From 2253bc330f56315faaa287c29d7612f5a34d8058 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sat, 29 Nov 2025 02:16:52 +0100 Subject: [PATCH] lib/subdirs: fix formatting nits Closes #19757 --- lib/curlx/base64.c | 20 +- lib/curlx/dynbuf.c | 1 - lib/curlx/dynbuf.h | 22 +-- lib/curlx/fopen.h | 11 +- lib/curlx/inet_ntop.c | 11 +- lib/curlx/inet_ntop.h | 4 +- lib/curlx/inet_pton.c | 23 +-- lib/curlx/inet_pton.h | 6 +- lib/curlx/nonblock.c | 2 +- lib/curlx/strerr.c | 3 +- lib/curlx/strparse.c | 8 +- lib/curlx/timediff.c | 2 +- lib/curlx/timeval.c | 34 ++-- lib/curlx/wait.c | 2 +- lib/curlx/warnless.c | 121 ++++++------ lib/curlx/warnless.h | 2 +- lib/curlx/winapi.c | 5 +- lib/vauth/cleartext.c | 7 +- lib/vauth/cram.c | 2 +- lib/vauth/digest.c | 76 ++++---- lib/vauth/digest_sspi.c | 16 +- lib/vauth/gsasl.c | 2 +- lib/vauth/krb5_gssapi.c | 2 +- lib/vauth/krb5_sspi.c | 3 +- lib/vauth/ntlm.c | 5 +- lib/vauth/ntlm_sspi.c | 13 +- lib/vauth/oauth2.c | 2 +- lib/vauth/spnego_sspi.c | 14 +- lib/vauth/vauth.c | 16 +- lib/vquic/curl_ngtcp2.c | 128 +++++++------ lib/vquic/curl_osslq.c | 99 +++++----- lib/vquic/curl_quiche.c | 31 ++- lib/vquic/vquic-tls.c | 7 +- lib/vquic/vquic-tls.h | 16 +- lib/vquic/vquic.c | 9 +- lib/vquic/vquic_int.h | 25 ++- lib/vssh/libssh.c | 333 ++++++++++++++++---------------- lib/vssh/libssh2.c | 347 ++++++++++++++++------------------ lib/vssh/ssh.h | 6 +- lib/vssh/vssh.c | 3 +- lib/vtls/apple.c | 5 +- lib/vtls/cipher_suite.c | 42 ++-- lib/vtls/gtls.c | 84 ++++---- lib/vtls/gtls.h | 3 +- lib/vtls/hostcheck.c | 4 +- lib/vtls/keylog.c | 19 +- lib/vtls/mbedtls.c | 73 ++++--- lib/vtls/mbedtls_threadlock.c | 5 +- lib/vtls/mbedtls_threadlock.h | 3 +- lib/vtls/openssl.c | 148 ++++++--------- lib/vtls/openssl.h | 3 +- lib/vtls/rustls.c | 176 ++++++++--------- lib/vtls/schannel.c | 160 +++++++--------- lib/vtls/schannel.h | 9 +- lib/vtls/schannel_verify.c | 51 ++--- lib/vtls/vtls.c | 53 +++--- lib/vtls/vtls.h | 12 +- lib/vtls/vtls_int.h | 20 +- lib/vtls/vtls_scache.c | 54 +++--- lib/vtls/vtls_scache.h | 26 ++- lib/vtls/vtls_spack.c | 31 ++- lib/vtls/wolfssl.c | 113 +++++------ lib/vtls/wolfssl.h | 9 +- lib/vtls/x509asn1.c | 54 +++--- 64 files changed, 1199 insertions(+), 1397 deletions(-) diff --git a/lib/curlx/base64.c b/lib/curlx/base64.c index 6a24c20ebd..4fc525387e 100644 --- a/lib/curlx/base64.c +++ b/lib/curlx/base64.c @@ -31,12 +31,12 @@ #include "base64.h" /* ---- Base64 Encoding/Decoding Table --- */ -const char Curl_base64encdec[]= +const char Curl_base64encdec[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; /* The Base 64 encoding with a URL and filename safe alphabet, RFC 4648 section 5 */ -static const char base64url[]= +static const char base64url[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; static const unsigned char decodetable[] = @@ -188,18 +188,18 @@ static CURLcode base64_encode(const char *table64, return CURLE_OUT_OF_MEMORY; while(insize >= 3) { - *output++ = table64[ in[0] >> 2 ]; - *output++ = table64[ ((in[0] & 0x03) << 4) | (in[1] >> 4) ]; - *output++ = table64[ ((in[1] & 0x0F) << 2) | ((in[2] & 0xC0) >> 6) ]; - *output++ = table64[ in[2] & 0x3F ]; + *output++ = table64[in[0] >> 2]; + *output++ = table64[((in[0] & 0x03) << 4) | (in[1] >> 4)]; + *output++ = table64[((in[1] & 0x0F) << 2) | ((in[2] & 0xC0) >> 6)]; + *output++ = table64[in[2] & 0x3F]; insize -= 3; in += 3; } if(insize) { /* this is only one or two bytes now */ - *output++ = table64[ in[0] >> 2 ]; + *output++ = table64[in[0] >> 2]; if(insize == 1) { - *output++ = table64[ ((in[0] & 0x03) << 4) ]; + *output++ = table64[((in[0] & 0x03) << 4)]; if(padbyte) { *output++ = padbyte; *output++ = padbyte; @@ -207,8 +207,8 @@ static CURLcode base64_encode(const char *table64, } else { /* insize == 2 */ - *output++ = table64[ ((in[0] & 0x03) << 4) | ((in[1] & 0xF0) >> 4) ]; - *output++ = table64[ ((in[1] & 0x0F) << 2) ]; + *output++ = table64[((in[0] & 0x03) << 4) | ((in[1] & 0xF0) >> 4)]; + *output++ = table64[((in[1] & 0x0F) << 2)]; if(padbyte) *output++ = padbyte; } diff --git a/lib/curlx/dynbuf.c b/lib/curlx/dynbuf.c index e54865f933..a9ff48367f 100644 --- a/lib/curlx/dynbuf.c +++ b/lib/curlx/dynbuf.c @@ -156,7 +156,6 @@ CURLcode curlx_dyn_tail(struct dynbuf *s, size_t trail) s->bufr[s->leng] = 0; } return CURLE_OK; - } /* diff --git a/lib/curlx/dynbuf.h b/lib/curlx/dynbuf.h index 00ca047893..683b484610 100644 --- a/lib/curlx/dynbuf.h +++ b/lib/curlx/dynbuf.h @@ -32,7 +32,7 @@ struct dynbuf { size_t allc; /* size of the current allocation */ size_t toobig; /* size limit for the buffer */ #ifdef DEBUGBUILD - int init; /* detect API usage mistakes */ + int init; /* detect API usage mistakes */ #endif }; @@ -62,24 +62,24 @@ int curlx_dyn_vprintf(struct dynbuf *dyn, const char *format, va_list ap_save); char *curlx_dyn_take(struct dynbuf *s, size_t *plen); /* Dynamic buffer max sizes */ -#define MAX_DYNBUF_SIZE (SIZE_MAX/2) +#define MAX_DYNBUF_SIZE (SIZE_MAX / 2) #define DYN_DOH_RESPONSE 3000 #define DYN_DOH_CNAME 256 #define DYN_PAUSE_BUFFER (64 * 1024 * 1024) #define DYN_HAXPROXY 2048 -#define DYN_HTTP_REQUEST (1024*1024) +#define DYN_HTTP_REQUEST (1024 * 1024) #define DYN_APRINTF 8000000 -#define DYN_RTSP_REQ_HEADER (64*1024) -#define DYN_TRAILERS (64*1024) +#define DYN_RTSP_REQ_HEADER (64 * 1024) +#define DYN_TRAILERS (64 * 1024) #define DYN_PROXY_CONNECT_HEADERS 16384 #define DYN_QLOG_NAME 1024 #define DYN_H1_TRAILER 4096 -#define DYN_PINGPPONG_CMD (64*1024) -#define DYN_IMAP_CMD (64*1024) -#define DYN_MQTT_RECV (64*1024) +#define DYN_PINGPPONG_CMD (64 * 1024) +#define DYN_IMAP_CMD (64 * 1024) +#define DYN_MQTT_RECV (64 * 1024) #define DYN_MQTT_SEND 0xFFFFFFF -#define DYN_CRLFILE_SIZE (400*1024*1024) /* 400mb */ -#define DYN_CERTFILE_SIZE (100*1024) /* 100KiB */ -#define DYN_KEYFILE_SIZE (100*1024) /* 100KiB */ +#define DYN_CRLFILE_SIZE (400 * 1024 * 1024) /* 400MiB */ +#define DYN_CERTFILE_SIZE (100 * 1024) /* 100KiB */ +#define DYN_KEYFILE_SIZE (100 * 1024) /* 100KiB */ #endif diff --git a/lib/curlx/fopen.h b/lib/curlx/fopen.h index eeb3fda946..fb3277a17e 100644 --- a/lib/curlx/fopen.h +++ b/lib/curlx/fopen.h @@ -51,11 +51,12 @@ int curlx_win32_open(const char *filename, int oflag, ...); #endif #ifdef CURLDEBUG -#define curlx_fopen(file,mode) curl_dbg_fopen(file,mode,__LINE__,__FILE__) -#define curlx_freopen(file,mode,fh) \ - curl_dbg_freopen(file,mode,fh,__LINE__,__FILE__) -#define curlx_fdopen(file,mode) curl_dbg_fdopen(file,mode,__LINE__,__FILE__) -#define curlx_fclose(file) curl_dbg_fclose(file,__LINE__,__FILE__) +#define curlx_fopen(file, mode) curl_dbg_fopen(file, mode, __LINE__, __FILE__) +#define curlx_freopen(file, mode, fh) \ + curl_dbg_freopen(file, mode, fh, __LINE__, __FILE__) +#define curlx_fdopen(file, mode) \ + curl_dbg_fdopen(file, mode, __LINE__, __FILE__) +#define curlx_fclose(file) curl_dbg_fclose(file, __LINE__, __FILE__) #else #define curlx_fopen CURLX_FOPEN_LOW #define curlx_freopen CURLX_FREOPEN_LOW diff --git a/lib/curlx/inet_ntop.c b/lib/curlx/inet_ntop.c index 771af81474..96c58273e2 100644 --- a/lib/curlx/inet_ntop.c +++ b/lib/curlx/inet_ntop.c @@ -109,17 +109,18 @@ static char *inet_ntop6(const unsigned char *src, char *dst, size_t size) */ memset(words, '\0', sizeof(words)); for(i = 0; i < IN6ADDRSZ; i++) - words[i/2] |= ((unsigned int)src[i] << ((1 - (i % 2)) << 3)); + words[i / 2] |= ((unsigned int)src[i] << ((1 - (i % 2)) << 3)); best.base = -1; - cur.base = -1; + cur.base = -1; best.len = 0; cur.len = 0; for(i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { if(words[i] == 0) { if(cur.base == -1) { - cur.base = i; cur.len = 1; + cur.base = i; + cur.len = 1; } else cur.len++; @@ -152,7 +153,7 @@ static char *inet_ntop6(const unsigned char *src, char *dst, size_t size) /* Is this address an encapsulated IPv4? */ if(i == 6 && best.base == 0 && - (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { + (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { if(!inet_ntop4(src + 12, tp, sizeof(tmp) - (tp - tmp))) { return NULL; } @@ -219,4 +220,4 @@ char *curlx_inet_ntop(int af, const void *src, char *buf, size_t size) return NULL; } } -#endif /* HAVE_INET_NTOP */ +#endif /* HAVE_INET_NTOP */ diff --git a/lib/curlx/inet_ntop.h b/lib/curlx/inet_ntop.h index 490f49e8a1..79cdc9e2af 100644 --- a/lib/curlx/inet_ntop.h +++ b/lib/curlx/inet_ntop.h @@ -37,11 +37,11 @@ #include #endif #ifdef __AMIGA__ -#define curlx_inet_ntop(af,addr,buf,size) \ +#define curlx_inet_ntop(af, addr, buf, size) \ (char *)inet_ntop(af, CURL_UNCONST(addr), (unsigned char *)buf, \ (curl_socklen_t)(size)) #else -#define curlx_inet_ntop(af,addr,buf,size) \ +#define curlx_inet_ntop(af, addr, buf, size) \ inet_ntop(af, addr, buf, (curl_socklen_t)(size)) #endif #else diff --git a/lib/curlx/inet_pton.c b/lib/curlx/inet_pton.c index b78fa5d746..7b4a404306 100644 --- a/lib/curlx/inet_pton.c +++ b/lib/curlx/inet_pton.c @@ -54,8 +54,8 @@ * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. */ -static int inet_pton4(const char *src, unsigned char *dst); -static int inet_pton6(const char *src, unsigned char *dst); +static int inet_pton4(const char *src, unsigned char *dst); +static int inet_pton6(const char *src, unsigned char *dst); /* int * inet_pton(af, src, dst) @@ -73,8 +73,7 @@ static int inet_pton6(const char *src, unsigned char *dst); * author: * Paul Vixie, 1996. */ -int -curlx_inet_pton(int af, const char *src, void *dst) +int curlx_inet_pton(int af, const char *src, void *dst) { switch(af) { case AF_INET: @@ -98,8 +97,7 @@ curlx_inet_pton(int af, const char *src, void *dst) * author: * Paul Vixie, 1996. */ -static int -inet_pton4(const char *src, unsigned char *dst) +static int inet_pton4(const char *src, unsigned char *dst) { int saw_digit, octets, ch; unsigned char tmp[INADDRSZ], *tp; @@ -151,8 +149,7 @@ inet_pton4(const char *src, unsigned char *dst) * author: * Paul Vixie, 1996. */ -static int -inet_pton6(const char *src, unsigned char *dst) +static int inet_pton6(const char *src, unsigned char *dst) { unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp; const char *curtok; @@ -187,14 +184,14 @@ inet_pton6(const char *src, unsigned char *dst) } if(tp + INT16SZ > endp) return 0; - *tp++ = (unsigned char) ((val >> 8) & 0xff); - *tp++ = (unsigned char) (val & 0xff); + *tp++ = (unsigned char)((val >> 8) & 0xff); + *tp++ = (unsigned char)(val & 0xff); saw_xdigit = 0; val = 0; continue; } if(ch == '.' && ((tp + INADDRSZ) <= endp) && - inet_pton4(curtok, tp) > 0) { + inet_pton4(curtok, tp) > 0) { tp += INADDRSZ; saw_xdigit = 0; break; /* '\0' was seen by inet_pton4(). */ @@ -204,8 +201,8 @@ inet_pton6(const char *src, unsigned char *dst) if(saw_xdigit) { if(tp + INT16SZ > endp) return 0; - *tp++ = (unsigned char) ((val >> 8) & 0xff); - *tp++ = (unsigned char) (val & 0xff); + *tp++ = (unsigned char)((val >> 8) & 0xff); + *tp++ = (unsigned char)(val & 0xff); } if(colonp) { /* diff --git a/lib/curlx/inet_pton.h b/lib/curlx/inet_pton.h index a9ad24c944..a52ef145da 100644 --- a/lib/curlx/inet_pton.h +++ b/lib/curlx/inet_pton.h @@ -37,9 +37,11 @@ #include #endif #ifdef __AMIGA__ -#define curlx_inet_pton(x,y,z) inet_pton(x,(unsigned char *)CURL_UNCONST(y),z) +#define curlx_inet_pton(x, y, z) \ + inet_pton(x, (unsigned char *)CURL_UNCONST(y), z) #else -#define curlx_inet_pton(x,y,z) inet_pton(x,y,z) +#define curlx_inet_pton(x, y, z) \ + inet_pton(x, y, z) #endif #else int curlx_inet_pton(int, const char *, void *); diff --git a/lib/curlx/nonblock.c b/lib/curlx/nonblock.c index b944f9546b..23eb8c0e3a 100644 --- a/lib/curlx/nonblock.c +++ b/lib/curlx/nonblock.c @@ -88,6 +88,6 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); #else -# error "no non-blocking method was found/used/set" +#error "no non-blocking method was found/used/set" #endif } diff --git a/lib/curlx/strerr.c b/lib/curlx/strerr.c index 3dbeab82ee..70ad1fb813 100644 --- a/lib/curlx/strerr.c +++ b/lib/curlx/strerr.c @@ -43,8 +43,7 @@ * codes (WSAGetLastError) to error messages. * Returns NULL if no error message was found for error code. */ -static const char * -get_winsock_error(int err, char *buf, size_t len) +static const char *get_winsock_error(int err, char *buf, size_t len) { #ifndef CURL_DISABLE_VERBOSE_STRINGS const char *p; diff --git a/lib/curlx/strparse.c b/lib/curlx/strparse.c index a29d8be2fd..c5a3ed2102 100644 --- a/lib/curlx/strparse.c +++ b/lib/curlx/strparse.c @@ -66,8 +66,7 @@ int curlx_str_until(const char **linep, struct Curl_str *out, /* Get a word until the first space or end of string. At least one byte long. return non-zero on error */ -int curlx_str_word(const char **linep, struct Curl_str *out, - const size_t max) +int curlx_str_word(const char **linep, struct Curl_str *out, const size_t max) { return curlx_str_until(linep, out, max, ' '); } @@ -95,7 +94,6 @@ int curlx_str_untilnl(const char **linep, struct Curl_str *out, return STRE_OK; } - /* Get a "quoted" word. No escaping possible. return non-zero on error */ int curlx_str_quotedword(const char **linep, struct Curl_str *out, @@ -141,8 +139,8 @@ int curlx_str_singlespace(const char **linep) } /* given an ASCII character and max ascii, return TRUE if valid */ -#define valid_digit(x,m) \ - (((x) >= '0') && ((x) <= m) && Curl_hexasciitable[(x)-'0']) +#define valid_digit(x, m) \ + (((x) >= '0') && ((x) <= m) && Curl_hexasciitable[(x) - '0']) /* We use 16 for the zero index (and the necessary bitwise AND in the loop) to be able to have a non-zero value there to make valid_digit() able to diff --git a/lib/curlx/timediff.c b/lib/curlx/timediff.c index a90da961ab..d8baabe63e 100644 --- a/lib/curlx/timediff.c +++ b/lib/curlx/timediff.c @@ -84,5 +84,5 @@ struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms) */ timediff_t curlx_tvtoms(struct timeval *tv) { - return (tv->tv_sec*1000) + (timediff_t)(tv->tv_usec/1000); + return (tv->tv_sec * 1000) + (timediff_t)(tv->tv_usec / 1000); } diff --git a/lib/curlx/timeval.c b/lib/curlx/timeval.c index a27525855b..ff49d7d274 100644 --- a/lib/curlx/timeval.c +++ b/lib/curlx/timeval.c @@ -79,7 +79,7 @@ struct curltime curlx_now(void) return now; } -#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC) || \ +#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC) || \ defined(HAVE_CLOCK_GETTIME_MONOTONIC_RAW) struct curltime curlx_now(void) @@ -103,7 +103,7 @@ struct curltime curlx_now(void) ** called on unsupported OS version. */ #if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \ - (HAVE_BUILTIN_AVAILABLE == 1) + (HAVE_BUILTIN_AVAILABLE == 1) bool have_clock_gettime = FALSE; if(__builtin_available(macOS 10.12, iOS 10, tvOS 10, watchOS 3, *)) have_clock_gettime = TRUE; @@ -111,8 +111,8 @@ struct curltime curlx_now(void) #ifdef HAVE_CLOCK_GETTIME_MONOTONIC_RAW if( -#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \ - (HAVE_BUILTIN_AVAILABLE == 1) +#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \ + (HAVE_BUILTIN_AVAILABLE == 1) have_clock_gettime && #endif (clock_gettime(CLOCK_MONOTONIC_RAW, &tsnow) == 0)) { @@ -124,7 +124,7 @@ struct curltime curlx_now(void) if( #if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \ - (HAVE_BUILTIN_AVAILABLE == 1) + (HAVE_BUILTIN_AVAILABLE == 1) have_clock_gettime && #endif (clock_gettime(CLOCK_MONOTONIC, &tsnow) == 0)) { @@ -222,12 +222,12 @@ struct curltime curlx_now(void) */ timediff_t curlx_timediff_ms(struct curltime newer, struct curltime older) { - timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; - if(diff >= (TIMEDIFF_T_MAX/1000)) + timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec; + if(diff >= (TIMEDIFF_T_MAX / 1000)) return TIMEDIFF_T_MAX; - else if(diff <= (TIMEDIFF_T_MIN/1000)) + else if(diff <= (TIMEDIFF_T_MIN / 1000)) return TIMEDIFF_T_MIN; - return diff * 1000 + (newer.tv_usec-older.tv_usec)/1000; + return diff * 1000 + (newer.tv_usec - older.tv_usec) / 1000; } /* @@ -237,12 +237,12 @@ timediff_t curlx_timediff_ms(struct curltime newer, struct curltime older) timediff_t curlx_timediff_ceil_ms(struct curltime newer, struct curltime older) { - timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; - if(diff >= (TIMEDIFF_T_MAX/1000)) + timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec; + if(diff >= (TIMEDIFF_T_MAX / 1000)) return TIMEDIFF_T_MAX; - else if(diff <= (TIMEDIFF_T_MIN/1000)) + else if(diff <= (TIMEDIFF_T_MIN / 1000)) return TIMEDIFF_T_MIN; - return diff * 1000 + (newer.tv_usec - older.tv_usec + 999)/1000; + return diff * 1000 + (newer.tv_usec - older.tv_usec + 999) / 1000; } /* @@ -251,10 +251,10 @@ timediff_t curlx_timediff_ceil_ms(struct curltime newer, */ timediff_t curlx_timediff_us(struct curltime newer, struct curltime older) { - timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; - if(diff >= (TIMEDIFF_T_MAX/1000000)) + timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec; + if(diff >= (TIMEDIFF_T_MAX / 1000000)) return TIMEDIFF_T_MAX; - else if(diff <= (TIMEDIFF_T_MIN/1000000)) + else if(diff <= (TIMEDIFF_T_MIN / 1000000)) return TIMEDIFF_T_MIN; - return diff * 1000000 + newer.tv_usec-older.tv_usec; + return diff * 1000000 + newer.tv_usec - older.tv_usec; } diff --git a/lib/curlx/wait.c b/lib/curlx/wait.c index 4e10a8297a..f1dd6e7a7e 100644 --- a/lib/curlx/wait.c +++ b/lib/curlx/wait.c @@ -74,7 +74,7 @@ int curlx_wait_ms(timediff_t timeout_ms) /* prevent overflow, timeout_ms is typecast to ULONG/DWORD. */ #if TIMEDIFF_T_MAX >= ULONG_MAX if(timeout_ms >= ULONG_MAX) - timeout_ms = ULONG_MAX-1; + timeout_ms = ULONG_MAX - 1; /* do not use ULONG_MAX, because that is equal to INFINITE */ #endif Sleep((DWORD)timeout_ms); diff --git a/lib/curlx/warnless.c b/lib/curlx/warnless.c index fafa83c98c..45442bd462 100644 --- a/lib/curlx/warnless.c +++ b/lib/curlx/warnless.c @@ -27,10 +27,10 @@ #if defined(__INTEL_COMPILER) && defined(__unix__) #ifdef HAVE_NETINET_IN_H -# include +#include #endif #ifdef HAVE_ARPA_INET_H -# include +#include #endif #endif /* __INTEL_COMPILER && __unix__ */ @@ -56,15 +56,15 @@ unsigned char curlx_ultouc(unsigned long ulnum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif - DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_UCHAR); - return (unsigned char)(ulnum & (unsigned long) CURL_MASK_UCHAR); + DEBUGASSERT(ulnum <= (unsigned long)CURL_MASK_UCHAR); + return (unsigned char)(ulnum & (unsigned long)CURL_MASK_UCHAR); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -75,15 +75,15 @@ unsigned char curlx_ultouc(unsigned long ulnum) int curlx_uztosi(size_t uznum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif - DEBUGASSERT(uznum <= (size_t) CURL_MASK_SINT); - return (int)(uznum & (size_t) CURL_MASK_SINT); + DEBUGASSERT(uznum <= (size_t)CURL_MASK_SINT); + return (int)(uznum & (size_t)CURL_MASK_SINT); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -94,17 +94,17 @@ int curlx_uztosi(size_t uznum) unsigned long curlx_uztoul(size_t uznum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif #if ULONG_MAX < SIZE_MAX - DEBUGASSERT(uznum <= (size_t) CURL_MASK_ULONG); + DEBUGASSERT(uznum <= (size_t)CURL_MASK_ULONG); #endif - return (unsigned long)(uznum & (size_t) CURL_MASK_ULONG); + return (unsigned long)(uznum & (size_t)CURL_MASK_ULONG); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -115,17 +115,17 @@ unsigned long curlx_uztoul(size_t uznum) unsigned int curlx_uztoui(size_t uznum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif #if UINT_MAX < SIZE_MAX - DEBUGASSERT(uznum <= (size_t) CURL_MASK_UINT); + DEBUGASSERT(uznum <= (size_t)CURL_MASK_UINT); #endif - return (unsigned int)(uznum & (size_t) CURL_MASK_UINT); + return (unsigned int)(uznum & (size_t)CURL_MASK_UINT); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -136,18 +136,18 @@ unsigned int curlx_uztoui(size_t uznum) int curlx_sltosi(long slnum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif DEBUGASSERT(slnum >= 0); #if INT_MAX < LONG_MAX - DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_SINT); + DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_SINT); #endif - return (int)(slnum & (long) CURL_MASK_SINT); + return (int)(slnum & (long)CURL_MASK_SINT); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -158,18 +158,18 @@ int curlx_sltosi(long slnum) unsigned int curlx_sltoui(long slnum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif DEBUGASSERT(slnum >= 0); #if UINT_MAX < LONG_MAX - DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_UINT); + DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_UINT); #endif - return (unsigned int)(slnum & (long) CURL_MASK_UINT); + return (unsigned int)(slnum & (long)CURL_MASK_UINT); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -180,16 +180,16 @@ unsigned int curlx_sltoui(long slnum) unsigned short curlx_sltous(long slnum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif DEBUGASSERT(slnum >= 0); - DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_USHORT); - return (unsigned short)(slnum & (long) CURL_MASK_USHORT); + DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_USHORT); + return (unsigned short)(slnum & (long)CURL_MASK_USHORT); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -200,15 +200,15 @@ unsigned short curlx_sltous(long slnum) ssize_t curlx_uztosz(size_t uznum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif - DEBUGASSERT(uznum <= (size_t) CURL_MASK_SSIZE_T); - return (ssize_t)(uznum & (size_t) CURL_MASK_SSIZE_T); + DEBUGASSERT(uznum <= (size_t)CURL_MASK_SSIZE_T); + return (ssize_t)(uznum & (size_t)CURL_MASK_SSIZE_T); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -219,15 +219,15 @@ ssize_t curlx_uztosz(size_t uznum) size_t curlx_sotouz(curl_off_t sonum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif DEBUGASSERT(sonum >= 0); - return (size_t)(sonum & (curl_off_t) CURL_MASK_USIZE_T); + return (size_t)(sonum & (curl_off_t)CURL_MASK_USIZE_T); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -238,18 +238,18 @@ size_t curlx_sotouz(curl_off_t sonum) int curlx_sztosi(ssize_t sznum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif DEBUGASSERT(sznum >= 0); #if INT_MAX < SSIZE_MAX - DEBUGASSERT((size_t) sznum <= (size_t) CURL_MASK_SINT); + DEBUGASSERT((size_t)sznum <= (size_t)CURL_MASK_SINT); #endif - return (int)(sznum & (ssize_t) CURL_MASK_SINT); + return (int)(sznum & (ssize_t)CURL_MASK_SINT); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -260,15 +260,15 @@ int curlx_sztosi(ssize_t sznum) unsigned short curlx_uitous(unsigned int uinum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif - DEBUGASSERT(uinum <= (unsigned int) CURL_MASK_USHORT); - return (unsigned short) (uinum & (unsigned int) CURL_MASK_USHORT); + DEBUGASSERT(uinum <= (unsigned int)CURL_MASK_USHORT); + return (unsigned short)(uinum & (unsigned int)CURL_MASK_USHORT); #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -279,15 +279,15 @@ unsigned short curlx_uitous(unsigned int uinum) size_t curlx_sitouz(int sinum) { #ifdef __INTEL_COMPILER -# pragma warning(push) -# pragma warning(disable:810) /* conversion may lose significant bits */ +#pragma warning(push) +#pragma warning(disable:810) /* conversion may lose significant bits */ #endif DEBUGASSERT(sinum >= 0); - return (size_t) sinum; + return (size_t)sinum; #ifdef __INTEL_COMPILER -# pragma warning(pop) +#pragma warning(pop) #endif } @@ -333,7 +333,6 @@ bool curlx_sotouz_fits(curl_off_t sonum, size_t *puznum) return TRUE; } - bool curlx_sltouz(long slnum, size_t *puznum) { if(slnum < 0) { diff --git a/lib/curlx/warnless.h b/lib/curlx/warnless.h index 52e7ec2a5c..5f324ac375 100644 --- a/lib/curlx/warnless.h +++ b/lib/curlx/warnless.h @@ -31,7 +31,7 @@ #endif #define CURLX_FUNCTION_CAST(target_type, func) \ - (target_type)(void (*) (void))(func) + (target_type)(void (*)(void))(func) unsigned char curlx_ultouc(unsigned long ulnum); diff --git a/lib/curlx/winapi.c b/lib/curlx/winapi.c index 4cacbcb618..3243f7cb4a 100644 --- a/lib/curlx/winapi.c +++ b/lib/curlx/winapi.c @@ -57,8 +57,8 @@ const char *curlx_get_winapi_error(DWORD err, char *buf, size_t buflen) /* Truncate multiple lines */ p = strchr(buf, '\n'); if(p) { - if(p > buf && *(p-1) == '\r') - *(p-1) = '\0'; + if(p > buf && *(p - 1) == '\r') + *(p - 1) = '\0'; else *p = '\0'; } @@ -89,7 +89,6 @@ const char *curlx_winapi_strerror(DWORD err, char *buf, size_t buflen) #if defined(__GNUC__) && __GNUC__ >= 7 #pragma GCC diagnostic pop #endif - } #else { diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c index d259bc42b5..862310111e 100644 --- a/lib/vauth/cleartext.c +++ b/lib/vauth/cleartext.c @@ -27,8 +27,8 @@ #include "../curl_setup.h" -#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \ - !defined(CURL_DISABLE_POP3) || \ +#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \ + !defined(CURL_DISABLE_POP3) || \ (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP)) #include @@ -110,8 +110,7 @@ void Curl_auth_create_login_message(const char *valuep, struct bufref *out) * * Returns void. */ -void Curl_auth_create_external_message(const char *user, - struct bufref *out) +void Curl_auth_create_external_message(const char *user, struct bufref *out) { /* This is the same formatting as the login message */ Curl_auth_create_login_message(user, out); diff --git a/lib/vauth/cram.c b/lib/vauth/cram.c index 3b02e5751f..9bc5544a64 100644 --- a/lib/vauth/cram.c +++ b/lib/vauth/cram.c @@ -63,7 +63,7 @@ CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg, /* Compute the digest using the password as the key */ ctxt = Curl_HMAC_init(&Curl_HMAC_MD5, - (const unsigned char *) passwdp, + (const unsigned char *)passwdp, curlx_uztoui(strlen(passwdp))); if(!ctxt) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index 850891f175..c5fea67394 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -138,20 +138,20 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, #ifndef USE_WINDOWS_SSPI /* Convert MD5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */ - unsigned char *dest) /* 33 bytes */ + unsigned char *dest) /* 33 bytes */ { int i; for(i = 0; i < 16; i++) - curl_msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]); + curl_msnprintf((char *)&dest[i * 2], 3, "%02x", source[i]); } /* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ASCII string */ static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */ - unsigned char *dest) /* 65 bytes */ + unsigned char *dest) /* 65 bytes */ { int i; for(i = 0; i < 32; i++) - curl_msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]); + curl_msnprintf((char *)&dest[i * 2], 3, "%02x", source[i]); } /* Perform quoted-string escaping as described in RFC2616 and its errata */ @@ -272,7 +272,7 @@ static CURLcode auth_decode_digest_md5_message(const struct bufref *chlgref, char *alg, size_t alen, char *qop, size_t qlen) { - const char *chlg = (const char *) Curl_bufref_ptr(chlgref); + const char *chlg = (const char *)Curl_bufref_ptr(chlgref); /* Ensure we have a valid challenge message */ if(!Curl_bufref_len(chlgref)) @@ -387,13 +387,13 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, if(!ctxt) return CURLE_OUT_OF_MEMORY; - Curl_MD5_update(ctxt, (const unsigned char *) userp, + Curl_MD5_update(ctxt, (const unsigned char *)userp, curlx_uztoui(strlen(userp))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) realm, + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)realm, curlx_uztoui(strlen(realm))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) passwdp, + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)passwdp, curlx_uztoui(strlen(passwdp))); Curl_MD5_final(ctxt, digest); @@ -401,12 +401,12 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, if(!ctxt) return CURLE_OUT_OF_MEMORY; - Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) nonce, + Curl_MD5_update(ctxt, (const unsigned char *)digest, MD5_DIGEST_LEN); + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)nonce, curlx_uztoui(strlen(nonce))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) cnonce, + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)cnonce, curlx_uztoui(strlen(cnonce))); Curl_MD5_final(ctxt, digest); @@ -427,10 +427,10 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } - Curl_MD5_update(ctxt, (const unsigned char *) method, + Curl_MD5_update(ctxt, (const unsigned char *)method, curlx_uztoui(strlen(method))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) spn, + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)spn, curlx_uztoui(strlen(spn))); Curl_MD5_final(ctxt, digest); @@ -445,23 +445,23 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } - Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) nonce, + Curl_MD5_update(ctxt, (const unsigned char *)HA1_hex, 2 * MD5_DIGEST_LEN); + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)nonce, curlx_uztoui(strlen(nonce))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) nonceCount, + Curl_MD5_update(ctxt, (const unsigned char *)nonceCount, curlx_uztoui(strlen(nonceCount))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) cnonce, + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)cnonce, curlx_uztoui(strlen(cnonce))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) qop, + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)qop, curlx_uztoui(strlen(qop))); - Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); + Curl_MD5_update(ctxt, (const unsigned char *)":", 1); - Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN); + Curl_MD5_update(ctxt, (const unsigned char *)HA2_hex, 2 * MD5_DIGEST_LEN); Curl_MD5_final(ctxt, digest); for(i = 0; i < MD5_DIGEST_LEN; i++) @@ -553,7 +553,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, if(curlx_str_casecompare(&out, DIGEST_QOP_VALUE_STRING_AUTH)) foundAuth = TRUE; else if(curlx_str_casecompare(&out, - DIGEST_QOP_VALUE_STRING_AUTH_INT)) + DIGEST_QOP_VALUE_STRING_AUTH_INT)) foundAuthInt = TRUE; if(curlx_str_single(&token, ',')) break; @@ -720,7 +720,7 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis)); curlx_free(hashthis); if(result) return result; @@ -743,7 +743,7 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis)); curlx_free(hashthis); if(result) return result; @@ -755,7 +755,7 @@ static CURLcode auth_create_digest_http_message( if(!tmp) return CURLE_OUT_OF_MEMORY; - result = hash(hashbuf, (unsigned char *) tmp, strlen(tmp)); + result = hash(hashbuf, (unsigned char *)tmp, strlen(tmp)); curlx_free(tmp); if(result) return result; @@ -799,7 +799,7 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis)); curlx_free(hashthis); if(result) return result; @@ -816,7 +816,7 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis)); curlx_free(hashthis); if(result) return result; @@ -1015,9 +1015,9 @@ void Curl_auth_digest_cleanup(struct digestdata *digest) digest->nc = 0; digest->algo = ALGO_MD5; /* default algorithm */ - digest->stale = FALSE; /* default means normal, not stale */ + digest->stale = FALSE; /* default means normal, not stale */ digest->userhash = FALSE; } -#endif /* !USE_WINDOWS_SSPI */ +#endif /* !USE_WINDOWS_SSPI */ -#endif /* !CURL_DISABLE_DIGEST_AUTH */ +#endif /* !CURL_DISABLE_DIGEST_AUTH */ diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c index ea6a66af9f..550810acda 100644 --- a/lib/vauth/digest_sspi.c +++ b/lib/vauth/digest_sspi.c @@ -42,14 +42,14 @@ #include "../strerror.h" /* -* Curl_auth_is_digest_supported() -* -* This is used to evaluate if DIGEST is supported. -* -* Parameters: None -* -* Returns TRUE if DIGEST is supported by Windows SSPI. -*/ + * Curl_auth_is_digest_supported() + * + * This is used to evaluate if DIGEST is supported. + * + * Parameters: None + * + * Returns TRUE if DIGEST is supported by Windows SSPI. + */ bool Curl_auth_is_digest_supported(void) { PSecPkgInfo SecurityPackage; diff --git a/lib/vauth/gsasl.c b/lib/vauth/gsasl.c index debeda0604..8330a4bd71 100644 --- a/lib/vauth/gsasl.c +++ b/lib/vauth/gsasl.c @@ -100,7 +100,7 @@ CURLcode Curl_auth_gsasl_token(struct Curl_easy *data, size_t outlen; res = gsasl_step(gsasl->client, - (const char *) Curl_bufref_ptr(chlg), Curl_bufref_len(chlg), + (const char *)Curl_bufref_ptr(chlg), Curl_bufref_len(chlg), &response, &outlen); if(res != GSASL_OK && res != GSASL_NEEDS_MORE) { failf(data, "GSASL step: %s", gsasl_strerror(res)); diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c index 9ea36171fa..1590949d68 100644 --- a/lib/vauth/krb5_gssapi.c +++ b/lib/vauth/krb5_gssapi.c @@ -159,7 +159,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, gss_release_buffer(&unused_status, &output_token); } else - Curl_bufref_set(out, mutual_auth ? "": NULL, 0, NULL); + Curl_bufref_set(out, mutual_auth ? "" : NULL, 0, NULL); return result; } diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index 10fbac7644..2f82345b98 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -278,8 +278,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, /* Get our response size information */ status = Curl_pSecFn->QueryContextAttributes(krb5->context, - SECPKG_ATTR_SIZES, - &sizes); + SECPKG_ATTR_SIZES, &sizes); if(status == SEC_E_INSUFFICIENT_MEMORY) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index a757d1c8f9..e5eb1de5ef 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -48,7 +48,6 @@ #include "vauth.h" #include "../curl_endian.h" - /* NTLM buffer fixed size, large enough for long user + host + domain */ #define NTLM_BUFSIZE 1024 @@ -158,7 +157,7 @@ #define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50" #if DEBUG_ME -# define DEBUG_OUT(x) x +#define DEBUG_OUT(x) x static void ntlm_print_flags(FILE *handle, unsigned long flags) { if(flags & NTLMFLAG_NEGOTIATE_UNICODE) @@ -236,7 +235,7 @@ static void ntlm_print_hex(FILE *handle, const char *buf, size_t len) curl_mfprintf(stderr, "%02.2x", (unsigned int)*p++); } #else -# define DEBUG_OUT(x) Curl_nop_stmt +#define DEBUG_OUT(x) Curl_nop_stmt #endif /* diff --git a/lib/vauth/ntlm_sspi.c b/lib/vauth/ntlm_sspi.c index d976bc5d21..bab319671c 100644 --- a/lib/vauth/ntlm_sspi.c +++ b/lib/vauth/ntlm_sspi.c @@ -221,7 +221,6 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data, } /* -* Curl_auth_create_ntlm_type3_message() * Curl_auth_create_ntlm_type3_message() * * This is used to generate an already encoded NTLM type-3 message ready for @@ -267,12 +266,12 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS /* ssl context comes from schannel. - * When extended protection is used in IIS server, - * we have to pass a second SecBuffer to the SecBufferDesc - * otherwise IIS will not pass the authentication (401 response). - * Minimum supported version is Windows 7. - * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811 - */ + * When extended protection is used in IIS server, + * we have to pass a second SecBuffer to the SecBufferDesc + * otherwise IIS will not pass the authentication (401 response). + * Minimum supported version is Windows 7. + * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811 + */ if(ntlm->sslContext) { SEC_CHANNEL_BINDINGS channelBindings; SecPkgContext_Bindings pkgBindings; diff --git a/lib/vauth/oauth2.c b/lib/vauth/oauth2.c index 0bb7a9d6bd..3b4d4164f0 100644 --- a/lib/vauth/oauth2.c +++ b/lib/vauth/oauth2.c @@ -27,7 +27,7 @@ #include "../curl_setup.h" #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \ - !defined(CURL_DISABLE_POP3) || \ + !defined(CURL_DISABLE_POP3) || \ (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP)) #include diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c index 90e622da3d..2b0504f630 100644 --- a/lib/vauth/spnego_sspi.c +++ b/lib/vauth/spnego_sspi.c @@ -139,7 +139,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, nego->output_token = curlx_malloc(nego->token_max); if(!nego->output_token) return CURLE_OUT_OF_MEMORY; - } + } if(!nego->credentials) { /* Do we have credentials to use or are we using single sign-on? */ @@ -200,12 +200,12 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS /* ssl context comes from Schannel. - * When extended protection is used in IIS server, - * we have to pass a second SecBuffer to the SecBufferDesc - * otherwise IIS will not pass the authentication (401 response). - * Minimum supported version is Windows 7. - * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811 - */ + * When extended protection is used in IIS server, + * we have to pass a second SecBuffer to the SecBufferDesc + * otherwise IIS will not pass the authentication (401 response). + * Minimum supported version is Windows 7. + * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811 + */ if(nego->sslContext) { SEC_CHANNEL_BINDINGS channelBindings; SecPkgContext_Bindings pkgBindings; diff --git a/lib/vauth/vauth.c b/lib/vauth/vauth.c index 6626ace8bc..4ca6cef7c8 100644 --- a/lib/vauth/vauth.c +++ b/lib/vauth/vauth.c @@ -171,13 +171,11 @@ static void ntlm_conn_dtor(void *key, size_t klen, void *entry) struct ntlmdata *Curl_auth_ntlm_get(struct connectdata *conn, bool proxy) { - const char *key = proxy ? CURL_META_NTLM_PROXY_CONN : - CURL_META_NTLM_CONN; + const char *key = proxy ? CURL_META_NTLM_PROXY_CONN : CURL_META_NTLM_CONN; struct ntlmdata *ntlm = Curl_conn_meta_get(conn, key); if(!ntlm) { ntlm = curlx_calloc(1, sizeof(*ntlm)); - if(!ntlm || - Curl_conn_meta_set(conn, key, ntlm, ntlm_conn_dtor)) + if(!ntlm || Curl_conn_meta_set(conn, key, ntlm, ntlm_conn_dtor)) return NULL; } return ntlm; @@ -185,8 +183,8 @@ struct ntlmdata *Curl_auth_ntlm_get(struct connectdata *conn, bool proxy) void Curl_auth_ntlm_remove(struct connectdata *conn, bool proxy) { - Curl_conn_meta_remove(conn, proxy ? - CURL_META_NTLM_PROXY_CONN : CURL_META_NTLM_CONN); + Curl_conn_meta_remove(conn, proxy ? CURL_META_NTLM_PROXY_CONN + : CURL_META_NTLM_CONN); } #endif /* USE_NTLM */ @@ -257,13 +255,11 @@ static void nego_conn_dtor(void *key, size_t klen, void *entry) struct negotiatedata *Curl_auth_nego_get(struct connectdata *conn, bool proxy) { - const char *key = proxy ? CURL_META_NEGO_PROXY_CONN : - CURL_META_NEGO_CONN; + const char *key = proxy ? CURL_META_NEGO_PROXY_CONN : CURL_META_NEGO_CONN; struct negotiatedata *nego = Curl_conn_meta_get(conn, key); if(!nego) { nego = curlx_calloc(1, sizeof(*nego)); - if(!nego || - Curl_conn_meta_set(conn, key, nego, nego_conn_dtor)) + if(!nego || Curl_conn_meta_set(conn, key, nego, nego_conn_dtor)) return NULL; } return nego; diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c index 62255285b6..09b30229f0 100644 --- a/lib/vquic/curl_ngtcp2.c +++ b/lib/vquic/curl_ngtcp2.c @@ -72,14 +72,14 @@ #include "../curlx/warnless.h" -#define QUIC_MAX_STREAMS (256*1024) -#define QUIC_HANDSHAKE_TIMEOUT (10*NGTCP2_SECONDS) +#define QUIC_MAX_STREAMS (256 * 1024) +#define QUIC_HANDSHAKE_TIMEOUT (10 * NGTCP2_SECONDS) /* A stream window is the maximum amount we need to buffer for * each active transfer. * Chunk size is large enough to take a full DATA frame */ #define H3_STREAM_WINDOW_SIZE (64 * 1024) -#define H3_STREAM_CHUNK_SIZE (16 * 1024) +#define H3_STREAM_CHUNK_SIZE (16 * 1024) #if H3_STREAM_CHUNK_SIZE < NGTCP2_MAX_UDP_PAYLOAD_SIZE #error H3_STREAM_CHUNK_SIZE smaller than NGTCP2_MAX_UDP_PAYLOAD_SIZE #endif @@ -150,8 +150,7 @@ struct cf_ngtcp2_ctx { /* How to access `call_data` from a cf_ngtcp2 filter */ #undef CF_CTX_CALL_DATA -#define CF_CTX_CALL_DATA(cf) \ - ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data +#define CF_CTX_CALL_DATA(cf) ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data static void h3_stream_hash_free(unsigned int id, void *stream); @@ -187,14 +186,14 @@ static void cf_ngtcp2_setup_keep_alive(struct Curl_cfilter *cf, struct cf_ngtcp2_ctx *ctx = cf->ctx; const ngtcp2_transport_params *rp; /* Peer should have sent us its transport parameters. If it - * announces a positive `max_idle_timeout` it will close the - * connection when it does not hear from us for that time. - * - * Some servers use this as a keep-alive timer at a rather low - * value. We are doing HTTP/3 here and waiting for the response - * to a request may take a considerable amount of time. We need - * to prevent the peer's QUIC stack from closing in this case. - */ + * announces a positive `max_idle_timeout` it will close the + * connection when it does not hear from us for that time. + * + * Some servers use this as a keep-alive timer at a rather low + * value. We are doing HTTP/3 here and waiting for the response + * to a request may take a considerable amount of time. We need + * to prevent the peer's QUIC stack from closing in this case. + */ if(!ctx->qconn) return; @@ -218,7 +217,6 @@ static void cf_ngtcp2_setup_keep_alive(struct Curl_cfilter *cf, } } - struct pkt_io_ctx; static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -231,20 +229,20 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf, * All about the H3 internals of a stream */ struct h3_stream_ctx { - int64_t id; /* HTTP/3 protocol identifier */ - struct bufq sendbuf; /* h3 request body */ - struct h1_req_parser h1; /* h1 request parsing */ + int64_t id; /* HTTP/3 protocol identifier */ + struct bufq sendbuf; /* h3 request body */ + struct h1_req_parser h1; /* h1 request parsing */ size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */ - uint64_t error3; /* HTTP/3 stream error code */ - curl_off_t upload_left; /* number of request bytes left to upload */ - uint64_t download_unacked; /* bytes not acknowledged yet */ - int status_code; /* HTTP status code */ - CURLcode xfer_result; /* result from xfer_resp_write(_hd) */ - BIT(resp_hds_complete); /* we have a complete, final response */ - BIT(closed); /* TRUE on stream close */ - BIT(reset); /* TRUE on stream reset */ - BIT(send_closed); /* stream is local closed */ - BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ + uint64_t error3; /* HTTP/3 stream error code */ + curl_off_t upload_left; /* number of request bytes left to upload */ + uint64_t download_unacked; /* bytes not acknowledged yet */ + int status_code; /* HTTP status code */ + CURLcode xfer_result; /* result from xfer_resp_write(_hd) */ + BIT(resp_hds_complete); /* we have a complete, final response */ + BIT(closed); /* TRUE on stream close */ + BIT(reset); /* TRUE on stream reset */ + BIT(send_closed); /* stream is local closed */ + BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ }; static void h3_stream_ctx_free(struct h3_stream_ctx *stream) @@ -315,8 +313,8 @@ static bool cf_ngtcp2_sfind(uint32_t mid, void *value, void *user_data) return TRUE; /* continue */ } -static struct h3_stream_ctx * -cf_ngtcp2_get_stream(struct cf_ngtcp2_ctx *ctx, int64_t stream_id) +static struct h3_stream_ctx *cf_ngtcp2_get_stream(struct cf_ngtcp2_ctx *ctx, + int64_t stream_id) { struct cf_ngtcp2_sfind_ctx fctx; fctx.stream_id = stream_id; @@ -367,8 +365,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%" PRId64 "] easy handle is done", - stream->id); + CURL_TRC_CF(data, cf, "[%" PRId64 "] easy handle is done", stream->id); cf_ngtcp2_stream_close(cf, data, stream); Curl_uint32_hash_remove(&ctx->streams, data->mid); if(!Curl_uint32_hash_count(&ctx->streams)) @@ -640,10 +637,9 @@ static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags, return 0; } -static int -cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id, - uint64_t offset, uint64_t datalen, void *user_data, - void *stream_user_data) +static int cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id, + uint64_t offset, uint64_t datalen, + void *user_data, void *stream_user_data) { struct Curl_cfilter *cf = user_data; struct cf_ngtcp2_ctx *ctx = cf->ctx; @@ -830,8 +826,8 @@ static int cb_recv_rx_key(ngtcp2_conn *tconn, ngtcp2_encryption_level level, } #if defined(_MSC_VER) && defined(_DLL) -# pragma warning(push) -# pragma warning(disable:4232) /* MSVC extension, dllimport identity */ +#pragma warning(push) +#pragma warning(disable:4232) /* MSVC extension, dllimport identity */ #endif static ngtcp2_callbacks ng_callbacks = { @@ -881,7 +877,7 @@ static ngtcp2_callbacks ng_callbacks = { }; #if defined(_MSC_VER) && defined(_DLL) -# pragma warning(pop) +#pragma warning(pop) #endif /** @@ -1337,9 +1333,9 @@ static CURLcode init_ngh3_conn(struct Curl_cfilter *cf, } static CURLcode recv_closed_stream(struct Curl_cfilter *cf, - struct Curl_easy *data, - struct h3_stream_ctx *stream, - size_t *pnread) + struct Curl_easy *data, + struct h3_stream_ctx *stream, + size_t *pnread) { (void)cf; *pnread = 0; @@ -1452,11 +1448,10 @@ static int cb_h3_acked_req_body(nghttp3_conn *conn, int64_t stream_id, return 0; } -static nghttp3_ssize -cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, - nghttp3_vec *vec, size_t veccnt, - uint32_t *pflags, void *user_data, - void *stream_user_data) +static nghttp3_ssize cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, + nghttp3_vec *vec, size_t veccnt, + uint32_t *pflags, void *user_data, + void *stream_user_data) { struct Curl_cfilter *cf = user_data; struct cf_ngtcp2_ctx *ctx = cf->ctx; @@ -1504,8 +1499,7 @@ cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, } else if(!nwritten) { /* Not EOF, and nothing to give, we signal WOULDBLOCK. */ - CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN", - stream->id); + CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN", stream->id); return NGHTTP3_ERR_WOULDBLOCK; } @@ -1961,7 +1955,7 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf, */ max_payload_size = ngtcp2_conn_get_max_tx_udp_payload_size(ctx->qconn); path_max_payload_size = - ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn); + ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn); send_quantum = ngtcp2_conn_get_send_quantum(ctx->qconn); CURL_TRC_CF(data, cf, "egress, collect and send packets, quantum=%zu", send_quantum); @@ -1977,7 +1971,7 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf, size_t buflen = Curl_bufq_len(&ctx->q.sendbuf); if((buflen >= send_quantum) || ((buflen + gsolen) >= ctx->q.sendbuf.chunk_size)) - break; + break; DEBUGASSERT(nread > 0); ++pktcnt; if(pktcnt == 1) { @@ -2283,16 +2277,26 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) static const char *gtls_hs_msg_name(int mtype) { switch(mtype) { - case 1: return "ClientHello"; - case 2: return "ServerHello"; - case 4: return "SessionTicket"; - case 8: return "EncryptedExtensions"; - case 11: return "Certificate"; - case 13: return "CertificateRequest"; - case 15: return "CertificateVerify"; - case 20: return "Finished"; - case 24: return "KeyUpdate"; - case 254: return "MessageHash"; + case 1: + return "ClientHello"; + case 2: + return "ServerHello"; + case 4: + return "SessionTicket"; + case 8: + return "EncryptedExtensions"; + case 11: + return "Certificate"; + case 13: + return "CertificateRequest"; + case 15: + return "CertificateVerify"; + case 20: + return "Finished"; + case 24: + return "KeyUpdate"; + case 254: + return "MessageHash"; } return "Unknown"; } @@ -2458,7 +2462,7 @@ static CURLcode cf_ngtcp2_on_session_reuse(struct Curl_cfilter *cf, #endif /* WOLFSSL_EARLY_DATA */ #endif #if defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \ - (defined(USE_OPENSSL) && defined(HAVE_OPENSSL_EARLYDATA)) + (defined(USE_OPENSSL) && defined(HAVE_OPENSSL_EARLYDATA)) if((!ctx->earlydata_max)) { CURL_TRC_CF(data, cf, "SSL session does not allow earlydata"); } @@ -2668,7 +2672,7 @@ out: CURL_TRC_CF(data, cf, "connection refused by server"); /* When a QUIC server instance is shutting down, it may send us a * CONNECTION_CLOSE with this code right away. We want - * to keep on trying in this case. */ + * to keep on trying in this case. */ result = CURLE_WEIRD_SERVER_REPLY; } } diff --git a/lib/vquic/curl_osslq.c b/lib/vquic/curl_osslq.c index 7bca97b408..ece4ce6ad5 100644 --- a/lib/vquic/curl_osslq.c +++ b/lib/vquic/curl_osslq.c @@ -453,29 +453,29 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3, * BUT OpenSSL does not offer this information to us. So, we silently * ignore all such streams we do not expect. */ switch(stype) { - case SSL_STREAM_TYPE_READ: { - struct cf_osslq_stream *nstream; - if(h3->remote_ctrl_n >= CURL_ARRAYSIZE(h3->remote_ctrl)) { - /* rejected, we are full */ - CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote uni stream", - stream_id); - SSL_free(stream_ssl); - return CURLE_OK; - } - nstream = &h3->remote_ctrl[h3->remote_ctrl_n++]; - nstream->id = stream_id; - nstream->ssl = stream_ssl; - Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE); - CURL_TRC_CF(data, cf, "[%" PRId64 "] accepted remote uni stream", + case SSL_STREAM_TYPE_READ: { + struct cf_osslq_stream *nstream; + if(h3->remote_ctrl_n >= CURL_ARRAYSIZE(h3->remote_ctrl)) { + /* rejected, we are full */ + CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote uni stream", stream_id); - return CURLE_OK; - } - default: - CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote %s" - " stream, type=%x", stream_id, - (stype == SSL_STREAM_TYPE_BIDI) ? "bidi" : "write", stype); SSL_free(stream_ssl); return CURLE_OK; + } + nstream = &h3->remote_ctrl[h3->remote_ctrl_n++]; + nstream->id = stream_id; + nstream->ssl = stream_ssl; + Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE); + CURL_TRC_CF(data, cf, "[%" PRId64 "] accepted remote uni stream", + stream_id); + return CURLE_OK; + } + default: + CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote %s" + " stream, type=%x", stream_id, + (stype == SSL_STREAM_TYPE_BIDI) ? "bidi" : "write", stype); + SSL_free(stream_ssl); + return CURLE_OK; } } @@ -505,8 +505,7 @@ static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf, lerr = SSL_get_verify_result(ctx->tls.ossl.ssl); if(lerr != X509_V_OK) { ssl_config->certverifyresult = lerr; - curl_msnprintf(ebuf, sizeof(ebuf), - "SSL certificate problem: %s", + curl_msnprintf(ebuf, sizeof(ebuf), "SSL certificate problem: %s", X509_verify_cert_error_string(lerr)); } else @@ -540,7 +539,7 @@ static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf, * the SO_ERROR is also lost. */ if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) { - char extramsg[80]=""; + char extramsg[80] = ""; int sockerr = SOCKERRNO; struct ip_quadruple ip; @@ -570,20 +569,21 @@ static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf, */ struct h3_stream_ctx { struct cf_osslq_stream s; - struct bufq sendbuf; /* h3 request body */ - struct bufq recvbuf; /* h3 response body */ - struct h1_req_parser h1; /* h1 request parsing */ + struct bufq sendbuf; /* h3 request body */ + struct bufq recvbuf; /* h3 response body */ + struct h1_req_parser h1; /* h1 request parsing */ size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */ - size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */ - uint64_t error3; /* HTTP/3 stream error code */ - curl_off_t upload_left; /* number of request bytes left to upload */ - curl_off_t download_recvd; /* number of response DATA bytes received */ - int status_code; /* HTTP status code */ - BIT(resp_hds_complete); /* we have a complete, final response */ - BIT(closed); /* TRUE on stream close */ - BIT(reset); /* TRUE on stream reset */ - BIT(send_closed); /* stream is local closed */ - BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ + size_t recv_buf_nonflow; /* buffered bytes, + not counting for flow control */ + uint64_t error3; /* HTTP/3 stream error code */ + curl_off_t upload_left; /* number of request bytes left to upload */ + curl_off_t download_recvd; /* number of response DATA bytes received */ + int status_code; /* HTTP status code */ + BIT(resp_hds_complete); /* we have a complete, final response */ + BIT(closed); /* TRUE on stream close */ + BIT(reset); /* TRUE on stream reset */ + BIT(send_closed); /* stream is local closed */ + BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ }; static void h3_stream_ctx_free(struct h3_stream_ctx *stream) @@ -645,8 +645,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%" PRIu64 "] easy handle is done", - stream->s.id); + CURL_TRC_CF(data, cf, "[%" PRIu64 "] easy handle is done", stream->s.id); if(ctx->h3.conn && (stream->s.id >= 0) && !stream->closed) { nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id); nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id, @@ -965,11 +964,10 @@ static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t stream_id, return 0; } -static nghttp3_ssize -cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, - nghttp3_vec *vec, size_t veccnt, - uint32_t *pflags, void *user_data, - void *stream_user_data) +static nghttp3_ssize cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, + nghttp3_vec *vec, size_t veccnt, + uint32_t *pflags, void *user_data, + void *stream_user_data) { struct Curl_cfilter *cf = user_data; struct cf_osslq_ctx *ctx = cf->ctx; @@ -1106,21 +1104,21 @@ static CURLcode cf_osslq_h3conn_init(struct cf_osslq_ctx *ctx, SSL *conn, } result = cf_osslq_stream_open(&h3->s_ctrl, conn, - SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI, + SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI, &ctx->stream_bufcp, NULL); if(result) { result = CURLE_QUIC_CONNECT_ERROR; goto out; } result = cf_osslq_stream_open(&h3->s_qpack_enc, conn, - SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI, + SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI, &ctx->stream_bufcp, NULL); if(result) { result = CURLE_QUIC_CONNECT_ERROR; goto out; } result = cf_osslq_stream_open(&h3->s_qpack_dec, conn, - SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI, + SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI, &ctx->stream_bufcp, NULL); if(result) { result = CURLE_QUIC_CONNECT_ERROR; @@ -1221,7 +1219,8 @@ static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf, SSL_INCOMING_STREAM_POLICY_ACCEPT, 0); /* from our side, there is no idle timeout */ SSL_set_value_uint(ctx->tls.ossl.ssl, - SSL_VALUE_CLASS_FEATURE_REQUEST, SSL_VALUE_QUIC_IDLE_TIMEOUT, 0); + SSL_VALUE_CLASS_FEATURE_REQUEST, + SSL_VALUE_QUIC_IDLE_TIMEOUT, 0); /* setup the H3 things on top of the QUIC connection */ result = cf_osslq_h3conn_init(ctx, ctx->tls.ossl.ssl, cf); @@ -1532,7 +1531,7 @@ static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf, fill_ctx.multi = data->multi; fill_ctx.n = 0; Curl_uint32_hash_visit(&ctx->streams, cf_osslq_collect_block_send, - &fill_ctx); + &fill_ctx); poll_count = fill_ctx.n; if(poll_count) { CURL_TRC_CF(data, cf, "polling %zu blocked streams", poll_count); @@ -1541,7 +1540,7 @@ static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf, res = CURLE_UNRECOVERABLE_POLL; if(!SSL_poll(ctx->poll_items, poll_count, sizeof(SSL_POLL_ITEM), &timeout, 0, &result_count)) - goto out; + goto out; res = CURLE_OK; @@ -1617,7 +1616,7 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, uint64_t flags = (eos && ((i + 1) == n)) ? SSL_WRITE_FLAG_CONCLUDE : 0; written = vec[i].len; ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags, - &written); + &written); if(ok && flags & SSL_WRITE_FLAG_CONCLUDE) eos_written = TRUE; if(ok) { diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c index 5aca750c2c..45f606ec61 100644 --- a/lib/vquic/curl_quiche.c +++ b/lib/vquic/curl_quiche.c @@ -167,17 +167,17 @@ static CURLcode cf_flush_egress(struct Curl_cfilter *cf, * All about the H3 internals of a stream */ struct h3_stream_ctx { - uint64_t id; /* HTTP/3 protocol stream identifier */ - struct bufq recvbuf; /* h3 response */ + uint64_t id; /* HTTP/3 protocol stream identifier */ + struct bufq recvbuf; /* h3 response */ struct h1_req_parser h1; /* h1 request parsing */ - uint64_t error3; /* HTTP/3 stream error code */ - BIT(opened); /* TRUE after stream has been opened */ - BIT(closed); /* TRUE on stream close */ - BIT(reset); /* TRUE on stream reset */ - BIT(send_closed); /* stream is locally closed */ + uint64_t error3; /* HTTP/3 stream error code */ + BIT(opened); /* TRUE after stream has been opened */ + BIT(closed); /* TRUE on stream close */ + BIT(reset); /* TRUE on stream reset */ + BIT(send_closed); /* stream is locally closed */ BIT(resp_hds_complete); /* final response has been received */ - BIT(resp_got_header); /* TRUE when h3 stream has recvd some HEADER */ - BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ + BIT(resp_got_header); /* TRUE when h3 stream has recvd some HEADER */ + BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ }; static void h3_stream_ctx_free(struct h3_stream_ctx *stream) @@ -318,7 +318,7 @@ static void cf_quiche_expire_conn_closed(struct Curl_cfilter *cf, /* * write_resp_raw() copies response data in raw format to the `data`'s - * receive buffer. If not enough space is available, it appends to the + * receive buffer. If not enough space is available, it appends to the * `data`'s overflow buffer. */ static CURLcode write_resp_raw(struct Curl_cfilter *cf, @@ -813,7 +813,7 @@ out: timeout_ns = quiche_conn_timeout_as_nanos(ctx->qconn); if(timeout_ns % 1000000) timeout_ns += 1000000; - /* expire resolution is milliseconds */ + /* expire resolution is milliseconds */ Curl_expire(data, (timeout_ns / 1000000), EXPIRE_QUIC); return result; } @@ -977,9 +977,9 @@ static CURLcode h3_open_stream(struct Curl_cfilter *cf, DEBUGASSERT(stream); result = Curl_h1_req_parse_read(&stream->h1, buf, blen, NULL, - !data->state.http_ignorecustom ? - data->set.str[STRING_CUSTOMREQUEST] : NULL, - 0, pnwritten); + !data->state.http_ignorecustom ? + data->set.str[STRING_CUSTOMREQUEST] : NULL, + 0, pnwritten); if(result) goto out; if(!stream->h1.done) { @@ -1313,8 +1313,7 @@ static CURLcode cf_quiche_ctx_open(struct Curl_cfilter *cf, int qfd; (void)Curl_qlogdir(data, ctx->scid, sizeof(ctx->scid), &qfd); if(qfd != -1) - quiche_conn_set_qlog_fd(ctx->qconn, qfd, - "qlog title", "curl qlog"); + quiche_conn_set_qlog_fd(ctx->qconn, qfd, "qlog title", "curl qlog"); } #endif diff --git a/lib/vquic/vquic-tls.c b/lib/vquic/vquic-tls.c index 7a3c99b584..99b19b3691 100644 --- a/lib/vquic/vquic-tls.c +++ b/lib/vquic/vquic-tls.c @@ -143,7 +143,9 @@ CURLcode Curl_vquic_tls_before_recv(struct curl_tls_ctx *ctx, return result; } #else - (void)ctx; (void)cf; (void)data; + (void)ctx; + (void)cf; + (void)data; #endif return CURLE_OK; } @@ -172,7 +174,7 @@ CURLcode Curl_vquic_tls_verify_peer(struct curl_tls_ctx *ctx, #elif defined(USE_WOLFSSL) (void)data; if(conn_config->verifyhost) { - WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(ctx->wssl.ssl); + WOLFSSL_X509 *cert = wolfSSL_get_peer_certificate(ctx->wssl.ssl); if(!cert) result = CURLE_OUT_OF_MEMORY; else if(peer->sni && @@ -194,7 +196,6 @@ CURLcode Curl_vquic_tls_verify_peer(struct curl_tls_ctx *ctx, return result; } - bool Curl_vquic_tls_get_ssl_info(struct curl_tls_ctx *ctx, bool give_ssl_ctx, struct curl_tlssessioninfo *info) diff --git a/lib/vquic/vquic-tls.h b/lib/vquic/vquic-tls.h index c694e23e4e..7bddb42c99 100644 --- a/lib/vquic/vquic-tls.h +++ b/lib/vquic/vquic-tls.h @@ -69,14 +69,14 @@ typedef CURLcode Curl_vquic_session_reuse_cb(struct Curl_cfilter *cf, /** * Initialize the QUIC TLS instances based of the SSL configurations * for the connection filter, transfer and peer. - * @param ctx the TLS context to initialize - * @param cf the connection filter involved - * @param data the transfer involved - * @param peer the peer that will be connected to - * @param alpns the ALPN specifications to negotiate, may be NULL - * @param cb_setup optional callback for early TLS config - * @param cb_user_data user_data param for callback - * @param ssl_user_data optional pointer to set in TLS application context + * @param ctx the TLS context to initialize + * @param cf the connection filter involved + * @param data the transfer involved + * @param peer the peer that will be connected to + * @param alpns the ALPN specifications to negotiate, may be NULL + * @param cb_setup optional callback for early TLS config + * @param cb_user_data user_data param for callback + * @param ssl_user_data optional pointer to set in TLS application context * @param session_reuse_cb callback to handle session reuse, signal early data */ CURLcode Curl_vquic_tls_init(struct curl_tls_ctx *ctx, diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c index c1267cef9e..a4dea8a77c 100644 --- a/lib/vquic/vquic.c +++ b/lib/vquic/vquic.c @@ -266,7 +266,7 @@ static CURLcode vquic_send_packets(struct Curl_cfilter *cf, unsigned char c; *psent = 0; Curl_rand(data, &c, 1); - if(c >= ((100-qctx->wblock_percent)*256/100)) { + if(c >= ((100 - qctx->wblock_percent) * 256 / 100)) { CURL_TRC_CF(data, cf, "vquic_flush() simulate EWOULDBLOCK"); return CURLE_AGAIN; } @@ -334,8 +334,7 @@ CURLcode vquic_send_tail_split(struct Curl_cfilter *cf, struct Curl_easy *data, qctx->split_gsolen = gsolen; qctx->gsolen = tail_gsolen; CURL_TRC_CF(data, cf, "vquic_send_tail_split: [%zu gso=%zu][%zu gso=%zu]", - qctx->split_len, qctx->split_gsolen, - tail_len, qctx->gsolen); + qctx->split_len, qctx->split_gsolen, tail_len, qctx->gsolen); return vquic_flush(cf, data, qctx); } @@ -476,7 +475,7 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf, { struct iovec msg_iov; struct msghdr msg; - uint8_t buf[64*1024]; + uint8_t buf[64 * 1024]; struct sockaddr_storage remote_addr; size_t total_nread, pkts, calls; ssize_t rc; @@ -551,7 +550,7 @@ static CURLcode recvfrom_packets(struct Curl_cfilter *cf, size_t max_pkts, vquic_recv_pkts_cb *recv_cb, void *userp) { - uint8_t buf[64*1024]; + uint8_t buf[64 * 1024]; int bufsize = (int)sizeof(buf); struct sockaddr_storage remote_addr; socklen_t remote_addrlen = sizeof(remote_addr); diff --git a/lib/vquic/vquic_int.h b/lib/vquic/vquic_int.h index ef92ab21b7..b4f2fd8116 100644 --- a/lib/vquic/vquic_int.h +++ b/lib/vquic/vquic_int.h @@ -33,25 +33,25 @@ #define MAX_UDP_PAYLOAD_SIZE 1452 struct cf_quic_ctx { - curl_socket_t sockfd; /* connected UDP socket */ + curl_socket_t sockfd; /* connected UDP socket */ struct sockaddr_storage local_addr; /* address socket is bound to */ - socklen_t local_addrlen; /* length of local address */ - - struct bufq sendbuf; /* buffer for sending one or more packets */ - struct curltime first_byte_at; /* when first byte was recvd */ - struct curltime last_op; /* last (attempted) send/recv operation */ - struct curltime last_io; /* last successful socket IO */ - size_t gsolen; /* length of individual packets in send buf */ - size_t split_len; /* if != 0, buffer length after which GSO differs */ + socklen_t local_addrlen; /* length of local address */ + + struct bufq sendbuf; /* buffer for sending one or more packets */ + struct curltime first_byte_at; /* when first byte was recvd */ + struct curltime last_op; /* last (attempted) send/recv operation */ + struct curltime last_io; /* last successful socket IO */ + size_t gsolen; /* length of individual packets in send buf */ + size_t split_len; /* if != 0, buffer length after which GSO differs */ size_t split_gsolen; /* length of individual packets after split_len */ #ifdef DEBUGBUILD - int wblock_percent; /* percent of writes doing EAGAIN */ + int wblock_percent; /* percent of writes doing EAGAIN */ #endif BIT(got_first_byte); /* if first byte was received */ - BIT(no_gso); /* do not use gso on sending */ + BIT(no_gso); /* do not use gso on sending */ }; -#define H3_STREAM_CTX(ctx,data) \ +#define H3_STREAM_CTX(ctx, data) \ (data ? Curl_uint32_hash_get(&(ctx)->streams, (data)->mid) : NULL) CURLcode vquic_ctx_init(struct cf_quic_ctx *qctx); @@ -77,7 +77,6 @@ CURLcode vquic_send_tail_split(struct Curl_cfilter *cf, struct Curl_easy *data, CURLcode vquic_flush(struct Curl_cfilter *cf, struct Curl_easy *data, struct cf_quic_ctx *qctx); - typedef CURLcode vquic_recv_pkts_cb(const unsigned char *buf, size_t buflen, size_t gso_size, struct sockaddr_storage *remote_addr, diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c index db80bcbf8c..cd3a7d6622 100644 --- a/lib/vssh/libssh.c +++ b/lib/vssh/libssh.c @@ -74,12 +74,12 @@ /* A recent macro provided by libssh. Or make our own. */ #ifndef SSH_STRING_FREE_CHAR -#define SSH_STRING_FREE_CHAR(x) \ - do { \ - if(x) { \ - ssh_string_free_char(x); \ - x = NULL; \ - } \ +#define SSH_STRING_FREE_CHAR(x) \ + do { \ + if(x) { \ + ssh_string_free_char(x); \ + x = NULL; \ + } \ } while(0) #endif @@ -111,10 +111,9 @@ static CURLcode sftp_doing(struct Curl_easy *data, static CURLcode sftp_disconnect(struct Curl_easy *data, struct connectdata *conn, bool dead); -static -CURLcode sftp_perform(struct Curl_easy *data, - bool *connected, - bool *dophase_done); +static CURLcode sftp_perform(struct Curl_easy *data, + bool *connected, + bool *dophase_done); static CURLcode myssh_pollset(struct Curl_easy *data, struct easy_pollset *ps); @@ -189,22 +188,22 @@ const struct Curl_handler Curl_handler_sftp = { static CURLcode sftp_error_to_CURLE(int err) { switch(err) { - case SSH_FX_OK: - return CURLE_OK; + case SSH_FX_OK: + return CURLE_OK; - case SSH_FX_NO_SUCH_FILE: - case SSH_FX_NO_SUCH_PATH: - return CURLE_REMOTE_FILE_NOT_FOUND; + case SSH_FX_NO_SUCH_FILE: + case SSH_FX_NO_SUCH_PATH: + return CURLE_REMOTE_FILE_NOT_FOUND; - case SSH_FX_PERMISSION_DENIED: - case SSH_FX_WRITE_PROTECT: - return CURLE_REMOTE_ACCESS_DENIED; + case SSH_FX_PERMISSION_DENIED: + case SSH_FX_WRITE_PROTECT: + return CURLE_REMOTE_ACCESS_DENIED; - case SSH_FX_FILE_ALREADY_EXISTS: - return CURLE_REMOTE_FILE_EXISTS; + case SSH_FX_FILE_ALREADY_EXISTS: + return CURLE_REMOTE_FILE_EXISTS; - default: - break; + default: + break; } return CURLE_SSH; @@ -213,7 +212,7 @@ static CURLcode sftp_error_to_CURLE(int err) #if !defined(CURL_DISABLE_VERBOSE_STRINGS) static const char *myssh_statename(sshstate state) { - static const char *const names[] = { + static const char * const names[] = { "SSH_STOP", "SSH_INIT", "SSH_S_STARTUP", @@ -284,7 +283,7 @@ static const char *myssh_statename(sshstate state) #endif /* !CURL_DISABLE_VERBOSE_STRINGS */ -#define myssh_to(x,y,z) myssh_set_state(x,y,z) +#define myssh_to(x, y, z) myssh_set_state(x, y, z) /* * SSH State machine related code @@ -328,8 +327,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc) enum curl_khmatch keymatch; struct curl_khkey foundkey; struct curl_khkey *knownkeyp = NULL; - curl_sshkeycallback func = - data->set.ssh_keyfunc; + curl_sshkeycallback func = data->set.ssh_keyfunc; struct ssh_knownhosts_entry *knownhostsentry = NULL; struct curl_khkey knownkey; @@ -343,8 +341,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc) char md5buffer[33]; const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]; - rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, - &hash, &hlen); + rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hlen); if(rc != SSH_OK || hlen != 16) { failf(data, "Denied establishing ssh session: md5 fingerprint not available"); @@ -352,7 +349,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc) } for(i = 0; i < 16; i++) - curl_msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char)hash[i]); + curl_msnprintf(&md5buffer[i * 2], 3, "%02x", (unsigned char)hash[i]); infof(data, "SSH MD5 fingerprint: %s", md5buffer); @@ -461,7 +458,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc) Curl_set_in_callback(data, TRUE); rc = func(data, knownkeyp, /* from the knownhosts file */ - &foundkey, /* from the remote host */ + &foundkey, /* from the remote host */ keymatch, data->set.ssh_keyfunc_userp); Curl_set_in_callback(data, FALSE); @@ -519,8 +516,7 @@ static int myssh_to_SFTP_CLOSE(struct Curl_easy *data, struct ssh_conn *sshc) { myssh_to(data, sshc, SSH_SFTP_CLOSE); - sshc->actualcode = - sftp_error_to_CURLE(sftp_get_error(sshc->sftp_session)); + sshc->actualcode = sftp_error_to_CURLE(sftp_get_error(sshc->sftp_session)); return SSH_ERROR; } @@ -613,7 +609,6 @@ static int myssh_in_SFTP_READDIR(struct Curl_easy *data, sshc->actualcode = result; return SSH_NO_ERROR; } - } else { if(curlx_dyn_add(&sshc->readdir_buf, sshc->readdir_longentry)) { @@ -684,8 +679,7 @@ static int myssh_in_SFTP_READDIR_LINK(struct Curl_easy *data, Curl_safefree(sshc->readdir_linkPath); - if(curlx_dyn_addf(&sshc->readdir_buf, " -> %s", - sshc->readdir_filename)) { + if(curlx_dyn_addf(&sshc->readdir_buf, " -> %s", sshc->readdir_filename)) { /* Not using: * return myssh_to_SFTP_CLOSE(data, sshc); * @@ -808,56 +802,56 @@ static int myssh_auth_interactive(struct connectdata *conn, restart: switch(sshc->kbd_state) { - case 0: - rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL); - if(rc == SSH_AUTH_AGAIN) - return SSH_AGAIN; + case 0: + rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL); + if(rc == SSH_AUTH_AGAIN) + return SSH_AGAIN; - if(rc != SSH_AUTH_INFO) - return SSH_ERROR; + if(rc != SSH_AUTH_INFO) + return SSH_ERROR; - nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session); - if(nprompts != 1) - return SSH_ERROR; + nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session); + if(nprompts != 1) + return SSH_ERROR; - rc = ssh_userauth_kbdint_setanswer(sshc->ssh_session, 0, conn->passwd); - if(rc < 0) - return SSH_ERROR; + rc = ssh_userauth_kbdint_setanswer(sshc->ssh_session, 0, conn->passwd); + if(rc < 0) + return SSH_ERROR; - FALLTHROUGH(); - case 1: - sshc->kbd_state = 1; + FALLTHROUGH(); + case 1: + sshc->kbd_state = 1; - rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL); - if(rc == SSH_AUTH_AGAIN) - return SSH_AGAIN; - else if(rc == SSH_AUTH_SUCCESS) - rc = SSH_OK; - else if(rc == SSH_AUTH_INFO) { - nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session); - if(nprompts) - return SSH_ERROR; + rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL); + if(rc == SSH_AUTH_AGAIN) + return SSH_AGAIN; + else if(rc == SSH_AUTH_SUCCESS) + rc = SSH_OK; + else if(rc == SSH_AUTH_INFO) { + nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session); + if(nprompts) + return SSH_ERROR; - sshc->kbd_state = 2; - goto restart; - } - else - rc = SSH_ERROR; - break; - case 2: sshc->kbd_state = 2; + goto restart; + } + else + rc = SSH_ERROR; + break; + case 2: + sshc->kbd_state = 2; - rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL); - if(rc == SSH_AUTH_AGAIN) - return SSH_AGAIN; - else if(rc == SSH_AUTH_SUCCESS) - rc = SSH_OK; - else - rc = SSH_ERROR; + rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL); + if(rc == SSH_AUTH_AGAIN) + return SSH_AGAIN; + else if(rc == SSH_AUTH_SUCCESS) + rc = SSH_OK; + else + rc = SSH_ERROR; - break; - default: - return SSH_ERROR; + break; + default: + return SSH_ERROR; } sshc->kbd_state = 0; @@ -967,8 +961,7 @@ static int myssh_in_AUTH_PKEY_INIT(struct Curl_easy *data, * (2) use the "default" keys. */ if(data->set.str[STRING_SSH_PRIVATE_KEY]) { if(sshc->pubkey && !data->set.ssl.key_passwd) { - rc = ssh_userauth_try_publickey(sshc->ssh_session, NULL, - sshc->pubkey); + rc = ssh_userauth_try_publickey(sshc->ssh_session, NULL, sshc->pubkey); if(rc == SSH_AUTH_AGAIN) return SSH_AGAIN; @@ -993,7 +986,7 @@ static int myssh_in_AUTH_PKEY_INIT(struct Curl_easy *data, } else { rc = ssh_userauth_publickey_auto(sshc->ssh_session, NULL, - data->set.ssl.key_passwd); + data->set.ssl.key_passwd); if(rc == SSH_AUTH_AGAIN) return SSH_AGAIN; @@ -1166,7 +1159,7 @@ static int myssh_in_UPLOAD_INIT(struct Curl_easy *data, } else /* Clear file before writing (normal behavior) */ - flags = O_WRONLY|O_CREAT|O_TRUNC; + flags = O_WRONLY | O_CREAT | O_TRUNC; if(sshc->sftp_file) sftp_close(sshc->sftp_file); @@ -1214,7 +1207,7 @@ static int myssh_in_UPLOAD_INIT(struct Curl_easy *data, } /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ do { - char scratch[4*1024]; + char scratch[4 * 1024]; size_t readthisamountnow = (data->state.resume_from - passed > (curl_off_t)sizeof(scratch)) ? @@ -1363,8 +1356,7 @@ static int myssh_in_SFTP_DOWNLOAD_STAT(struct Curl_easy *data, /* Now store the number of bytes we are expected to download */ data->req.size = size - data->state.resume_from; data->req.maxdownload = size - data->state.resume_from; - Curl_pgrsSetDownloadSize(data, - size - data->state.resume_from); + Curl_pgrsSetDownloadSize(data, size - data->state.resume_from); rc = sftp_seek64(sshc->sftp_file, data->state.resume_from); if(rc) @@ -1877,8 +1869,7 @@ static void conn_forget_socket(struct Curl_easy *data, int sockindex) if(conn && CONN_SOCK_IDX_VALID(sockindex)) { struct Curl_cfilter *cf = conn->cfilter[sockindex]; if(cf) - (void)Curl_conn_cf_cntrl(cf, data, TRUE, - CF_CTRL_FORGET_SOCKET, 0, NULL); + (void)Curl_conn_cf_cntrl(cf, data, TRUE, CF_CTRL_FORGET_SOCKET, 0, NULL); fake_sclose(conn->sock[sockindex]); conn->sock[sockindex] = CURL_SOCKET_BAD; } @@ -2067,8 +2058,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, break; if(rc && !sshc->acceptfail) { Curl_safefree(sshc->quote_path1); - failf(data, "rm command failed: %s", - ssh_get_error(sshc->ssh_session)); + failf(data, "rm command failed: %s", ssh_get_error(sshc->ssh_session)); myssh_to(data, sshc, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; sshc->actualcode = CURLE_QUOTE_ERROR; @@ -2110,7 +2100,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, if(data->state.upload) myssh_to(data, sshc, SSH_SFTP_UPLOAD_INIT); else if(sshp) { - if(sshp->path[strlen(sshp->path)-1] == '/') + if(sshp->path[strlen(sshp->path) - 1] == '/') myssh_to(data, sshc, SSH_SFTP_READDIR_INIT); else myssh_to(data, sshc, SSH_SFTP_DOWNLOAD_INIT); @@ -2301,26 +2291,26 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, FALLTHROUGH(); case SSH_SCP_DOWNLOAD: { - curl_off_t bytecount; + curl_off_t bytecount; - rc = ssh_scp_pull_request(sshc->scp_session); - if(rc != SSH_SCP_REQUEST_NEWFILE) { - err_msg = ssh_get_error(sshc->ssh_session); - failf(data, "%s", err_msg); - rc = myssh_to_ERROR(data, sshc, CURLE_REMOTE_FILE_NOT_FOUND); - break; - } + rc = ssh_scp_pull_request(sshc->scp_session); + if(rc != SSH_SCP_REQUEST_NEWFILE) { + err_msg = ssh_get_error(sshc->ssh_session); + failf(data, "%s", err_msg); + rc = myssh_to_ERROR(data, sshc, CURLE_REMOTE_FILE_NOT_FOUND); + break; + } - /* download data */ - bytecount = ssh_scp_request_get_size(sshc->scp_session); - data->req.maxdownload = (curl_off_t) bytecount; - Curl_xfer_setup_recv(data, FIRSTSOCKET, bytecount); + /* download data */ + bytecount = ssh_scp_request_get_size(sshc->scp_session); + data->req.maxdownload = (curl_off_t)bytecount; + Curl_xfer_setup_recv(data, FIRSTSOCKET, bytecount); - /* not set by Curl_xfer_setup to preserve keepon bits */ - conn->send_idx = 0; + /* not set by Curl_xfer_setup to preserve keepon bits */ + conn->send_idx = 0; - myssh_to(data, sshc, SSH_STOP); - break; + myssh_to(data, sshc, SSH_STOP); + break; } case SSH_SCP_DONE: if(data->state.upload) @@ -2406,7 +2396,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, sshc->nextstate = SSH_NO_STATE; myssh_to(data, sshc, SSH_STOP); break; - } /* break the loop only on STOP or SSH_AGAIN. If `rc` is some * other error code, we will have progressed the state accordingly. */ @@ -2424,7 +2413,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, return result; } - /* called by the multi interface to figure out what socket(s) to wait for and for what actions in the DO_DONE, PERFORM and WAITPERFORM states */ static CURLcode myssh_pollset(struct Curl_easy *data, @@ -2525,7 +2513,6 @@ static CURLcode myssh_block_statemach(struct Curl_easy *data, (void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, CURL_SOCKET_BAD, left_ms > 1000 ? 1000 : left_ms); } - } return result; @@ -2717,9 +2704,8 @@ static CURLcode scp_doing(struct Curl_easy *data, bool *dophase_done) * the options previously setup. */ -static -CURLcode scp_perform(struct Curl_easy *data, - bool *connected, bool *dophase_done) +static CURLcode scp_perform(struct Curl_easy *data, + bool *connected, bool *dophase_done) { CURLcode result = CURLE_OK; struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN); @@ -2871,7 +2857,6 @@ static CURLcode myssh_done(struct Curl_easy *data, return result; } - static CURLcode scp_done(struct Curl_easy *data, CURLcode status, bool premature) { @@ -2963,10 +2948,9 @@ static CURLcode scp_recv(struct Curl_easy *data, int sockindex, * the options previously setup. */ -static -CURLcode sftp_perform(struct Curl_easy *data, - bool *connected, - bool *dophase_done) +static CURLcode sftp_perform(struct Curl_easy *data, + bool *connected, + bool *dophase_done) { struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN); CURLcode result = CURLE_OK; @@ -3064,34 +3048,34 @@ static CURLcode sftp_send(struct Curl_easy *data, int sockindex, #if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0) switch(sshc->sftp_send_state) { - case 0: - sftp_file_set_nonblocking(sshc->sftp_file); - if(sftp_aio_begin_write(sshc->sftp_file, mem, len, - &sshc->sftp_send_aio) == SSH_ERROR) { - return CURLE_SEND_ERROR; - } - sshc->sftp_send_state = 1; - FALLTHROUGH(); - case 1: - nwrite = sftp_aio_wait_write(&sshc->sftp_send_aio); - myssh_block2waitfor(conn, sshc, (nwrite == SSH_AGAIN) ? TRUE : FALSE); - if(nwrite == SSH_AGAIN) - return CURLE_AGAIN; - else if(nwrite < 0) - return CURLE_SEND_ERROR; - - /* - * sftp_aio_wait_write() would free sftp_send_aio and - * assign it NULL in all cases except when it returns - * SSH_AGAIN. - */ - - sshc->sftp_send_state = 0; - *pnwritten = (size_t)nwrite; - return CURLE_OK; - default: - /* we never reach here */ + case 0: + sftp_file_set_nonblocking(sshc->sftp_file); + if(sftp_aio_begin_write(sshc->sftp_file, mem, len, + &sshc->sftp_send_aio) == SSH_ERROR) { return CURLE_SEND_ERROR; + } + sshc->sftp_send_state = 1; + FALLTHROUGH(); + case 1: + nwrite = sftp_aio_wait_write(&sshc->sftp_send_aio); + myssh_block2waitfor(conn, sshc, (nwrite == SSH_AGAIN) ? TRUE : FALSE); + if(nwrite == SSH_AGAIN) + return CURLE_AGAIN; + else if(nwrite < 0) + return CURLE_SEND_ERROR; + + /* + * sftp_aio_wait_write() would free sftp_send_aio and + * assign it NULL in all cases except when it returns + * SSH_AGAIN. + */ + + sshc->sftp_send_state = 0; + *pnwritten = (size_t)nwrite; + return CURLE_OK; + default: + /* we never reach here */ + return CURLE_SEND_ERROR; } #else /* @@ -3143,54 +3127,53 @@ static CURLcode sftp_recv(struct Curl_easy *data, int sockindex, return CURLE_FAILED_INIT; switch(sshc->sftp_recv_state) { - case 0: + case 0: #if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0) - if(sftp_aio_begin_read(sshc->sftp_file, len, - &sshc->sftp_recv_aio) == SSH_ERROR) { - return CURLE_RECV_ERROR; - } + if(sftp_aio_begin_read(sshc->sftp_file, len, + &sshc->sftp_recv_aio) == SSH_ERROR) { + return CURLE_RECV_ERROR; + } #else - sshc->sftp_file_index = - sftp_async_read_begin(sshc->sftp_file, (uint32_t)len); - if(sshc->sftp_file_index < 0) - return CURLE_RECV_ERROR; + sshc->sftp_file_index = + sftp_async_read_begin(sshc->sftp_file, (uint32_t)len); + if(sshc->sftp_file_index < 0) + return CURLE_RECV_ERROR; #endif - FALLTHROUGH(); - case 1: - sshc->sftp_recv_state = 1; + FALLTHROUGH(); + case 1: + sshc->sftp_recv_state = 1; #if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0) - nread = sftp_aio_wait_read(&sshc->sftp_recv_aio, mem, len); + nread = sftp_aio_wait_read(&sshc->sftp_recv_aio, mem, len); #else - nread = sftp_async_read(sshc->sftp_file, mem, (uint32_t)len, - (uint32_t)sshc->sftp_file_index); + nread = sftp_async_read(sshc->sftp_file, mem, (uint32_t)len, + (uint32_t)sshc->sftp_file_index); #endif - myssh_block2waitfor(conn, sshc, (nread == SSH_AGAIN)); + myssh_block2waitfor(conn, sshc, (nread == SSH_AGAIN)); - if(nread == SSH_AGAIN) - return CURLE_AGAIN; - else if(nread < 0) - return CURLE_RECV_ERROR; + if(nread == SSH_AGAIN) + return CURLE_AGAIN; + else if(nread < 0) + return CURLE_RECV_ERROR; - /* - * sftp_aio_wait_read() would free sftp_recv_aio and - * assign it NULL in all cases except when it returns - * SSH_AGAIN. - */ + /* + * sftp_aio_wait_read() would free sftp_recv_aio and + * assign it NULL in all cases except when it returns + * SSH_AGAIN. + */ - sshc->sftp_recv_state = 0; - *pnread = (size_t)nread; - return CURLE_OK; + sshc->sftp_recv_state = 0; + *pnread = (size_t)nread; + return CURLE_OK; - default: - /* we never reach here */ - return CURLE_RECV_ERROR; + default: + /* we never reach here */ + return CURLE_RECV_ERROR; } } - CURLcode Curl_ssh_init(void) { if(ssh_init()) { @@ -3210,4 +3193,4 @@ void Curl_ssh_version(char *buffer, size_t buflen) (void)curl_msnprintf(buffer, buflen, "libssh/%s", ssh_version(0)); } -#endif /* USE_LIBSSH */ +#endif /* USE_LIBSSH */ diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c index ce593d5487..8701775d7d 100644 --- a/lib/vssh/libssh2.c +++ b/lib/vssh/libssh2.c @@ -154,12 +154,12 @@ const struct Curl_handler Curl_handler_sftp = { PROTOPT_NOURLQUERY | PROTOPT_CONN_REUSE }; -static void -kbd_callback(const char *name, int name_len, const char *instruction, - int instruction_len, int num_prompts, - const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts, - LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses, - void **abstract) +static void kbd_callback(const char *name, int name_len, + const char *instruction, int instruction_len, + int num_prompts, + const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts, + LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses, + void **abstract) { struct Curl_easy *data = (struct Curl_easy *)*abstract; @@ -187,30 +187,30 @@ kbd_callback(const char *name, int name_len, const char *instruction, static CURLcode sftp_libssh2_error_to_CURLE(unsigned long err) { switch(err) { - case LIBSSH2_FX_OK: - return CURLE_OK; + case LIBSSH2_FX_OK: + return CURLE_OK; - case LIBSSH2_FX_NO_SUCH_FILE: - case LIBSSH2_FX_NO_SUCH_PATH: - return CURLE_REMOTE_FILE_NOT_FOUND; + case LIBSSH2_FX_NO_SUCH_FILE: + case LIBSSH2_FX_NO_SUCH_PATH: + return CURLE_REMOTE_FILE_NOT_FOUND; - case LIBSSH2_FX_PERMISSION_DENIED: - case LIBSSH2_FX_WRITE_PROTECT: - case LIBSSH2_FX_LOCK_CONFlICT: - return CURLE_REMOTE_ACCESS_DENIED; + case LIBSSH2_FX_PERMISSION_DENIED: + case LIBSSH2_FX_WRITE_PROTECT: + case LIBSSH2_FX_LOCK_CONFlICT: + return CURLE_REMOTE_ACCESS_DENIED; - case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM: - case LIBSSH2_FX_QUOTA_EXCEEDED: - return CURLE_REMOTE_DISK_FULL; + case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM: + case LIBSSH2_FX_QUOTA_EXCEEDED: + return CURLE_REMOTE_DISK_FULL; - case LIBSSH2_FX_FILE_ALREADY_EXISTS: - return CURLE_REMOTE_FILE_EXISTS; + case LIBSSH2_FX_FILE_ALREADY_EXISTS: + return CURLE_REMOTE_FILE_EXISTS; - case LIBSSH2_FX_DIR_NOT_EMPTY: - return CURLE_QUOTE_ERROR; + case LIBSSH2_FX_DIR_NOT_EMPTY: + return CURLE_QUOTE_ERROR; - default: - break; + default: + break; } return CURLE_SSH; @@ -219,39 +219,39 @@ static CURLcode sftp_libssh2_error_to_CURLE(unsigned long err) static CURLcode libssh2_session_error_to_CURLE(int err) { switch(err) { - /* Ordered by order of appearance in libssh2.h */ - case LIBSSH2_ERROR_NONE: - return CURLE_OK; + /* Ordered by order of appearance in libssh2.h */ + case LIBSSH2_ERROR_NONE: + return CURLE_OK; - /* This is the error returned by libssh2_scp_recv2 - * on unknown file */ - case LIBSSH2_ERROR_SCP_PROTOCOL: - return CURLE_REMOTE_FILE_NOT_FOUND; + /* This is the error returned by libssh2_scp_recv2 + * on unknown file */ + case LIBSSH2_ERROR_SCP_PROTOCOL: + return CURLE_REMOTE_FILE_NOT_FOUND; - case LIBSSH2_ERROR_SOCKET_NONE: - return CURLE_COULDNT_CONNECT; + case LIBSSH2_ERROR_SOCKET_NONE: + return CURLE_COULDNT_CONNECT; - case LIBSSH2_ERROR_ALLOC: - return CURLE_OUT_OF_MEMORY; + case LIBSSH2_ERROR_ALLOC: + return CURLE_OUT_OF_MEMORY; - case LIBSSH2_ERROR_SOCKET_SEND: - return CURLE_SEND_ERROR; + case LIBSSH2_ERROR_SOCKET_SEND: + return CURLE_SEND_ERROR; - case LIBSSH2_ERROR_HOSTKEY_INIT: - case LIBSSH2_ERROR_HOSTKEY_SIGN: - case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED: - case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED: - return CURLE_PEER_FAILED_VERIFICATION; + case LIBSSH2_ERROR_HOSTKEY_INIT: + case LIBSSH2_ERROR_HOSTKEY_SIGN: + case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED: + case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED: + return CURLE_PEER_FAILED_VERIFICATION; - case LIBSSH2_ERROR_PASSWORD_EXPIRED: - return CURLE_LOGIN_DENIED; + case LIBSSH2_ERROR_PASSWORD_EXPIRED: + return CURLE_LOGIN_DENIED; - case LIBSSH2_ERROR_SOCKET_TIMEOUT: - case LIBSSH2_ERROR_TIMEOUT: - return CURLE_OPERATION_TIMEDOUT; + case LIBSSH2_ERROR_SOCKET_TIMEOUT: + case LIBSSH2_ERROR_TIMEOUT: + return CURLE_OPERATION_TIMEDOUT; - case LIBSSH2_ERROR_EAGAIN: - return CURLE_AGAIN; + case LIBSSH2_ERROR_EAGAIN: + return CURLE_AGAIN; } return CURLE_SSH; @@ -283,7 +283,7 @@ static LIBSSH2_FREE_FUNC(my_libssh2_free) #if !defined(CURL_DISABLE_VERBOSE_STRINGS) static const char *myssh_statename(sshstate state) { - static const char *const names[] = { + static const char * const names[] = { "SSH_STOP", "SSH_INIT", "SSH_S_STARTUP", @@ -354,7 +354,7 @@ static const char *myssh_statename(sshstate state) #endif /* !CURL_DISABLE_VERBOSE_STRINGS */ -#define myssh_state(x,y,z) myssh_set_state(x,y,z) +#define myssh_state(x, y, z) myssh_set_state(x, y, z) /* * SSH State machine related code @@ -663,7 +663,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data, /* The fingerprint points to static storage (!), do not free() it. */ int i; for(i = 0; i < 16; i++) { - curl_msnprintf(&md5buffer[i*2], 3, "%02x", + curl_msnprintf(&md5buffer[i * 2], 3, "%02x", (unsigned char)fingerprint[i]); } @@ -703,7 +703,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data, rc = data->set.ssh_hostkeyfunc(data->set.ssh_hostkeyfunc_userp, (int)keytype, remotekey, keylen); Curl_set_in_callback(data, FALSE); - if(rc!= CURLKHMATCH_OK) { + if(rc != CURLKHMATCH_OK) { myssh_state(data, sshc, SSH_SESSION_FREE); return CURLE_PEER_FAILED_VERIFICATION; } @@ -1009,11 +1009,10 @@ static CURLcode sftp_quote(struct Curl_easy *data, return CURLE_QUOTE_ERROR; } -static CURLcode -sftp_upload_init(struct Curl_easy *data, - struct ssh_conn *sshc, - struct SSHPROTO *sshp, - bool *blockp) +static CURLcode sftp_upload_init(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp, + bool *blockp) { unsigned long flags; @@ -1140,7 +1139,7 @@ sftp_upload_init(struct Curl_easy *data, } /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ do { - char scratch[4*1024]; + char scratch[4 * 1024]; size_t readthisamountnow = (data->state.resume_from - passed > (curl_off_t)sizeof(scratch)) ? @@ -1283,11 +1282,10 @@ static CURLcode ssh_state_pkey_init(struct Curl_easy *data, return 0; } -static CURLcode -sftp_quote_stat(struct Curl_easy *data, - struct ssh_conn *sshc, - struct SSHPROTO *sshp, - bool *blockp) +static CURLcode sftp_quote_stat(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp, + bool *blockp) { char *cmd = sshc->quote_item->data; sshc->acceptfail = FALSE; @@ -1395,11 +1393,10 @@ fail: return CURLE_QUOTE_ERROR; } -static CURLcode -sftp_download_stat(struct Curl_easy *data, - struct ssh_conn *sshc, - struct SSHPROTO *sshp, - bool *blockp) +static CURLcode sftp_download_stat(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp, + bool *blockp) { LIBSSH2_SFTP_ATTRIBUTES attrs; int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path, @@ -1468,8 +1465,7 @@ sftp_download_stat(struct Curl_easy *data, /* Now store the number of bytes we are expected to download */ data->req.size = attrs.filesize - data->state.resume_from; data->req.maxdownload = attrs.filesize - data->state.resume_from; - Curl_pgrsSetDownloadSize(data, - attrs.filesize - data->state.resume_from); + Curl_pgrsSetDownloadSize(data, attrs.filesize - data->state.resume_from); libssh2_sftp_seek64(sshc->sftp_handle, (libssh2_uint64_t)data->state.resume_from); } @@ -1507,7 +1503,7 @@ static CURLcode sftp_readdir(struct Curl_easy *data, return result; } if(rc > 0) { - size_t readdir_len = (size_t) rc; + size_t readdir_len = (size_t)rc; sshp->readdir_filename[readdir_len] = '\0'; if(data->set.list_only) { @@ -1639,8 +1635,7 @@ static CURLcode ssh_state_authlist(struct Curl_easy *data, myssh_state(data, sshc, SSH_SESSION_FREE); return libssh2_session_error_to_CURLE(rc); } - infof(data, "SSH authentication methods available: %s", - sshc->authlist); + infof(data, "SSH authentication methods available: %s", sshc->authlist); myssh_state(data, sshc, SSH_AUTH_PKEY_INIT); return CURLE_OK; @@ -1679,8 +1674,7 @@ static CURLcode ssh_state_auth_pkey(struct Curl_easy *data, err_msg = unknown; } else { - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); } infof(data, "SSH public key authentication failed: %s", err_msg); myssh_state(data, sshc, SSH_AUTH_PASS_INIT); @@ -1742,8 +1736,8 @@ static CURLcode ssh_state_auth_agent_init(struct Curl_easy *data, struct ssh_conn *sshc) { int rc = 0; - if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT) - && (strstr(sshc->authlist, "publickey") != NULL)) { + if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT) && + (strstr(sshc->authlist, "publickey") != NULL)) { /* Connect to the ssh-agent */ /* The agent could be shared by a curl thread i believe @@ -1838,8 +1832,8 @@ static CURLcode ssh_state_auth_agent(struct Curl_easy *data, static CURLcode ssh_state_auth_key_init(struct Curl_easy *data, struct ssh_conn *sshc) { - if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD) - && (strstr(sshc->authlist, "keyboard-interactive") != NULL)) { + if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD) && + (strstr(sshc->authlist, "keyboard-interactive") != NULL)) { myssh_state(data, sshc, SSH_AUTH_KEY); } else { @@ -1913,8 +1907,7 @@ static CURLcode ssh_state_sftp_init(struct Curl_easy *data, LIBSSH2_ERROR_EAGAIN) return CURLE_AGAIN; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); failf(data, "Failure initializing sftp session: %s", err_msg); myssh_state(data, sshc, SSH_SESSION_FREE); return CURLE_FAILED_INIT; @@ -2384,8 +2377,7 @@ static CURLcode ssh_state_scp_download_init(struct Curl_easy *data, LIBSSH2_ERROR_EAGAIN) return CURLE_AGAIN; - ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0)); + ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); failf(data, "%s", err_msg); myssh_state(data, sshc, SSH_SCP_CHANNEL_FREE); return libssh2_session_error_to_CURLE(ssh_err); @@ -2415,8 +2407,7 @@ static CURLcode ssh_state_sftp_close(struct Curl_easy *data, if(rc < 0) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg); } sshc->sftp_handle = NULL; @@ -2454,8 +2445,7 @@ static CURLcode ssh_state_sftp_shutdown(struct Curl_easy *data, if(rc < 0) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, - NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg); } sshc->sftp_handle = NULL; @@ -2527,8 +2517,7 @@ static CURLcode ssh_state_scp_upload_init(struct Curl_easy *data, LIBSSH2_ERROR_EAGAIN) return CURLE_AGAIN; - ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0)); + ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); failf(data, "%s", err_msg); myssh_state(data, sshc, SSH_SCP_CHANNEL_FREE); result = libssh2_session_error_to_CURLE(ssh_err); @@ -2567,10 +2556,8 @@ static CURLcode ssh_state_session_disconnect(struct Curl_easy *data, if(rc < 0) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); - infof(data, "Failed to free libssh2 scp subsystem: %d %s", - rc, err_msg); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); + infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg); } sshc->ssh_channel = NULL; } @@ -2582,10 +2569,8 @@ static CURLcode ssh_state_session_disconnect(struct Curl_easy *data, if(rc < 0) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); - infof(data, "Failed to disconnect libssh2 session: %d %s", - rc, err_msg); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); + infof(data, "Failed to disconnect libssh2 session: %d %s", rc, err_msg); } } @@ -2750,8 +2735,7 @@ static CURLcode ssh_statemachine(struct Curl_easy *data, } break; - case SSH_SFTP_FILETIME: - { + case SSH_SFTP_FILETIME: { LIBSSH2_SFTP_ATTRIBUTES attrs; int rc; @@ -2778,7 +2762,7 @@ static CURLcode ssh_statemachine(struct Curl_easy *data, if(data->state.upload) myssh_state(data, sshc, SSH_SFTP_UPLOAD_INIT); else if(sshp) { - if(sshp->path[strlen(sshp->path)-1] == '/') + if(sshp->path[strlen(sshp->path) - 1] == '/') myssh_state(data, sshc, SSH_SFTP_READDIR_INIT); else myssh_state(data, sshc, SSH_SFTP_DOWNLOAD_INIT); @@ -3097,8 +3081,8 @@ static void ssh_block2waitfor(struct Curl_easy *data, dir = libssh2_session_block_directions(sshc->ssh_session); if(dir) { /* translate the libssh2 define bits into our own bit defines */ - sshc->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND) ? KEEP_RECV : 0) | - ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND) ? KEEP_SEND : 0); + sshc->waitfor = ((dir & LIBSSH2_SESSION_BLOCK_INBOUND) ? KEEP_RECV : 0) | + ((dir & LIBSSH2_SESSION_BLOCK_OUTBOUND) ? KEEP_SEND : 0); } } if(!dir) @@ -3308,24 +3292,24 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done) { const char *crypto_str; switch(libssh2_crypto_engine()) { - case libssh2_gcrypt: - crypto_str = "libgcrypt"; - break; - case libssh2_mbedtls: - crypto_str = "mbedTLS"; - break; - case libssh2_openssl: - crypto_str = "openssl compatible"; - break; - case libssh2_os400qc3: - crypto_str = "OS400QC3"; - break; - case libssh2_wincng: - crypto_str = "WinCNG"; - break; - default: - crypto_str = NULL; - break; + case libssh2_gcrypt: + crypto_str = "libgcrypt"; + break; + case libssh2_mbedtls: + crypto_str = "mbedTLS"; + break; + case libssh2_openssl: + crypto_str = "openssl compatible"; + break; + case libssh2_os400qc3: + crypto_str = "OS400QC3"; + break; + case libssh2_wincng: + crypto_str = "WinCNG"; + break; + default: + crypto_str = NULL; + break; } if(crypto_str) infof(data, "libssh2 cryptography backend: %s", crypto_str); @@ -3476,10 +3460,9 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done) * the options previously setup. */ -static -CURLcode scp_perform(struct Curl_easy *data, - bool *connected, - bool *dophase_done) +static CURLcode scp_perform(struct Curl_easy *data, + bool *connected, + bool *dophase_done) { struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN); CURLcode result = CURLE_OK; @@ -3562,8 +3545,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data, rc = libssh2_agent_disconnect(sshc->ssh_agent); if((rc < 0) && data) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); infof(data, "Failed to disconnect from libssh2 agent: %d %s", rc, err_msg); } @@ -3583,8 +3565,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data, rc = libssh2_sftp_close(sshc->sftp_handle); if((rc < 0) && data) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, - NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg); } if(!block && (rc == LIBSSH2_ERROR_EAGAIN)) @@ -3597,10 +3578,8 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data, rc = libssh2_channel_free(sshc->ssh_channel); if((rc < 0) && data) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); - infof(data, "Failed to free libssh2 scp subsystem: %d %s", - rc, err_msg); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); + infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg); } if(!block && (rc == LIBSSH2_ERROR_EAGAIN)) return CURLE_AGAIN; @@ -3612,8 +3591,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data, rc = libssh2_sftp_shutdown(sshc->sftp_session); if((rc < 0) && data) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); infof(data, "Failed to stop libssh2 sftp subsystem: %d %s", rc, err_msg); } if(!block && (rc == LIBSSH2_ERROR_EAGAIN)) @@ -3626,8 +3604,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data, rc = libssh2_session_free(sshc->ssh_session); if((rc < 0) && data) { char *err_msg = NULL; - (void)libssh2_session_last_error(sshc->ssh_session, - &err_msg, NULL, 0); + (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); infof(data, "Failed to free libssh2 session: %d %s", rc, err_msg); } if(!block && (rc == LIBSSH2_ERROR_EAGAIN)) @@ -3653,7 +3630,6 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data, return CURLE_OK; } - /* BLOCKING, but the function is using the state machine so the only reason this is still blocking is that the multi interface code has no support for disconnecting operations that takes a while */ @@ -3701,7 +3677,6 @@ static CURLcode ssh_done(struct Curl_easy *data, CURLcode status) return result; } - static CURLcode scp_done(struct Curl_easy *data, CURLcode status, bool premature) { @@ -3731,8 +3706,8 @@ static CURLcode scp_send(struct Curl_easy *data, int sockindex, return CURLE_FAILED_INIT; /* libssh2_channel_write() returns int! */ - nwritten = (ssize_t) libssh2_channel_write(sshc->ssh_channel, - (const char *)mem, len); + nwritten = (ssize_t)libssh2_channel_write(sshc->ssh_channel, + (const char *)mem, len); ssh_block2waitfor(data, sshc, (nwritten == LIBSSH2_ERROR_EAGAIN)); @@ -3761,7 +3736,7 @@ static CURLcode scp_recv(struct Curl_easy *data, int sockindex, return CURLE_FAILED_INIT; /* libssh2_channel_read() returns int */ - nread = (ssize_t) libssh2_channel_read(sshc->ssh_channel, mem, len); + nread = (ssize_t)libssh2_channel_read(sshc->ssh_channel, mem, len); ssh_block2waitfor(data, sshc, (nread == LIBSSH2_ERROR_EAGAIN)); if(nread == LIBSSH2_ERROR_EAGAIN) @@ -3787,10 +3762,9 @@ static CURLcode scp_recv(struct Curl_easy *data, int sockindex, * the options previously setup. */ -static -CURLcode sftp_perform(struct Curl_easy *data, - bool *connected, - bool *dophase_done) +static CURLcode sftp_perform(struct Curl_easy *data, + bool *connected, + bool *dophase_done) { struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN); CURLcode result = CURLE_OK; @@ -3850,7 +3824,6 @@ static CURLcode sftp_disconnect(struct Curl_easy *data, sshc_cleanup(sshc, data, TRUE); } return result; - } static CURLcode sftp_done(struct Curl_easy *data, CURLcode status, @@ -3934,65 +3907,65 @@ static CURLcode sftp_recv(struct Curl_easy *data, int sockindex, static const char *sftp_libssh2_strerror(unsigned long err) { switch(err) { - case LIBSSH2_FX_NO_SUCH_FILE: - return "No such file or directory"; + case LIBSSH2_FX_NO_SUCH_FILE: + return "No such file or directory"; - case LIBSSH2_FX_PERMISSION_DENIED: - return "Permission denied"; + case LIBSSH2_FX_PERMISSION_DENIED: + return "Permission denied"; - case LIBSSH2_FX_FAILURE: - return "Operation failed"; + case LIBSSH2_FX_FAILURE: + return "Operation failed"; - case LIBSSH2_FX_BAD_MESSAGE: - return "Bad message from SFTP server"; + case LIBSSH2_FX_BAD_MESSAGE: + return "Bad message from SFTP server"; - case LIBSSH2_FX_NO_CONNECTION: - return "Not connected to SFTP server"; + case LIBSSH2_FX_NO_CONNECTION: + return "Not connected to SFTP server"; - case LIBSSH2_FX_CONNECTION_LOST: - return "Connection to SFTP server lost"; + case LIBSSH2_FX_CONNECTION_LOST: + return "Connection to SFTP server lost"; - case LIBSSH2_FX_OP_UNSUPPORTED: - return "Operation not supported by SFTP server"; + case LIBSSH2_FX_OP_UNSUPPORTED: + return "Operation not supported by SFTP server"; - case LIBSSH2_FX_INVALID_HANDLE: - return "Invalid handle"; + case LIBSSH2_FX_INVALID_HANDLE: + return "Invalid handle"; - case LIBSSH2_FX_NO_SUCH_PATH: - return "No such file or directory"; + case LIBSSH2_FX_NO_SUCH_PATH: + return "No such file or directory"; - case LIBSSH2_FX_FILE_ALREADY_EXISTS: - return "File already exists"; + case LIBSSH2_FX_FILE_ALREADY_EXISTS: + return "File already exists"; - case LIBSSH2_FX_WRITE_PROTECT: - return "File is write protected"; + case LIBSSH2_FX_WRITE_PROTECT: + return "File is write protected"; - case LIBSSH2_FX_NO_MEDIA: - return "No media"; + case LIBSSH2_FX_NO_MEDIA: + return "No media"; - case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM: - return "Disk full"; + case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM: + return "Disk full"; - case LIBSSH2_FX_QUOTA_EXCEEDED: - return "User quota exceeded"; + case LIBSSH2_FX_QUOTA_EXCEEDED: + return "User quota exceeded"; - case LIBSSH2_FX_UNKNOWN_PRINCIPLE: - return "Unknown principle"; + case LIBSSH2_FX_UNKNOWN_PRINCIPLE: + return "Unknown principle"; - case LIBSSH2_FX_LOCK_CONFlICT: - return "File lock conflict"; + case LIBSSH2_FX_LOCK_CONFlICT: + return "File lock conflict"; - case LIBSSH2_FX_DIR_NOT_EMPTY: - return "Directory not empty"; + case LIBSSH2_FX_DIR_NOT_EMPTY: + return "Directory not empty"; - case LIBSSH2_FX_NOT_A_DIRECTORY: - return "Not a directory"; + case LIBSSH2_FX_NOT_A_DIRECTORY: + return "Not a directory"; - case LIBSSH2_FX_INVALID_FILENAME: - return "Invalid filename"; + case LIBSSH2_FX_INVALID_FILENAME: + return "Invalid filename"; - case LIBSSH2_FX_LINK_LOOP: - return "Link points to itself"; + case LIBSSH2_FX_LINK_LOOP: + return "Link points to itself"; } return "Unknown error in libssh2"; } diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h index 92ae72a6a7..ad0875f191 100644 --- a/lib/vssh/ssh.h +++ b/lib/vssh/ssh.h @@ -217,7 +217,7 @@ struct ssh_conn { #ifdef USE_LIBSSH #if LIBSSH_VERSION_INT < SSH_VERSION_INT(0, 9, 0) -# error "SCP/SFTP protocols require libssh 0.9.0 or later" +#error "SCP/SFTP protocols require libssh 0.9.0 or later" #endif #endif @@ -227,7 +227,7 @@ struct ssh_conn { non-configure platforms */ #if !defined(LIBSSH2_VERSION_NUM) || (LIBSSH2_VERSION_NUM < 0x010208) -# error "SCP/SFTP protocols require libssh2 1.2.8 or later" +#error "SCP/SFTP protocols require libssh2 1.2.8 or later" /* 1.2.8 was released on April 5 2011 */ #endif @@ -247,7 +247,7 @@ void Curl_ssh_attach(struct Curl_easy *data, #else /* for non-SSH builds */ #define Curl_ssh_cleanup() -#define Curl_ssh_attach(x,y) +#define Curl_ssh_attach(x, y) #define Curl_ssh_init() 0 #endif diff --git a/lib/vssh/vssh.c b/lib/vssh/vssh.c index a23f9e8e98..bfc0a1eb3a 100644 --- a/lib/vssh/vssh.c +++ b/lib/vssh/vssh.c @@ -75,7 +75,7 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data, /* Copy a separating '/' if homedir does not end with one */ len = curlx_dyn_len(&npath); p = curlx_dyn_ptr(&npath); - if(len && (p[len-1] != '/')) + if(len && (p[len - 1] != '/')) copyfrom = 2; if(curlx_dyn_addn(&npath, &working_path[copyfrom], @@ -147,7 +147,6 @@ CURLcode Curl_get_pathname(const char **cpp, char **path, const char *homedir) if(!curlx_dyn_len(&out)) goto fail; - } else { struct Curl_str word; diff --git a/lib/vtls/apple.c b/lib/vtls/apple.c index 62bb9e3bd1..31108763a0 100644 --- a/lib/vtls/apple.c +++ b/lib/vtls/apple.c @@ -207,8 +207,7 @@ CURLcode Curl_vtls_apple_verify(struct Curl_cfilter *cf, #if defined(HAVE_BUILTIN_AVAILABLE) && defined(SUPPORTS_SecOCSP) if(ocsp_len > 0) { if(__builtin_available(macOS 10.9, iOS 7, tvOS 9, watchOS 2, *)) { - CFDataRef ocspdata = - CFDataCreate(NULL, ocsp_buf, (CFIndex)ocsp_len); + CFDataRef ocspdata = CFDataCreate(NULL, ocsp_buf, (CFIndex)ocsp_len); status = SecTrustSetOCSPResponse(trust, ocspdata); CFRelease(ocspdata); @@ -243,7 +242,7 @@ CURLcode Curl_vtls_apple_verify(struct Curl_cfilter *cf, err_desc = curlx_malloc(size + 1); if(err_desc) { if(!CFStringGetCString(error_ref, err_desc, size, - kCFStringEncodingUTF8)) { + kCFStringEncodingUTF8)) { curlx_free(err_desc); err_desc = NULL; } diff --git a/lib/vtls/cipher_suite.c b/lib/vtls/cipher_suite.c index 23fb3a3c5d..3726187d7f 100644 --- a/lib/vtls/cipher_suite.c +++ b/lib/vtls/cipher_suite.c @@ -547,8 +547,7 @@ static const struct cs_entry cs_list [] = { }; #define CS_LIST_LEN CURL_ARRAYSIZE(cs_list) -static int cs_str_to_zip(const char *cs_str, size_t cs_len, - uint8_t zip[6]) +static int cs_str_to_zip(const char *cs_str, size_t cs_len, uint8_t zip[6]) { uint8_t indexes[8] = {0}; const char *entry, *cur; @@ -568,7 +567,8 @@ static int cs_str_to_zip(const char *cs_str, size_t cs_len, /* determine the length of the part */ cur = nxt; - for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++); + for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++) + ; len = nxt - cur; /* lookup index for the part (skip empty string at 0) */ @@ -581,22 +581,21 @@ static int cs_str_to_zip(const char *cs_str, size_t cs_len, if(idx == CS_TXT_LEN) return -1; - indexes[i++] = (uint8_t) idx; + indexes[i++] = (uint8_t)idx; } while(nxt < end && *(nxt++) != '\0'); /* zip the 8 indexes into 48 bits */ - zip[0] = (uint8_t) (indexes[0] << 2 | (indexes[1] & 0x3F) >> 4); - zip[1] = (uint8_t) (indexes[1] << 4 | (indexes[2] & 0x3F) >> 2); - zip[2] = (uint8_t) (indexes[2] << 6 | (indexes[3] & 0x3F)); - zip[3] = (uint8_t) (indexes[4] << 2 | (indexes[5] & 0x3F) >> 4); - zip[4] = (uint8_t) (indexes[5] << 4 | (indexes[6] & 0x3F) >> 2); - zip[5] = (uint8_t) (indexes[6] << 6 | (indexes[7] & 0x3F)); + zip[0] = (uint8_t)(indexes[0] << 2 | (indexes[1] & 0x3F) >> 4); + zip[1] = (uint8_t)(indexes[1] << 4 | (indexes[2] & 0x3F) >> 2); + zip[2] = (uint8_t)(indexes[2] << 6 | (indexes[3] & 0x3F)); + zip[3] = (uint8_t)(indexes[4] << 2 | (indexes[5] & 0x3F) >> 4); + zip[4] = (uint8_t)(indexes[5] << 4 | (indexes[6] & 0x3F) >> 2); + zip[5] = (uint8_t)(indexes[6] << 6 | (indexes[7] & 0x3F)); return 0; } -static int cs_zip_to_str(const uint8_t zip[6], - char *buf, size_t buf_size) +static int cs_zip_to_str(const uint8_t zip[6], char *buf, size_t buf_size) { uint8_t indexes[8] = {0}; const char *entry; @@ -659,13 +658,12 @@ uint16_t Curl_cipher_suite_lookup_id(const char *cs_str, size_t cs_len) static bool cs_is_separator(char c) { switch(c) { - case ' ': - case '\t': - case ':': - case ',': - case ';': - return TRUE; - default:; + case ' ': + case '\t': + case ':': + case ',': + case ';': + return TRUE; } return FALSE; } @@ -673,10 +671,12 @@ static bool cs_is_separator(char c) uint16_t Curl_cipher_suite_walk_str(const char **str, const char **end) { /* move string pointer to first non-separator or end of string */ - for(; cs_is_separator(*str[0]); (*str)++); + for(; cs_is_separator(*str[0]); (*str)++) + ; /* move end pointer to next separator or end of string */ - for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++); + for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++) + ; return Curl_cipher_suite_lookup_id(*str, *end - *str); } diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index c05ab8427b..e0ba48422b 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -66,7 +66,7 @@ #ifdef GTLSDEBUG static void tls_log_func(int level, const char *str) { - curl_mfprintf(stderr, "|<%d>| %s", level, str); + curl_mfprintf(stderr, "|<%d>| %s", level, str); } #endif @@ -131,8 +131,7 @@ static ssize_t gtls_pull(void *s, void *buf, size_t blen) } result = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread); - CURL_TRC_CF(data, cf, "glts_pull(len=%zu) -> %d, %zd", - blen, result, nread); + CURL_TRC_CF(data, cf, "glts_pull(len=%zu) -> %d, %zd", blen, result, nread); backend->gtls.io_result = result; if(result) { /* !checksrc! disable ERRNOVAR 1 */ @@ -173,9 +172,7 @@ static void gtls_cleanup(void) } #ifndef CURL_DISABLE_VERBOSE_STRINGS -static void showtime(struct Curl_easy *data, - const char *text, - time_t stamp) +static void showtime(struct Curl_easy *data, const char *text, time_t stamp) { struct tm buffer; const struct tm *tm = &buffer; @@ -209,10 +206,10 @@ static gnutls_datum_t load_file(const char *file) f = curlx_fopen(file, "rb"); if(!f) return loaded_file; - if(fseek(f, 0, SEEK_END) != 0 - || (filelen = ftell(f)) < 0 - || fseek(f, 0, SEEK_SET) != 0 - || !(ptr = curlx_malloc((size_t)filelen))) + if(fseek(f, 0, SEEK_END) != 0 || + (filelen = ftell(f)) < 0 || + fseek(f, 0, SEEK_SET) != 0 || + !(ptr = curlx_malloc((size_t)filelen))) goto out; if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) { curlx_free(ptr); @@ -231,7 +228,6 @@ static void unload_file(gnutls_datum_t data) curlx_free(data.data); } - /* this function does an SSL/TLS (re-)handshake */ static CURLcode cf_gtls_handshake(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -584,20 +580,20 @@ static bool gtls_shared_creds_different(struct Curl_cfilter *cf, return strcmp(sc->CAfile, conn_config->CAfile); } -static struct gtls_shared_creds* -gtls_get_cached_creds(struct Curl_cfilter *cf, struct Curl_easy *data) +static struct gtls_shared_creds *gtls_get_cached_creds(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct gtls_shared_creds *shared_creds; if(data->multi) { shared_creds = Curl_hash_pick(&data->multi->proto_hash, CURL_UNCONST(MPROTO_GTLS_X509_KEY), - sizeof(MPROTO_GTLS_X509_KEY)-1); - if(shared_creds && shared_creds->creds && - !gtls_shared_creds_expired(data, shared_creds) && - !gtls_shared_creds_different(cf, shared_creds)) { - return shared_creds; - } + sizeof(MPROTO_GTLS_X509_KEY) - 1); + if(shared_creds && shared_creds->creds && + !gtls_shared_creds_expired(data, shared_creds) && + !gtls_shared_creds_different(cf, shared_creds)) { + return shared_creds; + } } return NULL; } @@ -605,7 +601,7 @@ gtls_get_cached_creds(struct Curl_cfilter *cf, struct Curl_easy *data) static void gtls_shared_creds_hash_free(void *key, size_t key_len, void *p) { struct gtls_shared_creds *sc = p; - DEBUGASSERT(key_len == (sizeof(MPROTO_GTLS_X509_KEY)-1)); + DEBUGASSERT(key_len == (sizeof(MPROTO_GTLS_X509_KEY) - 1)); DEBUGASSERT(!memcmp(MPROTO_GTLS_X509_KEY, key, key_len)); (void)key; (void)key_len; @@ -635,9 +631,9 @@ static void gtls_set_cached_creds(struct Curl_cfilter *cf, return; if(!Curl_hash_add2(&data->multi->proto_hash, - CURL_UNCONST(MPROTO_GTLS_X509_KEY), - sizeof(MPROTO_GTLS_X509_KEY)-1, - sc, gtls_shared_creds_hash_free)) { + CURL_UNCONST(MPROTO_GTLS_X509_KEY), + sizeof(MPROTO_GTLS_X509_KEY) - 1, + sc, gtls_shared_creds_hash_free)) { Curl_gtls_shared_creds_free(&sc); /* down reference again */ return; } @@ -839,7 +835,7 @@ static CURLcode gtls_set_priority(struct Curl_cfilter *cf, if((conn_config->cipher_list[0] == '+') || (conn_config->cipher_list[0] == '-') || (conn_config->cipher_list[0] == '!')) { - /* add it to out own */ + /* add it to out own */ if(!curlx_dyn_len(&buf)) { /* not added yet */ result = curlx_dyn_add(&buf, priority); if(result) @@ -1106,8 +1102,8 @@ static CURLcode gtls_on_session_reuse(struct Curl_cfilter *cf, connssl->earlydata_state = ssl_earlydata_await; connssl->state = ssl_connection_deferred; result = Curl_alpn_set_negotiated(cf, data, connssl, - (const unsigned char *)scs->alpn, - scs->alpn ? strlen(scs->alpn) : 0); + (const unsigned char *)scs->alpn, + scs->alpn ? strlen(scs->alpn) : 0); *do_early_data = !result; } return result; @@ -1225,8 +1221,8 @@ out: return result; } -static CURLcode -gtls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode gtls_connect_step1(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct gtls_ssl_backend_data *backend = @@ -1333,8 +1329,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, return result; } -void Curl_gtls_report_handshake(struct Curl_easy *data, - struct gtls_ctx *gctx) +void Curl_gtls_report_handshake(struct Curl_easy *data, struct gtls_ctx *gctx) { #ifndef CURL_DISABLE_VERBOSE_STRINGS if(Curl_trc_is_verbose(data)) { @@ -1580,8 +1575,7 @@ static CURLcode glts_apple_verify(struct Curl_cfilter *cf, CURLcode result; result = Curl_vtls_apple_verify(cf, data, peer, chain->num_certs, - gtls_chain_get_der, chain, - NULL, 0); + gtls_chain_get_der, chain, NULL, 0); *pverified = !result; if(*pverified) infof(data, " SSL certificate verified by Apple SecTrust."); @@ -1589,14 +1583,13 @@ static CURLcode glts_apple_verify(struct Curl_cfilter *cf, } #endif /* USE_APPLE_SECTRUST */ -CURLcode -Curl_gtls_verifyserver(struct Curl_cfilter *cf, - struct Curl_easy *data, - gnutls_session_t session, - struct ssl_primary_config *config, - struct ssl_config_data *ssl_config, - struct ssl_peer *peer, - const char *pinned_key) +CURLcode Curl_gtls_verifyserver(struct Curl_cfilter *cf, + struct Curl_easy *data, + gnutls_session_t session, + struct ssl_primary_config *config, + struct ssl_config_data *ssl_config, + struct ssl_peer *peer, + const char *pinned_key) { struct gtls_cert_chain chain; gnutls_x509_crt_t x509_cert = NULL, x509_issuer = NULL; @@ -1651,7 +1644,7 @@ Curl_gtls_verifyserver(struct Curl_cfilter *cf, goto out; for(i = 0; i < chain.num_certs; i++) { - const char *beg = (const char *) chain.certs[i].data; + const char *beg = (const char *)chain.certs[i].data; const char *end = beg + chain.certs[i].size; result = Curl_extract_certinfo(data, (int)i, beg, end); @@ -1897,7 +1890,7 @@ static CURLcode gtls_send_earlydata(struct Curl_cfilter *cf, { struct ssl_connect_data *connssl = cf->ctx; struct gtls_ssl_backend_data *backend = - (struct gtls_ssl_backend_data *)connssl->backend; + (struct gtls_ssl_backend_data *)connssl->backend; CURLcode result = CURLE_OK; const unsigned char *buf; size_t blen; @@ -1907,8 +1900,7 @@ static CURLcode gtls_send_earlydata(struct Curl_cfilter *cf, backend->gtls.io_result = CURLE_OK; while(Curl_bufq_peek(&connssl->earlydata, &buf, &blen)) { n = gnutls_record_send_early_data(backend->gtls.session, buf, blen); - CURL_TRC_CF(data, cf, "gtls_send_earlydata(len=%zu) -> %zd", - blen, n); + CURL_TRC_CF(data, cf, "gtls_send_earlydata(len=%zu) -> %zd", blen, n); if(n < 0) { if(n == GNUTLS_E_AGAIN) result = CURLE_AGAIN; @@ -1947,7 +1939,7 @@ static CURLcode gtls_connect_common(struct Curl_cfilter *cf, { struct ssl_connect_data *connssl = cf->ctx; struct gtls_ssl_backend_data *backend = - (struct gtls_ssl_backend_data *)connssl->backend; + (struct gtls_ssl_backend_data *)connssl->backend; CURLcode result = CURLE_OK; DEBUGASSERT(backend); @@ -2131,7 +2123,7 @@ static CURLcode gtls_shutdown(struct Curl_cfilter *cf, size_t i; DEBUGASSERT(backend); - /* If we have no handshaked connection or already shut down */ + /* If we have no handshaked connection or already shut down */ if(!backend->gtls.session || cf->shutdown || connssl->state != ssl_connection_complete) { *done = TRUE; diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h index afbe51eb9c..4949eee2d2 100644 --- a/lib/vtls/gtls.h +++ b/lib/vtls/gtls.h @@ -119,8 +119,7 @@ CURLcode Curl_gtls_cache_session(struct Curl_cfilter *cf, size_t quic_tp_len); /* Report properties of a successful handshake */ -void Curl_gtls_report_handshake(struct Curl_easy *data, - struct gtls_ctx *gctx); +void Curl_gtls_report_handshake(struct Curl_easy *data, struct gtls_ctx *gctx); extern const struct Curl_ssl Curl_ssl_gnutls; diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c index 672f473db4..fbd460bc15 100644 --- a/lib/vtls/hostcheck.c +++ b/lib/vtls/hostcheck.c @@ -84,9 +84,9 @@ static bool hostmatch(const char *hostname, DEBUGASSERT(hostlen); /* normalize pattern and hostname by stripping off trailing dots */ - if(hostname[hostlen-1]=='.') + if(hostname[hostlen - 1] == '.') hostlen--; - if(pattern[patternlen-1]=='.') + if(pattern[patternlen - 1] == '.') patternlen--; if(strncmp(pattern, "*.", 2)) diff --git a/lib/vtls/keylog.c b/lib/vtls/keylog.c index 397bac1a36..03dda01f8d 100644 --- a/lib/vtls/keylog.c +++ b/lib/vtls/keylog.c @@ -38,8 +38,7 @@ /* The fp for the open SSLKEYLOGFILE, or NULL if not open */ static FILE *keylog_file_fp; -void -Curl_tls_keylog_open(void) +void Curl_tls_keylog_open(void) { char *keylog_file_name; @@ -63,8 +62,7 @@ Curl_tls_keylog_open(void) } } -void -Curl_tls_keylog_close(void) +void Curl_tls_keylog_close(void) { if(keylog_file_fp) { curlx_fclose(keylog_file_fp); @@ -72,14 +70,12 @@ Curl_tls_keylog_close(void) } } -bool -Curl_tls_keylog_enabled(void) +bool Curl_tls_keylog_enabled(void) { return keylog_file_fp != NULL; } -bool -Curl_tls_keylog_write_line(const char *line) +bool Curl_tls_keylog_write_line(const char *line) { /* The current maximum valid keylog line length LF and NUL is 195. */ size_t linelen; @@ -107,10 +103,9 @@ Curl_tls_keylog_write_line(const char *line) return TRUE; } -bool -Curl_tls_keylog_write(const char *label, - const unsigned char client_random[CLIENT_RANDOM_SIZE], - const unsigned char *secret, size_t secretlen) +bool Curl_tls_keylog_write(const char *label, + const unsigned char client_random[CLIENT_RANDOM_SIZE], + const unsigned char *secret, size_t secretlen) { size_t pos, i; unsigned char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 + diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 9e13ed4641..d331670371 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -38,7 +38,7 @@ #include #if MBEDTLS_VERSION_NUMBER < 0x03020000 - #error "mbedTLS 3.2.0 or later required" +#error "mbedTLS 3.2.0 or later required" #endif #include #include @@ -77,7 +77,7 @@ /* ALPN for http2 */ #if defined(USE_HTTP2) && defined(MBEDTLS_SSL_ALPN) -# define HAS_ALPN_MBEDTLS +#define HAS_ALPN_MBEDTLS #endif struct mbed_ssl_backend_data { @@ -109,7 +109,7 @@ struct mbed_ssl_backend_data { #endif #ifndef MBEDTLS_ERROR_C -#define mbedtls_strerror(a,b,c) b[0] = 0 +#define mbedtls_strerror(a, b, c) b[0] = 0 #endif #if defined(CURL_MBEDTLS_DRBG) && defined(HAS_THREADING_SUPPORT) @@ -217,8 +217,7 @@ static int mbedtls_bio_cf_read(void *bio, unsigned char *buf, size_t blen) /* * profile */ -static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = -{ +static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = { /* Hashes from SHA-1 and above */ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) | @@ -307,9 +306,8 @@ mbed_set_ssl_version_min_max(struct Curl_easy *data, cipher suite present in other SSL implementations. Provide provisional support for specifying the cipher suite here. */ #ifdef MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 -static int -mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, - bool prefer_rfc) +static int mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, + bool prefer_rfc) { if(id == MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8) curl_msnprintf(buf, buf_size, "%s", "TLS_ECJPAKE_WITH_AES_128_CCM_8"); @@ -318,8 +316,7 @@ mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, return 0; } -static uint16_t -mbed_cipher_suite_walk_str(const char **str, const char **end) +static uint16_t mbed_cipher_suite_walk_str(const char **str, const char **end) { uint16_t id = Curl_cipher_suite_walk_str(str, end); size_t len = *end - *str; @@ -348,7 +345,8 @@ mbed_set_selected_ciphers(struct Curl_easy *data, const char *ptr, *end; supported = mbedtls_ssl_list_ciphersuites(); - for(i = 0; supported[i] != 0; i++); + for(i = 0; supported[i] != 0; i++) + ; supported_len = i; selected = curlx_malloc(sizeof(int) * (supported_len + 1)); @@ -361,7 +359,7 @@ mbed_set_selected_ciphers(struct Curl_easy *data, if(!ciphers13) { /* Add default TLSv1.3 ciphers to selection */ for(j = 0; j < supported_len; j++) { - uint16_t id = (uint16_t) supported[j]; + uint16_t id = (uint16_t)supported[j]; if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) != 0) continue; @@ -380,23 +378,25 @@ add_ciphers: /* Check if cipher is supported */ if(id) { - for(i = 0; i < supported_len && supported[i] != id; i++); + for(i = 0; i < supported_len && supported[i] != id; i++) + ; if(i == supported_len) id = 0; } if(!id) { if(ptr[0] != '\0') infof(data, "mbedTLS: unknown cipher in list: \"%.*s\"", - (int) (end - ptr), ptr); + (int)(end - ptr), ptr); continue; } /* No duplicates allowed (so selected cannot overflow) */ - for(i = 0; i < count && selected[i] != id; i++); + for(i = 0; i < count && selected[i] != id; i++) + ; if(i < count) { if(i >= default13_count) infof(data, "mbedTLS: duplicate cipher in list: \"%.*s\"", - (int) (end - ptr), ptr); + (int)(end - ptr), ptr); continue; } @@ -412,12 +412,13 @@ add_ciphers: if(!ciphers12) { /* Add default TLSv1.2 ciphers to selection */ for(j = 0; j < supported_len; j++) { - uint16_t id = (uint16_t) supported[j]; + uint16_t id = (uint16_t)supported[j]; if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) == 0) continue; /* No duplicates allowed (so selected cannot overflow) */ - for(i = 0; i < count && selected[i] != id; i++); + for(i = 0; i < count && selected[i] != id; i++) + ; if(i < count) continue; @@ -441,8 +442,8 @@ add_ciphers: return CURLE_OK; } -static void -mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt) +static void mbed_dump_cert_info(struct Curl_easy *data, + const mbedtls_x509_crt *crt) { #if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(MBEDTLS_X509_REMOVE_INFO) (void)data, (void)crt; @@ -454,7 +455,7 @@ mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt) infof(data, "Server certificate:"); for(p = buffer; *p; p += *p != '\0') { size_t s = strcspn(p, "\n"); - infof(data, "%.*s", (int) s, p); + infof(data, "%.*s", (int)s, p); p += s; } } @@ -465,8 +466,8 @@ mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt) #endif } -static void -mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt) +static void mbed_extract_certinfo(struct Curl_easy *data, + const mbedtls_x509_crt *crt) { CURLcode result; const mbedtls_x509_crt *cur; @@ -485,7 +486,7 @@ mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt) result = Curl_ssl_init_certinfo(data, cert_count); for(i = 0, cur = crt; result == CURLE_OK && cur; ++i, cur = cur->next) { - const char *beg = (const char *) cur->raw.p; + const char *beg = (const char *)cur->raw.p; const char *end = beg + cur->raw.len; result = Curl_extract_certinfo(data, i, beg, end); } @@ -494,7 +495,7 @@ mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt) static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt, int depth, uint32_t *flags) { - struct Curl_cfilter *cf = (struct Curl_cfilter *) ptr; + struct Curl_cfilter *cf = (struct Curl_cfilter *)ptr; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct Curl_easy *data = CF_DATA_CURRENT(cf); @@ -523,8 +524,8 @@ static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt, return 0; } -static CURLcode -mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode mbed_connect_step1(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = @@ -959,8 +960,8 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; } -static CURLcode -mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode mbed_connect_step2(struct Curl_cfilter *cf, + struct Curl_easy *data) { CURLcode result; int ret; @@ -1004,8 +1005,8 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) { char cipher_str[64]; uint16_t cipher_id; - cipher_id = (uint16_t) - mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl); + cipher_id = + (uint16_t)mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl); mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), TRUE); infof(data, "mbedTLS: %s Handshake complete, cipher is %s", mbedtls_ssl_get_version(&backend->ssl), cipher_str); @@ -1084,8 +1085,8 @@ pinnedpubkey_error: return CURLE_OK; } -static CURLcode -mbed_new_session(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode mbed_new_session(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = @@ -1148,8 +1149,7 @@ out: } static CURLcode mbed_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *mem, size_t len, - size_t *pnwritten) + const void *mem, size_t len, size_t *pnwritten) { struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = @@ -1327,8 +1327,7 @@ static void mbedtls_close(struct Curl_cfilter *cf, struct Curl_easy *data) } static CURLcode mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data, - char *buf, size_t buffersize, - size_t *pnread) + char *buf, size_t buffersize, size_t *pnread) { struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = diff --git a/lib/vtls/mbedtls_threadlock.c b/lib/vtls/mbedtls_threadlock.c index 89cc2b7d38..0a74d60d37 100644 --- a/lib/vtls/mbedtls_threadlock.c +++ b/lib/vtls/mbedtls_threadlock.c @@ -24,9 +24,8 @@ ***************************************************************************/ #include "../curl_setup.h" -#if defined(USE_MBEDTLS) && \ - ((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \ - defined(_WIN32)) +#if defined(USE_MBEDTLS) && \ + ((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || defined(_WIN32)) #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) # include diff --git a/lib/vtls/mbedtls_threadlock.h b/lib/vtls/mbedtls_threadlock.h index 1855d4cc01..55607e6250 100644 --- a/lib/vtls/mbedtls_threadlock.h +++ b/lib/vtls/mbedtls_threadlock.h @@ -28,8 +28,7 @@ #ifdef USE_MBEDTLS -#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \ - defined(_WIN32) +#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || defined(_WIN32) int Curl_mbedtlsthreadlock_thread_setup(void); int Curl_mbedtlsthreadlock_thread_cleanup(void); diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index bdfe527acd..a958698b58 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -179,7 +179,7 @@ static void ossl_provider_cleanup(struct Curl_easy *data); #define OSSL_PACKAGE "BoringSSL" #elif defined(OPENSSL_IS_AWSLC) #define OSSL_PACKAGE "AWS-LC" -#elif defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \ +#elif defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \ !defined(OPENSSL_QUIC_API2) #define OSSL_PACKAGE "quictls" #else @@ -234,7 +234,7 @@ static CURLcode pubkey_show(struct Curl_easy *data, return push_certinfo(data, mem, namebuf, num); } -#define print_pubkey_BN(_type, _name, _num) \ +#define print_pubkey_BN(_type, _name, _num) \ pubkey_show(data, mem, _num, #_type, #_name, _name) static int asn1_object_dump(const ASN1_OBJECT *a, char *buf, size_t len) @@ -685,8 +685,7 @@ static void ossl_keylog_callback(const SSL *ssl, const char *line) * ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the * OpenSSL being used does not have native support for doing that. */ -static void -ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done) +static void ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done) { const SSL_SESSION *session; unsigned char client_random[SSL3_RANDOM_SIZE]; @@ -791,8 +790,7 @@ static char *ossl_strerror(unsigned long error, char *buf, size_t size) return buf; } -static int passwd_callback(char *buf, int num, int encrypting, - void *password) +static int passwd_callback(char *buf, int num, int encrypting, void *password) { DEBUGASSERT(encrypting == 0); @@ -932,8 +930,7 @@ static int use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob, } else if(type == SSL_FILETYPE_PEM) { /* ERR_R_PEM_LIB; */ - x = PEM_read_bio_X509(in, NULL, - passwd_callback, CURL_UNCONST(key_passwd)); + x = PEM_read_bio_X509(in, NULL, passwd_callback, CURL_UNCONST(key_passwd)); } else { ret = 0; @@ -979,9 +976,9 @@ end: return ret; } -static int -use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob, - const char *key_passwd) +static int use_certificate_chain_blob(SSL_CTX *ctx, + const struct curl_blob *blob, + const char *key_passwd) { int ret = 0; X509 *x = NULL; @@ -1011,8 +1008,7 @@ use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob, } while((ca = PEM_read_bio_X509(in, NULL, passwd_callback, - CURL_UNCONST(key_passwd))) - != NULL) { + CURL_UNCONST(key_passwd))) != NULL) { if(!SSL_CTX_add0_chain_cert(ctx, ca)) { X509_free(ca); @@ -1054,8 +1050,7 @@ static int enginecheck(struct Curl_easy *data, } if(data->state.engine) { - UI_METHOD *ui_method = - UI_create_method("curl user interface"); + UI_METHOD *ui_method = UI_create_method("curl user interface"); if(!ui_method) { failf(data, "unable to create " OSSL_PACKAGE " user-interface method"); return 0; @@ -1116,8 +1111,7 @@ static int providercheck(struct Curl_easy *data, EVP_PKEY *priv_key = NULL; OSSL_STORE_CTX *store = NULL; OSSL_STORE_INFO *info = NULL; - UI_METHOD *ui_method = - UI_create_method("curl user interface"); + UI_METHOD *ui_method = UI_create_method("curl user interface"); if(!ui_method) { failf(data, "unable to create " OSSL_PACKAGE " user-interface method"); return 0; @@ -1221,16 +1215,15 @@ static int engineload(struct Curl_easy *data, /* Load the certificate from the engine */ if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name, 0, ¶ms, NULL, 1)) { - failf(data, "ssl engine cannot load client cert with id" - " '%s' [%s]", cert_file, + failf(data, "ssl engine cannot load client cert with id '%s' [%s]", + cert_file, ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer))); return 0; } if(!params.cert) { - failf(data, "ssl engine did not initialized the certificate " - "properly."); + failf(data, "ssl engine did not initialized the certificate properly."); return 0; } @@ -1352,8 +1345,7 @@ static int pkcs12load(struct Curl_easy *data, if(cert_blob) { cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len)); if(!cert_bio) { - failf(data, - "BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s", + failf(data, "BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s", ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)) ); return 0; @@ -1362,8 +1354,7 @@ static int pkcs12load(struct Curl_easy *data, else { cert_bio = BIO_new(BIO_s_file()); if(!cert_bio) { - failf(data, - "BIO_new return NULL, " OSSL_PACKAGE " error %s", + failf(data, "BIO_new return NULL, " OSSL_PACKAGE " error %s", ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)) ); return 0; @@ -1386,11 +1377,9 @@ static int pkcs12load(struct Curl_easy *data, } if(!PKCS12_parse(p12, key_passwd, &pri, &x509, &ca)) { - failf(data, - "could not parse PKCS12 file, check password, " OSSL_PACKAGE + failf(data, "could not parse PKCS12 file, check password, " OSSL_PACKAGE " error %s", - ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer)) ); + ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer))); PKCS12_free(p12); return 0; } @@ -1398,17 +1387,14 @@ static int pkcs12load(struct Curl_easy *data, PKCS12_free(p12); if(SSL_CTX_use_certificate(ctx, x509) != 1) { - failf(data, - "could not load PKCS12 client certificate, " OSSL_PACKAGE + failf(data, "could not load PKCS12 client certificate, " OSSL_PACKAGE " error %s", - ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer)) ); + ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer))); goto fail; } if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) { - failf(data, "unable to use private key from PKCS12 file '%s'", - cert_file); + failf(data, "unable to use private key from PKCS12 file '%s'", cert_file); goto fail; } @@ -1500,7 +1486,7 @@ static CURLcode client_cert(struct Curl_easy *data, "(no key found, wrong passphrase, or wrong file format?)", (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file), ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer)) ); + sizeof(error_buffer))); return CURLE_SSL_CERTPROBLEM; } break; @@ -1520,7 +1506,7 @@ static CURLcode client_cert(struct Curl_easy *data, "(no key found, wrong passphrase, or wrong file format?)", (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file), ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer)) ); + sizeof(error_buffer))); return CURLE_SSL_CERTPROBLEM; } break; @@ -1850,20 +1836,17 @@ static CURLcode ossl_set_provider(struct Curl_easy *data, const char *iname) return CURLE_OK; } - data->state.provider = - OSSL_PROVIDER_try_load(data->state.libctx, name, 1); + data->state.provider = OSSL_PROVIDER_try_load(data->state.libctx, name, 1); if(!data->state.provider) { char error_buffer[256]; failf(data, "Failed to initialize provider: %s", - ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer))); + ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer))); ossl_provider_cleanup(data); return CURLE_SSL_ENGINE_NOTFOUND; } /* load the base provider as well */ - data->state.baseprov = - OSSL_PROVIDER_try_load(data->state.libctx, "base", 1); + data->state.baseprov = OSSL_PROVIDER_try_load(data->state.libctx, "base", 1); if(!data->state.baseprov) { ossl_provider_cleanup(data); failf(data, "Failed to load base"); @@ -1875,7 +1858,6 @@ static CURLcode ossl_set_provider(struct Curl_easy *data, const char *iname) } #endif - static CURLcode ossl_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data, bool send_shutdown, bool *done) @@ -2138,7 +2120,7 @@ static CURLcode ossl_verifyhost(struct Curl_easy *data, if(check->type == target) { /* get data and length */ const char *altptr = (const char *)ASN1_STRING_get0_data(check->d.ia5); - size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); + size_t altlen = (size_t)ASN1_STRING_length(check->d.ia5); switch(target) { case GEN_DNS: /* name/pattern comparison */ @@ -2166,8 +2148,7 @@ static CURLcode ossl_verifyhost(struct Curl_easy *data, our server IP address is */ if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) { matched = TRUE; - infof(data, - " subjectAltName: \"%s\" matches cert's IP address!", + infof(data, " subjectAltName: \"%s\" matches cert's IP address!", peer->dispname); } break; @@ -2242,8 +2223,7 @@ static CURLcode ossl_verifyhost(struct Curl_easy *data, /* error already detected, pass through */ ; else if(!cn) { - failf(data, - "SSL: unable to obtain common name from peer certificate"); + failf(data, "SSL: unable to obtain common name from peer certificate"); result = CURLE_PEER_FAILED_VERIFICATION; } else if(!Curl_cert_hostcheck((const char *)cn, cnlen, @@ -2780,7 +2760,7 @@ out: */ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) { - struct Curl_cfilter *cf = (struct Curl_cfilter*) SSL_get_app_data(ssl); + struct Curl_cfilter *cf = (struct Curl_cfilter *)SSL_get_app_data(ssl); if(cf) { struct Curl_easy *data = CF_DATA_CURRENT(cf); struct ssl_connect_data *connssl = cf->ctx; @@ -3181,7 +3161,7 @@ static CURLcode ossl_populate_x509_store(struct Curl_cfilter *cf, failf(data, "error loading CRL file: %s", ssl_crlfile); return CURLE_SSL_CRL_BADFILE; } - x509flags = X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + x509flags = X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL; infof(data, " CRLfile: %s", ssl_crlfile); } @@ -3210,7 +3190,7 @@ static CURLcode ossl_populate_x509_store(struct Curl_cfilter *cf, } /* key to use at `multi->proto_hash` */ -#define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share" +#define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share" struct ossl_x509_share { char *CAfile; /* CAfile path used to generate X509 store */ @@ -3222,7 +3202,7 @@ struct ossl_x509_share { static void oss_x509_share_free(void *key, size_t key_len, void *p) { struct ossl_x509_share *share = p; - DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY)-1)); + DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY) - 1)); DEBUGASSERT(!memcmp(MPROTO_OSSL_X509_KEY, key, key_len)); (void)key; (void)key_len; @@ -3233,9 +3213,8 @@ static void oss_x509_share_free(void *key, size_t key_len, void *p) curlx_free(share); } -static bool -ossl_cached_x509_store_expired(const struct Curl_easy *data, - const struct ossl_x509_share *mb) +static bool ossl_cached_x509_store_expired(const struct Curl_easy *data, + const struct ossl_x509_share *mb) { const struct ssl_general_config *cfg = &data->set.general_ssl; if(cfg->ca_cache_timeout < 0) @@ -3249,9 +3228,8 @@ ossl_cached_x509_store_expired(const struct Curl_easy *data, } } -static bool -ossl_cached_x509_store_different(struct Curl_cfilter *cf, - const struct ossl_x509_share *mb) +static bool ossl_cached_x509_store_different(struct Curl_cfilter *cf, + const struct ossl_x509_share *mb) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); if(!mb->CAfile || !conn_config->CAfile) @@ -3272,7 +3250,7 @@ static X509_STORE *ossl_get_cached_x509_store(struct Curl_cfilter *cf, *pempty = TRUE; share = multi ? Curl_hash_pick(&multi->proto_hash, CURL_UNCONST(MPROTO_OSSL_X509_KEY), - sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL; + sizeof(MPROTO_OSSL_X509_KEY) - 1) : NULL; if(share && share->store && !ossl_cached_x509_store_expired(data, share) && !ossl_cached_x509_store_different(cf, share)) { @@ -3297,7 +3275,7 @@ static void ossl_set_cached_x509_store(struct Curl_cfilter *cf, return; share = Curl_hash_pick(&multi->proto_hash, CURL_UNCONST(MPROTO_OSSL_X509_KEY), - sizeof(MPROTO_OSSL_X509_KEY)-1); + sizeof(MPROTO_OSSL_X509_KEY) - 1); if(!share) { share = curlx_calloc(1, sizeof(*share)); @@ -3305,7 +3283,7 @@ static void ossl_set_cached_x509_store(struct Curl_cfilter *cf, return; if(!Curl_hash_add2(&multi->proto_hash, CURL_UNCONST(MPROTO_OSSL_X509_KEY), - sizeof(MPROTO_OSSL_X509_KEY)-1, + sizeof(MPROTO_OSSL_X509_KEY) - 1, share, oss_x509_share_free)) { curlx_free(share); return; @@ -3508,8 +3486,7 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx, if(data->set.tls_ech & CURLECH_HARD) return result; } - if(SSL_set1_ech_config_list(octx->ssl, ech_config, - ech_config_len) != 1) { + if(SSL_set1_ech_config_list(octx->ssl, ech_config, ech_config_len) != 1) { infof(data, "ECH: SSL_ECH_set1_ech_config_list failed"); if(data->set.tls_ech & CURLECH_HARD) { curlx_free(ech_config); @@ -3519,14 +3496,13 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx, curlx_free(ech_config); trying_ech_now = 1; # else - ech_config = (unsigned char *) data->set.str[STRING_ECH_CONFIG]; + ech_config = (unsigned char *)data->set.str[STRING_ECH_CONFIG]; if(!ech_config) { infof(data, "ECH: ECHConfig from command line empty"); return CURLE_SSL_CONNECT_ERROR; } ech_config_len = strlen(data->set.str[STRING_ECH_CONFIG]); - if(SSL_set1_ech_config_list(octx->ssl, ech_config, - ech_config_len) != 1) { + if(SSL_set1_ech_config_list(octx->ssl, ech_config, ech_config_len) != 1) { infof(data, "ECH: SSL_ECH_set1_ech_config_list failed"); if(data->set.tls_ech & CURLECH_HARD) return CURLE_SSL_CONNECT_ERROR; @@ -3584,16 +3560,16 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx, infof(data, "ECH: inner: '%s', outer: '%s'", peer->hostname ? peer->hostname : "NULL", outername); result = SSL_ech_set1_server_names(octx->ssl, - peer->hostname, outername, - 0 /* do send outer */); + peer->hostname, outername, + 0 /* do send outer */); if(result != 1) { infof(data, "ECH: rv failed to set server name(s) %d [ERROR]", result); return CURLE_SSL_CONNECT_ERROR; } } # endif /* HAVE_BORINGSSL_LIKE */ - if(trying_ech_now - && SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) { + if(trying_ech_now && + SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) { infof(data, "ECH: cannot force TLSv1.3 [ERROR]"); return CURLE_SSL_CONNECT_ERROR; } @@ -3602,7 +3578,6 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx, } #endif /* USE_ECH_OPENSSL */ - static CURLcode ossl_init_ssl(struct ossl_ctx *octx, struct Curl_cfilter *cf, struct Curl_easy *data, @@ -3706,7 +3681,6 @@ static CURLcode ossl_init_method(struct Curl_cfilter *cf, return *pmethod ? CURLE_OK : CURLE_SSL_CONNECT_ERROR; } - CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, struct Curl_cfilter *cf, struct Curl_easy *data, @@ -3821,7 +3795,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, /* "--tlsv" options mean TLS >= version */ case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */ + case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */ case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */ case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */ case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */ @@ -4036,8 +4010,7 @@ static CURLcode ossl_on_session_reuse(struct Curl_cfilter *cf, return result; } -void Curl_ossl_report_handshake(struct Curl_easy *data, - struct ossl_ctx *octx) +void Curl_ossl_report_handshake(struct Curl_easy *data, struct ossl_ctx *octx) { #ifndef CURL_DISABLE_VERBOSE_STRINGS if(Curl_trc_is_verbose(data)) { @@ -4065,7 +4038,6 @@ void Curl_ossl_report_handshake(struct Curl_easy *data, (void)data; (void)octx; #endif /* CURL_DISABLE_VERBOSE_STRINGS */ - } static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, @@ -4121,7 +4093,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, #ifdef USE_ECH_OPENSSL /* If we have retry configs, then trace those out */ -static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl, +static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL *ssl, int reason) { CURLcode result = CURLE_OK; @@ -4247,7 +4219,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, else { /* untreated error */ sslerr_t errdetail; - char error_buffer[256]=""; + char error_buffer[256] = ""; CURLcode result; long lerr; int lib; @@ -4319,7 +4291,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, * the SO_ERROR is also lost. */ if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) { - char extramsg[80]=""; + char extramsg[80] = ""; int sockerr = SOCKERRNO; if(sockerr && detail == SSL_ERROR_SYSCALL) @@ -4374,7 +4346,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, break; default: status = "unexpected status"; - infof(data, "ECH: unexpected status %d",rv); + infof(data, "ECH: unexpected status %d", rv); } infof(data, "ECH: result: status is %s, inner is %s, outer is %s", (status ? status : "NULL"), @@ -4418,7 +4390,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, * Heavily modified from: * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL */ -static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, +static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509 *cert, const char *pinnedpubkey) { /* Scratch */ @@ -4534,8 +4506,7 @@ static void infof_certstack(struct Curl_easy *data, const SSL *ssl) type_name = NULL; #endif - infof(data, - " Certificate level %d: " + infof(data, " Certificate level %d: " "Public key type %s%s (%d/%d Bits/secBits), signed using %s", cert_level, type_name ? type_name : "?", get_group_name == 0 ? "" : group_name_final, @@ -4553,7 +4524,7 @@ static CURLcode ossl_check_issuer(struct Curl_cfilter *cf, struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); X509 *issuer = NULL; BIO *fp = NULL; - char err_buf[256]=""; + char err_buf[256] = ""; bool verify_enabled = (conn_config->verifypeer || conn_config->verifyhost); CURLcode result = CURLE_OK; @@ -4671,12 +4642,12 @@ static CURLcode ossl_infof_cert(struct Curl_cfilter *cf, infof(data, " subject: %s", result ? "[NONE]" : curlx_dyn_ptr(&dname)); ASN1_TIME_print(mem, X509_get0_notBefore(server_cert)); - len = BIO_get_mem_data(mem, (char **) &buf); + len = BIO_get_mem_data(mem, (char **)&buf); infof(data, " start date: %.*s", (int)len, buf); (void)BIO_reset(mem); ASN1_TIME_print(mem, X509_get0_notAfter(server_cert)); - len = BIO_get_mem_data(mem, (char **) &buf); + len = BIO_get_mem_data(mem, (char **)&buf); infof(data, " expire date: %.*s", (int)len, buf); (void)BIO_reset(mem); @@ -5118,8 +5089,7 @@ static CURLcode ossl_send(struct Curl_cfilter *cf, result = CURLE_AGAIN; octx->blocked_ssl_write_len = memlen; goto out; - case SSL_ERROR_SYSCALL: - { + case SSL_ERROR_SYSCALL: { int sockerr = SOCKERRNO; if(octx->io_result == CURLE_AGAIN) { diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h index 5b6f35396d..ff8246b4fa 100644 --- a/lib/vtls/openssl.h +++ b/lib/vtls/openssl.h @@ -150,8 +150,7 @@ CURLcode Curl_ossl_check_peer_cert(struct Curl_cfilter *cf, struct ssl_peer *peer); /* Report properties of a successful handshake */ -void Curl_ossl_report_handshake(struct Curl_easy *data, - struct ossl_ctx *octx); +void Curl_ossl_report_handshake(struct Curl_easy *data, struct ossl_ctx *octx); #endif /* USE_OPENSSL */ #endif /* HEADER_CURL_SSLUSE_H */ diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c index 360a2454ac..951b339b43 100644 --- a/lib/vtls/rustls.c +++ b/lib/vtls/rustls.c @@ -42,8 +42,7 @@ #include "cipher_suite.h" #include "x509asn1.h" -struct rustls_ssl_backend_data -{ +struct rustls_ssl_backend_data { const struct rustls_client_config *config; struct rustls_connection *conn; size_t plain_out_buffered; @@ -58,17 +57,17 @@ static CURLcode map_error(const rustls_result r) return CURLE_PEER_FAILED_VERIFICATION; } switch(r) { - case RUSTLS_RESULT_OK: - return CURLE_OK; - case RUSTLS_RESULT_NULL_PARAMETER: - return CURLE_BAD_FUNCTION_ARGUMENT; - default: - return CURLE_RECV_ERROR; + case RUSTLS_RESULT_OK: + return CURLE_OK; + case RUSTLS_RESULT_NULL_PARAMETER: + return CURLE_BAD_FUNCTION_ARGUMENT; + default: + return CURLE_RECV_ERROR; } } -static void -rustls_failf(struct Curl_easy *data, const rustls_result rr, const char *msg) +static void rustls_failf(struct Curl_easy *data, const rustls_result rr, + const char *msg) { char errorbuf[STRERROR_LEN]; size_t errorlen; @@ -76,8 +75,8 @@ rustls_failf(struct Curl_easy *data, const rustls_result rr, const char *msg) failf(data, "%s: %.*s", msg, (int)errorlen, errorbuf); } -static bool -cr_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data) +static bool cr_data_pending(struct Curl_cfilter *cf, + const struct Curl_easy *data) { const struct ssl_connect_data *ctx = cf->ctx; struct rustls_ssl_backend_data *backend; @@ -93,11 +92,11 @@ struct io_ctx { struct Curl_easy *data; }; -static int -read_cb(void *userdata, uint8_t *buf, uintptr_t len, uintptr_t *out_n) +static int read_cb(void *userdata, uint8_t *buf, uintptr_t len, + uintptr_t *out_n) { const struct io_ctx *io_ctx = userdata; - struct ssl_connect_data *const connssl = io_ctx->cf->ctx; + struct ssl_connect_data * const connssl = io_ctx->cf->ctx; CURLcode result; int ret = 0; size_t nread; @@ -120,8 +119,8 @@ read_cb(void *userdata, uint8_t *buf, uintptr_t len, uintptr_t *out_n) return ret; } -static int -write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n) +static int write_cb(void *userdata, const uint8_t *buf, uintptr_t len, + uintptr_t *out_n) { const struct io_ctx *io_ctx = userdata; CURLcode result; @@ -146,8 +145,8 @@ write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n) static ssize_t tls_recv_more(struct Curl_cfilter *cf, struct Curl_easy *data, CURLcode *err) { - const struct ssl_connect_data *const connssl = cf->ctx; - struct rustls_ssl_backend_data *const backend = + const struct ssl_connect_data * const connssl = cf->ctx; + struct rustls_ssl_backend_data * const backend = (struct rustls_ssl_backend_data *)connssl->backend; struct io_ctx io_ctx; size_t tls_bytes_read = 0; @@ -186,12 +185,11 @@ static ssize_t tls_recv_more(struct Curl_cfilter *cf, * Filter receive method implementation. `plainbuf` and `plainlen` * are always not NULL/0. */ -static CURLcode -cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, - char *plainbuf, size_t plainlen, size_t *pnread) +static CURLcode cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + char *plainbuf, size_t plainlen, size_t *pnread) { - const struct ssl_connect_data *const connssl = cf->ctx; - struct rustls_ssl_backend_data *const backend = + const struct ssl_connect_data * const connssl = cf->ctx; + struct rustls_ssl_backend_data * const backend = (struct rustls_ssl_backend_data *)connssl->backend; struct rustls_connection *rconn = NULL; CURLcode result = CURLE_OK; @@ -300,12 +298,12 @@ static CURLcode cr_flush_out(struct Curl_cfilter *cf, struct Curl_easy *data, * In that case, it will not read anything into Rustls' plaintext input buffer. * It will only drain Rustls' plaintext output buffer into the socket. */ -static CURLcode -cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *plainbuf, size_t plainlen, size_t *pnwritten) +static CURLcode cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, + const void *plainbuf, size_t plainlen, + size_t *pnwritten) { - const struct ssl_connect_data *const connssl = cf->ctx; - struct rustls_ssl_backend_data *const backend = + const struct ssl_connect_data * const connssl = cf->ctx; + struct rustls_ssl_backend_data * const backend = (struct rustls_ssl_backend_data *)connssl->backend; struct rustls_connection *rconn = NULL; size_t plainwritten = 0; @@ -379,18 +377,15 @@ out: /* A server certificate verify callback for Rustls that always returns RUSTLS_RESULT_OK, or in other words disable certificate verification. */ -static uint32_t -cr_verify_none(void *userdata, - const rustls_verify_server_cert_params *params) +static uint32_t cr_verify_none(void *userdata, + const rustls_verify_server_cert_params *params) { (void)userdata; (void)params; return RUSTLS_RESULT_OK; } -static int -read_file_into(const char *filename, - struct dynbuf *out) +static int read_file_into(const char *filename, struct dynbuf *out) { FILE *f = curlx_fopen(filename, FOPEN_READTEXT); if(!f) { @@ -464,16 +459,17 @@ add_ciphers: if(!id) { if(ptr[0] != '\0') infof(data, "rustls: unknown cipher in list: \"%.*s\"", - (int) (end - ptr), ptr); + (int)(end - ptr), ptr); continue; } /* No duplicates allowed (so selected cannot overflow) */ - for(i = 0; i < count && selected[i] != entry; i++); + for(i = 0; i < count && selected[i] != entry; i++) + ; if(i < count) { if(i >= default13_count) infof(data, "rustls: duplicate cipher in list: \"%.*s\"", - (int) (end - ptr), ptr); + (int)(end - ptr), ptr); continue; } @@ -494,7 +490,8 @@ add_ciphers: continue; /* No duplicates allowed (so selected cannot overflow) */ - for(i = 0; i < count && selected[i] != entry; i++); + for(i = 0; i < count && selected[i] != entry; i++) + ; if(i < count) continue; @@ -505,10 +502,10 @@ add_ciphers: *selected_size = count; } -static void -cr_keylog_log_cb(struct rustls_str label, - const uint8_t *client_random, size_t client_random_len, - const uint8_t *secret, size_t secret_len) +static void cr_keylog_log_cb(struct rustls_str label, + const uint8_t *client_random, + size_t client_random_len, const uint8_t *secret, + size_t secret_len) { char clabel[KEYLOG_LABEL_MAXLEN]; (void)client_random_len; @@ -528,12 +525,11 @@ init_config_builder(struct Curl_easy *data, const struct rustls_crypto_provider *custom_provider = NULL; uint16_t tls_versions[2] = { - RUSTLS_TLS_VERSION_TLSV1_2, - RUSTLS_TLS_VERSION_TLSV1_3, + RUSTLS_TLS_VERSION_TLSV1_2, + RUSTLS_TLS_VERSION_TLSV1_3, }; size_t tls_versions_len = 2; - size_t cipher_suites_len = - rustls_default_crypto_provider_ciphersuites_len(); + size_t cipher_suites_len = rustls_default_crypto_provider_ciphersuites_len(); CURLcode result = CURLE_OK; rustls_result rr; @@ -602,7 +598,7 @@ init_config_builder(struct Curl_easy *data, &custom_provider_builder); if(rr != RUSTLS_RESULT_OK) { rustls_failf(data, rr, - "failed to create crypto provider builder from default"); + "failed to create crypto provider builder from default"); result = CURLE_SSL_CIPHER; goto cleanup; } @@ -614,13 +610,13 @@ init_config_builder(struct Curl_easy *data, cipher_suites_len); if(rr != RUSTLS_RESULT_OK) { rustls_failf(data, rr, - "failed to set ciphersuites for crypto provider builder"); + "failed to set ciphersuites for crypto provider builder"); result = CURLE_SSL_CIPHER; goto cleanup; } - rr = rustls_crypto_provider_builder_build( - custom_provider_builder, &custom_provider); + rr = rustls_crypto_provider_builder_build(custom_provider_builder, + &custom_provider); if(rr != RUSTLS_RESULT_OK) { rustls_failf(data, rr, "failed to build custom crypto provider"); result = CURLE_SSL_CIPHER; @@ -628,9 +624,9 @@ init_config_builder(struct Curl_easy *data, } rr = rustls_client_config_builder_new_custom(custom_provider, - tls_versions, - tls_versions_len, - config_builder); + tls_versions, + tls_versions_len, + config_builder); if(rr != RUSTLS_RESULT_OK) { rustls_failf(data, rr, "failed to create client config builder"); result = CURLE_SSL_CIPHER; @@ -669,8 +665,7 @@ init_config_builder_alpn(struct Curl_easy *data, infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data); } -static CURLcode -init_config_builder_verifier_crl( +static CURLcode init_config_builder_verifier_crl( struct Curl_easy *data, const struct ssl_primary_config *conn_config, struct rustls_web_pki_server_cert_verifier_builder *builder) @@ -723,7 +718,6 @@ init_config_builder_verifier(struct Curl_easy *data, 1); if(rr != RUSTLS_RESULT_OK) { rustls_failf(data, rr, "failed to parse trusted certificates from blob"); - result = CURLE_SSL_CACERT_BADFILE; goto cleanup; } @@ -734,7 +728,6 @@ init_config_builder_verifier(struct Curl_easy *data, 1); if(rr != RUSTLS_RESULT_OK) { rustls_failf(data, rr, "failed to load trusted certificates"); - result = CURLE_SSL_CACERT_BADFILE; goto cleanup; } @@ -755,8 +748,8 @@ init_config_builder_verifier(struct Curl_easy *data, if(conn_config->CRLfile) { result = init_config_builder_verifier_crl(data, - conn_config, - verifier_builder); + conn_config, + verifier_builder); if(result) { goto cleanup; } @@ -789,8 +782,7 @@ cleanup: return result; } -static CURLcode -init_config_builder_platform_verifier( +static CURLcode init_config_builder_platform_verifier( struct Curl_easy *data, struct rustls_client_config_builder *builder) { @@ -890,10 +882,8 @@ init_config_builder_client_auth(struct Curl_easy *data, rr = rustls_certified_key_keys_match(certified_key); if(rr != RUSTLS_RESULT_OK) { - rustls_failf(data, - rr, + rustls_failf(data, rr, "rustls: client certificate and keypair files do not match:"); - result = CURLE_SSL_CERTPROBLEM; goto cleanup; } @@ -1011,9 +1001,9 @@ cleanup: } #endif /* USE_ECH */ -static CURLcode -cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, - struct rustls_ssl_backend_data *const backend) +static CURLcode cr_init_backend(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct rustls_ssl_backend_data * const backend) { const struct ssl_connect_data *connssl = cf->ctx; const struct ssl_primary_config *conn_config = @@ -1091,9 +1081,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, return result; } - rr = rustls_client_config_builder_build( - config_builder, - &backend->config); + rr = rustls_client_config_builder_build(config_builder, &backend->config); if(rr != RUSTLS_RESULT_OK) { rustls_failf(data, rr, "failed to build client config"); return CURLE_SSL_CONNECT_ERROR; @@ -1116,11 +1104,11 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, return result; } -static void -cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data, - const struct rustls_connection *rconn) +static void cr_set_negotiated_alpn(struct Curl_cfilter *cf, + struct Curl_easy *data, + const struct rustls_connection *rconn) { - struct ssl_connect_data *const connssl = cf->ctx; + struct ssl_connect_data * const connssl = cf->ctx; const uint8_t *protocol = NULL; size_t len = 0; @@ -1133,12 +1121,11 @@ cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data, * This function will set `*done` to true once the handshake is complete. * This function never reads the value of `*done*`. */ -static CURLcode -cr_connect(struct Curl_cfilter *cf, - struct Curl_easy *data, bool *done) +static CURLcode cr_connect(struct Curl_cfilter *cf, struct Curl_easy *data, + bool *done) { - struct ssl_connect_data *const connssl = cf->ctx; - const struct rustls_ssl_backend_data *const backend = + struct ssl_connect_data * const connssl = cf->ctx; + const struct rustls_ssl_backend_data * const backend = (struct rustls_ssl_backend_data *)connssl->backend; const struct rustls_connection *rconn = NULL; CURLcode tmperr = CURLE_OK; @@ -1165,9 +1152,9 @@ cr_connect(struct Curl_cfilter *cf, /* Read/write data until the handshake is done or the socket would block. */ for(;;) { /* - * Connection has been established according to Rustls. Set send/recv - * handlers, and update the state machine. - */ + * Connection has been established according to Rustls. Set send/recv + * handlers, and update the state machine. + */ connssl->io_need = CURL_SSL_IO_NEED_NONE; if(!rustls_connection_is_handshaking(rconn)) { /* Rustls claims it is no longer handshaking *before* it has @@ -1186,8 +1173,7 @@ cr_connect(struct Curl_cfilter *cf, } /* REALLY Done with the handshake. */ { - const uint16_t proto = - rustls_connection_get_protocol_version(rconn); + const uint16_t proto = rustls_connection_get_protocol_version(rconn); const rustls_str ciphersuite_name = rustls_connection_get_negotiated_ciphersuite_name(rconn); const rustls_str kex_group_name = @@ -1297,9 +1283,7 @@ cr_connect(struct Curl_cfilter *cf, DEBUGASSERT(FALSE); } -static void * -cr_get_internals(struct ssl_connect_data *connssl, - CURLINFO info) +static void *cr_get_internals(struct ssl_connect_data *connssl, CURLINFO info) { struct rustls_ssl_backend_data *backend = (struct rustls_ssl_backend_data *)connssl->backend; @@ -1308,10 +1292,8 @@ cr_get_internals(struct ssl_connect_data *connssl, return backend->conn; } -static CURLcode -cr_shutdown(struct Curl_cfilter *cf, - struct Curl_easy *data, - const bool send_shutdown, bool *done) +static CURLcode cr_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data, + const bool send_shutdown, bool *done) { struct ssl_connect_data *connssl = cf->ctx; struct rustls_ssl_backend_data *backend = @@ -1373,8 +1355,7 @@ out: return result; } -static void -cr_close(struct Curl_cfilter *cf, struct Curl_easy *data) +static void cr_close(struct Curl_cfilter *cf, struct Curl_easy *data) { const struct ssl_connect_data *connssl = cf->ctx; struct rustls_ssl_backend_data *backend = @@ -1398,13 +1379,12 @@ static size_t cr_version(char *buffer, size_t size) return curl_msnprintf(buffer, size, "%.*s", (int)ver.len, ver.data); } -static CURLcode -cr_random(struct Curl_easy *data, unsigned char *entropy, size_t length) +static CURLcode cr_random(struct Curl_easy *data, unsigned char *entropy, + size_t length) { rustls_result rresult = 0; (void)data; - rresult = - rustls_default_crypto_provider_random(entropy, length); + rresult = rustls_default_crypto_provider_random(entropy, length); return map_error(rresult); } diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 49a4516cdf..21314d16ec 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -34,7 +34,7 @@ #ifdef USE_SCHANNEL #ifndef USE_WINDOWS_SSPI -# error "cannot compile SCHANNEL support without SSPI." +#error "cannot compile SCHANNEL support without SSPI." #endif #include "schannel.h" @@ -67,7 +67,7 @@ */ #ifdef CURL_SCHANNEL_DEV_DEBUG #define SCH_DEV(x) x -#define SCH_DEV_SHOWBOOL(x) \ +#define SCH_DEV_SHOWBOOL(x) \ infof(data, "schannel: " #x " %s", (x) ? "TRUE" : "FALSE"); #else #define SCH_DEV(x) do { } while(0) @@ -159,10 +159,9 @@ static void InitSecBufferDesc(SecBufferDesc *desc, SecBuffer *BufArr, desc->cBuffers = NumArrElem; } -static CURLcode -schannel_set_ssl_version_min_max(DWORD *enabled_protocols, - struct Curl_cfilter *cf, - struct Curl_easy *data) +static CURLcode schannel_set_ssl_version_min_max(DWORD *enabled_protocols, + struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); long ssl_version = conn_config->version; @@ -222,7 +221,7 @@ struct algo { int id; }; -static const struct algo algs[]= { +static const struct algo algs[] = { CIPHEROPTION(CALG_MD2), CIPHEROPTION(CALG_MD4), CIPHEROPTION(CALG_MD5), @@ -330,8 +329,7 @@ static const struct algo algs[]= { {NULL, 0}, }; -static int -get_alg_id_by_name(const char *name) +static int get_alg_id_by_name(const char *name) { const char *nameEnd = strchr(name, ':'); size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name); @@ -346,9 +344,8 @@ get_alg_id_by_name(const char *name) #define NUM_CIPHERS 47 /* There are 47 options listed above */ -static CURLcode -set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, - ALG_ID *algIds) +static CURLcode set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, + ALG_ID *algIds) { const char *startCur = ciphers; int algCount = 0; @@ -376,9 +373,8 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, } /* Function allocates memory for store_path only if CURLE_OK is returned */ -static CURLcode -get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, - TCHAR **thumbprint) +static CURLcode get_cert_location(TCHAR *path, DWORD *store_name, + TCHAR **store_path, TCHAR **thumbprint) { TCHAR *sep; TCHAR *store_path_start; @@ -400,14 +396,11 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, *store_name = CERT_SYSTEM_STORE_SERVICES; else if(_tcsncmp(path, TEXT("Users"), store_name_len) == 0) *store_name = CERT_SYSTEM_STORE_USERS; - else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"), - store_name_len) == 0) + else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"), store_name_len) == 0) *store_name = CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY; - else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"), - store_name_len) == 0) + else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"), store_name_len) == 0) *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY; - else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"), - store_name_len) == 0) + else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"), store_name_len) == 0) *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE; else return CURLE_SSL_CERTPROBLEM; @@ -431,9 +424,8 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, return CURLE_OK; } -static CURLcode -schannel_acquire_credential_handle(struct Curl_cfilter *cf, - struct Curl_easy *data) +static CURLcode schannel_acquire_credential_handle(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); @@ -461,37 +453,36 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, if(ssl_config->no_revoke) { flags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK | - SCH_CRED_IGNORE_REVOCATION_OFFLINE; + SCH_CRED_IGNORE_REVOCATION_OFFLINE; DEBUGF(infof(data, "schannel: disabled server certificate revocation " - "checks")); + "checks")); } else if(ssl_config->revoke_best_effort) { flags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK | - SCH_CRED_IGNORE_REVOCATION_OFFLINE | SCH_CRED_REVOCATION_CHECK_CHAIN; + SCH_CRED_IGNORE_REVOCATION_OFFLINE | + SCH_CRED_REVOCATION_CHECK_CHAIN; DEBUGF(infof(data, "schannel: ignore revocation offline errors")); } else { flags |= SCH_CRED_REVOCATION_CHECK_CHAIN; - DEBUGF(infof(data, - "schannel: checking server certificate revocation")); + DEBUGF(infof(data, "schannel: checking server certificate revocation")); } } else { flags = SCH_CRED_MANUAL_CRED_VALIDATION | - SCH_CRED_IGNORE_NO_REVOCATION_CHECK | - SCH_CRED_IGNORE_REVOCATION_OFFLINE; - DEBUGF(infof(data, - "schannel: disabled server cert revocation checks")); + SCH_CRED_IGNORE_NO_REVOCATION_CHECK | + SCH_CRED_IGNORE_REVOCATION_OFFLINE; + DEBUGF(infof(data, "schannel: disabled server cert revocation checks")); } if(!conn_config->verifyhost) { flags |= SCH_CRED_NO_SERVERNAME_CHECK; DEBUGF(infof(data, "schannel: verifyhost setting prevents Schannel from " - "comparing the supplied target name with the subject " - "names in server certificates.")); + "comparing the supplied target name with the subject " + "names in server certificates.")); } if(!ssl_config->auto_client_cert) { @@ -508,8 +499,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: - case CURL_SSLVERSION_TLSv1_3: - { + case CURL_SSLVERSION_TLSv1_3: { result = schannel_set_ssl_version_min_max(&enabled_protocols, cf, data); if(result) return result; @@ -550,7 +540,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, result = get_cert_location(cert_path, &cert_store_name, &cert_store_path, &cert_thumbprint_str); - if(result && (data->set.ssl.primary.clientcert[0]!='\0')) + if(result && (data->set.ssl.primary.clientcert[0] != '\0')) fInCert = curlx_fopen(data->set.ssl.primary.clientcert, "rb"); if(result && !fInCert) { @@ -579,7 +569,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, https://learn.microsoft.com/archive/msdn-technet-forums/3e7bc95f-b21a-4bcd-bd2c-7f996718cae5 */ CRYPT_DATA_BLOB datablob; - WCHAR* pszPassword; + WCHAR *pszPassword; size_t pwd_len = 0; int str_w_len = 0; int cert_find_flags; @@ -613,12 +603,12 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, } /* Convert key-pair data to the in-memory certificate store */ - datablob.pbData = (BYTE*)certdata; + datablob.pbData = (BYTE *)certdata; datablob.cbData = (DWORD)certsize; if(data->set.ssl.key_passwd) pwd_len = strlen(data->set.ssl.key_passwd); - pszPassword = (WCHAR*)curlx_malloc(sizeof(WCHAR)*(pwd_len + 1)); + pszPassword = (WCHAR *)curlx_malloc(sizeof(WCHAR) * (pwd_len + 1)); if(pszPassword) { if(pwd_len > 0) str_w_len = MultiByteToWideChar(CP_UTF8, @@ -854,8 +844,8 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, return CURLE_OK; } -static CURLcode -schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode schannel_connect_step1(struct Curl_cfilter *cf, + struct Curl_easy *data) { size_t written = 0; struct ssl_connect_data *connssl = cf->ctx; @@ -874,8 +864,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) CURLcode result; DEBUGASSERT(backend); - DEBUGF(infof(data, - "schannel: SSL/TLS connection with %s port %d (step 1/3)", + DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 1/3)", connssl->peer.hostname, connssl->peer.port)); if(curlx_verify_windows_version(5, 1, 0, PLATFORM_WINNT, @@ -899,7 +888,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } else { failf(data, "schannel: this version of Windows is too old to support " - "certificate verification via CA bundle file."); + "certificate verification via CA bundle file."); return CURLE_SSL_CACERT_BADFILE; } } @@ -952,7 +941,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) int cur = 0; int list_start_index = 0; unsigned int *extension_len = NULL; - unsigned short* list_len = NULL; + unsigned short *list_len = NULL; struct alpn_proto_buf proto; /* The first four bytes will be an unsigned int indicating number @@ -968,7 +957,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* The next two bytes will be an unsigned short indicating the number of bytes used to list the preferred protocols. */ - list_len = (unsigned short*)(void *)(&alpn_buffer[cur]); + list_len = (unsigned short *)(void *)(&alpn_buffer[cur]); cur += (int)sizeof(unsigned short); list_start_index = cur; @@ -1006,8 +995,8 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* security request flags */ backend->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | - ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | - ISC_REQ_STREAM; + ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | + ISC_REQ_STREAM; if(!ssl_config->auto_client_cert) { backend->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; @@ -1131,8 +1120,8 @@ static CURLcode schannel_error(struct Curl_easy *data, } } -static CURLcode -schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode schannel_connect_step2(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct schannel_ssl_backend_data *backend = @@ -1155,8 +1144,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) doread = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? FALSE : TRUE; connssl->io_need = CURL_SSL_IO_NEED_NONE; - DEBUGF(infof(data, - "schannel: SSL/TLS connection with %s port %d (step 2/3)", + DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 2/3)", connssl->peer.hostname, connssl->peer.port)); if(!backend->cred || !backend->ctxt) @@ -1361,7 +1349,8 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) if(backend->encdata_offset > inbuf[1].cbBuffer) { memmove(backend->encdata_buffer, (backend->encdata_buffer + backend->encdata_offset) - - inbuf[1].cbBuffer, inbuf[1].cbBuffer); + inbuf[1].cbBuffer, + inbuf[1].cbBuffer); backend->encdata_offset = inbuf[1].cbBuffer; if(sspi_status == SEC_I_CONTINUE_NEEDED) { doread = FALSE; @@ -1415,8 +1404,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; } -static bool -valid_cert_encoding(const CERT_CONTEXT *cert_context) +static bool valid_cert_encoding(const CERT_CONTEXT *cert_context) { return (cert_context != NULL) && ((cert_context->dwCertEncodingType & X509_ASN_ENCODING) != 0) && @@ -1424,12 +1412,11 @@ valid_cert_encoding(const CERT_CONTEXT *cert_context) (cert_context->cbCertEncoded > 0); } -typedef bool(*Read_crt_func)(const CERT_CONTEXT *ccert_context, - bool reverse_order, void *arg); +typedef bool (*Read_crt_func)(const CERT_CONTEXT *ccert_context, + bool reverse_order, void *arg); -static void -traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func, - void *arg) +static void traverse_cert_store(const CERT_CONTEXT *context, + Read_crt_func func, void *arg) { const CERT_CONTEXT *current_context = NULL; bool should_continue = TRUE; @@ -1454,9 +1441,8 @@ traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func, CertFreeCertificateContext(current_context); } -static bool -cert_counter_callback(const CERT_CONTEXT *ccert_context, bool reverse_order, - void *certs_count) +static bool cert_counter_callback(const CERT_CONTEXT *ccert_context, + bool reverse_order, void *certs_count) { (void)reverse_order; if(valid_cert_encoding(ccert_context)) @@ -1466,22 +1452,20 @@ cert_counter_callback(const CERT_CONTEXT *ccert_context, bool reverse_order, return TRUE; } -struct Adder_args -{ +struct Adder_args { struct Curl_easy *data; CURLcode result; int idx; int certs_count; }; -static bool -add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, bool reverse_order, - void *raw_arg) +static bool add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, + bool reverse_order, void *raw_arg) { - struct Adder_args *args = (struct Adder_args*)raw_arg; + struct Adder_args *args = (struct Adder_args *)raw_arg; args->result = CURLE_OK; if(valid_cert_encoding(ccert_context)) { - const char *beg = (const char *) ccert_context->pbCertEncoded; + const char *beg = (const char *)ccert_context->pbCertEncoded; const char *end = beg + ccert_context->cbCertEncoded; int insert_index = reverse_order ? (args->certs_count - 1) - args->idx : args->idx; @@ -1511,8 +1495,8 @@ static void schannel_session_free(void *sessionid) } } -static CURLcode -schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode schannel_connect_step3(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct schannel_ssl_backend_data *backend = @@ -1527,8 +1511,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); DEBUGASSERT(backend); - DEBUGF(infof(data, - "schannel: SSL/TLS connection with %s port %d (step 3/3)", + DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 3/3)", connssl->peer.hostname, connssl->peer.port)); if(!backend->cred) @@ -1886,9 +1869,8 @@ schannel_recv_renegotiate(struct Curl_cfilter *cf, struct Curl_easy *data, return result; } -static CURLcode -schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, size_t *pnwritten) +static CURLcode schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, + const void *buf, size_t len, size_t *pnwritten) { size_t data_len = 0; unsigned char *ptr = NULL; @@ -2018,7 +2000,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) { result = CURLE_OUT_OF_MEMORY; } - else{ + else { result = CURLE_SEND_ERROR; } @@ -2032,9 +2014,8 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, return result; } -static CURLcode -schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, - char *buf, size_t len, size_t *pnread) +static CURLcode schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + char *buf, size_t len, size_t *pnread) { size_t size = 0; size_t nread = 0; @@ -2170,7 +2151,7 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, /* https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-decryptmessage */ sspi_status = Curl_pSecFn->DecryptMessage(&backend->ctxt->ctxt_handle, - &inbuf_desc, 0, NULL); + &inbuf_desc, 0, NULL); /* check if everything went fine (server may want to renegotiate or shutdown the connection context) */ @@ -2231,7 +2212,8 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, buffer */ memmove(backend->encdata_buffer, (backend->encdata_buffer + backend->encdata_offset) - - inbuf[3].cbBuffer, inbuf[3].cbBuffer); + inbuf[3].cbBuffer, + inbuf[3].cbBuffer); backend->encdata_offset = inbuf[3].cbBuffer; } @@ -2761,7 +2743,7 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, share = Curl_hash_pick(&multi->proto_hash, CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY), - sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1); + sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1); if(!share || !share->cert_store) { return NULL; } @@ -2809,7 +2791,7 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, static void schannel_cert_share_free(void *key, size_t key_len, void *p) { struct schannel_cert_share *share = p; - DEBUGASSERT(key_len == (sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1)); + DEBUGASSERT(key_len == (sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1)); DEBUGASSERT(!memcmp(MPROTO_SCHANNEL_CERT_SHARE_KEY, key, key_len)); (void)key; (void)key_len; @@ -2839,7 +2821,7 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, share = Curl_hash_pick(&multi->proto_hash, CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY), - sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1); + sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1); if(!share) { share = curlx_calloc(1, sizeof(*share)); if(!share) { @@ -2847,7 +2829,7 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, } if(!Curl_hash_add2(&multi->proto_hash, CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY), - sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1, + sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1, share, schannel_cert_share_free)) { curlx_free(share); return FALSE; diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h index 9d0bea221a..47017c5f56 100644 --- a/lib/vtls/schannel.h +++ b/lib/vtls/schannel.h @@ -69,15 +69,14 @@ * (and only here). */ #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -# undef X509_NAME -# undef X509_CERT_PAIR -# undef X509_EXTENSIONS +#undef X509_NAME +#undef X509_CERT_PAIR +#undef X509_EXTENSIONS #endif extern const struct Curl_ssl Curl_ssl_schannel; -CURLcode Curl_verify_host(struct Curl_cfilter *cf, - struct Curl_easy *data); +CURLcode Curl_verify_host(struct Curl_cfilter *cf, struct Curl_easy *data); CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, struct Curl_easy *data); diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c index 4ff7b5d536..e1a3731457 100644 --- a/lib/vtls/schannel_verify.c +++ b/lib/vtls/schannel_verify.c @@ -33,7 +33,7 @@ #ifdef USE_SCHANNEL #ifndef USE_WINDOWS_SSPI -# error "cannot compile SCHANNEL support without SSPI." +#error "cannot compile SCHANNEL support without SSPI." #endif #include "schannel.h" @@ -157,8 +157,8 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store, const CERT_CONTEXT *cert_context = NULL; BOOL add_cert_result = FALSE; DWORD actual_content_type = 0; - DWORD cert_size = (DWORD) - ((end_cert_ptr + end_cert_len) - begin_cert_ptr); + DWORD cert_size = + (DWORD)((end_cert_ptr + end_cert_len) - begin_cert_ptr); cert_blob.pbData = (BYTE *)CURL_UNCONST(begin_cert_ptr); cert_blob.cbData = cert_size; @@ -238,13 +238,11 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store, if(result == CURLE_OK) { if(!num_certs) { - infof(data, - "schannel: did not add any certificates from CA file '%s'", + infof(data, "schannel: did not add any certificates from CA file '%s'", ca_file_text); } else { - infof(data, - "schannel: added %d certificate(s) from CA file '%s'", + infof(data, "schannel: added %d certificate(s) from CA file '%s'", num_certs, ca_file_text); } } @@ -266,9 +264,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, ca_file_tstr = curlx_convert_UTF8_to_tchar(ca_file); if(!ca_file_tstr) { char buffer[WINAPI_ERROR_LEN]; - failf(data, - "schannel: invalid path name for CA file '%s': %s", - ca_file, + failf(data, "schannel: invalid path name for CA file '%s': %s", ca_file, curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer))); result = CURLE_SSL_CACERT_BADFILE; goto cleanup; @@ -288,9 +284,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, NULL); if(ca_file_handle == INVALID_HANDLE_VALUE) { char buffer[WINAPI_ERROR_LEN]; - failf(data, - "schannel: failed to open CA file '%s': %s", - ca_file, + failf(data, "schannel: failed to open CA file '%s': %s", ca_file, curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer))); result = CURLE_SSL_CACERT_BADFILE; goto cleanup; @@ -298,8 +292,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, if(!GetFileSizeEx(ca_file_handle, &file_size)) { char buffer[WINAPI_ERROR_LEN]; - failf(data, - "schannel: failed to determine size of CA file '%s': %s", + failf(data, "schannel: failed to determine size of CA file '%s': %s", ca_file, curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer))); result = CURLE_SSL_CACERT_BADFILE; @@ -307,8 +300,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, } if(file_size.QuadPart > MAX_CAFILE_SIZE) { - failf(data, - "schannel: CA file exceeds max size of %u bytes", + failf(data, "schannel: CA file exceeds max size of %u bytes", MAX_CAFILE_SIZE); result = CURLE_SSL_CACERT_BADFILE; goto cleanup; @@ -328,9 +320,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, if(!ReadFile(ca_file_handle, ca_file_buffer + total_bytes_read, bytes_to_read, &bytes_read, NULL)) { char buffer[WINAPI_ERROR_LEN]; - failf(data, - "schannel: failed to read from CA file '%s': %s", - ca_file, + failf(data, "schannel: failed to read from CA file '%s': %s", ca_file, curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer))); result = CURLE_SSL_CACERT_BADFILE; goto cleanup; @@ -455,12 +445,11 @@ static DWORD cert_get_name_string(struct Curl_easy *data, } /* -* Returns TRUE if the hostname is a numeric IPv4/IPv6 Address, -* and populates the buffer with IPv4/IPv6 info. -*/ + * Returns TRUE if the hostname is a numeric IPv4/IPv6 Address, + * and populates the buffer with IPv4/IPv6 info. + */ -static bool get_num_host_info(struct num_ip_data *ip_blob, - LPCSTR hostname) +static bool get_num_host_info(struct num_ip_data *ip_blob, LPCSTR hostname) { struct in_addr ia; struct in6_addr ia6; @@ -520,9 +509,8 @@ static bool get_alt_name_info(struct Curl_easy *data, &decode_para, alt_name_info, alt_name_info_size)) { - failf(data, - "schannel: CryptDecodeObjectEx() returned no alternate name " - "information."); + failf(data, "schannel: CryptDecodeObjectEx() returned no alternate name " + "information."); return result; } result = TRUE; @@ -530,8 +518,7 @@ static bool get_alt_name_info(struct Curl_easy *data, } /* Verify the server's hostname */ -CURLcode Curl_verify_host(struct Curl_cfilter *cf, - struct Curl_easy *data) +CURLcode Curl_verify_host(struct Curl_cfilter *cf, struct Curl_easy *data) { CURLcode result = CURLE_PEER_FAILED_VERIFICATION; struct ssl_connect_data *connssl = cf->ctx; @@ -545,7 +532,7 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, DWORD actual_len = 0; PCERT_ALT_NAME_INFO alt_name_info = NULL; DWORD alt_name_info_size = 0; - struct num_ip_data ip_blob = { 0 }; + struct num_ip_data ip_blob = {0}; bool Win8_compat; struct num_ip_data *p = &ip_blob; DWORD i; @@ -840,7 +827,7 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, * list URL, or when the list could not be downloaded because the * server is currently unreachable. */ dwTrustErrorMask &= ~(DWORD)(CERT_TRUST_REVOCATION_STATUS_UNKNOWN | - CERT_TRUST_IS_OFFLINE_REVOCATION); + CERT_TRUST_IS_OFFLINE_REVOCATION); } if(dwTrustErrorMask) { diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 6eb60e41cf..e342953778 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -93,14 +93,13 @@ dest->var = NULL; \ } while(0) -#define CLONE_BLOB(var) \ - do { \ - if(blobdup(&dest->var, source->var)) \ - return FALSE; \ +#define CLONE_BLOB(var) \ + do { \ + if(blobdup(&dest->var, source->var)) \ + return FALSE; \ } while(0) -static CURLcode blobdup(struct curl_blob **dest, - struct curl_blob *src) +static CURLcode blobdup(struct curl_blob **dest, struct curl_blob *src) { DEBUGASSERT(dest); DEBUGASSERT(!*dest); @@ -149,8 +148,8 @@ static const struct alpn_spec ALPN_SPEC_H2_H11 = { #endif #if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_PROXY) -static const struct alpn_spec * -alpn_get_spec(http_majors allowed, bool use_alpn) +static const struct alpn_spec *alpn_get_spec(http_majors allowed, + bool use_alpn) { if(!use_alpn) return NULL; @@ -170,7 +169,6 @@ alpn_get_spec(http_majors allowed, bool use_alpn) #endif /* !CURL_DISABLE_HTTP || !CURL_DISABLE_PROXY */ #endif /* USE_SSL */ - void Curl_ssl_easy_config_init(struct Curl_easy *data) { /* @@ -185,10 +183,9 @@ void Curl_ssl_easy_config_init(struct Curl_easy *data) #endif } -static bool -match_ssl_primary_config(struct Curl_easy *data, - struct ssl_primary_config *c1, - struct ssl_primary_config *c2) +static bool match_ssl_primary_config(struct Curl_easy *data, + struct ssl_primary_config *c1, + struct ssl_primary_config *c2) { (void)data; if((c1->version == c2->version) && @@ -324,8 +321,7 @@ CURLcode Curl_ssl_easy_config_complete(struct Curl_easy *data) sslc->primary.cipher_list13 = data->set.str[STRING_SSL_CIPHER13_LIST]; sslc->primary.signature_algorithms = data->set.str[STRING_SSL_SIGNATURE_ALGORITHMS]; - sslc->primary.pinned_key = - data->set.str[STRING_SSL_PINNEDPUBLICKEY]; + sslc->primary.pinned_key = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; sslc->primary.cert_blob = data->set.blobs[BLOB_CERT]; sslc->primary.ca_info_blob = data->set.blobs[BLOB_CAINFO]; sslc->primary.curves = data->set.str[STRING_SSL_EC_CURVES]; @@ -538,9 +534,9 @@ void Curl_ssl_close_all(struct Curl_easy *data) Curl_ssl->close_all(data); } -CURLcode Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, - struct Curl_easy *data, - struct easy_pollset *ps) +CURLcode Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { struct ssl_connect_data *connssl = cf->ctx; @@ -628,7 +624,7 @@ CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num) Curl_ssl_free_certinfo(data); /* Allocate the required certificate information structures */ - table = curlx_calloc((size_t) num, sizeof(struct curl_slist *)); + table = curlx_calloc((size_t)num, sizeof(struct curl_slist *)); if(!table) return CURLE_OUT_OF_MEMORY; @@ -661,8 +657,7 @@ CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, curlx_dyn_addn(&build, value, valuelen)) return CURLE_OUT_OF_MEMORY; - nl = Curl_slist_append_nodup(ci->certinfo[certnum], - curlx_dyn_ptr(&build)); + nl = Curl_slist_append_nodup(ci->certinfo[certnum], curlx_dyn_ptr(&build)); if(!nl) { curlx_dyn_free(&build); curl_slist_free_all(ci->certinfo[certnum]); @@ -798,8 +793,8 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, pinned_hash = pinnedpubkey; while(pinned_hash && - !strncmp(pinned_hash, "sha256//", (sizeof("sha256//")-1))) { - pinned_hash = pinned_hash + (sizeof("sha256//")-1); + !strncmp(pinned_hash, "sha256//", (sizeof("sha256//") - 1))) { + pinned_hash = pinned_hash + (sizeof("sha256//") - 1); end_pos = strchr(pinned_hash, ';'); pinned_hash_len = end_pos ? (size_t)(end_pos - pinned_hash) : strlen(pinned_hash); @@ -845,7 +840,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, * if the size of our certificate is bigger than the file * size then it cannot match */ - size = curlx_sotouz((curl_off_t) filesize); + size = curlx_sotouz((curl_off_t)filesize); if(pubkeylen > size) goto end; @@ -1277,7 +1272,7 @@ CURLcode Curl_ssl_peer_init(struct ssl_peer *peer, /* not an IP address, normalize according to RCC 6066 ch. 3, * max len of SNI is 2^16-1, no trailing dot */ size_t len = strlen(peer->hostname); - if(len && (peer->hostname[len-1] == '.')) + if(len && (peer->hostname[len - 1] == '.')) len--; if(len < USHRT_MAX) { peer->sni = curlx_calloc(1, len + 1); @@ -1563,7 +1558,7 @@ static CURLcode ssl_cf_shutdown(struct Curl_cfilter *cf, *done = TRUE; /* If we have done the SSL handshake, shut down the connection cleanly */ if(cf->connected && (connssl->state == ssl_connection_complete) && - !cf->shutdown && Curl_ssl->shut_down) { + !cf->shutdown && Curl_ssl->shut_down) { struct cf_call_data save; CF_DATA_SAVE(save, cf, data); @@ -1781,7 +1776,7 @@ static CURLcode cf_ssl_proxy_create(struct Curl_cfilter **pcf, #ifdef USE_HTTP2 if(conn->http_proxy.proxytype == CURLPROXY_HTTPS2) { use_alpn = TRUE; - allowed = (CURL_HTTP_V1x|CURL_HTTP_V2x); + allowed = (CURL_HTTP_V1x | CURL_HTTP_V2x); } #endif @@ -1847,7 +1842,7 @@ static CURLcode vtls_shutdown_blocking(struct Curl_cfilter *cf, } result = connssl->ssl_impl->shut_down(cf, data, send_shutdown, done); - if(result ||*done) + if(result || *done) goto out; if(connssl->io_need) { @@ -2042,7 +2037,7 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, if(proto && proto_len) { if(memchr(proto, '\0', proto_len)) { failf(data, "ALPN: server selected protocol contains NUL. " - "Refusing to continue."); + "Refusing to continue."); result = CURLE_SSL_CONNECT_ERROR; goto out; } diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index dbe13c5903..b5b517f0b6 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -253,16 +253,16 @@ extern struct Curl_cftype Curl_cft_ssl_proxy; #define Curl_ssl_init() 1 #define Curl_ssl_cleanup() Curl_nop_stmt #define Curl_ssl_close_all(x) Curl_nop_stmt -#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN +#define Curl_ssl_set_engine(x, y) CURLE_NOT_BUILT_IN #define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN #define Curl_ssl_engines_list(x) NULL #define Curl_ssl_free_certinfo(x) Curl_nop_stmt -#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN) +#define Curl_ssl_random(x, y, z) ((void)x, CURLE_NOT_BUILT_IN) #define Curl_ssl_cert_status_request() FALSE -#define Curl_ssl_supports(a,b) FALSE -#define Curl_ssl_cfilter_add(a,b,c) CURLE_NOT_BUILT_IN -#define Curl_ssl_cfilter_remove(a,b,c) CURLE_OK -#define Curl_ssl_cf_get_config(a,b) NULL +#define Curl_ssl_supports(a, b) FALSE +#define Curl_ssl_cfilter_add(a, b, c) CURLE_NOT_BUILT_IN +#define Curl_ssl_cfilter_remove(a, b, c) CURLE_OK +#define Curl_ssl_cf_get_config(a, b) NULL #define Curl_ssl_cf_get_primary_config(a) NULL #endif diff --git a/lib/vtls/vtls_int.h b/lib/vtls/vtls_int.h index 8bf6c6c64b..0a184f88c1 100644 --- a/lib/vtls/vtls_int.h +++ b/lib/vtls/vtls_int.h @@ -71,8 +71,7 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, const unsigned char *proto, size_t proto_len); -bool Curl_alpn_contains_proto(const struct alpn_spec *spec, - const char *proto); +bool Curl_alpn_contains_proto(const struct alpn_spec *spec, const char *proto); /* enum for the nonblocking SSL connection state machine */ typedef enum { @@ -99,11 +98,11 @@ typedef enum { } ssl_earlydata_state; #define CURL_SSL_IO_NEED_NONE (0) -#define CURL_SSL_IO_NEED_RECV (1<<0) -#define CURL_SSL_IO_NEED_SEND (1<<1) +#define CURL_SSL_IO_NEED_RECV (1 << 0) +#define CURL_SSL_IO_NEED_SEND (1 << 1) /* Max earlydata payload we want to send */ -#define CURL_SSL_EARLY_MAX (64*1024) +#define CURL_SSL_EARLY_MAX (64 * 1024) /* Information in each SSL cfilter context: cf->ctx */ struct ssl_connect_data { @@ -130,11 +129,8 @@ struct ssl_connect_data { BIT(input_pending); /* data for SSL_read() may be available */ }; - #undef CF_CTX_CALL_DATA -#define CF_CTX_CALL_DATA(cf) \ - ((struct ssl_connect_data *)(cf)->ctx)->call_data - +#define CF_CTX_CALL_DATA(cf) ((struct ssl_connect_data *)(cf)->ctx)->call_data /* Definitions for SSL Implementations */ @@ -157,8 +153,7 @@ struct Curl_ssl { /* data_pending() shall return TRUE when it wants to get called again to drain internal buffers and deliver data instead of waiting for the socket to get readable */ - bool (*data_pending)(struct Curl_cfilter *cf, - const struct Curl_easy *data); + bool (*data_pending)(struct Curl_cfilter *cf, const struct Curl_easy *data); /* return 0 if a find random is filled in */ CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy, @@ -181,7 +176,7 @@ struct Curl_ssl { struct curl_slist *(*engines_list)(struct Curl_easy *data); CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen, - unsigned char *sha256sum, size_t sha256sumlen); + unsigned char *sha256sum, size_t sha256sumlen); CURLcode (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, size_t *pnread); CURLcode (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -189,7 +184,6 @@ struct Curl_ssl { CURLcode (*get_channel_binding)(struct Curl_easy *data, int sockindex, struct dynbuf *binding); - }; extern const struct Curl_ssl *Curl_ssl; diff --git a/lib/vtls/vtls_scache.c b/lib/vtls/vtls_scache.c index 21dfe2eaa0..b968d8b8f3 100644 --- a/lib/vtls/vtls_scache.c +++ b/lib/vtls/vtls_scache.c @@ -106,23 +106,21 @@ static void cf_ssl_scache_session_ldestroy(void *udata, void *obj) curlx_free(s); } -CURLcode -Curl_ssl_session_create(void *sdata, size_t sdata_len, - int ietf_tls_id, const char *alpn, - curl_off_t valid_until, size_t earlydata_max, - struct Curl_ssl_session **psession) +CURLcode Curl_ssl_session_create(void *sdata, size_t sdata_len, + int ietf_tls_id, const char *alpn, + curl_off_t valid_until, size_t earlydata_max, + struct Curl_ssl_session **psession) { return Curl_ssl_session_create2(sdata, sdata_len, ietf_tls_id, alpn, valid_until, earlydata_max, NULL, 0, psession); } -CURLcode -Curl_ssl_session_create2(void *sdata, size_t sdata_len, - int ietf_tls_id, const char *alpn, - curl_off_t valid_until, size_t earlydata_max, - unsigned char *quic_tp, size_t quic_tp_len, - struct Curl_ssl_session **psession) +CURLcode Curl_ssl_session_create2(void *sdata, size_t sdata_len, + int ietf_tls_id, const char *alpn, + curl_off_t valid_until, size_t earlydata_max, + unsigned char *quic_tp, size_t quic_tp_len, + struct Curl_ssl_session **psession) { struct Curl_ssl_session *s; @@ -322,7 +320,7 @@ CURLcode Curl_ssl_scache_create(size_t max_peers, } scache->magic = CURL_SCACHE_MAGIC; - scache->default_lifetime_secs = (24*60*60); /* 1 day */ + scache->default_lifetime_secs = (24 * 60 * 60); /* 1 day */ scache->peer_count = max_peers; scache->peers = peers; scache->age = 1; @@ -507,7 +505,7 @@ CURLcode Curl_ssl_peer_key_make(struct Curl_cfilter *cf, if(ssl->version || ssl->version_max) { r = curlx_dyn_addf(&buf, ":TLSVER-%d-%d", ssl->version, - (ssl->version_max >> 16)); + (ssl->version_max >> 16)); if(r) goto out; } @@ -616,19 +614,18 @@ static bool cf_ssl_scache_match_auth(struct Curl_ssl_scache_peer *peer, else if(!Curl_safecmp(peer->clientcert, conn_config->clientcert)) return FALSE; #ifdef USE_TLS_SRP - if(Curl_timestrcmp(peer->srp_username, conn_config->username) || - Curl_timestrcmp(peer->srp_password, conn_config->password)) - return FALSE; + if(Curl_timestrcmp(peer->srp_username, conn_config->username) || + Curl_timestrcmp(peer->srp_password, conn_config->password)) + return FALSE; #endif return TRUE; } -static CURLcode -cf_ssl_find_peer_by_key(struct Curl_easy *data, - struct Curl_ssl_scache *scache, - const char *ssl_peer_key, - struct ssl_primary_config *conn_config, - struct Curl_ssl_scache_peer **ppeer) +static CURLcode cf_ssl_find_peer_by_key(struct Curl_easy *data, + struct Curl_ssl_scache *scache, + const char *ssl_peer_key, + struct ssl_primary_config *conn_config, + struct Curl_ssl_scache_peer **ppeer) { size_t i, peer_key_len = 0; CURLcode result = CURLE_OK; @@ -718,12 +715,11 @@ cf_ssl_get_free_peer(struct Curl_ssl_scache *scache) return peer; } -static CURLcode -cf_ssl_add_peer(struct Curl_easy *data, - struct Curl_ssl_scache *scache, - const char *ssl_peer_key, - struct ssl_primary_config *conn_config, - struct Curl_ssl_scache_peer **ppeer) +static CURLcode cf_ssl_add_peer(struct Curl_easy *data, + struct Curl_ssl_scache *scache, + const char *ssl_peer_key, + struct ssl_primary_config *conn_config, + struct Curl_ssl_scache_peer **ppeer) { struct Curl_ssl_scache_peer *peer = NULL; CURLcode result = CURLE_OK; @@ -1000,7 +996,7 @@ void Curl_ssl_scache_remove_all(struct Curl_cfilter *cf, #ifdef USE_SSLS_EXPORT -#define CURL_SSL_TICKET_MAX (16*1024) +#define CURL_SSL_TICKET_MAX (16 * 1024) static CURLcode cf_ssl_scache_peer_set_hmac(struct Curl_ssl_scache_peer *peer) { diff --git a/lib/vtls/vtls_scache.h b/lib/vtls/vtls_scache.h index 445f210549..67049462a8 100644 --- a/lib/vtls/vtls_scache.h +++ b/lib/vtls/vtls_scache.h @@ -37,8 +37,8 @@ struct ssl_peer; /* RFC 8446 (TLSv1.3) restrict lifetime to one week max, for * other, less secure versions, we restrict it to a day */ -#define CURL_SCACHE_MAX_13_LIFETIME_SEC (60*60*24*7) -#define CURL_SCACHE_MAX_12_LIFETIME_SEC (60*60*24) +#define CURL_SCACHE_MAX_13_LIFETIME_SEC (60 * 60 * 24 * 7) +#define CURL_SCACHE_MAX_12_LIFETIME_SEC (60 * 60 * 24) /* Create a session cache for up to max_peers endpoints with a total * of up to max_sessions SSL sessions per peer */ @@ -142,22 +142,18 @@ struct Curl_ssl_session { * in case this is not known. * @param psession on return the scached session instance created */ -CURLcode -Curl_ssl_session_create(void *sdata, size_t sdata_len, - int ietf_tls_id, const char *alpn, - curl_off_t valid_until, - size_t earlydata_max, - struct Curl_ssl_session **psession); +CURLcode Curl_ssl_session_create(void *sdata, size_t sdata_len, + int ietf_tls_id, const char *alpn, + curl_off_t valid_until, size_t earlydata_max, + struct Curl_ssl_session **psession); /* Variation of session creation with quic transport parameter bytes, * Takes ownership of `quic_tp` regardless of return code. */ -CURLcode -Curl_ssl_session_create2(void *sdata, size_t sdata_len, - int ietf_tls_id, const char *alpn, - curl_off_t valid_until, - size_t earlydata_max, - unsigned char *quic_tp, size_t quic_tp_len, - struct Curl_ssl_session **psession); +CURLcode Curl_ssl_session_create2(void *sdata, size_t sdata_len, + int ietf_tls_id, const char *alpn, + curl_off_t valid_until, size_t earlydata_max, + unsigned char *quic_tp, size_t quic_tp_len, + struct Curl_ssl_session **psession); /* Destroy a `session` instance. Can be called with NULL. * Does NOT need locking. */ diff --git a/lib/vtls/vtls_spack.c b/lib/vtls/vtls_spack.c index 070bb485a3..ac289f1b2f 100644 --- a/lib/vtls/vtls_spack.c +++ b/lib/vtls/vtls_spack.c @@ -52,8 +52,8 @@ static CURLcode spack_enc8(struct dynbuf *buf, uint8_t b) return curlx_dyn_addn(buf, &b, 1); } -static CURLcode -spack_dec8(uint8_t *val, const uint8_t **src, const uint8_t *end) +static CURLcode spack_dec8(uint8_t *val, const uint8_t **src, + const uint8_t *end) { if(end - *src < 1) return CURLE_READ_ERROR; @@ -70,8 +70,8 @@ static CURLcode spack_enc16(struct dynbuf *buf, uint16_t val) return curlx_dyn_addn(buf, nval, sizeof(nval)); } -static CURLcode -spack_dec16(uint16_t *val, const uint8_t **src, const uint8_t *end) +static CURLcode spack_dec16(uint16_t *val, const uint8_t **src, + const uint8_t *end) { if(end - *src < 2) return CURLE_READ_ERROR; @@ -90,8 +90,8 @@ static CURLcode spack_enc32(struct dynbuf *buf, uint32_t val) return curlx_dyn_addn(buf, nval, sizeof(nval)); } -static CURLcode -spack_dec32(uint32_t *val, const uint8_t **src, const uint8_t *end) +static CURLcode spack_dec32(uint32_t *val, const uint8_t **src, + const uint8_t *end) { if(end - *src < 4) return CURLE_READ_ERROR; @@ -107,7 +107,7 @@ static CURLcode spack_enc64(struct dynbuf *buf, uint64_t val) nval[0] = (uint8_t)(val >> 56); nval[1] = (uint8_t)(val >> 48); nval[2] = (uint8_t)(val >> 40); - nval[3] = (uint8_t)(val >> 32); \ + nval[3] = (uint8_t)(val >> 32); nval[4] = (uint8_t)(val >> 24); nval[5] = (uint8_t)(val >> 16); nval[6] = (uint8_t)(val >> 8); @@ -115,8 +115,8 @@ static CURLcode spack_enc64(struct dynbuf *buf, uint64_t val) return curlx_dyn_addn(buf, nval, sizeof(nval)); } -static CURLcode -spack_dec64(uint64_t *val, const uint8_t **src, const uint8_t *end) +static CURLcode spack_dec64(uint64_t *val, const uint8_t **src, + const uint8_t *end) { if(end - *src < 8) return CURLE_READ_ERROR; @@ -141,8 +141,8 @@ static CURLcode spack_encstr16(struct dynbuf *buf, const char *s) return r; } -static CURLcode -spack_decstr16(char **val, const uint8_t **src, const uint8_t *end) +static CURLcode spack_decstr16(char **val, const uint8_t **src, + const uint8_t *end) { uint16_t slen; CURLcode r; @@ -158,8 +158,8 @@ spack_decstr16(char **val, const uint8_t **src, const uint8_t *end) return *val ? CURLE_OK : CURLE_OUT_OF_MEMORY; } -static CURLcode spack_encdata16(struct dynbuf *buf, - const uint8_t *data, size_t data_len) +static CURLcode spack_encdata16(struct dynbuf *buf, const uint8_t *data, + size_t data_len) { CURLcode r; if(data_len > UINT16_MAX) @@ -171,9 +171,8 @@ static CURLcode spack_encdata16(struct dynbuf *buf, return r; } -static CURLcode -spack_decdata16(uint8_t **val, size_t *val_len, - const uint8_t **src, const uint8_t *end) +static CURLcode spack_decdata16(uint8_t **val, size_t *val_len, + const uint8_t **src, const uint8_t *end) { uint16_t data_len; CURLcode r; diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index eae17078fd..62bf723efd 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -127,9 +127,9 @@ static CURLcode wssl_connect(struct Curl_cfilter *cf, * (--enable-opensslextra or --enable-all). */ #if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13) -static int -wssl_tls13_secret_callback(SSL *ssl, int id, const unsigned char *secret, - int secretSz, void *ctx) +static int wssl_tls13_secret_callback(SSL *ssl, int id, + const unsigned char *secret, + int secretSz, void *ctx) { const char *label; unsigned char client_random[SSL3_RANDOM_SIZE]; @@ -309,8 +309,7 @@ static long wssl_bio_cf_ctrl(WOLFSSL_BIO *bio, int cmd, long num, void *ptr) return ret; } -static int wssl_bio_cf_out_write(WOLFSSL_BIO *bio, - const char *buf, int blen) +static int wssl_bio_cf_out_write(WOLFSSL_BIO *bio, const char *buf, int blen) { struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio); struct ssl_connect_data *connssl = cf->ctx; @@ -487,7 +486,7 @@ static int wssl_vtls_new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session) { struct Curl_cfilter *cf; - cf = (struct Curl_cfilter*)wolfSSL_get_app_data(ssl); + cf = (struct Curl_cfilter *)wolfSSL_get_app_data(ssl); DEBUGASSERT(cf != NULL); if(cf && session) { struct ssl_connect_data *connssl = cf->ctx; @@ -535,8 +534,8 @@ static CURLcode wssl_on_session_reuse(struct Curl_cfilter *cf, connssl->earlydata_state = ssl_earlydata_await; connssl->state = ssl_connection_deferred; result = Curl_alpn_set_negotiated(cf, data, connssl, - (const unsigned char *)scs->alpn, - scs->alpn ? strlen(scs->alpn) : 0); + (const unsigned char *)scs->alpn, + scs->alpn ? strlen(scs->alpn) : 0); *do_early_data = !result; } return result; @@ -640,7 +639,7 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf, } #else infof(data, "ignoring native CA option because wolfSSL was built without " - "native CA support"); + "native CA support"); #endif } #endif /* !NO_FILESYSTEM */ @@ -688,7 +687,7 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf, /* Just continue with a warning if no strict certificate verification is required. */ infof(data, "error setting certificate verify locations," - " continuing anyway:"); + " continuing anyway:"); } } else { @@ -707,15 +706,15 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf, #define MPROTO_WSSL_X509_KEY "tls:wssl:x509:share" struct wssl_x509_share { - char *CAfile; /* CAfile path used to generate X509 store */ + char *CAfile; /* CAfile path used to generate X509 store */ WOLFSSL_X509_STORE *store; /* cached X509 store or NULL if none */ - struct curltime time; /* when the cached store was created */ + struct curltime time; /* when the cached store was created */ }; static void wssl_x509_share_free(void *key, size_t key_len, void *p) { struct wssl_x509_share *share = p; - DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY)-1)); + DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY) - 1)); DEBUGASSERT(!memcmp(MPROTO_WSSL_X509_KEY, key, key_len)); (void)key; (void)key_len; @@ -726,9 +725,8 @@ static void wssl_x509_share_free(void *key, size_t key_len, void *p) curlx_free(share); } -static bool -wssl_cached_x509_store_expired(const struct Curl_easy *data, - const struct wssl_x509_share *mb) +static bool wssl_cached_x509_store_expired(const struct Curl_easy *data, + const struct wssl_x509_share *mb) { const struct ssl_general_config *cfg = &data->set.general_ssl; struct curltime now = curlx_now(); @@ -741,9 +739,8 @@ wssl_cached_x509_store_expired(const struct Curl_easy *data, return elapsed_ms >= timeout_ms; } -static bool -wssl_cached_x509_store_different(struct Curl_cfilter *cf, - const struct wssl_x509_share *mb) +static bool wssl_cached_x509_store_different(struct Curl_cfilter *cf, + const struct wssl_x509_share *mb) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); if(!mb->CAfile || !conn_config->CAfile) @@ -762,7 +759,7 @@ static WOLFSSL_X509_STORE *wssl_get_cached_x509_store(struct Curl_cfilter *cf, DEBUGASSERT(multi); share = multi ? Curl_hash_pick(&multi->proto_hash, CURL_UNCONST(MPROTO_WSSL_X509_KEY), - sizeof(MPROTO_WSSL_X509_KEY)-1) : NULL; + sizeof(MPROTO_WSSL_X509_KEY) - 1) : NULL; if(share && share->store && !wssl_cached_x509_store_expired(data, share) && !wssl_cached_x509_store_different(cf, share)) { @@ -785,7 +782,7 @@ static void wssl_set_cached_x509_store(struct Curl_cfilter *cf, return; share = Curl_hash_pick(&multi->proto_hash, CURL_UNCONST(MPROTO_WSSL_X509_KEY), - sizeof(MPROTO_WSSL_X509_KEY)-1); + sizeof(MPROTO_WSSL_X509_KEY) - 1); if(!share) { share = curlx_calloc(1, sizeof(*share)); @@ -793,7 +790,7 @@ static void wssl_set_cached_x509_store(struct Curl_cfilter *cf, return; if(!Curl_hash_add2(&multi->proto_hash, CURL_UNCONST(MPROTO_WSSL_X509_KEY), - sizeof(MPROTO_WSSL_X509_KEY)-1, + sizeof(MPROTO_WSSL_X509_KEY) - 1, share, wssl_x509_share_free)) { curlx_free(share); return; @@ -876,8 +873,7 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf, } #ifdef WOLFSSL_TLS13 -static CURLcode -wssl_add_default_ciphers(bool tls13, struct dynbuf *buf) +static CURLcode wssl_add_default_ciphers(bool tls13, struct dynbuf *buf) { int i; char *str; @@ -905,8 +901,7 @@ wssl_add_default_ciphers(bool tls13, struct dynbuf *buf) /* 4.2.0 (2019) */ #if LIBWOLFSSL_VERSION_HEX < 0x04002000 || !defined(OPENSSL_EXTRA) -static int -wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) +static int wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX *ctx, int version) { int res; switch(version) { @@ -933,8 +928,8 @@ wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) } return res; } -static int -wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) + +static int wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX *ctx, int version) { (void)ctx, (void)version; return WOLFSSL_NOT_IMPLEMENTED; @@ -1106,7 +1101,6 @@ static CURLcode ssl_version(struct Curl_easy *data, return CURLE_OK; } - #define QUIC_GROUPS "P-256:P-384:P-521" CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx, @@ -1121,7 +1115,7 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx, { struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); struct ssl_primary_config *conn_config; - WOLFSSL_METHOD* req_method = NULL; + WOLFSSL_METHOD *req_method = NULL; struct alpn_spec alpns; char *curves; #ifdef WOLFSSL_HAVE_KYBER @@ -1357,8 +1351,7 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx, /* Ensure the Client Random is preserved. */ wolfSSL_KeepArrays(wctx->ssl); #if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13) - wolfSSL_set_tls13_secret_cb(wctx->ssl, - wssl_tls13_secret_callback, NULL); + wolfSSL_set_tls13_secret_cb(wctx->ssl, wssl_tls13_secret_callback, NULL); #endif } #endif /* OPENSSL_EXTRA */ @@ -1383,15 +1376,15 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx, if(data->set.tls_ech == CURLECH_GREASE) { infof(data, "ECH: GREASE is done by default by wolfSSL: no need to ask"); } - if(data->set.tls_ech & CURLECH_CLA_CFG - && data->set.str[STRING_ECH_CONFIG]) { + if(data->set.tls_ech & CURLECH_CLA_CFG && + data->set.str[STRING_ECH_CONFIG]) { char *b64val = data->set.str[STRING_ECH_CONFIG]; word32 b64len = 0; - b64len = (word32) strlen(b64val); - if(b64len - && wolfSSL_SetEchConfigsBase64(wctx->ssl, b64val, b64len) - != WOLFSSL_SUCCESS) { + b64len = (word32)strlen(b64val); + if(b64len && + wolfSSL_SetEchConfigsBase64(wctx->ssl, + b64val, b64len) != WOLFSSL_SUCCESS) { if(data->set.tls_ech & CURLECH_HARD) { result = CURLE_SSL_CONNECT_ERROR; goto out; @@ -1424,8 +1417,8 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx, size_t elen = rinfo->echconfiglist_len; infof(data, "ECH: ECHConfig from DoH HTTPS RR"); - if(wolfSSL_SetEchConfigs(wctx->ssl, ecl, (word32) elen) != - WOLFSSL_SUCCESS) { + if(wolfSSL_SetEchConfigs(wctx->ssl, ecl, (word32)elen) != + WOLFSSL_SUCCESS) { infof(data, "ECH: wolfSSL_SetEchConfigs failed"); if(data->set.tls_ech & CURLECH_HARD) { result = CURLE_SSL_CONNECT_ERROR; @@ -1476,8 +1469,8 @@ out: * This function loads all the client/CA certificates and CRLs. Setup the TLS * layer and do all necessary magic. */ -static CURLcode -wssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode wssl_connect_step1(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend; @@ -1542,9 +1535,7 @@ wssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; } - -static char *wssl_strerror(unsigned long error, char *buf, - unsigned long size) +static char *wssl_strerror(unsigned long error, char *buf, unsigned long size) { DEBUGASSERT(size > 40); *buf = '\0'; @@ -1665,8 +1656,7 @@ static CURLcode wssl_send_earlydata(struct Curl_cfilter *cf, } #endif /* WOLFSSL_EARLY_DATA */ -static CURLcode wssl_handshake(struct Curl_cfilter *cf, - struct Curl_easy *data) +static CURLcode wssl_handshake(struct Curl_cfilter *cf, struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend; @@ -1735,7 +1725,7 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf, conn_config->verifyhost && !connssl->peer.sni) { /* we have an IP address as hostname. */ - WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(wssl->ssl); + WOLFSSL_X509 *cert = wolfSSL_get_peer_certificate(wssl->ssl); if(!cert) { failf(data, "unable to get peer certificate"); return CURLE_PEER_FAILED_VERIFICATION; @@ -1789,11 +1779,11 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf, } else if(wssl->io_result) { switch(wssl->io_result) { - case CURLE_SEND_ERROR: - case CURLE_RECV_ERROR: - return CURLE_SSL_CONNECT_ERROR; - default: - return wssl->io_result; + case CURLE_SEND_ERROR: + case CURLE_RECV_ERROR: + return CURLE_SSL_CONNECT_ERROR; + default: + return wssl->io_result; } } #ifdef USE_ECH_WOLFSSL @@ -1804,8 +1794,7 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf, int rv = 0; /* this currently does not produce the retry_configs */ - rv = wolfSSL_GetEchConfigs(wssl->ssl, echConfigs, - &echConfigsLen); + rv = wolfSSL_GetEchConfigs(wssl->ssl, echConfigs, &echConfigsLen); if(rv != WOLFSSL_SUCCESS) { infof(data, "Failed to get ECHConfigs"); } @@ -2087,7 +2076,6 @@ size_t Curl_wssl_version(char *buffer, size_t size) #endif } - static int wssl_init(void) { int ret; @@ -2101,7 +2089,6 @@ static int wssl_init(void) return ret; } - static void wssl_cleanup(void) { wssl_bio_cf_free_methods(); @@ -2111,7 +2098,6 @@ static void wssl_cleanup(void) #endif } - static bool wssl_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data) { @@ -2128,15 +2114,14 @@ static bool wssl_data_pending(struct Curl_cfilter *cf, return FALSE; } -void Curl_wssl_report_handshake(struct Curl_easy *data, - struct wssl_ctx *wssl) +void Curl_wssl_report_handshake(struct Curl_easy *data, struct wssl_ctx *wssl) { #if (LIBWOLFSSL_VERSION_HEX >= 0x03009010) - infof(data, "SSL connection using %s / %s", - wolfSSL_get_version(wssl->ssl), - wolfSSL_get_cipher_name(wssl->ssl)); + infof(data, "SSL connection using %s / %s", + wolfSSL_get_version(wssl->ssl), + wolfSSL_get_cipher_name(wssl->ssl)); #else - infof(data, "SSL connected"); + infof(data, "SSL connected"); #endif } diff --git a/lib/vtls/wolfssl.h b/lib/vtls/wolfssl.h index 7ff4cfb881..5e3c9e2c5d 100644 --- a/lib/vtls/wolfssl.h +++ b/lib/vtls/wolfssl.h @@ -41,9 +41,9 @@ extern const struct Curl_ssl Curl_ssl_wolfssl; struct wssl_ctx { struct WOLFSSL_CTX *ssl_ctx; - struct WOLFSSL *ssl; - CURLcode io_result; /* result of last BIO cfilter operation */ - CURLcode hs_result; /* result of handshake */ + struct WOLFSSL *ssl; + CURLcode io_result; /* result of last BIO cfilter operation */ + CURLcode hs_result; /* result of handshake */ int io_send_blocked_len; /* length of last BIO write that EAGAIN-ed */ BIT(x509_store_setup); /* x509 store has been set up */ BIT(shutting_down); /* TLS is being shut down */ @@ -88,8 +88,7 @@ CURLcode Curl_wssl_verify_pinned(struct Curl_cfilter *cf, struct Curl_easy *data, struct wssl_ctx *wssl); -void Curl_wssl_report_handshake(struct Curl_easy *data, - struct wssl_ctx *wssl); +void Curl_wssl_report_handshake(struct Curl_easy *data, struct wssl_ctx *wssl); #endif /* USE_WOLFSSL */ #endif /* HEADER_CURL_WOLFSSL_H */ diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c index fcc0d0e1da..f63a9fcb99 100644 --- a/lib/vtls/x509asn1.c +++ b/lib/vtls/x509asn1.c @@ -192,7 +192,7 @@ static const char *getASN1Element_(struct Curl_asn1Element *elem, /* Process header byte. */ elem->header = beg; - b = (unsigned char) *beg++; + b = (unsigned char)*beg++; elem->constructed = (b & 0x20) != 0; elem->eclass = (b >> 6) & 3; b &= 0x1F; @@ -203,7 +203,7 @@ static const char *getASN1Element_(struct Curl_asn1Element *elem, /* Process length. */ if(beg >= end) return NULL; - b = (unsigned char) *beg++; + b = (unsigned char)*beg++; if(!(b & 0x80)) len = b; else if(!(b &= 0x7F)) { @@ -284,7 +284,7 @@ static CURLcode bool2str(struct dynbuf *store, { if(end - beg != 1) return CURLE_BAD_FUNCTION_ARGUMENT; - return curlx_dyn_add(store, *beg ? "TRUE": "FALSE"); + return curlx_dyn_add(store, *beg ? "TRUE" : "FALSE"); } /* @@ -298,13 +298,12 @@ static CURLcode octet2str(struct dynbuf *store, CURLcode result = CURLE_OK; while(!result && beg < end) - result = curlx_dyn_addf(store, "%02x:", (unsigned char) *beg++); + result = curlx_dyn_addf(store, "%02x:", (unsigned char)*beg++); return result; } -static CURLcode bit2str(struct dynbuf *store, - const char *beg, const char *end) +static CURLcode bit2str(struct dynbuf *store, const char *beg, const char *end) { /* Convert an ASN.1 bit string to a printable string. */ @@ -318,8 +317,7 @@ static CURLcode bit2str(struct dynbuf *store, * * Returns error. */ -static CURLcode int2str(struct dynbuf *store, - const char *beg, const char *end) +static CURLcode int2str(struct dynbuf *store, const char *beg, const char *end) { unsigned int val = 0; size_t n = end - beg; @@ -335,7 +333,7 @@ static CURLcode int2str(struct dynbuf *store, val = ~val; do - val = (val << 8) | *(const unsigned char *) beg++; + val = (val << 8) | *(const unsigned char *)beg++; while(beg < end); return curlx_dyn_addf(store, "%s%x", val >= 10 ? "0x" : "", val); } @@ -348,8 +346,8 @@ static CURLcode int2str(struct dynbuf *store, * * Returns error. */ -static CURLcode -utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) +static CURLcode utf8asn1str(struct dynbuf *to, int type, const char *from, + const char *end) { size_t inlength = end - from; int size = 1; @@ -390,14 +388,14 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) switch(size) { case 4: - wc = (wc << 8) | *(const unsigned char *) from++; - wc = (wc << 8) | *(const unsigned char *) from++; + wc = (wc << 8) | *(const unsigned char *)from++; + wc = (wc << 8) | *(const unsigned char *)from++; FALLTHROUGH(); case 2: - wc = (wc << 8) | *(const unsigned char *) from++; + wc = (wc << 8) | *(const unsigned char *)from++; FALLTHROUGH(); default: /* case 1: */ - wc = (wc << 8) | *(const unsigned char *) from++; + wc = (wc << 8) | *(const unsigned char *)from++; } if(wc >= 0x00000080) { if(wc >= 0x00000800) { @@ -406,19 +404,19 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) /* Invalid char. size for target encoding. */ return CURLE_WEIRD_SERVER_REPLY; } - buf[3] = (char) (0x80 | (wc & 0x3F)); + buf[3] = (char)(0x80 | (wc & 0x3F)); wc = (wc >> 6) | 0x00010000; charsize++; } - buf[2] = (char) (0x80 | (wc & 0x3F)); + buf[2] = (char)(0x80 | (wc & 0x3F)); wc = (wc >> 6) | 0x00000800; charsize++; } - buf[1] = (char) (0x80 | (wc & 0x3F)); + buf[1] = (char)(0x80 | (wc & 0x3F)); wc = (wc >> 6) | 0x000000C0; charsize++; } - buf[0] = (char) wc; + buf[0] = (char)wc; result = curlx_dyn_addn(to, buf, charsize); } } @@ -438,7 +436,7 @@ static CURLcode encodeOID(struct dynbuf *store, CURLcode result = CURLE_OK; /* Process the first two numbers. */ - y = *(const unsigned char *) beg++; + y = *(const unsigned char *)beg++; x = y / 40; y -= x * 40; @@ -452,7 +450,7 @@ static CURLcode encodeOID(struct dynbuf *store, do { if(x & 0xFF000000) return CURLE_OK; - y = *(const unsigned char *) beg++; + y = *(const unsigned char *)beg++; x = (x << 7) | (y & 0x7F); } while(y & 0x80); result = curlx_dyn_addf(store, ".%u", x); @@ -973,8 +971,8 @@ static CURLcode do_pubkey_field(struct Curl_easy *data, int certnum, } /* return 0 on success, 1 on error */ -static int do_pubkey(struct Curl_easy *data, int certnum, - const char *algo, struct Curl_asn1Element *param, +static int do_pubkey(struct Curl_easy *data, int certnum, const char *algo, + struct Curl_asn1Element *param, struct Curl_asn1Element *pubkey) { struct Curl_asn1Element elem; @@ -1019,7 +1017,7 @@ static int do_pubkey(struct Curl_easy *data, int certnum, len = ((elem.end - q) * 8); if(len) { unsigned int i; - for(i = *(const unsigned char *) q; !(i & 0x80); i <<= 1) + for(i = *(const unsigned char *)q; !(i & 0x80); i <<= 1) len--; } if(len > 32) @@ -1078,8 +1076,7 @@ static int do_pubkey(struct Curl_easy *data, int certnum, * Convert an ASN.1 distinguished name into a printable string. * Return error. */ -static CURLcode DNtostr(struct dynbuf *store, - struct Curl_asn1Element *dn) +static CURLcode DNtostr(struct dynbuf *store, struct Curl_asn1Element *dn) { return encodeDN(store, dn); } @@ -1135,7 +1132,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, /* Version (always fits in less than 32 bits). */ version = 0; for(ptr = cert.version.beg; ptr < cert.version.end; ptr++) - version = (version << 8) | *(const unsigned char *) ptr; + version = (version << 8) | *(const unsigned char *)ptr; if(data->set.ssl.certinfo) { result = curlx_dyn_addf(&out, "%x", version); if(result) @@ -1163,8 +1160,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, if(result) goto done; if(data->set.ssl.certinfo) { - result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm", - &out); + result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm", &out); if(result) goto done; } -- 2.47.3