From 64b5c0c827fdf0a319303f85f2a6cecdf997f204 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 14 Apr 2014 17:22:37 +0000 Subject: First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5. --- src/lib/libssl/src/ssl/ssltest.c | 2349 ++++++++++++++++++-------------------- 1 file changed, 1086 insertions(+), 1263 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index f1fdabad5f..269d171615 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c @@ -188,9 +188,9 @@ #include #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly - on Compaq platforms (at least with DEC C). - Do not try to put it earlier, or IPv6 includes - get screwed... +on Compaq platforms (at least with DEC C). +Do not try to put it earlier, or IPv6 includes +get screwed... */ #include OPENSSL_UNISTD @@ -205,19 +205,18 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export,int keylength); +static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); static void free_tmp_rsa(void); #endif static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); #define APP_CALLBACK_STRING "Test Callback Argument" -struct app_verify_arg - { +struct app_verify_arg { char *string; int app_verify; int allow_proxy_certs; char *proxy_auth; char *proxy_cond; - }; +}; #ifndef OPENSSL_NO_DH static DH *get_dh512(void); @@ -226,288 +225,283 @@ static DH *get_dh1024dsa(void); #endif -static char *psk_key=NULL; /* by default PSK is not used */ +static char *psk_key = NULL; /* by default PSK is not used */ #ifndef OPENSSL_NO_PSK -static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); -static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, - unsigned int max_psk_len); +static unsigned int psk_client_callback(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len); +static unsigned int psk_server_callback(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len); #endif #ifndef OPENSSL_NO_SRP /* SRP client */ /* This is a context that we pass to all callbacks */ -typedef struct srp_client_arg_st - { +typedef struct srp_client_arg_st { char *srppassin; char *srplogin; - } SRP_CLIENT_ARG; +} SRP_CLIENT_ARG; #define PWD_STRLEN 1024 -static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg) - { +static char * +ssl_give_srp_client_pwd_cb(SSL *s, void *arg) +{ SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; return BUF_strdup((char *)srp_client_arg->srppassin); - } +} /* SRP server */ /* This is a context that we pass to SRP server callbacks */ -typedef struct srp_server_arg_st - { +typedef struct srp_server_arg_st { char *expected_user; char *pass; - } SRP_SERVER_ARG; +} SRP_SERVER_ARG; -static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) - { - SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg; +static int +ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) +{ + SRP_SERVER_ARG *p = (SRP_SERVER_ARG *) arg; - if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) - { + if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) { fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); return SSL3_AL_FATAL; - } - if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0) - { + } + if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) { *ad = SSL_AD_INTERNAL_ERROR; return SSL3_AL_FATAL; - } - return SSL_ERROR_NONE; } + return SSL_ERROR_NONE; +} #endif -static BIO *bio_err=NULL; -static BIO *bio_stdout=NULL; +static BIO *bio_err = NULL; +static BIO *bio_stdout = NULL; -static char *cipher=NULL; -static int verbose=0; -static int debug=0; +static char *cipher = NULL; +static int verbose = 0; +static int debug = 0; #if 0 /* Not used yet. */ #ifdef FIONBIO -static int s_nbio=0; +static int s_nbio = 0; #endif #endif static const char rnd_seed[] = "string to make the random number generator think it has entropy"; -int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); -int doit(SSL *s_ssl,SSL *c_ssl,long bytes); +int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); +int doit(SSL *s_ssl, SSL *c_ssl, long bytes); static int do_test_cipherlist(void); -static void sv_usage(void) - { - fprintf(stderr,"usage: ssltest [args ...]\n"); - fprintf(stderr,"\n"); + +static void +sv_usage(void) +{ + fprintf(stderr, "usage: ssltest [args ...]\n"); + fprintf(stderr, "\n"); #ifdef OPENSSL_FIPS - fprintf(stderr,"-F - run test in FIPS mode\n"); + fprintf(stderr, "-F - run test in FIPS mode\n"); #endif - fprintf(stderr," -server_auth - check server certificate\n"); - fprintf(stderr," -client_auth - do client authentication\n"); - fprintf(stderr," -proxy - allow proxy certificates\n"); - fprintf(stderr," -proxy_auth - set proxy policy rights\n"); - fprintf(stderr," -proxy_cond - experssion to test proxy policy rights\n"); - fprintf(stderr," -v - more output\n"); - fprintf(stderr," -d - debug output\n"); - fprintf(stderr," -reuse - use session-id reuse\n"); - fprintf(stderr," -num - number of connections to perform\n"); - fprintf(stderr," -bytes - number of bytes to swap between client/server\n"); + fprintf(stderr, " -server_auth - check server certificate\n"); + fprintf(stderr, " -client_auth - do client authentication\n"); + fprintf(stderr, " -proxy - allow proxy certificates\n"); + fprintf(stderr, " -proxy_auth - set proxy policy rights\n"); + fprintf(stderr, " -proxy_cond - experssion to test proxy policy rights\n"); + fprintf(stderr, " -v - more output\n"); + fprintf(stderr, " -d - debug output\n"); + fprintf(stderr, " -reuse - use session-id reuse\n"); + fprintf(stderr, " -num - number of connections to perform\n"); + fprintf(stderr, " -bytes - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH - fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); - fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); - fprintf(stderr," -no_dhe - disable DHE\n"); + fprintf(stderr, " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, " -no_dhe - disable DHE\n"); #endif #ifndef OPENSSL_NO_ECDH - fprintf(stderr," -no_ecdhe - disable ECDHE\n"); + fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); #endif #ifndef OPENSSL_NO_PSK - fprintf(stderr," -psk arg - PSK in hex (without 0x)\n"); + fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); #endif #ifndef OPENSSL_NO_SRP - fprintf(stderr," -srpuser user - SRP username to use\n"); - fprintf(stderr," -srppass arg - password for 'user'\n"); + fprintf(stderr, " -srpuser user - SRP username to use\n"); + fprintf(stderr, " -srppass arg - password for 'user'\n"); #endif #ifndef OPENSSL_NO_SSL2 - fprintf(stderr," -ssl2 - use SSLv2\n"); + fprintf(stderr, " -ssl2 - use SSLv2\n"); #endif #ifndef OPENSSL_NO_SSL3 - fprintf(stderr," -ssl3 - use SSLv3\n"); + fprintf(stderr, " -ssl3 - use SSLv3\n"); #endif #ifndef OPENSSL_NO_TLS1 - fprintf(stderr," -tls1 - use TLSv1\n"); + fprintf(stderr, " -tls1 - use TLSv1\n"); #endif - fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); - fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); - fprintf(stderr," -cert arg - Server certificate file\n"); - fprintf(stderr," -key arg - Server key file (default: same as -cert)\n"); - fprintf(stderr," -c_cert arg - Client certificate file\n"); - fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n"); - fprintf(stderr," -cipher arg - The cipher list\n"); - fprintf(stderr," -bio_pair - Use BIO pairs\n"); - fprintf(stderr," -f - Test even cases that can't work\n"); - fprintf(stderr," -time - measure processor time used by client and server\n"); - fprintf(stderr," -zlib - use zlib compression\n"); - fprintf(stderr," -rle - use rle compression\n"); + fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); + fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); + fprintf(stderr, " -cert arg - Server certificate file\n"); + fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n"); + fprintf(stderr, " -c_cert arg - Client certificate file\n"); + fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n"); + fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -bio_pair - Use BIO pairs\n"); + fprintf(stderr, " -f - Test even cases that can't work\n"); + fprintf(stderr, " -time - measure processor time used by client and server\n"); + fprintf(stderr, " -zlib - use zlib compression\n"); + fprintf(stderr, " -rle - use rle compression\n"); #ifndef OPENSSL_NO_ECDH - fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ + fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ " Use \"openssl ecparam -list_curves\" for all names\n" \ " (default is sect163r2).\n"); #endif - fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); - } + fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n"); +} -static void print_details(SSL *c_ssl, const char *prefix) - { +static void +print_details(SSL *c_ssl, const char *prefix) +{ const SSL_CIPHER *ciph; X509 *cert; - - ciph=SSL_get_current_cipher(c_ssl); - BIO_printf(bio_stdout,"%s%s, cipher %s %s", - prefix, - SSL_get_version(c_ssl), - SSL_CIPHER_get_version(ciph), - SSL_CIPHER_get_name(ciph)); - cert=SSL_get_peer_certificate(c_ssl); - if (cert != NULL) - { + + ciph = SSL_get_current_cipher(c_ssl); + BIO_printf(bio_stdout, "%s%s, cipher %s %s", + prefix, + SSL_get_version(c_ssl), + SSL_CIPHER_get_version(ciph), + SSL_CIPHER_get_name(ciph)); + cert = SSL_get_peer_certificate(c_ssl); + if (cert != NULL) { EVP_PKEY *pkey = X509_get_pubkey(cert); - if (pkey != NULL) - { - if (0) - ; + if (pkey != NULL) { + if (0) +; #ifndef OPENSSL_NO_RSA - else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL - && pkey->pkey.rsa->n != NULL) - { + else if (pkey->type == EVP_PKEY_RSA && + pkey->pkey.rsa != NULL && + pkey->pkey.rsa->n != NULL) { BIO_printf(bio_stdout, ", %d bit RSA", - BN_num_bits(pkey->pkey.rsa->n)); - } + BN_num_bits(pkey->pkey.rsa->n)); + } #endif #ifndef OPENSSL_NO_DSA - else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL - && pkey->pkey.dsa->p != NULL) - { + else if (pkey->type == EVP_PKEY_DSA && + pkey->pkey.dsa != NULL && + pkey->pkey.dsa->p != NULL) { BIO_printf(bio_stdout, ", %d bit DSA", - BN_num_bits(pkey->pkey.dsa->p)); - } + BN_num_bits(pkey->pkey.dsa->p)); + } #endif EVP_PKEY_free(pkey); - } - X509_free(cert); } + X509_free(cert); + } /* The SSL API does not allow us to look at temporary RSA/DH keys, * otherwise we should print their lengths too */ - BIO_printf(bio_stdout,"\n"); - } + BIO_printf(bio_stdout, "\n"); +} -static void lock_dbg_cb(int mode, int type, const char *file, int line) - { +static void +lock_dbg_cb(int mode, int type, const char *file, int line) +{ static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ const char *errstr = NULL; int rw; - + rw = mode & (CRYPTO_READ|CRYPTO_WRITE); - if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) - { + if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) { errstr = "invalid mode"; goto err; - } + } - if (type < 0 || type >= CRYPTO_NUM_LOCKS) - { + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; - } + } - if (mode & CRYPTO_LOCK) - { - if (modes[type]) - { + if (mode & CRYPTO_LOCK) { + if (modes[type]) { errstr = "already locked"; /* must not happen in a single-threaded program * (would deadlock) */ goto err; - } + } modes[type] = rw; - } - else if (mode & CRYPTO_UNLOCK) - { - if (!modes[type]) - { + } else if (mode & CRYPTO_UNLOCK) { + if (!modes[type]) { errstr = "not locked"; goto err; - } - - if (modes[type] != rw) - { + } + + if (modes[type] != rw) { errstr = (rw == CRYPTO_READ) ? - "CRYPTO_r_unlock on write lock" : - "CRYPTO_w_unlock on read lock"; - } + "CRYPTO_r_unlock on write lock" : + "CRYPTO_w_unlock on read lock"; + } modes[type] = 0; - } - else - { + } else { errstr = "invalid mode"; goto err; - } + } - err: - if (errstr) - { +err: + if (errstr) { /* we cannot use bio_err here */ fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", - errstr, mode, type, file, line); - } + errstr, mode, type, file, line); } +} #ifdef TLSEXT_TYPE_opaque_prf_input -struct cb_info_st { void *input; size_t len; int ret; }; + struct cb_info_st { void *input; + size_t len; + int ret; +}; + struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ -int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) - { +int +opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) +{ struct cb_info_st *arg = arg_; if (arg == NULL) return 1; - + if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) return 0; return arg->ret; - } +} #endif -int main(int argc, char *argv[]) - { - char *CApath=NULL,*CAfile=NULL; - int badop=0; - int bio_pair=0; - int force=0; - int tls1=0,ssl2=0,ssl3=0,ret=1; - int client_auth=0; - int server_auth=0,i; +int +main(int argc, char *argv[]) +{ + char *CApath = NULL, *CAfile = NULL; + int badop = 0; + int bio_pair = 0; + int force = 0; + int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1; + int client_auth = 0; + int server_auth = 0, i; struct app_verify_arg app_verify_arg = - { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; - char *server_cert=TEST_SERVER_CERT; - char *server_key=NULL; - char *client_cert=TEST_CLIENT_CERT; - char *client_key=NULL; + { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; + char *server_cert = TEST_SERVER_CERT; + char *server_key = NULL; + char *client_cert = TEST_CLIENT_CERT; + char *client_key = NULL; #ifndef OPENSSL_NO_ECDH char *named_curve = NULL; #endif - SSL_CTX *s_ctx=NULL; - SSL_CTX *c_ctx=NULL; - const SSL_METHOD *meth=NULL; - SSL *c_ssl,*s_ssl; - int number=1,reuse=0; - long bytes=256L; + SSL_CTX *s_ctx = NULL; + SSL_CTX *c_ctx = NULL; + const SSL_METHOD *meth = NULL; + SSL *c_ssl, *s_ssl; + int number = 1, reuse = 0; + long bytes = 256L; #ifndef OPENSSL_NO_DH DH *dh; int dhe1024 = 0, dhe1024dsa = 0; @@ -517,9 +511,9 @@ int main(int argc, char *argv[]) #endif #ifndef OPENSSL_NO_SRP /* client */ - SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; + SRP_CLIENT_ARG srp_client_arg = {NULL, NULL}; /* server */ - SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; + SRP_SERVER_ARG srp_server_arg = {NULL, NULL}; #endif int no_dhe = 0; int no_ecdhe = 0; @@ -533,282 +527,237 @@ int main(int argc, char *argv[]) #endif int test_cipherlist = 0; #ifdef OPENSSL_FIPS - int fips_mode=0; + int fips_mode = 0; #endif verbose = 0; debug = 0; cipher = 0; - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT); + CRYPTO_set_locking_callback(lock_dbg_cb); /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) - { + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } - else - { + } else { /* OPENSSL_DEBUG_MEMORY=off */ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } + } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); - bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT); + bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT); argc--; argv++; - while (argc >= 1) - { - if(!strcmp(*argv,"-F")) - { + while (argc >= 1) { + if (!strcmp(*argv, "-F")) { #ifdef OPENSSL_FIPS - fips_mode=1; + fips_mode = 1; #else - fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); + fprintf(stderr, "not compiled with FIPS support, so exitting without running.\n"); exit(0); #endif - } - else if (strcmp(*argv,"-server_auth") == 0) - server_auth=1; - else if (strcmp(*argv,"-client_auth") == 0) - client_auth=1; - else if (strcmp(*argv,"-proxy_auth") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-server_auth") == 0) + server_auth = 1; + else if (strcmp(*argv, "-client_auth") == 0) + client_auth = 1; + else if (strcmp(*argv, "-proxy_auth") == 0) { + if (--argc < 1) + goto bad; app_verify_arg.proxy_auth= *(++argv); - } - else if (strcmp(*argv,"-proxy_cond") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-proxy_cond") == 0) { + if (--argc < 1) + goto bad; app_verify_arg.proxy_cond= *(++argv); - } - else if (strcmp(*argv,"-v") == 0) - verbose=1; - else if (strcmp(*argv,"-d") == 0) - debug=1; - else if (strcmp(*argv,"-reuse") == 0) - reuse=1; - else if (strcmp(*argv,"-dhe1024") == 0) - { + } else if (strcmp(*argv, "-v") == 0) + verbose = 1; + else if (strcmp(*argv, "-d") == 0) + debug = 1; + else if (strcmp(*argv, "-reuse") == 0) + reuse = 1; + else if (strcmp(*argv, "-dhe1024") == 0) { #ifndef OPENSSL_NO_DH - dhe1024=1; + dhe1024 = 1; #else - fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); + fprintf(stderr, "ignoring -dhe1024, since I'm compiled without DH\n"); #endif - } - else if (strcmp(*argv,"-dhe1024dsa") == 0) - { + } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH - dhe1024dsa=1; + dhe1024dsa = 1; #else - fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); + fprintf(stderr, "ignoring -dhe1024, since I'm compiled without DH\n"); #endif - } - else if (strcmp(*argv,"-no_dhe") == 0) - no_dhe=1; - else if (strcmp(*argv,"-no_ecdhe") == 0) - no_ecdhe=1; - else if (strcmp(*argv,"-psk") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-no_dhe") == 0) + no_dhe = 1; + else if (strcmp(*argv, "-no_ecdhe") == 0) + no_ecdhe = 1; + else if (strcmp(*argv, "-psk") == 0) { + if (--argc < 1) + goto bad; psk_key=*(++argv); #ifndef OPENSSL_NO_PSK - if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) - { - BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); + if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) { + BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); goto bad; - } + } #else - no_psk=1; + no_psk = 1; #endif - } + } #ifndef OPENSSL_NO_SRP - else if (strcmp(*argv,"-srpuser") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-srpuser") == 0) { + if (--argc < 1) + goto bad; srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv); - tls1=1; - } - else if (strcmp(*argv,"-srppass") == 0) - { - if (--argc < 1) goto bad; + tls1 = 1; + } else if (strcmp(*argv, "-srppass") == 0) { + if (--argc < 1) + goto bad; srp_server_arg.pass = srp_client_arg.srppassin= *(++argv); - tls1=1; - } + tls1 = 1; + } #endif - else if (strcmp(*argv,"-ssl2") == 0) - ssl2=1; - else if (strcmp(*argv,"-tls1") == 0) - tls1=1; - else if (strcmp(*argv,"-ssl3") == 0) - ssl3=1; - else if (strncmp(*argv,"-num",4) == 0) - { - if (--argc < 1) goto bad; - number= atoi(*(++argv)); - if (number == 0) number=1; - } - else if (strcmp(*argv,"-bytes") == 0) - { - if (--argc < 1) goto bad; - bytes= atol(*(++argv)); - if (bytes == 0L) bytes=1L; - i=strlen(argv[0]); - if (argv[0][i-1] == 'k') bytes*=1024L; - if (argv[0][i-1] == 'm') bytes*=1024L*1024L; - } - else if (strcmp(*argv,"-cert") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-ssl2") == 0) + ssl2 = 1; + else if (strcmp(*argv, "-tls1") == 0) + tls1 = 1; + else if (strcmp(*argv, "-ssl3") == 0) + ssl3 = 1; + else if (strncmp(*argv, "-num", 4) == 0) { + if (--argc < 1) + goto bad; + number = atoi(*(++argv)); + if (number == 0) + number = 1; + } else if (strcmp(*argv, "-bytes") == 0) { + if (--argc < 1) + goto bad; + bytes = atol(*(++argv)); + if (bytes == 0L) + bytes = 1L; + i = strlen(argv[0]); + if (argv[0][i - 1] == 'k') + bytes*=1024L; + if (argv[0][i - 1] == 'm') + bytes*=1024L*1024L; + } else if (strcmp(*argv, "-cert") == 0) { + if (--argc < 1) + goto bad; server_cert= *(++argv); - } - else if (strcmp(*argv,"-s_cert") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-s_cert") == 0) { + if (--argc < 1) + goto bad; server_cert= *(++argv); - } - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-key") == 0) { + if (--argc < 1) + goto bad; server_key= *(++argv); - } - else if (strcmp(*argv,"-s_key") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-s_key") == 0) { + if (--argc < 1) + goto bad; server_key= *(++argv); - } - else if (strcmp(*argv,"-c_cert") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-c_cert") == 0) { + if (--argc < 1) + goto bad; client_cert= *(++argv); - } - else if (strcmp(*argv,"-c_key") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-c_key") == 0) { + if (--argc < 1) + goto bad; client_key= *(++argv); - } - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-cipher") == 0) { + if (--argc < 1) + goto bad; cipher= *(++argv); - } - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; CApath= *(++argv); - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; CAfile= *(++argv); - } - else if (strcmp(*argv,"-bio_pair") == 0) - { + } else if (strcmp(*argv, "-bio_pair") == 0) { bio_pair = 1; - } - else if (strcmp(*argv,"-f") == 0) - { + } else if (strcmp(*argv, "-f") == 0) { force = 1; - } - else if (strcmp(*argv,"-time") == 0) - { + } else if (strcmp(*argv, "-time") == 0) { print_time = 1; - } - else if (strcmp(*argv,"-zlib") == 0) - { + } else if (strcmp(*argv, "-zlib") == 0) { comp = COMP_ZLIB; - } - else if (strcmp(*argv,"-rle") == 0) - { + } else if (strcmp(*argv, "-rle") == 0) { comp = COMP_RLE; - } - else if (strcmp(*argv,"-named_curve") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-named_curve") == 0) { + if (--argc < 1) + goto bad; #ifndef OPENSSL_NO_ECDH named_curve = *(++argv); #else - fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n"); + fprintf(stderr, "ignoring -named_curve, since I'm compiled without ECDH\n"); ++argv; #endif - } - else if (strcmp(*argv,"-app_verify") == 0) - { + } else if (strcmp(*argv, "-app_verify") == 0) { app_verify_arg.app_verify = 1; - } - else if (strcmp(*argv,"-proxy") == 0) - { + } else if (strcmp(*argv, "-proxy") == 0) { app_verify_arg.allow_proxy_certs = 1; - } - else if (strcmp(*argv,"-test_cipherlist") == 0) - { + } else if (strcmp(*argv, "-test_cipherlist") == 0) { test_cipherlist = 1; - } - else - { - fprintf(stderr,"unknown option %s\n",*argv); - badop=1; + } else { + fprintf(stderr, "unknown option %s\n", *argv); + badop = 1; break; - } + } argc--; argv++; - } - if (badop) - { + } + if (badop) { bad: sv_usage(); goto end; - } + } - if (test_cipherlist == 1) - { + if (test_cipherlist == 1) { /* ensure that the cipher list are correctly sorted and exit */ if (do_test_cipherlist() == 0) exit(1); ret = 0; goto end; - } + } - if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) - { - fprintf(stderr, "This case cannot work. Use -f to perform " - "the test anyway (and\n-d to see what happens), " - "or add one of -ssl2, -ssl3, -tls1, -reuse\n" - "to avoid protocol mismatch.\n"); + if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) { + fprintf(stderr, + "This case cannot work. Use -f to perform " + "the test anyway (and\n-d to see what happens), " + "or add one of -ssl2, -ssl3, -tls1, -reuse\n" + "to avoid protocol mismatch.\n"); exit(1); - } + } #ifdef OPENSSL_FIPS - if(fips_mode) - { - if(!FIPS_mode_set(1)) - { + if (fips_mode) { + if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); exit(1); - } - else - fprintf(stderr,"*** IN FIPS MODE ***\n"); - } + } else + fprintf(stderr, "*** IN FIPS MODE ***\n"); + } #endif - if (print_time) - { - if (!bio_pair) - { + if (print_time) { + if (!bio_pair) { fprintf(stderr, "Using BIO pair (-bio_pair)\n"); bio_pair = 1; - } + } if (number < 50 && !force) fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); - } + } /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ @@ -816,141 +765,124 @@ bad: SSL_load_error_strings(); #ifndef OPENSSL_NO_COMP - if (comp == COMP_ZLIB) cm = COMP_zlib(); - if (comp == COMP_RLE) cm = COMP_rle(); - if (cm != NULL) - { - if (cm->type != NID_undef) - { - if (SSL_COMP_add_compression_method(comp, cm) != 0) - { + if (comp == COMP_ZLIB) + cm = COMP_zlib(); + if (comp == COMP_RLE) + cm = COMP_rle(); + if (cm != NULL) { + if (cm->type != NID_undef) { + if (SSL_COMP_add_compression_method(comp, cm) != 0) { fprintf(stderr, - "Failed to add compression method\n"); + "Failed to add compression method\n"); ERR_print_errors_fp(stderr); - } } - else - { + } else { fprintf(stderr, - "Warning: %s compression not supported\n", - (comp == COMP_RLE ? "rle" : - (comp == COMP_ZLIB ? "zlib" : - "unknown"))); + "Warning: %s compression not supported\n", + (comp == COMP_RLE ? "rle" : + (comp == COMP_ZLIB ? "zlib" : + "unknown"))); ERR_print_errors_fp(stderr); - } } + } ssl_comp_methods = SSL_COMP_get_compression_methods(); fprintf(stderr, "Available compression methods:\n"); { - int j, n = sk_SSL_COMP_num(ssl_comp_methods); - if (n == 0) - fprintf(stderr, " NONE\n"); - else - for (j = 0; j < n; j++) - { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); - fprintf(stderr, " %d: %s\n", c->id, c->name); + int j, n = sk_SSL_COMP_num(ssl_comp_methods); + if (n == 0) + fprintf(stderr, " NONE\n"); + else + for (j = 0; j < n; j++) { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); + fprintf(stderr, " %d: %s\n", c->id, c->name); } } #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) if (ssl2) - meth=SSLv2_method(); - else - if (tls1) - meth=TLSv1_method(); - else - if (ssl3) - meth=SSLv3_method(); + meth = SSLv2_method(); + else if (tls1) + meth = TLSv1_method(); + else if (ssl3) + meth = SSLv3_method(); else - meth=SSLv23_method(); + meth = SSLv23_method(); #else #ifdef OPENSSL_NO_SSL2 if (tls1) - meth=TLSv1_method(); - else - if (ssl3) - meth=SSLv3_method(); + meth = TLSv1_method(); + else if (ssl3) + meth = SSLv3_method(); else - meth=SSLv23_method(); + meth = SSLv23_method(); #else - meth=SSLv2_method(); + meth = SSLv2_method(); #endif #endif - c_ctx=SSL_CTX_new(meth); - s_ctx=SSL_CTX_new(meth); - if ((c_ctx == NULL) || (s_ctx == NULL)) - { + c_ctx = SSL_CTX_new(meth); + s_ctx = SSL_CTX_new(meth); + if ((c_ctx == NULL) || (s_ctx == NULL)) { ERR_print_errors(bio_err); goto end; - } + } - if (cipher != NULL) - { - SSL_CTX_set_cipher_list(c_ctx,cipher); - SSL_CTX_set_cipher_list(s_ctx,cipher); - } + if (cipher != NULL) { + SSL_CTX_set_cipher_list(c_ctx, cipher); + SSL_CTX_set_cipher_list(s_ctx, cipher); + } #ifndef OPENSSL_NO_DH - if (!no_dhe) - { - if (dhe1024dsa) - { + if (!no_dhe) { + if (dhe1024dsa) { /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); - dh=get_dh1024dsa(); - } - else if (dhe1024) - dh=get_dh1024(); + dh = get_dh1024dsa(); + } else if (dhe1024) + dh = get_dh1024(); else - dh=get_dh512(); - SSL_CTX_set_tmp_dh(s_ctx,dh); + dh = get_dh512(); + SSL_CTX_set_tmp_dh(s_ctx, dh); DH_free(dh); - } + } #else (void)no_dhe; #endif #ifndef OPENSSL_NO_ECDH - if (!no_ecdhe) - { + if (!no_ecdhe) { int nid; - if (named_curve != NULL) - { + if (named_curve != NULL) { nid = OBJ_sn2nid(named_curve); - if (nid == 0) - { + if (nid == 0) { BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); goto end; - } } - else + } else #ifdef OPENSSL_NO_EC2M - nid = NID_X9_62_prime256v1; + nid = NID_X9_62_prime256v1; #else - nid = NID_sect163r2; + nid = NID_sect163r2; #endif ecdh = EC_KEY_new_by_curve_name(nid); - if (ecdh == NULL) - { + if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve\n"); goto end; - } + } SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); EC_KEY_free(ecdh); - } + } #else (void)no_ecdhe; #endif #ifndef OPENSSL_NO_RSA - SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); + SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); #endif #ifdef TLSEXT_TYPE_opaque_prf_input @@ -960,169 +892,154 @@ bad: SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ #endif - if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) - { + if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); - } - else if (!SSL_CTX_use_PrivateKey_file(s_ctx, - (server_key?server_key:server_cert), SSL_FILETYPE_PEM)) - { + } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, + (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); goto end; - } + } - if (client_auth) - { - SSL_CTX_use_certificate_file(c_ctx,client_cert, - SSL_FILETYPE_PEM); + if (client_auth) { + SSL_CTX_use_certificate_file(c_ctx, client_cert, + SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(c_ctx, - (client_key?client_key:client_cert), - SSL_FILETYPE_PEM); - } + (client_key ? client_key : client_cert), + SSL_FILETYPE_PEM); + } - if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(s_ctx)) || - (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(c_ctx))) - { + if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(s_ctx)) || + (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(c_ctx))) { /* fprintf(stderr,"SSL_load_verify_locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ - } + } - if (client_auth) - { - BIO_printf(bio_err,"client authentication\n"); + if (client_auth) { + BIO_printf(bio_err, "client authentication\n"); SSL_CTX_set_verify(s_ctx, - SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - verify_callback); + SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg); - } - if (server_auth) - { - BIO_printf(bio_err,"server authentication\n"); - SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, - verify_callback); + } + if (server_auth) { + BIO_printf(bio_err, "server authentication\n"); + SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, + verify_callback); SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg); - } - + } + { int session_id_context = 0; SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); } /* Use PSK only if PSK key is given */ - if (psk_key != NULL) - { + if (psk_key != NULL) { /* no_psk is used to avoid putting psk command to openssl tool */ - if (no_psk) - { + if (no_psk) { /* if PSK is not compiled in and psk key is * given, do nothing and exit successfully */ - ret=0; + ret = 0; goto end; - } + } #ifndef OPENSSL_NO_PSK SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); if (debug) - BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n"); - if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) - { - BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n"); + BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n"); + if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) { + BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n"); ERR_print_errors(bio_err); goto end; - } -#endif } +#endif + } #ifndef OPENSSL_NO_SRP - if (srp_client_arg.srplogin) - { - if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) - { - BIO_printf(bio_err,"Unable to set SRP username\n"); + if (srp_client_arg.srplogin) { + if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) { + BIO_printf(bio_err, "Unable to set SRP username\n"); goto end; - } - SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg); + } + SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg); SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb); /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/ - } + } - if (srp_server_arg.expected_user != NULL) - { - SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback); + if (srp_server_arg.expected_user != NULL) { + SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback); SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); - } + } #endif - c_ssl=SSL_new(c_ctx); - s_ssl=SSL_new(s_ctx); + c_ssl = SSL_new(c_ctx); + s_ssl = SSL_new(s_ctx); #ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) - { - char localhost[MAXHOSTNAMELEN+2]; - - if (gethostname(localhost, sizeof localhost-1) == 0) - { - localhost[sizeof localhost-1]='\0'; - if(strlen(localhost) == sizeof localhost-1) - { - BIO_printf(bio_err,"localhost name too long\n"); + if (c_ssl && c_ssl->kssl_ctx) { + char localhost[MAXHOSTNAMELEN + 2]; + + if (gethostname(localhost, sizeof localhost - 1) == 0) { + localhost[sizeof localhost - 1] = '\0'; + if (strlen(localhost) == sizeof localhost - 1) { + BIO_printf(bio_err, "localhost name too long\n"); goto end; - } - kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, - localhost); } + kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, + localhost); } + } #endif /* OPENSSL_NO_KRB5 */ - for (i=0; i 1) || (bytes > 1L)) - BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes); - if (print_time) - { + BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number, bytes); + if (print_time) { #ifdef CLOCKS_PER_SEC /* "To determine the time in seconds, the value returned * by the clock function should be divided by the value * of the macro CLOCKS_PER_SEC." * -- ISO/IEC 9899 */ BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" - "Approximate total client time: %6.2f s\n", - (double)s_time/CLOCKS_PER_SEC, - (double)c_time/CLOCKS_PER_SEC); + "Approximate total client time: %6.2f s\n", + (double)s_time/CLOCKS_PER_SEC, + (double)c_time/CLOCKS_PER_SEC); #else /* "`CLOCKS_PER_SEC' undeclared (first use this function)" * -- cc on NeXTstep/OpenStep */ BIO_printf(bio_stdout, - "Approximate total server time: %6.2f units\n" - "Approximate total client time: %6.2f units\n", - (double)s_time, - (double)c_time); + "Approximate total server time: %6.2f units\n" + "Approximate total client time: %6.2f units\n", + (double)s_time, + (double)c_time); #endif - } + } SSL_free(s_ssl); SSL_free(c_ssl); end: - if (s_ctx != NULL) SSL_CTX_free(s_ctx); - if (c_ctx != NULL) SSL_CTX_free(c_ctx); + if (s_ctx != NULL) + SSL_CTX_free(s_ctx); + if (c_ctx != NULL) + SSL_CTX_free(c_ctx); - if (bio_stdout != NULL) BIO_free(bio_stdout); + if (bio_stdout != NULL) + BIO_free(bio_stdout); #ifndef OPENSSL_NO_RSA free_tmp_rsa(); @@ -1135,26 +1052,28 @@ end: ERR_remove_thread_state(NULL); EVP_cleanup(); CRYPTO_mem_leaks(bio_err); - if (bio_err != NULL) BIO_free(bio_err); + if (bio_err != NULL) + BIO_free(bio_err); exit(ret); return ret; - } +} -int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, - clock_t *s_time, clock_t *c_time) - { +int +doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time, + clock_t *c_time) +{ long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; int ret = 1; - + size_t bufsiz = 256; /* small buffer for testing */ if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) goto err; if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) goto err; - + s_ssl_bio = BIO_new(BIO_f_ssl()); if (!s_ssl_bio) goto err; @@ -1171,8 +1090,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, SSL_set_bio(s_ssl, server, server); (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); - do - { + do { /* c_ssl_bio: SSL filter BIO * * client: pseudo-I/O for SSL library @@ -1213,9 +1131,9 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, * -- we just try everything in each iteration */ - { + { /* CLIENT */ - + char cbuf[1024*8]; int i, r; clock_t c_clock = clock(); @@ -1225,68 +1143,55 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (debug) if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); + SSL_state_string_long(c_ssl)); - if (cw_num > 0) - { + if (cw_num > 0) { /* Write to server. */ - + if (cw_num > (long)sizeof cbuf) i = sizeof cbuf; else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); - if (r < 0) - { - if (!BIO_should_retry(c_ssl_bio)) - { - fprintf(stderr,"ERROR in CLIENT\n"); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); goto err; - } + } /* BIO_should_retry(...) can just be ignored here. * The library expects us to call BIO_write with * the same arguments again, and that's what we will * do in the next iteration. */ - } - else if (r == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); goto err; - } - else - { + } else { if (debug) printf("client wrote %d\n", r); - cw_num -= r; - } + cw_num -= r; + } + } - if (cr_num > 0) - { + if (cr_num > 0) { /* Read from server. */ r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); - if (r < 0) - { - if (!BIO_should_retry(c_ssl_bio)) - { - fprintf(stderr,"ERROR in CLIENT\n"); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); goto err; - } - /* Again, "BIO_should_retry" can be ignored. */ } - else if (r == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + /* Again, "BIO_should_retry" can be ignored. */ + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); goto err; - } - else - { + } else { if (debug) printf("client read %d\n", r); cr_num -= r; - } } + } /* c_time and s_time increments will typically be very small * (depending on machine speed and clock tick intervals), @@ -1297,11 +1202,11 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, * or only for the server or even not at all. */ *c_time += (clock() - c_clock); - } + } - { + { /* SERVER */ - + char sbuf[1024*8]; int i, r; clock_t s_clock = clock(); @@ -1311,70 +1216,57 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (debug) if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); + SSL_state_string_long(s_ssl)); - if (sw_num > 0) - { + if (sw_num > 0) { /* Write to client. */ - + if (sw_num > (long)sizeof sbuf) i = sizeof sbuf; else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); - if (r < 0) - { - if (!BIO_should_retry(s_ssl_bio)) - { - fprintf(stderr,"ERROR in SERVER\n"); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); goto err; - } - /* Ignore "BIO_should_retry". */ } - else if (r == 0) - { - fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); + /* Ignore "BIO_should_retry". */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); goto err; - } - else - { + } else { if (debug) printf("server wrote %d\n", r); - sw_num -= r; - } + sw_num -= r; + } + } - if (sr_num > 0) - { + if (sr_num > 0) { /* Read from client. */ r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); - if (r < 0) - { - if (!BIO_should_retry(s_ssl_bio)) - { - fprintf(stderr,"ERROR in SERVER\n"); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); goto err; - } - /* blah, blah */ } - else if (r == 0) - { - fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); + /* blah, blah */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); goto err; - } - else - { + } else { if (debug) printf("server read %d\n", r); sr_num -= r; - } } + } *s_time += (clock() - s_clock); - } - - { + } + + { /* "I/O" BETWEEN CLIENT AND SERVER. */ size_t r1, r2; @@ -1382,13 +1274,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, /* we use the non-copying interface for io1 * and the standard BIO_write/BIO_read interface for io2 */ - + static int prev_progress = 1; int progress = 0; - + /* io1 to io2 */ do - { + { size_t num; int r; @@ -1398,13 +1290,12 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, num = r1; if (r2 < num) num = r2; - if (num) - { + if (num) { char *dataptr; if (INT_MAX < num) /* yeah, right */ num = INT_MAX; - + r = BIO_nread(io1, &dataptr, (int)num); assert(r > 0); assert(r <= (int)num); @@ -1412,21 +1303,20 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, num = r; r = BIO_write(io2, dataptr, (int)num); if (r != (int)num) /* can't happen */ - { + { fprintf(stderr, "ERROR: BIO_write could not write " - "BIO_ctrl_get_write_guarantee() bytes"); + "BIO_ctrl_get_write_guarantee() bytes"); goto err; - } + } progress = 1; if (debug) printf((io1 == client_io) ? - "C->S relaying: %d bytes\n" : - "S->C relaying: %d bytes\n", - (int)num); - } + "C->S relaying: %d bytes\n" : + "S->C relaying: %d bytes\n", + (int)num); } - while (r1 && r2); + } while (r1 && r2); /* io2 to io1 */ { @@ -1442,76 +1332,71 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, num = r1; if (r2 < num) num = r2; - if (num) - { + if (num) { char *dataptr; - + if (INT_MAX < num) num = INT_MAX; if (num > 1) --num; /* test restartability even more thoroughly */ - + r = BIO_nwrite0(io1, &dataptr); assert(r > 0); if (r < (int)num) num = r; r = BIO_read(io2, dataptr, (int)num); if (r != (int)num) /* can't happen */ - { + { fprintf(stderr, "ERROR: BIO_read could not read " - "BIO_ctrl_pending() bytes"); + "BIO_ctrl_pending() bytes"); goto err; - } + } progress = 1; r = BIO_nwrite(io1, &dataptr, (int)num); if (r != (int)num) /* can't happen */ - { + { fprintf(stderr, "ERROR: BIO_nwrite() did not accept " - "BIO_nwrite0() bytes"); + "BIO_nwrite0() bytes"); goto err; - } - + } + if (debug) printf((io2 == client_io) ? - "C->S relaying: %d bytes\n" : - "S->C relaying: %d bytes\n", - (int)num); - } + "C->S relaying: %d bytes\n" : + "S->C relaying: %d bytes\n", + (int)num); + } } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */ if (!progress && !prev_progress) - if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) - { - fprintf(stderr, "ERROR: got stuck\n"); - if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) - { - fprintf(stderr, "This can happen for SSL2 because " - "CLIENT-FINISHED and SERVER-VERIFY are written \n" - "concurrently ..."); - if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0 - && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) - { - fprintf(stderr, " ok.\n"); - goto end; - } - } - fprintf(stderr, " ERROR.\n"); - goto err; + if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) { + fprintf(stderr, "ERROR: got stuck\n"); + if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) { + fprintf(stderr, "This can happen for SSL2 because " + "CLIENT-FINISHED and SERVER-VERIFY are written \n" + "concurrently ..."); + if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0 + && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) { + fprintf(stderr, " ok.\n"); + goto end; } - prev_progress = progress; + } + fprintf(stderr, " ERROR.\n"); + goto err; } + prev_progress = progress; } - while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); + } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); if (verbose) print_details(c_ssl, "DONE via BIO pair: "); end: ret = 0; - err: + err: ERR_print_errors(bio_err); - + if (server) BIO_free(server); if (server_io) @@ -1526,7 +1411,7 @@ end: BIO_free(c_ssl_bio); return ret; - } +} #define W_READ 1 @@ -1534,274 +1419,230 @@ end: #define C_DONE 1 #define S_DONE 2 -int doit(SSL *s_ssl, SSL *c_ssl, long count) - { - char cbuf[1024*8],sbuf[1024*8]; - long cw_num=count,cr_num=count; - long sw_num=count,sr_num=count; - int ret=1; - BIO *c_to_s=NULL; - BIO *s_to_c=NULL; - BIO *c_bio=NULL; - BIO *s_bio=NULL; - int c_r,c_w,s_r,s_w; - int i,j; - int done=0; - int c_write,s_write; - int do_server=0,do_client=0; - - memset(cbuf,0,sizeof(cbuf)); - memset(sbuf,0,sizeof(sbuf)); - - c_to_s=BIO_new(BIO_s_mem()); - s_to_c=BIO_new(BIO_s_mem()); - if ((s_to_c == NULL) || (c_to_s == NULL)) - { +int +doit(SSL *s_ssl, SSL *c_ssl, long count) +{ + char cbuf[1024*8], sbuf[1024*8]; + long cw_num = count, cr_num = count; + long sw_num = count, sr_num = count; + int ret = 1; + BIO *c_to_s = NULL; + BIO *s_to_c = NULL; + BIO *c_bio = NULL; + BIO *s_bio = NULL; + int c_r, c_w, s_r, s_w; + int i, j; + int done = 0; + int c_write, s_write; + int do_server = 0, do_client = 0; + + memset(cbuf, 0, sizeof(cbuf)); + memset(sbuf, 0, sizeof(sbuf)); + + c_to_s = BIO_new(BIO_s_mem()); + s_to_c = BIO_new(BIO_s_mem()); + if ((s_to_c == NULL) || (c_to_s == NULL)) { ERR_print_errors(bio_err); goto err; - } + } - c_bio=BIO_new(BIO_f_ssl()); - s_bio=BIO_new(BIO_f_ssl()); - if ((c_bio == NULL) || (s_bio == NULL)) - { + c_bio = BIO_new(BIO_f_ssl()); + s_bio = BIO_new(BIO_f_ssl()); + if ((c_bio == NULL) || (s_bio == NULL)) { ERR_print_errors(bio_err); goto err; - } + } SSL_set_connect_state(c_ssl); - SSL_set_bio(c_ssl,s_to_c,c_to_s); - BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); + SSL_set_bio(c_ssl, s_to_c, c_to_s); + BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE); SSL_set_accept_state(s_ssl); - SSL_set_bio(s_ssl,c_to_s,s_to_c); - BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); + SSL_set_bio(s_ssl, c_to_s, s_to_c); + BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE); - c_r=0; s_r=1; - c_w=1; s_w=0; - c_write=1,s_write=0; + c_r = 0; + s_r = 1; + c_w = 1; + s_w = 0; + c_write = 1, s_write = 0; /* We can always do writes */ - for (;;) - { - do_server=0; - do_client=0; + for (;;) { + do_server = 0; + do_client = 0; - i=(int)BIO_pending(s_bio); - if ((i && s_r) || s_w) do_server=1; + i = (int)BIO_pending(s_bio); + if ((i && s_r) || s_w) + do_server = 1; - i=(int)BIO_pending(c_bio); - if ((i && c_r) || c_w) do_client=1; + i = (int)BIO_pending(c_bio); + if ((i && c_r) || c_w) + do_client = 1; - if (do_server && debug) - { + if (do_server && debug) { if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); + SSL_state_string_long(s_ssl)); /* else if (s_write) printf("server:SSL_write()\n"); else printf("server:SSL_read()\n"); */ - } + } - if (do_client && debug) - { + if (do_client && debug) { if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); + SSL_state_string_long(c_ssl)); /* else if (c_write) printf("client:SSL_write()\n"); else printf("client:SSL_read()\n"); */ - } + } - if (!do_client && !do_server) - { - fprintf(stdout,"ERROR IN STARTUP\n"); + if (!do_client && !do_server) { + fprintf(stdout, "ERROR IN STARTUP\n"); ERR_print_errors(bio_err); break; - } - if (do_client && !(done & C_DONE)) - { - if (c_write) - { + } + if (do_client && !(done & C_DONE)) { + if (c_write) { j = (cw_num > (long)sizeof(cbuf)) ? - (int)sizeof(cbuf) : (int)cw_num; - i=BIO_write(c_bio,cbuf,j); - if (i < 0) - { - c_r=0; - c_w=0; - if (BIO_should_retry(c_bio)) - { + (int)sizeof(cbuf) : (int)cw_num; + i = BIO_write(c_bio, cbuf, j); + if (i < 0) { + c_r = 0; + c_w = 0; + if (BIO_should_retry(c_bio)) { if (BIO_should_read(c_bio)) - c_r=1; + c_r = 1; if (BIO_should_write(c_bio)) - c_w=1; - } - else - { - fprintf(stderr,"ERROR in CLIENT\n"); + c_w = 1; + } else { + fprintf(stderr, "ERROR in CLIENT\n"); ERR_print_errors(bio_err); goto err; - } } - else if (i == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + } else if (i == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); goto err; - } - else - { + } else { if (debug) - printf("client wrote %d\n",i); + printf("client wrote %d\n", i); /* ok */ - s_r=1; - c_write=0; - cw_num-=i; - } + s_r = 1; + c_write = 0; + cw_num -= i; } - else - { - i=BIO_read(c_bio,cbuf,sizeof(cbuf)); - if (i < 0) - { - c_r=0; - c_w=0; - if (BIO_should_retry(c_bio)) - { + } else { + i = BIO_read(c_bio, cbuf, sizeof(cbuf)); + if (i < 0) { + c_r = 0; + c_w = 0; + if (BIO_should_retry(c_bio)) { if (BIO_should_read(c_bio)) - c_r=1; + c_r = 1; if (BIO_should_write(c_bio)) - c_w=1; - } - else - { - fprintf(stderr,"ERROR in CLIENT\n"); + c_w = 1; + } else { + fprintf(stderr, "ERROR in CLIENT\n"); ERR_print_errors(bio_err); goto err; - } } - else if (i == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); + } else if (i == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); goto err; - } - else - { + } else { if (debug) - printf("client read %d\n",i); - cr_num-=i; - if (sw_num > 0) - { - s_write=1; - s_w=1; - } - if (cr_num <= 0) - { - s_write=1; - s_w=1; - done=S_DONE|C_DONE; - } + printf("client read %d\n", i); + cr_num -= i; + if (sw_num > 0) { + s_write = 1; + s_w = 1; + } + if (cr_num <= 0) { + s_write = 1; + s_w = 1; + done = S_DONE|C_DONE; } } } + } - if (do_server && !(done & S_DONE)) - { - if (!s_write) - { - i=BIO_read(s_bio,sbuf,sizeof(cbuf)); - if (i < 0) - { - s_r=0; - s_w=0; - if (BIO_should_retry(s_bio)) - { + if (do_server && !(done & S_DONE)) { + if (!s_write) { + i = BIO_read(s_bio, sbuf, sizeof(cbuf)); + if (i < 0) { + s_r = 0; + s_w = 0; + if (BIO_should_retry(s_bio)) { if (BIO_should_read(s_bio)) - s_r=1; + s_r = 1; if (BIO_should_write(s_bio)) - s_w=1; - } - else - { - fprintf(stderr,"ERROR in SERVER\n"); + s_w = 1; + } else { + fprintf(stderr, "ERROR in SERVER\n"); ERR_print_errors(bio_err); goto err; - } } - else if (i == 0) - { + } else if (i == 0) { ERR_print_errors(bio_err); - fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n"); + fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n"); goto err; - } - else - { + } else { if (debug) - printf("server read %d\n",i); - sr_num-=i; - if (cw_num > 0) - { - c_write=1; - c_w=1; - } - if (sr_num <= 0) - { - s_write=1; - s_w=1; - c_write=0; - } + printf("server read %d\n", i); + sr_num -= i; + if (cw_num > 0) { + c_write = 1; + c_w = 1; + } + if (sr_num <= 0) { + s_write = 1; + s_w = 1; + c_write = 0; } } - else - { + } else { j = (sw_num > (long)sizeof(sbuf)) ? - (int)sizeof(sbuf) : (int)sw_num; - i=BIO_write(s_bio,sbuf,j); - if (i < 0) - { - s_r=0; - s_w=0; - if (BIO_should_retry(s_bio)) - { + (int)sizeof(sbuf) : (int)sw_num; + i = BIO_write(s_bio, sbuf, j); + if (i < 0) { + s_r = 0; + s_w = 0; + if (BIO_should_retry(s_bio)) { if (BIO_should_read(s_bio)) - s_r=1; + s_r = 1; if (BIO_should_write(s_bio)) - s_w=1; - } - else - { - fprintf(stderr,"ERROR in SERVER\n"); + s_w = 1; + } else { + fprintf(stderr, "ERROR in SERVER\n"); ERR_print_errors(bio_err); goto err; - } } - else if (i == 0) - { + } else if (i == 0) { ERR_print_errors(bio_err); - fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n"); + fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n"); goto err; - } - else - { + } else { if (debug) - printf("server wrote %d\n",i); - sw_num-=i; - s_write=0; - c_r=1; + printf("server wrote %d\n", i); + sw_num -= i; + s_write = 0; + c_r = 1; if (sw_num <= 0) done|=S_DONE; - } } } - - if ((done & S_DONE) && (done & C_DONE)) break; } + if ((done & S_DONE) + && (done & C_DONE)) break; + } + if (verbose) print_details(c_ssl, "DONE: "); - ret=0; + ret = 0; err: /* We have to set the BIO's to NULL otherwise they will be * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and @@ -1810,95 +1651,89 @@ err: * BIO structure and SSL_set_bio() and SSL_free() automatically * BIO_free non NULL entries. * You should not normally do this or be required to do this */ - if (s_ssl != NULL) - { - s_ssl->rbio=NULL; - s_ssl->wbio=NULL; - } - if (c_ssl != NULL) - { - c_ssl->rbio=NULL; - c_ssl->wbio=NULL; - } - - if (c_to_s != NULL) BIO_free(c_to_s); - if (s_to_c != NULL) BIO_free(s_to_c); - if (c_bio != NULL) BIO_free_all(c_bio); - if (s_bio != NULL) BIO_free_all(s_bio); - return(ret); + if (s_ssl != NULL) { + s_ssl->rbio = NULL; + s_ssl->wbio = NULL; + } + if (c_ssl != NULL) { + c_ssl->rbio = NULL; + c_ssl->wbio = NULL; } -static int get_proxy_auth_ex_data_idx(void) - { + if (c_to_s != NULL) + BIO_free(c_to_s); + if (s_to_c != NULL) + BIO_free(s_to_c); + if (c_bio != NULL) + BIO_free_all(c_bio); + if (s_bio != NULL) + BIO_free_all(s_bio); + return (ret); +} + +static int +get_proxy_auth_ex_data_idx(void) +{ static volatile int idx = -1; - if (idx < 0) - { + if (idx < 0) { CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if (idx < 0) - { + if (idx < 0) { idx = X509_STORE_CTX_get_ex_new_index(0, - "SSLtest for verify callback", NULL,NULL,NULL); - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + "SSLtest for verify callback", NULL, NULL, NULL); } - return idx; + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } + return idx; +} -static int verify_callback(int ok, X509_STORE_CTX *ctx) - { - char *s,buf[256]; +static int +verify_callback(int ok, X509_STORE_CTX *ctx) +{ + char *s, buf[256]; - s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf, - sizeof buf); - if (s != NULL) - { + s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, + sizeof buf); + if (s != NULL) { if (ok) - fprintf(stderr,"depth=%d %s\n", - ctx->error_depth,buf); - else - { - fprintf(stderr,"depth=%d error=%d %s\n", - ctx->error_depth,ctx->error,buf); - } + fprintf(stderr, "depth=%d %s\n", + ctx->error_depth, buf); + else { + fprintf(stderr, "depth=%d error=%d %s\n", + ctx->error_depth, ctx->error, buf); } + } - if (ok == 0) - { - fprintf(stderr,"Error string: %s\n", - X509_verify_cert_error_string(ctx->error)); - switch (ctx->error) - { + if (ok == 0) { + fprintf(stderr, "Error string: %s\n", + X509_verify_cert_error_string(ctx->error)); + switch (ctx->error) { case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - fprintf(stderr," ... ignored.\n"); - ok=1; - } + fprintf(stderr, " ... ignored.\n"); + ok = 1; } + } - if (ok == 1) - { + if (ok == 1) { X509 *xs = ctx->current_cert; #if 0 X509 *xi = ctx->current_issuer; #endif - if (xs->ex_flags & EXFLAG_PROXY) - { + if (xs->ex_flags & EXFLAG_PROXY) { unsigned int *letters = - X509_STORE_CTX_get_ex_data(ctx, - get_proxy_auth_ex_data_idx()); + X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx()); - if (letters) - { + if (letters) { int found_any = 0; int i; PROXY_CERT_INFO_EXTENSION *pci = - X509_get_ext_d2i(xs, NID_proxyCertInfo, - NULL, NULL); + X509_get_ext_d2i(xs, NID_proxyCertInfo, + NULL, NULL); - switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) - { + switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) { case NID_Independent: /* Completely meaningless in this program, as there's no way to @@ -1918,7 +1753,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) break; default: s = (char *) - pci->proxyPolicy->policy->data; + pci->proxyPolicy->policy->data; i = pci->proxyPolicy->policy->length; /* The algorithm works as follows: @@ -1942,412 +1777,398 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) and clear all the others. */ fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); - while(i-- > 0) - { + while (i-- > 0) { int c = *s++; - if (isascii(c) && isalpha(c)) - { + if (isascii(c) && isalpha(c)) { if (islower(c)) c = toupper(c); letters[c - 'A']++; - } } + } for (i = 0; i < 26; i++) if (letters[i] < 2) letters[i] = 0; - else - letters[i] = 1; - } + else + letters[i] = 1; + } found_any = 0; - fprintf(stderr, - ", resulting proxy rights = "); - for(i = 0; i < 26; i++) - if (letters[i]) - { - fprintf(stderr, "%c", i + 'A'); - found_any = 1; - } + fprintf(stderr, ", resulting proxy rights = "); + for (i = 0; i < 26; i++) + if (letters[i]) { + fprintf(stderr, "%c", i + 'A'); + found_any = 1; + } if (!found_any) fprintf(stderr, "none"); fprintf(stderr, "\n"); PROXY_CERT_INFO_EXTENSION_free(pci); - } } } - - return(ok); } -static void process_proxy_debug(int indent, const char *format, ...) - { + return (ok); +} + +static void +process_proxy_debug(int indent, const char *format, ...) +{ static const char indentation[] = - ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" - ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */ + ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" + ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */ char my_format[256]; va_list args; BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s", - indent, indent, indentation, format); + indent, indent, indentation, format); va_start(args, format); vfprintf(stderr, my_format, args); va_end(args); - } +} /* Priority levels: 0 [!]var, () 1 & ^ 2 | */ static int process_proxy_cond_adders(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent); -static int process_proxy_cond_val(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent) - { + const char *cond, const char **cond_end, int *pos, int indent); + +static int +process_proxy_cond_val(unsigned int letters[26], const char *cond, + const char **cond_end, int *pos, int indent) +{ int c; int ok = 1; int negate = 0; - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } c = *cond; if (debug) process_proxy_debug(indent, - "Start process_proxy_cond_val at position %d: %s\n", - *pos, cond); + "Start process_proxy_cond_val at position %d: %s\n", + *pos, cond); - while(c == '!') - { + while (c == '!') { negate = !negate; - cond++; (*pos)++; - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } - c = *cond; + cond++; + (*pos)++; + while (isspace((int)*cond)) { + cond++; + (*pos)++; } + c = *cond; + } - if (c == '(') - { - cond++; (*pos)++; + if (c == '(') { + cond++; + (*pos)++; ok = process_proxy_cond_adders(letters, cond, cond_end, pos, - indent + 1); + indent + 1); cond = *cond_end; if (ok < 0) goto end; - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } c = *cond; - if (c != ')') - { + if (c != ')') { fprintf(stderr, - "Weird condition character in position %d: " - "%c\n", *pos, c); + "Weird condition character in position %d: " + "%c\n", *pos, c); ok = -1; goto end; - } - cond++; (*pos)++; } - else if (isascii(c) && isalpha(c)) - { + cond++; + (*pos)++; + } else if (isascii(c) && isalpha(c)) { if (islower(c)) c = toupper(c); ok = letters[c - 'A']; - cond++; (*pos)++; - } - else - { + cond++; + (*pos)++; + } else { fprintf(stderr, - "Weird condition character in position %d: " - "%c\n", *pos, c); + "Weird condition character in position %d: " + "%c\n", *pos, c); ok = -1; goto end; - } - end: + } + end: *cond_end = cond; if (ok >= 0 && negate) ok = !ok; if (debug) process_proxy_debug(indent, - "End process_proxy_cond_val at position %d: %s, returning %d\n", - *pos, cond, ok); + "End process_proxy_cond_val at position %d: %s, returning %d\n", + *pos, cond, ok); return ok; - } -static int process_proxy_cond_multipliers(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent) - { +} + +static int +process_proxy_cond_multipliers(unsigned int letters[26], const char *cond, + const char **cond_end, int *pos, int indent) +{ int ok; char c; if (debug) process_proxy_debug(indent, - "Start process_proxy_cond_multipliers at position %d: %s\n", - *pos, cond); + "Start process_proxy_cond_multipliers at position %d: %s\n", + *pos, cond); ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1); cond = *cond_end; if (ok < 0) goto end; - while(ok >= 0) - { - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } + while (ok >= 0) { + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } c = *cond; - switch(c) - { + switch (c) { case '&': case '^': { - int save_ok = ok; + int save_ok = ok; - cond++; (*pos)++; - ok = process_proxy_cond_val(letters, - cond, cond_end, pos, indent + 1); - cond = *cond_end; - if (ok < 0) - break; - - switch(c) - { - case '&': - ok &= save_ok; - break; - case '^': - ok ^= save_ok; - break; - default: - fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" - " STOPPING\n"); - exit(1); + cond++; + (*pos)++; + ok = process_proxy_cond_val(letters, + cond, cond_end, pos, indent + 1); + cond = *cond_end; + if (ok < 0) + break; + + switch (c) { + case '&': + ok &= save_ok; + break; + case '^': + ok ^= save_ok; + break; + default: + fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" + " STOPPING\n"); + exit(1); } } break; default: goto end; - } } - end: + } + end: if (debug) process_proxy_debug(indent, - "End process_proxy_cond_multipliers at position %d: %s, returning %d\n", - *pos, cond, ok); + "End process_proxy_cond_multipliers at position %d: %s, returning %d\n", + *pos, cond, ok); *cond_end = cond; return ok; - } -static int process_proxy_cond_adders(unsigned int letters[26], - const char *cond, const char **cond_end, int *pos, int indent) - { +} + +static int +process_proxy_cond_adders(unsigned int letters[26], const char *cond, + const char **cond_end, int *pos, int indent) +{ int ok; char c; if (debug) process_proxy_debug(indent, - "Start process_proxy_cond_adders at position %d: %s\n", - *pos, cond); + "Start process_proxy_cond_adders at position %d: %s\n", + *pos, cond); ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos, - indent + 1); + indent + 1); cond = *cond_end; if (ok < 0) goto end; - while(ok >= 0) - { - while(isspace((int)*cond)) - { - cond++; (*pos)++; - } + while (ok >= 0) { + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } c = *cond; - switch(c) - { + switch (c) { case '|': { - int save_ok = ok; + int save_ok = ok; - cond++; (*pos)++; - ok = process_proxy_cond_multipliers(letters, - cond, cond_end, pos, indent + 1); - cond = *cond_end; - if (ok < 0) - break; - - switch(c) - { - case '|': - ok |= save_ok; - break; - default: - fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" - " STOPPING\n"); - exit(1); + cond++; + (*pos)++; + ok = process_proxy_cond_multipliers(letters, + cond, cond_end, pos, indent + 1); + cond = *cond_end; + if (ok < 0) + break; + + switch (c) { + case '|': + ok |= save_ok; + break; + default: + fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" + " STOPPING\n"); + exit(1); } } break; default: goto end; - } } - end: + } + end: if (debug) process_proxy_debug(indent, - "End process_proxy_cond_adders at position %d: %s, returning %d\n", - *pos, cond, ok); + "End process_proxy_cond_adders at position %d: %s, returning %d\n", + *pos, cond, ok); *cond_end = cond; return ok; - } +} -static int process_proxy_cond(unsigned int letters[26], - const char *cond, const char **cond_end) - { +static int +process_proxy_cond(unsigned int letters[26], const char *cond, + const char **cond_end) +{ int pos = 1; return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1); - } +} -static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) - { - int ok=1; +static int +app_verify_callback(X509_STORE_CTX *ctx, void *arg) +{ + int ok = 1; struct app_verify_arg *cb_arg = arg; unsigned int letters[26]; /* only used with proxy_auth */ - if (cb_arg->app_verify) - { - char *s = NULL,buf[256]; + if (cb_arg->app_verify) { + char *s = NULL, buf[256]; fprintf(stderr, "In app_verify_callback, allowing cert. "); fprintf(stderr, "Arg is: %s\n", cb_arg->string); fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n", - (void *)ctx, (void *)ctx->cert); + (void *)ctx, (void *)ctx->cert); if (ctx->cert) - s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256); - if (s != NULL) - { - fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf); - } - return(1); + s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256); + if (s != NULL) { + fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf); } - if (cb_arg->proxy_auth) - { + return (1); + } + if (cb_arg->proxy_auth) { int found_any = 0, i; char *sp; - for(i = 0; i < 26; i++) + for (i = 0; i < 26; i++) letters[i] = 0; - for(sp = cb_arg->proxy_auth; *sp; sp++) - { + for (sp = cb_arg->proxy_auth; *sp; sp++) { int c = *sp; - if (isascii(c) && isalpha(c)) - { + if (isascii(c) && isalpha(c)) { if (islower(c)) c = toupper(c); letters[c - 'A'] = 1; - } } + } - fprintf(stderr, - " Initial proxy rights = "); - for(i = 0; i < 26; i++) - if (letters[i]) - { - fprintf(stderr, "%c", i + 'A'); - found_any = 1; - } + fprintf(stderr, " Initial proxy rights = "); + for (i = 0; i < 26; i++) + if (letters[i]) { + fprintf(stderr, "%c", i + 'A'); + found_any = 1; + } if (!found_any) fprintf(stderr, "none"); fprintf(stderr, "\n"); X509_STORE_CTX_set_ex_data(ctx, - get_proxy_auth_ex_data_idx(),letters); - } - if (cb_arg->allow_proxy_certs) - { + get_proxy_auth_ex_data_idx(), letters); + } + if (cb_arg->allow_proxy_certs) { X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); - } + } #ifndef OPENSSL_NO_X509_VERIFY ok = X509_verify_cert(ctx); #endif - if (cb_arg->proxy_auth) - { - if (ok > 0) - { + if (cb_arg->proxy_auth) { + if (ok > 0) { const char *cond_end = NULL; ok = process_proxy_cond(letters, - cb_arg->proxy_cond, &cond_end); + cb_arg->proxy_cond, &cond_end); if (ok < 0) exit(3); - if (*cond_end) - { + if (*cond_end) { fprintf(stderr, "Stopped processing condition before it's end.\n"); ok = 0; - } + } if (!ok) fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n", - cb_arg->proxy_cond); + cb_arg->proxy_cond); else fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n", - cb_arg->proxy_cond); - } + cb_arg->proxy_cond); } - return(ok); } + return (ok); +} #ifndef OPENSSL_NO_RSA -static RSA *rsa_tmp=NULL; +static RSA *rsa_tmp = NULL; -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) - { +static RSA +*tmp_rsa_cb(SSL *s, int is_export, int keylength) +{ BIGNUM *bn = NULL; - if (rsa_tmp == NULL) - { + if (rsa_tmp == NULL) { bn = BN_new(); rsa_tmp = RSA_new(); - if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) - { + if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) { BIO_printf(bio_err, "Memory error..."); goto end; - } - BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); + } + BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength); (void)BIO_flush(bio_err); - if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL)) - { + if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { BIO_printf(bio_err, "Error generating key."); RSA_free(rsa_tmp); rsa_tmp = NULL; - } + } end: - BIO_printf(bio_err,"\n"); + BIO_printf(bio_err, "\n"); (void)BIO_flush(bio_err); - } - if(bn) BN_free(bn); - return(rsa_tmp); } + if (bn) + BN_free(bn); + return (rsa_tmp); +} -static void free_tmp_rsa(void) - { - if (rsa_tmp != NULL) - { +static void +free_tmp_rsa(void) +{ + if (rsa_tmp != NULL) { RSA_free(rsa_tmp); rsa_tmp = NULL; - } } +} #endif #ifndef OPENSSL_NO_DH @@ -2357,129 +2178,136 @@ static void free_tmp_rsa(void) * $ openssl dhparam -C -noout -dsaparam 1024 * (The third function has been renamed to avoid name conflicts.) */ -static DH *get_dh512() - { - static unsigned char dh512_p[]={ - 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6, - 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0, - 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F, - 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8, - 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33, - 0x02,0xC5,0xAE,0x23, - }; - static unsigned char dh512_g[]={ +static DH +*get_dh512() +{ + static unsigned char dh512_p[] = { + 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, 0xC6, + 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, 0xB0, + 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, 0x5F, + 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, 0xB8, + 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, 0x33, + 0x02, 0xC5, 0xAE, 0x23, + }; + static unsigned char dh512_g[] = { 0x02, - }; + }; DH *dh; - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - return(dh); + if ((dh = DH_new()) == NULL) return (NULL); + dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return (NULL); } - -static DH *get_dh1024() - { - static unsigned char dh1024_p[]={ - 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A, - 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2, - 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0, - 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2, - 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C, - 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8, - 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52, - 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1, - 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1, - 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB, - 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53, - }; - static unsigned char dh1024_g[]={ + return (dh); +} + +static DH +*get_dh1024() +{ + static unsigned char dh1024_p[] = { + 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A, + 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2, + 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0, + 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2, + 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C, + 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8, + 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52, + 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1, + 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1, + 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB, + 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53, + }; + static unsigned char dh1024_g[] = { 0x02, - }; + }; DH *dh; - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - return(dh); + if ((dh = DH_new()) == NULL) return (NULL); + dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return (NULL); } - -static DH *get_dh1024dsa() - { - static unsigned char dh1024_p[]={ - 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00, - 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19, - 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2, - 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55, - 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC, - 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97, - 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D, - 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB, - 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6, - 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E, - 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39, - }; - static unsigned char dh1024_g[]={ - 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05, - 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3, - 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9, - 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C, - 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65, - 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60, - 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6, - 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7, - 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1, - 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60, - 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2, - }; + return (dh); +} + +static DH +*get_dh1024dsa() +{ + static unsigned char dh1024_p[] = { + 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00, + 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19, + 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2, + 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55, + 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC, + 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97, + 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D, + 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB, + 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6, + 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E, + 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39, + }; + static unsigned char dh1024_g[] = { + 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05, + 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3, + 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9, + 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C, + 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65, + 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60, + 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6, + 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7, + 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1, + 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60, + 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, + }; DH *dh; - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - dh->length = 160; - return(dh); + if ((dh = DH_new()) == NULL) return (NULL); + dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return (NULL); } + dh->length = 160; + return (dh); +} #endif #ifndef OPENSSL_NO_PSK /* convert the PSK key (psk_key) in ascii to binary (psk) */ -static int psk_key2bn(const char *pskkey, unsigned char *psk, - unsigned int max_psk_len) - { +static int +psk_key2bn(const char *pskkey, unsigned char *psk, unsigned int max_psk_len) +{ int ret; BIGNUM *bn = NULL; ret = BN_hex2bn(&bn, pskkey); - if (!ret) - { - BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey); + if (!ret) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey); if (bn) BN_free(bn); return 0; - } - if (BN_num_bytes(bn) > (int)max_psk_len) - { - BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); + } + if (BN_num_bytes(bn) > (int)max_psk_len) { + BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); BN_free(bn); return 0; - } + } ret = BN_bn2bin(bn, psk); BN_free(bn); return ret; - } +} -static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len) - { +static unsigned int +psk_client_callback(SSL *ssl, const char *hint, char *identity, + unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) +{ int ret; unsigned int psk_len = 0; @@ -2494,25 +2322,26 @@ static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi psk_len = ret; out_err: return psk_len; - } +} -static unsigned int psk_server_callback(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len) - { - unsigned int psk_len=0; +static unsigned int +psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, + unsigned int max_psk_len) +{ + unsigned int psk_len = 0; - if (strcmp(identity, "Client_identity") != 0) - { + if (strcmp(identity, "Client_identity") != 0) { BIO_printf(bio_err, "server: PSK error: client identity not found\n"); return 0; - } - psk_len=psk_key2bn(psk_key, psk, max_psk_len); - return psk_len; } + psk_len = psk_key2bn(psk_key, psk, max_psk_len); + return psk_len; +} #endif -static int do_test_cipherlist(void) - { +static int +do_test_cipherlist(void) +{ int i = 0; const SSL_METHOD *meth; const SSL_CIPHER *ci, *tci = NULL; @@ -2520,50 +2349,44 @@ static int do_test_cipherlist(void) #ifndef OPENSSL_NO_SSL2 fprintf(stderr, "testing SSLv2 cipher list order: "); meth = SSLv2_method(); - while ((ci = meth->get_cipher(i++)) != NULL) - { + while ((ci = meth->get_cipher(i++)) != NULL) { if (tci != NULL) - if (ci->id >= tci->id) - { - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); - return 0; - } - tci = ci; + if (ci->id >= tci->id) { + fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + return 0; } + tci = ci; + } fprintf(stderr, "ok\n"); #endif #ifndef OPENSSL_NO_SSL3 fprintf(stderr, "testing SSLv3 cipher list order: "); meth = SSLv3_method(); tci = NULL; - while ((ci = meth->get_cipher(i++)) != NULL) - { + while ((ci = meth->get_cipher(i++)) != NULL) { if (tci != NULL) - if (ci->id >= tci->id) - { + if (ci->id >= tci->id) { fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); - return 0; - } - tci = ci; + return 0; } + tci = ci; + } fprintf(stderr, "ok\n"); #endif #ifndef OPENSSL_NO_TLS1 fprintf(stderr, "testing TLSv1 cipher list order: "); meth = TLSv1_method(); tci = NULL; - while ((ci = meth->get_cipher(i++)) != NULL) - { + while ((ci = meth->get_cipher(i++)) != NULL) { if (tci != NULL) - if (ci->id >= tci->id) - { + if (ci->id >= tci->id) { fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); - return 0; - } - tci = ci; + return 0; } + tci = ci; + } fprintf(stderr, "ok\n"); #endif return 1; - } +} -- cgit v1.2.3-55-g6feb