diff options
author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-04-21 21:50:20 +0200 |
---|---|---|
committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-04-21 21:50:20 +0200 |
commit | efe5b290c741ac43f20cfef1d138360f79bdcdc1 (patch) | |
tree | d95945989095c453fcea223a7ec4a496efb7a396 /cmd/strsclnt | |
parent | 8189af23f9ee951b4f5ca31d4e79693bc34d4ae5 (diff) | |
download | nss-hg-efe5b290c741ac43f20cfef1d138360f79bdcdc1.tar.gz |
Bug 1254918 - clang-format NSS: cmd, r=kaie
Diffstat (limited to 'cmd/strsclnt')
-rw-r--r-- | cmd/strsclnt/strsclnt.c | 1315 |
1 files changed, 678 insertions, 637 deletions
diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c index 4a45951ba..5c8a588f8 100644 --- a/cmd/strsclnt/strsclnt.c +++ b/cmd/strsclnt/strsclnt.c @@ -42,44 +42,44 @@ #define RD_BUF_SIZE (60 * 1024) -/* Include these cipher suite arrays to re-use tstclnt's +/* Include these cipher suite arrays to re-use tstclnt's * cipher selection code. */ int ssl3CipherSuites[] = { - -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ - -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ - TLS_RSA_WITH_RC4_128_MD5, /* c */ - TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - TLS_RSA_WITH_DES_CBC_SHA, /* e */ - TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */ - TLS_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - TLS_RSA_WITH_RC4_128_SHA, /* n */ - TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ - TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ - TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - TLS_RSA_WITH_NULL_SHA, /* z */ + -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ + -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */ + TLS_RSA_WITH_NULL_MD5, /* i */ + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ + SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ + TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ + TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ + TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; #define NO_FULLHS_PERCENTAGE -1 -/* This global string is so that client main can see - * which ciphers to use. +/* This global string is so that client main can see + * which ciphers to use. */ static const char *cipherString; @@ -89,8 +89,8 @@ static int MakeCertOK; static int NoReuse; static int fullhs = NO_FULLHS_PERCENTAGE; /* percentage of full handshakes to ** perform */ -static PRInt32 globalconid = 0; /* atomically set */ -static int total_connections; /* total number of connections to perform */ +static PRInt32 globalconid = 0; /* atomically set */ +static int total_connections; /* total number of connections to perform */ static int total_connections_rounded_down_to_hundreds; static int total_connections_modulo_100; @@ -98,93 +98,96 @@ static PRBool NoDelay; static PRBool QuitOnTimeout = PR_FALSE; static PRBool ThrottleUp = PR_FALSE; -static PRLock * threadLock; /* protects the global variables below */ +static PRLock *threadLock; /* protects the global variables below */ static PRTime lastConnectFailure; static PRTime lastConnectSuccess; static PRTime lastThrottleUp; -static PRInt32 remaining_connections; /* number of connections left */ -static int active_threads = 8; /* number of threads currently trying to +static PRInt32 remaining_connections; /* number of connections left */ +static int active_threads = 8; /* number of threads currently trying to ** connect */ static PRInt32 numUsed; /* end of variables protected by threadLock */ -static SSL3Statistics * ssl3stats; +static SSL3Statistics *ssl3stats; static int failed_already = 0; static SSLVersionRange enabledVersions; -static PRBool bypassPKCS11 = PR_FALSE; -static PRBool disableLocking = PR_FALSE; -static PRBool ignoreErrors = PR_FALSE; +static PRBool bypassPKCS11 = PR_FALSE; +static PRBool disableLocking = PR_FALSE; +static PRBool ignoreErrors = PR_FALSE; static PRBool enableSessionTickets = PR_FALSE; -static PRBool enableCompression = PR_FALSE; -static PRBool enableFalseStart = PR_FALSE; -static PRBool enableCertStatus = PR_FALSE; +static PRBool enableCompression = PR_FALSE; +static PRBool enableFalseStart = PR_FALSE; +static PRBool enableCertStatus = PR_FALSE; -PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; +PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; -char * progName; +char *progName; secuPWData pwdata = { PW_NONE, 0 }; -int stopping; -int verbose; -SECItem bigBuf; +int stopping; +int verbose; +SECItem bigBuf; -#define PRINTF if (verbose) printf -#define FPRINTF if (verbose) fprintf +#define PRINTF \ + if (verbose) \ + printf +#define FPRINTF \ + if (verbose) \ + fprintf static void Usage(const char *progName) { - fprintf(stderr, - "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n" - " [-BDNovqs] [-f filename] [-N | -P percentage]\n" - " [-w dbpasswd] [-C cipher(s)] [-t threads] [-W pwfile]\n" - " [-V [min-version]:[max-version]] [-a sniHostName] hostname\n" - " where -v means verbose\n" - " -o flag is interpreted as follows:\n" - " 1 -o means override the result of server certificate validation.\n" - " 2 -o's mean skip server certificate validation altogether.\n" - " -D means no TCP delays\n" - " -q means quit when server gone (timeout rather than retry forever)\n" - " -s means disable SSL socket locking\n" - " -N means no session reuse\n" - " -P means do a specified percentage of full handshakes (0-100)\n" - " -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n" - " All versions are enabled by default.\n" - " Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n" - " Example: \"-V ssl3:\" enables SSL 3 and newer.\n" - " -U means enable throttling up threads\n" - " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" - " -T enable the cert_status extension (OCSP stapling)\n" - " -u enable TLS Session Ticket extension\n" - " -z enable compression\n" - " -g enable false start\n", - progName); + fprintf(stderr, + "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n" + " [-BDNovqs] [-f filename] [-N | -P percentage]\n" + " [-w dbpasswd] [-C cipher(s)] [-t threads] [-W pwfile]\n" + " [-V [min-version]:[max-version]] [-a sniHostName] hostname\n" + " where -v means verbose\n" + " -o flag is interpreted as follows:\n" + " 1 -o means override the result of server certificate validation.\n" + " 2 -o's mean skip server certificate validation altogether.\n" + " -D means no TCP delays\n" + " -q means quit when server gone (timeout rather than retry forever)\n" + " -s means disable SSL socket locking\n" + " -N means no session reuse\n" + " -P means do a specified percentage of full handshakes (0-100)\n" + " -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n" + " All versions are enabled by default.\n" + " Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n" + " Example: \"-V ssl3:\" enables SSL 3 and newer.\n" + " -U means enable throttling up threads\n" + " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" + " -T enable the cert_status extension (OCSP stapling)\n" + " -u enable TLS Session Ticket extension\n" + " -z enable compression\n" + " -g enable false start\n", + progName); exit(1); } - static void -errWarn(char * funcString) +errWarn(char *funcString) { - PRErrorCode perr = PR_GetError(); - PRInt32 oserr = PR_GetOSError(); - const char * errString = SECU_Strerror(perr); + PRErrorCode perr = PR_GetError(); + PRInt32 oserr = PR_GetOSError(); + const char *errString = SECU_Strerror(perr); fprintf(stderr, "strsclnt: %s returned error %d, OS error %d: %s\n", funcString, perr, oserr, errString); } static void -errExit(char * funcString) +errExit(char *funcString) { errWarn(funcString); exit(1); } /************************************************************************** -** +** ** Routines for disabling SSL ciphers. ** **************************************************************************/ @@ -193,40 +196,40 @@ void disableAllSSLCiphers(void) { const PRUint16 *cipherSuites = SSL_GetImplementedCiphers(); - int i = SSL_GetNumImplementedCiphers(); - SECStatus rv; + int i = SSL_GetNumImplementedCiphers(); + SECStatus rv; /* disable all the SSL3 cipher suites */ while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; + PRUint16 suite = cipherSuites[i]; rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } + if (rv != SECSuccess) { + printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", + suite, i); + errWarn("SSL_CipherPrefSetDefault"); + exit(2); + } } } /* This invokes the "default" AuthCert handler in libssl. -** The only reason to use this one is that it prints out info as it goes. +** The only reason to use this one is that it prints out info as it goes. */ static SECStatus mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, - PRBool isServer) + PRBool isServer) { SECStatus rv; - CERTCertificate * peerCert; + CERTCertificate *peerCert; const SECItemArray *csa; - if (MakeCertOK>=2) { + if (MakeCertOK >= 2) { return SECSuccess; } peerCert = SSL_PeerCertificate(fd); - PRINTF("strsclnt: Subject: %s\nstrsclnt: Issuer : %s\n", - peerCert->subjectName, peerCert->issuerName); + PRINTF("strsclnt: Subject: %s\nstrsclnt: Issuer : %s\n", + peerCert->subjectName, peerCert->issuerName); csa = SSL_PeerStapledOCSPResponses(fd); if (csa) { PRINTF("Received %d Cert Status items (OCSP stapled data)\n", @@ -237,88 +240,87 @@ mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PR_ATOMIC_INCREMENT(&certsTested); if (rv == SECSuccess) { - fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr); + fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr); } CERT_DestroyCertificate(peerCert); /* error, if any, will be displayed by the Bad Cert Handler. */ - return rv; + return rv; } static SECStatus -myBadCertHandler( void *arg, PRFileDesc *fd) +myBadCertHandler(void *arg, PRFileDesc *fd) { PRErrorCode err = PR_GetError(); if (!MakeCertOK) - fprintf(stderr, - "strsclnt: -- SSL: Server Certificate Invalid, err %d.\n%s\n", - err, SECU_Strerror(err)); + fprintf(stderr, + "strsclnt: -- SSL: Server Certificate Invalid, err %d.\n%s\n", + err, SECU_Strerror(err)); return (MakeCertOK ? SECSuccess : SECFailure); } -void +void printSecurityInfo(PRFileDesc *fd) { - CERTCertificate * cert = NULL; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); + CERTCertificate *cert = NULL; + SSL3Statistics *ssl3stats = SSL_GetStatistics(); SECStatus result; - SSLChannelInfo channel; + SSLChannelInfo channel; SSLCipherSuiteInfo suite; static int only_once; if (only_once && verbose < 2) - return; + return; only_once = 1; result = SSL_GetChannelInfo(fd, &channel, sizeof channel); - if (result == SECSuccess && - channel.length == sizeof channel && - channel.cipherSuite) { - result = SSL_GetCipherSuiteInfo(channel.cipherSuite, - &suite, sizeof suite); - if (result == SECSuccess) { - FPRINTF(stderr, - "strsclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n", - channel.protocolVersion >> 8, channel.protocolVersion & 0xff, - suite.effectiveKeyBits, suite.symCipherName, - suite.macBits, suite.macAlgorithmName); - FPRINTF(stderr, - "strsclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" - " Compression: %s\n", - channel.authKeyBits, suite.authAlgorithmName, - channel.keaKeyBits, suite.keaTypeName, - channel.compressionMethodName); - } + if (result == SECSuccess && + channel.length == sizeof channel && + channel.cipherSuite) { + result = SSL_GetCipherSuiteInfo(channel.cipherSuite, + &suite, sizeof suite); + if (result == SECSuccess) { + FPRINTF(stderr, + "strsclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n", + channel.protocolVersion >> 8, channel.protocolVersion & 0xff, + suite.effectiveKeyBits, suite.symCipherName, + suite.macBits, suite.macAlgorithmName); + FPRINTF(stderr, + "strsclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" + " Compression: %s\n", + channel.authKeyBits, suite.authAlgorithmName, + channel.keaKeyBits, suite.keaTypeName, + channel.compressionMethodName); + } } cert = SSL_LocalCertificate(fd); if (!cert) - cert = SSL_PeerCertificate(fd); + cert = SSL_PeerCertificate(fd); if (verbose && cert) { - char * ip = CERT_NameToAscii(&cert->issuer); - char * sp = CERT_NameToAscii(&cert->subject); + char *ip = CERT_NameToAscii(&cert->issuer); + char *sp = CERT_NameToAscii(&cert->subject); if (sp) { - fprintf(stderr, "strsclnt: subject DN: %s\n", sp); - PORT_Free(sp); - } + fprintf(stderr, "strsclnt: subject DN: %s\n", sp); + PORT_Free(sp); + } if (ip) { - fprintf(stderr, "strsclnt: issuer DN: %s\n", ip); - PORT_Free(ip); - } + fprintf(stderr, "strsclnt: issuer DN: %s\n", ip); + PORT_Free(ip); + } } if (cert) { - CERT_DestroyCertificate(cert); - cert = NULL; + CERT_DestroyCertificate(cert); + cert = NULL; } fprintf(stderr, - "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n" - " %ld stateless resumes\n", - ssl3stats->hsh_sid_cache_hits, - ssl3stats->hsh_sid_cache_misses, - ssl3stats->hsh_sid_cache_not_ok, - ssl3stats->hsh_sid_stateless_resumes); - + "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n" + " %ld stateless resumes\n", + ssl3stats->hsh_sid_cache_hits, + ssl3stats->hsh_sid_cache_misses, + ssl3stats->hsh_sid_cache_not_ok, + ssl3stats->hsh_sid_stateless_resumes); } /************************************************************************** @@ -329,26 +331,25 @@ printSecurityInfo(PRFileDesc *fd) typedef SECStatus startFn(void *a, void *b, int c); - -static PRInt32 numConnected; -static int max_threads; /* peak threads allowed */ +static PRInt32 numConnected; +static int max_threads; /* peak threads allowed */ typedef struct perThreadStr { - void * a; - void * b; - int tid; - int rv; - startFn * startFunc; - PRThread * prThread; - PRBool inUse; + void *a; + void *b; + int tid; + int rv; + startFn *startFunc; + PRThread *prThread; + PRBool inUse; } perThread; perThread threads[MAX_THREADS]; void -thread_wrapper(void * arg) +thread_wrapper(void *arg) { - perThread * slot = (perThread *)arg; + perThread *slot = (perThread *)arg; PRBool done = PR_FALSE; do { @@ -357,7 +358,7 @@ thread_wrapper(void * arg) PRTime now = PR_Now(); PR_Lock(threadLock); - if (! (slot->tid < active_threads)) { + if (!(slot->tid < active_threads)) { /* this thread isn't supposed to be running */ if (!ThrottleUp) { /* we'll never need this thread again, so abort it */ @@ -372,13 +373,13 @@ thread_wrapper(void * arg) ** 3. there must be a more recent PR_Connect success than ** failure */ - if ( (now - lastConnectFailure > 10 * PR_USEC_PER_SEC) && - ( (!lastThrottleUp) || ( (now - lastThrottleUp) >= - (PR_USEC_PER_SEC/2)) ) && - (lastConnectSuccess > lastConnectFailure) ) { + if ((now - lastConnectFailure > 10 * PR_USEC_PER_SEC) && + ((!lastThrottleUp) || ((now - lastThrottleUp) >= + (PR_USEC_PER_SEC / 2))) && + (lastConnectSuccess > lastConnectFailure)) { /* try throttling up by one thread */ - active_threads = PR_MIN(max_threads, active_threads+1); - fprintf(stderr,"active_threads set up to %d\n", + active_threads = PR_MIN(max_threads, active_threads + 1); + fprintf(stderr, "active_threads set up to %d\n", active_threads); lastThrottleUp = PR_MAX(now, lastThrottleUp); } @@ -396,8 +397,8 @@ thread_wrapper(void * arg) } PR_Unlock(threadLock); if (doop) { - slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->tid); - PRINTF("strsclnt: Thread in slot %d returned %d\n", + slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->tid); + PRINTF("strsclnt: Thread in slot %d returned %d\n", slot->tid, slot->rv); } if (dosleep) { @@ -408,18 +409,18 @@ thread_wrapper(void * arg) SECStatus launch_thread( - startFn * startFunc, - void * a, - void * b, - int tid) + startFn *startFunc, + void *a, + void *b, + int tid) { PRUint32 i; - perThread * slot; + perThread *slot; PR_Lock(threadLock); PORT_Assert(numUsed < MAX_THREADS); - if (! (numUsed < MAX_THREADS)) { + if (!(numUsed < MAX_THREADS)) { PR_Unlock(threadLock); return SECFailure; } @@ -432,17 +433,17 @@ launch_thread( slot->startFunc = startFunc; - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, slot, - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, 0); + slot->prThread = PR_CreateThread(PR_USER_THREAD, + thread_wrapper, slot, + PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, + PR_JOINABLE_THREAD, 0); if (slot->prThread == NULL) { - PR_Unlock(threadLock); - printf("strsclnt: Failed to launch thread!\n"); - return SECFailure; - } + PR_Unlock(threadLock); + printf("strsclnt: Failed to launch thread!\n"); + return SECFailure; + } - slot->inUse = 1; + slot->inUse = 1; PR_Unlock(threadLock); PRINTF("strsclnt: Launched thread in slot %d \n", i); @@ -450,10 +451,10 @@ launch_thread( } /* join all the threads */ -int +int reap_threads(void) { - int i; + int i; for (i = 0; i < MAX_THREADS; ++i) { if (threads[i].prThread) { @@ -470,8 +471,8 @@ destroy_thread_data(void) PORT_Memset(threads, 0, sizeof threads); if (threadLock) { - PR_DestroyLock(threadLock); - threadLock = NULL; + PR_DestroyLock(threadLock); + threadLock = NULL; } } @@ -496,25 +497,25 @@ static const char outHeader[] = { }; struct lockedVarsStr { - PRLock * lock; - int count; - int waiters; - PRCondVar * condVar; + PRLock *lock; + int count; + int waiters; + PRCondVar *condVar; }; typedef struct lockedVarsStr lockedVars; -void -lockedVars_Init( lockedVars * lv) +void +lockedVars_Init(lockedVars *lv) { - lv->count = 0; + lv->count = 0; lv->waiters = 0; - lv->lock = PR_NewLock(); + lv->lock = PR_NewLock(); lv->condVar = PR_NewCondVar(lv->lock); } void -lockedVars_Destroy( lockedVars * lv) +lockedVars_Destroy(lockedVars *lv) { PR_DestroyCondVar(lv->condVar); lv->condVar = NULL; @@ -524,24 +525,24 @@ lockedVars_Destroy( lockedVars * lv) } void -lockedVars_WaitForDone(lockedVars * lv) +lockedVars_WaitForDone(lockedVars *lv) { PR_Lock(lv->lock); while (lv->count > 0) { - PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); + PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); } PR_Unlock(lv->lock); } -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) +int /* returns count */ + lockedVars_AddToCount(lockedVars *lv, int addend) { int rv; PR_Lock(lv->lock); rv = lv->count += addend; if (rv <= 0) { - PR_NotifyCondVar(lv->condVar); + PR_NotifyCondVar(lv->condVar); } PR_Unlock(lv->lock); return rv; @@ -549,29 +550,29 @@ lockedVars_AddToCount(lockedVars * lv, int addend) SECStatus do_writes( - void * a, - void * b, - int c) + void *a, + void *b, + int c) { - PRFileDesc * ssl_sock = (PRFileDesc *)a; - lockedVars * lv = (lockedVars *)b; + PRFileDesc *ssl_sock = (PRFileDesc *)a; + lockedVars *lv = (lockedVars *)b; unsigned int sent = 0; int count = 0; while (sent < bigBuf.len) { - count = PR_Send(ssl_sock, bigBuf.data + sent, bigBuf.len - sent, - 0, maxInterval); - if (count < 0) { - errWarn("PR_Send bigBuf"); - break; - } - FPRINTF(stderr, "strsclnt: PR_Send wrote %d bytes from bigBuf\n", - count ); - sent += count; + count = PR_Send(ssl_sock, bigBuf.data + sent, bigBuf.len - sent, + 0, maxInterval); + if (count < 0) { + errWarn("PR_Send bigBuf"); + break; + } + FPRINTF(stderr, "strsclnt: PR_Send wrote %d bytes from bigBuf\n", + count); + sent += count; } - if (count >= 0) { /* last write didn't fail. */ - PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND); + if (count >= 0) { /* last write didn't fail. */ + PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND); } /* notify the reader that we're done. */ @@ -579,15 +580,14 @@ do_writes( return (sent < bigBuf.len) ? SECFailure : SECSuccess; } -int -handle_fdx_connection( PRFileDesc * ssl_sock, int connection) +int +handle_fdx_connection(PRFileDesc *ssl_sock, int connection) { - SECStatus result; - int firstTime = 1; - int countRead = 0; - lockedVars lv; - char *buf; - + SECStatus result; + int firstTime = 1; + int countRead = 0; + lockedVars lv; + char *buf; lockedVars_Init(&lv); lockedVars_AddToCount(&lv, 1); @@ -595,41 +595,41 @@ handle_fdx_connection( PRFileDesc * ssl_sock, int connection) /* Attempt to launch the writer thread. */ result = launch_thread(do_writes, ssl_sock, &lv, connection); - if (result != SECSuccess) - goto cleanup; + if (result != SECSuccess) + goto cleanup; buf = PR_Malloc(RD_BUF_SIZE); if (buf) { - do { - /* do reads here. */ - PRInt32 count; - - count = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval); - if (count < 0) { - errWarn("PR_Recv"); - break; - } - countRead += count; - FPRINTF(stderr, - "strsclnt: connection %d read %d bytes (%d total).\n", - connection, count, countRead ); - if (firstTime) { - firstTime = 0; - printSecurityInfo(ssl_sock); - } - } while (lockedVars_AddToCount(&lv, 0) > 0); - PR_Free(buf); - buf = 0; + do { + /* do reads here. */ + PRInt32 count; + + count = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval); + if (count < 0) { + errWarn("PR_Recv"); + break; + } + countRead += count; + FPRINTF(stderr, + "strsclnt: connection %d read %d bytes (%d total).\n", + connection, count, countRead); + if (firstTime) { + firstTime = 0; + printSecurityInfo(ssl_sock); + } + } while (lockedVars_AddToCount(&lv, 0) > 0); + PR_Free(buf); + buf = 0; } /* Wait for writer to finish */ lockedVars_WaitForDone(&lv); lockedVars_Destroy(&lv); - FPRINTF(stderr, - "strsclnt: connection %d read %d bytes total. -----------------------\n", - connection, countRead); + FPRINTF(stderr, + "strsclnt: connection %d read %d bytes total. -----------------------\n", + connection, countRead); cleanup: /* Caller closes the socket. */ @@ -637,58 +637,58 @@ cleanup: return SECSuccess; } -const char request[] = {"GET /abc HTTP/1.0\r\n\r\n" }; +const char request[] = { "GET /abc HTTP/1.0\r\n\r\n" }; SECStatus -handle_connection( PRFileDesc *ssl_sock, int tid) +handle_connection(PRFileDesc *ssl_sock, int tid) { - int countRead = 0; + int countRead = 0; PRInt32 rv; - char *buf; + char *buf; buf = PR_Malloc(RD_BUF_SIZE); if (!buf) - return SECFailure; + return SECFailure; /* compose the http request here. */ rv = PR_Send(ssl_sock, request, strlen(request), 0, maxInterval); if (rv <= 0) { - errWarn("PR_Send"); - PR_Free(buf); - buf = 0; + errWarn("PR_Send"); + PR_Free(buf); + buf = 0; failed_already = 1; - return SECFailure; + return SECFailure; } printSecurityInfo(ssl_sock); /* read until EOF */ while (1) { - rv = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval); - if (rv == 0) { - break; /* EOF */ - } - if (rv < 0) { - errWarn("PR_Recv"); - failed_already = 1; - break; - } - - countRead += rv; - FPRINTF(stderr, + rv = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval); + if (rv == 0) { + break; /* EOF */ + } + if (rv < 0) { + errWarn("PR_Recv"); + failed_already = 1; + break; + } + + countRead += rv; + FPRINTF(stderr, "strsclnt: connection on thread %d read %d bytes (%d total).\n", - tid, rv, countRead ); + tid, rv, countRead); } PR_Free(buf); buf = 0; /* Caller closes the socket. */ - FPRINTF(stderr, - "strsclnt: connection on thread %d read %d bytes total. ---------\n", - tid, countRead); + FPRINTF(stderr, + "strsclnt: connection on thread %d read %d bytes total. ---------\n", + tid, countRead); - return SECSuccess; /* success */ + return SECSuccess; /* success */ } #define USE_SOCK_PEER_ID 1 @@ -698,7 +698,7 @@ handle_connection( PRFileDesc *ssl_sock, int tid) PRInt32 lastFullHandshakePeerID; void -myHandshakeCallback(PRFileDesc *socket, void *arg) +myHandshakeCallback(PRFileDesc *socket, void *arg) { PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL)); } @@ -710,44 +710,44 @@ myHandshakeCallback(PRFileDesc *socket, void *arg) */ SECStatus do_connects( - void * a, - void * b, - int tid) + void *a, + void *b, + int tid) { - PRNetAddr * addr = (PRNetAddr *) a; - PRFileDesc * model_sock = (PRFileDesc *) b; - PRFileDesc * ssl_sock = 0; - PRFileDesc * tcp_sock = 0; - PRStatus prStatus; - PRUint32 sleepInterval = 50; /* milliseconds */ - SECStatus rv = SECSuccess; - PRSocketOptionData opt; + PRNetAddr *addr = (PRNetAddr *)a; + PRFileDesc *model_sock = (PRFileDesc *)b; + PRFileDesc *ssl_sock = 0; + PRFileDesc *tcp_sock = 0; + PRStatus prStatus; + PRUint32 sleepInterval = 50; /* milliseconds */ + SECStatus rv = SECSuccess; + PRSocketOptionData opt; retry: tcp_sock = PR_OpenTCPSocket(addr->raw.family); if (tcp_sock == NULL) { - errExit("PR_OpenTCPSocket"); + errExit("PR_OpenTCPSocket"); } - opt.option = PR_SockOpt_Nonblocking; + opt.option = PR_SockOpt_Nonblocking; opt.value.non_blocking = PR_FALSE; prStatus = PR_SetSocketOption(tcp_sock, &opt); if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption(PR_SockOpt_Nonblocking, PR_FALSE)"); - PR_Close(tcp_sock); - return SECSuccess; - } + errWarn("PR_SetSocketOption(PR_SockOpt_Nonblocking, PR_FALSE)"); + PR_Close(tcp_sock); + return SECSuccess; + } if (NoDelay) { - opt.option = PR_SockOpt_NoDelay; - opt.value.no_delay = PR_TRUE; - prStatus = PR_SetSocketOption(tcp_sock, &opt); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)"); - PR_Close(tcp_sock); - return SECSuccess; - } + opt.option = PR_SockOpt_NoDelay; + opt.value.no_delay = PR_TRUE; + prStatus = PR_SetSocketOption(tcp_sock, &opt); + if (prStatus != PR_SUCCESS) { + errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)"); + PR_Close(tcp_sock); + return SECSuccess; + } } prStatus = PR_Connect(tcp_sock, addr, PR_INTERVAL_NO_TIMEOUT); @@ -761,30 +761,30 @@ retry: PR_Unlock(threadLock); PR_SetError(err, oserr); /* restore error code */ } - if ((err == PR_CONNECT_REFUSED_ERROR) || - (err == PR_CONNECT_RESET_ERROR) ) { - int connections = numConnected; + if ((err == PR_CONNECT_REFUSED_ERROR) || + (err == PR_CONNECT_RESET_ERROR)) { + int connections = numConnected; - PR_Close(tcp_sock); + PR_Close(tcp_sock); PR_Lock(threadLock); if (connections > 2 && active_threads >= connections) { active_threads = connections - 1; - fprintf(stderr,"active_threads set down to %d\n", + fprintf(stderr, "active_threads set down to %d\n", active_threads); } PR_Unlock(threadLock); if (QuitOnTimeout && sleepInterval > 40000) { fprintf(stderr, - "strsclnt: Client timed out waiting for connection to server.\n"); + "strsclnt: Client timed out waiting for connection to server.\n"); exit(1); } - PR_Sleep(PR_MillisecondsToInterval(sleepInterval)); - sleepInterval <<= 1; - goto retry; - } - errWarn("PR_Connect"); - goto done; + PR_Sleep(PR_MillisecondsToInterval(sleepInterval)); + sleepInterval <<= 1; + goto retry; + } + errWarn("PR_Connect"); + goto done; } else { if (ThrottleUp) { PRTime now = PR_Now(); @@ -797,8 +797,8 @@ retry: ssl_sock = SSL_ImportFD(model_sock, tcp_sock); /* XXX if this import fails, close tcp_sock and return. */ if (!ssl_sock) { - PR_Close(tcp_sock); - return SECSuccess; + PR_Close(tcp_sock); + return SECSuccess; } if (fullhs != NO_FULLHS_PERCENTAGE) { #ifdef USE_SOCK_PEER_ID @@ -810,10 +810,10 @@ retry: PRInt32 conid = 1 + (savid - 1) % 100; /* don't change peer ID on the very first handshake, which is always a full, so the session gets stored into the client cache */ - if ( (savid != 1) && - ( ( (savid <= total_connections_rounded_down_to_hundreds) && - (conid <= fullhs) ) || - (conid*100 <= total_connections_modulo_100*fullhs ) ) ) + if ((savid != 1) && + (((savid <= total_connections_rounded_down_to_hundreds) && + (conid <= fullhs)) || + (conid * 100 <= total_connections_modulo_100 * fullhs))) #ifdef USE_SOCK_PEER_ID { /* force a full handshake by changing the socket peer ID */ @@ -834,46 +834,46 @@ retry: } rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0); if (rv != SECSuccess) { - errWarn("SSL_ResetHandshake"); - goto done; + errWarn("SSL_ResetHandshake"); + goto done; } PR_ATOMIC_INCREMENT(&numConnected); if (bigBuf.data != NULL) { - (void)handle_fdx_connection( ssl_sock, tid); + (void)handle_fdx_connection(ssl_sock, tid); } else { - (void)handle_connection( ssl_sock, tid); + (void)handle_connection(ssl_sock, tid); } PR_ATOMIC_DECREMENT(&numConnected); done: if (ssl_sock) { - PR_Close(ssl_sock); + PR_Close(ssl_sock); } else if (tcp_sock) { - PR_Close(tcp_sock); + PR_Close(tcp_sock); } return rv; } - typedef struct { - PRLock* lock; - char* nickname; - CERTCertificate* cert; - SECKEYPrivateKey* key; - void* wincx; + PRLock *lock; + char *nickname; + CERTCertificate *cert; + SECKEYPrivateKey *key; + void *wincx; } cert_and_key; -PRBool FindCertAndKey(cert_and_key* Cert_And_Key) +PRBool +FindCertAndKey(cert_and_key *Cert_And_Key) { - if ( (NULL == Cert_And_Key->nickname) || (0 == strcmp(Cert_And_Key->nickname,"none"))) { + if ((NULL == Cert_And_Key->nickname) || (0 == strcmp(Cert_And_Key->nickname, "none"))) { return PR_TRUE; } Cert_And_Key->cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), - Cert_And_Key->nickname, certUsageSSLClient, - PR_FALSE, Cert_And_Key->wincx); + Cert_And_Key->nickname, certUsageSSLClient, + PR_FALSE, Cert_And_Key->wincx); if (Cert_And_Key->cert) { Cert_And_Key->key = PK11_FindKeyByAnyCert(Cert_And_Key->cert, Cert_And_Key->wincx); } @@ -884,25 +884,26 @@ PRBool FindCertAndKey(cert_and_key* Cert_And_Key) } } -PRBool LoggedIn(CERTCertificate* cert, SECKEYPrivateKey* key) +PRBool +LoggedIn(CERTCertificate *cert, SECKEYPrivateKey *key) { - if ( (cert->slot) && (key->pkcs11Slot) && - (PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) && - (PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL)) ) { + if ((cert->slot) && (key->pkcs11Slot) && + (PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) && + (PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL))) { return PR_TRUE; } - + return PR_FALSE; } -SECStatus -StressClient_GetClientAuthData(void * arg, - PRFileDesc * socket, - struct CERTDistNamesStr * caNames, - struct CERTCertificateStr ** pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) +SECStatus +StressClient_GetClientAuthData(void *arg, + PRFileDesc *socket, + struct CERTDistNamesStr *caNames, + struct CERTCertificateStr **pRetCert, + struct SECKEYPrivateKeyStr **pRetKey) { - cert_and_key* Cert_And_Key = (cert_and_key*) arg; + cert_and_key *Cert_And_Key = (cert_and_key *)arg; if (!pRetCert || !pRetKey) { /* bad pointers, can't return a cert or key */ @@ -940,7 +941,7 @@ StressClient_GetClientAuthData(void * arg, break; } /* now check if those objects are valid */ - if ( PR_FALSE == LoggedIn(*pRetCert, *pRetKey) ) { + if (PR_FALSE == LoggedIn(*pRetCert, *pRetKey)) { /* token is no longer logged in, it was removed */ /* first, delete and clear our invalid local objects */ @@ -962,12 +963,11 @@ StressClient_GetClientAuthData(void * arg, Cert_And_Key->cert = NULL; Cert_And_Key->key = NULL; - /* now look up the cert and key again */ - while (PR_FALSE == FindCertAndKey(Cert_And_Key) ) { + while (PR_FALSE == FindCertAndKey(Cert_And_Key)) { PR_Sleep(PR_SecondsToInterval(1)); timeout++; - if (timeout>=60) { + if (timeout >= 60) { printf("\nToken pulled and not reinserted early enough : aborting.\n"); exit(1); } @@ -984,12 +984,12 @@ StressClient_GetClientAuthData(void * arg, return SECFailure; } else { /* no cert configured, automatically find the right cert. */ - CERTCertificate * cert = NULL; - SECKEYPrivateKey * privkey = NULL; - CERTCertNicknames * names; - int i; - void * proto_win = NULL; - SECStatus rv = SECFailure; + CERTCertificate *cert = NULL; + SECKEYPrivateKey *privkey = NULL; + CERTCertNicknames *names; + int i; + void *proto_win = NULL; + SECStatus rv = SECFailure; if (Cert_And_Key) { proto_win = Cert_And_Key->wincx; @@ -1000,20 +1000,20 @@ StressClient_GetClientAuthData(void * arg, if (names != NULL) { for (i = 0; i < names->numnicknames; i++) { cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), - names->nicknames[i], certUsageSSLClient, - PR_FALSE, proto_win); - if ( !cert ) + names->nicknames[i], certUsageSSLClient, + PR_FALSE, proto_win); + if (!cert) continue; /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != - secCertTimeValid ) { + if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != + secCertTimeValid) { CERT_DestroyCertificate(cert); continue; } rv = NSS_CmpCertChainWCANames(cert, caNames); - if ( rv == SECSuccess ) { + if (rv == SECSuccess) { privkey = PK11_FindKeyByAnyCert(cert, proto_win); - if ( privkey ) + if (privkey) break; } rv = SECFailure; @@ -1023,63 +1023,63 @@ StressClient_GetClientAuthData(void * arg, } if (rv == SECSuccess) { *pRetCert = cert; - *pRetKey = privkey; + *pRetKey = privkey; } return rv; } } -int -hexchar_to_int(int c) +int +hexchar_to_int(int c) { if (((c) >= '0') && ((c) <= '9')) - return (c) - '0'; + return (c) - '0'; if (((c) >= 'a') && ((c) <= 'f')) - return (c) - 'a' + 10; + return (c) - 'a' + 10; if (((c) >= 'A') && ((c) <= 'F')) - return (c) - 'A' + 10; + return (c) - 'A' + 10; failed_already = 1; return -1; } void client_main( - unsigned short port, - int connections, - cert_and_key* Cert_And_Key, - const char * hostName, - const char * sniHostName) + unsigned short port, + int connections, + cert_and_key *Cert_And_Key, + const char *hostName, + const char *sniHostName) { - PRFileDesc *model_sock = NULL; - int i; - int rv; - PRStatus status; - PRNetAddr addr; + PRFileDesc *model_sock = NULL; + int i; + int rv; + PRStatus status; + PRNetAddr addr; status = PR_StringToNetAddr(hostName, &addr); if (status == PR_SUCCESS) { - addr.inet.port = PR_htons(port); + addr.inet.port = PR_htons(port); } else { - /* Lookup host */ - PRAddrInfo *addrInfo; - void *enumPtr = NULL; - - addrInfo = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC, - PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME); - if (!addrInfo) { - SECU_PrintError(progName, "error looking up host"); - return; - } - do { - enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, port, &addr); - } while (enumPtr != NULL && - addr.raw.family != PR_AF_INET && - addr.raw.family != PR_AF_INET6); - PR_FreeAddrInfo(addrInfo); - if (enumPtr == NULL) { - SECU_PrintError(progName, "error looking up host address"); - return; - } + /* Lookup host */ + PRAddrInfo *addrInfo; + void *enumPtr = NULL; + + addrInfo = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC, + PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME); + if (!addrInfo) { + SECU_PrintError(progName, "error looking up host"); + return; + } + do { + enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, port, &addr); + } while (enumPtr != NULL && + addr.raw.family != PR_AF_INET && + addr.raw.family != PR_AF_INET6); + PR_FreeAddrInfo(addrInfo); + if (enumPtr == NULL) { + SECU_PrintError(progName, "error looking up host address"); + return; + } } /* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */ @@ -1093,46 +1093,46 @@ client_main( disableAllSSLCiphers(); while (0 != (ndx = *cipherString)) { - const char * startCipher = cipherString++; - int cipher = 0; - SECStatus rv; - - if (ndx == ':') { - cipher = hexchar_to_int(*cipherString++); - cipher <<= 4; - cipher |= hexchar_to_int(*cipherString++); - cipher <<= 4; - cipher |= hexchar_to_int(*cipherString++); - cipher <<= 4; - cipher |= hexchar_to_int(*cipherString++); - if (cipher <= 0) { - fprintf(stderr, "strsclnt: Invalid cipher value: %-5.5s\n", - startCipher); - failed_already = 1; - return; - } - } else { - if (isalpha(ndx)) { + const char *startCipher = cipherString++; + int cipher = 0; + SECStatus rv; + + if (ndx == ':') { + cipher = hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + if (cipher <= 0) { + fprintf(stderr, "strsclnt: Invalid cipher value: %-5.5s\n", + startCipher); + failed_already = 1; + return; + } + } else { + if (isalpha(ndx)) { ndx = tolower(ndx) - 'a'; if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) { cipher = ssl3CipherSuites[ndx]; } - } - if (cipher <= 0) { - fprintf(stderr, "strsclnt: Invalid cipher letter: %c\n", - *startCipher); - failed_already = 1; - return; - } - } - rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE); - if (rv != SECSuccess) { - fprintf(stderr, - "strsclnt: SSL_CipherPrefSetDefault(0x%04x) failed\n", - cipher); - failed_already = 1; - return; - } + } + if (cipher <= 0) { + fprintf(stderr, "strsclnt: Invalid cipher letter: %c\n", + *startCipher); + failed_already = 1; + return; + } + } + rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE); + if (rv != SECSuccess) { + fprintf(stderr, + "strsclnt: SSL_CipherPrefSetDefault(0x%04x) failed\n", + cipher); + failed_already = 1; + return; + } } } @@ -1140,19 +1140,19 @@ client_main( model_sock = PR_OpenTCPSocket(addr.raw.family); if (model_sock == NULL) { - errExit("PR_OpenTCPSocket for model socket"); + errExit("PR_OpenTCPSocket for model socket"); } model_sock = SSL_ImportFD(NULL, model_sock); if (model_sock == NULL) { - errExit("SSL_ImportFD"); + errExit("SSL_ImportFD"); } /* do SSL configuration. */ rv = SSL_OptionSet(model_sock, SSL_SECURITY, enabledVersions.min != 0); if (rv < 0) { - errExit("SSL_OptionSet SSL_SECURITY"); + errExit("SSL_OptionSet SSL_SECURITY"); } rv = SSL_VersionRangeSet(model_sock, &enabledVersions); @@ -1161,66 +1161,66 @@ client_main( } if (bigBuf.data) { /* doing FDX */ - rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_ENABLE_FDX"); - } + rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1); + if (rv < 0) { + errExit("SSL_OptionSet SSL_ENABLE_FDX"); + } } if (NoReuse) { - rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_NO_CACHE"); - } + rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1); + if (rv < 0) { + errExit("SSL_OptionSet SSL_NO_CACHE"); + } } if (bypassPKCS11) { - rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_BYPASS_PKCS11"); - } + rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, 1); + if (rv < 0) { + errExit("SSL_OptionSet SSL_BYPASS_PKCS11"); + } } if (disableLocking) { rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, 1); - if (rv < 0) { - errExit("SSL_OptionSet SSL_NO_LOCKS"); - } + if (rv < 0) { + errExit("SSL_OptionSet SSL_NO_LOCKS"); + } } if (enableSessionTickets) { - rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); - if (rv != SECSuccess) - errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS"); + rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); + if (rv != SECSuccess) + errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS"); } if (enableCompression) { - rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE); - if (rv != SECSuccess) - errExit("SSL_OptionSet SSL_ENABLE_DEFLATE"); + rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE); + if (rv != SECSuccess) + errExit("SSL_OptionSet SSL_ENABLE_DEFLATE"); } if (enableFalseStart) { - rv = SSL_OptionSet(model_sock, SSL_ENABLE_FALSE_START, PR_TRUE); - if (rv != SECSuccess) - errExit("SSL_OptionSet SSL_ENABLE_FALSE_START"); + rv = SSL_OptionSet(model_sock, SSL_ENABLE_FALSE_START, PR_TRUE); + if (rv != SECSuccess) + errExit("SSL_OptionSet SSL_ENABLE_FALSE_START"); } if (enableCertStatus) { - rv = SSL_OptionSet(model_sock, SSL_ENABLE_OCSP_STAPLING, PR_TRUE); - if (rv != SECSuccess) - errExit("SSL_OptionSet SSL_ENABLE_OCSP_STAPLING"); + rv = SSL_OptionSet(model_sock, SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + if (rv != SECSuccess) + errExit("SSL_OptionSet SSL_ENABLE_OCSP_STAPLING"); } SSL_SetPKCS11PinArg(model_sock, &pwdata); SSL_SetURL(model_sock, hostName); - SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, - (void *)CERT_GetDefaultCertDB()); + SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, + (void *)CERT_GetDefaultCertDB()); SSL_BadCertHook(model_sock, myBadCertHandler, NULL); - SSL_GetClientAuthDataHook(model_sock, StressClient_GetClientAuthData, (void*)Cert_And_Key); + SSL_GetClientAuthDataHook(model_sock, StressClient_GetClientAuthData, (void *)Cert_And_Key); if (sniHostName) { SSL_SetURL(model_sock, sniHostName); @@ -1238,18 +1238,18 @@ client_main( if (!NoReuse) { remaining_connections = 1; - launch_thread(do_connects, &addr, model_sock, 0); - /* wait for the first connection to terminate, then launch the rest. */ - reap_threads(); - remaining_connections = total_connections - 1 ; + launch_thread(do_connects, &addr, model_sock, 0); + /* wait for the first connection to terminate, then launch the rest. */ + reap_threads(); + remaining_connections = total_connections - 1; } if (remaining_connections > 0) { - active_threads = PR_MIN(active_threads, remaining_connections); - /* Start up the threads */ - for (i=0;i<active_threads;i++) { - launch_thread(do_connects, &addr, model_sock, i); - } - reap_threads(); + active_threads = PR_MIN(active_threads, remaining_connections); + /* Start up the threads */ + for (i = 0; i < active_threads; i++) { + launch_thread(do_connects, &addr, model_sock, i); + } + reap_threads(); } destroy_thread_data(); @@ -1257,40 +1257,40 @@ client_main( } SECStatus -readBigFile(const char * fileName) +readBigFile(const char *fileName) { - PRFileInfo info; - PRStatus status; - SECStatus rv = SECFailure; - int count; - int hdrLen; + PRFileInfo info; + PRStatus status; + SECStatus rv = SECFailure; + int count; + int hdrLen; PRFileDesc *local_file_fd = NULL; status = PR_GetFileInfo(fileName, &info); if (status == PR_SUCCESS && - info.type == PR_FILE_FILE && - info.size > 0 && - NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) { - - hdrLen = PORT_Strlen(outHeader); - bigBuf.len = hdrLen + info.size; - bigBuf.data = PORT_Malloc(bigBuf.len + 4095); - if (!bigBuf.data) { - errWarn("PORT_Malloc"); - goto done; - } - - PORT_Memcpy(bigBuf.data, outHeader, hdrLen); - - count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size); - if (count != info.size) { - errWarn("PR_Read local file"); - goto done; - } - rv = SECSuccess; -done: - PR_Close(local_file_fd); + info.type == PR_FILE_FILE && + info.size > 0 && + NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) { + + hdrLen = PORT_Strlen(outHeader); + bigBuf.len = hdrLen + info.size; + bigBuf.data = PORT_Malloc(bigBuf.len + 4095); + if (!bigBuf.data) { + errWarn("PORT_Malloc"); + goto done; + } + + PORT_Memcpy(bigBuf.data, outHeader, hdrLen); + + count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size); + if (count != info.size) { + errWarn("PR_Read local file"); + goto done; + } + rv = SECSuccess; + done: + PR_Close(local_file_fd); } return rv; } @@ -1298,144 +1298,187 @@ done: int main(int argc, char **argv) { - const char * dir = "."; - const char * fileName = NULL; - char * hostName = NULL; - char * nickName = NULL; - char * tmp = NULL; - int connections = 1; - int exitVal; - int tmpInt; - unsigned short port = 443; - SECStatus rv; - PLOptState * optstate; - PLOptStatus status; - cert_and_key Cert_And_Key; - char * sniHostName = NULL; + const char *dir = "."; + const char *fileName = NULL; + char *hostName = NULL; + char *nickName = NULL; + char *tmp = NULL; + int connections = 1; + int exitVal; + int tmpInt; + unsigned short port = 443; + SECStatus rv; + PLOptState *optstate; + PLOptStatus status; + cert_and_key Cert_And_Key; + char *sniHostName = NULL; /* Call the NSPR initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); - tmp = strrchr(argv[0], '/'); - tmp = tmp ? tmp + 1 : argv[0]; + tmp = strrchr(argv[0], '/'); + tmp = tmp ? tmp + 1 : argv[0]; progName = strrchr(tmp, '\\'); progName = progName ? progName + 1 : tmp; - optstate = PL_CreateOptState(argc, argv, "BC:DNP:TUV:W:a:c:d:f:gin:op:qst:uvw:z"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 'B': bypassPKCS11 = PR_TRUE; break; - - case 'C': cipherString = optstate->value; break; - - case 'D': NoDelay = PR_TRUE; break; - - case 'I': /* reserved for OCSP multi-stapling */ break; - - case 'N': NoReuse = 1; break; - - case 'P': fullhs = PORT_Atoi(optstate->value); break; - - case 'T': enableCertStatus = PR_TRUE; break; - - case 'U': ThrottleUp = PR_TRUE; break; - - case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value, - enabledVersions, &enabledVersions) != SECSuccess) { - Usage(progName); - } - break; - - case 'a': sniHostName = PL_strdup(optstate->value); break; - - case 'c': connections = PORT_Atoi(optstate->value); break; - - case 'd': dir = optstate->value; break; - - case 'f': fileName = optstate->value; break; - - case 'g': enableFalseStart = PR_TRUE; break; - - case 'i': ignoreErrors = PR_TRUE; break; - - case 'n': nickName = PL_strdup(optstate->value); break; - - case 'o': MakeCertOK++; break; - - case 'p': port = PORT_Atoi(optstate->value); break; - - case 'q': QuitOnTimeout = PR_TRUE; break; - - case 's': disableLocking = PR_TRUE; break; - - case 't': - tmpInt = PORT_Atoi(optstate->value); - if (tmpInt > 0 && tmpInt < MAX_THREADS) - max_threads = active_threads = tmpInt; - break; - - case 'u': enableSessionTickets = PR_TRUE; break; - - case 'v': verbose++; break; - - case 'w': - pwdata.source = PW_PLAINTEXT; - pwdata.data = PL_strdup(optstate->value); - break; - - case 'W': - pwdata.source = PW_FROMFILE; - pwdata.data = PL_strdup(optstate->value); - break; - - case 'z': enableCompression = PR_TRUE; break; - - case 0: /* positional parameter */ - if (hostName) { - Usage(progName); - } - hostName = PL_strdup(optstate->value); - break; - - default: - case '?': - Usage(progName); - break; + switch (optstate->option) { + case 'B': + bypassPKCS11 = PR_TRUE; + break; + + case 'C': + cipherString = optstate->value; + break; + + case 'D': + NoDelay = PR_TRUE; + break; + + case 'I': /* reserved for OCSP multi-stapling */ + break; + + case 'N': + NoReuse = 1; + break; + + case 'P': + fullhs = PORT_Atoi(optstate->value); + break; + + case 'T': + enableCertStatus = PR_TRUE; + break; + + case 'U': + ThrottleUp = PR_TRUE; + break; + + case 'V': + if (SECU_ParseSSLVersionRangeString(optstate->value, + enabledVersions, &enabledVersions) != + SECSuccess) { + Usage(progName); + } + break; + + case 'a': + sniHostName = PL_strdup(optstate->value); + break; + + case 'c': + connections = PORT_Atoi(optstate->value); + break; + + case 'd': + dir = optstate->value; + break; + + case 'f': + fileName = optstate->value; + break; + + case 'g': + enableFalseStart = PR_TRUE; + break; + + case 'i': + ignoreErrors = PR_TRUE; + break; + + case 'n': + nickName = PL_strdup(optstate->value); + break; + + case 'o': + MakeCertOK++; + break; + + case 'p': + port = PORT_Atoi(optstate->value); + break; + + case 'q': + QuitOnTimeout = PR_TRUE; + break; + + case 's': + disableLocking = PR_TRUE; + break; + + case 't': + tmpInt = PORT_Atoi(optstate->value); + if (tmpInt > 0 && tmpInt < MAX_THREADS) + max_threads = active_threads = tmpInt; + break; + + case 'u': + enableSessionTickets = PR_TRUE; + break; + + case 'v': + verbose++; + break; + + case 'w': + pwdata.source = PW_PLAINTEXT; + pwdata.data = PL_strdup(optstate->value); + break; + + case 'W': + pwdata.source = PW_FROMFILE; + pwdata.data = PL_strdup(optstate->value); + break; + + case 'z': + enableCompression = PR_TRUE; + break; + + case 0: /* positional parameter */ + if (hostName) { + Usage(progName); + } + hostName = PL_strdup(optstate->value); + break; - } + default: + case '?': + Usage(progName); + break; + } } PL_DestroyOptState(optstate); if (!hostName || status == PL_OPT_BAD) - Usage(progName); + Usage(progName); - if (fullhs!= NO_FULLHS_PERCENTAGE && (fullhs < 0 || fullhs>100 || NoReuse) ) + if (fullhs != NO_FULLHS_PERCENTAGE && (fullhs < 0 || fullhs > 100 || NoReuse)) Usage(progName); if (port == 0) - Usage(progName); + Usage(progName); if (fileName) - readBigFile(fileName); + readBigFile(fileName); PK11_SetPasswordFunc(SECU_GetModulePassword); tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT"); if (tmp && tmp[0]) { int sec = PORT_Atoi(tmp); - if (sec > 0) { - maxInterval = PR_SecondsToInterval(sec); - } + if (sec > 0) { + maxInterval = PR_SecondsToInterval(sec); + } } /* Call the NSS initialization routines */ rv = NSS_Initialize(dir, "", "", SECMOD_DB, NSS_INIT_READONLY); if (rv != SECSuccess) { - fputs("NSS_Init failed.\n", stderr); - exit(1); + fputs("NSS_Init failed.\n", stderr); + exit(1); } ssl3stats = SSL_GetStatistics(); Cert_And_Key.lock = PR_NewLock(); @@ -1446,17 +1489,16 @@ main(int argc, char **argv) if (PR_FALSE == FindCertAndKey(&Cert_And_Key)) { - if (Cert_And_Key.cert == NULL) { - fprintf(stderr, "strsclnt: Can't find certificate %s\n", Cert_And_Key.nickname); - exit(1); - } - - if (Cert_And_Key.key == NULL) { - fprintf(stderr, "strsclnt: Can't find Private Key for cert %s\n", - Cert_And_Key.nickname); - exit(1); - } + if (Cert_And_Key.cert == NULL) { + fprintf(stderr, "strsclnt: Can't find certificate %s\n", Cert_And_Key.nickname); + exit(1); + } + if (Cert_And_Key.key == NULL) { + fprintf(stderr, "strsclnt: Can't find Private Key for cert %s\n", + Cert_And_Key.nickname); + exit(1); + } } client_main(port, connections, &Cert_And_Key, hostName, @@ -1464,10 +1506,10 @@ main(int argc, char **argv) /* clean up */ if (Cert_And_Key.cert) { - CERT_DestroyCertificate(Cert_And_Key.cert); + CERT_DestroyCertificate(Cert_And_Key.cert); } if (Cert_And_Key.key) { - SECKEY_DestroyPrivateKey(Cert_And_Key.key); + SECKEY_DestroyPrivateKey(Cert_And_Key.key); } PR_DestroyLock(Cert_And_Key.lock); @@ -1486,31 +1528,31 @@ main(int argc, char **argv) /* some final stats. */ printf( - "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n" - " %ld stateless resumes\n", + "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n" + " %ld stateless resumes\n", ssl3stats->hsh_sid_cache_hits, ssl3stats->hsh_sid_cache_misses, ssl3stats->hsh_sid_cache_not_ok, ssl3stats->hsh_sid_stateless_resumes); if (!NoReuse) { - if (enableSessionTickets) - exitVal = (ssl3stats->hsh_sid_stateless_resumes == 0); - else - exitVal = (ssl3stats->hsh_sid_cache_misses > 1) || - (ssl3stats->hsh_sid_stateless_resumes != 0); - if (!exitVal) - exitVal = (ssl3stats->hsh_sid_cache_not_ok != 0) || - (certsTested > 1); + if (enableSessionTickets) + exitVal = (ssl3stats->hsh_sid_stateless_resumes == 0); + else + exitVal = (ssl3stats->hsh_sid_cache_misses > 1) || + (ssl3stats->hsh_sid_stateless_resumes != 0); + if (!exitVal) + exitVal = (ssl3stats->hsh_sid_cache_not_ok != 0) || + (certsTested > 1); } else { - printf("strsclnt: NoReuse - %d server certificates tested.\n", + printf("strsclnt: NoReuse - %d server certificates tested.\n", certsTested); exitVal = (ssl3stats->hsh_sid_cache_misses != connections) || - (ssl3stats->hsh_sid_stateless_resumes != 0) || - (certsTested != connections); + (ssl3stats->hsh_sid_stateless_resumes != 0) || + (certsTested != connections); } - exitVal = ( exitVal || failed_already ); + exitVal = (exitVal || failed_already); SSL_ClearSessionCache(); if (NSS_Shutdown() != SECSuccess) { printf("strsclnt: NSS_Shutdown() failed.\n"); @@ -1520,4 +1562,3 @@ main(int argc, char **argv) PR_Cleanup(); return exitVal; } - |