diff options
Diffstat (limited to 'lib/libssl/src/ssl/kssl.c')
| -rw-r--r-- | lib/libssl/src/ssl/kssl.c | 97 |
1 files changed, 49 insertions, 48 deletions
diff --git a/lib/libssl/src/ssl/kssl.c b/lib/libssl/src/ssl/kssl.c index a0beabe7536..b71753c1912 100644 --- a/lib/libssl/src/ssl/kssl.c +++ b/lib/libssl/src/ssl/kssl.c @@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -145,7 +145,7 @@ kssl_map_enc(krb5_enctype enctype) ** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and ** xx and yy are possibly multi-byte length fields. */ -static int +static int kssl_test_confound(unsigned char *p) { int len = 2; @@ -194,7 +194,7 @@ kssl_test_confound(unsigned char *p) break; } - return (xx - len == yy) ? 1: 0; + return (xx - len == yy) ? 1 : 0; } /* Allocate, fill, and return cksumlens array of checksum lengths. @@ -203,7 +203,7 @@ kssl_test_confound(unsigned char *p) ** ** The krb5_cksumarray[] was an internal variable that has since been ** replaced by a more general method for storing the data. It should -** not be used. Instead we use real API calls and make a guess for +** not be used. Instead we use real API calls and make a guess for ** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 ** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. */ @@ -258,7 +258,7 @@ kssl_skip_confound(krb5_enctype etype, unsigned char *a) static size_t *cksumlens = NULL; unsigned char *test_auth; - conlen = (etype) ? 8: 0; + conlen = (etype) ? 8 : 0; if (!cksumlens && !(cksumlens = populate_cksumlens())) return NULL; @@ -342,7 +342,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) } #ifdef KRB5_HEIMDAL printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype, - keyblk->keyvalue->length); + keyblk->keyvalue->length); for (i = 0; i < (int)keyblk->keyvalue->length; i++) { printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]); } @@ -369,7 +369,7 @@ print_krb5_princ(char *label, krb5_principal_data *princ) if (princ == NULL) return; for (ui = 0; ui < (int)princ->realm.length; ui++) - putchar(princ->realm.data[ui]); + putchar(princ->realm.data[ui]); printf(" (nametype %d) has %d strings:\n", princ->type, princ->length); for (i = 0; i < (int)princ->length; i++) { printf("\t%d [%d]: ", i, princ->data[i].length); @@ -420,7 +420,7 @@ kssl_cget_tkt( } if ((krb5rc = krb5_init_context(&krb5context)) != 0) { - (void) snprintf(kssl_err->text,KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "krb5_init_context() fails: %d\n", krb5rc); kssl_err->reason = SSL_R_KRB5_C_INIT; goto err; @@ -428,12 +428,12 @@ kssl_cget_tkt( if ((krb5rc = krb5_sname_to_principal(krb5context, kssl_ctx->service_host, - (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, - KRB5_NT_SRV_HST, &krb5creds.server)) != 0) { - (void) snprintf(kssl_err->text,KSSL_ERR_MAX, + (kssl_ctx->service_name) ? kssl_ctx->service_name : KRB5SVC, + KRB5_NT_SRV_HST, &krb5creds.server)) != 0) { + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "krb5_sname_to_principal() fails for %s/%s\n", - kssl_ctx->service_host, - (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC); + kssl_ctx->service_host, (kssl_ctx->service_name) ? + kssl_ctx->service_name : KRB5SVC); kssl_err->reason = SSL_R_KRB5_C_INIT; goto err; } @@ -445,12 +445,11 @@ kssl_cget_tkt( } if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, - &krb5creds.client)) != 0) - { + &krb5creds.client)) != 0) { kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, - "krb5_cc_get_principal() fails.\n"); + "krb5_cc_get_principal() fails.\n"); goto err; - } + } if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, &krb5creds, &krb5credsp)) != 0) { @@ -494,12 +493,12 @@ kssl_cget_tkt( ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen); if (ap_req) { authenp->length = i2d_KRB5_ENCDATA( - ap_req->authenticator, NULL); + ap_req->authenticator, NULL); if (authenp->length && (authenp->data = malloc(authenp->length))) { unsigned char *adp = (unsigned char *)authenp->data; authenp->length = i2d_KRB5_ENCDATA( - ap_req->authenticator, &adp); + ap_req->authenticator, &adp); } } @@ -522,7 +521,7 @@ kssl_cget_tkt( else krb5rc = 0; - err: +err: #ifdef KSSL_DEBUG kssl_ctx_show(kssl_ctx); #endif /* KSSL_DEBUG */ @@ -557,7 +556,7 @@ kssl_TKT2tkt( /* OUT */ krb5_ticket **krb5ticket, /* OUT */ KSSL_ERR *kssl_err ) { - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; + krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; krb5_ticket *new5ticket = NULL; ASN1_GENERALSTRING *gstr_svc, *gstr_host; @@ -609,8 +608,8 @@ kssl_TKT2tkt( return KRB5KRB_ERR_GENERIC; } else { memcpy(new5ticket->enc_part.ciphertext.data, - asn1ticket->encdata->cipher->data, - asn1ticket->encdata->cipher->length); + asn1ticket->encdata->cipher->data, + asn1ticket->encdata->cipher->length); } *krb5ticket = new5ticket; @@ -632,8 +631,8 @@ kssl_sget_tkt( /* OUT */ krb5_ticket_times *ttimes, /* OUT */ KSSL_ERR *kssl_err ) { - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - static krb5_context krb5context = NULL; + krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; + static krb5_context krb5context = NULL; static krb5_auth_context krb5auth_context = NULL; krb5_ticket *krb5ticket = NULL; KRB5_TKTBODY *asn1ticket = NULL; @@ -641,7 +640,7 @@ kssl_sget_tkt( krb5_keytab krb5keytab = NULL; krb5_keytab_entry kt_entry; krb5_principal krb5server; - krb5_rcache rcache = NULL; + krb5_rcache rcache = NULL; kssl_err_set(kssl_err, 0, ""); @@ -788,13 +787,13 @@ kssl_sget_tkt( krb5_address **paddr = krb5ticket->enc_part2->caddrs; printf("Decrypted ticket fields:\n"); printf("\tflags: %X, transit-type: %X", - krb5ticket->enc_part2->flags, - krb5ticket->enc_part2->transited.tr_type); + krb5ticket->enc_part2->flags, + krb5ticket->enc_part2->transited.tr_type); print_krb5_data("\ttransit-data: ", - &(krb5ticket->enc_part2->transited.tr_contents)); + &(krb5ticket->enc_part2->transited.tr_contents)); printf("\tcaddrs: %p, authdata: %p\n", - krb5ticket->enc_part2->caddrs, - krb5ticket->enc_part2->authorization_data); + krb5ticket->enc_part2->caddrs, + krb5ticket->enc_part2->authorization_data); if (paddr) { printf("\tcaddrs:\n"); for (i = 0; paddr[i] != NULL; i++) { @@ -805,9 +804,9 @@ kssl_sget_tkt( } } printf("\tstart/auth/end times: %d / %d / %d\n", - krb5ticket->enc_part2->times.starttime, - krb5ticket->enc_part2->times.authtime, - krb5ticket->enc_part2->times.endtime); + krb5ticket->enc_part2->times.starttime, + krb5ticket->enc_part2->times.authtime, + krb5ticket->enc_part2->times.endtime); } #endif /* KSSL_DEBUG */ } @@ -841,7 +840,7 @@ kssl_sget_tkt( ttimes->endtime = krb5ticket->enc_part2->times.endtime; ttimes->renew_till = krb5ticket->enc_part2->times.renew_till; - err: +err: #ifdef KSSL_DEBUG kssl_ctx_show(kssl_ctx); #endif /* KSSL_DEBUG */ @@ -1126,7 +1125,7 @@ kssl_keytab_is_available(KSSL_CTX *kssl_ctx) krb5_kt_free_entry(krb5context, &entry); rc = 1; - exit: +exit: if (krb5keytab) krb5_kt_close(krb5context, krb5keytab); if (princ) @@ -1175,7 +1174,7 @@ kssl_tgt_is_available(KSSL_CTX *kssl_ctx) rc = 1; - err: +err: #ifdef KSSL_DEBUG kssl_ctx_show(kssl_ctx); #endif /* KSSL_DEBUG */ @@ -1214,7 +1213,8 @@ kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) ** return NULL on failure. */ static struct tm * -k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) { +k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) +{ char c, *p; if (!k_tm) @@ -1294,7 +1294,7 @@ get_rc_clockskew(krb5_context context) ** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c ** 20010420 VRS */ -krb5_error_code +krb5_error_code kssl_validate_times(krb5_timestamp atime, krb5_ticket_times *ttimes) { krb5_deltat skew; @@ -1333,7 +1333,7 @@ kssl_validate_times(krb5_timestamp atime, krb5_ticket_times *ttimes) /* Decode and decrypt given DER-encoded authenticator, then pass ** authenticator ctime back in *atimep (or 0 if time unavailable). -** Returns krb5_error_code and kssl_err on error. A NULL +** Returns krb5_error_code and kssl_err on error. A NULL ** authenticator (authentp->length == 0) is not considered an error. ** Note that kssl_check_authent() makes use of the KRB5 session key; ** you must call kssl_sget_tkt() to get the key before calling this routine. @@ -1345,7 +1345,7 @@ kssl_check_authent( /* OUT */ krb5_timestamp *atimep, /* OUT */ KSSL_ERR *kssl_err ) { - krb5_error_code krb5rc = 0; + krb5_error_code krb5rc = 0; KRB5_ENCDATA *dec_authent = NULL; KRB5_AUTHENTBODY *auth = NULL; krb5_enctype enctype; @@ -1394,7 +1394,7 @@ kssl_check_authent( p = (unsigned char *)authentp->data; if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p, - (long)authentp->length)) == NULL) { + (long)authentp->length)) == NULL) { kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "Error decoding authenticator.\n"); krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; @@ -1481,7 +1481,8 @@ kssl_check_authent( printf("kssl_check_authent: returns %d for client time ", *atimep); if (auth && auth->ctime && auth->ctime->length && auth->ctime->data) printf("%.*s\n", auth->ctime->length, auth->ctime->data); - else printf("NULL\n"); + else + printf("NULL\n"); #endif /* KSSL_DEBUG */ err: @@ -1511,11 +1512,11 @@ kssl_build_principal_2( { krb5_data *p_data = NULL; krb5_principal new_p = NULL; - char *new_r = NULL; + char *new_r = NULL; if ((p_data = (krb5_data *)calloc(2, sizeof(krb5_data))) == NULL || - (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data))) - == NULL) + (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data))) == + NULL) goto err; new_p->length = 2; new_p->data = p_data; @@ -1535,7 +1536,7 @@ kssl_build_principal_2( goto err; memcpy(new_p->data[1].data, host, hlen); new_p->data[1].length = hlen; - + krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN; *princ = new_p; return 0; @@ -1556,7 +1557,7 @@ void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) { s->kssl_ctx = kctx; -} +} KSSL_CTX * SSL_get0_kssl_ctx(SSL *s) |