From c16d41fbecfb6b349e078d40f22cf4f6e207414d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 19 Sep 2011 05:34:17 +0000 Subject: Formatting fixes git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int-pkinit.h | 8 +- src/include/krb5/krb5.hin | 11 +- src/lib/gssapi/mechglue/g_initialize.c | 422 +++++++++++---------- src/lib/krb5/asn.1/asn1_encode.h | 44 ++- src/lib/krb5/asn.1/asn1_k_decode.c | 9 +- src/lib/krb5/asn.1/asn1_k_decode.h | 2 +- src/lib/krb5/asn.1/asn1_k_decode_kdc.c | 5 +- src/lib/krb5/asn.1/asn1_k_encode.c | 2 +- src/plugins/preauth/pkinit/Makefile.in | 6 +- src/plugins/preauth/pkinit/pkinit.h | 4 +- src/plugins/preauth/pkinit/pkinit_clnt.c | 10 +- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 20 +- src/plugins/preauth/pkinit/pkinit_kdf_constants.c | 2 +- src/plugins/preauth/pkinit/pkinit_kdf_test.c | 36 +- src/plugins/preauth/pkinit/pkinit_lib.c | 3 +- 15 files changed, 296 insertions(+), 288 deletions(-) diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h index 8490f82..0d1a986 100644 --- a/src/include/k5-int-pkinit.h +++ b/src/include/k5-int-pkinit.h @@ -65,7 +65,7 @@ typedef struct _krb5_subject_pk_info { krb5_octet_data subjectPublicKey; /* BIT STRING */ } krb5_subject_pk_info; -/** AuthPack from RFC 4556*/ +/** AuthPack from RFC 4556*/ typedef struct _krb5_auth_pack { krb5_pk_authenticator pkAuthenticator; krb5_subject_pk_info *clientPublicValue; /* Optional */ @@ -241,10 +241,12 @@ encode_krb5_td_dh_parameters(const krb5_algorithm_identifier **, krb5_data **code); krb5_error_code -encode_krb5_sp80056a_other_info(const krb5_sp80056a_other_info *, krb5_data **); +encode_krb5_sp80056a_other_info(const krb5_sp80056a_other_info *, + krb5_data **); krb5_error_code -encode_krb5_pkinit_supp_pub_info(const krb5_pkinit_supp_pub_info *, krb5_data **); +encode_krb5_pkinit_supp_pub_info(const krb5_pkinit_supp_pub_info *, + krb5_data **); /************************************************************************* * Prototypes for pkinit asn.1 decode routines diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 5b6f0b9..7faf687 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -4647,10 +4647,10 @@ void KRB5_CALLCONV krb5_free_data(krb5_context context, krb5_data *val); /** - * @brief Free storage associated with a @c krb5_octet_data structure and its pointer. + * Free storage associated with a @c krb5_octet_data structure and its pointer. * - * @param context Context structure [input, output] - * @param val Pointer to data structure to be freed [input, output] + * @param [in] context Context structure + * @param [in] val Data structure to be freed * * @return * None @@ -4659,10 +4659,7 @@ void KRB5_CALLCONV krb5_free_octet_data(krb5_context context, krb5_octet_data *val); /** - * @brief Free the contents of a @c _krb5_data structure and zero the data field. - * - * @param context Context structure [input, output] - * @param val Pointer to data structure to be freed [input, output] + * Free the contents of a krb5_data structure and zero the data field. * * @param [in] context Library context * @param [in] val Data structure to free contents of diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index 89b2253..3039531 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -579,13 +579,12 @@ static void updateMechList(void) { #if defined(_WIN32) - time_t lastConfModTime = getRegConfigModTime(MECH_KEY); - if (g_confFileModTime < lastConfModTime) - { - g_confFileModTime = lastConfModTime; - loadConfigFromRegistry(HKEY_CURRENT_USER, MECH_KEY); - loadConfigFromRegistry(HKEY_LOCAL_MACHINE, MECH_KEY); - } + time_t lastConfModTime = getRegConfigModTime(MECH_KEY); + if (g_confFileModTime < lastConfModTime) { + g_confFileModTime = lastConfModTime; + loadConfigFromRegistry(HKEY_CURRENT_USER, MECH_KEY); + loadConfigFromRegistry(HKEY_LOCAL_MACHINE, MECH_KEY); + } #else /* _WIN32 */ char *fileName; struct stat fileInfo; @@ -1058,6 +1057,7 @@ const char *fileName; char *sharedLib, *kernMod, *modOptions, *oid, *endp; char buffer[BUFSIZ], *oidStr; FILE *confFile; + if ((confFile = fopen(fileName, "r")) == NULL) { return; } @@ -1090,77 +1090,77 @@ const char *fileName; if (! *endp) continue; - /* Find the end of the oid and make sure it is NULL-ended */ - for (oid=endp; *endp && !isspace(*endp); endp++) - ; - - if (*endp) { - *endp = '\0'; - endp++; - } - - /* Find the start of the shared lib name */ - for (sharedLib = endp; *sharedLib && isspace(*sharedLib); - sharedLib++) - ; - - /* - * Find the end of the shared lib name and make sure it is - * NULL-terminated. - */ - for (endp = sharedLib; *endp && !isspace(*endp); endp++) - ; - - if (*endp) { - *endp = '\0'; - endp++; - } - - /* Find the start of the optional kernel module lib name */ - for (kernMod = endp; *kernMod && isspace(*kernMod); - kernMod++) - ; - - /* - * If this item starts with a bracket "[", then - * it is not a kernel module, but is a list of - * options for the user module to parse later. - */ - if (*kernMod && *kernMod != '[') { - /* - * Find the end of the shared lib name and make sure - * it is NULL-terminated. - */ - for (endp = kernMod; *endp && !isspace(*endp); endp++) - ; - - if (*endp) { - *endp = '\0'; - endp++; - } - } else - kernMod = NULL; - - /* Find the start of the optional module options list */ - for (modOptions = endp; *modOptions && isspace(*modOptions); - modOptions++); - - if (*modOptions == '[') { - /* move past the opening bracket */ - for (modOptions = modOptions+1; - *modOptions && isspace(*modOptions); - modOptions++); - - /* Find the closing bracket */ - for (endp = modOptions; - *endp && *endp != ']'; endp++); - - *endp = '\0'; - } else { - modOptions = NULL; - } - - addConfigEntry(oidStr, oid, sharedLib, kernMod, modOptions); + /* Find the end of the oid and make sure it is NULL-ended */ + for (oid = endp; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + endp++; + } + + /* Find the start of the shared lib name */ + for (sharedLib = endp; *sharedLib && isspace(*sharedLib); + sharedLib++) + ; + + /* + * Find the end of the shared lib name and make sure it is + * NULL-terminated. + */ + for (endp = sharedLib; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + endp++; + } + + /* Find the start of the optional kernel module lib name */ + for (kernMod = endp; *kernMod && isspace(*kernMod); + kernMod++) + ; + + /* + * If this item starts with a bracket "[", then + * it is not a kernel module, but is a list of + * options for the user module to parse later. + */ + if (*kernMod && *kernMod != '[') { + /* + * Find the end of the shared lib name and make sure + * it is NULL-terminated. + */ + for (endp = kernMod; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + endp++; + } + } else + kernMod = NULL; + + /* Find the start of the optional module options list */ + for (modOptions = endp; *modOptions && isspace(*modOptions); + modOptions++); + + if (*modOptions == '[') { + /* move past the opening bracket */ + for (modOptions = modOptions+1; + *modOptions && isspace(*modOptions); + modOptions++); + + /* Find the closing bracket */ + for (endp = modOptions; + *endp && *endp != ']'; endp++); + + *endp = '\0'; + } else { + modOptions = NULL; + } + + addConfigEntry(oidStr, oid, sharedLib, kernMod, modOptions); } /* while */ (void) fclose(confFile); } /* loadConfigFile */ @@ -1170,150 +1170,166 @@ const char *fileName; static time_t filetimeToTimet(const FILETIME *ft) { - ULARGE_INTEGER ull; - ull.LowPart = ft->dwLowDateTime; - ull.HighPart = ft->dwHighDateTime; - return (time_t )(ull.QuadPart / 10000000ULL - 11644473600ULL); + ULARGE_INTEGER ull; + + ull.LowPart = ft->dwLowDateTime; + ull.HighPart = ft->dwHighDateTime; + return (time_t)(ull.QuadPart / 10000000ULL - 11644473600ULL); } static time_t getRegConfigModTime(const char *keyPath) { - time_t currentUserModTime = getRegKeyModTime(HKEY_CURRENT_USER, keyPath); - time_t localMachineModTime = getRegKeyModTime(HKEY_LOCAL_MACHINE, keyPath); - return currentUserModTime > localMachineModTime ? currentUserModTime : localMachineModTime; + time_t currentUserModTime = getRegKeyModTime(HKEY_CURRENT_USER, + keyPath); + time_t localMachineModTime = getRegKeyModTime(HKEY_LOCAL_MACHINE, + keyPath); + + return currentUserModTime > localMachineModTime ? currentUserModTime : + localMachineModTime; } static time_t getRegKeyModTime(HKEY hBaseKey, const char *keyPath) { - HKEY hConfigKey; - HRESULT rc; - int iSubKey = 0; - time_t modTime = 0, keyModTime; - FILETIME keyLastWriteTime; - char subKeyName[256]; - if ((rc = RegOpenKeyEx(hBaseKey, keyPath, 0, KEY_ENUMERATE_SUB_KEYS, - &hConfigKey)) != ERROR_SUCCESS) { - /* TODO: log error message */ - return 0; - } - do { - int subKeyNameSize=256; - if ((rc = RegEnumKeyEx(hConfigKey, iSubKey++, subKeyName, &subKeyNameSize, NULL, NULL, NULL, &keyLastWriteTime)) != ERROR_SUCCESS) { - break; - } - keyModTime = filetimeToTimet(&keyLastWriteTime); - if (modTime < keyModTime) { - modTime = keyModTime; - } - } while (1); - RegCloseKey(hConfigKey); - return modTime; + HKEY hConfigKey; + HRESULT rc; + int iSubKey = 0; + time_t modTime = 0, keyModTime; + FILETIME keyLastWriteTime; + char subKeyName[256]; + + if ((rc = RegOpenKeyEx(hBaseKey, keyPath, 0, KEY_ENUMERATE_SUB_KEYS, + &hConfigKey)) != ERROR_SUCCESS) { + /* TODO: log error message */ + return 0; + } + do { + int subKeyNameSize=256; + if ((rc = RegEnumKeyEx(hConfigKey, iSubKey++, subKeyName, + &subKeyNameSize, NULL, NULL, NULL, + &keyLastWriteTime)) != ERROR_SUCCESS) { + break; + } + keyModTime = filetimeToTimet(&keyLastWriteTime); + if (modTime < keyModTime) { + modTime = keyModTime; + } + } while (1); + RegCloseKey(hConfigKey); + return modTime; } static void -getRegKeyValue(HKEY hKey, const char *keyPath, const char *valueName, void **data, DWORD* dataLen) +getRegKeyValue(HKEY hKey, const char *keyPath, const char *valueName, + void **data, DWORD* dataLen) { - DWORD sizeRequired=*dataLen; - HRESULT hr; - /* Get data length required */ - if ((hr=RegGetValue(hKey, keyPath, valueName, RRF_RT_REG_SZ, NULL, NULL, &sizeRequired)) != ERROR_SUCCESS) - { - /* TODO: LOG registry error */ - return; - } - /* adjust data buffer size if necessary */ - if (*dataLen < sizeRequired) - { - *dataLen = sizeRequired; - *data = realloc(*data, sizeRequired); - if (!*data) - { - *dataLen = 0; - /* TODO: LOG OOM ERROR! */ - return; - } - } - /* get data */ - if ((hr=RegGetValue(hKey, keyPath, valueName, RRF_RT_REG_SZ, NULL, *data, &sizeRequired)) != ERROR_SUCCESS) - { - /* LOG registry error */ - return; - } + DWORD sizeRequired=*dataLen; + HRESULT hr; + /* Get data length required */ + if ((hr = RegGetValue(hKey, keyPath, valueName, RRF_RT_REG_SZ, NULL, + NULL, &sizeRequired)) != ERROR_SUCCESS) { + /* TODO: LOG registry error */ + return; + } + /* adjust data buffer size if necessary */ + if (*dataLen < sizeRequired) { + *dataLen = sizeRequired; + *data = realloc(*data, sizeRequired); + if (!*data) { + *dataLen = 0; + /* TODO: LOG OOM ERROR! */ + return; + } + } + /* get data */ + if ((hr = RegGetValue(hKey, keyPath, valueName, RRF_RT_REG_SZ, NULL, + *data, &sizeRequired)) != ERROR_SUCCESS) { + /* LOG registry error */ + return; + } } static void loadConfigFromRegistry(HKEY hBaseKey, const char *keyPath) { - HKEY hConfigKey; - DWORD iSubKey, nSubKeys, maxSubKeyNameLen; - DWORD dataBufferSize, dataSizeRequired; - char *oidStr=NULL, *oid=NULL, *sharedLib=NULL, *kernMod=NULL, *modOptions=NULL; - DWORD oidStrLen=0, oidLen=0, sharedLibLen=0, kernModLen=0, modOptionsLen=0; - HRESULT rc; - - if ((rc = RegOpenKeyEx(hBaseKey, keyPath, 0, KEY_ENUMERATE_SUB_KEYS|KEY_QUERY_VALUE, - &hConfigKey)) != ERROR_SUCCESS) { - /* TODO: log registry error */ - return; - } - - if ((rc = RegQueryInfoKey(hConfigKey, - NULL, /* lpClass */ - NULL, /* lpcClass */ - NULL, /* lpReserved */ - &nSubKeys, - &maxSubKeyNameLen, - NULL, /* lpcMaxClassLen */ - NULL, /* lpcValues */ - NULL, /* lpcMaxValueNameLen */ - NULL, /* lpcMaxValueLen */ - NULL, /* lpcbSecurityDescriptor */ - NULL /* lpftLastWriteTime */ )) != ERROR_SUCCESS) { - goto cleanup; - } - oidStr = malloc(++maxSubKeyNameLen); - if (!oidStr) { - goto cleanup; - } - for (iSubKey=0; iSubKeymech) { @@ -1356,13 +1372,13 @@ addConfigEntry(const char *oidStr, const char *oid, const char *sharedLib, const return; } #if defined(_WIN32) - sharedPath = sharedLib; + sharedPath = sharedLib; #else if (sharedLib[0] == '/') snprintf(sharedPath, sizeof(sharedPath), "%s", sharedLib); else snprintf(sharedPath, sizeof(sharedPath), "%s%s", - MECH_LIB_PREFIX, sharedLib); + MECH_LIB_PREFIX, sharedLib); #endif /* * are we creating a new mechanism entry or diff --git a/src/lib/krb5/asn.1/asn1_encode.h b/src/lib/krb5/asn.1/asn1_encode.h index 773198f..2e0b993 100644 --- a/src/lib/krb5/asn.1/asn1_encode.h +++ b/src/lib/krb5/asn.1/asn1_encode.h @@ -400,26 +400,26 @@ struct atype_info { &aux_seqinfo_##DESCNAME, \ } /* Integer types. */ -#define DEFINTTYPE(DESCNAME, CTYPENAME) \ - typedef CTYPENAME aux_typedefname_##DESCNAME; \ - static asn1_intmax loadint_##DESCNAME(const void *p) \ - { \ - assert(sizeof(CTYPENAME) <= sizeof(asn1_intmax)); \ - return *(const aux_typedefname_##DESCNAME *)p; \ - } \ - const struct atype_info krb5int_asn1type_##DESCNAME = { \ +#define DEFINTTYPE(DESCNAME, CTYPENAME) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static asn1_intmax loadint_##DESCNAME(const void *p) \ + { \ + assert(sizeof(CTYPENAME) <= sizeof(asn1_intmax)); \ + return *(const aux_typedefname_##DESCNAME *)p; \ + } \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ atype_int, sizeof(CTYPENAME), 0, 0, 0, 0, 0, 0, 0, 0, 0, \ - loadint_##DESCNAME, 0, \ + loadint_##DESCNAME, 0, \ } -#define DEFUINTTYPE(DESCNAME, CTYPENAME) \ - typedef CTYPENAME aux_typedefname_##DESCNAME; \ - static asn1_uintmax loaduint_##DESCNAME(const void *p) \ - { \ - assert(sizeof(CTYPENAME) <= sizeof(asn1_uintmax)); \ - return *(const aux_typedefname_##DESCNAME *)p; \ - } \ - const struct atype_info krb5int_asn1type_##DESCNAME = { \ - atype_uint, sizeof(CTYPENAME), 0, 0, 0, 0, 0, 0, 0, 0, \ +#define DEFUINTTYPE(DESCNAME, CTYPENAME) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static asn1_uintmax loaduint_##DESCNAME(const void *p) \ + { \ + assert(sizeof(CTYPENAME) <= sizeof(asn1_uintmax)); \ + return *(const aux_typedefname_##DESCNAME *)p; \ + } \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_uint, sizeof(CTYPENAME), 0, 0, 0, 0, 0, 0, 0, 0, \ 0, 0, loaduint_##DESCNAME, \ } /* Pointers to other types, to be encoded as those other types. */ @@ -492,17 +492,19 @@ struct atype_info { typedef aux_typedefname_##BASEDESC aux_typedefname_##DESCNAME; \ const struct atype_info krb5int_asn1type_##DESCNAME = { \ atype_tagged_thing, sizeof(aux_typedefname_##DESCNAME), \ - 0, 0, 0, &krb5int_asn1type_##BASEDESC, 0, 0, TAG, APPLICATION, CONSTRUCTED \ + 0, 0, 0, &krb5int_asn1type_##BASEDESC, 0, 0, TAG, APPLICATION, \ + CONSTRUCTED \ } /** * An encoding wrapped in an octet string */ -#define DEFOCTETWRAPTYPE(DESCNAME, BASEDESC) \ +#define DEFOCTETWRAPTYPE(DESCNAME, BASEDESC) \ typedef aux_typedefname_##BASEDESC aux_typedefname_##DESCNAME; \ const struct atype_info krb5int_asn1type_##DESCNAME = { \ atype_tagged_thing, sizeof(aux_typedefname_##DESCNAME), \ - 0, 0, 0, &krb5int_asn1type_##BASEDESC, 0, 0, ASN1_OCTETSTRING, UNIVERSAL, PRIMITIVE \ + 0, 0, 0, &krb5int_asn1type_##BASEDESC, 0, 0, ASN1_OCTETSTRING, \ + UNIVERSAL, PRIMITIVE \ } /* diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 599a215..db33241 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -1349,8 +1349,7 @@ asn1_decode_sequence_of_trusted_ca(asn1buf *buf, krb5_trusted_ca ***val) } static asn1_error_code -asn1_decode_kdf_alg_id_ptr( asn1buf *buf, - krb5_octet_data **valptr) +asn1_decode_kdf_alg_id_ptr(asn1buf *buf, krb5_octet_data **valptr) { decode_ptr(krb5_octet_data *, asn1_decode_kdf_alg_id); } @@ -1733,8 +1732,8 @@ asn1_decode_typed_data_ptr(asn1buf *buf, krb5_typed_data **valptr) asn1_error_code asn1_decode_kdf_alg_id( asn1buf *buf, krb5_octet_data *val) { - setup(); - val->data = NULL; + setup(); + val->data = NULL; { begin_structure(); get_lenfield(val->length,val->data,0,asn1_decode_oid); end_structure(); @@ -1745,7 +1744,7 @@ error_out: return retval; } - asn1_error_code +asn1_error_code asn1_decode_sequence_of_kdf_alg_id(asn1buf *buf, krb5_octet_data ***val) { diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index ed51ab1..c19fe83 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -277,7 +277,7 @@ asn1_error_code asn1_decode_iakerb_finished(asn1buf *buf, krb5_iakerb_finished *val); asn1_error_code -asn1_decode_kdf_alg_id( asn1buf *buf, krb5_octet_data *val); +asn1_decode_kdf_alg_id(asn1buf *buf, krb5_octet_data *val); asn1_error_code asn1_decode_sequence_of_kdf_alg_id(asn1buf *buf, diff --git a/src/lib/krb5/asn.1/asn1_k_decode_kdc.c b/src/lib/krb5/asn.1/asn1_k_decode_kdc.c index c0aa2a2..73abbd4 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode_kdc.c +++ b/src/lib/krb5/asn.1/asn1_k_decode_kdc.c @@ -240,7 +240,7 @@ asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val) } opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_octetstring); opt_field(val->supportedKDFs, 4, asn1_decode_sequence_of_kdf_alg_id, NULL); - end_structure(); + end_structure(); } return 0; error_out: @@ -258,8 +258,7 @@ error_out: } free(val->clientDHNonce.data); if (val->supportedKDFs) { - - for (i=0; val->supportedKDFs[i]; i++) + for (i = 0; val->supportedKDFs[i]; i++) krb5_free_octet_data(NULL, val->supportedKDFs[i]); free(val->supportedKDFs); val->supportedKDFs = NULL; diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 2c7c43a..9e03b67 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1820,7 +1820,7 @@ asn1_encode_auth_pack(asn1buf *buf, const krb5_auth_pack *val, asn1_setup(); if (val->supportedKDFs != NULL) - asn1_addfield( val->supportedKDFs, 4, asn1_encode_supported_kdfs); + asn1_addfield(val->supportedKDFs, 4, asn1_encode_supported_kdfs); if (val->clientDHNonce.length != 0) asn1_addlenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_encode_octetstring); if (val->supportedCMSTypes != NULL) diff --git a/src/plugins/preauth/pkinit/Makefile.in b/src/plugins/preauth/pkinit/Makefile.in index 1f81d1c..c148d5a 100644 --- a/src/plugins/preauth/pkinit/Makefile.in +++ b/src/plugins/preauth/pkinit/Makefile.in @@ -30,7 +30,7 @@ STLIBOBJS= \ pkinit_srv.o \ pkinit_lib.o \ pkinit_clnt.o \ - pkinit_kdf_constants.o \ + pkinit_kdf_constants.o \ pkinit_profile.o \ pkinit_identity.o \ pkinit_matching.o \ @@ -57,10 +57,10 @@ clean:: $(RM) pkinit_test_kdf check-unix:: pkinit_kdf_test - $(RUN_SETUP) $(VALGRIND) ./pkinit_kdf_test + $(RUN_SETUP) $(VALGRIND) ./pkinit_kdf_test pkinit_kdf_test: pkinit_kdf_test.o $(STLIBOBJS) $(SHLIB_EXPDEPS) - $(CC_LINK) -o $@ pkinit_kdf_test.o $(STLIBOBJS) $(SHLIB_EXPLIBS) + $(CC_LINK) -o $@ pkinit_kdf_test.o $(STLIBOBJS) $(SHLIB_EXPLIBS) @libnover_frag@ @libobj_frag@ diff --git a/src/plugins/preauth/pkinit/pkinit.h b/src/plugins/preauth/pkinit/pkinit.h index 8928e9d..ffe2a14 100644 --- a/src/plugins/preauth/pkinit/pkinit.h +++ b/src/plugins/preauth/pkinit/pkinit.h @@ -219,13 +219,13 @@ typedef struct _pkinit_context *pkinit_context; * Client's per-request context */ struct _pkinit_req_context { - unsigned int magic; + unsigned int magic; pkinit_req_crypto_context cryptoctx; pkinit_req_opts *opts; pkinit_identity_crypto_context idctx; pkinit_identity_opts *idopts; krb5_preauthtype pa_type; - int rfc6112_kdc; + int rfc6112_kdc; }; typedef struct _pkinit_req_context *pkinit_req_context; diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 85b0167..3d3dceb 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -70,9 +70,9 @@ use_content_info(krb5_context context, pkinit_req_context req, return 0; if (krb5_principal_compare_any_realm(context, client, krb5_anonymous_principal())) - return 1; + return 1; return 0; - } +} static krb5_error_code pkinit_as_req_create(krb5_context context, pkinit_context plgctx, @@ -364,7 +364,7 @@ pkinit_as_req_create(krb5_context context, retval = ENOMEM; goto cleanup; } - if (use_content_info(context, reqctx, client)) + if (use_content_info(context, reqctx, client)) { retval = cms_contentinfo_create(context, plgctx->cryptoctx, reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, (unsigned char *) @@ -372,7 +372,7 @@ pkinit_as_req_create(krb5_context context, coded_auth_pack->length, &req->signedAuthPack.data, &req->signedAuthPack.length); - else { + } else { retval = cms_signeddata_create(context, plgctx->cryptoctx, reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1, @@ -1030,7 +1030,7 @@ pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata, case KRB5_PADATA_PKINIT_KX: reqctx->rfc6112_kdc = 1; return 0; - case KRB5_PADATA_PK_AS_REQ: + case KRB5_PADATA_PK_AS_REQ: pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n"); processing_request = 1; break; diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 37685f3..f6c7d5b 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -2103,7 +2103,8 @@ pkinit_octetstring2key(krb5_context context, unsigned char *key, unsigned int dh_key_len, krb5_keyblock *key_block) -{ krb5_error_code retval; +{ + krb5_error_code retval; unsigned char *buf = NULL; unsigned char md[SHA_DIGEST_LENGTH]; unsigned char counter; @@ -2183,22 +2184,19 @@ pkinit_alg_values(krb5_context context, *hash_bytes = 20; *func = &EVP_sha1; return 0; - } - else if ((alg_id->length == krb5_pkinit_sha256_oid_len) && - (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid, - krb5_pkinit_sha256_oid_len))) { + } else if ((alg_id->length == krb5_pkinit_sha256_oid_len) && + (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid, + krb5_pkinit_sha256_oid_len))) { *hash_bytes = 32; *func = &EVP_sha256; return 0; - } - else if ((alg_id->length == krb5_pkinit_sha512_oid_len) && - (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid, - krb5_pkinit_sha512_oid_len))) { + } else if ((alg_id->length == krb5_pkinit_sha512_oid_len) && + (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid, + krb5_pkinit_sha512_oid_len))) { *hash_bytes = 32; *func = &EVP_sha512; return 0; - } - else { + } else { krb5_set_error_message(context, KRB5_ERR_BAD_S2K_PARAMS, "Bad algorithm ID passed to PK-INIT KDF."); return KRB5_ERR_BAD_S2K_PARAMS; diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_constants.c b/src/plugins/preauth/pkinit/pkinit_kdf_constants.c index e967f38..f29764a 100644 --- a/src/plugins/preauth/pkinit/pkinit_kdf_constants.c +++ b/src/plugins/preauth/pkinit/pkinit_kdf_constants.c @@ -1,5 +1,5 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* prototype/prototype.c */ +/* plugins/preauth/pkinit/pkinit_kdf_constants.c */ /* * Copyright (C) 2011 by the Massachusetts Institute of Technology. * All rights reserved. diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c index 3f7c7c4..bb967bf 100644 --- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c +++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c @@ -1,5 +1,5 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* prototype/prototype.c */ +/* plugins/preauth/pkinit/pkinit_kdf_test.c */ /* * Copyright (C) 2011 by the Massachusetts Institute of Technology. * All rights reserved. @@ -55,10 +55,10 @@ int secret_len = 256; char twenty_as[10]; char eighteen_bs[9] ; -char party_u_name [] = "lha@SU.SE"; -char party_v_name [] = "krbtgt/SU.SE@SU.SE"; +char party_u_name[] = "lha@SU.SE"; +char party_v_name[] = "krbtgt/SU.SE@SU.SE"; int enctype_value = 18; -krb5_octet key_hex [] = +krb5_octet key_hex[] = {0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B, 0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D, 0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E, @@ -66,8 +66,7 @@ krb5_octet key_hex [] = const krb5_data lha_data = DATA_FROM_STRING("lha"); int -main (int argc, - char **argv) +main(int argc, char **argv) { /* arguments for calls to pkinit_alg_agility_kdf() */ krb5_context context = 0; @@ -87,13 +86,13 @@ main (int argc, /* initialize variables that get malloc'ed, so cleanup is safe */ krb5_init_context (&context); - memset (&alg_id, 0, sizeof(alg_id)); - memset (&as_req, 0, sizeof(as_req)); - memset (&pk_as_rep, 0, sizeof(pk_as_rep)); - memset (&key_block, 0, sizeof(key_block)); + memset(&alg_id, 0, sizeof(alg_id)); + memset(&as_req, 0, sizeof(as_req)); + memset(&pk_as_rep, 0, sizeof(pk_as_rep)); + memset(&key_block, 0, sizeof(key_block)); /* set up algorithm id */ - alg_id.algorithm.data = (unsigned char *) &krb5_pkinit_sha1_oid; + alg_id.algorithm.data = (unsigned char *)&krb5_pkinit_sha1_oid; alg_id.algorithm.length = krb5_pkinit_sha1_oid_len; /* set up a 256-byte, ALL-ZEROS secret */ @@ -134,7 +133,8 @@ main (int argc, } /* call pkinit_alg_agility_kdf() with test vector values*/ - if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id.algorithm, + if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, + &alg_id.algorithm, u_principal, v_principal, enctype, &as_req, &pk_as_rep, &key_block))) { @@ -149,20 +149,16 @@ main (int argc, (0 == memcmp(key_block.contents, key_hex, key_block.length))) { printf("SUCCESS: Correct key value generated!"); retval = 0; - } - else { + } else { printf("FAILURE: Incorrect key value generated!"); retval = 1; } cleanup: /* release all allocated resources, whether good or bad return */ - if (secret.data) - free(secret.data); - if (u_principal) - free(u_principal); - if (v_principal) - free(v_principal); + free(secret.data); + free(u_principal); + free(v_principal); krb5_free_keyblock_contents(context, &key_block); exit(retval); } diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c index 034587b..f93c074 100644 --- a/src/plugins/preauth/pkinit/pkinit_lib.c +++ b/src/plugins/preauth/pkinit/pkinit_lib.c @@ -164,8 +164,7 @@ free_krb5_auth_pack(krb5_auth_pack **in) if ((*in)->supportedCMSTypes != NULL) free_krb5_algorithm_identifiers(&((*in)->supportedCMSTypes)); if ((*in)->supportedKDFs) { - krb5_octet_data **supportedKDFs = - (*in)->supportedKDFs; + krb5_octet_data **supportedKDFs = (*in)->supportedKDFs; unsigned i; for (i = 0; supportedKDFs[i]; i++) krb5_free_octet_data(NULL, supportedKDFs[i]); -- cgit v1.1