diff options
| author |   jsing <jsing@openbsd.org> | 2014-04-14 13:10:35 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-04-14 13:10:35 +0000 |
| commit | 35fb06776ce30f160c3ccd100d55f2fa3b81cb24 (patch) | |
| tree | 618eded092453257d783393140615515887e0ab3 /lib/libssl/ssl_sess.c | |
| parent | Adapt relayd to use AgentX protocol to send traps (diff) | |
| download | wireguard-openbsd-35fb06776ce30f160c3ccd100d55f2fa3b81cb24.tar.xz wireguard-openbsd-35fb06776ce30f160c3ccd100d55f2fa3b81cb24.zip | |
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.
Diffstat (limited to 'lib/libssl/ssl_sess.c')
| -rw-r--r-- | lib/libssl/ssl_sess.c | 1094 |
1 files changed, 539 insertions, 555 deletions
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index ad40fadd02c..b29115862b9 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -144,68 +144,74 @@ #include "ssl_locl.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); -static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); +static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); -SSL_SESSION *SSL_get_session(const SSL *ssl) +SSL_SESSION +*SSL_get_session(const SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ - { - return(ssl->session); - } +{ + return (ssl->session); +} -SSL_SESSION *SSL_get1_session(SSL *ssl) +SSL_SESSION +*SSL_get1_session(SSL *ssl) /* variant of SSL_get_session: caller really gets something */ - { +{ SSL_SESSION *sess; /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; - if(sess) + if (sess) sess->references++; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); - return(sess); - } + return (sess); +} -int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } +int +SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); +} -void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } +void +*SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) +{ + return (CRYPTO_get_ex_data(&s->ex_data, idx)); +} -SSL_SESSION *SSL_SESSION_new(void) - { +SSL_SESSION +*SSL_SESSION_new(void) +{ SSL_SESSION *ss; - ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); - if (ss == NULL) - { - SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(ss,0,sizeof(SSL_SESSION)); + ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); + if (ss == NULL) { + SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); + return (0); + } + memset(ss, 0, sizeof(SSL_SESSION)); ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ - ss->references=1; + ss->references = 1; ss->timeout=60*5+4; /* 5 minute timeout by default */ - ss->time=(unsigned long)time(NULL); - ss->prev=NULL; - ss->next=NULL; - ss->compress_meth=0; + ss->time = (unsigned long)time(NULL); + ss->prev = NULL; + ss->next = NULL; + ss->compress_meth = 0; #ifndef OPENSSL_NO_TLSEXT - ss->tlsext_hostname = NULL; + ss->tlsext_hostname = NULL; + #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; ss->tlsext_ecpointformatlist = NULL; @@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void) #endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); #ifndef OPENSSL_NO_PSK - ss->psk_identity_hint=NULL; - ss->psk_identity=NULL; + ss->psk_identity_hint = NULL; + ss->psk_identity = NULL; #endif #ifndef OPENSSL_NO_SRP - ss->srp_username=NULL; + ss->srp_username = NULL; #endif - return(ss); - } + return (ss); +} -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if(len) +const unsigned char +*SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) +{ + if (len) *len = s->session_id_length; return s->session_id; - } +} -unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) - { +unsigned int +SSL_SESSION_get_compress_id(const SSL_SESSION *s) +{ return s->compress_meth; - } +} /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly @@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) * store that many sessions is perhaps a more interesting question ... */ #define MAX_SESS_ID_ATTEMPTS 10 -static int def_generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len) +static int +def_generate_session_id(const SSL *ssl, unsigned char *id, + unsigned int *id_len) { unsigned int retry = 0; do - if (RAND_pseudo_bytes(id, *id_len) <= 0) - return 0; - while(SSL_has_matching_session_id(ssl, id, *id_len) && - (++retry < MAX_SESS_ID_ATTEMPTS)); - if(retry < MAX_SESS_ID_ATTEMPTS) + if (RAND_pseudo_bytes(id, *id_len) <= 0) + return 0; + while (SSL_has_matching_session_id(ssl, id, *id_len) && + (++retry < MAX_SESS_ID_ATTEMPTS)); + if (retry < MAX_SESS_ID_ATTEMPTS) return 1; /* else - woops a session_id match */ /* XXX We should also check the external cache -- @@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, return 0; } -int ssl_get_new_session(SSL *s, int session) - { +int +ssl_get_new_session(SSL *s, int session) +{ /* This gets used by clients and servers. */ unsigned int tmp; - SSL_SESSION *ss=NULL; + SSL_SESSION *ss = NULL; GEN_SESSION_CB cb = def_generate_session_id; - if ((ss=SSL_SESSION_new()) == NULL) return(0); + if ((ss = SSL_SESSION_new()) == NULL) return (0); /* If the context has a default timeout, use it */ if (s->session_ctx->session_timeout == 0) - ss->timeout=SSL_get_default_timeout(s); + ss->timeout = SSL_get_default_timeout(s); else - ss->timeout=s->session_ctx->session_timeout; + ss->timeout = s->session_ctx->session_timeout; - if (s->session != NULL) - { + if (s->session != NULL) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - if (session) - { - if (s->version == SSL2_VERSION) - { - ss->ssl_version=SSL2_VERSION; - ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - } - else if (s->version == SSL3_VERSION) - { - ss->ssl_version=SSL3_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_VERSION) - { - ss->ssl_version=TLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_1_VERSION) - { - ss->ssl_version=TLS1_1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_2_VERSION) - { - ss->ssl_version=TLS1_2_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_BAD_VER) - { - ss->ssl_version=DTLS1_BAD_VER; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_VERSION) - { - ss->ssl_version=DTLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); + if (session) { + if (s->version == SSL2_VERSION) { + ss->ssl_version = SSL2_VERSION; + ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; + } else if (s->version == SSL3_VERSION) { + ss->ssl_version = SSL3_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_VERSION) { + ss->ssl_version = TLS1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_1_VERSION) { + ss->ssl_version = TLS1_1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_2_VERSION) { + ss->ssl_version = TLS1_2_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_BAD_VER) { + ss->ssl_version = DTLS1_BAD_VER; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_VERSION) { + ss->ssl_version = DTLS1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else { + SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); SSL_SESSION_free(ss); - return(0); - } + return (0); + } #ifndef OPENSSL_NO_TLSEXT /* If RFC4507 ticket use empty session ID */ - if (s->tlsext_ticket_expected) - { + if (s->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; - } + } #endif /* Choose which callback will set the session ID */ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - if(s->generate_session_id) + if (s->generate_session_id) cb = s->generate_session_id; - else if(s->session_ctx->generate_session_id) + else if (s->session_ctx->generate_session_id) cb = s->session_ctx->generate_session_id; CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); /* Choose a session ID */ tmp = ss->session_id_length; - if(!cb(s, ss->session_id, &tmp)) - { + if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); SSL_SESSION_free(ss); - return(0); - } + return (0); + } /* Don't allow the callback to set the session length to zero. * nor set it higher than it was. */ - if(!tmp || (tmp > ss->session_id_length)) - { + if (!tmp || (tmp > ss->session_id_length)) { /* The callback set an illegal length */ SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); + SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); SSL_SESSION_free(ss); - return(0); - } + return (0); + } /* If the session length was shrunk and we're SSLv2, pad it */ - if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) + if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); else ss->session_id_length = tmp; /* Finally, check for a conflict */ - if(SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) - { + if (SSL_has_matching_session_id(s, ss->session_id, + ss->session_id_length)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CONFLICT); + SSL_R_SSL_SESSION_ID_CONFLICT); SSL_SESSION_free(ss); - return(0); - } + return (0); + } #ifndef OPENSSL_NO_TLSEXT sess_id_done: if (s->tlsext_hostname) { @@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session) SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; - } } + } #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - { - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); - if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) - { + if (s->tlsext_ecpointformatlist) { + if (ss->tlsext_ecpointformatlist != NULL) + OPENSSL_free(ss->tlsext_ecpointformatlist); + if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); return 0; - } + } ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); - } - if (s->tlsext_ellipticcurvelist) - { - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); - if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) - { + } + if (s->tlsext_ellipticcurvelist) { + if (ss->tlsext_ellipticcurvelist != NULL) + OPENSSL_free(ss->tlsext_ellipticcurvelist); + if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); return 0; - } + } ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); - } + } #endif #endif - } - else - { - ss->session_id_length=0; - } + } else { + ss->session_id_length = 0; + } - if (s->sid_ctx_length > sizeof ss->sid_ctx) - { + if (s->sid_ctx_length > sizeof ss->sid_ctx) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; - } - memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); - ss->sid_ctx_length=s->sid_ctx_length; - s->session=ss; - ss->ssl_version=s->version; + } + memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); + ss->sid_ctx_length = s->sid_ctx_length; + s->session = ss; + ss->ssl_version = s->version; ss->verify_result = X509_V_OK; - return(1); - } + return (1); +} /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this * connection. It is only called by servers. @@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session) * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ -int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, - const unsigned char *limit) - { +int +ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, + const unsigned char *limit) +{ /* This is used only by servers. */ - SSL_SESSION *ret=NULL; + SSL_SESSION *ret = NULL; int fatal = 0; int try_session_cache = 1; #ifndef OPENSSL_NO_TLSEXT @@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, #ifndef OPENSSL_NO_TLSEXT r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ - switch (r) - { + switch (r) { case -1: /* Error during processing */ fatal = 1; goto err; @@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, break; default: abort(); - } + } #endif if (try_session_cache && - ret == NULL && - !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) - { + ret == NULL && + !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; - data.ssl_version=s->version; - data.session_id_length=len; + data.ssl_version = s->version; + data.session_id_length = len; if (len == 0) return 0; - memcpy(data.session_id,session_id,len); + memcpy(data.session_id, session_id, len); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); - if (ret != NULL) - { + ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); + if (ret != NULL) { /* don't allow other threads to steal it: */ - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - } + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); + } CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); if (ret == NULL) s->session_ctx->stats.sess_miss++; - } + } if (try_session_cache && - ret == NULL && - s->session_ctx->get_session_cb != NULL) - { - int copy=1; - - if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) - { + ret == NULL && + s->session_ctx->get_session_cb != NULL) { + int copy = 1; + + if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { s->session_ctx->stats.sess_cb_hit++; /* Increment reference count now if the session callback @@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, * it must handle the reference count itself [i.e. copy == 0], * or things won't be thread-safe). */ if (copy) - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); /* Add the externally cached session to the internal * cache as well if and only if we are supposed to. */ - if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) /* The following should not return 1, otherwise, * things are very strange */ - SSL_CTX_add_session(s->session_ctx,ret); - } + SSL_CTX_add_session(s->session_ctx, ret); } + } if (ret == NULL) goto err; @@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length - || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) - { + || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't * want to use it in this context. */ goto err; /* treat like cache miss */ - } - - if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) - { + } + + if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { /* We can't be sure if this session is being used out of * context, which is especially important for SSL_VERIFY_PEER. * The application should have used SSL[_CTX]_set_session_id_context. @@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, * applications to effectively disable the session cache by * accident without anyone noticing). */ - - SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + + SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; - } + } - if (ret->cipher == NULL) - { - unsigned char buf[5],*p; + if (ret->cipher == NULL) { + unsigned char buf[5], *p; unsigned long l; - p=buf; - l=ret->cipher_id; - l2n(l,p); - if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) - ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); - else - ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); + p = buf; + l = ret->cipher_id; + l2n(l, p); + if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) + ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); + else + ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); if (ret->cipher == NULL) goto err; - } + } if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ - { + { s->session_ctx->stats.sess_timeout++; - if (try_session_cache) - { + if (try_session_cache) { /* session was from the cache, so remove it */ - SSL_CTX_remove_session(s->session_ctx,ret); - } - goto err; + SSL_CTX_remove_session(s->session_ctx, ret); } + goto err; + } s->session_ctx->stats.sess_hit++; if (s->session != NULL) SSL_SESSION_free(s->session); - s->session=ret; + s->session = ret; s->verify_result = s->session->verify_result; return 1; - err: - if (ret != NULL) - { + err: + if (ret != NULL) { SSL_SESSION_free(ret); #ifndef OPENSSL_NO_TLSEXT - if (!try_session_cache) - { + if (!try_session_cache) { /* The session was from a ticket, so we should * issue a ticket for the new session */ s->tlsext_ticket_expected = 1; - } -#endif } +#endif + } if (fatal) return -1; else return 0; - } +} -int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) - { - int ret=0; +int +SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) +{ + int ret = 0; SSL_SESSION *s; /* add just 1 reference count for the SSL_CTX's session cache * even though it has two ways of access: each session is in a * doubly linked list and an lhash */ - CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); /* if session c is in already in cache, we take back the increment later */ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - s=lh_SSL_SESSION_insert(ctx->sessions,c); - + s = lh_SSL_SESSION_insert(ctx->sessions, c); + /* s != NULL iff we already had a session with the given PID. * In this case, s == c should hold (then we did not really modify * ctx->sessions), or we're in trouble. */ - if (s != NULL && s != c) - { + if (s != NULL && s != c) { /* We *are* in trouble ... */ - SSL_SESSION_list_remove(ctx,s); + SSL_SESSION_list_remove(ctx, s); SSL_SESSION_free(s); /* ... so pretend the other session did not exist in cache * (we cannot handle two SSL_SESSION structures with identical @@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) * two threads concurrently obtain the same session from an external * cache) */ s = NULL; - } + } - /* Put at the head of the queue unless it is already in the cache */ + /* Put at the head of the queue unless it is already in the cache */ if (s == NULL) - SSL_SESSION_list_add(ctx,c); + SSL_SESSION_list_add(ctx, c); - if (s != NULL) - { + if (s != NULL) { /* existing cache entry -- decrement previously incremented reference * count because it already takes into account the cache */ SSL_SESSION_free(s); /* s == c */ - ret=0; - } - else - { + ret = 0; + } else { /* new cache entry -- remove old ones if cache has become too large */ - - ret=1; - if (SSL_CTX_sess_get_cache_size(ctx) > 0) - { + ret = 1; + + if (SSL_CTX_sess_get_cache_size(ctx) > 0) { while (SSL_CTX_sess_number(ctx) > - SSL_CTX_sess_get_cache_size(ctx)) - { + SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) - break; + break; else ctx->stats.sess_cache_full++; - } } } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return(ret); } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + return (ret); +} -int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) +int +SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) { return remove_session_lock(ctx, c, 1); } -static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) - { +static int +remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) +{ SSL_SESSION *r; - int ret=0; - - if ((c != NULL) && (c->session_id_length != 0)) - { - if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) - { - ret=1; - r=lh_SSL_SESSION_delete(ctx->sessions,c); - SSL_SESSION_list_remove(ctx,c); - } + int ret = 0; + + if ((c != NULL) && (c->session_id_length != 0)) { + if (lck) + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { + ret = 1; + r = lh_SSL_SESSION_delete(ctx->sessions, c); + SSL_SESSION_list_remove(ctx, c); + } - if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + if (lck) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (ret) - { - r->not_resumable=1; + if (ret) { + r->not_resumable = 1; if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx,r); + ctx->remove_session_cb(ctx, r); SSL_SESSION_free(r); - } } - else - ret=0; - return(ret); - } + } else + ret = 0; + return (ret); +} -void SSL_SESSION_free(SSL_SESSION *ss) - { +void +SSL_SESSION_free(SSL_SESSION *ss) +{ int i; - if(ss == NULL) - return; + if (ss == NULL) + return; - i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); + i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); #ifdef REF_PRINT - REF_PRINT("SSL_SESSION",ss); + REF_PRINT("SSL_SESSION", ss); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "SSL_SESSION_free, bad reference count\n"); abort(); /* ok */ - } + } #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); - OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); - if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) X509_free(ss->peer); - if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); + OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); + OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); + OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); + if (ss->sess_cert != NULL) + ssl_sess_cert_free(ss->sess_cert); + if (ss->peer != NULL) + X509_free(ss->peer); + if (ss->ciphers != NULL) + sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT - if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); - if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); + if (ss->tlsext_hostname != NULL) + OPENSSL_free(ss->tlsext_hostname); + if (ss->tlsext_tick != NULL) + OPENSSL_free(ss->tlsext_tick); #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); + if (ss->tlsext_ecpointformatlist != NULL) + OPENSSL_free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); + if (ss->tlsext_ellipticcurvelist != NULL) + OPENSSL_free(ss->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ #endif #ifndef OPENSSL_NO_PSK @@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss->srp_username != NULL) OPENSSL_free(ss->srp_username); #endif - OPENSSL_cleanse(ss,sizeof(*ss)); + OPENSSL_cleanse(ss, sizeof(*ss)); OPENSSL_free(ss); - } +} -int SSL_set_session(SSL *s, SSL_SESSION *session) - { - int ret=0; +int +SSL_set_session(SSL *s, SSL_SESSION *session) +{ + int ret = 0; const SSL_METHOD *meth; - if (session != NULL) - { - meth=s->ctx->method->get_ssl_method(session->ssl_version); + if (session != NULL) { + meth = s->ctx->method->get_ssl_method(session->ssl_version); if (meth == NULL) - meth=s->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - { - SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return(0); - } + meth = s->method->get_ssl_method(session->ssl_version); + if (meth == NULL) { + SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); + return (0); + } - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } + if (meth != s->method) { + if (!SSL_set_ssl_method(s, meth)) + return (0); + } #ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx && !s->kssl_ctx->client_princ && - session->krb5_client_princ_len > 0) - { - s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); - memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, - session->krb5_client_princ_len); - s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; - } + if (s->kssl_ctx && !s->kssl_ctx->client_princ && + session->krb5_client_princ_len > 0) { + s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); + memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, + session->krb5_client_princ_len); + s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; + } #endif /* OPENSSL_NO_KRB5 */ /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ - CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); if (s->session != NULL) SSL_SESSION_free(s->session); - s->session=session; + s->session = session; s->verify_result = s->session->verify_result; /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ - ret=1; - } - else - { - if (s->session != NULL) - { + ret = 1; + } else { + if (s->session != NULL) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - meth=s->ctx->method; - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } - ret=1; + meth = s->ctx->method; + if (meth != s->method) { + if (!SSL_set_ssl_method(s, meth)) + return (0); } - return(ret); + ret = 1; } + return (ret); +} -long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->timeout=t; - return(1); - } +long +SSL_SESSION_set_timeout(SSL_SESSION *s, long t) +{ + if (s == NULL) + return (0); + s->timeout = t; + return (1); +} -long SSL_SESSION_get_timeout(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->timeout); - } +long +SSL_SESSION_get_timeout(const SSL_SESSION *s) +{ + if (s == NULL) + return (0); + return (s->timeout); +} -long SSL_SESSION_get_time(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->time); - } +long +SSL_SESSION_get_time(const SSL_SESSION *s) +{ + if (s == NULL) + return (0); + return (s->time); +} -long SSL_SESSION_set_time(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->time=t; - return(t); - } +long +SSL_SESSION_set_time(SSL_SESSION *s, long t) +{ + if (s == NULL) + return (0); + s->time = t; + return (t); +} -X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) - { +X509 +*SSL_SESSION_get0_peer(SSL_SESSION *s) +{ return s->peer; - } +} -int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) - { - SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); +int +SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) +{ + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { + SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; - } - s->sid_ctx_length=sid_ctx_len; - memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); + } + s->sid_ctx_length = sid_ctx_len; + memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); return 1; - } +} -long SSL_CTX_set_timeout(SSL_CTX *s, long t) - { +long +SSL_CTX_set_timeout(SSL_CTX *s, long t) +{ long l; - if (s == NULL) return(0); - l=s->session_timeout; - s->session_timeout=t; - return(l); - } + if (s == NULL) + return (0); + l = s->session_timeout; + s->session_timeout = t; + return (l); +} -long SSL_CTX_get_timeout(const SSL_CTX *s) - { - if (s == NULL) return(0); - return(s->session_timeout); - } +long +SSL_CTX_get_timeout(const SSL_CTX *s) +{ + if (s == NULL) + return (0); + return (s->session_timeout); +} #ifndef OPENSSL_NO_TLSEXT -int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) - { - if (s == NULL) return(0); +int +SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) +{ + if (s == NULL) + return (0); s->tls_session_secret_cb = tls_session_secret_cb; s->tls_session_secret_cb_arg = arg; - return(1); - } + return (1); +} -int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg) - { - if (s == NULL) return(0); +int +SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, + void *arg) +{ + if (s == NULL) + return (0); s->tls_session_ticket_ext_cb = cb; s->tls_session_ticket_ext_cb_arg = arg; - return(1); - } + return (1); +} -int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) - { - if (s->version >= TLS1_VERSION) - { - if (s->tlsext_session_ticket) - { +int +SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) +{ + if (s->version >= TLS1_VERSION) { + if (s->tlsext_session_ticket) { OPENSSL_free(s->tlsext_session_ticket); s->tlsext_session_ticket = NULL; - } + } s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (!s->tlsext_session_ticket) - { + if (!s->tlsext_session_ticket) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); return 0; - } + } - if (ext_data) - { + if (ext_data) { s->tlsext_session_ticket->length = ext_len; s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); - } - else - { + } else { s->tlsext_session_ticket->length = 0; s->tlsext_session_ticket->data = NULL; - } + } return 1; - } + } return 0; - } +} #endif /* OPENSSL_NO_TLSEXT */ -typedef struct timeout_param_st - { +typedef struct timeout_param_st { SSL_CTX *ctx; long time; LHASH_OF(SSL_SESSION) *cache; - } TIMEOUT_PARAM; +} TIMEOUT_PARAM; -static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) - { +static void +timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) +{ if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ - { + { /* The reason we don't call SSL_CTX_remove_session() is to * save on locking overhead */ - (void)lh_SSL_SESSION_delete(p->cache,s); - SSL_SESSION_list_remove(p->ctx,s); - s->not_resumable=1; + (void)lh_SSL_SESSION_delete(p->cache, s); + SSL_SESSION_list_remove(p->ctx, s); + s->not_resumable = 1; if (p->ctx->remove_session_cb != NULL) - p->ctx->remove_session_cb(p->ctx,s); + p->ctx->remove_session_cb(p->ctx, s); SSL_SESSION_free(s); - } } +} -static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) +static +IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) -void SSL_CTX_flush_sessions(SSL_CTX *s, long t) - { +void +SSL_CTX_flush_sessions(SSL_CTX *s, long t) +{ unsigned long i; TIMEOUT_PARAM tp; - tp.ctx=s; - tp.cache=s->sessions; - if (tp.cache == NULL) return; - tp.time=t; + tp.ctx = s; + tp.cache = s->sessions; + if (tp.cache == NULL) + return; + tp.time = t; CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; + i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; + CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), - TIMEOUT_PARAM, &tp); - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; + TIMEOUT_PARAM, &tp); + CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - } +} -int ssl_clear_bad_session(SSL *s) - { - if ( (s->session != NULL) && +int +ssl_clear_bad_session(SSL *s) +{ + if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) - { - SSL_CTX_remove_session(s->ctx,s->session); - return(1); - } - else - return(0); - } + !(SSL_in_init(s) || SSL_in_before(s))) { + SSL_CTX_remove_session(s->ctx, s->session); + return (1); + } else + return (0); +} /* locked by SSL_CTX in the calling function */ -static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) - { - if ((s->next == NULL) || (s->prev == NULL)) return; +static void +SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) +{ + if ((s->next == NULL) + || (s->prev == NULL)) return; if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) - { /* last element in list */ + { /* last element in list */ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* only one element in list */ - ctx->session_cache_head=NULL; - ctx->session_cache_tail=NULL; - } - else - { - ctx->session_cache_tail=s->prev; - s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } + { /* only one element in list */ + ctx->session_cache_head = NULL; + ctx->session_cache_tail = NULL; + } else { + ctx->session_cache_tail = s->prev; + s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); } - else - { + } else { if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* first element in list */ - ctx->session_cache_head=s->next; - s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); - } - else - { /* middle of list */ - s->next->prev=s->prev; - s->prev->next=s->next; - } + { /* first element in list */ + ctx->session_cache_head = s->next; + s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); + } else + { /* middle of list */ + s->next->prev = s->prev; + s->prev->next = s->next; } - s->prev=s->next=NULL; } + s->prev = s->next = NULL; +} -static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) - { +static void +SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) +{ if ((s->next != NULL) && (s->prev != NULL)) - SSL_SESSION_list_remove(ctx,s); - - if (ctx->session_cache_head == NULL) - { - ctx->session_cache_head=s; - ctx->session_cache_tail=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - s->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } - else - { - s->next=ctx->session_cache_head; - s->next->prev=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - ctx->session_cache_head=s; - } + SSL_SESSION_list_remove(ctx, s); + + if (ctx->session_cache_head == NULL) { + ctx->session_cache_head = s; + ctx->session_cache_tail = s; + s->prev = (SSL_SESSION *)&(ctx->session_cache_head); + s->next = (SSL_SESSION *)&(ctx->session_cache_tail); + } else { + s->next = ctx->session_cache_head; + s->next->prev = s; + s->prev = (SSL_SESSION *)&(ctx->session_cache_head); + ctx->session_cache_head = s; } +} -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) - { - ctx->new_session_cb=cb; - } +void +SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { + ctx->new_session_cb = cb; +} int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) - { +{ return ctx->new_session_cb; - } +} -void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) - { - ctx->remove_session_cb=cb; - } +void +SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) +{ + ctx->remove_session_cb = cb; +} -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) - { +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) +{ return ctx->remove_session_cb; - } +} -void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*cb)(struct ssl_st *ssl, - unsigned char *data,int len,int *copy)) - { - ctx->get_session_cb=cb; - } +void +SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*cb)(struct ssl_st *ssl, +unsigned char *data, int len, int *copy)) +{ + ctx->get_session_cb = cb; +} SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, - unsigned char *data,int len,int *copy) - { + unsigned char *data, int len, int *copy) +{ return ctx->get_session_cb; - } +} -void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb)(const SSL *ssl,int type,int val)) - { - ctx->info_callback=cb; - } +void +SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb)(const SSL *ssl, int type, int val)) +{ + ctx->info_callback = cb; +} -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) - { +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) +{ return ctx->info_callback; - } +} -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) - { - ctx->client_cert_cb=cb; - } +void +SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) +{ + ctx->client_cert_cb = cb; +} int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) - { +{ return ctx->client_cert_cb; - } +} #ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) - { - if (!ENGINE_init(e)) - { +int +SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) +{ + if (!ENGINE_init(e)) { SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); return 0; - } - if(!ENGINE_get_ssl_client_cert_function(e)) - { + } + if (!ENGINE_get_ssl_client_cert_function(e)) { SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); ENGINE_finish(e); return 0; - } + } ctx->client_cert_engine = e; return 1; - } +} #endif -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) - { - ctx->app_gen_cookie_cb=cb; - } +void +SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) +{ + ctx->app_gen_cookie_cb = cb; +} -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) - { - ctx->app_verify_cookie_cb=cb; - } +void +SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) +{ + ctx->app_verify_cookie_cb = cb; +} IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) |