) +mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, + int again) { uint8_t *data; int ret = 0; @@ -330,16 +332,15 @@ mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again) if (session->security_parameters.entity == GNUTLS_SERVER) return 0; - /* if certificate verify is not needed just exit + /* if certificate verify is not needed just exit */ if (session->key->certificate_requested == 0) return 0; - if (session->internals.auth_struct->mhd_gtls_gen_client_cert_vrfy == - NULL) + if (session->internals.auth_struct->mhd_gtls_gen_client_cert_vrfy == NULL) { gnutls_assert (); - return 0; /* this algorithm does not support cli_cert_vrfy + return 0; /* this algorithm does not support cli_cert_vrfy */ } @@ -362,7 +363,7 @@ mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again) } ret = mhd_gtls_send_handshake (session, data, - data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); + data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); gnutls_free (data); return ret; @@ -379,7 +380,7 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session) if (session->internals.auth_struct->mhd_gtls_process_server_kx != NULL) { - /* EXCEPTION FOR RSA_EXPORT cipher suite + /* EXCEPTION FOR RSA_EXPORT cipher suite */ if (mhd_gtls_session_is_export (session) != 0 && _gnutls_peers_cert_less_512 (session) != 0) @@ -390,9 +391,9 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session) ret = mhd_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, - MANDATORY_PACKET); + &datasize, + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, + MANDATORY_PACKET); if (ret < 0) { gnutls_assert (); @@ -400,8 +401,9 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session) } ret = - session->internals.auth_struct-> - mhd_gtls_process_server_kx (session, data, datasize); + session->internals.auth_struct->mhd_gtls_process_server_kx (session, + data, + datasize); gnutls_free (data); if (ret < 0) @@ -427,9 +429,9 @@ mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session) ret = mhd_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, - OPTIONAL_PACKET); + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, + OPTIONAL_PACKET); if (ret < 0) return ret; @@ -461,15 +463,16 @@ mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session) ret = mhd_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, - MANDATORY_PACKET); + &datasize, + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, + MANDATORY_PACKET); if (ret < 0) return ret; ret = - session->internals.auth_struct-> - mhd_gtls_process_client_kx (session, data, datasize); + session->internals.auth_struct->mhd_gtls_process_client_kx (session, + data, + datasize); gnutls_free (data); if (ret < 0) return ret; @@ -493,8 +496,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) if (session->key->certificate_requested == 0) return 0; - if (session->internals.auth_struct-> - mhd_gtls_gen_client_certificate == NULL) + if (session->internals.auth_struct->mhd_gtls_gen_client_certificate == NULL) return 0; data = NULL; @@ -505,7 +507,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 || session->internals.selected_cert_list_length > 0) { - /* TLS 1.0 or SSL 3.0 with a valid certificate + /* TLS 1.0 or SSL 3.0 with a valid certificate */ data_size = session->internals.auth_struct-> @@ -528,15 +530,15 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) { ret = MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, - GNUTLS_A_SSL3_NO_CERTIFICATE); + GNUTLS_A_SSL3_NO_CERTIFICATE); } else - { /* TLS 1.0 or SSL 3.0 with a valid certificate + { /* TLS 1.0 or SSL 3.0 with a valid certificate */ ret = mhd_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + GNUTLS_HANDSHAKE_CERTIFICATE_PKT); gnutls_free (data); } @@ -560,8 +562,7 @@ mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again) int ret = 0; - if (session->internals.auth_struct-> - mhd_gtls_gen_server_certificate == NULL) + if (session->internals.auth_struct->mhd_gtls_gen_server_certificate == NULL) return 0; data = NULL; @@ -581,7 +582,7 @@ mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again) } ret = mhd_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + GNUTLS_HANDSHAKE_CERTIFICATE_PKT); gnutls_free (data); if (ret < 0) @@ -602,8 +603,8 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) int ret = 0; int optional; - if (session->internals.auth_struct-> - mhd_gtls_process_client_certificate != NULL) + if (session->internals.auth_struct->mhd_gtls_process_client_certificate != + NULL) { /* if we have not requested a certificate then just return @@ -620,8 +621,8 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) ret = mhd_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); if (ret < 0) { @@ -642,7 +643,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) return 0; } - /* certificate was required + /* certificate was required */ if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) @@ -675,7 +676,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) return ret; } - /* ok we should expect a certificate verify message now + /* ok we should expect a certificate verify message now */ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) ret = 0; @@ -694,15 +695,15 @@ mhd_gtls_recv_server_certificate (mhd_gtls_session_t session) opaque *data; int ret = 0; - if (session->internals.auth_struct-> - mhd_gtls_process_server_certificate != NULL) + if (session->internals.auth_struct->mhd_gtls_process_server_certificate != + NULL) { ret = mhd_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, - MANDATORY_PACKET); + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, + MANDATORY_PACKET); if (ret < 0) { gnutls_assert (); @@ -735,7 +736,8 @@ mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session) int ret = 0; - if (session->internals.auth_struct->mhd_gtls_process_client_cert_vrfy != NULL) + if (session->internals.auth_struct->mhd_gtls_process_client_cert_vrfy != + NULL) { if (session->internals.send_cert_req == 0 || @@ -746,9 +748,9 @@ mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session) ret = mhd_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, - OPTIONAL_PACKET); + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, + OPTIONAL_PACKET); if (ret < 0) return ret; diff --git a/src/daemon/https/tls/gnutls_kx.h b/src/daemon/https/tls/gnutls_kx.h @@ -27,7 +27,7 @@ int mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again); int mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session); int mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session); int mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, - int again); + int again); int mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again); int mhd_gtls_generate_master (mhd_gtls_session_t session, int keep_premaster); int mhd_gtls_recv_client_certificate (mhd_gtls_session_t session); @@ -35,5 +35,6 @@ int mhd_gtls_recv_server_certificate (mhd_gtls_session_t session); int mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again); int mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session); int mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, - int again); -int mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session); + int again); +int mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t + session); diff --git a/src/daemon/https/tls/gnutls_mem.h b/src/daemon/https/tls/gnutls_mem.h @@ -29,7 +29,7 @@ # include <dmalloc.h> #endif -typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ +typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ /* Use gnutls_afree() when calling alloca, or * memory leaks may occur in systems which do not @@ -60,11 +60,11 @@ extern int (*_gnutls_is_secure_memory) (const void *); /* this realloc function will return ptr if size==0, and * will free the ptr if the new allocation failed. */ -void * mhd_gtls_realloc_fast (void *ptr, size_t size); +void *mhd_gtls_realloc_fast (void *ptr, size_t size); -svoid * mhd_gtls_secure_calloc (size_t nmemb, size_t size); +svoid *mhd_gtls_secure_calloc (size_t nmemb, size_t size); -void * mhd_gtls_calloc (size_t nmemb, size_t size); -char * mhd_gtls_strdup (const char *); +void *mhd_gtls_calloc (size_t nmemb, size_t size); +char *mhd_gtls_strdup (const char *); #endif /* GNUTLS_MEM_H */ diff --git a/src/daemon/https/tls/gnutls_mpi.c b/src/daemon/https/tls/gnutls_mpi.c @@ -80,7 +80,8 @@ mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) } int -mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) +mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, + size_t * nbytes) { int ret; ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes); diff --git a/src/daemon/https/tls/gnutls_mpi.h b/src/daemon/https/tls/gnutls_mpi.h @@ -63,11 +63,11 @@ typedef gcry_mpi_t mpi_t; void mhd_gtls_mpi_release (mpi_t * x); int mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, - size_t * nbytes); + size_t * nbytes); int mhd_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, - size_t * nbytes); + size_t * nbytes); int mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, - size_t * nbytes); + size_t * nbytes); int mhd_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a); int mhd_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a); diff --git a/src/daemon/https/tls/gnutls_pk.c b/src/daemon/https/tls/gnutls_pk.c @@ -23,7 +23,7 @@ */ /* This file contains the functions needed for RSA/DSA public key - * encryption and signatures. + * encryption and signatures. */ #include <gnutls_int.h> @@ -50,14 +50,14 @@ static int _gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, int); -/* Do PKCS-1 RSA encryption. +/* Do PKCS-1 RSA encryption. * params is modulus, public exp. */ int mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - mpi_t * params, unsigned params_len, - unsigned btype) + const gnutls_datum_t * plaintext, + mpi_t * params, unsigned params_len, + unsigned btype) { unsigned int i, pad; int ret; @@ -84,7 +84,7 @@ mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, return GNUTLS_E_MEMORY_ERROR; } - /* EB = 00||BT||PS||00||D + /* EB = 00||BT||PS||00||D * (use block type 'btype') */ @@ -203,15 +203,15 @@ mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, } -/* Do PKCS-1 RSA decryption. +/* Do PKCS-1 RSA decryption. * params is modulus, public exp., private key * Can decrypt block type 1 and type 2 packets. */ int mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - mpi_t * params, unsigned params_len, - unsigned btype) + const gnutls_datum_t * ciphertext, + mpi_t * params, unsigned params_len, + unsigned btype) { unsigned k, i; int ret; @@ -346,8 +346,8 @@ mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, int mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * ciphertext, mpi_t * params, - int params_len, int btype) + const gnutls_datum_t * ciphertext, mpi_t * params, + int params_len, int btype) { gnutls_datum_t plain; @@ -356,7 +356,7 @@ mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, /* decrypt signature */ if ((ret = mhd_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, - btype)) < 0) + btype)) < 0) { gnutls_assert (); return ret; @@ -434,8 +434,8 @@ encode_ber_rs (gnutls_datum_t * sig_value, mpi_t r, mpi_t s) */ int mhd_gtls_dsa_sign (gnutls_datum_t * signature, - const gnutls_datum_t * hash, mpi_t * params, - unsigned params_len) + const gnutls_datum_t * hash, mpi_t * params, + unsigned params_len) { mpi_t rs[2], mdata; int ret; @@ -530,8 +530,8 @@ decode_ber_rs (const gnutls_datum_t * sig_value, mpi_t * r, mpi_t * s) */ int mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * sig_value, mpi_t * params, - int params_len) + const gnutls_datum_t * sig_value, mpi_t * params, + int params_len) { mpi_t mdata; @@ -576,7 +576,7 @@ mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, } -/* this is taken from gnupg +/* this is taken from gnupg */ /**************** diff --git a/src/daemon/https/tls/gnutls_pk.h b/src/daemon/https/tls/gnutls_pk.h @@ -26,21 +26,21 @@ #define GNUTLS_PK_H int mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - mpi_t * params, unsigned params_len, - unsigned btype); + const gnutls_datum_t * plaintext, + mpi_t * params, unsigned params_len, + unsigned btype); int mhd_gtls_dsa_sign (gnutls_datum_t * signature, - const gnutls_datum_t * plaintext, mpi_t * params, - unsigned params_len); + const gnutls_datum_t * plaintext, mpi_t * params, + unsigned params_len); int mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - mpi_t * params, unsigned params_len, - unsigned btype); + const gnutls_datum_t * ciphertext, + mpi_t * params, unsigned params_len, + unsigned btype); int mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * ciphertext, mpi_t * params, - int params_len, int btype); + const gnutls_datum_t * ciphertext, mpi_t * params, + int params_len, int btype); int mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * sig_value, mpi_t * params, - int params_len); + const gnutls_datum_t * sig_value, mpi_t * params, + int params_len); #endif /* GNUTLS_PK_H */ diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c @@ -147,7 +147,8 @@ MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, const int *list) * **/ int -MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, const int *list) +MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, + const int *list) { return _set_priority (&session->internals.priorities.compression, list); } @@ -197,7 +198,7 @@ MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session, const int *list) **/ int MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, - const int *list) + const int *list) { #if ENABLE_OPENPGP return _set_priority (&session->internals.priorities.cert_type, list); @@ -249,7 +250,8 @@ typedef void (rmadd_func) (mhd_gtls_priority_st * priority_list, int alg); * **/ int -MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t priority) +MHD_gnutls_priority_set (mhd_gtls_session_t session, + gnutls_priority_t priority) { if (priority == NULL) { @@ -330,7 +332,7 @@ MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t priority) **/ int MHD_tls_set_default_priority (gnutls_priority_t * priority_cache, - const char *priorities, const char **err_pos) + const char *priorities, const char **err_pos) { *priority_cache = gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st)); if (*priority_cache == NULL) @@ -341,7 +343,8 @@ MHD_tls_set_default_priority (gnutls_priority_t * priority_cache, /* set mode to "SECURE256" */ _set_priority (&(*priority_cache)->protocol, mhd_gtls_protocol_priority); - _set_priority (&(*priority_cache)->cipher, mhd_gtls_cipher_priority_secure256); + _set_priority (&(*priority_cache)->cipher, + mhd_gtls_cipher_priority_secure256); _set_priority (&(*priority_cache)->kx, mhd_gtls_kx_priority_secure); _set_priority (&(*priority_cache)->mac, mhd_gtls_mac_priority_secure); _set_priority (&(*priority_cache)->cert_type, mhd_gtls_cert_type_priority); @@ -380,7 +383,7 @@ MHD_gnutls_priority_deinit (gnutls_priority_t priority_cache) **/ int MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, - const char *priorities, const char **err_pos) + const char *priorities, const char **err_pos) { gnutls_priority_t prio; int ret; diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c @@ -57,7 +57,7 @@ MHD_gnutls_protocol_get_version (mhd_gtls_session_t session) void mhd_gtls_set_current_version (mhd_gtls_session_t session, - enum MHD_GNUTLS_Protocol version) + enum MHD_GNUTLS_Protocol version) { session->security_parameters.version = version; } @@ -109,7 +109,7 @@ MHD_gtls_record_disable_padding (mhd_gtls_session_t session) **/ void MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, - gnutls_transport_ptr_t ptr) + gnutls_transport_ptr_t ptr) { session->internals.transport_recv_ptr = ptr; session->internals.transport_send_ptr = ptr; @@ -128,8 +128,8 @@ MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, **/ void MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, - gnutls_transport_ptr_t recv_ptr, - gnutls_transport_ptr_t send_ptr) + gnutls_transport_ptr_t recv_ptr, + gnutls_transport_ptr_t send_ptr) { session->internals.transport_send_ptr = send_ptr; session->internals.transport_recv_ptr = recv_ptr; @@ -187,7 +187,8 @@ MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how) case STATE61: ret = - MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); + MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, + GNUTLS_A_CLOSE_NOTIFY); STATE = STATE61; if (ret < 0) { @@ -292,9 +293,9 @@ copy_record_version (mhd_gtls_session_t session, */ ssize_t mhd_gtls_send_int (mhd_gtls_session_t session, - content_type_t type, - gnutls_handshake_description_t htype, - const void *_data, size_t sizeofdata) + content_type_t type, + gnutls_handshake_description_t htype, + const void *_data, size_t sizeofdata) { uint8_t *cipher; int cipher_size; @@ -331,7 +332,7 @@ mhd_gtls_send_int (mhd_gtls_session_t session, _gnutls_record_log ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, (int) mhd_gtls_uint64touint32 (&session->connection_state. - write_sequence_number), + write_sequence_number), _gnutls_packet2str (type), type, sizeofdata); if (sizeofdata > MAX_RECORD_SEND_SIZE) @@ -368,9 +369,9 @@ mhd_gtls_send_int (mhd_gtls_session_t session, cipher_size = mhd_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data, - data2send_size, cipher, cipher_size, type, - (session->internals.priorities.no_padding == - 0) ? 1 : 0); + data2send_size, cipher, cipher_size, type, + (session->internals.priorities.no_padding == + 0) ? 1 : 0); if (cipher_size <= 0) { gnutls_assert (); @@ -424,9 +425,9 @@ mhd_gtls_send_int (mhd_gtls_session_t session, _gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", session, - (int) mhd_gtls_uint64touint32 (&session-> - connection_state. - write_sequence_number), + (int) + mhd_gtls_uint64touint32 + (&session->connection_state.write_sequence_number), _gnutls_packet2str (type), type, cipher_size); return retval; @@ -445,7 +446,8 @@ mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, int again) _gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); if (again == 0) - return mhd_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); + return mhd_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, + 1); else { return mhd_gtls_io_write_flush (session); @@ -478,9 +480,8 @@ check_buffers (mhd_gtls_session_t session, content_type_t type, opaque * data, int sizeofdata) { if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type - == GNUTLS_INNER_APPLICATION) && mhd_gnutls_record_buffer_get_size (type, - session) - > 0) + == GNUTLS_INNER_APPLICATION) + && mhd_gnutls_record_buffer_get_size (type, session) > 0) { int ret, ret2; ret = mhd_gtls_record_buffer_get (type, session, data, sizeofdata); @@ -674,8 +675,8 @@ record_check_type (mhd_gtls_session_t session, case GNUTLS_APPLICATION_DATA: /* even if data is unexpected put it into the buffer */ if ((ret = - mhd_gnutls_record_buffer_put (recv_type, session, (void *) data, - data_size)) < 0) + mhd_gnutls_record_buffer_put (recv_type, session, + (void *) data, data_size)) < 0) { gnutls_assert (); return ret; @@ -717,8 +718,8 @@ record_check_type (mhd_gtls_session_t session, case GNUTLS_INNER_APPLICATION: /* even if data is unexpected put it into the buffer */ if ((ret = - mhd_gnutls_record_buffer_put (recv_type, session, (void *) data, - data_size)) < 0) + mhd_gnutls_record_buffer_put (recv_type, session, + (void *) data, data_size)) < 0) { gnutls_assert (); return ret; @@ -796,9 +797,9 @@ get_temp_recv_buffer (mhd_gtls_session_t session, gnutls_datum_t * tmp) */ ssize_t mhd_gtls_recv_int (mhd_gtls_session_t session, - content_type_t type, - gnutls_handshake_description_t htype, - opaque * data, size_t sizeofdata) + content_type_t type, + gnutls_handshake_description_t htype, + opaque * data, size_t sizeofdata) { gnutls_datum_t tmp; int decrypted_length; @@ -895,13 +896,14 @@ begin: _gnutls_record_log ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, (int) mhd_gtls_uint64touint32 (&session->connection_state. - read_sequence_number), + read_sequence_number), _gnutls_packet2str (type), type, sizeofdata); - _gnutls_record_log - ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session, - (int) mhd_gtls_uint64touint32 (&session->connection_state. - read_sequence_number), - _gnutls_packet2str (recv_type), recv_type, length); + _gnutls_record_log ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", + session, + (int) + mhd_gtls_uint64touint32 (&session->connection_state. + read_sequence_number), + _gnutls_packet2str (recv_type), recv_type, length); if (length > MAX_RECV_SIZE) { @@ -918,7 +920,7 @@ begin: /* check if we have that data into buffer. */ if ((ret = mhd_gtls_io_read_buffered (session, &recv_data, - header_size + length, recv_type)) + header_size + length, recv_type)) != header_size + length) { if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) @@ -945,7 +947,7 @@ begin: /* decrypt the data we got. */ ret = mhd_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size, - recv_type); + recv_type); if (ret < 0) { session_unresumable (session); @@ -977,12 +979,13 @@ begin: _gnutls_record_log ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, (int) mhd_gtls_uint64touint32 (&session->connection_state. - read_sequence_number), + read_sequence_number), _gnutls_packet2str (recv_type), recv_type, decrypted_length); /* increase sequence number */ - if (mhd_gtls_uint64pp (&session->connection_state.read_sequence_number) != 0) + if (mhd_gtls_uint64pp (&session->connection_state.read_sequence_number) != + 0) { session_invalidate (session); gnutls_assert (); @@ -1079,10 +1082,10 @@ begin: **/ ssize_t MHD_gnutls_record_send (mhd_gtls_session_t session, - const void *data, size_t sizeofdata) + const void *data, size_t sizeofdata) { return mhd_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data, - sizeofdata); + sizeofdata); } /** @@ -1116,10 +1119,11 @@ MHD_gnutls_record_send (mhd_gtls_session_t session, * received might be less than @sizeofdata. **/ ssize_t -MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, size_t sizeofdata) +MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, + size_t sizeofdata) { return mhd_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, - sizeofdata); + sizeofdata); } /** diff --git a/src/daemon/https/tls/gnutls_record.h b/src/daemon/https/tls/gnutls_record.h @@ -23,10 +23,11 @@ */ ssize_t mhd_gtls_send_int (mhd_gtls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, - const void *data, size_t sizeofdata); + gnutls_handshake_description_t htype, + const void *data, size_t sizeofdata); ssize_t mhd_gtls_recv_int (mhd_gtls_session_t session, content_type_t type, - gnutls_handshake_description_t, opaque * data, - size_t sizeofdata); -ssize_t mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, int again); + gnutls_handshake_description_t, opaque * data, + size_t sizeofdata); +ssize_t mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, + int again); void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); diff --git a/src/daemon/https/tls/gnutls_rsa_export.c b/src/daemon/https/tls/gnutls_rsa_export.c @@ -220,7 +220,8 @@ MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params) * **/ int -MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, unsigned int bits) +MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, + unsigned int bits) { return gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0); } diff --git a/src/daemon/https/tls/gnutls_rsa_export.h b/src/daemon/https/tls/gnutls_rsa_export.h @@ -22,6 +22,6 @@ * */ -const mpi_t * _gnutls_rsa_params_to_mpi (mhd_gtls_rsa_params_t); +const mpi_t *_gnutls_rsa_params_to_mpi (mhd_gtls_rsa_params_t); int _gnutls_peers_cert_less_512 (mhd_gtls_session_t session); int _gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits); diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c @@ -135,7 +135,7 @@ **/ int MHD_gtls_session_get_id (mhd_gtls_session_t session, - void *session_id, size_t * session_id_size) + void *session_id, size_t * session_id_size) { size_t given_session_id_size = *session_id_size; diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c @@ -69,7 +69,8 @@ static int pack_security_parameters (mhd_gtls_session_t session, * x bytes the public key */ static int -pack_anon_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) +pack_anon_auth_info (mhd_gtls_session_t session, + gnutls_datum_t * packed_session) { mhd_anon_auth_info_t info = mhd_gtls_get_auth_info (session); int pos = 0; @@ -100,14 +101,16 @@ pack_anon_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session if (pack_size > 0) { - mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); + mhd_gtls_write_uint16 (info->dh.secret_bits, + &packed_session->data[pos]); pos += 2; mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); pos += 4 + info->dh.prime.size; mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); pos += 4 + info->dh.generator.size; - mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); + mhd_gtls_write_datum32 (&packed_session->data[pos], + info->dh.public_key); pos += 4 + info->dh.public_key.size; } @@ -158,7 +161,7 @@ unpack_anon_auth_info (mhd_gtls_session_t session, */ ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, - sizeof (anon_auth_info_st), 1); + sizeof (anon_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -228,7 +231,7 @@ error: */ int mhd_gtls_session_pack (mhd_gtls_session_t session, - gnutls_datum_t * packed_session) + gnutls_datum_t * packed_session) { int ret; @@ -303,7 +306,7 @@ mhd_gtls_session_pack (mhd_gtls_session_t session, */ int mhd_gtls_session_unpack (mhd_gtls_session_t session, - const gnutls_datum_t * packed_session) + const gnutls_datum_t * packed_session) { int ret; @@ -444,21 +447,23 @@ pack_certificate_auth_info (mhd_gtls_session_t session, if (pack_size > 0) { - mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); + mhd_gtls_write_uint16 (info->dh.secret_bits, + &packed_session->data[pos]); pos += 2; mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); pos += 4 + info->dh.prime.size; mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); pos += 4 + info->dh.generator.size; - mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); + mhd_gtls_write_datum32 (&packed_session->data[pos], + info->dh.public_key); pos += 4 + info->dh.public_key.size; mhd_gtls_write_datum32 (&packed_session->data[pos], - info->rsa_export.modulus); + info->rsa_export.modulus); pos += 4 + info->rsa_export.modulus.size; mhd_gtls_write_datum32 (&packed_session->data[pos], - info->rsa_export.exponent); + info->rsa_export.exponent); pos += 4 + info->rsa_export.exponent.size; mhd_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]); @@ -467,7 +472,7 @@ pack_certificate_auth_info (mhd_gtls_session_t session, for (i = 0; i < info->ncerts; i++) { mhd_gtls_write_datum32 (&packed_session->data[pos], - info->raw_certificate_list[i]); + info->raw_certificate_list[i]); pos += sizeof (uint32_t) + info->raw_certificate_list[i].size; } } @@ -510,7 +515,7 @@ unpack_certificate_auth_info (mhd_gtls_session_t session, */ ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 1); + sizeof (cert_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -646,7 +651,8 @@ error: * x bytes the SRP username */ static int -pack_srp_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) +pack_srp_auth_info (mhd_gtls_session_t session, + gnutls_datum_t * packed_session) { srp_server_auth_info_t info = mhd_gtls_get_auth_info (session); int pack_size; @@ -709,7 +715,7 @@ unpack_srp_auth_info (mhd_gtls_session_t session, ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP, - sizeof (srp_server_auth_info_st), 1); + sizeof (srp_server_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -751,7 +757,8 @@ unpack_srp_auth_info (mhd_gtls_session_t session, * x bytes the public key */ static int -pack_psk_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) +pack_psk_auth_info (mhd_gtls_session_t session, + gnutls_datum_t * packed_session) { psk_auth_info_t info; int pack_size, username_size = 0, pos; @@ -798,14 +805,16 @@ pack_psk_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) memcpy (&packed_session->data[pos], info->username, username_size); pos += username_size; - mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); + mhd_gtls_write_uint16 (info->dh.secret_bits, + &packed_session->data[pos]); pos += 2; mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); pos += 4 + info->dh.prime.size; mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); pos += 4 + info->dh.generator.size; - mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); + mhd_gtls_write_datum32 (&packed_session->data[pos], + info->dh.public_key); pos += 4 + info->dh.public_key.size; } @@ -847,7 +856,7 @@ unpack_psk_auth_info (mhd_gtls_session_t session, */ ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK, - sizeof (psk_auth_info_st), 1); + sizeof (psk_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -1016,16 +1025,16 @@ pack_security_parameters (mhd_gtls_session_t session, pos += session->security_parameters.session_id_size; mhd_gtls_write_uint32 (session->security_parameters.timestamp, - &packed_session->data[pos]); + &packed_session->data[pos]); pos += 4; /* Extensions */ mhd_gtls_write_uint16 (session->security_parameters.max_record_send_size, - &packed_session->data[pos]); + &packed_session->data[pos]); pos += 2; mhd_gtls_write_uint16 (session->security_parameters.max_record_recv_size, - &packed_session->data[pos]); + &packed_session->data[pos]); pos += 2; /* SRP */ @@ -1037,7 +1046,7 @@ pack_security_parameters (mhd_gtls_session_t session, pos += len; mhd_gtls_write_uint16 (session->security_parameters.extensions. - server_names_size, &packed_session->data[pos]); + server_names_size, &packed_session->data[pos]); pos += 2; for (i = 0; i < session->security_parameters.extensions.server_names_size; @@ -1046,8 +1055,8 @@ pack_security_parameters (mhd_gtls_session_t session, packed_session->data[pos++] = session->security_parameters.extensions.server_names[i].type; mhd_gtls_write_uint16 (session->security_parameters.extensions. - server_names[i].name_length, - &packed_session->data[pos]); + server_names[i].name_length, + &packed_session->data[pos]); pos += 2; memcpy (&packed_session->data[pos], diff --git a/src/daemon/https/tls/gnutls_session_pack.h b/src/daemon/https/tls/gnutls_session_pack.h @@ -23,6 +23,6 @@ */ int mhd_gtls_session_pack (mhd_gtls_session_t session, - gnutls_datum_t * packed_session); + gnutls_datum_t * packed_session); int mhd_gtls_session_unpack (mhd_gtls_session_t session, - const gnutls_datum_t * packed_session); + const gnutls_datum_t * packed_session); diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c @@ -43,13 +43,13 @@ static int _gnutls_tls_sign (mhd_gtls_session_t session, const gnutls_datum_t * hash_concat, gnutls_datum_t * signature); -/* Generates a signature of all the previous sent packets in the +/* Generates a signature of all the previous sent packets in the * handshake procedure. (20040227: now it works for SSL 3.0 as well) */ int mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, - gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * signature) + gnutls_cert * cert, + gnutls_privkey * pkey, gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -75,8 +75,8 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, } mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); + session->security_parameters. + master_secret, TLS_MASTER_SIZE); } else mhd_gnutls_hash_deinit (td_sha, &concat[16]); @@ -94,8 +94,8 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, if (ver == MHD_GNUTLS_SSL3) mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, - session->security_parameters. - master_secret, TLS_MASTER_SIZE); + session->security_parameters. + master_secret, TLS_MASTER_SIZE); else mhd_gnutls_hash_deinit (td_md5, concat); @@ -120,9 +120,9 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, */ int mhd_gtls_tls_sign_params (mhd_gtls_session_t session, - gnutls_cert * cert, - gnutls_privkey * pkey, - gnutls_datum_t * params, gnutls_datum_t * signature) + gnutls_cert * cert, + gnutls_privkey * pkey, + gnutls_datum_t * params, gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -138,9 +138,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, } mhd_gnutls_hash (td_sha, session->security_parameters.client_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_sha, session->security_parameters.server_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_sha, params->data, params->size); switch (cert->subject_pk_algorithm) @@ -156,9 +156,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, } mhd_gnutls_hash (td_md5, session->security_parameters.client_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_md5, session->security_parameters.server_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_md5, params->data, params->size); mhd_gnutls_hash_deinit (td_md5, concat); @@ -205,9 +205,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, */ int mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, - mpi_t * params, - int params_size, - const gnutls_datum_t * data, gnutls_datum_t * signature) + mpi_t * params, + int params_size, + const gnutls_datum_t * data, gnutls_datum_t * signature) { int ret; @@ -217,7 +217,7 @@ mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, /* encrypt */ if ((ret = mhd_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size, - 1)) < 0) + 1)) < 0) { gnutls_assert (); return ret; @@ -270,7 +270,7 @@ _gnutls_tls_sign (mhd_gtls_session_t session, } return mhd_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size, - hash_concat, signature); + hash_concat, signature); } static int @@ -308,7 +308,7 @@ _gnutls_verify_sig (gnutls_cert * cert, /* verify signature */ if ((ret = mhd_gtls_rsa_verify (&vdata, signature, cert->params, - cert->params_size, 1)) < 0) + cert->params_size, 1)) < 0) { gnutls_assert (); return ret; @@ -324,11 +324,11 @@ _gnutls_verify_sig (gnutls_cert * cert, } /* Verifies a TLS signature (like the one in the client certificate - * verify message). + * verify message). */ int mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, - gnutls_cert * cert, gnutls_datum_t * signature) + gnutls_cert * cert, gnutls_datum_t * signature) { int ret; opaque concat[36]; @@ -362,11 +362,11 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, } mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, - session->security_parameters. - master_secret, TLS_MASTER_SIZE); + session->security_parameters. + master_secret, TLS_MASTER_SIZE); mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); + session->security_parameters. + master_secret, TLS_MASTER_SIZE); } else { @@ -393,9 +393,9 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, */ int mhd_gtls_verify_sig_params (mhd_gtls_session_t session, - gnutls_cert * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature) + gnutls_cert * cert, + const gnutls_datum_t * params, + gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -414,9 +414,9 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, } mhd_gnutls_hash (td_md5, session->security_parameters.client_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_md5, session->security_parameters.server_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_md5, params->data, params->size); } @@ -430,9 +430,9 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, } mhd_gnutls_hash (td_sha, session->security_parameters.client_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_sha, session->security_parameters.server_random, - TLS_RANDOM_SIZE); + TLS_RANDOM_SIZE); mhd_gnutls_hash (td_sha, params->data, params->size); if (ver < MHD_GNUTLS_TLS1_2) diff --git a/src/daemon/https/tls/gnutls_sig.h b/src/daemon/https/tls/gnutls_sig.h @@ -26,26 +26,27 @@ # define GNUTLS_SIG_H int mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, - gnutls_cert * cert, - gnutls_privkey * pkey, - gnutls_datum_t * signature); + gnutls_cert * cert, + gnutls_privkey * pkey, + gnutls_datum_t * signature); int mhd_gtls_tls_sign_params (mhd_gtls_session_t session, - gnutls_cert * cert, - gnutls_privkey * pkey, - gnutls_datum_t * params, - gnutls_datum_t * signature); + gnutls_cert * cert, + gnutls_privkey * pkey, + gnutls_datum_t * params, + gnutls_datum_t * signature); int mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, - gnutls_cert * cert, gnutls_datum_t * signature); + gnutls_cert * cert, + gnutls_datum_t * signature); int mhd_gtls_verify_sig_params (mhd_gtls_session_t session, - gnutls_cert * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature); + gnutls_cert * cert, + const gnutls_datum_t * params, + gnutls_datum_t * signature); int mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, - mpi_t * params, int params_size, - const gnutls_datum_t * data, gnutls_datum_t * signature); + mpi_t * params, int params_size, + const gnutls_datum_t * data, gnutls_datum_t * signature); #endif diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c @@ -119,7 +119,8 @@ gnutls_compression_get (mhd_gtls_session_t session) */ int mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session, - enum MHD_GNUTLS_CertificateType cert_type) + enum MHD_GNUTLS_CertificateType + cert_type) { unsigned i; unsigned cert_found = 0; @@ -129,8 +130,8 @@ mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session, { cred = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, - MHD_GNUTLS_CRD_CERTIFICATE, - NULL); + MHD_GNUTLS_CRD_CERTIFICATE, + NULL); if (cred == NULL) return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; @@ -234,7 +235,8 @@ mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t session) /* TODO rm redundent pointer ref */ int -MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end) +MHD_gnutls_init (mhd_gtls_session_t * session, + gnutls_connection_end_t con_end) { *session = gnutls_calloc (1, sizeof (struct MHD_gtls_session_int)); if (*session == NULL) @@ -284,10 +286,10 @@ MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end) MHD_gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); - MHD_gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ + MHD_gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ MHD_gnutls_handshake_set_max_packet_length ((*session), - MAX_HANDSHAKE_PACKET_SIZE); + MAX_HANDSHAKE_PACKET_SIZE); /* Allocate a minimum size for recv_data * This is allocated in order to avoid small messages, making @@ -369,10 +371,11 @@ MHD_gnutls_deinit (mhd_gtls_session_t session) mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); if (session->connection_state.read_compression_state != NULL) - mhd_gtls_comp_deinit (session->connection_state.read_compression_state, 1); + mhd_gtls_comp_deinit (session->connection_state.read_compression_state, + 1); if (session->connection_state.write_compression_state != NULL) - mhd_gtls_comp_deinit (session->connection_state. - write_compression_state, 0); + mhd_gtls_comp_deinit (session->connection_state.write_compression_state, + 0); _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret); _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret); @@ -508,7 +511,7 @@ mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits) */ int mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, - mpi_t exponent, mpi_t modulus) + mpi_t exponent, mpi_t modulus) { cert_auth_info_t info; int ret; @@ -609,7 +612,7 @@ mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, mpi_t prime) **/ void MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, - int status) + int status) { session->internals.ignore_rdn_sequence = status; } @@ -650,7 +653,8 @@ _gnutls_record_set_default_version (mhd_gtls_session_t session, * gnutls servers and clients may cause interoperability problems. **/ void -MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, int allow) +MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, + int allow) { session->internals.enable_private = allow; } @@ -778,11 +782,11 @@ _gnutls_xor (opaque * o1, opaque * o2, int length) */ int mhd_gtls_PRF (mhd_gtls_session_t session, - const opaque * secret, - int secret_size, - const char *label, - int label_size, - const opaque * seed, int seed_size, int total_bytes, void *ret) + const opaque * secret, + int secret_size, + const char *label, + int label_size, + const opaque * seed, int seed_size, int total_bytes, void *ret) { int l_s, s_seed_size; const opaque *s1, *s2; @@ -889,15 +893,16 @@ mhd_gtls_PRF (mhd_gtls_session_t session, **/ int MHD_gnutls_prf_raw (mhd_gtls_session_t session, - size_t label_size, - const char *label, - size_t seed_size, const char *seed, size_t outsize, char *out) + size_t label_size, + const char *label, + size_t seed_size, const char *seed, size_t outsize, + char *out) { int ret; ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, - TLS_MASTER_SIZE, label, label_size, (opaque *) seed, - seed_size, outsize, out); + TLS_MASTER_SIZE, label, label_size, (opaque *) seed, + seed_size, outsize, out); return ret; } @@ -933,10 +938,11 @@ MHD_gnutls_prf_raw (mhd_gtls_session_t session, **/ int MHD_gnutls_prf (mhd_gtls_session_t session, - size_t label_size, - const char *label, - int server_random_first, - size_t extra_size, const char *extra, size_t outsize, char *out) + size_t label_size, + const char *label, + int server_random_first, + size_t extra_size, const char *extra, size_t outsize, + char *out) { int ret; opaque *seed; @@ -959,8 +965,8 @@ MHD_gnutls_prf (mhd_gtls_session_t session, memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size); ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, - TLS_MASTER_SIZE, label, label_size, seed, seedsize, - outsize, out); + TLS_MASTER_SIZE, label, label_size, seed, seedsize, + outsize, out); gnutls_free (seed); @@ -1045,8 +1051,8 @@ MHD_gtls_session_is_resumed (mhd_gtls_session_t session) == session->internals.resumed_security_parameters.session_id_size && memcmp (session->security_parameters.session_id, session->internals.resumed_security_parameters. - session_id, session->security_parameters.session_id_size) - == 0) + session_id, + session->security_parameters.session_id_size) == 0) return 1; } else @@ -1073,7 +1079,7 @@ mhd_gtls_session_is_export (mhd_gtls_session_t session) cipher = mhd_gtls_cipher_suite_get_cipher_algo (&session->security_parameters. - current_cipher_suite); + current_cipher_suite); if (mhd_gtls_cipher_get_export_flag (cipher) != 0) return 1; @@ -1174,9 +1180,10 @@ _gnutls_rsa_pms_set_version (mhd_gtls_session_t session, * **/ void -MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t session, - gnutls_handshake_post_client_hello_func - func) +MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t + session, + gnutls_handshake_post_client_hello_func + func) { session->internals.user_hello_func = func; } diff --git a/src/daemon/https/tls/gnutls_state.h b/src/daemon/https/tls/gnutls_state.h @@ -28,10 +28,13 @@ #include <gnutls_int.h> void _gnutls_session_cert_type_set (mhd_gtls_session_t session, - enum MHD_GNUTLS_CertificateType); -enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session); -enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session); -enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t); + enum MHD_GNUTLS_CertificateType); +enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t + session); +enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t + session); +enum MHD_GNUTLS_CertificateType +gnutls_certificate_type_get (mhd_gtls_session_t); #include <gnutls_auth_int.h> @@ -43,18 +46,19 @@ enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t) #endif int mhd_gtls_session_cert_type_supported (mhd_gtls_session_t, - enum MHD_GNUTLS_CertificateType); + enum MHD_GNUTLS_CertificateType); int mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits); int mhd_gtls_dh_set_peer_public (mhd_gtls_session_t session, mpi_t public); -int mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, mpi_t prime); +int mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, + mpi_t prime); int mhd_gtls_dh_get_allowed_prime_bits (mhd_gtls_session_t session); void mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t); int mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, - mpi_t exponent, mpi_t modulus); + mpi_t exponent, mpi_t modulus); int mhd_gtls_session_is_resumable (mhd_gtls_session_t session); int mhd_gtls_session_is_export (mhd_gtls_session_t session); @@ -62,11 +66,12 @@ int mhd_gtls_session_is_export (mhd_gtls_session_t session); int mhd_gtls_openpgp_send_fingerprint (mhd_gtls_session_t session); int mhd_gtls_PRF (mhd_gtls_session_t session, - const opaque * secret, int secret_size, - const char *label, int label_size, - const opaque * seed, int seed_size, - int total_bytes, void *ret); + const opaque * secret, int secret_size, + const char *label, int label_size, + const opaque * seed, int seed_size, + int total_bytes, void *ret); -int MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end); +int MHD_gnutls_init (mhd_gtls_session_t * session, + gnutls_connection_end_t con_end); #define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509 diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c @@ -74,7 +74,7 @@ mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src) void mhd_gtls_mem_cpy (char *dest, - size_t dest_tot_size, const char *src, size_t src_size) + size_t dest_tot_size, const char *src, size_t src_size) { if (dest_tot_size >= src_size) @@ -92,9 +92,9 @@ mhd_gtls_mem_cpy (char *dest, void mhd_gtls_string_init (mhd_gtls_string * str, - gnutls_alloc_function alloc_func, - gnutls_realloc_function realloc_func, - gnutls_free_function free_func) + gnutls_alloc_function alloc_func, + gnutls_realloc_function realloc_func, + gnutls_free_function free_func) { str->data = NULL; str->max_length = 0; @@ -197,7 +197,7 @@ mhd_gtls_string_append_str (mhd_gtls_string * dest, const char *src) int mhd_gtls_string_append_data (mhd_gtls_string * dest, - const void *data, size_t data_size) + const void *data, size_t data_size) { size_t tot_len = data_size + dest->length; @@ -256,7 +256,7 @@ mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, ...) */ char * mhd_gtls_bin2hex (const void *_old, - size_t oldlen, char *buffer, size_t buffer_size) + size_t oldlen, char *buffer, size_t buffer_size) { unsigned int i, j; const opaque *old = _old; @@ -275,7 +275,7 @@ mhd_gtls_bin2hex (const void *_old, */ int mhd_gtls_hex2bin (const opaque * hex_data, - int hex_size, opaque * bin_data, size_t * bin_size) + int hex_size, opaque * bin_data, size_t * bin_size) { int i, j; opaque hex2_data[3]; diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h @@ -29,12 +29,12 @@ void mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); void mhd_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, - size_t src_size); + size_t src_size); void mhd_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); typedef struct { - opaque * data; + opaque *data; size_t max_length; size_t length; gnutls_realloc_function realloc_func; @@ -43,7 +43,7 @@ typedef struct } mhd_gtls_string; void mhd_gtls_string_init (mhd_gtls_string *, gnutls_alloc_function, - gnutls_realloc_function, gnutls_free_function); + gnutls_realloc_function, gnutls_free_function); void mhd_gtls_string_clear (mhd_gtls_string *); /* Beware, do not clear the string, after calling this @@ -54,12 +54,13 @@ gnutls_datum_t mhd_gtls_string2datum (mhd_gtls_string * str); int mhd_gtls_string_copy_str (mhd_gtls_string * dest, const char *src); int mhd_gtls_string_append_str (mhd_gtls_string *, const char *str); int mhd_gtls_string_append_data (mhd_gtls_string *, const void *data, - size_t data_size); -int mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, ...); + size_t data_size); +int mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, + ...); -char * mhd_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, - size_t buffer_size); -int mhd_gtls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, - size_t * bin_size); +char *mhd_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, + size_t buffer_size); +int mhd_gtls_hex2bin (const opaque * hex_data, int hex_size, + opaque * bin_data, size_t * bin_size); #endif diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c @@ -52,7 +52,8 @@ typedef int (*supp_recv_func) (mhd_gtls_session_t session, const opaque * data, size_t data_size); -typedef int (*supp_send_func) (mhd_gtls_session_t session, mhd_gtls_buffer * buf); +typedef int (*supp_send_func) (mhd_gtls_session_t session, + mhd_gtls_buffer * buf); typedef struct { diff --git a/src/daemon/https/tls/gnutls_supplemental.h b/src/daemon/https/tls/gnutls_supplemental.h @@ -25,7 +25,6 @@ #include <gnutls_int.h> int _gnutls_parse_supplemental (mhd_gtls_session_t session, - const uint8_t *data, - int data_size); + const uint8_t * data, int data_size); int _gnutls_gen_supplemental (mhd_gtls_session_t session, - mhd_gtls_buffer *buf); + mhd_gtls_buffer * buf); diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c @@ -41,13 +41,13 @@ * @session: is a #mhd_gtls_session_t structure. * @bits: is the number of bits * - * This function sets the number of bits, for use in an + * This function sets the number of bits, for use in an * Diffie Hellman key exchange. This is used both in DH ephemeral and * DH anonymous cipher suites. This will set the * minimum size of the prime that will be used for the handshake. * * In the client side it sets the minimum accepted number of bits. - * If a server sends a prime with less bits than that + * If a server sends a prime with less bits than that * GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the * handshake. * @@ -64,7 +64,7 @@ MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits) * @raw_gen: will hold the generator. * @raw_prime: will hold the prime. * - * This function will return the group parameters used in the last Diffie Hellman + * This function will return the group parameters used in the last Diffie Hellman * authentication with the peer. These are the prime and the generator used. * This function should be used for both anonymous and ephemeral diffie Hellman. * The output parameters must be freed with gnutls_free(). @@ -74,7 +74,7 @@ MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits) **/ int MHD_gnutls_dh_get_group (mhd_gtls_session_t session, - gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) + gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) { mhd_gtls_dh_info_st *dh; int ret; @@ -131,7 +131,8 @@ MHD_gnutls_dh_get_group (mhd_gtls_session_t session, * **/ int -MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, gnutls_datum_t * raw_key) +MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, + gnutls_datum_t * raw_key) { mhd_gtls_dh_info_st *dh; mhd_anon_auth_info_t anon_info; @@ -189,8 +190,8 @@ MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, gnutls_datum_t * raw_key) **/ int MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, - gnutls_datum_t * exponent, - gnutls_datum_t * modulus) + gnutls_datum_t * exponent, + gnutls_datum_t * modulus) { cert_auth_info_t info; int ret; @@ -314,7 +315,7 @@ MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session) * @session: is a gnutls session * * This function will return the bits used in the last RSA-EXPORT key exchange - * with the peer. + * with the peer. * Returns a negative value in case of an error. * **/ @@ -384,7 +385,7 @@ MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session) * @session: is a gnutls session * * This function will return the certificate as sent to the peer, - * in the last handshake. These certificates are in raw format. + * in the last handshake. These certificates are in raw format. * In X.509 this is a certificate list. In OpenPGP this is a single * certificate. * Returns NULL in case of an error, or if no certificate was used. @@ -399,8 +400,8 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session) cred = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, - MHD_GNUTLS_CRD_CERTIFICATE, - NULL); + MHD_GNUTLS_CRD_CERTIFICATE, + NULL); if (cred == NULL || cred->cert_list == NULL) { gnutls_assert (); @@ -418,9 +419,9 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session) * @session: is a gnutls session * @list_size: is the length of the certificate list * - * This function will return the peer's raw certificate (chain) as - * sent by the peer. These certificates are in raw format (DER encoded - * for X.509). In case of a X.509 then a certificate list may be present. + * This function will return the peer's raw certificate (chain) as + * sent by the peer. These certificates are in raw format (DER encoded + * for X.509). In case of a X.509 then a certificate list may be present. * The first certificate in the list is the peer's certificate, * following the issuer's certificate, then the issuer's issuer etc. * @@ -432,7 +433,7 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session) **/ const gnutls_datum_t * MHD_gtls_certificate_get_peers (mhd_gtls_session_t - session, unsigned int *list_size) + session, unsigned int *list_size) { cert_auth_info_t info; @@ -472,7 +473,7 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session) * MHD_gnutls_fingerprint - This function calculates the fingerprint of the given data * @algo: is a digest algorithm * @data: is the data - * @result: is the place where the result will be copied (may be null). + * @result: is the place where the result will be copied (may be null). * @result_size: should hold the size of the result. The actual size * of the returned result will also be copied there. * @@ -480,8 +481,8 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session) * given data. The result is not printable data. You should convert it * to hex, or to something else printable. * - * This is the usual way to calculate a fingerprint of an X.509 - * DER encoded certificate. Note however that the fingerprint + * This is the usual way to calculate a fingerprint of an X.509 + * DER encoded certificate. Note however that the fingerprint * of an OpenPGP is not just a hash and cannot be calculated with * this function. * @@ -490,8 +491,8 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session) **/ int MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, - const gnutls_datum_t * data, - void *result, size_t * result_size) + const gnutls_datum_t * data, + void *result, size_t * result_size) { GNUTLS_HASH_HANDLE td; int hash_len = mhd_gnutls_hash_get_algo_len (HASH2MAC (algo)); @@ -532,7 +533,7 @@ MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, **/ void MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, - mhd_gtls_dh_params_t dh_params) + mhd_gtls_dh_params_t dh_params) { res->dh_params = dh_params; } @@ -542,7 +543,7 @@ MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, * @res: is a mhd_gtls_cert_credentials_t structure * @func: is the function to be called * - * This function will set a callback in order for the server to get the + * This function will set a callback in order for the server to get the * diffie hellman or RSA parameters for certificate authentication. The callback * should return zero on success. * @@ -566,7 +567,7 @@ gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t res, **/ void MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t - res, unsigned int flags) + res, unsigned int flags) { res->verify_flags = flags; } @@ -584,9 +585,9 @@ MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t **/ void MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t - res, - unsigned int max_bits, - unsigned int max_depth) + res, + unsigned int max_bits, + unsigned int max_depth) { res->verify_depth = max_depth; res->verify_bits = max_bits; @@ -604,7 +605,9 @@ MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t **/ void MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t - res, mhd_gtls_rsa_params_t rsa_params) + res, + mhd_gtls_rsa_params_t + rsa_params) { res->rsa_params = rsa_params; } @@ -614,7 +617,7 @@ MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t * @res: is a mhd_gtls_anon_server_credentials_t structure * @func: is the function to be called * - * This function will set a callback in order for the server to get the + * This function will set a callback in order for the server to get the * diffie hellman or RSA parameters for anonymous authentication. The callback * should return zero on success. * diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c @@ -223,8 +223,7 @@ _gnutls_check_key_cert_match (mhd_gtls_cert_credentials_t res) 1].params_size, &kid); - _gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0]. - params, + _gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0].params, res->cert_list[res->ncerts - 1][0].params_size, &cid); @@ -264,7 +263,7 @@ parse_crt_mem (gnutls_cert ** cert_list, unsigned *ncerts, *cert_list = (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, - i * sizeof (gnutls_cert)); + i * sizeof (gnutls_cert)); if (*cert_list == NULL) { @@ -409,7 +408,7 @@ parse_pkcs7_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts, const { *cert_list = (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, - i * sizeof (gnutls_cert)); + i * sizeof (gnutls_cert)); if (*cert_list == NULL) { @@ -503,7 +502,7 @@ parse_pem_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts, *cert_list = (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, - i * sizeof (gnutls_cert)); + i * sizeof (gnutls_cert)); if (*cert_list == NULL) { @@ -567,9 +566,9 @@ read_cert_mem (mhd_gtls_cert_credentials_t res, const void *cert, /* allocate space for the certificate to add */ res->cert_list = mhd_gtls_realloc_fast (res->cert_list, - (1 + - res->ncerts) * - sizeof (gnutls_cert *)); + (1 + + res->ncerts) * + sizeof (gnutls_cert *)); if (res->cert_list == NULL) { gnutls_assert (); @@ -577,8 +576,9 @@ read_cert_mem (mhd_gtls_cert_credentials_t res, const void *cert, } res->cert_list_length = mhd_gtls_realloc_fast (res->cert_list_length, - (1 + - res->ncerts) * sizeof (int)); + (1 + + res->ncerts) * + sizeof (int)); if (res->cert_list_length == NULL) { gnutls_assert (); @@ -712,7 +712,7 @@ read_key_mem (mhd_gtls_cert_credentials_t res, */ res->pkey = mhd_gtls_realloc_fast (res->pkey, - (res->ncerts + 1) * sizeof (gnutls_privkey)); + (res->ncerts + 1) * sizeof (gnutls_privkey)); if (res->pkey == NULL) { gnutls_assert (); @@ -819,9 +819,9 @@ read_key_file (mhd_gtls_cert_credentials_t res, **/ int MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t - res, const gnutls_datum_t * cert, - const gnutls_datum_t * key, - gnutls_x509_crt_fmt_t type) + res, const gnutls_datum_t * cert, + const gnutls_datum_t * key, + gnutls_x509_crt_fmt_t type) { int ret; @@ -865,9 +865,9 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t **/ int MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t - res, const char *CERTFILE, - const char *KEYFILE, - gnutls_x509_crt_fmt_t type) + res, const char *CERTFILE, + const char *KEYFILE, + gnutls_x509_crt_fmt_t type) { int ret; @@ -955,7 +955,8 @@ generate_rdn_seq (mhd_gtls_cert_credentials_t res) * certificate (uses the KeyUsage field). */ int -_gnutls_check_key_usage (const gnutls_cert * cert, enum MHD_GNUTLS_KeyExchangeAlgorithm alg) +_gnutls_check_key_usage (const gnutls_cert * cert, + enum MHD_GNUTLS_KeyExchangeAlgorithm alg) { unsigned int key_usage = 0; int encipher_type; @@ -1041,9 +1042,9 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, *cert_list = (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, - i * - sizeof - (gnutls_x509_crt_t)); + i * + sizeof + (gnutls_x509_crt_t)); if (*cert_list == NULL) { @@ -1119,8 +1120,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, *cert_list = (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, - i * - sizeof (gnutls_x509_crt_t)); + i * + sizeof (gnutls_x509_crt_t)); if (*cert_list == NULL) { @@ -1172,8 +1173,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, **/ int MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t - res, const gnutls_datum_t * ca, - gnutls_x509_crt_fmt_t type) + res, const gnutls_datum_t * ca, + gnutls_x509_crt_fmt_t type) { int ret, ret2; @@ -1211,8 +1212,8 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t **/ int MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t - res, const char *cafile, - gnutls_x509_crt_fmt_t type) + res, const char *cafile, + gnutls_x509_crt_fmt_t type) { int ret, ret2; size_t size; @@ -1274,9 +1275,9 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, *crl_list = (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, - i * - sizeof - (gnutls_x509_crl_t)); + i * + sizeof + (gnutls_x509_crl_t)); if (*crl_list == NULL) { @@ -1342,8 +1343,8 @@ parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, *crl_list = (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, - i * - sizeof (gnutls_x509_crl_t)); + i * + sizeof (gnutls_x509_crl_t)); if (*crl_list == NULL) { @@ -1386,9 +1387,9 @@ read_crl_mem (mhd_gtls_cert_credentials_t res, const void *crl, /* allocate space for the certificate to add */ res->x509_crl_list = mhd_gtls_realloc_fast (res->x509_crl_list, - (1 + - res->x509_ncrls) * - sizeof (gnutls_x509_crl_t)); + (1 + + res->x509_ncrls) * + sizeof (gnutls_x509_crl_t)); if (res->x509_crl_list == NULL) { gnutls_assert (); @@ -1427,8 +1428,8 @@ read_crl_mem (mhd_gtls_cert_credentials_t res, const void *crl, **/ int MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t - res, const gnutls_datum_t * CRL, - gnutls_x509_crt_fmt_t type) + res, const gnutls_datum_t * CRL, + gnutls_x509_crt_fmt_t type) { int ret; @@ -1454,8 +1455,8 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t **/ int MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t - res, const char *crlfile, - gnutls_x509_crt_fmt_t type) + res, const char *crlfile, + gnutls_x509_crt_fmt_t type) { int ret; size_t size; diff --git a/src/daemon/https/tls/gnutls_x509.h b/src/daemon/https/tls/gnutls_x509.h @@ -25,7 +25,7 @@ #include <libtasn1.h> int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, - unsigned int *status); + unsigned int *status); #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" #define PEM_CERT_SEP "-----BEGIN CERTIFICATE" @@ -37,13 +37,13 @@ int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, #define PEM_KEY_DSA_SEP "-----BEGIN DSA" int _gnutls_check_key_usage (const gnutls_cert * cert, - enum MHD_GNUTLS_KeyExchangeAlgorithm alg); + enum MHD_GNUTLS_KeyExchangeAlgorithm alg); int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey, - const gnutls_datum_t * raw_key, - gnutls_x509_crt_fmt_t type); + const gnutls_datum_t * raw_key, + gnutls_x509_crt_fmt_t type); int _gnutls_x509_privkey_to_gkey (gnutls_privkey * privkey, - gnutls_x509_privkey_t); + gnutls_x509_privkey_t); diff --git a/src/daemon/https/tls/io_debug.h b/src/daemon/https/tls/io_debug.h @@ -33,7 +33,7 @@ #include <gnutls_int.h> -#define EDUNNO EAGAIN /* EAGAIN */ +#define EDUNNO EAGAIN /* EAGAIN */ extern int errno; static int initialized_rand = 0; diff --git a/src/daemon/https/tls/x509_b64.c b/src/daemon/https/tls/x509_b64.c @@ -293,17 +293,17 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, * @result: the place where base64 data will be copied * @result_size: holds the size of the result * - * This function will convert the given data to printable data, using the base64 + * This function will convert the given data to printable data, using the base64 * encoding. This is the encoding used in PEM messages. If the provided * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. * * The output string will be null terminated, although the size will not include * the terminating null. - * + * **/ int MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, - char *result, size_t * result_size) + char *result, size_t * result_size) { opaque *ret; int size; @@ -334,17 +334,17 @@ MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, * @data: contains the raw data * @result: will hold the newly allocated encoded data * - * This function will convert the given data to printable data, using the base64 + * This function will convert the given data to printable data, using the base64 * encoding. This is the encoding used in PEM messages. This function will * allocate the required memory to hold the encoded data. * * You should use gnutls_free() to free the returned data. - * + * **/ int MHD_gtls_pem_base64_encode_alloc (const char *msg, - const gnutls_datum_t * data, - gnutls_datum_t * result) + const gnutls_datum_t * data, + gnutls_datum_t * result) { opaque *ret; int size; @@ -483,7 +483,7 @@ _gnutls_fbase64_decode (const char *header, const opaque * data, return GNUTLS_E_BASE64_DECODING_ERROR; } - /* position of kdata is before the ----END--- footer + /* position of kdata is before the ----END--- footer */ rdata_size = (unsigned long int) kdata - (unsigned long int) rdata; @@ -535,8 +535,8 @@ _gnutls_fbase64_decode (const char *header, const opaque * data, **/ int MHD_gtls_pem_base64_decode (const char *header, - const gnutls_datum_t * b64_data, - unsigned char *result, size_t * result_size) + const gnutls_datum_t * b64_data, + unsigned char *result, size_t * result_size) { opaque *ret; int size; @@ -570,8 +570,8 @@ MHD_gtls_pem_base64_decode (const char *header, * * This function will decode the given encoded data. The decoded data * will be allocated, and stored into result. - * If the header given is non null this function will search for - * "-----BEGIN header" and decode only this part. Otherwise it will decode the + * If the header given is non null this function will search for + * "-----BEGIN header" and decode only this part. Otherwise it will decode the * first PEM packet found. * * You should use gnutls_free() to free the returned data. @@ -579,8 +579,8 @@ MHD_gtls_pem_base64_decode (const char *header, **/ int MHD_gtls_pem_base64_decode_alloc (const char *header, - const gnutls_datum_t * b64_data, - gnutls_datum_t * result) + const gnutls_datum_t * b64_data, + gnutls_datum_t * result) { opaque *ret; int size; diff --git a/src/daemon/https/tls/x509_b64.h b/src/daemon/https/tls/x509_b64.h @@ -23,13 +23,13 @@ */ int _gnutls_base64_encode (const uint8_t * data, size_t data_size, - uint8_t ** result); + uint8_t ** result); int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, - int data_size, uint8_t ** result); + int data_size, uint8_t ** result); int _gnutls_base64_decode (const uint8_t * data, size_t data_size, - uint8_t ** result); + uint8_t ** result); int _gnutls_fbase64_decode (const char *header, const uint8_t * data, - size_t data_size, uint8_t ** result); + size_t data_size, uint8_t ** result); #define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4))) diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c @@ -440,7 +440,7 @@ _gnutls_x509_data2hex (const opaque * data, return 0; } -/* TIME functions +/* TIME functions * Convertions between generalized or UTC time to time_t * */ @@ -463,7 +463,7 @@ typedef struct fake_tm * who placed it under public domain: */ -/* The number of days in each month. +/* The number of days in each month. */ static const int MONTHDAYS[] = { 31, 28, @@ -498,12 +498,12 @@ mktime_utc (const struct fake_tm *tm) /* We do allow some ill-formed dates, but we don't do anything special * with them and our callers really shouldn't pass them to us. Do * explicitly disallow the ones that would cause invalid array accesses - * or other algorithm problems. + * or other algorithm problems. */ if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) return (time_t) - 1; - /* Convert to a time_t. + /* Convert to a time_t. */ for (i = 1970; i < tm->tm_year; i++) result += 365 + ISLEAP (i); @@ -1319,7 +1319,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, return algo; } - /* Now read the parameters' bits + /* Now read the parameters' bits */ mhd_gtls_str_cpy (name, sizeof (name), src_name); mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); @@ -1442,7 +1442,7 @@ _gnutls_x509_get_signature (ASN1_TYPE src, signature->data = NULL; signature->size = 0; - /* Read the signature + /* Read the signature */ bits = 0; result = asn1_read_value (src, src_name, NULL, &bits); diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h @@ -63,13 +63,13 @@ time_t _gnutls_x509_generalTime2gtime (const char *ttime); int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); int _gnutls_x509_decode_octet_string (const char *string_type, - const opaque * der, size_t der_size, - opaque * output, size_t * output_size); + const opaque * der, size_t der_size, + opaque * output, size_t * output_size); int _gnutls_x509_oid_data2string (const char *OID, void *value, - int value_size, char *res, - size_t * res_size); + int value_size, char *res, + size_t * res_size); int _gnutls_x509_data2hex (const opaque * data, size_t data_size, - opaque * out, size_t * sizeof_out); + opaque * out, size_t * sizeof_out); const char *_gnutls_x509_oid2ldap_string (const char *OID); @@ -81,46 +81,47 @@ time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when); gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, - ASN1_TYPE dest, const char *dest_name, - int str); + ASN1_TYPE dest, const char *dest_name, + int str); int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * res, int str); + gnutls_datum_t * res, int str); int _gnutls_x509_export_int (ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt_t format, char *pem_header, - unsigned char *output_data, - size_t * output_data_size); + gnutls_x509_crt_fmt_t format, char *pem_header, + unsigned char *output_data, + size_t * output_data_size); int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, - gnutls_datum_t * ret, int str); + gnutls_datum_t * ret, int str); int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, - const gnutls_datum_t * data, int str); + const gnutls_datum_t * data, int str); int _gnutls_x509_encode_and_write_attribute (const char *given_oid, - ASN1_TYPE asn1_struct, - const char *where, - const void *data, - int sizeof_data, int multi); + ASN1_TYPE asn1_struct, + const char *where, + const void *data, + int sizeof_data, int multi); int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, - const char *where, char *oid, - int oid_size, - gnutls_datum_t * value, int multi, - int octet); + const char *where, char *oid, + int oid_size, + gnutls_datum_t * value, int multi, + int octet); int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, - unsigned int *bits); + unsigned int *bits); int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, - const char *dst_name, - enum MHD_GNUTLS_PublicKeyAlgorithm - pk_algorithm, mpi_t * params, - int params_size); + const char *dst_name, + enum + MHD_GNUTLS_PublicKeyAlgorithm + pk_algorithm, mpi_t * params, + int params_size); int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, - ASN1_TYPE src, const char *src_name); + ASN1_TYPE src, const char *src_name); int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signed_data); + gnutls_datum_t * signed_data); int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signature); + gnutls_datum_t * signature); #endif diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c @@ -73,7 +73,7 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl) * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure * @crl: The structure to be initialized * - * This function will deinitialize a CRL structure. + * This function will deinitialize a CRL structure. * **/ void @@ -168,7 +168,7 @@ cleanup: * @buf: a pointer to a structure to hold the peer's name (may be null) * @sizeof_buf: initially holds the size of @buf * - * This function will copy the name of the CRL issuer in the provided buffer. The name + * This function will copy the name of the CRL issuer in the provided buffer. The name * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output * string will be ASCII or UTF-8 encoded, depending on the certificate data. * @@ -208,7 +208,7 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf, * string will be ASCII or UTF-8 encoded, depending on the certificate data. * * Some helper macros with popular OIDs can be found in gnutls/x509.h - * If raw flag is zero, this function will only return known OIDs as text. Other OIDs + * If raw flag is zero, this function will only return known OIDs as text. Other OIDs * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. * You can check about known OIDs using gnutls_x509_dn_oid_known(). * @@ -244,7 +244,7 @@ gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, * @sizeof_oid: initially holds the size of 'oid' * * This function will extract the requested OID of the name of the CRL issuer, specified - * by the given index. + * by the given index. * * If oid is null then only the size will be filled. * @@ -273,8 +273,8 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm * @crl: should contain a gnutls_x509_crl_t structure * - * This function will return a value of the gnutls_sign_algorithm_t enumeration that - * is the signature algorithm. + * This function will return a value of the gnutls_sign_algorithm_t enumeration that + * is the signature algorithm. * * Returns a negative value on error. * @@ -651,7 +651,7 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl, * @dest: The structure where to copy * @src: The structure to be copied * - * This function will copy an X.509 certificate structure. + * This function will copy an X.509 certificate structure. * * Returns 0 on success. * diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c @@ -197,7 +197,7 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time) * @serial_size: Holds the size of the serial field. * @revocation_time: The time this certificate was revoked * - * This function will set a revoked certificate's serial number to the CRL. + * This function will set a revoked certificate's serial number to the CRL. * * Returns 0 on success, or a negative value in case of an error. * @@ -262,7 +262,7 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate * @revocation_time: The time this certificate was revoked * - * This function will set a revoked certificate's serial number to the CRL. + * This function will set a revoked certificate's serial number to the CRL. * * Returns 0 on success, or a negative value in case of an error. * diff --git a/src/daemon/https/x509/crq.c b/src/daemon/https/x509/crq.c @@ -46,7 +46,7 @@ * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure * @crq: The structure to be initialized * - * This function will initialize a PKCS10 certificate request structure. + * This function will initialize a PKCS10 certificate request structure. * * Returns 0 on success. * @@ -76,7 +76,7 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq) * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure * @crq: The structure to be initialized * - * This function will deinitialize a CRL structure. + * This function will deinitialize a CRL structure. * **/ void @@ -336,7 +336,7 @@ parse_attribute (ASN1_TYPE asn1_struct, /* Move to the attibute type and values */ - /* Read the OID + /* Read the OID */ mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); @@ -356,7 +356,7 @@ parse_attribute (ASN1_TYPE asn1_struct, if (strcmp (oid, given_oid) == 0) { /* Found the OID */ - /* Read the Value + /* Read the Value */ snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", tmpbuffer1, indx + 1); @@ -421,7 +421,7 @@ cleanup: } /** - * gnutls_x509_crq_get_challenge_password - This function will get the challenge password + * gnutls_x509_crq_get_challenge_password - This function will get the challenge password * @crq: should contain a gnutls_x509_crq_t structure * @pass: will hold a null terminated password * @sizeof_pass: Initially holds the size of @pass. @@ -499,7 +499,7 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, } /** - * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request + * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request * @crq: should contain a gnutls_x509_crq_t structure * @oid: holds an Object Identified in null terminated string * @indx: In case multiple same OIDs exist in the attribute list, this specifies @@ -674,7 +674,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) } /** - * gnutls_x509_crq_set_challenge_password - This function will set a challenge password + * gnutls_x509_crq_set_challenge_password - This function will set a challenge password * @crq: should contain a gnutls_x509_crq_t structure * @pass: holds a null terminated password * @@ -849,11 +849,11 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq, * @crq: should contain a gnutls_x509_crq_t structure * @bits: if bits is non null it will hold the size of the parameters' in bits * - * This function will return the public key algorithm of a PKCS \#10 + * This function will return the public key algorithm of a PKCS \#10 * certificate request. * * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. + * size in bits. For RSA the bits returned is the modulus. * For DSA the bits returned are of the public * exponent. * diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c @@ -37,7 +37,7 @@ */ /* Converts the given OID to an ldap acceptable string or - * a dotted OID. + * a dotted OID. */ static const char * oid2ldap_string (const char *oid) @@ -173,7 +173,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, goto cleanup; } - /* Read the OID + /* Read the OID */ mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); @@ -190,7 +190,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, goto cleanup; } - /* Read the Value + /* Read the Value */ mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); @@ -280,7 +280,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, gnutls_assert (); _gnutls_x509_log ("Found OID: '%s' with value '%s'\n", - oid, mhd_gtls_bin2hex (value2, len, escaped, sizeof_escaped)); + oid, mhd_gtls_bin2hex (value2, len, escaped, + sizeof_escaped)); goto cleanup; } STR_APPEND (str_escape (string, escaped, sizeof_escaped)); @@ -416,7 +417,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, goto cleanup; } - /* Read the OID + /* Read the OID */ mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); @@ -436,7 +437,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, if (strcmp (oid, given_oid) == 0 && indx == i++) { /* Found the OID */ - /* Read the Value + /* Read the Value */ mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); @@ -585,7 +586,7 @@ _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, goto cleanup; } - /* Read the OID + /* Read the OID */ mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); @@ -722,7 +723,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid, if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ - mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ + mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ result = asn1_write_value (asn1_struct, tmp, "NEW", 1); if (result != ASN1_SUCCESS) @@ -777,7 +778,7 @@ _gnutls_x509_write_attribute (const char *given_oid, if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ - mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ + mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ result = asn1_write_value (asn1_struct, tmp, "NEW", 1); if (result != ASN1_SUCCESS) @@ -830,7 +831,7 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, char tmpbuffer[128]; int len, result; - /* Read the OID + /* Read the OID */ mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); @@ -845,14 +846,14 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, return result; } - /* Read the Value + /* Read the Value */ mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); if (multi) - mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ + mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ result = _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); @@ -899,7 +900,7 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); - /* create a new element + /* create a new element */ result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); if (result != ASN1_SUCCESS) diff --git a/src/daemon/https/x509/dn.h b/src/daemon/https/x509/dn.h @@ -38,21 +38,21 @@ #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t * sizeof_buf); + const char *asn1_rdn_name, char *buf, + size_t * sizeof_buf); int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, const char *oid, - int indx, unsigned int raw_flag, void *buf, - size_t * sizeof_buf); + const char *asn1_rdn_name, const char *oid, + int indx, unsigned int raw_flag, void *buf, + size_t * sizeof_buf); int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, const char *oid, - int raw_flag, const char *name, int sizeof_name); + const char *asn1_rdn_name, const char *oid, + int raw_flag, const char *name, int sizeof_name); int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - int indx, void *_oid, size_t * sizeof_oid); + const char *asn1_rdn_name, + int indx, void *_oid, size_t * sizeof_oid); #endif diff --git a/src/daemon/https/x509/dsa.c b/src/daemon/https/x509/dsa.c @@ -59,7 +59,7 @@ _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits) return GNUTLS_E_INTERNAL_ERROR; } - /* generate the DSA key + /* generate the DSA key */ ret = gcry_pk_genkey (&key, parms); gcry_sexp_release (parms); diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c @@ -99,11 +99,11 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, return mhd_gtls_asn2err (result); } - /* Handle Extension + /* Handle Extension */ if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) { - /* extension was found + /* extension was found */ /* read the critical status. @@ -170,7 +170,7 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, } /* This function will attempt to return the requested extension OID found in - * the given X509v3 certificate. + * the given X509v3 certificate. * * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. @@ -223,7 +223,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, return mhd_gtls_asn2err (result); } - /* Handle Extension + /* Handle Extension */ if (indx == indx_counter++) { @@ -260,7 +260,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, } /* This function will attempt to set the requested extension in - * the given X509v3 certificate. + * the given X509v3 certificate. * * Critical will be either 0 or 1. */ @@ -359,7 +359,7 @@ overwrite_extension (ASN1_TYPE asn, unsigned int indx, } /* This function will attempt to overwrite the requested extension with - * the given one. + * the given one. * * Critical will be either 0 or 1. */ @@ -414,11 +414,11 @@ _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, return mhd_gtls_asn2err (result); } - /* Handle Extension + /* Handle Extension */ if (strcmp (extnID, ext_id) == 0) { - /* extension was found + /* extension was found */ return overwrite_extension (cert->cert, k, ext_data, critical); } @@ -839,7 +839,7 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, /* Creates and encodes the CRL Distribution points. data_string should be a name - * and type holds the type of the name. + * and type holds the type of the name. * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. * */ diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h @@ -23,46 +23,46 @@ */ int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, - const char *extension_id, int indx, - gnutls_datum_t * ret, - unsigned int *critical); + const char *extension_id, int indx, + gnutls_datum_t * ret, + unsigned int *critical); int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, - int indx, void *ret, - size_t * ret_size); + int indx, void *ret, + size_t * ret_size); int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, - opaque * extnValue, int extnValueLen); + opaque * extnValue, int extnValueLen); int _gnutls_x509_ext_extract_basicConstraints (int *CA, - int *pathLenConstraint, - opaque * extnValue, - int extnValueLen); + int *pathLenConstraint, + opaque * extnValue, + int extnValueLen); int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, - const char *extension_id, - const gnutls_datum_t * ext_data, - unsigned int critical); + const char *extension_id, + const gnutls_datum_t * ext_data, + unsigned int critical); int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, - gnutls_datum_t * der_ext); + gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t - type, const char *data_string, - gnutls_datum_t * der_ext); + type, const char *data_string, + gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t - type, const void *data_string, - unsigned int reason_flags, - gnutls_datum_t * der_ext); + type, const void *data_string, + unsigned int reason_flags, + gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, - gnutls_datum_t * der_data); + gnutls_datum_t * der_data); int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, - gnutls_datum_t * der_data); + gnutls_datum_t * der_data); int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, - char **policyLanguage, - char **policy, - size_t *sizeof_policy, - opaque * extnValue, - int extnValueLen); + char **policyLanguage, + char **policy, + size_t * sizeof_policy, + opaque * extnValue, + int extnValueLen); int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, - const char *policyLanguage, - const char *policy, - size_t sizeof_policy, - gnutls_datum_t * der_ext); + const char *policyLanguage, + const char *policy, + size_t sizeof_policy, + gnutls_datum_t * der_ext); diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c @@ -335,7 +335,8 @@ cleanup:asn1_delete_structure (&spk); int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, + enum MHD_GNUTLS_PublicKeyAlgorithm + pk_algorithm, enum MHD_GNUTLS_HashAlgorithm dig, mpi_t * params, int params_size) { diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h @@ -26,32 +26,32 @@ #include "x509.h" int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, - mpi_t * params, int *params_size); + mpi_t * params, int *params_size); int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, - gnutls_datum_t * der); + gnutls_datum_t * der); int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, - gnutls_datum_t * der); + gnutls_datum_t * der); int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, - gnutls_datum_t * der); + gnutls_datum_t * der); int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, - unsigned int *ret); + unsigned int *ret); -int -_gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t* out); +int _gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t * out); int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, - mpi_t * ret_mpi); + mpi_t * ret_mpi); int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, - int lz); + int lz); int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, - uint32_t num); + uint32_t num); int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, - enum MHD_GNUTLS_HashAlgorithm, mpi_t * params, - int params_size); + enum MHD_GNUTLS_PublicKeyAlgorithm + pk_algorithm, + enum MHD_GNUTLS_HashAlgorithm, + mpi_t * params, int params_size); diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h @@ -28,7 +28,7 @@ #ifdef __cplusplus extern "C" - { +{ #endif #include <x509.h> @@ -37,15 +37,15 @@ extern "C" /* PKCS12 structures handling */ -struct gnutls_pkcs12_int; + struct gnutls_pkcs12_int; -struct gnutls_pkcs12_bag_int; -typedef struct gnutls_pkcs12_int + struct gnutls_pkcs12_bag_int; + typedef struct gnutls_pkcs12_int { ASN1_TYPE pkcs12; } gnutls_pkcs12_int; -typedef enum gnutls_pkcs12_bag_type_t + typedef enum gnutls_pkcs12_bag_type_t { GNUTLS_BAG_EMPTY = 0, @@ -57,7 +57,7 @@ typedef enum gnutls_pkcs12_bag_type_t GNUTLS_BAG_UNKNOWN = 20 } gnutls_pkcs12_bag_type_t; -struct bag_element + struct bag_element { gnutls_datum_t data; gnutls_pkcs12_bag_type_t type; @@ -65,7 +65,7 @@ struct bag_element char *friendly_name; }; -typedef struct gnutls_pkcs12_bag_int + typedef struct gnutls_pkcs12_bag_int { struct bag_element element[MAX_BAG_ELEMENTS]; int bag_elements; @@ -75,68 +75,54 @@ typedef struct gnutls_pkcs12_bag_int #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" #define KEY_ID_OID "1.2.840.113549.1.9.21" -typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; -typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; - -int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); -void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); -int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags); -int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - -int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, - int indx, - gnutls_pkcs12_bag_t bag); -int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, - gnutls_pkcs12_bag_t bag); - -int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, - const char *pass); -int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, - const char *pass); - -int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, - const char *pass); -int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, - const char *pass, - unsigned int flags); - -gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t - bag, - int indx); -int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, - int indx, - gnutls_datum_t * data); -int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, - gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * data); -int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, - gnutls_x509_crl_t crl); -int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, - gnutls_x509_crt_t crt); - -int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); -void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); -int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag); - -int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, - int indx, - gnutls_datum_t * id); -int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, - int indx, - const gnutls_datum_t * id); - -int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, - int indx, - char **name); -int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, - int indx, - const char *name); + typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; + typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; + + int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); + void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); + int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags); + int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + + int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, + int indx, gnutls_pkcs12_bag_t bag); + int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); + + int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass); + int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass); + + int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass); + int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, + const char *pass, unsigned int flags); + + gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t + bag, int indx); + int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, + int indx, gnutls_datum_t * data); + int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, + gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * data); + int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, + gnutls_x509_crl_t crl); + int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, + gnutls_x509_crt_t crt); + + int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); + void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); + int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag); + + int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, + int indx, gnutls_datum_t * id); + int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, + int indx, const gnutls_datum_t * id); + + int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, + int indx, char **name); + int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, + int indx, const char *name); #ifdef __cplusplus } @@ -152,56 +138,48 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, #define DATA_OID "1.2.840.113549.1.7.1" #define ENC_DATA_OID "1.2.840.113549.1.7.6" -int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); -void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); -int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags); +int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); +void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); +int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags); -int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, - int indx, - gnutls_pkcs12_bag_t bag); +int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, + int indx, gnutls_pkcs12_bag_t bag); -int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); -void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); +int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); +void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); -int _pkcs12_string_to_key(unsigned int id, - const opaque * salt, - unsigned int salt_size, - unsigned int iter, - const char *pw, - unsigned int req_keylen, - opaque * keybuf); +int _pkcs12_string_to_key (unsigned int id, + const opaque * salt, + unsigned int salt_size, + unsigned int iter, + const char *pw, + unsigned int req_keylen, opaque * keybuf); -int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, - const char *password, - gnutls_datum_t * dec); +int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, + const char *password, gnutls_datum_t * dec); typedef enum schema_id - { - PBES2, /* the stuff in PKCS #5 */ - PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ - PKCS12_ARCFOUR_SHA1, - PKCS12_RC2_40_SHA1 - } schema_id; - -int _gnutls_pkcs7_encrypt_data(schema_id schema, - const gnutls_datum_t * data, - const char *password, - gnutls_datum_t * enc); -int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, - gnutls_pkcs12_bag_t bag); - -int _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, - ASN1_TYPE * content, - int *enc); - -int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * in, - gnutls_datum_t * out); -int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, - gnutls_datum_t * out); - -#endif /* GNUTLS_PKCS12_H */ +{ + PBES2, /* the stuff in PKCS #5 */ + PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ + PKCS12_ARCFOUR_SHA1, + PKCS12_RC2_40_SHA1 +} schema_id; + +int _gnutls_pkcs7_encrypt_data (schema_id schema, + const gnutls_datum_t * data, + const char *password, gnutls_datum_t * enc); +int _pkcs12_decode_safe_contents (const gnutls_datum_t * content, + gnutls_pkcs12_bag_t bag); + +int _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, + ASN1_TYPE * content, int *enc); + +int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * in, gnutls_datum_t * out); +int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * raw, gnutls_datum_t * out); + +#endif /* GNUTLS_PKCS12_H */ diff --git a/src/daemon/https/x509/pkcs12_bag.c b/src/daemon/https/x509/pkcs12_bag.c @@ -80,7 +80,7 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag) * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure * @bag: The structure to be initialized * - * This function will deinitialize a PKCS12 Bag structure. + * This function will deinitialize a PKCS12 Bag structure. * **/ void @@ -121,7 +121,7 @@ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx) * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count * @bag: The bag * - * This function will return the number of the elements withing the bag. + * This function will return the number of the elements withing the bag. * **/ int @@ -332,7 +332,7 @@ cleanup: * @data: the data to be copied. * * This function will insert the given data of the given type into the - * bag. + * bag. * * Returns the index of the added bag on success, or a negative * value on error. @@ -475,7 +475,7 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) * This function will add the given key ID, to the specified, by the index, bag * element. The key ID will be encoded as a 'Local key identifier' bag attribute, * which is usually used to distinguish the local private key and the certificate pair. - * + * * Returns 0 on success, or a negative value on error. * **/ @@ -518,7 +518,7 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, * * This function will return the key ID, of the specified bag element. * The key ID is usually used to distinguish the local private key and the certificate pair. - * + * * Returns 0 on success, or a negative value on error. * **/ @@ -552,7 +552,7 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, * * This function will return the friendly name, of the specified bag element. * The key ID is usually used to distinguish the local private key and the certificate pair. - * + * * Returns 0 on success, or a negative value on error. * **/ @@ -587,7 +587,7 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, * This function will add the given key friendly name, to the specified, by the index, bag * element. The name will be encoded as a 'Friendly name' bag attribute, * which is usually used to set a user name to the local private key and the certificate pair. - * + * * Returns 0 on success, or a negative value on error. * **/ @@ -752,7 +752,7 @@ gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, return ret; } - /* encryption succeeded. + /* encryption succeeded. */ _pkcs12_bag_free_data (bag); diff --git a/src/daemon/https/x509/pkcs7.c b/src/daemon/https/x509/pkcs7.c @@ -40,7 +40,7 @@ #define SIGNED_DATA_OID "1.2.840.113549.1.7.2" -/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, +/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, * which holds them. If raw is non null then the raw decoded * data are copied (they are locally allocated) there. */ @@ -175,7 +175,7 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7) * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure * @pkcs7: The structure to be initialized * - * This function will deinitialize a PKCS7 structure. + * This function will deinitialize a PKCS7 structure. * **/ void @@ -298,7 +298,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, return result; } - /* Step 2. Parse the CertificateSet + /* Step 2. Parse the CertificateSet */ snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1); @@ -320,7 +320,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, goto cleanup; } - /* if 'Certificate' is the choice found: + /* if 'Certificate' is the choice found: */ if (strcmp (oid, "certificate") == 0) { @@ -369,7 +369,7 @@ cleanup: * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set * @pkcs7_struct: should contain a gnutls_pkcs7_t structure * - * This function will return the number of certifcates in the PKCS7 or + * This function will return the number of certifcates in the PKCS7 or * RFC2630 certificate set. * * Returns a negative value on failure. @@ -755,12 +755,12 @@ gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, return result; } - /* Step 2. Parse the CertificateSet + /* Step 2. Parse the CertificateSet */ snprintf (root2, sizeof (root2), "crls.?%u", indx + 1); - /* Get the raw CRL + /* Get the raw CRL */ result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, root2, &start, &end); @@ -799,7 +799,7 @@ cleanup: * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set * @pkcs7_struct: should contain a gnutls_pkcs7_t structure * - * This function will return the number of certifcates in the PKCS7 or + * This function will return the number of certifcates in the PKCS7 or * RFC2630 crl set. * * Returns a negative value on failure. diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h @@ -25,7 +25,7 @@ #include "x509.h" ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * - raw_key, - gnutls_x509_privkey_t pkey); + raw_key, + gnutls_x509_privkey_t pkey); int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c @@ -1284,7 +1284,7 @@ error: /* Converts an OID to a gnutls cipher type. */ inline static int -oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm * algo) +oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm *algo) { *algo = 0; diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c @@ -132,8 +132,9 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, * params[1] is public key */ static int -pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, - mpi_t * params, int params_len, gnutls_datum_t * signature) +pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, + const gnutls_datum_t * text, mpi_t * params, int params_len, + gnutls_datum_t * signature) { int ret; opaque _digest[MAX_HASH_SIZE]; @@ -163,7 +164,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, if ((ret = mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, - signature)) < 0) + signature)) < 0) { gnutls_assert (); _gnutls_free_datum (&info); @@ -179,7 +180,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, * private key. * * returns 0 on success. - * + * * 'tbs' is the data to be signed * 'signature' will hold the signature! * 'hash' is only used in PKCS1 RSA signing. @@ -327,7 +328,7 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, } /* Step 3. Move up and write the AlgorithmIdentifier, which is also - * the same. + * the same. */ result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h @@ -23,14 +23,14 @@ */ int _gnutls_x509_sign (const gnutls_datum_t * tbs, - enum MHD_GNUTLS_HashAlgorithm hash, - gnutls_x509_privkey_t signer, - gnutls_datum_t * signature); + enum MHD_GNUTLS_HashAlgorithm hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature); int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, - enum MHD_GNUTLS_HashAlgorithm hash, - gnutls_x509_privkey_t signer, - gnutls_datum_t * signature); + enum MHD_GNUTLS_HashAlgorithm hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature); int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, - enum MHD_GNUTLS_HashAlgorithm, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); + enum MHD_GNUTLS_HashAlgorithm, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); diff --git a/src/daemon/https/x509/verify.h b/src/daemon/https/x509/verify.h @@ -25,10 +25,10 @@ #include "x509.h" int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); + gnutls_x509_crt_t issuer); int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_x509_crt_t issuer); + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer); int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_x509_privkey_t issuer); + const gnutls_datum_t * signature, + gnutls_x509_privkey_t issuer); diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c @@ -76,7 +76,7 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert) * @dest: The structure where to copy * @src: The structure to be copied * - * This function will copy an X.509 certificate structure. + * This function will copy an X.509 certificate structure. * * Returns 0 on success. * @@ -131,7 +131,7 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure * @cert: The structure to be initialized * - * This function will deinitialize a CRL structure. + * This function will deinitialize a CRL structure. * **/ void @@ -456,8 +456,8 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm * @cert: should contain a gnutls_x509_crt_t structure * - * This function will return a value of the gnutls_sign_algorithm_t enumeration that - * is the signature algorithm. + * This function will return a value of the gnutls_sign_algorithm_t enumeration that + * is the signature algorithm. * * Returns a negative value on error. * @@ -635,11 +635,11 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) * @result: The place where the serial number will be copied * @result_size: Holds the size of the result field. * - * This function will return the X.509 certificate's serial number. + * This function will return the X.509 certificate's serial number. * This is obtained by the X509 Certificate serialNumber * field. Serial is not always a 32 or 64bit number. Some CAs use * large serial numbers, thus it may be wise to handle it as something - * opaque. + * opaque. * * Returns 0 on success and a negative value in case of an error. * @@ -680,7 +680,7 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, * * This function will return the X.509v3 certificate's subject key identifier. * This is obtained by the X.509 Subject Key identifier extension - * field (2.5.29.14). + * field (2.5.29.14). * * Returns 0 on success and a negative value in case of an error. * @@ -850,11 +850,11 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, * @cert: should contain a gnutls_x509_crt_t structure * @bits: if bits is non null it will hold the size of the parameters' in bits * - * This function will return the public key algorithm of an X.509 + * This function will return the public key algorithm of an X.509 * certificate. * * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. + * size in bits. For RSA the bits returned is the modulus. * For DSA the bits returned are of the public * exponent. * @@ -1353,7 +1353,7 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) * @key_usage: where the key usage bits will be stored * @critical: will be non zero if the extension is marked as critical * - * This function will return certificate's key usage, by reading the + * This function will return certificate's key usage, by reading the * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, @@ -1547,7 +1547,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, * The extension OID will be stored as a string in the provided buffer. * * A negative value may be returned in case of parsing error. - * If your have reached the last extension available + * If your have reached the last extension available * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. * **/ @@ -2166,7 +2166,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, } result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, - output_data_size); + output_data_size); gnutls_afree (pubkey.data); @@ -2813,7 +2813,7 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, } } - /* now we move ptr after the pem header + /* now we move ptr after the pem header */ ptr++; /* find the next certificate (if any) diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h @@ -29,7 +29,7 @@ #ifdef __cplusplus extern "C" - { +{ #endif #include <gnutls.h> @@ -78,7 +78,7 @@ extern "C" /* Certificate handling functions. */ -typedef enum gnutls_certificate_import_flags + typedef enum gnutls_certificate_import_flags { /* Fail if the certificates in the buffer are more than the space * allocated for certificates. The error code will be @@ -87,71 +87,61 @@ typedef enum gnutls_certificate_import_flags GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 } gnutls_certificate_import_flags; -int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); -void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); -int gnutls_x509_crt_import(gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, - unsigned int *cert_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags); -int gnutls_x509_crt_export(gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); -int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, - char *buf, - size_t * sizeof_buf); -int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, - int indx, - void *oid, - size_t * sizeof_oid); -int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, - const char *oid, + int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); + void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); + int gnutls_x509_crt_import (gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, + unsigned int *cert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); + int gnutls_x509_crt_export (gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, + char *buf, size_t * sizeof_buf); + int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, - unsigned int raw_flag, - void *buf, - size_t * sizeof_buf); -int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, - char *buf, - size_t * sizeof_buf); -int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, - int indx, - void *oid, - size_t * sizeof_oid); -int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, - const char *oid, - int indx, - unsigned int raw_flag, - void *buf, - size_t * sizeof_buf); -int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, - const char *hostname); - -int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, - char *sig, - size_t *sizeof_sig); -int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); - -int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, - const void *id, - size_t id_size); -int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, - void *ret, - size_t * ret_size, - unsigned int *critical); - -int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, - void *ret, - size_t * ret_size, - unsigned int *critical); + void *oid, size_t * sizeof_oid); + int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, + int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); + int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, + char *buf, size_t * sizeof_buf); + int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, + int indx, void *oid, size_t * sizeof_oid); + int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, + int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); + int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, + const char *hostname); + + int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, + char *sig, size_t * sizeof_sig); + int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + + int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, + const void *id, size_t id_size); + int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, + void *ret, + size_t * ret_size, + unsigned int *critical); + + int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, + void *ret, + size_t * ret_size, + unsigned int *critical); #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 @@ -163,336 +153,303 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 -int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size, - unsigned int *reason_flags, - unsigned int *critical); -int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, - const void *data_string, - unsigned int reason_flags); -int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, - gnutls_x509_crt_t src); - -time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); -time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, - void *result, - size_t * result_size); - -int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, - unsigned int *bits); -int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * m, - gnutls_datum_t * e); -int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y); - -int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size, - unsigned int *critical); -int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size, - unsigned int* ret_type, - unsigned int *critical); - -int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size); - -int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, - unsigned int *critical); -int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, - unsigned int *critical, - int *ca, - int *pathlen); + int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, + unsigned int seq, + void *ret, + size_t * ret_size, + unsigned int *reason_flags, + unsigned int *critical); + int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, + const void *data_string, + unsigned int reason_flags); + int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, + gnutls_x509_crt_t src); + + time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert); + time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, + void *result, size_t * result_size); + + int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, + unsigned int *bits); + int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, + gnutls_datum_t * m, gnutls_datum_t * e); + int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y); + + int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, + unsigned int seq, + void *ret, + size_t * ret_size, + unsigned int *critical); + int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, + unsigned int seq, + void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical); + + int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, + unsigned int seq, + void *ret, + size_t * ret_size); + + int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, + unsigned int *critical); + int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, + unsigned int *critical, + int *ca, int *pathlen); /* The key_usage flags are defined in gnutls.h. They are the * GNUTLS_KEY_* definitions. */ -int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical); -int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, - unsigned int usage); + int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical); + int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, + unsigned int usage); -int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, - unsigned int *critical, - int *pathlen, - char **policyLanguage, - char **policy, - size_t *sizeof_policy); + int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, + unsigned int *critical, + int *pathlen, + char **policyLanguage, + char **policy, size_t * sizeof_policy); -int gnutls_x509_dn_oid_known(const char *oid); + int gnutls_x509_dn_oid_known (const char *oid); /* Read extensions by OID. */ -int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, - int indx, - void *oid, - size_t * sizeof_oid); -int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, - const char *oid, + int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, - void *buf, - size_t * sizeof_buf, - unsigned int *critical); + void *oid, size_t * sizeof_oid); + int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, + const char *oid, + int indx, + void *buf, + size_t * sizeof_buf, + unsigned int *critical); /* Read extensions by sequence number. */ -int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, - int indx, - void *oid, - size_t * sizeof_oid, - int *critical); -int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, - int indx, - void *data, - size_t * sizeof_data); - -int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, - const char *oid, - const void *buf, - size_t sizeof_buf, - unsigned int critical); + int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, + int indx, + void *oid, + size_t * sizeof_oid, int *critical); + int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, + int indx, + void *data, size_t * sizeof_data); + + int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, + const char *oid, + const void *buf, + size_t sizeof_buf, + unsigned int critical); /* X.509 Certificate writing. */ -int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); -int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); -int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, - unsigned int version); -int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, - gnutls_x509_privkey_t key); -int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, - unsigned int ca); -int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, - unsigned int ca, - int pathLenConstraint); -int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, - const char *data_string); -int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); -int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - enum MHD_GNUTLS_HashAlgorithm, - unsigned int flags); -int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, - time_t act_time); -int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, - time_t exp_time); -int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, - const void *serial, - size_t serial_size); - -int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, - const void *id, - size_t id_size); - -int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, - gnutls_x509_crt_t eecrt, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); -int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, - int pathLenConstraint, - const char *policyLanguage, - const char *policy, - size_t sizeof_policy); - -typedef enum gnutls_certificate_print_formats + int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, + unsigned int version); + int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, + gnutls_x509_privkey_t key); + int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca); + int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, + unsigned int ca, + int pathLenConstraint); + int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, + const char *data_string); + int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); + int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + enum MHD_GNUTLS_HashAlgorithm, + unsigned int flags); + int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, + time_t act_time); + int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, + time_t exp_time); + int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, + const void *serial, size_t serial_size); + + int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, + const void *id, size_t id_size); + + int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, + gnutls_x509_crt_t eecrt, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, + int pathLenConstraint, + const char *policyLanguage, + const char *policy, size_t sizeof_policy); + + typedef enum gnutls_certificate_print_formats { GNUTLS_X509_CRT_FULL, GNUTLS_X509_CRT_ONELINE, GNUTLS_X509_CRT_UNSIGNED_FULL } gnutls_certificate_print_formats_t; -int gnutls_x509_crt_print(gnutls_x509_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t *out); -int gnutls_x509_crl_print(gnutls_x509_crl_t crl, - gnutls_certificate_print_formats_t format, - gnutls_datum_t *out); + int gnutls_x509_crt_print (gnutls_x509_crt_t cert, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); + int gnutls_x509_crl_print (gnutls_x509_crl_t crl, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); /* Access to internal Certificate fields. */ -int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, - gnutls_datum_t * start); -int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, - gnutls_datum_t * start); + int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, + gnutls_datum_t * start); + int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, + gnutls_datum_t * start); /* RDN handling. */ -int gnutls_x509_rdn_get(const gnutls_datum_t * idn, - char *buf, - size_t * sizeof_buf); -int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, - int indx, - void *buf, - size_t * sizeof_buf); - -int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, - const char *oid, - int indx, - unsigned int raw_flag, - void *buf, - size_t * sizeof_buf); - -typedef void *gnutls_x509_dn_t; - -typedef struct gnutls_x509_ava_st + int gnutls_x509_rdn_get (const gnutls_datum_t * idn, + char *buf, size_t * sizeof_buf); + int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, + int indx, void *buf, size_t * sizeof_buf); + + int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, + const char *oid, + int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); + + typedef void *gnutls_x509_dn_t; + + typedef struct gnutls_x509_ava_st { gnutls_datum_t oid; gnutls_datum_t value; unsigned long value_tag; } gnutls_x509_ava_st; -int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, - gnutls_x509_dn_t *dn); -int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, - gnutls_x509_dn_t *dn); -int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, - int irdn, - int iava, - gnutls_x509_ava_st *avast); + int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, + gnutls_x509_dn_t * dn); + int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, + gnutls_x509_dn_t * dn); + int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, + int irdn, + int iava, gnutls_x509_ava_st * avast); /* CRL handling functions. */ -int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); -void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); - -int gnutls_x509_crl_import(gnutls_x509_crl_t crl, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crl_export(gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - -int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, - char *buf, - size_t * sizeof_buf); -int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, - const char *oid, - int indx, - unsigned int raw_flag, - void *buf, - size_t * sizeof_buf); -int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, - int indx, - void *oid, - size_t * sizeof_oid); - -int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl); -int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, - char *sig, - size_t *sizeof_sig); -int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl); - -time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl); -time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl); - -int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); -int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, - int indx, - unsigned char *serial, - size_t * serial_size, - time_t * t); + int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); + void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); + + int gnutls_x509_crl_import (gnutls_x509_crl_t crl, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crl_export (gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + + int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, + char *buf, size_t * sizeof_buf); + int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, + const char *oid, + int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); + int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, + int indx, void *oid, size_t * sizeof_oid); + + int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl); + int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, + char *sig, size_t * sizeof_sig); + int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl); + + time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl); + time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl); + + int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); + int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, + int indx, + unsigned char *serial, + size_t * serial_size, time_t * t); #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial -int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer); + int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer); /* CRL writing. */ -int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, - unsigned int version); -int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); -int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - enum MHD_GNUTLS_HashAlgorithm, - unsigned int flags); -int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, - time_t act_time); -int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, - time_t exp_time); -int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, - const void *serial, - size_t serial_size, - time_t revocation_time); -int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, - gnutls_x509_crt_t crt, - time_t revocation_time); + int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, + unsigned int version); + int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); + int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + enum MHD_GNUTLS_HashAlgorithm, + unsigned int flags); + int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, + time_t act_time); + int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, + time_t exp_time); + int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, + const void *serial, + size_t serial_size, + time_t revocation_time); + int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, + gnutls_x509_crt_t crt, time_t revocation_time); /* PKCS7 structures handling */ -struct gnutls_pkcs7_int; -typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; - -int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); -void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); -int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - -int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7); -int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, - int indx, - void *certificate, - size_t * certificate_size); - -int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crt); -int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_t crt); -int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, - int indx); - -int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, - int indx, - void *crl, - size_t * crl_size); -int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7); - -int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crt); -int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, - gnutls_x509_crl_t crl); -int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, - int indx); + struct gnutls_pkcs7_int; + typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; + + int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7); + void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7); + int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + + int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7); + int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, + int indx, + void *certificate, size_t * certificate_size); + + int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crt); + int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); + int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx); + + int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, + int indx, void *crl, size_t * crl_size); + int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7); + + int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crt); + int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); + int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx); /* X.509 Certificate verification functions. */ -typedef enum gnutls_certificate_verify_flags + typedef enum gnutls_certificate_verify_flags { /* If set a signer does not have to be a certificate authority. This * flag should normaly be disabled, unless you know what this means. @@ -527,58 +484,53 @@ typedef enum gnutls_certificate_verify_flags GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 } gnutls_certificate_verify_flags; -int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); - -int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, - int cert_list_length, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, - const gnutls_x509_crl_t * CRL_list, - int CRL_list_length, - unsigned int flags, - unsigned int *verify); - -int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, - unsigned int flags, - unsigned int *verify); -int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, - unsigned int flags, - unsigned int *verify); - -int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * - crl_list, - int crl_list_length); - -int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, - enum MHD_GNUTLS_HashAlgorithm algo, - void *buf, - size_t * sizeof_buf); - -int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, - int indx, - void *oid, - size_t * sizeof_oid, - unsigned int *critical); -int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, - const void *oid, - unsigned int critical); + int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer); + + int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, + int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, + unsigned int flags, unsigned int *verify); + + int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + unsigned int flags, unsigned int *verify); + int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + unsigned int flags, unsigned int *verify); + + int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * + crl_list, int crl_list_length); + + int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, + enum MHD_GNUTLS_HashAlgorithm algo, + void *buf, size_t * sizeof_buf); + + int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, + int indx, + void *oid, + size_t * sizeof_oid, + unsigned int *critical); + int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, + const void *oid, + unsigned int critical); /* Private key handling. */ /* Flags for the gnutls_x509_privkey_export_pkcs8() function. */ -typedef enum gnutls_pkcs_encrypt_flags_t + typedef enum gnutls_pkcs_encrypt_flags_t { - GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not - * be encrypted. - */ + GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not + * be encrypted. + */ GNUTLS_PKCS_USE_PKCS12_3DES = 2, GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, @@ -590,154 +542,143 @@ typedef enum gnutls_pkcs_encrypt_flags_t #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 -int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); -void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); -int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, - gnutls_x509_privkey_t src); -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char *pass, - unsigned int flags); -int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u); -int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key); - -int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); -int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y, - const gnutls_datum_t * x); - -int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); -int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); - -int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, - enum MHD_GNUTLS_PublicKeyAlgorithm algo, - unsigned int bits, - unsigned int flags); - -int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); -int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size); -int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); + int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); + void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); + int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, + gnutls_x509_privkey_t src); + int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *pass, unsigned int flags); + int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); + int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); + + int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x); + int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y, + const gnutls_datum_t * x); + + int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); + int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + + int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, + enum MHD_GNUTLS_PublicKeyAlgorithm algo, + unsigned int bits, unsigned int flags); + + int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size); + int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); /* Signing stuff. */ -int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, - enum MHD_GNUTLS_HashAlgorithm digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, - size_t * signature_size); -int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature); -int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature); + int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, + enum MHD_GNUTLS_HashAlgorithm digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, + size_t * signature_size); + int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); + int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); -int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); + int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature); /* Certificate request stuff. */ -struct gnutls_x509_crq_int; -typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; - -int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); -void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); -int gnutls_x509_crq_import(gnutls_x509_crq_t crq, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, - unsigned int *bits); -int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, - char *buf, - size_t * sizeof_buf); -int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, - int indx, - void *oid, - size_t * sizeof_oid); -int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, - const char *oid, - int indx, - unsigned int raw_flag, - void *buf, - size_t * sizeof_buf); -int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); -int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, - unsigned int version); -int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key); -int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key, - enum MHD_GNUTLS_HashAlgorithm, - unsigned int flags); -int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key); - -int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, - const char *pass); -int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, - char *pass, - size_t * sizeof_pass); - -int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, - const char *oid, - void *buf, - size_t sizeof_buf); -int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, - const char *oid, - int indx, - void *buf, - size_t * sizeof_buf); - -int gnutls_x509_crq_export(gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - -int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, - gnutls_x509_crq_t crq); + struct gnutls_x509_crq_int; + typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; + + int gnutls_x509_crq_init (gnutls_x509_crq_t * crq); + void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq); + int gnutls_x509_crq_import (gnutls_x509_crq_t crq, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, + unsigned int *bits); + int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, + char *buf, size_t * sizeof_buf); + int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, + int indx, void *oid, size_t * sizeof_oid); + int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, + const char *oid, + int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); + int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, + unsigned int version); + int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key); + int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key, + enum MHD_GNUTLS_HashAlgorithm, + unsigned int flags); + int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); + + int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, + const char *pass); + int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, + char *pass, + size_t * sizeof_pass); + + int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, + const char *oid, + void *buf, size_t sizeof_buf); + int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, + const char *oid, + int indx, + void *buf, size_t * sizeof_buf); + + int gnutls_x509_crq_export (gnutls_x509_crq_t crq, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + + int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); #ifdef __cplusplus } @@ -752,17 +693,17 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" typedef struct gnutls_x509_crl_int - { - ASN1_TYPE crl; - } gnutls_x509_crl_int; +{ + ASN1_TYPE crl; +} gnutls_x509_crl_int; typedef struct gnutls_x509_crt_int - { - ASN1_TYPE cert; - int use_extensions; - } gnutls_x509_crt_int; +{ + ASN1_TYPE cert; + int use_extensions; +} gnutls_x509_crt_int; -#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ +#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PRIVATE_PARAMS 5 @@ -779,140 +720,130 @@ typedef struct gnutls_x509_crt_int #endif typedef struct MHD_gtls_x509_privkey_int - { - mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm - */ - /* - * RSA: [0] is modulus - * [1] is public exponent - * [2] is private exponent - * [3] is prime1 (p) - * [4] is prime2 (q) - * [5] is coefficient (u == inverse of p mod q) - * note that other packages used inverse of q mod p, - * so we need to perform conversions. - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is y (public key) - * [4] is x (private key) - */ - int params_size; /* holds the number of params */ - - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; - - int crippled; /* The crippled keys will not use the ASN1_TYPE key. - * The encoding will only be performed at the export - * phase, to optimize copying etc. Cannot be used with - * the exported API (used internally only). - */ - ASN1_TYPE key; - } gnutls_x509_privkey_int; - -int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, - const char *oid, - int indx, - unsigned int raw_flag, - void *buf, - size_t * sizeof_buf); -int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size, - unsigned int *critical); -int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, - const char *oid, - int indx, - unsigned int raw_flag, - void *buf, - size_t * sizeof_buf); -int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, - unsigned int *critical); -int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, - unsigned int *bits); - -int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, - gnutls_x509_crt_t src); - -int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, - void *result, - size_t * result_size); - -int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2); - -int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length); - -int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, - gnutls_x509_crl_t src); -int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, - gnutls_datum_t * dn); -int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); -int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, +{ + mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public + * key algorithm + */ + /* + * RSA: [0] is modulus + * [1] is public exponent + * [2] is private exponent + * [3] is prime1 (p) + * [4] is prime2 (q) + * [5] is coefficient (u == inverse of p mod q) + * note that other packages used inverse of q mod p, + * so we need to perform conversions. + * DSA: [0] is p + * [1] is q + * [2] is g + * [3] is y (public key) + * [4] is x (private key) + */ + int params_size; /* holds the number of params */ + + enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; + + int crippled; /* The crippled keys will not use the ASN1_TYPE key. + * The encoding will only be performed at the export + * phase, to optimize copying etc. Cannot be used with + * the exported API (used internally only). + */ + ASN1_TYPE key; +} gnutls_x509_privkey_int; + +int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, + int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); +int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, + unsigned int seq, + void *ret, + size_t * ret_size, + unsigned int *critical); +int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, int indx, - unsigned char *serial, - size_t * serial_size, - time_t * t); - -void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); -int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); -int gnutls_x509_crl_import(gnutls_x509_crl_t crl, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crl_export(gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - -int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); -void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); -int gnutls_x509_crt_import(gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crt_export(gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - -int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical); -int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); - -int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); -void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); - -int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, - enum MHD_GNUTLS_PublicKeyAlgorithm algo, - unsigned int bits, - unsigned int flags); - -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); -int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u); -int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); -int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); +int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, + unsigned int *critical); +int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, + unsigned int *bits); + +int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src); + +int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, + void *result, size_t * result_size); + +int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, + const gnutls_datum_t * dn2); + +int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * crl_list, + int crl_list_length); + +int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src); +int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, + gnutls_datum_t * dn); +int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); +int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, + int indx, + unsigned char *serial, + size_t * serial_size, time_t * t); + +void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); +int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); +int gnutls_x509_crl_import (gnutls_x509_crl_t crl, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_crl_export (gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + +int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); +void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); +int gnutls_x509_crt_import (gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_crt_export (gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + +int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical); +int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); +int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); + +int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); +void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); + +int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, + enum MHD_GNUTLS_PublicKeyAlgorithm algo, + unsigned int bits, unsigned int flags); + +int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); +int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); +int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); +int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c @@ -446,7 +446,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, * * This function will convert the given RSA raw parameters * to the native gnutls_x509_privkey_t format. The output will be stored in @key. - * + * **/ int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, @@ -646,7 +646,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, * This function will export the RSA private key's parameters found in the given * structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. - * + * **/ int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, @@ -760,7 +760,7 @@ error:_gnutls_free_datum (m); * This function will export the DSA private key's parameters found in the given * structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. - * + * **/ int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, @@ -960,7 +960,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params) goto cleanup; } - /* Write PRIME + /* Write PRIME */ if ((result = asn1_write_value (*c2, "modulus", m_data, size[0])) != ASN1_SUCCESS) @@ -1120,7 +1120,7 @@ _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params) goto cleanup; } - /* Write PRIME + /* Write PRIME */ if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) { @@ -1183,7 +1183,7 @@ cleanup:asn1_delete_structure (c2); * @flags: unused for now. Must be 0. * * This function will generate a random private key. Note that - * this function must be called on an empty private key. + * this function must be called on an empty private key. * * Returns 0 on success or a negative value on error. * @@ -1409,7 +1409,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, } result = mhd_gtls_sign (key->pk_algorithm, key->params, - key->params_size, hash, signature); + key->params_size, hash, signature); if (result < 0) { gnutls_assert (); diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c @@ -201,7 +201,7 @@ find_issuer (gnutls_x509_crt_t cert, { int i; - /* this is serial search. + /* this is serial search. */ for (i = 0; i < tcas_size; i++) @@ -214,11 +214,11 @@ find_issuer (gnutls_x509_crt_t cert, return NULL; } -/* +/* * Verifies the given certificate again a certificate list of * trusted CAs. * - * Returns only 0 or 1. If 1 it means that the certificate + * Returns only 0 or 1. If 1 it means that the certificate * was successfuly verified. * * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. @@ -435,7 +435,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, clist_size--; } - /* Verify the certificate path (chain) + /* Verify the certificate path (chain) */ for (i = clist_size - 1; i > 0; i--) { @@ -465,7 +465,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, */ static int decode_ber_digest_info (const gnutls_datum_t * info, - enum MHD_GNUTLS_HashAlgorithm * hash, + enum MHD_GNUTLS_HashAlgorithm *hash, opaque * digest, int *digest_size) { ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; @@ -664,7 +664,7 @@ verify_sig (const gnutls_datum_t * tbs, /* verifies if the certificate is properly signed. * returns 0 on failure and 1 on success. - * + * * 'tbs' is the signed data * 'signature' is the signature! */ @@ -707,7 +707,7 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, /* verifies if the certificate is properly signed. * returns 0 on failure and 1 on success. - * + * * 'tbs' is the signed data * 'signature' is the signature! */ @@ -743,12 +743,12 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, * Note that expiration and activation dates are not checked * by this function, you should check them using the appropriate functions. * - * If no flags are specified (0), this function will use the - * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate + * If no flags are specified (0), this function will use the + * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate * authority is allowed to sign a certificate. * - * You must also check the peer's name in order to check if the verified - * certificate belongs to the actual peer. + * You must also check the peer's name in order to check if the verified + * certificate belongs to the actual peer. * * The certificate verification output will be put in @verify and will be * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. @@ -774,7 +774,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, if (cert_list == NULL || cert_list_length == 0) return GNUTLS_E_NO_CERTIFICATE_FOUND; - /* Verify certificate + /* Verify certificate */ *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, CA_list, CA_list_length, @@ -792,7 +792,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. * @verify: will hold the certificate verification output. * - * This function will try to verify the given certificate and return its status. + * This function will try to verify the given certificate and return its status. * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. * * Returns 0 on success and a negative value in case of an error. @@ -805,7 +805,7 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert, unsigned int flags, unsigned int *verify) { int ret; - /* Verify certificate + /* Verify certificate */ ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, verify); @@ -861,7 +861,7 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, unsigned int *verify) { int ret; - /* Verify crl + /* Verify crl */ ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); if (ret < 0) @@ -912,7 +912,7 @@ find_crl_issuer (gnutls_x509_crl_t crl, { int i; - /* this is serial search. + /* this is serial search. */ for (i = 0; i < tcas_size; i++) @@ -925,14 +925,14 @@ find_crl_issuer (gnutls_x509_crl_t crl, return NULL; } -/* +/* * Returns only 0 or 1. If 1 it means that the CRL * was successfuly verified. * * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. * * Output will hold information about the verification - * procedure. + * procedure. */ static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl, diff --git a/src/daemon/https/x509/x509_write.c b/src/daemon/https/x509/x509_write.c @@ -118,7 +118,7 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, } /** - * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name + * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name * @crt: a gnutls_x509_crt_t structure with the new proxy cert * @eecrt: the end entity certificate that will be issuing the proxy * @raw_flag: must be 0, or 1 if the CN is DER encoded @@ -407,7 +407,7 @@ gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca) * @crt: should contain a gnutls_x509_crt_t structure * @usage: an ORed sequence of the GNUTLS_KEY_* elements. * - * This function will set the keyUsage certificate extension. + * This function will set the keyUsage certificate extension. * * Returns 0 on success. * @@ -454,7 +454,7 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) * @type: is one of the gnutls_x509_subject_alt_name_t enumerations * @data_string: The data to be set * - * This function will set the subject alternative name certificate extension. + * This function will set the subject alternative name certificate extension. * * Returns 0 on success. * @@ -520,7 +520,7 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, * and negative values indicate that the pathLenConstraints field should * not be present. * @policyLanguage: OID describing the language of @policy. - * @policy: opaque byte array with policy language, can be %NULL + * @policy: opaque byte array with policy language, can be %NULL * @sizeof_policy: size of @policy. * * This function will set the proxyCertInfo extension. @@ -688,10 +688,10 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time) * @serial: The serial number * @serial_size: Holds the size of the serial field. * - * This function will set the X.509 certificate's serial number. + * This function will set the X.509 certificate's serial number. * Serial is not always a 32 or 64bit number. Some CAs use * large serial numbers, thus it may be wise to handle it as something - * opaque. + * opaque. * * Returns 0 on success, or a negative value in case of an error. * @@ -748,7 +748,7 @@ disable_optional_stuff (gnutls_x509_crt_t cert) * @data_string: The data to be set * @reason_flags: revocation reasons * - * This function will set the CRL distribution points certificate extension. + * This function will set the CRL distribution points certificate extension. * * Returns 0 on success. * @@ -814,7 +814,7 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, * @dst: should contain a gnutls_x509_crt_t structure * @src: the certificate where the dist points will be copied from * - * This function will copy the CRL distribution points certificate + * This function will copy the CRL distribution points certificate * extension, from the source to the destination certificate. * This may be useful to copy from a CA certificate to issued ones. * diff --git a/src/daemon/internal.h b/src/daemon/internal.h @@ -279,7 +279,7 @@ enum MHD_CONNECTION_STATE * Handshake messages will be processed in this state & while * in the 'MHD_TLS_HELLO_REQUEST' state */ - MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_CLOSED +1, + MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_CLOSED + 1, /* * This state indicates the server has send a 'Hello Request' to @@ -303,7 +303,7 @@ enum MHD_CONNECTION_STATE #define DEBUG_STATES MHD_NO #if DEBUG_STATES -char * MHD_state_to_string(enum MHD_CONNECTION_STATE state); +char *MHD_state_to_string (enum MHD_CONNECTION_STATE state); #endif struct MHD_Connection @@ -543,9 +543,9 @@ struct MHD_Connection * function pointers to the appropriate send & receive funtions * according to whether this is a HTTPS / HTTP daemon */ - ssize_t (*recv_cls) (struct MHD_Connection * connection); + ssize_t (*recv_cls) (struct MHD_Connection * connection); - ssize_t (*send_cls) (struct MHD_Connection * connection); + ssize_t (*send_cls) (struct MHD_Connection * connection); #if HTTPS_SUPPORT /* TODO rename as this might be an SSL connection */ @@ -641,13 +641,13 @@ struct MHD_Daemon /* Diffie-Hellman parameters */ mhd_gtls_dh_params_t dh_params; - const char * https_key_path; + const char *https_key_path; - const char * https_cert_path; + const char *https_cert_path; - const char * https_mem_key; + const char *https_mem_key; - const char * https_mem_cert; + const char *https_mem_cert; #endif }; diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h @@ -280,7 +280,6 @@ enum MHD_FLAG * MHD, and OFF in production. */ MHD_USE_PEDANTIC_CHECKS = 32 - }; /** @@ -373,7 +372,7 @@ enum MHD_OPTION * This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_CERT'. */ MHD_OPTION_HTTPS_MEM_KEY = 9, - + /** * Memory pointer for the certificate (cert.pem) to be used by the * HTTPS daemon. This option should be followed by an @@ -392,16 +391,16 @@ enum MHD_OPTION /** * SSL/TLS protocol version. * - * Memory pointer to a zero (MHD_GNUTLS_PROTOCOL_END) terminated + * Memory pointer to a zero (MHD_GNUTLS_PROTOCOL_END) terminated * (const) array of 'enum MHD_GNUTLS_Protocol' values representing the * protocol versions to this server should support. Unsupported - * requests will be droped by the server. + * requests will be droped by the server. */ MHD_OPTION_PROTOCOL_VERSION = 12, /** - * Memory pointer to a zero (MHD_GNUTLS_CIPHER_UNKNOWN) - * terminated (const) array of 'enum MHD_GNUTLS_CipherAlgorithm' + * Memory pointer to a zero (MHD_GNUTLS_CIPHER_UNKNOWN) + * terminated (const) array of 'enum MHD_GNUTLS_CipherAlgorithm' * representing the cipher priority order to which the HTTPS * daemon should adhere. */ @@ -421,7 +420,7 @@ enum MHD_OPTION MHD_OPTION_CERT_TYPE = 15, /** - * Specify the mac algorithm used by server. + * Specify the mac algorithm used by server. * The argument should be of type "enum MHD_GNUTLS_MacAlgorithm" */ MHD_OPTION_MAC_ALGO = 16, @@ -481,7 +480,6 @@ enum MHD_ValueKind * HTTP footer (only for http 1.1 chunked encodings). */ MHD_FOOTER_KIND = 16 - }; /** @@ -519,13 +517,12 @@ enum MHD_RequestTerminationCode /* FIXME: add TLS-specific error codes, but only those that are useful! */ /** - * Processing of this secure connection encountered + * Processing of this secure connection encountered * an error. */ MHD_TLS_REQUEST_TERMINATED_WITH_ERROR, - - MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT + MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT }; /** @@ -546,7 +543,7 @@ enum MHD_GNUTLS_CipherAlgorithm MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, MHD_GNUTLS_CIPHER_RC2_40_CBC = 90, MHD_GNUTLS_CIPHER_DES_CBC -}; // enum MHD_GNUTLS_CipherAlgorithm; +}; // enum MHD_GNUTLS_CipherAlgorithm; /** * Which public key algorithm should be used @@ -568,7 +565,7 @@ enum MHD_GNUTLS_KeyExchangeAlgorithm }; /** - * Server credentials type + * Server credentials type */ enum MHD_GNUTLS_CredentialsType { @@ -590,8 +587,8 @@ enum MHD_GNUTLS_HashAlgorithm MHD_GNUTLS_MAC_MD5, MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_MAC_SHA256 - //GNUTLS_MAC_SHA384, - //GNUTLS_MAC_SHA512 + //GNUTLS_MAC_SHA384, + //GNUTLS_MAC_SHA512 }; /** @@ -630,7 +627,7 @@ enum MHD_GNUTLS_PublicKeyAlgorithm { MHD_GNUTLS_PK_UNKNOWN = 0, MHD_GNUTLS_PK_RSA = 1 - //GNUTLS_PK_DSA + //GNUTLS_PK_DSA }; /** @@ -906,18 +903,18 @@ typedef int * terminated with MHD_OPTION_END). * @return NULL on error, handle to daemon on success */ -struct MHD_Daemon * -MHD_start_daemon_va (unsigned int options, - unsigned short port, - MHD_AcceptPolicyCallback apc, - void *apc_cls, - MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); +struct MHD_Daemon *MHD_start_daemon_va (unsigned int options, + unsigned short port, + MHD_AcceptPolicyCallback apc, + void *apc_cls, + MHD_AccessHandlerCallback dh, + void *dh_cls, va_list ap); /* * Variadic version of MHD_start_daemon_va. This function will delegate calls * to MHD_start_daemon_va() once argument list is analyzed. */ -struct MHD_Daemon * MHD_start_daemon (unsigned int flags, +struct MHD_Daemon *MHD_start_daemon (unsigned int flags, unsigned short port, MHD_AcceptPolicyCallback apc, void *apc_cls, @@ -1014,9 +1011,8 @@ MHD_get_connection_values (struct MHD_Connection *connection, */ int MHD_set_connection_value (struct MHD_Connection *connection, - enum MHD_ValueKind kind, - const char *key, - const char *value); + enum MHD_ValueKind kind, + const char *key, const char *value); /** * Get a particular header value. If multiple @@ -1129,7 +1125,7 @@ MHD_get_response_headers (struct MHD_Response *response, * @param key which header to get * @return NULL if header does not exist */ -const char * MHD_get_response_header (struct MHD_Response *response, +const char *MHD_get_response_header (struct MHD_Response *response, const char *key); @@ -1211,10 +1207,11 @@ union MHD_ConnectionInfo * @return NULL if this information is not available * (or if the infoType is unknown) */ -const union MHD_ConnectionInfo * -MHD_get_connection_info (struct MHD_Connection * connection, - enum MHD_ConnectionInfoType infoType, - ...); +const union MHD_ConnectionInfo *MHD_get_connection_info (struct MHD_Connection + *connection, + enum + MHD_ConnectionInfoType + infoType, ...); /** @@ -1242,10 +1239,9 @@ union MHD_DaemonInfo * @return NULL if this information is not available * (or if the infoType is unknown) */ -const union MHD_DaemonInfo * -MHD_get_daemon_info (struct MHD_Daemon * daemon, - enum MHD_DaemonInfoType infoType, - ...); +const union MHD_DaemonInfo *MHD_get_daemon_info (struct MHD_Daemon *daemon, + enum MHD_DaemonInfoType + infoType, ...); #if 0 /* keep Emacsens' auto-indent happy */ { diff --git a/src/include/platform.h b/src/include/platform.h @@ -26,7 +26,7 @@ * before "microhttpd.h"; it provides the required * standard headers (which are platform-specific).<p> * - * Note that this file depends on our configure.ac + * Note that this file depends on our configure.ac * build process and the generated config.h file. * Hence you cannot include it directly in applications * that use libmicrohttpd. diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c @@ -69,8 +69,8 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, int ret; /* assert actual connection cipher is the one negotiated */ - if (MHD_get_session_info (connection, MHS_INFO_CIPHER_ALGO). - cipher_algorithm != MHD_GNUTLS_CIPHER_AES_256_CBC) + if (MHD_get_session_info (connection, MHS_INFO_CIPHER_ALGO).cipher_algorithm + != MHD_GNUTLS_CIPHER_AES_256_CBC) { fprintf (stderr, "Error: requested cipher mismatch. %s\n", strerror (errno)); @@ -85,16 +85,18 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, return -1; } - if (MHD_get_session_info (connection, MHD_INFO_MAC_ALGO). - mac_algorithm != MHD_GNUTLS_MAC_SHA1) + if (MHD_get_session_info (connection, MHD_INFO_MAC_ALGO).mac_algorithm != + MHD_GNUTLS_MAC_SHA1) { fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_session_info (connection, MHD_INFO_COMPRESSION_METHOD). - compression_method != MHD_GNUTLS_COMP_NULL) + if (MHD_get_session_info + (connection, + MHD_INFO_COMPRESSION_METHOD).compression_method != + MHD_GNUTLS_COMP_NULL) { fprintf (stderr, "Error: requested compression mismatch. %s\n", strerror (errno)); @@ -109,16 +111,18 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, return -1; } - if (MHD_get_session_info (connection, MHD_INFO_CERT_TYPE). - certificate_type != MHD_GNUTLS_CRT_X509) + if (MHD_get_session_info (connection, MHD_INFO_CERT_TYPE).certificate_type + != MHD_GNUTLS_CRT_X509) { fprintf (stderr, "Error: requested certificate mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_session_info (connection, MHD_INFO_CREDENTIALS_TYPE). - credentials_type != MHD_GNUTLS_CRD_CERTIFICATE) + if (MHD_get_session_info + (connection, + MHD_INFO_CREDENTIALS_TYPE).credentials_type != + MHD_GNUTLS_CRD_CERTIFICATE) { fprintf (stderr, "Error: requested certificate mismatch. %s\n", strerror (errno)); diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c @@ -62,16 +62,16 @@ setup (mhd_gtls_session_t * session, gnutls_datum_t * cert, mhd_gtls_cert_credentials_t * xcred) { int ret; - const char ** err_pos; + const char **err_pos; MHD_gnutls_certificate_allocate_credentials (xcred); mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, - strlen (srv_self_signed_cert_pem), &malloc); + strlen (srv_self_signed_cert_pem), &malloc); MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); MHD_gnutls_init (session, GNUTLS_CLIENT); ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); @@ -166,7 +166,8 @@ test_alert_unexpected_message (mhd_gtls_session_t session) sa.sin_port = htons (42433); inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr); - MHD_gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) ((void *) sd)); + MHD_gnutls_transport_set_ptr (session, + (gnutls_transport_ptr_t) ((void *) sd)); ret = connect (sd, &sa, sizeof (struct sockaddr_in)); @@ -182,7 +183,8 @@ test_alert_unexpected_message (mhd_gtls_session_t session) return -1; } - MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_UNEXPECTED_MESSAGE); + MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, + GNUTLS_A_UNEXPECTED_MESSAGE); usleep (100); /* TODO better RST trigger */ diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c @@ -227,7 +227,7 @@ test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version) int ret; struct MHD_Daemon *d; - d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | + d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG, 42433, NULL, NULL, &http_ahc, NULL, MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, diff --git a/src/testcurl/https/tls_cipher_change_test.c b/src/testcurl/https/tls_cipher_change_test.c @@ -70,10 +70,10 @@ setup (mhd_gtls_session_t * session, mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, - strlen (srv_self_signed_cert_pem), &malloc); + strlen (srv_self_signed_cert_pem), &malloc); MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); MHD_gnutls_init (session, GNUTLS_CLIENT); ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c @@ -463,11 +463,10 @@ main (int argc, char *const *argv) MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); errorCount += - test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd, - "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1, - MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, - MHD_OPTION_KX_PRIORITY, - kx, MHD_OPTION_END); + test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd, + "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1, + MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, + MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); if (errorCount != 0) fprintf (stderr, "Failed test: %s.\n", argv[0]); diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c @@ -66,10 +66,10 @@ setup (mhd_gtls_session_t * session, mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, - strlen (srv_self_signed_cert_pem), &malloc); + strlen (srv_self_signed_cert_pem), &malloc); MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); MHD_gnutls_init (session, GNUTLS_CLIENT); ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); @@ -152,7 +152,7 @@ main (int argc, char *const *argv) MHD_gnutls_global_init (); MHD_gtls_global_set_log_level (11); - d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | + d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG, 42433, NULL, NULL, &http_ahc, NULL, MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, diff --git a/src/testcurl/https/tls_test_keys.h b/src/testcurl/https/tls_test_keys.h @@ -24,106 +24,104 @@ /* Certificate Authority key */ const char ca_key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n" - "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n" - "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n" - "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n" - "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n" - "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n" - "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n" - "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n" - "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n" - "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n" - "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n" - "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n" - "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n" - "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n" - "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n" - "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n" - "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n" - "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n" - "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n" - "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n" - "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n" - "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n" - "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n" - "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n" - "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n" - "-----END RSA PRIVATE KEY-----\n"; + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n" + "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n" + "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n" + "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n" + "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n" + "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n" + "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n" + "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n" + "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n" + "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n" + "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n" + "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n" + "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n" + "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n" + "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n" + "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n" + "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n" + "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n" + "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n" + "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n" + "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n" + "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n" + "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n" + "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n" + "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n" + "-----END RSA PRIVATE KEY-----\n"; /* Certificate Authority cert */ const char ca_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" - "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n" - "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" - "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n" - "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n" - "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n" - "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n" - "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n" - "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" - "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n" - "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n" - "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n" - "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n" - "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n" - "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n" - "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" - "-----END CERTIFICATE-----\n"; + "-----BEGIN CERTIFICATE-----\n" + "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" + "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n" + "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" + "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n" + "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n" + "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n" + "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n" + "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n" + "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" + "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n" + "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n" + "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n" + "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n" + "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n" + "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n" + "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" "-----END CERTIFICATE-----\n"; /* test server CA signed certificates */ const char srv_signed_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" - "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n" - "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n" - "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n" - "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n" - "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n" - "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n" - "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n" - "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n" - "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n" - "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n" - "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n" - "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n" - "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n" - "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n" - "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n" - "aO/omlvGHrI=\n" - "-----END CERTIFICATE-----\n"; + "-----BEGIN CERTIFICATE-----\n" + "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" + "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n" + "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n" + "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n" + "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n" + "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n" + "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n" + "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n" + "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n" + "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n" + "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n" + "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n" + "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n" + "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n" + "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n" + "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n" + "aO/omlvGHrI=\n" "-----END CERTIFICATE-----\n"; /* test server key */ const char srv_signed_key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n" - "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n" - "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n" - "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n" - "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n" - "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n" - "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n" - "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n" - "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n" - "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n" - "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n" - "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n" - "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n" - "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n" - "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n" - "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n" - "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n" - "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n" - "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n" - "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n" - "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n" - "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n" - "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n" - "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n" - "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n" - "-----END RSA PRIVATE KEY-----\n"; + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n" + "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n" + "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n" + "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n" + "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n" + "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n" + "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n" + "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n" + "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n" + "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n" + "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n" + "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n" + "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n" + "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n" + "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n" + "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n" + "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n" + "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n" + "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n" + "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n" + "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n" + "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n" + "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n" + "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n" + "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n" + "-----END RSA PRIVATE KEY-----\n"; /* test server self signed certificates */ const char srv_self_signed_cert_pem[] =