uncrustify

source/src/cip/cip_security/cert_req.c

@@ -15,7 +15,7 @@
  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- * 
+ *
  ******************************************************************************
  *  Modifications copyright (C) 2023, Rockwell Automation, Inc.
  *  All rights reserved.
@@ -74,7 +74,7 @@ struct options {
 } options;
 
 /** @brief  Write certificate request
- * 
+ *
  *  @param req structure containing CSR Parameters
  *  @param output_file  where to store the constructed key file
  *  @param f_rng random number generator function
@@ -90,15 +90,16 @@ int write_certificate_request(mbedtls_x509write_csr *req,
   unsigned char output_buf[4096];
 
   memset(output_buf, 0, 4096);
-  if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) <
-      0) {
+  if ( ( ret =
+           mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng) ) <
+       0 ) {
     return ret;
   }
 
-  size_t len = strlen((char *)output_buf);
+  size_t len = strlen( (char *)output_buf );
   FILE *file;
 
-  if ((file = fopen(output_file, "w")) == NULL) {
+  if ( ( file = fopen(output_file, "w") ) == NULL ) {
     return -1;
   }
 
@@ -113,7 +114,7 @@ int write_certificate_request(mbedtls_x509write_csr *req,
 }
 
 /* function called in OpENer certificatemanagement */
-int MbedtlsWriteCSR(CipShortString *short_strings) { 
+int MbedtlsWriteCSR(CipShortString *short_strings) {
   int ret = 1;
   int exit_code = MBEDTLS_EXIT_FAILURE;
   mbedtls_pk_context key;
@@ -130,7 +131,7 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
   mbedtls_x509write_csr_init(&req);
   mbedtls_pk_init(&key);
   mbedtls_ctr_drbg_init(&ctr_drbg);
-  memset(buf, 0, sizeof(buf));
+  memset( buf, 0, sizeof(buf) );
   mbedtls_entropy_init(&entropy);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -145,13 +146,16 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
 
   /* create subjectName string from input params */
   char subjectName[500];
-  snprintf(subjectName, sizeof(subjectName), SUBJECT_NAME_TEMPLATE, short_strings[0].string,
-                                                                    short_strings[1].string,
-                                                                    short_strings[2].string,
-                                                                    short_strings[3].string,
-                                                                    short_strings[4].string,
-                                                                    short_strings[5].string,
-                                                                    short_strings[6].string);
+  snprintf(subjectName,
+           sizeof(subjectName),
+           SUBJECT_NAME_TEMPLATE,
+           short_strings[0].string,
+           short_strings[1].string,
+           short_strings[2].string,
+           short_strings[3].string,
+           short_strings[4].string,
+           short_strings[5].string,
+           short_strings[6].string);
 
   options.filename = DFL_FILENAME;
   options.password = DFL_PASSWORD;
@@ -174,7 +178,7 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
 
     if (ret != 0) {
       OPENER_TRACE_INFO(
-          " failed\n  !  mbedtls_x509write_csr_set_key_usage returned %d", ret);
+        " failed\n  !  mbedtls_x509write_csr_set_key_usage returned %d", ret);
       goto exit;
     }
   }
@@ -185,7 +189,8 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
 
     if (ret != 0) {
       OPENER_TRACE_INFO(
-          " failed\n  !  mbedtls_x509write_csr_set_ns_cert_type returned %d", ret);
+        " failed\n  !  mbedtls_x509write_csr_set_ns_cert_type returned %d",
+        ret);
       goto exit;
     }
   }
@@ -196,9 +201,9 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
   OPENER_TRACE_INFO("  . Seeding the random number generator...");
   fflush(stdout);
 
-  if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                   NULL,
-                                   0)) != 0) {
+  if ( ( ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     NULL,
+                                     0) ) != 0 ) {
     OPENER_TRACE_INFO(" failed\n  !  mbedtls_ctr_drbg_seed returned %d", ret);
     goto exit;
   }
@@ -211,11 +216,13 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
   OPENER_TRACE_INFO("  . Checking subject name...");
   fflush(stdout);
 
-  if ((ret = mbedtls_x509write_csr_set_subject_name(&req, options.subject_name)) !=
-      0) {
+  if ( ( ret =
+           mbedtls_x509write_csr_set_subject_name(&req,
+                                                  options.subject_name) ) !=
+       0 ) {
     OPENER_TRACE_INFO(
-        " failed\n  !  mbedtls_x509write_csr_set_subject_name returned %d",
-        ret);
+      " failed\n  !  mbedtls_x509write_csr_set_subject_name returned %d",
+      ret);
     goto exit;
   }
 
@@ -231,7 +238,8 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
                                  mbedtls_ctr_drbg_random, &ctr_drbg);
 
   if (ret != 0) {
-    OPENER_TRACE_INFO(" failed\n  !  mbedtls_pk_parse_keyfile returned %d", ret);
+    OPENER_TRACE_INFO(" failed\n  !  mbedtls_pk_parse_keyfile returned %d",
+                      ret);
     goto exit;
   }
 
@@ -245,8 +253,9 @@ int MbedtlsWriteCSR(CipShortString *short_strings) {
   OPENER_TRACE_INFO("  . Writing the certificate request ...");
   fflush(stdout);
 
-  if ((ret = write_certificate_request(
-           &req, options.output_file, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+  if ( ( ret = write_certificate_request(
+           &req, options.output_file, mbedtls_ctr_drbg_random,
+           &ctr_drbg) ) != 0 ) {
     OPENER_TRACE_INFO(" failed\n  !  write_certificate_request %d", ret);
     goto exit;
   }
@@ -259,7 +268,7 @@ exit:
 
   if (exit_code != MBEDTLS_EXIT_SUCCESS) {
 #ifdef MBEDTLS_ERROR_C
-    mbedtls_strerror(ret, buf, sizeof(buf));
+    mbedtls_strerror( ret, buf, sizeof(buf) );
     OPENER_TRACE_INFO(" - %s\n", buf);
 #else
     OPENER_TRACE_INFO("\n");

source/src/cip/cip_security/cert_req.h

@@ -15,7 +15,7 @@
  * public functions
  */
 /** @brief  Certificate signing request generation
- * 
+ *
  *  @param short_strings structure containing CSR Parameters
  *  @return status
  */

source/src/cip/cip_security/cert_write.c

@@ -15,7 +15,7 @@
  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- * 
+ *
  ******************************************************************************
  *  Modifications copyright (C) 2023, Rockwell Automation, Inc.
  *  All rights reserved.
@@ -48,15 +48,15 @@
 #include "cert_write.h"
 #include "trace.h"
 
-// oid - object identifier 
+// oid - object identifier
 #define SET_OID(x, oid) \
-    do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char *) oid; } while (0)
+  do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char *) oid; } while (0)
 
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
 #define USAGE_CSR                                                           \
-    "    request_file=%%s         default: (empty)\n"                           \
-    "                            If request_file is specified, subject_key,\n"  \
-    "                            subject_pwd and subject_name are ignored!\n"
+  "    request_file=%%s         default: (empty)\n"                           \
+  "                            If request_file is specified, subject_key,\n"  \
+  "                            subject_pwd and subject_name are ignored!\n"
 #else
 #define USAGE_CSR ""
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
@@ -93,550 +93,571 @@
 #define DFL_FORMAT              FORMAT_PEM
 
 typedef enum {
-    SERIAL_FRMT_UNSPEC,
-    SERIAL_FRMT_DEC,
-    SERIAL_FRMT_HEX
+  SERIAL_FRMT_UNSPEC,
+  SERIAL_FRMT_DEC,
+  SERIAL_FRMT_HEX
 } serial_format_t;
 
 /*
  * global options
  */
 struct options {
-    const char *issuer_crt;     /* filename of the issuer certificate   */
-    const char *request_file;   /* filename of the certificate request  */
-    const char *subject_key;    /* filename of the subject key file     */
-    const char *issuer_key;     /* filename of the issuer key file      */
-    const char *subject_pwd;    /* password for the subject key file    */
-    const char *issuer_pwd;     /* password for the issuer key file     */
-    const char *output_file;    /* where to store the constructed CRT   */
-    const char *subject_name;   /* subject name for certificate         */
-    const char *issuer_name;    /* issuer name for certificate          */
-    const char *not_before;     /* validity period not before           */
-    const char *not_after;      /* validity period not after            */
-    const char *serial;         /* serial number string (decimal)       */
-    const char *serial_hex;     /* serial number string (hex)           */
-    int selfsign;               /* selfsign the certificate             */
-    int is_ca;                  /* is a CA certificate                  */
-    int max_pathlen;            /* maximum CA path length               */
-    int authority_identifier;   /* add authority identifier to CRT      */
-    int subject_identifier;     /* add subject identifier to CRT        */
-    int basic_constraints;      /* add basic constraints ext to CRT     */
-    int version;                /* CRT version                          */
-    mbedtls_md_type_t md;       /* Hash used for signing                */
-    unsigned char key_usage;    /* key usage flags                      */
-    mbedtls_asn1_sequence *ext_key_usage; /* extended key usages        */
-    unsigned char ns_cert_type; /* NS cert type                         */
-    int format;                 /* format                               */
+  const char *issuer_crt;       /* filename of the issuer certificate   */
+  const char *request_file;     /* filename of the certificate request  */
+  const char *subject_key;      /* filename of the subject key file     */
+  const char *issuer_key;       /* filename of the issuer key file      */
+  const char *subject_pwd;      /* password for the subject key file    */
+  const char *issuer_pwd;       /* password for the issuer key file     */
+  const char *output_file;      /* where to store the constructed CRT   */
+  const char *subject_name;     /* subject name for certificate         */
+  const char *issuer_name;      /* issuer name for certificate          */
+  const char *not_before;       /* validity period not before           */
+  const char *not_after;        /* validity period not after            */
+  const char *serial;           /* serial number string (decimal)       */
+  const char *serial_hex;       /* serial number string (hex)           */
+  int selfsign;                 /* selfsign the certificate             */
+  int is_ca;                    /* is a CA certificate                  */
+  int max_pathlen;              /* maximum CA path length               */
+  int authority_identifier;     /* add authority identifier to CRT      */
+  int subject_identifier;       /* add subject identifier to CRT        */
+  int basic_constraints;        /* add basic constraints ext to CRT     */
+  int version;                  /* CRT version                          */
+  mbedtls_md_type_t md;         /* Hash used for signing                */
+  unsigned char key_usage;      /* key usage flags                      */
+  mbedtls_asn1_sequence *ext_key_usage;   /* extended key usages        */
+  unsigned char ns_cert_type;   /* NS cert type                         */
+  int format;                   /* format                               */
 } options;
 
 
 /** @brief  write an X.509 certificate to a PEM or DER file format
- * 
+ *
  *  @param crt certificate structure
  *  @param output_file  output file pointer
  *  @param f_rng random number generator function
  *  @param p_rng random number generator param
  *  @return status
  */
-int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
+int write_certificate(mbedtls_x509write_cert *crt,
+                      const char *output_file,
                       int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng)
-{
-    int ret;
-    FILE *file;
-    unsigned char output_buf[4096];
-    unsigned char *output_start;
-    size_t len = 0;
-
-    memset(output_buf, 0, 4096);
-    if (options.format == FORMAT_DER) {
-        ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
-                                        f_rng, p_rng);
-        if (ret < 0) {
-            return ret;
-        }
-
-        len = (size_t)ret;
-        output_start = output_buf + 4096 - len;
-    } else {
-        ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
-                                        f_rng, p_rng);
-        if (ret < 0) {
-            return ret;
-        }
-
-        len = strlen((char *) output_buf);
-        output_start = output_buf;
+                      void *p_rng) {
+  int ret;
+  FILE *file;
+  unsigned char output_buf[4096];
+  unsigned char *output_start;
+  size_t len = 0;
+
+  memset(output_buf, 0, 4096);
+  if (options.format == FORMAT_DER) {
+    ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
+                                    f_rng, p_rng);
+    if (ret < 0) {
+      return ret;
     }
 
-    if ((file = fopen(output_file, "w")) == NULL) {
-        return -1;
+    len = (size_t)ret;
+    output_start = output_buf + 4096 - len;
+  } else {
+    ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
+                                    f_rng, p_rng);
+    if (ret < 0) {
+      return ret;
     }
 
-    if (fwrite(output_start, 1, len, file) != len) {
-        fclose(file);
-        return -1;
-    }
+    len = strlen( (char *) output_buf );
+    output_start = output_buf;
+  }
 
+  if ( ( file = fopen(output_file, "w") ) == NULL ) {
+    return -1;
+  }
+
+  if (fwrite(output_start, 1, len, file) != len) {
     fclose(file);
+    return -1;
+  }
+
+  fclose(file);
 
-    return 0;
+  return 0;
 }
 
 /** @brief  parse and convert a decimal string format to its equivalent binary representation
- * 
+ *
  *  @param obuf  output buffer
- *  @param obufmax 
+ *  @param obufmax
  *  @param ibuf  input buffer
- *  @param len  
+ *  @param len
  *  @return status
  */
-int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax,
-                                const char *ibuf, size_t *len)
-{
-    unsigned long long int dec;
-    unsigned int remaining_bytes = sizeof(dec);
-    unsigned char *p = obuf;
-    unsigned char val;
-    char *end_ptr = NULL;
-
-    errno = 0;
-    dec = strtoull(ibuf, &end_ptr, 10);
-
-    if ((errno != 0) || (end_ptr == ibuf)) {
-        return -1;
+int parse_serial_decimal_format(unsigned char *obuf,
+                                size_t obufmax,
+                                const char *ibuf,
+                                size_t *len) {
+  unsigned long long int dec;
+  unsigned int remaining_bytes = sizeof(dec);
+  unsigned char *p = obuf;
+  unsigned char val;
+  char *end_ptr = NULL;
+
+  errno = 0;
+  dec = strtoull(ibuf, &end_ptr, 10);
+
+  if ( (errno != 0) || (end_ptr == ibuf) ) {
+    return -1;
+  }
+
+  *len = 0;
+
+  while (remaining_bytes > 0) {
+    if ( obufmax < (*len + 1) ) {
+      return -1;
     }
 
-    *len = 0;
-
-    while (remaining_bytes > 0) {
-        if (obufmax < (*len + 1)) {
-            return -1;
-        }
-
-        val = (dec >> ((remaining_bytes - 1) * 8)) & 0xFF;
+    val = ( dec >> ( (remaining_bytes - 1) * 8 ) ) & 0xFF;
 
-        /* Skip leading zeros */
-        if ((val != 0) || (*len != 0)) {
-            *p = val;
-            (*len)++;
-            p++;
-        }
-
-        remaining_bytes--;
+    /* Skip leading zeros */
+    if ( (val != 0) || (*len != 0) ) {
+      *p = val;
+      (*len)++;
+      p++;
     }
 
-    return 0;
+    remaining_bytes--;
+  }
+
+  return 0;
 }
 
 /* function called in OpENer certificatemanagement */
-int MbedtlsGenerateCertificate(char *subject_name_input[], char *serial_number_input)
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_x509_crt issuer_crt;
-    mbedtls_pk_context loaded_issuer_key;
-    mbedtls_pk_context loaded_subject_key;
-    mbedtls_pk_context *issuer_key = &loaded_issuer_key;
-    mbedtls_pk_context *subject_key = &loaded_subject_key;
-    char buf[1024];
-    char issuer_name[256];
+int MbedtlsGenerateCertificate(char *subject_name_input[],
+                               char *serial_number_input) {
+  int ret = 1;
+  int exit_code = MBEDTLS_EXIT_FAILURE;
+  mbedtls_x509_crt issuer_crt;
+  mbedtls_pk_context loaded_issuer_key;
+  mbedtls_pk_context loaded_subject_key;
+  mbedtls_pk_context *issuer_key = &loaded_issuer_key;
+  mbedtls_pk_context *subject_key = &loaded_subject_key;
+  char buf[1024];
+  char issuer_name[256];
 
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
-    char subject_name[256]; 
-    mbedtls_x509_csr csr;
+  char subject_name[256];
+  mbedtls_x509_csr csr;
 #endif
-    mbedtls_x509write_cert crt;
-    //serial_format_t serial_frmt = SERIAL_FRMT_UNSPEC;
-    unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
-    size_t serial_len;
-    //mbedtls_asn1_sequence *ext_key_usage;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg; //ctr_drbg - Counter Mode Deterministic Random Bit Generator
-
-    /*
-     * Set to sane values
-     */
-    mbedtls_x509write_crt_init(&crt);
-    mbedtls_pk_init(&loaded_issuer_key);
-    mbedtls_pk_init(&loaded_subject_key);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
+  mbedtls_x509write_cert crt;
+  //serial_format_t serial_frmt = SERIAL_FRMT_UNSPEC;
+  unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
+  size_t serial_len;
+  //mbedtls_asn1_sequence *ext_key_usage;
+  mbedtls_entropy_context entropy;
+  mbedtls_ctr_drbg_context ctr_drbg;   //ctr_drbg - Counter Mode Deterministic Random Bit Generator
+
+  /*
+   * Set to sane values
+   */
+  mbedtls_x509write_crt_init(&crt);
+  mbedtls_pk_init(&loaded_issuer_key);
+  mbedtls_pk_init(&loaded_subject_key);
+  mbedtls_ctr_drbg_init(&ctr_drbg);
+  mbedtls_entropy_init(&entropy);
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
-    mbedtls_x509_csr_init(&csr);
+  mbedtls_x509_csr_init(&csr);
 #endif
-    mbedtls_x509_crt_init(&issuer_crt);
-    memset(buf, 0, sizeof(buf));
-    memset(serial, 0, sizeof(serial));
+  mbedtls_x509_crt_init(&issuer_crt);
+  memset( buf, 0, sizeof(buf) );
+  memset( serial, 0, sizeof(serial) );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
+  psa_status_t status = psa_crypto_init();
+  if (status != PSA_SUCCESS) {
+    mbedtls_fprintf(stderr,
+                    "Failed to initialize PSA Crypto implementation: %d\n",
+                    (int) status);
+    goto exit;
+  }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /* create issuerName string from input params */
-    char issuerName[500];
-    snprintf(issuerName, sizeof(issuerName), SUBJECT_NAME_TEMPLATE, subject_name_input[0],
-                                                                      subject_name_input[1],
-                                                                      subject_name_input[2],
-                                                                      subject_name_input[3],
-                                                                      subject_name_input[4],
-                                                                      subject_name_input[5],
-                                                                      subject_name_input[6]);
-
-    options.issuer_crt          = DFL_ISSUER_CRT;
-    options.request_file        = DFL_REQUEST_FILE;
-    options.subject_key         = DFL_SUBJECT_KEY;
-    options.issuer_key          = DFL_ISSUER_KEY;
-    options.subject_pwd         = DFL_SUBJECT_PWD;
-    options.issuer_pwd          = DFL_ISSUER_PWD;
-    options.output_file         = DFL_OUTPUT_FILENAME;
-    options.subject_name        = SUBJECT_NAME_TEMPLATE;  // same as issuer_name for self-signed certificate
-    options.issuer_name         = issuerName;
-    options.not_before          = DFL_NOT_BEFORE;
-    options.not_after           = DFL_NOT_AFTER;
-    options.serial              = serial_number_input;
-    options.serial_hex          = DFL_SERIAL_HEX;
-    options.selfsign            = DFL_SELFSIGN;
-    options.is_ca               = DFL_IS_CA;
-    options.max_pathlen         = DFL_MAX_PATHLEN;
-    options.key_usage           = DFL_KEY_USAGE;
-    options.ext_key_usage       = DFL_EXT_KEY_USAGE;
-    options.ns_cert_type        = DFL_NS_CERT_TYPE;
-    options.version             = DFL_VERSION - 1;
-    options.md                  = DFL_DIGEST;
-    options.subject_identifier   = DFL_SUBJ_IDENT;
-    options.authority_identifier = DFL_AUTH_IDENT;
-    options.basic_constraints    = DFL_CONSTRAINTS;
-    options.format              = DFL_FORMAT;
-
-    OPENER_TRACE_INFO("\n");
+  char issuerName[500];
+  snprintf(issuerName,
+           sizeof(issuerName),
+           SUBJECT_NAME_TEMPLATE,
+           subject_name_input[0],
+           subject_name_input[1],
+           subject_name_input[2],
+           subject_name_input[3],
+           subject_name_input[4],
+           subject_name_input[5],
+           subject_name_input[6]);
+
+  options.issuer_crt          = DFL_ISSUER_CRT;
+  options.request_file        = DFL_REQUEST_FILE;
+  options.subject_key         = DFL_SUBJECT_KEY;
+  options.issuer_key          = DFL_ISSUER_KEY;
+  options.subject_pwd         = DFL_SUBJECT_PWD;
+  options.issuer_pwd          = DFL_ISSUER_PWD;
+  options.output_file         = DFL_OUTPUT_FILENAME;
+  options.subject_name        = SUBJECT_NAME_TEMPLATE;    // same as issuer_name for self-signed certificate
+  options.issuer_name         = issuerName;
+  options.not_before          = DFL_NOT_BEFORE;
+  options.not_after           = DFL_NOT_AFTER;
+  options.serial              = serial_number_input;
+  options.serial_hex          = DFL_SERIAL_HEX;
+  options.selfsign            = DFL_SELFSIGN;
+  options.is_ca               = DFL_IS_CA;
+  options.max_pathlen         = DFL_MAX_PATHLEN;
+  options.key_usage           = DFL_KEY_USAGE;
+  options.ext_key_usage       = DFL_EXT_KEY_USAGE;
+  options.ns_cert_type        = DFL_NS_CERT_TYPE;
+  options.version             = DFL_VERSION - 1;
+  options.md                  = DFL_DIGEST;
+  options.subject_identifier   = DFL_SUBJ_IDENT;
+  options.authority_identifier = DFL_AUTH_IDENT;
+  options.basic_constraints    = DFL_CONSTRAINTS;
+  options.format              = DFL_FORMAT;
+
+  OPENER_TRACE_INFO("\n");
+
+  /*
+   * 0. Seed the PRNG
+   */
+  OPENER_TRACE_INFO("  . Seeding the random number generator...");
+  fflush(stdout);
+
+  if ( ( ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     NULL,
+                                     0) ) != 0 ) {
+    mbedtls_strerror( ret, buf, sizeof(buf) );
+    OPENER_TRACE_INFO(" failed\n  !  mbedtls_ctr_drbg_seed returned %d - %s\n",
+                      ret, buf);
+    goto exit;
+  }
 
-    /*
-     * 0. Seed the PRNG
-     */
-    OPENER_TRACE_INFO("  . Seeding the random number generator...");
-    fflush(stdout);
+  OPENER_TRACE_INFO(" ok\n");
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     NULL,
-                                     0)) != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        OPENER_TRACE_INFO(" failed\n  !  mbedtls_ctr_drbg_seed returned %d - %s\n",
-                       ret, buf);
-        goto exit;
-    }
+  // Parse serial to MPI
+  OPENER_TRACE_INFO("  . Reading serial number...");
+  fflush(stdout);
 
-    OPENER_TRACE_INFO(" ok\n");
+  ret = parse_serial_decimal_format(serial, sizeof(serial), options.serial,
+                                    &serial_len);
+
+  if (ret != 0) {
+    OPENER_TRACE_INFO(" failed\n  !  Unable to parse serial\n");
+    goto exit;
+  }
 
-    // Parse serial to MPI
-    OPENER_TRACE_INFO("  . Reading serial number...");
+  OPENER_TRACE_INFO(" ok\n");
+
+  // Parse issuer certificate if present
+  //
+  if ( !options.selfsign && strlen(options.issuer_crt) ) {
+    /*
+     * 1.0.a. Load the certificates
+     */
+    OPENER_TRACE_INFO("  . Loading the issuer certificate ...");
     fflush(stdout);
 
-    ret = parse_serial_decimal_format(serial, sizeof(serial), options.serial,
-                                      &serial_len);
+    if ( ( ret =
+             mbedtls_x509_crt_parse_file(&issuer_crt,
+                                         options.issuer_crt) ) != 0 ) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_crt_parse_file "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
+    }
 
-    if (ret != 0) {
-        OPENER_TRACE_INFO(" failed\n  !  Unable to parse serial\n");
-        goto exit;
+    ret = mbedtls_x509_dn_gets(issuer_name, sizeof(issuer_name),
+                               &issuer_crt.subject);
+    if (ret < 0) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_dn_gets "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    OPENER_TRACE_INFO(" ok\n");
+    options.issuer_name = issuer_name;
 
-    // Parse issuer certificate if present
-    //
-    if (!options.selfsign && strlen(options.issuer_crt)) {
-        /*
-         * 1.0.a. Load the certificates
-         */
-        OPENER_TRACE_INFO("  . Loading the issuer certificate ...");
-        fflush(stdout);
-
-        if ((ret = mbedtls_x509_crt_parse_file(&issuer_crt, options.issuer_crt)) != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_crt_parse_file "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        ret = mbedtls_x509_dn_gets(issuer_name, sizeof(issuer_name),
-                                   &issuer_crt.subject);
-        if (ret < 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_dn_gets "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        options.issuer_name = issuer_name;
-
-        OPENER_TRACE_INFO(" ok\n");
-    }
+    OPENER_TRACE_INFO(" ok\n");
+  }
 
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
-    // Parse certificate request if present
-    //
-    if (!options.selfsign && strlen(options.request_file)) {
-        /*
-         * 1.0.b. Load the CSR
-         */
-        OPENER_TRACE_INFO("  . Loading the certificate request ...");
-        fflush(stdout);
-
-        if ((ret = mbedtls_x509_csr_parse_file(&csr, options.request_file)) != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_csr_parse_file "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        ret = mbedtls_x509_dn_gets(subject_name, sizeof(subject_name),
-                                   &csr.subject);
-        if (ret < 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_dn_gets "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        options.subject_name = subject_name;
-        subject_key = &csr.pk;
-
-        OPENER_TRACE_INFO(" ok\n");
-    }
-#endif /* MBEDTLS_X509_CSR_PARSE_C */
-
+  // Parse certificate request if present
+  //
+  if ( !options.selfsign && strlen(options.request_file) ) {
     /*
-     * 1.1. Load the keys
+     * 1.0.b. Load the CSR
      */
-    if (!options.selfsign && !strlen(options.request_file)) {
-        OPENER_TRACE_INFO("  . Loading the subject key ...");
-        fflush(stdout);
-
-        ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, options.subject_key,
-                                       options.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
-        if (ret != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_pk_parse_keyfile "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        OPENER_TRACE_INFO(" ok\n");
-    }
-
-    OPENER_TRACE_INFO("  . Loading the issuer key ...");
+    OPENER_TRACE_INFO("  . Loading the certificate request ...");
     fflush(stdout);
 
-    ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, options.issuer_key,
-                                   options.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
-    if (ret != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        OPENER_TRACE_INFO(" failed\n  !  mbedtls_pk_parse_keyfile "
-                       "returned -x%02x - %s\n\n", (unsigned int) -ret, buf);
-        goto exit;
+    if ( ( ret =
+             mbedtls_x509_csr_parse_file(&csr, options.request_file) ) != 0 ) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_csr_parse_file "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    // Check if key and issuer certificate match
-    //
-    if (strlen(options.issuer_crt)) {
-        if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
-                                  mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
-            OPENER_TRACE_INFO(" failed\n  !  issuer_key does not match "
-                           "issuer certificate\n\n");
-            goto exit;
-        }
+    ret = mbedtls_x509_dn_gets(subject_name, sizeof(subject_name),
+                               &csr.subject);
+    if (ret < 0) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509_dn_gets "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    OPENER_TRACE_INFO(" ok\n");
+    options.subject_name = subject_name;
+    subject_key = &csr.pk;
 
-    if (options.selfsign) {
-        options.subject_name = options.issuer_name;
-        subject_key = issuer_key;
-    }
+    OPENER_TRACE_INFO(" ok\n");
+  }
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
 
-    mbedtls_x509write_crt_set_subject_key(&crt, subject_key);
-    mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key);
+  /*
+   * 1.1. Load the keys
+   */
+  if ( !options.selfsign && !strlen(options.request_file) ) {
+    OPENER_TRACE_INFO("  . Loading the subject key ...");
+    fflush(stdout);
 
-    /*
-     * 1.0. Check the names for validity
-     */
-    if ((ret = mbedtls_x509write_crt_set_subject_name(&crt, options.subject_name)) != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_subject_name "
-                       "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-        goto exit;
+    ret = mbedtls_pk_parse_keyfile(&loaded_subject_key,
+                                   options.subject_key,
+                                   options.subject_pwd,
+                                   mbedtls_ctr_drbg_random,
+                                   &ctr_drbg);
+    if (ret != 0) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_pk_parse_keyfile "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    if ((ret = mbedtls_x509write_crt_set_issuer_name(&crt, options.issuer_name)) != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_issuer_name "
-                       "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-        goto exit;
+    OPENER_TRACE_INFO(" ok\n");
+  }
+
+  OPENER_TRACE_INFO("  . Loading the issuer key ...");
+  fflush(stdout);
+
+  ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key,
+                                 options.issuer_key,
+                                 options.issuer_pwd,
+                                 mbedtls_ctr_drbg_random,
+                                 &ctr_drbg);
+  if (ret != 0) {
+    mbedtls_strerror( ret, buf, sizeof(buf) );
+    OPENER_TRACE_INFO(" failed\n  !  mbedtls_pk_parse_keyfile "
+                      "returned -x%02x - %s\n\n", (unsigned int) -ret, buf);
+    goto exit;
+  }
+
+  // Check if key and issuer certificate match
+  //
+  if ( strlen(options.issuer_crt) ) {
+    if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
+                              mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
+      OPENER_TRACE_INFO(" failed\n  !  issuer_key does not match "
+                        "issuer certificate\n\n");
+      goto exit;
     }
-
-    OPENER_TRACE_INFO("  . Setting certificate values ...");
+  }
+
+  OPENER_TRACE_INFO(" ok\n");
+
+  if (options.selfsign) {
+    options.subject_name = options.issuer_name;
+    subject_key = issuer_key;
+  }
+
+  mbedtls_x509write_crt_set_subject_key(&crt, subject_key);
+  mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key);
+
+  /*
+   * 1.0. Check the names for validity
+   */
+  if ( ( ret =
+           mbedtls_x509write_crt_set_subject_name(&crt,
+                                                  options.subject_name) ) !=
+       0 ) {
+    mbedtls_strerror( ret, buf, sizeof(buf) );
+    OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_subject_name "
+                      "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+    goto exit;
+  }
+
+  if ( ( ret =
+           mbedtls_x509write_crt_set_issuer_name(&crt,
+                                                 options.issuer_name) ) != 0 ) {
+    mbedtls_strerror( ret, buf, sizeof(buf) );
+    OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_issuer_name "
+                      "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+    goto exit;
+  }
+
+  OPENER_TRACE_INFO("  . Setting certificate values ...");
+  fflush(stdout);
+
+  mbedtls_x509write_crt_set_version(&crt, options.version);
+  mbedtls_x509write_crt_set_md_alg(&crt, options.md);
+
+  ret = mbedtls_x509write_crt_set_serial_raw(&crt, serial, serial_len);
+  if (ret != 0) {
+    mbedtls_strerror( ret, buf, sizeof(buf) );
+    OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_serial_raw "
+                      "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+    goto exit;
+  }
+
+  ret = mbedtls_x509write_crt_set_validity(&crt,
+                                           options.not_before,
+                                           options.not_after);
+  if (ret != 0) {
+    mbedtls_strerror( ret, buf, sizeof(buf) );
+    OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_validity "
+                      "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+    goto exit;
+  }
+
+  OPENER_TRACE_INFO(" ok\n");
+
+  if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
+      options.basic_constraints != 0) {
+    OPENER_TRACE_INFO("  . Adding the Basic Constraints extension ...");
     fflush(stdout);
 
-    mbedtls_x509write_crt_set_version(&crt, options.version);
-    mbedtls_x509write_crt_set_md_alg(&crt, options.md);
-
-    ret = mbedtls_x509write_crt_set_serial_raw(&crt, serial, serial_len);
+    ret = mbedtls_x509write_crt_set_basic_constraints(&crt, options.is_ca,
+                                                      options.max_pathlen);
     if (ret != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_serial_raw "
-                       "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-        goto exit;
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  x509write_crt_set_basic_constraints "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    ret = mbedtls_x509write_crt_set_validity(&crt, options.not_before, options.not_after);
+    OPENER_TRACE_INFO(" ok\n");
+  }
+
+#if defined(MBEDTLS_MD_CAN_SHA1)
+  if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
+      options.subject_identifier != 0) {
+    OPENER_TRACE_INFO("  . Adding the Subject Key Identifier ...");
+    fflush(stdout);
+
+    ret = mbedtls_x509write_crt_set_subject_key_identifier(&crt);
     if (ret != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_validity "
-                       "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-        goto exit;
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_subject"
+                        "_key_identifier returned -0x%04x - %s\n\n",
+                        (unsigned int) -ret, buf);
+      goto exit;
     }
 
     OPENER_TRACE_INFO(" ok\n");
+  }
 
-    if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
-        options.basic_constraints != 0) {
-        OPENER_TRACE_INFO("  . Adding the Basic Constraints extension ...");
-        fflush(stdout);
-
-        ret = mbedtls_x509write_crt_set_basic_constraints(&crt, options.is_ca,
-                                                          options.max_pathlen);
-        if (ret != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  x509write_crt_set_basic_constraints "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        OPENER_TRACE_INFO(" ok\n");
-    }
+  if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
+      options.authority_identifier != 0) {
+    OPENER_TRACE_INFO("  . Adding the Authority Key Identifier ...");
+    fflush(stdout);
 
-#if defined(MBEDTLS_MD_CAN_SHA1)
-    if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
-        options.subject_identifier != 0) {
-        OPENER_TRACE_INFO("  . Adding the Subject Key Identifier ...");
-        fflush(stdout);
-
-        ret = mbedtls_x509write_crt_set_subject_key_identifier(&crt);
-        if (ret != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_subject"
-                           "_key_identifier returned -0x%04x - %s\n\n",
-                           (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        OPENER_TRACE_INFO(" ok\n");
+    ret = mbedtls_x509write_crt_set_authority_key_identifier(&crt);
+    if (ret != 0) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_authority_"
+                        "key_identifier returned -0x%04x - %s\n\n",
+                        (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
-        options.authority_identifier != 0) {
-        OPENER_TRACE_INFO("  . Adding the Authority Key Identifier ...");
-        fflush(stdout);
-
-        ret = mbedtls_x509write_crt_set_authority_key_identifier(&crt);
-        if (ret != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_authority_"
-                           "key_identifier returned -0x%04x - %s\n\n",
-                           (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        OPENER_TRACE_INFO(" ok\n");
-    }
+    OPENER_TRACE_INFO(" ok\n");
+  }
 #endif /* MBEDTLS_MD_CAN_SHA1 */
 
-    if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
-        options.key_usage != 0) {
-        OPENER_TRACE_INFO("  . Adding the Key Usage extension ...");
-        fflush(stdout);
-
-        ret = mbedtls_x509write_crt_set_key_usage(&crt, options.key_usage);
-        if (ret != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_key_usage "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
-
-        OPENER_TRACE_INFO(" ok\n");
-    }
+  if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
+      options.key_usage != 0) {
+    OPENER_TRACE_INFO("  . Adding the Key Usage extension ...");
+    fflush(stdout);
 
-    if (options.ext_key_usage) {
-        OPENER_TRACE_INFO("  . Adding the Extended Key Usage extension ...");
-        fflush(stdout);
-
-        ret = mbedtls_x509write_crt_set_ext_key_usage(&crt, options.ext_key_usage);
-        if (ret != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(
-                " failed\n  !  mbedtls_x509write_crt_set_ext_key_usage returned -0x%02x - %s\n\n",
-                (unsigned int) -ret,
-                buf);
-            goto exit;
-        }
-
-        OPENER_TRACE_INFO(" ok\n");
+    ret = mbedtls_x509write_crt_set_key_usage(&crt, options.key_usage);
+    if (ret != 0) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_key_usage "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
-        options.ns_cert_type != 0) {
-        OPENER_TRACE_INFO("  . Adding the NS Cert Type extension ...");
-        fflush(stdout);
+    OPENER_TRACE_INFO(" ok\n");
+  }
 
-        ret = mbedtls_x509write_crt_set_ns_cert_type(&crt, options.ns_cert_type);
-        if (ret != 0) {
-            mbedtls_strerror(ret, buf, sizeof(buf));
-            OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_ns_cert_type "
-                           "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
-            goto exit;
-        }
+  if (options.ext_key_usage) {
+    OPENER_TRACE_INFO("  . Adding the Extended Key Usage extension ...");
+    fflush(stdout);
 
-        OPENER_TRACE_INFO(" ok\n");
+    ret = mbedtls_x509write_crt_set_ext_key_usage(&crt, options.ext_key_usage);
+    if (ret != 0) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(
+        " failed\n  !  mbedtls_x509write_crt_set_ext_key_usage returned -0x%02x - %s\n\n",
+        (unsigned int) -ret,
+        buf);
+      goto exit;
     }
 
-    /*
-     * 1.2. Writing the certificate
-     */
-    OPENER_TRACE_INFO("  . Writing the certificate...");
+    OPENER_TRACE_INFO(" ok\n");
+  }
+
+  if (options.version == MBEDTLS_X509_CRT_VERSION_3 &&
+      options.ns_cert_type != 0) {
+    OPENER_TRACE_INFO("  . Adding the NS Cert Type extension ...");
     fflush(stdout);
 
-    if ((ret = write_certificate(&crt, options.output_file,
-                                 mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        OPENER_TRACE_INFO(" failed\n  !  write_certificate -0x%04x - %s\n\n",
-                       (unsigned int) -ret, buf);
-        goto exit;
+    ret = mbedtls_x509write_crt_set_ns_cert_type(&crt, options.ns_cert_type);
+    if (ret != 0) {
+      mbedtls_strerror( ret, buf, sizeof(buf) );
+      OPENER_TRACE_INFO(" failed\n  !  mbedtls_x509write_crt_set_ns_cert_type "
+                        "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+      goto exit;
     }
 
-    OPENER_TRACE_INFO(" ok\n\n");
+    OPENER_TRACE_INFO(" ok\n");
+  }
+
+  /*
+   * 1.2. Writing the certificate
+   */
+  OPENER_TRACE_INFO("  . Writing the certificate...");
+  fflush(stdout);
+
+  if ( ( ret = write_certificate(&crt, options.output_file,
+                                 mbedtls_ctr_drbg_random, &ctr_drbg) ) != 0 ) {
+    mbedtls_strerror( ret, buf, sizeof(buf) );
+    OPENER_TRACE_INFO(" failed\n  !  write_certificate -0x%04x - %s\n\n",
+                      (unsigned int) -ret, buf);
+    goto exit;
+  }
+
+  OPENER_TRACE_INFO(" ok\n\n");
 
-    exit_code = MBEDTLS_EXIT_SUCCESS;
+  exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
-    mbedtls_x509_csr_free(&csr);
+  mbedtls_x509_csr_free(&csr);
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
-    mbedtls_x509_crt_free(&issuer_crt);
-    mbedtls_x509write_crt_free(&crt);
-    mbedtls_pk_free(&loaded_subject_key);
-    mbedtls_pk_free(&loaded_issuer_key);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
+  mbedtls_x509_crt_free(&issuer_crt);
+  mbedtls_x509write_crt_free(&crt);
+  mbedtls_pk_free(&loaded_subject_key);
+  mbedtls_pk_free(&loaded_issuer_key);
+  mbedtls_ctr_drbg_free(&ctr_drbg);
+  mbedtls_entropy_free(&entropy);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_psa_crypto_free();
+  mbedtls_psa_crypto_free();
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    //mbedtls_exit(exit_code);
-    return exit_code;
+  //mbedtls_exit(exit_code);
+  return exit_code;
 }

source/src/cip/cip_security/cert_write.h

@@ -20,6 +20,7 @@
  *  @param serial_number_input  serial number in subject name
  *  @return status
  */
-int MbedtlsGenerateCertificate(char *subject_name_input[], char *serial_number_input);
+int MbedtlsGenerateCertificate(char *subject_name_input[],
+                               char *serial_number_input);
 
 #endif  // OPENER_CERT_WRITE_H

source/src/cip/cip_security/certificatemanagement.c

@@ -91,15 +91,16 @@ const CipShortString default_name = {
 };
 
 char *default_device_certificate_subject_name[] = {
-                                          "OpENer", // 1: Common Name
-                                          "EIP Stack Group", // 2: Organization
-                                          "EIP Stack Group", // 3: Organizational Unit
-                                          "Vienna", // 4: City / Locality
-                                          "Vienna", // 5: State / County / Region
-                                          "AT", // 6: Country
-                                          "mail@example.com"}; // 7: Email address //TODO: add email
+  "OpENer",                                         // 1: Common Name
+  "EIP Stack Group",                                         // 2: Organization
+  "EIP Stack Group",                                         // 3: Organizational Unit
+  "Vienna",                                         // 4: City / Locality
+  "Vienna",                                         // 5: State / County / Region
+  "AT",                                         // 6: Country
+  "mail@example.com"
+};                                                             // 7: Email address //TODO: add email
 
-CipUlint default_device_certificate_serial_number = OPENER_SERIAL_NUMBER; 
+CipUlint default_device_certificate_serial_number = OPENER_SERIAL_NUMBER;
 
 Certificate default_device_certificate;
 
@@ -405,26 +406,28 @@ EipStatus CertificateManagementObjectCreateCSR(
       // The CMO state does not change after this service call with invalid parameters
       return kEipStatusOk;
     }
- 
+
     // use values from Default Device Certificate if items are null
-    for(size_t i = 0; i < number_of_strings-2; i++) {
+    for(size_t i = 0; i < number_of_strings - 2; i++) {
       if(0 == short_strings[i].length) {
-        SetCipShortStringByCstr(&short_strings[i], default_device_certificate_subject_name[i]);
+        SetCipShortStringByCstr(&short_strings[i],
+                                default_device_certificate_subject_name[i]);
       }
     }
-    if(0 == short_strings[7].length){ //serial number
+    if(0 == short_strings[7].length) { //serial number
       char serial_number[20];
       sprintf(serial_number, "%lu", default_device_certificate_serial_number);
       SetCipShortStringByCstr(&short_strings[7], serial_number);
     }
-    if(0 == short_strings[8].length){ //Subject alternative name
-      //TODO: 
-      /* use the IP Address and/or DNS Name as defined in the TCP IP Interface 
-      Object in Volume 2 Section 5-4 TCP/IP Interface Object */
+    if(0 == short_strings[8].length) { //Subject alternative name
+      //TODO:
+      /* use the IP Address and/or DNS Name as defined in the TCP IP Interface
+         Object in Volume 2 Section 5-4 TCP/IP Interface Object */
     }
 
     /* create file object for certificate signing request */
-    CipInstance CSR_file_object = CipFileCreateInstance("Certificate Signing Request");
+    CipInstance CSR_file_object = CipFileCreateInstance(
+      "Certificate Signing Request");
 
     /* add data to file object */
     CipFileCreateCSRFileInstance(&CSR_file_object);
@@ -672,18 +675,18 @@ EipStatus CertificateManagementObjectInit(void) {
   g_certificate_management.ca_certificate = default_ca_certificate;                  /*Attribute 4*/
   g_certificate_management.certificate_encoding =
     kCertificateManagementObjectCertificateEncodingPEM;                              /*Attribute 5*/
-  
+
   /* Create RSA key file (MbedTLS) */
-  OPENER_TRACE_INFO("\nCreating RSA key file: \n"); 
+  OPENER_TRACE_INFO("\nCreating RSA key file: \n");
   // check if key file exist already
   FILE *key_file;
-  if ((key_file = fopen(RSA_KEY_FILE_LOCATION, "r")) != NULL) {
+  if ( ( key_file = fopen(RSA_KEY_FILE_LOCATION, "r") ) != NULL ) {
     // check if file is empty
     fseek (key_file, 0, SEEK_END);
     long size = ftell(key_file);
     if (0 != size) {
-        OPENER_TRACE_INFO(" Key EXISTS already!\n");
-        fclose(key_file);
+      OPENER_TRACE_INFO(" Key EXISTS already!\n");
+      fclose(key_file);
     }
     else{ // empty file - create
       MbedtlsGenerateKey();
@@ -691,29 +694,32 @@ EipStatus CertificateManagementObjectInit(void) {
   }
   else{ // file not found - create
     MbedtlsGenerateKey();
-  } 
-    
+  }
+
   /* Create Default device certificate (MbedTLS) */
   char serial_number[20];
   sprintf(serial_number, "%lu", default_device_certificate_serial_number);
   OPENER_TRACE_INFO("\nGenerating default device certificate: \n");
   // check if certificate file exist already
   FILE *cert_file;
-  if ((cert_file = fopen(FILE_OBJECT_CERTIFICATE_FILE_LOCATION, "r")) != NULL) {
+  if ( ( cert_file =
+           fopen(FILE_OBJECT_CERTIFICATE_FILE_LOCATION, "r") ) != NULL ) {
     // check if file is empty
     fseek (cert_file, 0, SEEK_END);
     long size = ftell(cert_file);
     if (0 != size) {
-        OPENER_TRACE_INFO(" Certificate EXISTS already!\n\n");
-        fclose(cert_file);
+      OPENER_TRACE_INFO(" Certificate EXISTS already!\n\n");
+      fclose(cert_file);
     }
     else{ // empty file - create
-      MbedtlsGenerateCertificate(default_device_certificate_subject_name, serial_number);
+      MbedtlsGenerateCertificate(default_device_certificate_subject_name,
+                                 serial_number);
     }
   }
   else{ // file not found - create
-    MbedtlsGenerateCertificate(default_device_certificate_subject_name, serial_number);
+    MbedtlsGenerateCertificate(default_device_certificate_subject_name,
+                               serial_number);
   }
-  
+
   return kEipStatusOk;
 }

source/src/cip/cip_security/gen_key.c

@@ -32,7 +32,7 @@
 #include "mbedtls/platform.h"
 
 #if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+  defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/entropy.h"
@@ -55,20 +55,22 @@
 #define PRINT_KEY 0 // print key in the terminal
 
 /** @brief gather additional randomness
- * 
+ *
  *  @param data user-specific context
  *  @param output  buffer for random data
  *  @param len length of buffer
  *  @param olen length of output buffer - number of random bytes
  *  @return status
  */
-int dev_random_entropy_poll(void *data, unsigned char *output, size_t len,
+int dev_random_entropy_poll(void *data,
+                            unsigned char *output,
+                            size_t len,
                             size_t *olen) {
   FILE *file;
   size_t ret = len;
   size_t left = len;
   unsigned char *p = output;
-  ((void)data);
+  ( (void)data );
 
   *olen = 0;
 
@@ -80,10 +82,10 @@ int dev_random_entropy_poll(void *data, unsigned char *output, size_t len,
   while (left > 0) {
     /* /dev/random can return much less than requested. If so, try again */
     ret = fread(p, 1, left, file);
-    if (ret == 0 && ferror(file)) { 
+    if ( ret == 0 && ferror(file) ) {
       fclose(file);
       return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-    } 
+    }
 
     p += ret;
     left -= ret;
@@ -131,12 +133,13 @@ struct options {
 } options;
 
 /** @brief  write a private key to a file in a particular format
- * 
+ *
  *  @param key private key
  *  @param output_file  output file pointer
  *  @return status
  */
-static int write_private_key(mbedtls_pk_context *key, const char *output_file) {
+static int write_private_key(mbedtls_pk_context *key,
+                             const char *output_file) {
   int ret;
   FILE *file;
   unsigned char output_buf[16000];
@@ -145,13 +148,13 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) {
 
   memset(output_buf, 0, 16000);
   if (options.format == FORMAT_PEM) {
-    if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
+    if ( ( ret = mbedtls_pk_write_key_pem(key, output_buf, 16000) ) != 0 ) {
       return ret;
     }
 
-    len = strlen((char *)output_buf);
+    len = strlen( (char *)output_buf );
   } else {
-    if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
+    if ( ( ret = mbedtls_pk_write_key_der(key, output_buf, 16000) ) < 0 ) {
       return ret;
     }
 
@@ -159,7 +162,7 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) {
     c = output_buf + sizeof(output_buf) - len;
   }
 
-  if ((file = fopen(output_file, "wb")) == NULL) {
+  if ( ( file = fopen(output_file, "wb") ) == NULL ) {
     return -1;
   }
 
@@ -174,8 +177,7 @@ static int write_private_key(mbedtls_pk_context *key, const char *output_file) {
 }
 
 /* function called in OpENer certificatemanagement */
-int MbedtlsGenerateKey(void)
-{
+int MbedtlsGenerateKey(void) {
   int ret = 1;
   int exit_code = MBEDTLS_EXIT_FAILURE;
   mbedtls_pk_context key;
@@ -201,14 +203,14 @@ int MbedtlsGenerateKey(void)
 
   mbedtls_pk_init(&key); //pk - public key
   mbedtls_ctr_drbg_init(&ctr_drbg);
-  memset(buf, 0, sizeof(buf));
+  memset( buf, 0, sizeof(buf) );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
   psa_status_t status = psa_crypto_init();
   if (status != PSA_SUCCESS) {
     OPENER_TRACE_INFO(stderr,
-                    "Failed to initialize PSA Crypto implementation: %d\n",
-                    (int)status);
+                      "Failed to initialize PSA Crypto implementation: %d\n",
+                      (int)status);
     goto exit;
   }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -226,12 +228,12 @@ int MbedtlsGenerateKey(void)
   mbedtls_entropy_init(&entropy);
 #if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
   if (options.use_dev_random) {
-    if ((ret = mbedtls_entropy_add_source(
+    if ( ( ret = mbedtls_entropy_add_source(
              &entropy, dev_random_entropy_poll, NULL, DEV_RANDOM_THRESHOLD,
-             MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
+             MBEDTLS_ENTROPY_SOURCE_STRONG) ) != 0 ) {
       OPENER_TRACE_INFO(
-          " failed\n  ! mbedtls_entropy_add_source returned -0x%04x\n",
-          (unsigned int)-ret);
+        " failed\n  ! mbedtls_entropy_add_source returned -0x%04x\n",
+        (unsigned int)-ret);
       goto exit;
     }
 
@@ -240,11 +242,11 @@ int MbedtlsGenerateKey(void)
   }
 #endif /* !_WIN32 && MBEDTLS_FS_IO */
 
-  if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                   (const unsigned char *)personalization,
-                                   strlen(personalization))) != 0) {
+  if ( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+                                      (const unsigned char *)personalization,
+                                      strlen(personalization) ) ) != 0 ) {
     OPENER_TRACE_INFO(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                   (unsigned int)-ret);
+                      (unsigned int)-ret);
     goto exit;
   }
 
@@ -256,10 +258,10 @@ int MbedtlsGenerateKey(void)
   OPENER_TRACE_INFO("\n  . Generating the private key ...");
   fflush(stdout);
 
-  if ((ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(
-                                        (mbedtls_pk_type_t)options.type))) != 0) {
+  if ( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type(
+                                   (mbedtls_pk_type_t)options.type) ) ) != 0 ) {
     OPENER_TRACE_INFO(" failed\n  !  mbedtls_pk_setup returned -0x%04x",
-                   (unsigned int)-ret);
+                      (unsigned int)-ret);
     goto exit;
   }
 
@@ -269,19 +271,19 @@ int MbedtlsGenerateKey(void)
                               &ctr_drbg, options.rsa_keysize, 65537);
     if (ret != 0) {
       OPENER_TRACE_INFO(" failed\n  !  mbedtls_rsa_gen_key returned -0x%04x",
-                     (unsigned int)-ret);
+                        (unsigned int)-ret);
       goto exit;
     }
   } else
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_ECP_C)
-      if (options.type == MBEDTLS_PK_ECKEY) {
-    ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id)options.ec_curve,
-                              mbedtls_pk_ec(key), mbedtls_ctr_drbg_random,
-                              &ctr_drbg);
+  if (options.type == MBEDTLS_PK_ECKEY) {
+    ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id)options.ec_curve,
+                               mbedtls_pk_ec(key), mbedtls_ctr_drbg_random,
+                               &ctr_drbg );
     if (ret != 0) {
       OPENER_TRACE_INFO(" failed\n  !  mbedtls_ecp_gen_key returned -0x%04x",
-                     (unsigned int)-ret);
+                        (unsigned int)-ret);
       goto exit;
     }
   } else
@@ -291,9 +293,9 @@ int MbedtlsGenerateKey(void)
     goto exit;
   }
 
-   OPENER_TRACE_INFO(" ok");
+  OPENER_TRACE_INFO(" ok");
 
-#if(PRINT_KEY)
+#if (PRINT_KEY)
   /*
    * 1.2 Print the key - OPTIONAL
    */
@@ -303,8 +305,8 @@ int MbedtlsGenerateKey(void)
   if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
     mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
 
-    if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
-        (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
+    if ( ( ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) ) != 0 ||
+         ( ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) ) != 0 ) {
       OPENER_TRACE_INFO(" failed\n  ! could not export RSA parameters\n\n");
       goto exit;
     }
@@ -320,28 +322,28 @@ int MbedtlsGenerateKey(void)
   } else
 #endif
 #if defined(MBEDTLS_ECP_C)
-      if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+  if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
     mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
     OPENER_TRACE_INFO(
-        "curve: %s\n",
-        mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name);
+      "curve: %s\n",
+      mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name);
     mbedtls_mpi_write_file(
-        "X_Q:   ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
+      "X_Q:   ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
     mbedtls_mpi_write_file(
-        "Y_Q:   ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
+      "Y_Q:   ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
     mbedtls_mpi_write_file("D:     ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL);
   } else
 #endif
-    OPENER_TRACE_INFO("  ! key type not supported\n");
+  OPENER_TRACE_INFO("  ! key type not supported\n");
 
-#endif /* PRINT_KEY */  
+#endif /* PRINT_KEY */
 
   /*
    * 1.3 Export key
    */
   OPENER_TRACE_INFO("\n  . Writing key to file... ");
 
-  if ((ret = write_private_key(&key, options.filename)) != 0) {
+  if ( ( ret = write_private_key(&key, options.filename) ) != 0 ) {
     OPENER_TRACE_INFO(" failed\n");
     goto exit;
   }
@@ -354,7 +356,7 @@ exit:
 
   if (exit_code != MBEDTLS_EXIT_SUCCESS) {
 #ifdef MBEDTLS_ERROR_C
-    mbedtls_strerror(ret, buf, sizeof(buf));
+    mbedtls_strerror( ret, buf, sizeof(buf) );
     OPENER_TRACE_INFO(" - %s\n", buf);
 #else
     OPENER_TRACE_INFO("\n");