From 3a2bbdb05ca6a6996e424c9fb225cb0d53804125 Mon Sep 17 00:00:00 2001
From: Alberto Gonzalez Iniesta <agi@inittab.org>
Date: Tue, 27 Dec 2016 18:25:47 +0100
Subject: New upstream version 2.4.0

---
 src/openvpn/pkcs11_mbedtls.c | 123 +++++++++++++++++++++++--------------------
 1 file changed, 65 insertions(+), 58 deletions(-)

(limited to 'src/openvpn/pkcs11_mbedtls.c')

diff --git a/src/openvpn/pkcs11_mbedtls.c b/src/openvpn/pkcs11_mbedtls.c
index e208b61..bdca893 100644
--- a/src/openvpn/pkcs11_mbedtls.c
+++ b/src/openvpn/pkcs11_mbedtls.c
@@ -5,8 +5,8 @@
  *             packet encryption, packet authentication, and
  *             packet compression.
  *
- *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *  Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
+ *  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ *  Copyright (C) 2010-2017 Fox Crypto B.V. <openvpn@fox-it.com>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
@@ -44,86 +44,93 @@
 
 int
 pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
-    struct tls_root_ctx * const ssl_ctx)
+                        struct tls_root_ctx *const ssl_ctx)
 {
-  int ret = 1;
-
-  ASSERT (NULL != ssl_ctx);
-
-  ALLOC_OBJ_CLEAR (ssl_ctx->crt_chain, mbedtls_x509_crt);
-  if (mbedtls_pkcs11_x509_cert_bind(ssl_ctx->crt_chain, certificate)) {
-      msg (M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
-      goto cleanup;
-  }
-
-  ALLOC_OBJ_CLEAR (ssl_ctx->priv_key_pkcs11, mbedtls_pkcs11_context);
-  if (mbedtls_pkcs11_priv_key_bind(ssl_ctx->priv_key_pkcs11, certificate)) {
-      msg (M_FATAL, "PKCS#11: Cannot initialize mbed TLS private key object");
-      goto cleanup;
-  }
-
-  ALLOC_OBJ_CLEAR (ssl_ctx->priv_key, mbedtls_pk_context);
-  if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ssl_ctx->priv_key,
-      ssl_ctx->priv_key_pkcs11, mbedtls_ssl_pkcs11_decrypt,
-      mbedtls_ssl_pkcs11_sign, mbedtls_ssl_pkcs11_key_len))) {
-      goto cleanup;
-  }
-
-  ret = 0;
+    int ret = 1;
+
+    ASSERT(NULL != ssl_ctx);
+
+    ALLOC_OBJ_CLEAR(ssl_ctx->crt_chain, mbedtls_x509_crt);
+    if (mbedtls_pkcs11_x509_cert_bind(ssl_ctx->crt_chain, certificate))
+    {
+        msg(M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
+        goto cleanup;
+    }
+
+    ALLOC_OBJ_CLEAR(ssl_ctx->priv_key_pkcs11, mbedtls_pkcs11_context);
+    if (mbedtls_pkcs11_priv_key_bind(ssl_ctx->priv_key_pkcs11, certificate))
+    {
+        msg(M_FATAL, "PKCS#11: Cannot initialize mbed TLS private key object");
+        goto cleanup;
+    }
+
+    ALLOC_OBJ_CLEAR(ssl_ctx->priv_key, mbedtls_pk_context);
+    if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ssl_ctx->priv_key,
+                                          ssl_ctx->priv_key_pkcs11, mbedtls_ssl_pkcs11_decrypt,
+                                          mbedtls_ssl_pkcs11_sign, mbedtls_ssl_pkcs11_key_len)))
+    {
+        goto cleanup;
+    }
+
+    ret = 0;
 
 cleanup:
-  return ret;
+    return ret;
 }
 
 char *
-pkcs11_certificate_dn (pkcs11h_certificate_t cert, struct gc_arena *gc)
+pkcs11_certificate_dn(pkcs11h_certificate_t cert, struct gc_arena *gc)
 {
-  char *ret = NULL;
-  char dn[1024] = {0};
+    char *ret = NULL;
+    char dn[1024] = {0};
 
-  mbedtls_x509_crt mbed_crt = {0};
+    mbedtls_x509_crt mbed_crt = {0};
 
-  if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert)) {
-      msg (M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
-      goto cleanup;
-  }
+    if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert))
+    {
+        msg(M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
+        goto cleanup;
+    }
 
-  if (-1 == mbedtls_x509_dn_gets (dn, sizeof(dn), &mbed_crt.subject)) {
-      msg (M_FATAL, "PKCS#11: mbed TLS cannot parse subject");
-      goto cleanup;
-  }
+    if (-1 == mbedtls_x509_dn_gets(dn, sizeof(dn), &mbed_crt.subject))
+    {
+        msg(M_FATAL, "PKCS#11: mbed TLS cannot parse subject");
+        goto cleanup;
+    }
 
-  ret = string_alloc(dn, gc);
+    ret = string_alloc(dn, gc);
 
 cleanup:
-  mbedtls_x509_crt_free(&mbed_crt);
+    mbedtls_x509_crt_free(&mbed_crt);
 
-  return ret;
+    return ret;
 }
 
 int
-pkcs11_certificate_serial (pkcs11h_certificate_t cert, char *serial,
-    size_t serial_len)
+pkcs11_certificate_serial(pkcs11h_certificate_t cert, char *serial,
+                          size_t serial_len)
 {
-  int ret = 1;
+    int ret = 1;
 
-  mbedtls_x509_crt mbed_crt = {0};
+    mbedtls_x509_crt mbed_crt = {0};
 
-  if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert)) {
-      msg (M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
-      goto cleanup;
-  }
+    if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert))
+    {
+        msg(M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
+        goto cleanup;
+    }
 
-  if (-1 == mbedtls_x509_serial_gets (serial, serial_len, &mbed_crt.serial)) {
-      msg (M_FATAL, "PKCS#11: mbed TLS cannot parse serial");
-      goto cleanup;
-  }
+    if (-1 == mbedtls_x509_serial_gets(serial, serial_len, &mbed_crt.serial))
+    {
+        msg(M_FATAL, "PKCS#11: mbed TLS cannot parse serial");
+        goto cleanup;
+    }
 
-  ret = 0;
+    ret = 0;
 
 cleanup:
-  mbedtls_x509_crt_free(&mbed_crt);
+    mbedtls_x509_crt_free(&mbed_crt);
 
-  return ret;
+    return ret;
 }
 #endif /* defined(ENABLE_PKCS11) && defined(ENABLE_CRYPTO_MBEDTLS) */
-- 
cgit v1.2.3