From: Neil Horman Date: Tue, 10 Sep 2024 20:42:47 +0000 (-0400) Subject: Clean up style issues X-Git-Tag: openssl-3.5.0-alpha1~1118 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a62fb94609308d14187808a19ae7c0eb8b7980ca;p=thirdparty%2Fopenssl.git Clean up style issues Reviewed-by: Sasa Nedvedicky Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25426) --- diff --git a/demos/guide/README.md b/demos/guide/README.md index 7940914237e..2e1bf05d8e7 100644 --- a/demos/guide/README.md +++ b/demos/guide/README.md @@ -76,7 +76,7 @@ Notes on the quic-hq-interop demo The quic-hq-interop demo is effectively the same as the quic-client-nonblock demo, but is specifically constructed to use the hq-interop alpn for the -purposes of interacting with other demonstration containers found in the +purposes of interacting with other demonstration containers found in the QUIC working group [interop runner](https://github.com/quic-interop/quic-interop-runner) It is run as follows: diff --git a/demos/guide/quic-hq-interop.c b/demos/guide/quic-hq-interop.c index 0d38bc12d1b..5f92ecdc747 100644 --- a/demos/guide/quic-hq-interop.c +++ b/demos/guide/quic-hq-interop.c @@ -1,4 +1,3 @@ - /* * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. * @@ -55,6 +54,7 @@ #include static int handle_io_failure(SSL *ssl, int res); +static int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); /** * @brief A static pointer to a BIO object representing the session's BIO. @@ -82,7 +82,6 @@ static BIO *session_bio = NULL; */ static BIO *bio_keylog = NULL; - /** * @brief Creates a BIO object for a UDP socket connection to a server. * @@ -331,7 +330,7 @@ static int handle_io_failure(SSL *ssl, int res) */ if (SSL_get_verify_result(ssl) != X509_V_OK) fprintf(stderr, "Verify error: %s\n", - X509_verify_cert_error_string(SSL_get_verify_result(ssl))); + X509_verify_cert_error_string(SSL_get_verify_result(ssl))); return -1; default: @@ -385,7 +384,7 @@ static void keylog_callback(const SSL *ssl, const char *line) * seekable. It also ensures that any previously opened keylog files are * closed before opening a new one. */ -int set_keylog_file(SSL_CTX *ctx, const char *keylog_file) +static int set_keylog_file(SSL_CTX *ctx, const char *keylog_file) { /* Close any open files */ BIO_free_all(bio_keylog); @@ -480,7 +479,6 @@ static int cache_new_session(struct ssl_st *ssl, SSL_SESSION *sess) */ static int setup_session_cache(SSL *ssl, SSL_CTX *ctx, const char *filename) { - SSL_SESSION *sess = NULL; int rc = 0; int new_cache = 0; @@ -638,7 +636,7 @@ static size_t build_request_set(SSL *ssl) * multiple calls to build_request_list are made */ while (req_idx < total_requests) { - req = req_array[req_idx]; + req = req_array[req_idx]; /* Up our poll count and set our poll_list index */ poll_count++; poll_idx = poll_count - 1; @@ -739,106 +737,44 @@ err: } /** - * @brief Entry point for the QUIC hq-interop client demo application. + * @brief Static pointer to a BIO_ADDR structure representing the peer's address. * - * This function sets up an SSL/TLS connection using QUIC, sends HTTP GET - * requests for files specified in the command-line arguments, and saves - * the responses to disk. It handles various configurations such as IPv6 - * support, session caching, and key logging. + * This variable is used to store the address of a peer for network communication. + * It is statically allocated and should be initialized appropriately. + */ +static BIO_ADDR *peer_addr = NULL; + +/** + * @brief Set up a TLS/QUIC connection to the specified hostname and port. * - * @param argc The number of command-line arguments. - * @param argv The array of command-line arguments. The expected format is - * "[-6] hostname port file". - * @return EXIT_SUCCESS on success, or EXIT_FAILURE on error. + * This function creates and configures an SSL context for a client connection + * using the QUIC client method. It sets up the necessary certificates, + * performs host verification, configures ALPN, and establishes a non-blocking + * connection. * - * @note The function performs the following main tasks: - * - Parses command-line arguments and configures IPv6 if specified. - * - Reads the list of requests from the specified file. - * - Sets up the SSL context and configures certificate verification. - * - Optionally enables key logging and session caching. - * - Establishes a non-blocking QUIC connection to the server. - * - Sends an HTTP GET request for each file and writes the response - * to the corresponding output file. - * - Gracefully shuts down the SSL connection and frees resources. - * - Prints any OpenSSL error stack information on failure. + * @param hostname Hostname to connect to. + * @param port Port to connect to. + * @param ipv6 Whether to use IPv6 (non-zero for IPv6, zero for IPv4). + * @param ctx Pointer to an SSL_CTX object, which will be created. + * @param ssl Pointer to an SSL object, which will be created. + * + * @return Returns 0 on success, 1 on error. */ -int main(int argc, char *argv[]) +static int setup_connection(char *hostname, char *port, int ipv6, + SSL_CTX **ctx, SSL **ssl) { - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; - BIO *bio = NULL; - BIO *req_bio = NULL; - int res = EXIT_FAILURE; - int ret; - char req_string[1024]; - size_t readbytes = 0; - char buf[160]; - int eof = 0; - int argnext = 1; - char *reqfile = NULL; + unsigned char alpn[] = {10, 'h', 'q', '-', 'i', 'n', 't', 'e', 'r', 'o', 'p'}; + int ret = 0; char *sslkeylogfile = NULL; - char *reqnames = OPENSSL_zalloc(1025); - size_t read_offset = 0; - size_t bytes_read = 0; - size_t poll_idx = 0; - size_t poll_done = 0; - size_t result_count = 0; - struct timeval poll_timeout; - size_t this_poll_count = 0; - char *req, *saveptr = NULL; - char *hostname, *port; - int ipv6 = 0; - unsigned char alpn[] = { 10, 'h','q','-','i','n','t','e','r','o','p'}; - BIO_ADDR *peer_addr = NULL; - - if (argc < 4) { - fprintf(stderr, "Usage: quic-hq-interop [-6] hostname port file\n"); - goto end; - } - - if (!strcmp(argv[argnext], "-6")) { - if (argc < 5) { - fprintf(stderr, "Usage: quic-hq-interop [-6] hostname port\n"); - goto end; - } - ipv6 = 1; - argnext++; - } - hostname = argv[argnext++]; - port = argv[argnext++]; - reqfile = argv[argnext]; - - memset(req_string, 0, 1024); - req_bio = BIO_new_file(reqfile, "r"); - if (req_bio == NULL) { - fprintf(stderr, "Failed to open request file %s\n", reqfile); - goto end; - } + BIO *bio = NULL; - /* Get the list of requests */ - while (!BIO_eof(req_bio)) { - if (!BIO_read_ex(req_bio, &reqnames[read_offset], 1024, &bytes_read)) { - fprintf(stderr, "Failed to read some data from request file\n"); - goto end; - } - read_offset += bytes_read; - reqnames = OPENSSL_realloc(reqnames, read_offset+1024); - if (reqnames == NULL) { - fprintf(stderr, "Realloc failure\n"); - goto end; - } - } - BIO_free(req_bio); - req_bio = NULL; - reqnames[read_offset+1] = '\0'; - /* * Create an SSL_CTX which we can use to create SSL objects from. We * want an SSL_CTX for creating clients so we use * OSSL_QUIC_client_method() here. */ - ctx = SSL_CTX_new(OSSL_QUIC_client_method()); - if (ctx == NULL) { + *ctx = SSL_CTX_new(OSSL_QUIC_client_method()); + if (*ctx == NULL) { fprintf(stderr, "Failed to create the SSL_CTX\n"); goto end; } @@ -848,28 +784,28 @@ int main(int argc, char *argv[]) * verification fails. Virtually all clients should do this unless you * really know what you are doing. */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER, NULL); /* Use the default trusted certificate store */ - if (!SSL_CTX_set_default_verify_paths(ctx)) { + if (!SSL_CTX_set_default_verify_paths(*ctx)) { fprintf(stderr, "Failed to set the default trusted certificate store\n"); goto end; } sslkeylogfile = getenv("SSLKEYLOGFILE"); if (sslkeylogfile != NULL) - if (set_keylog_file(ctx, sslkeylogfile)) + if (set_keylog_file(*ctx, sslkeylogfile)) goto end; /* Create an SSL object to represent the TLS connection */ - ssl = SSL_new(ctx); - if (ssl == NULL) { + *ssl = SSL_new(*ctx); + if (*ssl == NULL) { fprintf(stderr, "Failed to create the SSL object\n"); goto end; } if (getenv("SSL_SESSION_FILE") != NULL) { - if (!setup_session_cache(ssl, ctx, getenv("SSL_SESSION_FILE"))) { + if (!setup_session_cache(*ssl, *ctx, getenv("SSL_SESSION_FILE"))) { fprintf(stderr, "Unable to setup session cache\n"); goto end; } @@ -885,13 +821,13 @@ int main(int argc, char *argv[]) fprintf(stderr, "Failed to crete the BIO\n"); goto end; } - SSL_set_bio(ssl, bio, bio); + SSL_set_bio(*ssl, bio, bio); /* * Tell the server during the handshake which hostname we are attempting * to connect to in case the server supports multiple hosts. */ - if (!SSL_set_tlsext_host_name(ssl, hostname)) { + if (!SSL_set_tlsext_host_name(*ssl, hostname)) { fprintf(stderr, "Failed to set the SNI hostname\n"); goto end; } @@ -902,19 +838,19 @@ int main(int argc, char *argv[]) * Virtually all clients should do this unless you really know what you * are doing. */ - if (!SSL_set1_host(ssl, hostname)) { + if (!SSL_set1_host(*ssl, hostname)) { fprintf(stderr, "Failed to set the certificate verification hostname"); goto end; } /* SSL_set_alpn_protos returns 0 for success! */ - if (SSL_set_alpn_protos(ssl, alpn, sizeof(alpn)) != 0) { + if (SSL_set_alpn_protos(*ssl, alpn, sizeof(alpn)) != 0) { fprintf(stderr, "Failed to set the ALPN for the connection\n"); goto end; } /* Set the IP address of the remote peer */ - if (!SSL_set1_initial_peer_addr(ssl, peer_addr)) { + if (!SSL_set1_initial_peer_addr(*ssl, peer_addr)) { fprintf(stderr, "Failed to set the initial peer address\n"); goto end; } @@ -924,30 +860,134 @@ int main(int argc, char *argv[]) * behaviour of the SSL object is still to block. We set it for nonblocking * mode in this demo. */ - if (!SSL_set_blocking_mode(ssl, 0)) { + if (!SSL_set_blocking_mode(*ssl, 0)) { fprintf(stderr, "Failed to turn off blocking mode\n"); goto end; } /* Do the handshake with the server */ - while ((ret = SSL_connect(ssl)) != 1) { - if (handle_io_failure(ssl, ret) == 1) + while ((ret = SSL_connect(*ssl)) != 1) { + if (handle_io_failure(*ssl, ret) == 1) continue; /* Retry */ fprintf(stderr, "Failed to connect to server\n"); goto end; /* Cannot retry: error */ } - req = strtok_r(reqnames, " ", &saveptr); + return 1; +end: + SSL_CTX_free(*ctx); + SSL_free(*ssl); + BIO_ADDR_free(peer_addr); + return 0; +} + +/** + * @brief Entry point for the QUIC hq-interop client demo application. + * + * This function sets up an SSL/TLS connection using QUIC, sends HTTP GET + * requests for files specified in the command-line arguments, and saves + * the responses to disk. It handles various configurations such as IPv6 + * support, session caching, and key logging. + * + * @param argc The number of command-line arguments. + * @param argv The array of command-line arguments. The expected format is + * "[-6] hostname port file". + * @return EXIT_SUCCESS on success, or EXIT_FAILURE on error. + * + * @note The function performs the following main tasks: + * - Parses command-line arguments and configures IPv6 if specified. + * - Reads the list of requests from the specified file. + * - Sets up the SSL context and configures certificate verification. + * - Optionally enables key logging and session caching. + * - Establishes a non-blocking QUIC connection to the server. + * - Sends an HTTP GET request for each file and writes the response + * to the corresponding output file. + * - Gracefully shuts down the SSL connection and frees resources. + * - Prints any OpenSSL error stack information on failure. + */ +int main(int argc, char *argv[]) +{ + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + BIO *req_bio = NULL; + int res = EXIT_FAILURE; + int ret; + char req_string[1024]; + size_t readbytes = 0; + char buf[160]; + int eof = 0; + int argnext = 1; + char *reqfile = NULL; + char *reqnames = OPENSSL_zalloc(1025); + size_t read_offset = 0; + size_t bytes_read = 0; + size_t poll_idx = 0; + size_t poll_done = 0; + size_t result_count = 0; + struct timeval poll_timeout; + size_t this_poll_count = 0; + char *req = NULL; + char *hostname, *port; + int ipv6 = 0; + + if (argc < 4) { + fprintf(stderr, "Usage: quic-hq-interop [-6] hostname port file\n"); + goto end; + } + + if (!strcmp(argv[argnext], "-6")) { + if (argc < 5) { + fprintf(stderr, "Usage: quic-hq-interop [-6] hostname port\n"); + goto end; + } + ipv6 = 1; + argnext++; + } + hostname = argv[argnext++]; + port = argv[argnext++]; + reqfile = argv[argnext]; + + memset(req_string, 0, 1024); + req_bio = BIO_new_file(reqfile, "r"); + if (req_bio == NULL) { + fprintf(stderr, "Failed to open request file %s\n", reqfile); + goto end; + } + + /* Get the list of requests */ + while (!BIO_eof(req_bio)) { + if (!BIO_read_ex(req_bio, &reqnames[read_offset], 1024, &bytes_read)) { + fprintf(stderr, "Failed to read some data from request file\n"); + goto end; + } + read_offset += bytes_read; + reqnames = OPENSSL_realloc(reqnames, read_offset + 1024); + if (reqnames == NULL) { + fprintf(stderr, "Realloc failure\n"); + goto end; + } + } + BIO_free(req_bio); + req_bio = NULL; + reqnames[read_offset + 1] = '\0'; + + if (!setup_connection(hostname, port, ipv6, &ctx, &ssl)) { + fprintf(stderr, "Unable to establish connection\n"); + goto end; + } + + req = strtok(reqnames, " "); while (req != NULL) { - total_requests++; - req_array = OPENSSL_realloc(req_array, sizeof(char *) * total_requests); - req_array[total_requests-1] = req; - req = strtok_r(NULL, " ", &saveptr); + total_requests++; + req_array = OPENSSL_realloc(req_array, sizeof(char *) * total_requests); + req_array[total_requests - 1] = req; + req = strtok(NULL, " "); } /* get a list of requests to poll */ this_poll_count = build_request_set(ssl); + /* * Now poll all our descriptors for events */ @@ -956,7 +996,7 @@ int main(int argc, char *argv[]) poll_timeout.tv_sec = 0; poll_timeout.tv_usec = 0; if (!SSL_poll(poll_list, this_poll_count, sizeof(SSL_POLL_ITEM), - &poll_timeout, 0, &result_count)) { + &poll_timeout, 0, &result_count)) { fprintf(stderr, "Failed to poll\n"); goto end; } @@ -1005,8 +1045,8 @@ int main(int argc, char *argv[]) /* * If error handling indicated that this SSL is in an EOF state - * we mark the SSL as not needing any more polling, and up our - * poll_done count. Otherwise, just write to the outbio + * we mark the SSL as not needing any more polling, and up our + * poll_done count. Otherwise, just write to the outbio */ if (!eof) { BIO_write(outbiolist[poll_idx], buf, readbytes); @@ -1024,7 +1064,7 @@ int main(int argc, char *argv[]) */ if (poll_done == this_poll_count) { this_poll_count = build_request_set(ssl); - poll_done=0; + poll_done = 0; } }