svn rev #25208: trunk/src/plugins/preauth/pkinit/

hartmans@MIT.EDU hartmans at MIT.EDU
Sun Sep 18 21:00:56 EDT 2011


http://src.mit.edu/fisheye/changelog/krb5/?cs=25208
Commit By: hartmans
Log Message:
reindent


Changed Files:
U   trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
U   trunk/src/plugins/preauth/pkinit/pkinit_kdf_constants.c
U   trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c	2011-09-19 00:59:29 UTC (rev 25207)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c	2011-09-19 01:00:56 UTC (rev 25208)
@@ -956,10 +956,10 @@
         p7si->digest_enc_alg->parameter->type = V_ASN1_NULL;
 
         if (cms_msg_type == CMS_SIGN_DRAFT9){
-                /* don't include signed attributes for pa-type 15 request */
-                abuf = data;
-                alen = data_len;
-            } else {
+            /* don't include signed attributes for pa-type 15 request */
+            abuf = data;
+            alen = data_len;
+        } else {
             /* add signed attributes */
             /* compute sha1 digest over the EncapsulatedContentInfo */
             EVP_MD_CTX_init(&ctx);
@@ -1213,13 +1213,13 @@
                  __FUNCTION__, ERR_error_string(err, NULL));
         goto cleanup;
     }
-        etype = CMS_get0_eContentType(cms);
+    etype = CMS_get0_eContentType(cms);
 
     /*
      * Prior to 1.10 the MIT client incorrectly omitted the pkinit structure
      * directly in a CMS ContentInfo rather than using SignedData with no
      * signers. Handle that case.
-    */
+     */
     type = CMS_get0_type(cms);
     if (is_signed && !OBJ_cmp(type, oid)) {
         unsigned char *d;
@@ -1271,13 +1271,13 @@
         /* Not actually signed; anonymous case */
         if (!is_signed)
             goto cleanup;
-                *is_signed = 0;
-                /* We cannot use CMS_dataInit because there may be no digest */
-                octets = pkinit_CMS_get0_content_signed(cms);
-                if (octets)
-                    out = BIO_new_mem_buf((*octets)->data, (*octets)->length);
-                                if (out == NULL)
-                    goto cleanup;
+        *is_signed = 0;
+        /* We cannot use CMS_dataInit because there may be no digest */
+        octets = pkinit_CMS_get0_content_signed(cms);
+        if (octets)
+            out = BIO_new_mem_buf((*octets)->data, (*octets)->length);
+        if (out == NULL)
+            goto cleanup;
     } else {
         pkinit_CMS_SignerInfo_get_cert(cms, si, &x);
         if (x == NULL)
@@ -1413,23 +1413,23 @@
         if (i <= 0)
             goto cleanup;
         out = BIO_new(BIO_s_mem());
-    if (cms_msg_type == CMS_SIGN_DRAFT9)
-        flags |= CMS_NOATTR;
-    if (CMS_verify(cms, NULL, store, NULL, out, flags) == 0) {
-        unsigned long err = ERR_peek_error();
-        switch(ERR_GET_REASON(err)) {
-        case PKCS7_R_DIGEST_FAILURE:
-            retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED;
-            break;
-        case PKCS7_R_SIGNATURE_FAILURE:
-        default:
-            retval = KRB5KDC_ERR_INVALID_SIG;
+        if (cms_msg_type == CMS_SIGN_DRAFT9)
+            flags |= CMS_NOATTR;
+        if (CMS_verify(cms, NULL, store, NULL, out, flags) == 0) {
+            unsigned long err = ERR_peek_error();
+            switch(ERR_GET_REASON(err)) {
+            case PKCS7_R_DIGEST_FAILURE:
+                retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED;
+                break;
+            case PKCS7_R_SIGNATURE_FAILURE:
+            default:
+                retval = KRB5KDC_ERR_INVALID_SIG;
+            }
+            pkiDebug("CMS Verification failure\n");
+            krb5_set_error_message(context, retval, "%s\n",
+                                   ERR_error_string(err, NULL));
+            goto cleanup;
         }
-        pkiDebug("CMS Verification failure\n");
-        krb5_set_error_message(context, retval, "%s\n",
-                               ERR_error_string(err, NULL));
-        goto cleanup;
-    }
     } /* message was signed */
     if (!OBJ_cmp(etype, oid))
         valid_oid = 1;
@@ -2140,7 +2140,7 @@
 
     retval = krb5_c_keylengths(context, etype, &keybytes, &keylength);
     if (retval)
-       goto cleanup;
+        goto cleanup;
 
     key_block->length = keylength;
     key_block->contents = malloc(keylength);
@@ -2185,15 +2185,15 @@
         return 0;
     }
     else if ((alg_id->length == krb5_pkinit_sha256_oid_len) &&
-        (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid,
-                     krb5_pkinit_sha256_oid_len))) {
+             (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid,
+                          krb5_pkinit_sha256_oid_len))) {
         *hash_bytes = 32;
         *func = &EVP_sha256;
         return 0;
     }
     else if ((alg_id->length == krb5_pkinit_sha512_oid_len) &&
              (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid,
-                     krb5_pkinit_sha512_oid_len))) {
+                          krb5_pkinit_sha512_oid_len))) {
         *hash_bytes = 32;
         *func = &EVP_sha512;
         return 0;
@@ -2329,14 +2329,14 @@
             (0 == EVP_DigestUpdate(&c, secret->data, secret->length)) ||
             (0 == EVP_DigestUpdate(&c, other_info->data, other_info->length))) {
             krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL,
-                               "Call to OpenSSL EVP_DigestUpdate() returned an error.");
+                                   "Call to OpenSSL EVP_DigestUpdate() returned an error.");
             retval = KRB5_CRYPTO_INTERNAL;
             goto cleanup;
         }
 
         /* 4.  Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */
         if (0 == EVP_DigestFinal(&c, (rand_buf + offset), &s)) {
-        krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL,
+            krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL,
                                    "Call to OpenSSL EVP_DigestUpdate() returned an error.");
             retval = KRB5_CRYPTO_INTERNAL;
             goto cleanup;
@@ -2345,7 +2345,7 @@
 
         assert(s == hash_len); /* add a message to this assert? */
 
-    EVP_MD_CTX_cleanup(&c);
+        EVP_MD_CTX_cleanup(&c);
     }
 
     /* Reduce length of random data to key_len to avoid errors. */

Modified: trunk/src/plugins/preauth/pkinit/pkinit_kdf_constants.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_kdf_constants.c	2011-09-19 00:59:29 UTC (rev 25207)
+++ trunk/src/plugins/preauth/pkinit/pkinit_kdf_constants.c	2011-09-19 01:00:56 UTC (rev 25208)
@@ -47,11 +47,11 @@
 
 /* statically declare OID constants for all three algorithms */
 const krb5_octet krb5_pkinit_sha1_oid[10] =
-                    {0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x01};
+{0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x01};
 const size_t krb5_pkinit_sha1_oid_len = 8;
 const krb5_octet krb5_pkinit_sha256_oid[10] =
-                    {0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x02};
+{0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x02};
 const size_t krb5_pkinit_sha256_oid_len = 8;
 const krb5_octet krb5_pkinit_sha512_oid [10] =
-                    {0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x03};
+{0x2B,0x06,0x01,0x05,0x02,0x03,0x06,0x03};
 const size_t krb5_pkinit_sha512_oid_len = 8;

Modified: trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c	2011-09-19 00:59:29 UTC (rev 25207)
+++ trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c	2011-09-19 01:00:56 UTC (rev 25208)
@@ -47,7 +47,7 @@
  * Initialize a krb5_data from @a s, a constant string. Note @a s is evaluated
  * multiple times; this is acceptable for constants.
  */
-#define DATA_FROM_STRING(s) \
+#define DATA_FROM_STRING(s)                     \
     {0, sizeof(s)-1, (char *) s}
 
 
@@ -59,10 +59,10 @@
 char party_v_name [] = "krbtgt/SU.SE at SU.SE";
 int enctype_value = 18;
 krb5_octet key_hex [] =
-  {0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B,
-   0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D,
-   0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E,
-   0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD};
+{0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B,
+ 0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D,
+ 0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E,
+ 0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD};
 const krb5_data lha_data = DATA_FROM_STRING("lha");
 
 int
@@ -110,14 +110,14 @@
                                         &u_principal)))
         (0 != (retval = krb5_parse_name(context, party_v_name,
                                         &v_principal)))) {
-      printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d",
-             retval);
-      goto cleanup;
+        printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d",
+               retval);
+        goto cleanup;
     }
 
     /* set-up the as_req and and pk_as_rep data */
     memset(twenty_as, 0xaa, sizeof(twenty_as));
-           memset(eighteen_bs, 0xbb, sizeof(eighteen_bs));
+    memset(eighteen_bs, 0xbb, sizeof(eighteen_bs));
     as_req.length = sizeof(twenty_as);
     as_req.data = (unsigned char *)&twenty_as;
 
@@ -127,11 +127,11 @@
     /* set-up the key_block */
     if (0 != (retval = krb5_init_keyblock(context, enctype, max_keylen,
                                           &key_block_ptr))) {
-          printf("ERROR in pkinit_kdf_test: can't init keybloc, retval = %d",
-                 retval);
-          goto cleanup;
+        printf("ERROR in pkinit_kdf_test: can't init keybloc, retval = %d",
+               retval);
+        goto cleanup;
 
-        }
+    }
 
     /* call pkinit_alg_agility_kdf() with test vector values*/
     if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id.algorithm,
@@ -146,23 +146,23 @@
     /* compare key to expected key value */
 
     if ((key_block.length == sizeof(key_hex)) &&
-            (0 == memcmp(key_block.contents, key_hex, key_block.length))) {
-            printf("SUCCESS: Correct key value generated!");
-            retval = 0;
-        }
-        else {
-            printf("FAILURE: Incorrect key value generated!");
-            retval = 1;
-        }
+        (0 == memcmp(key_block.contents, key_hex, key_block.length))) {
+        printf("SUCCESS: Correct key value generated!");
+        retval = 0;
+    }
+    else {
+        printf("FAILURE: Incorrect key value generated!");
+        retval = 1;
+    }
 
-    cleanup:
-        /* release all allocated resources, whether good or bad return */
-        if (secret.data)
-          free(secret.data);
-        if (u_principal)
-          free(u_principal);
-        if (v_principal)
-          free(v_principal);
-                krb5_free_keyblock_contents(context, &key_block);
-        exit(retval);
+cleanup:
+    /* release all allocated resources, whether good or bad return */
+    if (secret.data)
+        free(secret.data);
+    if (u_principal)
+        free(u_principal);
+    if (v_principal)
+        free(v_principal);
+    krb5_free_keyblock_contents(context, &key_block);
+    exit(retval);
 }




More information about the cvs-krb5 mailing list