From ee9b5f3dff2fc098eaca9cd0ea6e358b47224f9b Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 17 Apr 2014 14:43:34 +0000 Subject: [PATCH] Initial KNF. --- lib/libssl/src/apps/s_cb.c | 618 +++++++++++++++++-------------------- 1 file changed, 289 insertions(+), 329 deletions(-) diff --git a/lib/libssl/src/apps/s_cb.c b/lib/libssl/src/apps/s_cb.c index 8e702075e0c..6c341d924c3 100644 --- a/lib/libssl/src/apps/s_cb.c +++ b/lib/libssl/src/apps/s_cb.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -124,104 +124,99 @@ #define COOKIE_SECRET_LENGTH 16 -int verify_depth=0; -int verify_error=X509_V_OK; -int verify_return_error=0; +int verify_depth = 0; +int verify_error = X509_V_OK; +int verify_return_error = 0; unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; -int cookie_initialized=0; +int cookie_initialized = 0; -int verify_callback(int ok, X509_STORE_CTX *ctx) - { +int +verify_callback(int ok, X509_STORE_CTX *ctx) +{ X509 *err_cert; - int err,depth; + int err, depth; - err_cert=X509_STORE_CTX_get_current_cert(ctx); - err= X509_STORE_CTX_get_error(ctx); - depth= X509_STORE_CTX_get_error_depth(ctx); + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); - BIO_printf(bio_err,"depth=%d ",depth); - if (err_cert) - { + BIO_printf(bio_err, "depth=%d ", depth); + if (err_cert) { X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), - 0, XN_FLAG_ONELINE); + 0, XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); - } - else + } else BIO_puts(bio_err, "\n"); - if (!ok) - { - BIO_printf(bio_err,"verify error:num=%d:%s\n",err, - X509_verify_cert_error_string(err)); - if (verify_depth >= depth) - { + if (!ok) { + BIO_printf(bio_err, "verify error:num=%d:%s\n", err, + X509_verify_cert_error_string(err)); + if (verify_depth >= depth) { if (!verify_return_error) - ok=1; - verify_error=X509_V_OK; - } - else - { - ok=0; - verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; - } + ok = 1; + verify_error = X509_V_OK; + } else { + ok = 0; + verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; } - switch (err) - { + } + switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - BIO_puts(bio_err,"issuer= "); + BIO_puts(bio_err, "issuer= "); X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, XN_FLAG_ONELINE); + 0, XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err,"notBefore="); - ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); - BIO_printf(bio_err,"\n"); + BIO_printf(bio_err, "notBefore="); + ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); + BIO_printf(bio_err, "\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err,"notAfter="); - ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); - BIO_printf(bio_err,"\n"); + BIO_printf(bio_err, "notAfter="); + ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); + BIO_printf(bio_err, "\n"); break; case X509_V_ERR_NO_EXPLICIT_POLICY: policies_print(bio_err, ctx); break; - } + } if (err == X509_V_OK && ok == 2) policies_print(bio_err, ctx); - BIO_printf(bio_err,"verify return:%d\n",ok); - return(ok); - } + BIO_printf(bio_err, "verify return:%d\n", ok); + return (ok); +} -int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) - { - if (cert_file != NULL) - { +int +set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) +{ + if (cert_file != NULL) { /* SSL *ssl; X509 *x509; */ - if (SSL_CTX_use_certificate_file(ctx,cert_file, - SSL_FILETYPE_PEM) <= 0) - { - BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); + if (SSL_CTX_use_certificate_file(ctx, cert_file, + SSL_FILETYPE_PEM) <= 0) { + BIO_printf(bio_err, + "unable to get certificate from '%s'\n", cert_file); ERR_print_errors(bio_err); - return(0); - } - if (key_file == NULL) key_file=cert_file; - if (SSL_CTX_use_PrivateKey_file(ctx,key_file, - SSL_FILETYPE_PEM) <= 0) - { - BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); + return (0); + } + if (key_file == NULL) + key_file = cert_file; + if (SSL_CTX_use_PrivateKey_file(ctx, key_file, + SSL_FILETYPE_PEM) <= 0) { + BIO_printf(bio_err, + "unable to get private key from '%s'\n", key_file); ERR_print_errors(bio_err); - return(0); - } + return (0); + } /* - In theory this is no longer needed + In theory this is no longer needed ssl=SSL_new(ctx); x509=SSL_get_certificate(ssl); @@ -241,113 +236,109 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) /* Now we know that a key and cert have been set against * the SSL context */ - if (!SSL_CTX_check_private_key(ctx)) - { - BIO_printf(bio_err,"Private key does not match the certificate public key\n"); - return(0); - } + if (!SSL_CTX_check_private_key(ctx)) { + BIO_printf(bio_err, + "Private key does not match the certificate public key\n"); + return (0); } - return(1); } + return (1); +} -int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) - { +int +set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) +{ if (cert == NULL) return 1; - if (SSL_CTX_use_certificate(ctx,cert) <= 0) - { - BIO_printf(bio_err,"error setting certificate\n"); + if (SSL_CTX_use_certificate(ctx, cert) <= 0) { + BIO_printf(bio_err, "error setting certificate\n"); ERR_print_errors(bio_err); return 0; - } - if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) - { - BIO_printf(bio_err,"error setting private key\n"); + } + if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { + BIO_printf(bio_err, "error setting private key\n"); ERR_print_errors(bio_err); return 0; - } + } - - /* Now we know that a key and cert have been set against - * the SSL context */ - if (!SSL_CTX_check_private_key(ctx)) - { - BIO_printf(bio_err,"Private key does not match the certificate public key\n"); + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) { + BIO_printf(bio_err, + "Private key does not match the certificate public key\n"); return 0; - } - return 1; } + return 1; +} -long bio_dump_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret) - { +long +bio_dump_callback(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret) +{ BIO *out; - out=(BIO *)BIO_get_callback_arg(bio); - if (out == NULL) return(ret); - - if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) - { - BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n", - (void *)bio,argp,(unsigned long)argi,ret,ret); - BIO_dump(out,argp,(int)ret); - return(ret); - } - else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) - { - BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n", - (void *)bio,argp,(unsigned long)argi,ret,ret); - BIO_dump(out,argp,(int)ret); - } - return(ret); + out = (BIO *)BIO_get_callback_arg(bio); + if (out == NULL) + return (ret); + + if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { + BIO_printf(out, + "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", + (void *)bio, argp, (unsigned long)argi, ret, ret); + BIO_dump(out, argp, (int)ret); + return (ret); + } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { + BIO_printf(out, + "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", + (void *)bio, argp, (unsigned long)argi, ret, ret); + BIO_dump(out, argp, (int)ret); } + return (ret); +} -void apps_ssl_info_callback(const SSL *s, int where, int ret) - { +void +apps_ssl_info_callback(const SSL *s, int where, int ret) +{ const char *str; int w; - w=where& ~SSL_ST_MASK; - - if (w & SSL_ST_CONNECT) str="SSL_connect"; - else if (w & SSL_ST_ACCEPT) str="SSL_accept"; - else str="undefined"; + w = where & ~SSL_ST_MASK; - if (where & SSL_CB_LOOP) - { - BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); - } - else if (where & SSL_CB_ALERT) - { - str=(where & SSL_CB_READ)?"read":"write"; - BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", - str, - SSL_alert_type_string_long(ret), - SSL_alert_desc_string_long(ret)); - } - else if (where & SSL_CB_EXIT) - { + if (w & SSL_ST_CONNECT) + str = "SSL_connect"; + else if (w & SSL_ST_ACCEPT) + str = "SSL_accept"; + else + str = "undefined"; + + if (where & SSL_CB_LOOP) { + BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); + } else if (where & SSL_CB_ALERT) { + str = (where & SSL_CB_READ) ? "read" : "write"; + BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } else if (where & SSL_CB_EXIT) { if (ret == 0) - BIO_printf(bio_err,"%s:failed in %s\n", - str,SSL_state_string_long(s)); - else if (ret < 0) - { - BIO_printf(bio_err,"%s:error in %s\n", - str,SSL_state_string_long(s)); - } + BIO_printf(bio_err, "%s:failed in %s\n", + str, SSL_state_string_long(s)); + else if (ret < 0) { + BIO_printf(bio_err, "%s:error in %s\n", + str, SSL_state_string_long(s)); } } +} -void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) - { +void +msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) +{ BIO *bio = arg; - const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; - + const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = ""; + str_write_p = write_p ? ">>>" : "<<<"; - switch (version) - { + switch (version) { case SSL2_VERSION: str_version = "SSL 2.0"; break; @@ -371,78 +362,68 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, size_t break; default: str_version = "???"; - } + } - if (version == SSL2_VERSION) - { + if (version == SSL2_VERSION) { str_details1 = "???"; - if (len > 0) - { - switch (((const unsigned char*)buf)[0]) - { - case 0: - str_details1 = ", ERROR:"; - str_details2 = " ???"; - if (len >= 3) - { - unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; - - switch (err) - { - case 0x0001: - str_details2 = " NO-CIPHER-ERROR"; - break; - case 0x0002: - str_details2 = " NO-CERTIFICATE-ERROR"; - break; - case 0x0004: - str_details2 = " BAD-CERTIFICATE-ERROR"; - break; - case 0x0006: - str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; - break; - } - } - - break; - case 1: - str_details1 = ", CLIENT-HELLO"; - break; - case 2: - str_details1 = ", CLIENT-MASTER-KEY"; - break; - case 3: - str_details1 = ", CLIENT-FINISHED"; - break; - case 4: - str_details1 = ", SERVER-HELLO"; - break; - case 5: - str_details1 = ", SERVER-VERIFY"; - break; - case 6: - str_details1 = ", SERVER-FINISHED"; - break; - case 7: - str_details1 = ", REQUEST-CERTIFICATE"; - break; - case 8: - str_details1 = ", CLIENT-CERTIFICATE"; - break; + if (len > 0) { + switch (((const unsigned char*)buf)[0]) { + case 0: + str_details1 = ", ERROR:"; + str_details2 = " ???"; + if (len >= 3) { + unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; + + switch (err) { + case 0x0001: + str_details2 = " NO-CIPHER-ERROR"; + break; + case 0x0002: + str_details2 = " NO-CERTIFICATE-ERROR"; + break; + case 0x0004: + str_details2 = " BAD-CERTIFICATE-ERROR"; + break; + case 0x0006: + str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; + break; + } } + + break; + case 1: + str_details1 = ", CLIENT-HELLO"; + break; + case 2: + str_details1 = ", CLIENT-MASTER-KEY"; + break; + case 3: + str_details1 = ", CLIENT-FINISHED"; + break; + case 4: + str_details1 = ", SERVER-HELLO"; + break; + case 5: + str_details1 = ", SERVER-VERIFY"; + break; + case 6: + str_details1 = ", SERVER-FINISHED"; + break; + case 7: + str_details1 = ", REQUEST-CERTIFICATE"; + break; + case 8: + str_details1 = ", CLIENT-CERTIFICATE"; + break; } } + } - if (version == SSL3_VERSION || - version == TLS1_VERSION || - version == TLS1_1_VERSION || - version == TLS1_2_VERSION || - version == DTLS1_VERSION || - version == DTLS1_BAD_VER) - { - switch (content_type) - { + if (version == SSL3_VERSION || version == TLS1_VERSION || + version == TLS1_1_VERSION || version == TLS1_2_VERSION || + version == DTLS1_VERSION || version == DTLS1_BAD_VER) { + switch (content_type) { case 20: str_content_type = "ChangeCipherSpec"; break; @@ -452,27 +433,24 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, size_t case 22: str_content_type = "Handshake"; break; - } + } if (content_type == 21) /* Alert */ - { + { str_details1 = ", ???"; - - if (len == 2) - { - switch (((const unsigned char*)buf)[0]) - { + + if (len == 2) { + switch (((const unsigned char*)buf)[0]) { case 1: str_details1 = ", warning"; break; case 2: str_details1 = ", fatal"; break; - } + } str_details2 = " ???"; - switch (((const unsigned char*)buf)[1]) - { + switch (((const unsigned char*)buf)[1]) { case 0: str_details2 = " close_notify"; break; @@ -560,18 +538,16 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, size_t case 115: str_details2 = " unknown_psk_identity"; break; - } } } - + } + if (content_type == 22) /* Handshake */ - { + { str_details1 = "???"; - if (len > 0) - { - switch (((const unsigned char*)buf)[0]) - { + if (len > 0) { + switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", HelloRequest"; break; @@ -605,143 +581,144 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, size_t case 20: str_details1 = ", Finished"; break; - } } } } + } - BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); + BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, + str_version, str_content_type, (unsigned long)len, + str_details1, str_details2); - if (len > 0) - { + if (len > 0) { size_t num, i; - + BIO_printf(bio, " "); num = len; #if 0 if (num > 16) num = 16; #endif - for (i = 0; i < num; i++) - { + for (i = 0; i < num; i++) { if (i % 16 == 0 && i > 0) BIO_printf(bio, "\n "); - BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); - } + BIO_printf(bio, " %02x", + ((const unsigned char*)buf)[i]); + } if (i < len) BIO_printf(bio, " ..."); BIO_printf(bio, "\n"); - } - (void)BIO_flush(bio); } + (void)BIO_flush(bio); +} -void tlsext_cb(SSL *s, int client_server, int type, - unsigned char *data, int len, - void *arg) - { +void +tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, + void *arg) +{ BIO *bio = arg; char *extname; - switch(type) - { - case TLSEXT_TYPE_server_name: + switch (type) { + case TLSEXT_TYPE_server_name: extname = "server name"; break; - case TLSEXT_TYPE_max_fragment_length: + case TLSEXT_TYPE_max_fragment_length: extname = "max fragment length"; break; - case TLSEXT_TYPE_client_certificate_url: + case TLSEXT_TYPE_client_certificate_url: extname = "client certificate URL"; break; - case TLSEXT_TYPE_trusted_ca_keys: + case TLSEXT_TYPE_trusted_ca_keys: extname = "trusted CA keys"; break; - case TLSEXT_TYPE_truncated_hmac: + case TLSEXT_TYPE_truncated_hmac: extname = "truncated HMAC"; break; - case TLSEXT_TYPE_status_request: + case TLSEXT_TYPE_status_request: extname = "status request"; break; - case TLSEXT_TYPE_user_mapping: + case TLSEXT_TYPE_user_mapping: extname = "user mapping"; break; - case TLSEXT_TYPE_client_authz: + case TLSEXT_TYPE_client_authz: extname = "client authz"; break; - case TLSEXT_TYPE_server_authz: + case TLSEXT_TYPE_server_authz: extname = "server authz"; break; - case TLSEXT_TYPE_cert_type: + case TLSEXT_TYPE_cert_type: extname = "cert type"; break; - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_elliptic_curves: extname = "elliptic curves"; break; - case TLSEXT_TYPE_ec_point_formats: + case TLSEXT_TYPE_ec_point_formats: extname = "EC point formats"; break; - case TLSEXT_TYPE_srp: + case TLSEXT_TYPE_srp: extname = "SRP"; break; - case TLSEXT_TYPE_signature_algorithms: + case TLSEXT_TYPE_signature_algorithms: extname = "signature algorithms"; break; - case TLSEXT_TYPE_use_srtp: + case TLSEXT_TYPE_use_srtp: extname = "use SRTP"; break; - case TLSEXT_TYPE_heartbeat: + case TLSEXT_TYPE_heartbeat: extname = "heartbeat"; break; - case TLSEXT_TYPE_session_ticket: + case TLSEXT_TYPE_session_ticket: extname = "session ticket"; break; - case TLSEXT_TYPE_renegotiate: + case TLSEXT_TYPE_renegotiate: extname = "renegotiation info"; break; #ifdef TLSEXT_TYPE_opaque_prf_input - case TLSEXT_TYPE_opaque_prf_input: + case TLSEXT_TYPE_opaque_prf_input: extname = "opaque PRF input"; break; #endif #ifdef TLSEXT_TYPE_next_proto_neg - case TLSEXT_TYPE_next_proto_neg: + case TLSEXT_TYPE_next_proto_neg: extname = "next protocol"; break; #endif - default: + default: extname = "unknown"; break; - } - + } + BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", - client_server ? "server": "client", - extname, type, len); + client_server ? "server" : "client", extname, type, len); BIO_dump(bio, (char *)data, len); (void)BIO_flush(bio); - } +} -int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) - { +int +generate_cookie_callback(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len) +{ unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; union { @@ -753,23 +730,21 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cook } peer; /* Initialize a random secret */ - if (!cookie_initialized) - { - if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) - { - BIO_printf(bio_err,"error setting random cookie secret\n"); + if (!cookie_initialized) { + if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { + BIO_printf(bio_err, + "error setting random cookie secret\n"); return 0; - } - cookie_initialized = 1; } + cookie_initialized = 1; + } /* Read peer information */ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); /* Create buffer with peer's address and port */ length = 0; - switch (peer.sa.sa_family) - { + switch (peer.sa.sa_family) { case AF_INET: length += sizeof(struct in_addr); length += sizeof(peer.s4.sin_port); @@ -783,53 +758,46 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cook default: OPENSSL_assert(0); break; - } + } buffer = malloc(length); - if (buffer == NULL) - { - BIO_printf(bio_err,"out of memory\n"); + if (buffer == NULL) { + BIO_printf(bio_err, "out of memory\n"); return 0; - } + } - switch (peer.sa.sa_family) - { + switch (peer.sa.sa_family) { case AF_INET: - memcpy(buffer, - &peer.s4.sin_port, - sizeof(peer.s4.sin_port)); + memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); memcpy(buffer + sizeof(peer.s4.sin_port), - &peer.s4.sin_addr, - sizeof(struct in_addr)); + &peer.s4.sin_addr, sizeof(struct in_addr)); break; #if OPENSSL_USE_IPV6 case AF_INET6: - memcpy(buffer, - &peer.s6.sin6_port, - sizeof(peer.s6.sin6_port)); + memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); memcpy(buffer + sizeof(peer.s6.sin6_port), - &peer.s6.sin6_addr, - sizeof(struct in6_addr)); + &peer.s6.sin6_addr, sizeof(struct in6_addr)); break; #endif default: OPENSSL_assert(0); break; - } + } /* Calculate HMAC of buffer using the secret */ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, - buffer, length, result, &resultlength); + buffer, length, result, &resultlength); free(buffer); memcpy(cookie, result, resultlength); *cookie_len = resultlength; return 1; - } +} -int verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) - { +int +verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) +{ unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; union { @@ -849,8 +817,7 @@ int verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_ /* Create buffer with peer's address and port */ length = 0; - switch (peer.sa.sa_family) - { + switch (peer.sa.sa_family) { case AF_INET: length += sizeof(struct in_addr); length += sizeof(peer.s4.sin_port); @@ -864,47 +831,40 @@ int verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_ default: OPENSSL_assert(0); break; - } + } buffer = malloc(length); - - if (buffer == NULL) - { - BIO_printf(bio_err,"out of memory\n"); + + if (buffer == NULL) { + BIO_printf(bio_err, "out of memory\n"); return 0; - } + } - switch (peer.sa.sa_family) - { + switch (peer.sa.sa_family) { case AF_INET: - memcpy(buffer, - &peer.s4.sin_port, - sizeof(peer.s4.sin_port)); + memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); memcpy(buffer + sizeof(peer.s4.sin_port), - &peer.s4.sin_addr, - sizeof(struct in_addr)); + &peer.s4.sin_addr, sizeof(struct in_addr)); break; #if OPENSSL_USE_IPV6 case AF_INET6: - memcpy(buffer, - &peer.s6.sin6_port, - sizeof(peer.s6.sin6_port)); + memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); memcpy(buffer + sizeof(peer.s6.sin6_port), - &peer.s6.sin6_addr, - sizeof(struct in6_addr)); + &peer.s6.sin6_addr, sizeof(struct in6_addr)); break; #endif default: OPENSSL_assert(0); break; - } + } /* Calculate HMAC of buffer using the secret */ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, - buffer, length, result, &resultlength); + buffer, length, result, &resultlength); free(buffer); - if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) + if (cookie_len == resultlength && + memcmp(result, cookie, resultlength) == 0) return 1; return 0; - } +} -- 2.20.1