diff --git a/apps/ca.c b/apps/ca.c index 1a0ed2614072e1588cb4e3f38a1a602a6ac4d97b..a20ba44c0969fe2c7fb4d86d22c4351cc9a7b98f 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -160,7 +160,7 @@ OPTIONS ca_options[] = { {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"}, {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"}, {"create_serial", OPT_CREATE_SERIAL, '-', - "If reading serial fails, create a new random serial"}, + "If reading serial fails, create a new random serial"}, {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', "Enable support for multivalued RDNs"}, {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"}, @@ -498,7 +498,7 @@ end_of_options: /* report status of cert with serial number given on command line */ if (ser_status) { dbfile = lookup_conf(conf, section, ENV_DATABASE); - if (dbfile == NULL) + if (dbfile == NULL) goto end; db = load_index(dbfile, &db_attr); diff --git a/apps/s_client.c b/apps/s_client.c index 13fa7127fd4edadcc02a5194f6c448647f4cd513..c721dfd57e2a26ab8228d5d354875bb45c9404f8 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -132,7 +132,6 @@ static void do_ssl_shutdown(SSL *ssl) } while (ret < 0); } - #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ static char *psk_identity = "Client_identity"; @@ -392,7 +391,7 @@ static ossl_ssize_t hexdecode(const char **inptr, void *result) { unsigned char **out = (unsigned char **)result; const char *in = *inptr; - unsigned char *ret = app_malloc(strlen(in)/2, "hexdecode"); + unsigned char *ret = app_malloc(strlen(in) / 2, "hexdecode"); unsigned char *cp = ret; uint8_t byte; int nibble = 0; @@ -542,7 +541,8 @@ typedef enum OPTION_choice { OPT_SSL3, OPT_SSL_CONFIG, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, - OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, + OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, + OPT_VERIFYCAPATH, OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, @@ -888,14 +888,14 @@ int s_client_main(int argc, char **argv) /* Check for intermixing flags. */ if (connect_type == use_unix && IS_INET_FLAG(o)) { BIO_printf(bio_err, - "%s: Intermixed protocol flags (unix and internet domains)\n", - prog); + "%s: Intermixed protocol flags (unix and internet domains)\n", + prog); goto end; } if (connect_type == use_inet && IS_UNIX_FLAG(o)) { BIO_printf(bio_err, - "%s: Intermixed protocol flags (internet and unix domains)\n", - prog); + "%s: Intermixed protocol flags (internet and unix domains)\n", + prog); goto end; } @@ -906,8 +906,8 @@ int s_client_main(int argc, char **argv) if (IS_NO_PROT_FLAG(o)) no_prot_opt++; if (prot_opt == 1 && no_prot_opt) { - BIO_printf(bio_err, "Cannot supply both a protocol flag and " - "\"-no_\"\n"); + BIO_printf(bio_err, + "Cannot supply both a protocol flag and '-no_'\n"); goto end; } @@ -1335,8 +1335,8 @@ int s_client_main(int argc, char **argv) if (tmp_port != port) OPENSSL_free(tmp_port); if (!res) { - BIO_printf(bio_err, "%s: -proxy argument malformed or ambiguous\n", - prog); + BIO_printf(bio_err, + "%s: -proxy argument malformed or ambiguous\n", prog); goto end; } } else { @@ -1475,8 +1475,8 @@ int s_client_main(int argc, char **argv) if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", ssl_config); - ERR_print_errors(bio_err); - goto end; + ERR_print_errors(bio_err); + goto end; } } @@ -1529,8 +1529,7 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_PSK if (psk_key != NULL) { if (c_debug) - BIO_printf(bio_c_out, - "PSK key given, setting client callback\n"); + BIO_printf(bio_c_out, "PSK key given, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } #endif @@ -1562,7 +1561,7 @@ int s_client_main(int argc, char **argv) } /* Returns 0 on success! */ if (SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len) != 0) { - BIO_printf(bio_err, "Error setting ALPN\n"); + BIO_printf(bio_err, "Error setting ALPN\n"); goto end; } OPENSSL_free(alpn); @@ -1574,8 +1573,8 @@ int s_client_main(int argc, char **argv) NULL, NULL, NULL, serverinfo_cli_parse_cb, NULL)) { BIO_printf(bio_err, - "Warning: Unable to add custom extension %u, skipping\n", - serverinfo_types[i]); + "Warning: Unable to add custom extension %u, skipping\n", + serverinfo_types[i]); } } @@ -1643,7 +1642,8 @@ int s_client_main(int argc, char **argv) if (dane_tlsa_domain != NULL) { if (SSL_CTX_dane_enable(ctx) <= 0) { BIO_printf(bio_err, - "%s: Error enabling DANE TLSA authentication.\n", prog); + "%s: Error enabling DANE TLSA authentication.\n", + prog); ERR_print_errors(bio_err); goto end; } @@ -1708,8 +1708,7 @@ int s_client_main(int argc, char **argv) } re_start: - if (init_client(&s, host, port, socket_family, socket_type) == 0) - { + if (init_client(&s, host, port, socket_family, socket_type) == 0) { BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); BIO_closesocket(s); goto end; @@ -2573,7 +2572,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) #endif BIO_printf(bio, - "---\nSSL handshake has read %"PRIu64" bytes and written %"PRIu64" bytes\n", + "---\nSSL handshake has read %" PRIu64 + " bytes and written %" PRIu64 " bytes\n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); } @@ -2650,8 +2650,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) #endif SSL_SESSION_print(bio, SSL_get_session(s)); - if ((SSL_get_session(s) != NULL) && - (keymatexportlabel != NULL)) { + if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); @@ -2702,4 +2701,4 @@ static int ocsp_resp_cb(SSL *s, void *arg) } # endif -#endif /* OPENSSL_NO_SOCK */ +#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/s_server.c b/apps/s_server.c index 864ac99d316f5437d052732372b1ae5f429cd7e4..742cb834147ec99a59ade1fa695123ac8bac9adb 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -107,7 +107,7 @@ static DH *load_dh_param(const char *dhfile); /* static int load_CA(SSL_CTX *ctx, char *file);*/ -static const int bufsize = 16*1024; +static const int bufsize = 16 * 1024; static int accept_socket = -1; #define TEST_CERT "server.pem" @@ -246,7 +246,7 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) p->login, p->user->info); ret = SSL_ERROR_NONE; -err: + err: SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; @@ -280,8 +280,8 @@ static const BIO_METHOD *BIO_f_ebcdic_filter() { if (methods_ebcdic == NULL) { methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER, - "EBCDIC/ASCII filter"); - if ( methods_ebcdic == NULL + "EBCDIC/ASCII filter"); + if (methods_ebcdic == NULL || !BIO_meth_set_write(methods_ebcdic, ebcdic_write) || !BIO_meth_set_read(methods_ebcdic, ebcdic_read) || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts) @@ -769,7 +769,7 @@ OPTIONS s_server_options[] = { {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"}, {"ext_cache", OPT_EXT_CACHE, '-', "Disable internal cache, setup and use external cache"}, - {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default" }, + {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"}, {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', "Close connection on verification error"}, {"verify_quiet", OPT_VERIFY_QUIET, '-', @@ -796,12 +796,12 @@ OPTIONS s_server_options[] = { "Print output from SSL/TLS security framework"}, {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', "Print more output from SSL/TLS security framework"}, - {"brief", OPT_BRIEF, '-', \ + {"brief", OPT_BRIEF, '-', "Restrict output to brief summary of connection parameters"}, {"rev", OPT_REV, '-', "act as a simple test server which just sends back with the received text reversed"}, {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, - {"ssl_config", OPT_SSL_CONFIG, 's', \ + {"ssl_config", OPT_SSL_CONFIG, 's', "Configure SSL_CTX using the configuration 'val'"}, {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n', "Size used to split data for encrypt pipelines"}, @@ -954,7 +954,8 @@ int s_server_main(int argc, char *argv[]) vpm = X509_VERIFY_PARAM_new(); if (cctx == NULL || vpm == NULL) goto end; - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); + SSL_CONF_CTX_set_flags(cctx, + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); prog = opt_init(argc, argv, s_server_options); while ((o = opt_next()) != OPT_EOF) { @@ -965,8 +966,8 @@ int s_server_main(int argc, char *argv[]) if (IS_NO_PROT_FLAG(o)) no_prot_opt++; if (prot_opt == 1 && no_prot_opt) { - BIO_printf(bio_err, "Cannot supply both a protocol flag and " - "\"-no_\"\n"); + BIO_printf(bio_err, + "Cannot supply both a protocol flag and '-no_'\n"); goto end; } switch (o) { @@ -1613,8 +1614,8 @@ int s_server_main(int argc, char *argv[]) if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", ssl_config); - ERR_print_errors(bio_err); - goto end; + ERR_print_errors(bio_err); + goto end; } } if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) @@ -1659,7 +1660,6 @@ int s_server_main(int argc, char *argv[]) if (read_buf_len > 0) { SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); } - #ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) { /* Returns 0 on success! */ @@ -1834,8 +1834,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_PSK if (psk_key != NULL) { if (s_debug) - BIO_printf(bio_s_out, - "PSK key given, setting server callback\n"); + BIO_printf(bio_s_out, "PSK key given, setting server callback\n"); SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); } @@ -1848,8 +1847,8 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx, - (void *)&s_server_session_id_context, - sizeof s_server_session_id_context)) { + (void *)&s_server_session_id_context, + sizeof s_server_session_id_context)) { BIO_printf(bio_err, "error setting session id context\n"); ERR_print_errors(bio_err); goto end; @@ -2026,8 +2025,8 @@ static int sv_body(int s, int stype, unsigned char *context) } if (context - && !SSL_set_session_id_context(con, - context, strlen((char *)context))) { + && !SSL_set_session_id_context(con, + context, strlen((char *)context))) { BIO_printf(bio_err, "Error setting session id context\n"); ret = -1; goto err; @@ -2465,10 +2464,11 @@ static int init_ssl_connection(SSL *con) retry = BIO_sock_should_retry(i); #ifdef CERT_CB_TEST_RETRY { - while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP + while (i <= 0 + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { BIO_printf(bio_err, - "LOOKUP from certificate callback during accept\n"); + "LOOKUP from certificate callback during accept\n"); i = SSL_accept(con); if (i <= 0) retry = BIO_sock_should_retry(i); @@ -2477,7 +2477,8 @@ static int init_ssl_connection(SSL *con) #endif #ifndef OPENSSL_NO_SRP - while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + while (i <= 0 + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); SRP_user_pwd_free(srp_callback_parm.user); @@ -2584,7 +2585,7 @@ static int init_ssl_connection(SSL *con) OPENSSL_free(exportedkeymat); } - (void)BIO_flush(bio_s_out); + (void)BIO_flush(bio_s_out); return (1); } @@ -2645,8 +2646,9 @@ static int www_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (context && !SSL_set_session_id_context(con, context, - strlen((char *)context))) + if (context + && !SSL_set_session_id_context(con, context, + strlen((char *)context))) goto err; sbio = BIO_new_socket(s, BIO_NOCLOSE); @@ -2743,7 +2745,8 @@ static int www_body(int s, int stype, unsigned char *context) openssl_fdset(s, &readfds); i = select(width, (void *)&readfds, NULL, NULL, NULL); if (i <= 0 || !FD_ISSET(s, &readfds)) { - BIO_printf(bio_s_out, "Error waiting for client response\n"); + BIO_printf(bio_s_out, + "Error waiting for client response\n"); ERR_print_errors(bio_err); goto err; } @@ -2949,7 +2952,8 @@ static int www_body(int s, int stype, unsigned char *context) #endif k = BIO_write(io, &(buf[j]), i - j); if (k <= 0) { - if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) + if (!BIO_should_retry(io) + && !SSL_waiting_for_async(con)) goto write_error; else { BIO_printf(bio_s_out, "rwrite W BLOCK\n"); @@ -3010,8 +3014,9 @@ static int rev_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (context - && !SSL_set_session_id_context(con, context, strlen((char *)context))) { + if (context + && !SSL_set_session_id_context(con, context, + strlen((char *)context))) { ERR_print_errors(bio_err); goto err; } @@ -3279,4 +3284,4 @@ static void free_sessions(void) first = NULL; } -#endif /* OPENSSL_NO_SOCK */ +#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/speed.c b/apps/speed.c index 0c996f070c4895490436f14a15b8330d26cd8205..0097ebdbd8e9c781cbdea9c9931a9b0f64447870 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -347,7 +347,7 @@ static double Time_F(int s) static void multiblock_speed(const EVP_CIPHER *evp_cipher); -static int found(const char *name, const OPT_PAIR * pairs, int *result) +static int found(const char *name, const OPT_PAIR *pairs, int *result) { for (; pairs->name; pairs++) if (strcmp(name, pairs->name) == 0) { @@ -372,7 +372,7 @@ OPTIONS speed_options[] = { "Time decryption instead of encryption (only EVP)"}, {"mr", OPT_MR, '-', "Produce machine readable output"}, {"mb", OPT_MB, '-', - "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, + "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, {"elapsed", OPT_ELAPSED, '-', "Measure time in real time instead of CPU user time"}, @@ -380,7 +380,8 @@ OPTIONS speed_options[] = { {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, #endif #ifndef OPENSSL_NO_ASYNC - {"async_jobs", OPT_ASYNCJOBS, 'p', "Enable async mode and start pnum jobs"}, + {"async_jobs", OPT_ASYNCJOBS, 'p', + "Enable async mode and start pnum jobs"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -430,8 +431,6 @@ static OPT_PAIR doit_choices[] = { #endif #ifndef OPENSSL_NO_MD5 {"md5", D_MD5}, -#endif -#ifndef OPENSSL_NO_MD5 {"hmac", D_HMAC}, #endif {"sha1", D_SHA1}, @@ -555,6 +554,7 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab571", R_EC_B571}, {NULL} }; + static OPT_PAIR ecdh_choices[] = { {"ecdhp160", R_EC_P160}, {"ecdhp192", R_EC_P192}, @@ -1067,8 +1067,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); } -#endif /* ndef OPENSSL_NO_EC */ - +#endif /* OPENSSL_NO_EC */ static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs) @@ -1359,7 +1358,7 @@ int speed_main(int argc, char **argv) int ecdsa_doit[EC_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; -#endif /* ndef OPENSSL_NO_EC */ +#endif /* ndef OPENSSL_NO_EC */ prog = opt_init(argc, argv, speed_options); while ((o = opt_next()) != OPT_EOF) { @@ -1571,8 +1570,10 @@ int speed_main(int argc, char **argv) for (i = 0; i < ALGOR_NUM; i++) if (i != D_EVP) doit[i] = 1; +#ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) rsa_doit[i] = 1; +#endif #ifndef OPENSSL_NO_DSA for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 1; @@ -1901,11 +1902,9 @@ int speed_main(int argc, char **argv) print_result(D_MD5, testnum, count, d); } } -#endif -#ifndef OPENSSL_NO_MD5 if (doit[D_HMAC]) { - char hmac_key[] = "This is a key..."; + static const char hmac_key[] = "This is a key..."; int len = strlen(hmac_key); for (i = 0; i < loopargs_len; i++) { @@ -2372,7 +2371,7 @@ int speed_main(int argc, char **argv) rsa_doit[testnum] = 0; } } -#endif +#endif /* OPENSSL_NO_RSA */ for (i = 0; i < loopargs_len; i++) RAND_bytes(loopargs[i].buf, 36); @@ -2443,7 +2442,7 @@ int speed_main(int argc, char **argv) dsa_doit[testnum] = 0; } } -#endif +#endif /* OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_EC if (RAND_status() != 1) { @@ -2625,7 +2624,7 @@ int speed_main(int argc, char **argv) ecdh_doit[testnum] = 0; } } -#endif +#endif /* OPENSSL_NO_EC */ #ifndef NO_FORK show_res: #endif @@ -2997,11 +2996,7 @@ static int do_multi(int multi) 1 / (1 / ecdsa_results[k][1] + 1 / d); else ecdsa_results[k][1] = d; - } -# endif - -# ifndef OPENSSL_NO_EC - else if (strncmp(buf, "+F5:", 4) == 0) { + } else if (strncmp(buf, "+F5:", 4) == 0) { int k; double d;