diff options
| author | Sam Hartman <hartmans@mit.edu> | 2011-09-19 01:00:56 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2011-09-19 01:00:56 +0000 |
| commit | 9fbc34aceb1bdf065ec18701c695822abdf62bac (patch) | |
| tree | 5a385d4788b2a55ffa07158c6a8cd9a67f1b9c59 /src/plugins/preauth | |
| parent | 24258919dbe905342dd554d3746e107051b63b6c (diff) | |
| download | krb5-9fbc34aceb1bdf065ec18701c695822abdf62bac.zip krb5-9fbc34aceb1bdf065ec18701c695822abdf62bac.tar.gz krb5-9fbc34aceb1bdf065ec18701c695822abdf62bac.tar.bz2 | |
reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25208 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/preauth')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 72 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_kdf_constants.c | 6 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_kdf_test.c | 64 |
3 files changed, 71 insertions, 71 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 6f7b8bc..37685f3 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -956,10 +956,10 @@ cms_signeddata_create(krb5_context context, p7si->digest_enc_alg->parameter->type = V_ASN1_NULL; if (cms_msg_type == CMS_SIGN_DRAFT9){ - /* don't include signed attributes for pa-type 15 request */ - abuf = data; - alen = data_len; - } else { + /* don't include signed attributes for pa-type 15 request */ + abuf = data; + alen = data_len; + } else { /* add signed attributes */ /* compute sha1 digest over the EncapsulatedContentInfo */ EVP_MD_CTX_init(&ctx); @@ -1213,13 +1213,13 @@ cms_signeddata_verify(krb5_context context, __FUNCTION__, ERR_error_string(err, NULL)); goto cleanup; } - etype = CMS_get0_eContentType(cms); + etype = CMS_get0_eContentType(cms); /* * Prior to 1.10 the MIT client incorrectly omitted the pkinit structure * directly in a CMS ContentInfo rather than using SignedData with no * signers. Handle that case. - */ + */ type = CMS_get0_type(cms); if (is_signed && !OBJ_cmp(type, oid)) { unsigned char *d; @@ -1271,13 +1271,13 @@ cms_signeddata_verify(krb5_context context, /* Not actually signed; anonymous case */ if (!is_signed) goto cleanup; - *is_signed = 0; - /* We cannot use CMS_dataInit because there may be no digest */ - octets = pkinit_CMS_get0_content_signed(cms); - if (octets) - out = BIO_new_mem_buf((*octets)->data, (*octets)->length); - if (out == NULL) - goto cleanup; + *is_signed = 0; + /* We cannot use CMS_dataInit because there may be no digest */ + octets = pkinit_CMS_get0_content_signed(cms); + if (octets) + out = BIO_new_mem_buf((*octets)->data, (*octets)->length); + if (out == NULL) + goto cleanup; } else { pkinit_CMS_SignerInfo_get_cert(cms, si, &x); if (x == NULL) @@ -1413,23 +1413,23 @@ cms_signeddata_verify(krb5_context context, if (i <= 0) goto cleanup; out = BIO_new(BIO_s_mem()); - if (cms_msg_type == CMS_SIGN_DRAFT9) - flags |= CMS_NOATTR; - if (CMS_verify(cms, NULL, store, NULL, out, flags) == 0) { - unsigned long err = ERR_peek_error(); - switch(ERR_GET_REASON(err)) { - case PKCS7_R_DIGEST_FAILURE: - retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED; - break; - case PKCS7_R_SIGNATURE_FAILURE: - default: - retval = KRB5KDC_ERR_INVALID_SIG; + if (cms_msg_type == CMS_SIGN_DRAFT9) + flags |= CMS_NOATTR; + if (CMS_verify(cms, NULL, store, NULL, out, flags) == 0) { + unsigned long err = ERR_peek_error(); + switch(ERR_GET_REASON(err)) { + case PKCS7_R_DIGEST_FAILURE: + retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED; + break; + case PKCS7_R_SIGNATURE_FAILURE: + default: + retval = KRB5KDC_ERR_INVALID_SIG; + } + pkiDebug("CMS Verification failure\n"); + krb5_set_error_message(context, retval, "%s\n", + ERR_error_string(err, NULL)); + goto cleanup; } - pkiDebug("CMS Verification failure\n"); - krb5_set_error_message(context, retval, "%s\n", - ERR_error_string(err, NULL)); - goto cleanup; - } } /* message was signed */ if (!OBJ_cmp(etype, oid)) valid_oid = 1; @@ -2140,7 +2140,7 @@ pkinit_octetstring2key(krb5_context context, retval = krb5_c_keylengths(context, etype, &keybytes, &keylength); if (retval) - goto cleanup; + goto cleanup; key_block->length = keylength; key_block->contents = malloc(keylength); @@ -2185,15 +2185,15 @@ pkinit_alg_values(krb5_context context, return 0; } else if ((alg_id->length == krb5_pkinit_sha256_oid_len) && - (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid, - krb5_pkinit_sha256_oid_len))) { + (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid, + krb5_pkinit_sha256_oid_len))) { *hash_bytes = 32; *func = &EVP_sha256; return 0; } else if ((alg_id->length == krb5_pkinit_sha512_oid_len) && (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid, - krb5_pkinit_sha512_oid_len))) { + krb5_pkinit_sha512_oid_len))) { *hash_bytes = 32; *func = &EVP_sha512; return 0; @@ -2329,14 +2329,14 @@ pkinit_alg_agility_kdf(krb5_context context, (0 == EVP_DigestUpdate(&c, secret->data, secret->length)) || (0 == EVP_DigestUpdate(&c, other_info->data, other_info->length))) { krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, - "Call to OpenSSL EVP_DigestUpdate() returned an error."); + "Call to OpenSSL EVP_DigestUpdate() returned an error."); retval = KRB5_CRYPTO_INTERNAL; goto cleanup; } /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */ if (0 == EVP_DigestFinal(&c, (rand_buf + offset), &s)) { - krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, + krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, "Call to OpenSSL EVP_DigestUpdate() returned an error."); retval = KRB5_CRYPTO_INTERNAL; goto cleanup; @@ -2345,7 +2345,7 @@ pkinit_alg_agility_kdf(krb5_context context, assert(s == hash_len); /* add a message to this assert? */ - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_cleanup(&c); } /* Reduce length of random data to key_len to avoid errors. */ diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_constants.c b/src/plugins/preauth/pkinit/pkinit_kdf_constants.c index 2ff576b..e967f38 100644 --- a/src/plugins/preauth/pkinit/pkinit_kdf_constants.c +++ b/src/plugins/preauth/pkinit/pkinit_kdf_constants.c @@ -47,11 +47,11 @@ /* statically declare OID constants for all three algorithms */ const krb5_octet krb5_pkinit_sha1_oid[10] = - {0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x01}; +{0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x01}; const size_t krb5_pkinit_sha1_oid_len = 8; const krb5_octet krb5_pkinit_sha256_oid[10] = - {0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x02}; +{0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x02}; const size_t krb5_pkinit_sha256_oid_len = 8; const krb5_octet krb5_pkinit_sha512_oid [10] = - {0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x03}; +{0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x03}; const size_t krb5_pkinit_sha512_oid_len = 8; diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c index 036d9e2..3f7c7c4 100644 --- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c +++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c @@ -47,7 +47,7 @@ * Initialize a krb5_data from @a s, a constant string. Note @a s is evaluated * multiple times; this is acceptable for constants. */ -#define DATA_FROM_STRING(s) \ +#define DATA_FROM_STRING(s) \ {0, sizeof(s)-1, (char *) s} @@ -59,10 +59,10 @@ char party_u_name [] = "lha@SU.SE"; char party_v_name [] = "krbtgt/SU.SE@SU.SE"; int enctype_value = 18; krb5_octet key_hex [] = - {0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B, - 0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D, - 0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E, - 0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD}; +{0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B, + 0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D, + 0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E, + 0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD}; const krb5_data lha_data = DATA_FROM_STRING("lha"); int @@ -110,14 +110,14 @@ main (int argc, &u_principal))) (0 != (retval = krb5_parse_name(context, party_v_name, &v_principal)))) { - printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d", - retval); - goto cleanup; + printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d", + retval); + goto cleanup; } /* set-up the as_req and and pk_as_rep data */ memset(twenty_as, 0xaa, sizeof(twenty_as)); - memset(eighteen_bs, 0xbb, sizeof(eighteen_bs)); + memset(eighteen_bs, 0xbb, sizeof(eighteen_bs)); as_req.length = sizeof(twenty_as); as_req.data = (unsigned char *)&twenty_as; @@ -127,11 +127,11 @@ main (int argc, /* set-up the key_block */ if (0 != (retval = krb5_init_keyblock(context, enctype, max_keylen, &key_block_ptr))) { - printf("ERROR in pkinit_kdf_test: can't init keybloc, retval = %d", - retval); - goto cleanup; + printf("ERROR in pkinit_kdf_test: can't init keybloc, retval = %d", + retval); + goto cleanup; - } + } /* call pkinit_alg_agility_kdf() with test vector values*/ if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id.algorithm, @@ -146,23 +146,23 @@ main (int argc, /* compare key to expected key value */ if ((key_block.length == sizeof(key_hex)) && - (0 == memcmp(key_block.contents, key_hex, key_block.length))) { - printf("SUCCESS: Correct key value generated!"); - retval = 0; - } - else { - printf("FAILURE: Incorrect key value generated!"); - retval = 1; - } - - cleanup: - /* release all allocated resources, whether good or bad return */ - if (secret.data) - free(secret.data); - if (u_principal) - free(u_principal); - if (v_principal) - free(v_principal); - krb5_free_keyblock_contents(context, &key_block); - exit(retval); + (0 == memcmp(key_block.contents, key_hex, key_block.length))) { + printf("SUCCESS: Correct key value generated!"); + retval = 0; + } + else { + printf("FAILURE: Incorrect key value generated!"); + retval = 1; + } + +cleanup: + /* release all allocated resources, whether good or bad return */ + if (secret.data) + free(secret.data); + if (u_principal) + free(u_principal); + if (v_principal) + free(v_principal); + krb5_free_keyblock_contents(context, &key_block); + exit(retval); } |