diff options
author | Daiki Ueno <ueno@gnu.org> | 2023-04-24 12:39:42 +0900 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2023-04-24 12:45:46 +0900 |
commit | aa5950abab56b011331ad4331409b6ff8efb8aeb (patch) | |
tree | ad363fb38e8b65c942876641cda9c76caa13b498 /src/serv.c | |
parent | 0fe9cb6842d63761718046cc7dd7eb437e6c5163 (diff) | |
download | gnutls-aa5950abab56b011331ad4331409b6ff8efb8aeb.tar.gz |
build: re-indent code
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'src/serv.c')
-rw-r--r-- | src/serv.c | 598 |
1 files changed, 280 insertions, 318 deletions
diff --git a/src/serv.c b/src/serv.c index 5f59e36f57..cd6cf0a75c 100644 --- a/src/serv.c +++ b/src/serv.c @@ -111,16 +111,18 @@ static void tcp_server(const char *name, int port, int timeout); #define GERR(ret) fprintf(stderr, "Error: %s\n", safe_strerror(ret)) -#define HTTP_END "</BODY></HTML>\n\n" +#define HTTP_END "</BODY></HTML>\n\n" -#define HTTP_UNIMPLEMENTED "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>501 Method Not Implemented</TITLE>\r\n</HEAD><BODY>\r\n<H1>Method Not Implemented</H1>\r\n<HR>\r\n</BODY></HTML>\r\n" +#define HTTP_UNIMPLEMENTED \ + "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>501 Method Not Implemented</TITLE>\r\n</HEAD><BODY>\r\n<H1>Method Not Implemented</H1>\r\n<HR>\r\n</BODY></HTML>\r\n" #define HTTP_OK "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n" -#define HTTP_BEGIN HTTP_OK \ - "\n" \ - "<HTML><BODY>\n" \ - "<CENTER><H1>This is <a href=\"https://www.gnu.org/software/gnutls\">" \ - "GnuTLS</a></H1></CENTER>\n\n" +#define HTTP_BEGIN \ + HTTP_OK \ + "\n" \ + "<HTML><BODY>\n" \ + "<CENTER><H1>This is <a href=\"https://www.gnu.org/software/gnutls\">" \ + "GnuTLS</a></H1></CENTER>\n\n" /* These are global */ gnutls_srp_server_credentials_t srp_cred = NULL; @@ -137,14 +139,14 @@ static void wrap_db_deinit(void); static int wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data); static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key); static int wrap_db_delete(void *dbf, gnutls_datum_t key); -static int anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t * key, - const gnutls_datum_t * data); +static int anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t *key, + const gnutls_datum_t *data); static void cmd_parser(int argc, char **argv); -#define HTTP_STATE_REQUEST 1 -#define HTTP_STATE_RESPONSE 2 -#define HTTP_STATE_CLOSING 3 +#define HTTP_STATE_REQUEST 1 +#define HTTP_STATE_RESPONSE 2 +#define HTTP_STATE_CLOSING 3 typedef struct { char *http_request; @@ -172,7 +174,7 @@ static const char *safe_strerror(int value) static void listener_free(const void *elt) { - listener_item *j = (listener_item *) elt; + listener_item *j = (listener_item *)elt; free(j->http_request); free(j->http_response); @@ -207,9 +209,8 @@ static int generate_dh_primes(void) * once a week or once a month. Depends on the * security requirements. */ - printf - ("Generating Diffie-Hellman parameters [%d]. Please wait...\n", - prime_bits); + printf("Generating Diffie-Hellman parameters [%d]. Please wait...\n", + prime_bits); fflush(stdout); if (gnutls_dh_params_generate2(dh_params, prime_bits) < 0) { @@ -247,9 +248,8 @@ static void read_dh_params(void) params.data = (unsigned char *)tmpdata; params.size = size; - size = - gnutls_dh_params_import_pkcs3(dh_params, ¶ms, - GNUTLS_X509_FMT_PEM); + size = gnutls_dh_params_import_pkcs3(dh_params, ¶ms, + GNUTLS_X509_FMT_PEM); if (size < 0) { fprintf(stderr, "Error parsing dh params: %s\n", @@ -259,14 +259,11 @@ static void read_dh_params(void) printf("Read Diffie-Hellman parameters.\n"); fflush(stdout); - } -static int -get_params(gnutls_session_t session, gnutls_params_type_t type, - gnutls_params_st * st) +static int get_params(gnutls_session_t session, gnutls_params_type_t type, + gnutls_params_st *st) { - if (type == GNUTLS_PARAMS_DH) { if (dh_params == NULL) return -1; @@ -289,19 +286,18 @@ static int cert_verify_callback(gnutls_session_t session) int ret; if (gnutls_auth_get_type(session) == GNUTLS_CRD_CERTIFICATE) { - if (!require_cert - && gnutls_certificate_get_peers(session, &size) == NULL) + if (!require_cert && + gnutls_certificate_get_peers(session, &size) == NULL) return 0; if (ENABLED_OPT(VERIFY_CLIENT_CERT)) { if (cert_verify(session, NULL, NULL) == 0) { do { - ret = - gnutls_alert_send(session, - GNUTLS_AL_FATAL, - GNUTLS_A_ACCESS_DENIED); - } while (ret == GNUTLS_E_INTERRUPTED - || ret == GNUTLS_E_AGAIN); + ret = gnutls_alert_send( + session, GNUTLS_AL_FATAL, + GNUTLS_A_ACCESS_DENIED); + } while (ret == GNUTLS_E_INTERRUPTED || + ret == GNUTLS_E_AGAIN); j->http_state = HTTP_STATE_CLOSING; return -1; @@ -339,7 +335,7 @@ static int post_client_hello(gnutls_session_t session) goto end; } name = new_name; - continue; /* retry call with same index */ + continue; /* retry call with same index */ } /* check if it is the last entry in list */ @@ -379,13 +375,12 @@ static int post_client_hello(gnutls_session_t session) * need to send it ourselves */ do { - ret = gnutls_alert_send(session, - GNUTLS_AL_WARNING, + ret = gnutls_alert_send(session, GNUTLS_AL_WARNING, GNUTLS_A_UNRECOGNIZED_NAME); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); /* continue handshake, fall through */ - end: +end: free(name); return ret; } @@ -401,8 +396,8 @@ gnutls_session_t initialize_session(int dtls) gnutls_datum_t alpn[MAX_ALPN_PROTOCOLS]; #endif unsigned alpn_size; - unsigned flags = - GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH | GNUTLS_ENABLE_RAWPK; + unsigned flags = GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH | + GNUTLS_ENABLE_RAWPK; if (dtls) flags |= GNUTLS_DATAGRAM; @@ -432,9 +427,8 @@ gnutls_session_t initialize_session(int dtls) if (earlydata) { gnutls_anti_replay_enable(session, anti_replay); if (HAVE_OPT(MAXEARLYDATA)) { - ret = - gnutls_record_set_max_early_data_size(session, - OPT_VALUE_MAXEARLYDATA); + ret = gnutls_record_set_max_early_data_size( + session, OPT_VALUE_MAXEARLYDATA); if (ret < 0) { fprintf(stderr, "Could not set max early data size: %s\n", @@ -445,8 +439,8 @@ gnutls_session_t initialize_session(int dtls) } if (sni_hostname != NULL) - gnutls_handshake_set_post_client_hello_function(session, - &post_client_hello); + gnutls_handshake_set_post_client_hello_function( + session, &post_client_hello); if (priorities == NULL) { ret = gnutls_set_default_priority(session); @@ -475,10 +469,9 @@ gnutls_session_t initialize_session(int dtls) alpn[i].size = strlen(alpn_protos[i]); } - ret = - gnutls_alpn_set_protocols(session, alpn, alpn_size, - HAVE_OPT(ALPN_FATAL) ? - GNUTLS_ALPN_MANDATORY : 0); + ret = gnutls_alpn_set_protocols( + session, alpn, alpn_size, + HAVE_OPT(ALPN_FATAL) ? GNUTLS_ALPN_MANDATORY : 0); if (ret < 0) { fprintf(stderr, "Error setting ALPN protocols: %s\n", gnutls_strerror(ret)); @@ -509,11 +502,11 @@ gnutls_session_t initialize_session(int dtls) GNUTLS_CERT_IGNORE); else { if (require_cert) - gnutls_certificate_server_set_request(session, - GNUTLS_CERT_REQUIRE); + gnutls_certificate_server_set_request( + session, GNUTLS_CERT_REQUIRE); else - gnutls_certificate_server_set_request(session, - GNUTLS_CERT_REQUEST); + gnutls_certificate_server_set_request( + session, GNUTLS_CERT_REQUEST); } /* use the record size limit extension */ @@ -541,10 +534,8 @@ gnutls_session_t initialize_session(int dtls) #ifdef ENABLE_DTLS_SRTP if (HAVE_OPT(SRTP_PROFILES)) { - ret = - gnutls_srtp_set_profile_direct(session, - OPT_ARG(SRTP_PROFILES), - &err); + ret = gnutls_srtp_set_profile_direct( + session, OPT_ARG(SRTP_PROFILES), &err); if (ret == GNUTLS_E_INVALID_REQUEST) fprintf(stderr, "Syntax error at: %s\n", err); else if (ret != 0) @@ -565,14 +556,14 @@ gnutls_session_t initialize_session(int dtls) #include <gnutls/x509.h> static const char DEFAULT_DATA[] = - "This is the default message reported by the GnuTLS implementation. " - "For more information please visit " - "<a href=\"https://www.gnutls.org/\">https://www.gnutls.org/</a>."; + "This is the default message reported by the GnuTLS implementation. " + "For more information please visit " + "<a href=\"https://www.gnutls.org/\">https://www.gnutls.org/</a>."; /* Creates html with the current session information. */ #define tmp_buffer &http_buffer[strlen(http_buffer)] -#define tmp_buffer_size len-strlen(http_buffer) +#define tmp_buffer_size len - strlen(http_buffer) static char *peer_print_info(gnutls_session_t session, int *ret_length, const char *header) { @@ -593,12 +584,11 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, strcpy(http_buffer, HTTP_BEGIN); strcpy(&http_buffer[sizeof(HTTP_BEGIN) - 1], DEFAULT_DATA); - strcpy(&http_buffer - [sizeof(HTTP_BEGIN) + sizeof(DEFAULT_DATA) - 2], + strcpy(&http_buffer[sizeof(HTTP_BEGIN) + sizeof(DEFAULT_DATA) - + 2], HTTP_END); - *ret_length = - sizeof(DEFAULT_DATA) + sizeof(HTTP_BEGIN) + - sizeof(HTTP_END) - 3; + *ret_length = sizeof(DEFAULT_DATA) + sizeof(HTTP_BEGIN) + + sizeof(HTTP_END) - 3; return http_buffer; } @@ -608,7 +598,7 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, unsigned int cert_list_size = 0; cert_list = - gnutls_certificate_get_peers(session, &cert_list_size); + gnutls_certificate_get_peers(session, &cert_list_size); for (i = 0; i < cert_list_size; i++) { gnutls_x509_crt_t cert = NULL; @@ -616,11 +606,9 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, if (gnutls_x509_crt_init(&cert) == 0 && gnutls_x509_crt_import(cert, &cert_list[i], - GNUTLS_X509_FMT_DER) == - 0 - && gnutls_x509_crt_print(cert, - GNUTLS_CRT_PRINT_FULL, - &info) == 0) { + GNUTLS_X509_FMT_DER) == 0 && + gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, + &info) == 0) { const char post[] = "</PRE><P><PRE>"; char *crtinfo_new; size_t ncrtinfo_new; @@ -666,9 +654,10 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, for (i = 0; i < sesid_size; i++) snprintf(tmp_buffer, tmp_buffer_size, "%.2X", sesid[i]); snprintf(tmp_buffer, tmp_buffer_size, "</i></p>\n"); - snprintf(tmp_buffer, tmp_buffer_size, - "<h5>If your browser supports session resumption, then you should see the " - "same session ID, when you press the <b>reload</b> button.</h5>\n"); + snprintf( + tmp_buffer, tmp_buffer_size, + "<h5>If your browser supports session resumption, then you should see the " + "same session ID, when you press the <b>reload</b> button.</h5>\n"); /* Here unlike print_info() we use the kx algorithm to distinguish * the functions to call. @@ -678,12 +667,11 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, size_t dns_size = sizeof(dns); unsigned int type; - if (gnutls_server_name_get - (session, dns, &dns_size, &type, 0) == 0) { + if (gnutls_server_name_get(session, dns, &dns_size, &type, 0) == + 0) { snprintf(tmp_buffer, tmp_buffer_size, "\n<p>Server Name: %s</p>\n", dns); } - } kx_alg = gnutls_kx_get(session); @@ -698,7 +686,8 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, #endif #ifdef ENABLE_PSK - if (kx_alg == GNUTLS_KX_PSK && gnutls_psk_server_get_username(session)) { + if (kx_alg == GNUTLS_KX_PSK && + gnutls_psk_server_get_username(session)) { snprintf(tmp_buffer, tmp_buffer_size, "<p>Connected as user '%s'.</p>\n", gnutls_psk_server_get_username(session)); @@ -711,9 +700,10 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, tmp = gnutls_protocol_get_name(version); if (tmp == NULL) tmp = str_unknown; - snprintf(tmp_buffer, tmp_buffer_size, - "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n", - tmp); + snprintf( + tmp_buffer, tmp_buffer_size, + "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n", + tmp); desc = gnutls_session_get_desc(session); if (desc) { @@ -723,13 +713,11 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, } if (gnutls_auth_get_type(session) == GNUTLS_CRD_CERTIFICATE && - gnutls_certificate_type_get2(session, - GNUTLS_CTYPE_CLIENT) != - GNUTLS_CRT_X509) { - tmp = - gnutls_certificate_type_get_name - (gnutls_certificate_type_get2 - (session, GNUTLS_CTYPE_CLIENT)); + gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT) != + GNUTLS_CRT_X509) { + tmp = gnutls_certificate_type_get_name( + gnutls_certificate_type_get2(session, + GNUTLS_CTYPE_CLIENT)); if (tmp == NULL) tmp = str_unknown; snprintf(tmp_buffer, tmp_buffer_size, @@ -746,23 +734,25 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, #ifdef ENABLE_ANON if (kx_alg == GNUTLS_KX_ANON_DH) { - snprintf(tmp_buffer, tmp_buffer_size, - "<p> Connect using anonymous DH (prime of %d bits)</p>\n", - gnutls_dh_get_prime_bits(session)); + snprintf( + tmp_buffer, tmp_buffer_size, + "<p> Connect using anonymous DH (prime of %d bits)</p>\n", + gnutls_dh_get_prime_bits(session)); } #endif #if defined(ENABLE_DHE) || defined(ENABLE_ANON) - if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS) { - snprintf(tmp_buffer, tmp_buffer_size, - "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", - gnutls_dh_get_prime_bits(session)); + if (kx_alg == GNUTLS_KX_DHE_RSA || + kx_alg == GNUTLS_KX_DHE_DSS) { + snprintf( + tmp_buffer, tmp_buffer_size, + "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", + gnutls_dh_get_prime_bits(session)); } #endif - tmp = - gnutls_compression_get_name(gnutls_compression_get - (session)); + tmp = gnutls_compression_get_name( + gnutls_compression_get(session)); if (tmp == NULL) tmp = str_unknown; snprintf(tmp_buffer, tmp_buffer_size, @@ -792,14 +782,14 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, snprintf(tmp_buffer, tmp_buffer_size, "</TABLE></P>\n"); if (crtinfo) { - snprintf(tmp_buffer, tmp_buffer_size, - "<hr><PRE>%s\n</PRE>\n", crtinfo); + snprintf(tmp_buffer, tmp_buffer_size, "<hr><PRE>%s\n</PRE>\n", + crtinfo); free(crtinfo); } snprintf(tmp_buffer, tmp_buffer_size, - "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" - HTTP_END, header); + "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" HTTP_END, + header); *ret_length = strlen(http_buffer); @@ -815,13 +805,14 @@ static char *peer_print_data(gnutls_session_t session, int *ret_length) ret = gnutls_load_file(http_data_file, &data); if (ret < 0) { - ret = asprintf(&http_buffer, - "HTTP/1.0 404 Not Found\r\n" - "Content-type: text/html\r\n" - "\r\n" - "<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>\n" - "<BODY><H1>Couldn't read %s</H1></BODY></HTML>\n\n", - http_data_file); + ret = asprintf( + &http_buffer, + "HTTP/1.0 404 Not Found\r\n" + "Content-type: text/html\r\n" + "\r\n" + "<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>\n" + "<BODY><H1>Couldn't read %s</H1></BODY></HTML>\n\n", + http_data_file); if (ret < 0) return NULL; @@ -832,7 +823,9 @@ static char *peer_print_data(gnutls_session_t session, int *ret_length) ret = asprintf(&http_buffer, "HTTP/1.0 200 OK\r\n" "Content-Type: application/octet-stream\r\n" - "Content-Length: %u\r\n" "\r\n", data.size); + "Content-Length: %u\r\n" + "\r\n", + data.size); if (ret < 0) return NULL; len = ret; @@ -843,8 +836,8 @@ static char *peer_print_data(gnutls_session_t session, int *ret_length) return http_buffer; } -const char *human_addr(const struct sockaddr *sa, socklen_t salen, - char *buf, size_t buflen) +const char *human_addr(const struct sockaddr *sa, socklen_t salen, char *buf, + size_t buflen) { const char *save_buf = buf; size_t l; @@ -967,10 +960,9 @@ int listen_socket(const char *name, int listen_port, int socktype) { char topbuf[512]; - fprintf(stderr, "%s listening on %s...", - name, human_addr(ptr->ai_addr, - ptr->ai_addrlen, topbuf, - sizeof(topbuf))); + fprintf(stderr, "%s listening on %s...", name, + human_addr(ptr->ai_addr, ptr->ai_addrlen, + topbuf, sizeof(topbuf))); } if ((news = socket(ptr->ai_family, ptr->ai_socktype, @@ -978,7 +970,7 @@ int listen_socket(const char *name, int listen_port, int socktype) perror("socket() failed"); continue; } - s = news; /* to not overwrite existing s from previous loops */ + s = news; /* to not overwrite existing s from previous loops */ #if defined(HAVE_IPV6) && !defined(_WIN32) if (ptr->ai_family == AF_INET6) { yes = 1; @@ -1049,7 +1041,8 @@ static void strip(char *data) int len = strlen(data); for (i = 0; i < len; i++) { - if (data[i] == '\r' && data[i + 1] == '\n' && data[i + 2] == 0) { + if (data[i] == '\r' && data[i + 1] == '\n' && + data[i + 2] == 0) { data[i] = '\n'; data[i + 1] = 0; break; @@ -1057,9 +1050,8 @@ static void strip(char *data) } } -static unsigned -get_response(gnutls_session_t session, char *request, - char **response, int *response_length) +static unsigned get_response(gnutls_session_t session, char *request, + char **response, int *response_length) { char *p, *h; @@ -1082,7 +1074,7 @@ get_response(gnutls_session_t session, char *request, if (http != 0) { if (http_data_file == NULL) *response = - peer_print_info(session, response_length, h); + peer_print_info(session, response_length, h); else *response = peer_print_data(session, response_length); } else { @@ -1110,17 +1102,17 @@ get_response(gnutls_session_t session, char *request, } else { *response = NULL; do { - ret = - gnutls_alert_send_appropriate(session, ret); - } while (ret == GNUTLS_E_AGAIN - || ret == GNUTLS_E_INTERRUPTED); + ret = gnutls_alert_send_appropriate(session, + ret); + } while (ret == GNUTLS_E_AGAIN || + ret == GNUTLS_E_INTERRUPTED); return 0; } } return 1; - unimplemented: +unimplemented: *response = strdup(HTTP_UNIMPLEMENTED); if (*response == NULL) return 0; @@ -1149,13 +1141,12 @@ static void terminate(int sig) static void check_alert(gnutls_session_t session, int ret) { - if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED - || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || + ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { int last_alert = gnutls_alert_get(session); if (last_alert == GNUTLS_A_NO_RENEGOTIATION && ret == GNUTLS_E_WARNING_ALERT_RECEIVED) - printf - ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n"); + printf("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n"); else printf("* Received alert '%d': %s.\n", last_alert, gnutls_alert_get_name(last_alert)); @@ -1186,13 +1177,13 @@ int main(int argc, char **argv) signal(SIGHUP, SIG_IGN); signal(SIGTERM, terminate); if (signal(SIGINT, terminate) == SIG_IGN) - signal(SIGINT, SIG_IGN); /* e.g. background process */ + signal(SIGINT, SIG_IGN); /* e.g. background process */ #endif sockets_init(); - listener_list = gl_list_create_empty(GL_LINKED_LIST, - NULL, NULL, listener_free, true); + listener_list = gl_list_create_empty(GL_LINKED_LIST, NULL, NULL, + listener_free, true); if (nodb == 0) wrap_db_init(); @@ -1223,8 +1214,8 @@ int main(int argc, char **argv) fprintf(stderr, "pkcs11_init: %s", gnutls_strerror(ret)); else { - ret = - gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER), NULL); + ret = gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER), + NULL); if (ret < 0) { fprintf(stderr, "pkcs11_add_provider: %s", gnutls_strerror(ret)); @@ -1254,8 +1245,8 @@ int main(int argc, char **argv) /* X509 credentials */ if (x509_cafile != NULL) { - if ((ret = gnutls_certificate_set_x509_trust_file - (cert_cred, x509_cafile, x509ctype)) < 0) { + if ((ret = gnutls_certificate_set_x509_trust_file( + cert_cred, x509_cafile, x509ctype)) < 0) { fprintf(stderr, "Error reading '%s'\n", x509_cafile); GERR(ret); exit(1); @@ -1264,8 +1255,8 @@ int main(int argc, char **argv) } } if (x509_crlfile != NULL) { - if ((ret = gnutls_certificate_set_x509_crl_file - (cert_cred, x509_crlfile, x509ctype)) < 0) { + if ((ret = gnutls_certificate_set_x509_crl_file( + cert_cred, x509_crlfile, x509ctype)) < 0) { fprintf(stderr, "Error reading '%s'\n", x509_crlfile); GERR(ret); exit(1); @@ -1276,12 +1267,11 @@ int main(int argc, char **argv) if (x509_certfile_size > 0 && x509_keyfile_size > 0) { for (i = 0; i < x509_certfile_size; i++) { - ret = gnutls_certificate_set_x509_key_file - (cert_cred, x509_certfile[i], x509_keyfile[i], - x509ctype); + ret = gnutls_certificate_set_x509_key_file( + cert_cred, x509_certfile[i], x509_keyfile[i], + x509ctype); if (ret < 0) { - fprintf(stderr, - "Error reading '%s' or '%s'\n", + fprintf(stderr, "Error reading '%s' or '%s'\n", x509_certfile[i], x509_keyfile[i]); GERR(ret); exit(1); @@ -1293,14 +1283,9 @@ int main(int argc, char **argv) /* Raw public-key credentials */ if (rawpk_file_size > 0 && rawpk_keyfile_size > 0) { for (i = 0; i < rawpk_keyfile_size; i++) { - ret = - gnutls_certificate_set_rawpk_key_file(cert_cred, - rawpk_file[i], - rawpk_keyfile - [i], - x509ctype, - NULL, 0, NULL, - 0, 0, 0); + ret = gnutls_certificate_set_rawpk_key_file( + cert_cred, rawpk_file[i], rawpk_keyfile[i], + x509ctype, NULL, 0, NULL, 0, 0, 0); if (ret < 0) { fprintf(stderr, "Error reading '%s' or '%s'\n", rawpk_file[i], rawpk_keyfile[i]); @@ -1324,12 +1309,12 @@ int main(int argc, char **argv) #else /* OCSP status-request TLS extension */ if (HAVE_OPT(IGNORE_OCSP_RESPONSE_ERRORS)) - gnutls_certificate_set_flags(cert_cred, - GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); + gnutls_certificate_set_flags( + cert_cred, GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); for (i = 0; i < ocsp_responses_size; i++) { - ret = gnutls_certificate_set_ocsp_status_request_file - (cert_cred, ocsp_responses[i], 0); + ret = gnutls_certificate_set_ocsp_status_request_file( + cert_cred, ocsp_responses[i], 0); if (ret < 0) { fprintf(stderr, "Cannot set OCSP status request file: %s: %s\n", @@ -1341,9 +1326,8 @@ int main(int argc, char **argv) if (use_static_dh_params) { #if defined(ENABLE_DHE) || defined(ENABLE_ANON) - ret = - gnutls_certificate_set_known_dh_params(cert_cred, - GNUTLS_SEC_PARAM_MEDIUM); + ret = gnutls_certificate_set_known_dh_params( + cert_cred, GNUTLS_SEC_PARAM_MEDIUM); if (ret < 0) { fprintf(stderr, "Error while setting DH parameters: %s\n", @@ -1365,11 +1349,8 @@ int main(int argc, char **argv) if (srp_passwd != NULL) { gnutls_srp_allocate_server_credentials(&srp_cred); - if ((ret = - gnutls_srp_set_server_credentials_file(srp_cred, - srp_passwd, - srp_passwd_conf)) - < 0) { + if ((ret = gnutls_srp_set_server_credentials_file( + srp_cred, srp_passwd, srp_passwd_conf)) < 0) { /* only exit is this function is not disabled */ fprintf(stderr, "Error while setting SRP parameters\n"); @@ -1384,9 +1365,8 @@ int main(int argc, char **argv) if (psk_passwd != NULL) { gnutls_psk_allocate_server_credentials(&psk_cred); - if ((ret = - gnutls_psk_set_server_credentials_file(psk_cred, - psk_passwd)) < 0) { + if ((ret = gnutls_psk_set_server_credentials_file( + psk_cred, psk_passwd)) < 0) { /* only exit is this function is not disabled */ fprintf(stderr, "Error while setting PSK parameters\n"); @@ -1394,9 +1374,8 @@ int main(int argc, char **argv) } if (HAVE_OPT(PSKHINT)) { - ret = - gnutls_psk_set_server_credentials_hint - (psk_cred, OPT_ARG(PSKHINT)); + ret = gnutls_psk_set_server_credentials_hint( + psk_cred, OPT_ARG(PSKHINT)); if (ret) { fprintf(stderr, "Error setting PSK identity hint.\n"); @@ -1405,9 +1384,8 @@ int main(int argc, char **argv) } if (use_static_dh_params) { - ret = - gnutls_psk_set_server_known_dh_params(psk_cred, - GNUTLS_SEC_PARAM_MEDIUM); + ret = gnutls_psk_set_server_known_dh_params( + psk_cred, GNUTLS_SEC_PARAM_MEDIUM); if (ret < 0) { fprintf(stderr, "Error while setting DH parameters: %s\n", @@ -1425,9 +1403,8 @@ int main(int argc, char **argv) gnutls_anon_allocate_server_credentials(&dh_cred); if (use_static_dh_params) { - ret = - gnutls_anon_set_server_known_dh_params(dh_cred, - GNUTLS_SEC_PARAM_MEDIUM); + ret = gnutls_anon_set_server_known_dh_params( + dh_cred, GNUTLS_SEC_PARAM_MEDIUM); if (ret < 0) { fprintf(stderr, "Error while setting DH parameters: %s\n", @@ -1478,7 +1455,7 @@ int main(int argc, char **argv) return 0; } -static void retry_handshake(listener_item * j) +static void retry_handshake(listener_item *j) { int r, ret; @@ -1496,8 +1473,8 @@ static void retry_handshake(listener_item * j) } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); j->close_ok = 0; } else if (r == 0) { - if (gnutls_session_is_resumed(j->tls_session) != 0 - && verbose != 0) + if (gnutls_session_is_resumed(j->tls_session) != 0 && + verbose != 0) printf("*** This is a resumed session\n"); if (verbose != 0) { @@ -1511,11 +1488,11 @@ static void retry_handshake(listener_item * j) print_info(j->tls_session, verbose, verbose); if (HAVE_OPT(KEYMATEXPORT)) - print_key_material(j->tls_session, - OPT_ARG(KEYMATEXPORT), - HAVE_OPT(KEYMATEXPORTSIZE) ? - OPT_VALUE_KEYMATEXPORTSIZE : - 20); + print_key_material( + j->tls_session, OPT_ARG(KEYMATEXPORT), + HAVE_OPT(KEYMATEXPORTSIZE) ? + OPT_VALUE_KEYMATEXPORTSIZE : + 20); } j->close_ok = 1; @@ -1523,7 +1500,7 @@ static void retry_handshake(listener_item * j) } } -static void try_rehandshake(listener_item * j) +static void try_rehandshake(listener_item *j) { int r, ret; fprintf(stderr, "*** Received hello message\n"); @@ -1563,9 +1540,8 @@ static void tcp_server(const char *name, int port, int timeout) gl_list_iterator_t iter; gl_list_node_t node; const void *elt; - gl_list_t accepted_list = gl_list_create_empty(GL_LINKED_LIST, - NULL, NULL, NULL, - true); + gl_list_t accepted_list = gl_list_create_empty( + GL_LINKED_LIST, NULL, NULL, NULL, true); fd_set rd, wr; time_t now = time(0); #ifndef _WIN32 @@ -1576,15 +1552,15 @@ static void tcp_server(const char *name, int port, int timeout) FD_ZERO(&wr); n = 0; -/* flag which connections we are reading or writing to within the fd sets */ + /* flag which connections we are reading or writing to within the fd sets */ iter = gl_list_iterator(listener_list); while (gl_list_iterator_next(&iter, &elt, &node)) { - listener_item *j = (listener_item *) elt; + listener_item *j = (listener_item *)elt; #ifndef _WIN32 val = fcntl(j->fd, F_GETFL, 0); - if ((val == -1) - || (fcntl(j->fd, F_SETFL, val | O_NONBLOCK) < 0)) { + if ((val == -1) || + (fcntl(j->fd, F_SETFL, val | O_NONBLOCK) < 0)) { perror("fcntl()"); exit(1); } @@ -1613,7 +1589,7 @@ static void tcp_server(const char *name, int port, int timeout) } gl_list_iterator_free(&iter); -/* core operation */ + /* core operation */ tv.tv_sec = 10; tv.tv_usec = 0; n = select(n + 1, &rd, &wr, NULL, &tv); @@ -1624,17 +1600,19 @@ static void tcp_server(const char *name, int port, int timeout) exit(1); } -/* read or write to each connection as indicated by select()'s return argument */ + /* read or write to each connection as indicated by select()'s return argument */ iter = gl_list_iterator(listener_list); while (gl_list_iterator_next(&iter, &elt, &node)) { - listener_item *j = (listener_item *) elt; + listener_item *j = (listener_item *)elt; /* a new connection has arrived */ if (FD_ISSET(j->fd, &rd) && j->listen_socket) { calen = sizeof(client_address); memset(&client_address, 0, calen); - accept_fd = accept(j->fd, (struct sockaddr *) - &client_address, &calen); + accept_fd = accept( + j->fd, + (struct sockaddr *)&client_address, + &calen); if (accept_fd < 0) { perror("accept()"); @@ -1655,32 +1633,30 @@ static void tcp_server(const char *name, int port, int timeout) jj->tls_session = initialize_session(0); gnutls_session_set_ptr(jj->tls_session, jj); - gnutls_transport_set_int - (jj->tls_session, accept_fd); + gnutls_transport_set_int( + jj->tls_session, accept_fd); set_read_funcs(jj->tls_session); jj->handshake_ok = 0; jj->close_ok = 0; if (verbose != 0) { - ctt = - simple_ctime(&tt, timebuf); + ctt = simple_ctime(&tt, + timebuf); ctt[strlen(ctt) - 1] = 0; - printf - ("\n* Accepted connection from %s on %s\n", - human_addr((struct - sockaddr *) - &client_address, - calen, - topbuf, - sizeof - (topbuf)), ctt); + printf("\n* Accepted connection from %s on %s\n", + human_addr( + (struct sockaddr + *)&client_address, + calen, topbuf, + sizeof(topbuf)), + ctt); } } } if (FD_ISSET(j->fd, &rd) && !j->listen_socket) { -/* read partial GET request */ + /* read partial GET request */ char buf[16 * 1024]; int r; @@ -1691,10 +1667,12 @@ static void tcp_server(const char *name, int port, int timeout) if (j->handshake_ok == 1) { int earlydata_read = 0; if (earlydata && !j->earlydata_eof) { - r = gnutls_record_recv_early_data(j->tls_session, buf, MIN(sizeof(buf), SMALL_READ_TEST)); + r = gnutls_record_recv_early_data( + j->tls_session, buf, + MIN(sizeof(buf), + SMALL_READ_TEST)); if (r == - GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { j->earlydata_eof = 1; } if (r == 0) { @@ -1702,93 +1680,88 @@ static void tcp_server(const char *name, int port, int timeout) } } if (!earlydata_read) { - r = gnutls_record_recv - (j->tls_session, buf, - MIN(sizeof(buf), - SMALL_READ_TEST)); + r = gnutls_record_recv( + j->tls_session, buf, + MIN(sizeof(buf), + SMALL_READ_TEST)); } - if (r == GNUTLS_E_INTERRUPTED - || r == GNUTLS_E_AGAIN) { + if (r == GNUTLS_E_INTERRUPTED || + r == GNUTLS_E_AGAIN) { /* do nothing */ } else if (r <= 0) { if (r == - GNUTLS_E_HEARTBEAT_PING_RECEIVED) - { - gnutls_heartbeat_pong - (j->tls_session, 0); + GNUTLS_E_HEARTBEAT_PING_RECEIVED) { + gnutls_heartbeat_pong( + j->tls_session, + 0); } else if (r == - GNUTLS_E_REHANDSHAKE) - { + GNUTLS_E_REHANDSHAKE) { try_rehandshake(j); } else { j->http_state = - HTTP_STATE_CLOSING; + HTTP_STATE_CLOSING; if (r < 0) { int ret; - check_alert - (j->tls_session, - r); + check_alert( + j->tls_session, + r); fprintf(stderr, "Error while receiving data\n"); do { - ret = - gnutls_alert_send_appropriate - (j->tls_session, - r); - } while (ret == - GNUTLS_E_AGAIN - || ret - == - GNUTLS_E_INTERRUPTED); + ret = gnutls_alert_send_appropriate( + j->tls_session, + r); + } while ( + ret == GNUTLS_E_AGAIN || + ret == GNUTLS_E_INTERRUPTED); GERR(r); j->close_ok = 0; } } } else { - ptr = - realloc(j->http_request, - j->request_length - + r + 1); + ptr = realloc( + j->http_request, + j->request_length + r + + 1); if (ptr != NULL) { j->http_request = ptr; - memcpy(j->http_request - + - j-> - request_length, + memcpy(j->http_request + + j->request_length, buf, r); j->request_length += r; j->http_request - [j->request_length] - = '\0'; + [j->request_length] = + '\0'; } else { j->http_state = - HTTP_STATE_CLOSING; + HTTP_STATE_CLOSING; } } -/* check if we have a full HTTP header */ + /* check if we have a full HTTP header */ j->http_response = NULL; - if (j->http_state == HTTP_STATE_REQUEST - && j->http_request != NULL) { - if ((http == 0 - && strchr(j->http_request, - '\n')) - || strstr(j->http_request, - "\r\n\r\n") - || strstr(j->http_request, - "\n\n")) { - if (get_response - (j->tls_session, - j->http_request, - &j->http_response, - &j-> - response_length)) { + if (j->http_state == + HTTP_STATE_REQUEST && + j->http_request != NULL) { + if ((http == 0 && + strchr(j->http_request, + '\n')) || + strstr(j->http_request, + "\r\n\r\n") || + strstr(j->http_request, + "\n\n")) { + if (get_response( + j->tls_session, + j->http_request, + &j->http_response, + &j->response_length)) { j->http_state = - HTTP_STATE_RESPONSE; - j->response_written = 0; + HTTP_STATE_RESPONSE; + j->response_written = + 0; } else { j->http_state = - HTTP_STATE_CLOSING; + HTTP_STATE_CLOSING; } } } @@ -1796,33 +1769,31 @@ static void tcp_server(const char *name, int port, int timeout) } if (FD_ISSET(j->fd, &wr)) { -/* write partial response request */ + /* write partial response request */ int r; if (j->handshake_ok == 0) { retry_handshake(j); } - if (j->handshake_ok == 1 - && j->http_response == NULL) { + if (j->handshake_ok == 1 && + j->http_response == NULL) { j->http_state = HTTP_STATE_CLOSING; - } else if (j->handshake_ok == 1 - && j->http_response != NULL) { - r = gnutls_record_send(j->tls_session, - j->http_response - + - j->response_written, - MIN - (j->response_length - - - j->response_written, - SMALL_READ_TEST)); - if (r == GNUTLS_E_INTERRUPTED - || r == GNUTLS_E_AGAIN) { + } else if (j->handshake_ok == 1 && + j->http_response != NULL) { + r = gnutls_record_send( + j->tls_session, + j->http_response + + j->response_written, + MIN(j->response_length - + j->response_written, + SMALL_READ_TEST)); + if (r == GNUTLS_E_INTERRUPTED || + r == GNUTLS_E_AGAIN) { /* do nothing */ } else if (r <= 0) { j->http_state = - HTTP_STATE_CLOSING; + HTTP_STATE_CLOSING; if (r < 0) { fprintf(stderr, "Error while sending data\n"); @@ -1831,23 +1802,24 @@ static void tcp_server(const char *name, int port, int timeout) check_alert(j->tls_session, r); } else { j->response_written += r; -/* check if we have written a complete response */ + /* check if we have written a complete response */ if (j->response_written == j->response_length) { if (http != 0) j->http_state = - HTTP_STATE_CLOSING; + HTTP_STATE_CLOSING; else { j->http_state = - HTTP_STATE_REQUEST; - free(j-> - http_response); - j->http_response - = NULL; - j->response_length = 0; - j->request_length = 0; + HTTP_STATE_REQUEST; + free(j->http_response); + j->http_response = + NULL; + j->response_length = + 0; + j->request_length = + 0; j->http_request - [0] = 0; + [0] = 0; } } } @@ -1861,7 +1833,7 @@ static void tcp_server(const char *name, int port, int timeout) } gl_list_iterator_free(&iter); -/* loop through all connections, closing those that are in error */ + /* loop through all connections, closing those that are in error */ iter = gl_list_iterator(listener_list); while (gl_list_iterator_next(&iter, &elt, &node)) { const listener_item *j = elt; @@ -1905,7 +1877,6 @@ static void tcp_server(const char *name, int port, int timeout) if (nodb == 0) wrap_db_deinit(); gnutls_global_deinit(); - } static void cmd_parser(int argc, char **argv) @@ -2016,13 +1987,12 @@ static void cmd_parser(int argc, char **argv) if (HAVE_OPT(HTTPDATA)) http_data_file = OPT_ARG(HTTPDATA); - } /* session resuming support */ #define SESSION_ID_SIZE 128 -#define SESSION_DATA_SIZE (16*1024) +#define SESSION_DATA_SIZE (16 * 1024) typedef struct { unsigned char session_id[SESSION_ID_SIZE]; @@ -2065,10 +2035,8 @@ static int wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data) /* find empty or expired slot to store the new entry */ for (i = 0; i < cache_db_ptr; i++) if (cache_db[i].session_id_size == 0 || - !(now < - gnutls_db_check_entry_expire_time(&cache_db - [i]. - session_data))) + !(now < gnutls_db_check_entry_expire_time( + &cache_db[i].session_data))) break; if (i == cache_db_ptr) { @@ -2112,11 +2080,9 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key) for (i = 0; i < cache_db_ptr; i++) { if (key.size == cache_db[i].session_id_size && - memcmp(key.data, cache_db[i].session_id, - key.size) == 0 && - now < - gnutls_db_check_entry_expire_time(&cache_db - [i].session_data)) { + memcmp(key.data, cache_db[i].session_id, key.size) == 0 && + now < gnutls_db_check_entry_expire_time( + &cache_db[i].session_data)) { res.size = cache_db[i].session_data.size; res.data = malloc(res.size); @@ -2139,7 +2105,6 @@ static int wrap_db_delete(void *dbf, gnutls_datum_t key) for (i = 0; i < cache_db_ptr; i++) { if (key.size == cache_db[i].session_id_size && memcmp(key.data, cache_db[i].session_id, key.size) == 0) { - cache_db[i].session_id_size = 0; free(cache_db[i].session_data.data); cache_db[i].session_data.data = NULL; @@ -2152,20 +2117,17 @@ static int wrap_db_delete(void *dbf, gnutls_datum_t key) return GNUTLS_E_DB_ERROR; } -static int -anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t * key, - const gnutls_datum_t * data) +static int anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t *key, + const gnutls_datum_t *data) { time_t now = time(0); int i; for (i = 0; i < cache_db_ptr; i++) { if (key->size == cache_db[i].session_id_size && - memcmp(key->data, cache_db[i].session_id, - key->size) == 0 && - now < - gnutls_db_check_entry_expire_time(&cache_db - [i].session_data)) + memcmp(key->data, cache_db[i].session_id, key->size) == 0 && + now < gnutls_db_check_entry_expire_time( + &cache_db[i].session_data)) return GNUTLS_E_DB_ENTRY_EXISTS; } |