projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
indent -kr -i8 -l132 on everything in webcit-ng
[citadel.git] / webcit-ng / ssl.c
diff --git a/webcit-ng/ssl.c b/webcit-ng/ssl.c
index f0e24e671072c165f48ae28a1cc9b53c98ad0cab..00b283e5a79d8a80b09c6f3331fb07d4a78d460c 100644 (file)
--- a/webcit-ng/ssl.c
+++ b/webcit-ng/ssl.c
@@ -39,8 +39,7 @@ void ssl_lock(int mode, int n, const char *file, int line)
 {
        if (mode & CRYPTO_LOCK) {
                pthread_mutex_lock(SSLCritters[n]);
-       }
-       else {
+       } else {
                pthread_mutex_unlock(SSLCritters[n]);
        }
 }
@@ -63,42 +62,40 @@ void generate_key(char *keyfilename)
        }
 
        syslog(LOG_INFO, "crypto: generating RSA key pair");
+
        // generate rsa key
        bne = BN_new();
-       ret = BN_set_word(bne,e);
+       ret = BN_set_word(bne, e);
        if (ret != 1) {
                goto free_all;
        }
+
        rsa = RSA_new();
        ret = RSA_generate_key_ex(rsa, bits, bne, NULL);
        if (ret != 1) {
                goto free_all;
        }
-
        // write the key file
        fp = fopen(keyfilename, "w");
        if (fp != NULL) {
                chmod(keyfilename, 0600);
                if (PEM_write_RSAPrivateKey(fp, /* the file */
-                                       rsa,    /* the key */
-                                       NULL,   /* no enc */
-                                       NULL,   /* no passphr */
-                                       0,      /* no passphr */
-                                       NULL,   /* no callbk */
-                                       NULL    /* no callbk */
-               ) != 1) {
+                                           rsa,        /* the key */
+                                           NULL,       /* no enc */
+                                           NULL,       /* no passphr */
+                                           0,  /* no passphr */
+                                           NULL,       /* no callbk */
+                                           NULL        /* no callbk */
+                   ) != 1) {
                        syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
                        unlink(keyfilename);
                }
                fclose(fp);
        }
-
-    // 4. free
-free_all:
-    RSA_free(rsa);
-    BN_free(bne);
+       // 4. free
+      free_all:
+       RSA_free(rsa);
+       BN_free(bne);
 }
 
 
@@ -108,7 +105,7 @@ free_all:
 void init_ssl(void)
 {
        const SSL_METHOD *ssl_method;
-       RSA *rsa=NULL;
+       RSA *rsa = NULL;
        X509_REQ *req = NULL;
        X509 *cer = NULL;
        EVP_PKEY *pk = NULL;
@@ -124,7 +121,6 @@ void init_ssl(void)
                exit(1);
        } else {
                int a;
-
                for (a = 0; a < CRYPTO_num_locks(); a++) {
                        SSLCritters[a] = malloc(sizeof(pthread_mutex_t));
                        if (!SSLCritters[a]) {
@@ -171,7 +167,7 @@ void init_ssl(void)
         * in the next step.  Therefore, if we have neither a CSR nor a certificate, generate
         * the CSR in this step so that the next step may commence.
         */
-       if ( (access(CTDL_CER_PATH, R_OK) != 0) && (access(CTDL_CSR_PATH, R_OK) != 0) ) {
+       if ((access(CTDL_CER_PATH, R_OK) != 0) && (access(CTDL_CSR_PATH, R_OK) != 0)) {
                syslog(LOG_INFO, "Generating a certificate signing request.");
 
                /*
@@ -187,9 +183,8 @@ void init_ssl(void)
                }
 
                if (rsa) {
-
                        /* Create a public key from the private key */
-                       if (pk=EVP_PKEY_new(), pk != NULL) {
+                       if (pk = EVP_PKEY_new(), pk != NULL) {
                                EVP_PKEY_assign_RSA(pk, rsa);
                                if (req = X509_REQ_new(), req != NULL) {
                                        const char *env;
@@ -197,56 +192,39 @@ void init_ssl(void)
                                        X509_REQ_set_pubkey(req, pk);
                                        X509_REQ_set_version(req, 0L);
                                        name = X509_REQ_get_subject_name(req);
-                                       X509_NAME_add_entry_by_txt(
-                                               name, "O", MBSTRING_ASC,
-                                               (unsigned char*)"Citadel Server",
-                                               -1, -1, 0
-                                       );
-                                       X509_NAME_add_entry_by_txt(
-                                               name, "OU", MBSTRING_ASC,
-                                               (unsigned char*)"Default Certificate PLEASE CHANGE",
-                                               -1, -1, 0
-                                       );
-                                       X509_NAME_add_entry_by_txt(
-                                               name, "CN",
-                                               MBSTRING_ASC, 
-                                               (unsigned char*)"*",
-                                               -1, -1, 0
-                                       );
-                               
+                                       X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
+                                                                  (unsigned char *) "Citadel Server", -1, -1, 0);
+                                       X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC,
+                                                                  (unsigned char *) "Default Certificate PLEASE CHANGE",
+                                                                  -1, -1, 0);
+                                       X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *) "*", -1, -1, 0);
+
                                        X509_REQ_set_subject_name(req, name);
 
                                        /* Sign the CSR */
                                        if (!X509_REQ_sign(req, pk, EVP_md5())) {
                                                syslog(LOG_WARNING, "X509_REQ_sign(): error");
-                                       }
-                                       else {
-                                               /* Write it to disk. */ 
+                                       } else {
+                                               /* Write it to disk. */
                                                fp = fopen(CTDL_CSR_PATH, "w");
                                                if (fp != NULL) {
                                                        chmod(CTDL_CSR_PATH, 0600);
                                                        PEM_write_X509_REQ(fp, req);
                                                        fclose(fp);
-                                               }
-                                               else {
+                                               } else {
                                                        syslog(LOG_WARNING, "Cannot write key: %s", CTDL_CSR_PATH);
                                                        exit(1);
                                                }
                                        }
-
                                        X509_REQ_free(req);
                                }
                        }
-
                        RSA_free(rsa);
-               }
-
-               else {
+               } else {
                        syslog(LOG_WARNING, "Unable to read private key.");
                }
        }
 
-
        /*
         * Generate a self-signed certificate if we don't have one.
         */
@@ -267,7 +245,7 @@ void init_ssl(void)
                cer = NULL;
                pk = NULL;
                if (rsa) {
-                       if (pk=EVP_PKEY_new(), pk != NULL) {
+                       if (pk = EVP_PKEY_new(), pk != NULL) {
                                EVP_PKEY_assign_RSA(pk, rsa);
                        }
 
@@ -279,30 +257,26 @@ void init_ssl(void)
 
                        if (req) {
                                if (cer = X509_new(), cer != NULL) {
-
                                        ASN1_INTEGER_set(X509_get_serialNumber(cer), 0);
                                        X509_set_issuer_name(cer, X509_REQ_get_subject_name(req));
                                        X509_set_subject_name(cer, X509_REQ_get_subject_name(req));
                                        X509_gmtime_adj(X509_get_notBefore(cer), 0);
-                                       X509_gmtime_adj(X509_get_notAfter(cer),(long)60*60*24*SIGN_DAYS);
+                                       X509_gmtime_adj(X509_get_notAfter(cer), (long) 60 * 60 * 24 * SIGN_DAYS);
 
                                        req_pkey = X509_REQ_get_pubkey(req);
                                        X509_set_pubkey(cer, req_pkey);
                                        EVP_PKEY_free(req_pkey);
-                                       
+
                                        /* Sign the cert */
                                        if (!X509_sign(cer, pk, EVP_md5())) {
                                                syslog(LOG_WARNING, "X509_sign(): error");
-                                       }
-                                       else {
-                                               /* Write it to disk. */ 
+                                       } else {        /* Write it to disk. */
                                                fp = fopen(CTDL_CER_PATH, "w");
                                                if (fp != NULL) {
                                                        chmod(CTDL_CER_PATH, 0600);
                                                        PEM_write_X509(fp, cer);
                                                        fclose(fp);
-                                               }
-                                               else {
+                                               } else {
                                                        syslog(LOG_WARNING, "Cannot write key: %s", CTDL_CER_PATH);
                                                        exit(1);
                                                }
@@ -310,7 +284,6 @@ void init_ssl(void)
                                        X509_free(cer);
                                }
                        }
-
                        RSA_free(rsa);
                }
        }
@@ -322,17 +295,18 @@ void init_ssl(void)
         */
        SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
        SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
-       if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
+       if (!SSL_CTX_check_private_key(ssl_ctx)) {
                syslog(LOG_WARNING, "Cannot install certificate: %s", ERR_reason_error_string(ERR_get_error()));
        }
-       
+
 }
 
 
 /*
  * starts SSL/TLS encryption for the current session.
  */
-void starttls(struct client_handle *ch) {
+void starttls(struct client_handle *ch)
+{
        int retval, bits, alg_bits;
 
        if (!ssl_ctx) {
@@ -356,8 +330,7 @@ void starttls(struct client_handle *ch) {
                ssl_error_reason = ERR_reason_error_string(ERR_get_error());
                if (ssl_error_reason == NULL) {
                        syslog(LOG_WARNING, "SSL_accept failed: errval=%ld, retval=%d %s", errval, retval, strerror(errval));
-               }
-               else {
+               } else {
                        syslog(LOG_WARNING, "SSL_accept failed: %s\n", ssl_error_reason);
                }
                sleep(1);
@@ -371,22 +344,19 @@ void starttls(struct client_handle *ch) {
                ssl_error_reason = ERR_reason_error_string(ERR_get_error());
                if (ssl_error_reason == NULL) {
                        syslog(LOG_WARNING, "SSL_accept failed: errval=%ld, retval=%d (%s)", errval, retval, strerror(errval));
-               }
-               else {
+               } else {
                        syslog(LOG_WARNING, "SSL_accept failed: %s", ssl_error_reason);
                }
                SSL_free(ch->ssl_handle);
                ch->ssl_handle = NULL;
                return;
-       }
-       else {
+       } else {
                syslog(LOG_INFO, "SSL_accept success");
        }
        bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(ch->ssl_handle), &alg_bits);
        syslog(LOG_INFO, "SSL/TLS using %s on %s (%d of %d bits)",
-               SSL_CIPHER_get_name(SSL_get_current_cipher(ch->ssl_handle)),
-               SSL_CIPHER_get_version(SSL_get_current_cipher(ch->ssl_handle)),
-               bits, alg_bits);
+              SSL_CIPHER_get_name(SSL_get_current_cipher(ch->ssl_handle)),
+              SSL_CIPHER_get_version(SSL_get_current_cipher(ch->ssl_handle)), bits, alg_bits);
 
        syslog(LOG_INFO, "SSL started");
 }
@@ -416,7 +386,8 @@ int client_write_ssl(struct client_handle *ch, char *buf, int nbytes)
        int nremain;
        char junk[1];
 
-       if (ch->ssl_handle == NULL) return(-1);
+       if (ch->ssl_handle == NULL)
+               return (-1);
 
        nremain = nbytes;
        while (nremain > 0) {
@@ -456,7 +427,8 @@ int client_read_ssl(struct client_handle *ch, char *buf, int nbytes)
        int rlen = 0;
        char junk[1];
 
-       if (ch->ssl_handle == NULL) return(-1);
+       if (ch->ssl_handle == NULL)
+               return (-1);
 
        while (bytes_read < nbytes) {
                if (SSL_want_read(ch->ssl_handle)) {
@@ -464,10 +436,9 @@ int client_read_ssl(struct client_handle *ch, char *buf, int nbytes)
                                syslog(LOG_WARNING, "SSL_write in client_read");
                        }
                }
-               rlen = SSL_read(ch->ssl_handle, &buf[bytes_read], nbytes-bytes_read);
+               rlen = SSL_read(ch->ssl_handle, &buf[bytes_read], nbytes - bytes_read);
                if (rlen < 1) {
                        long errval;
-
                        errval = SSL_get_error(ch->ssl_handle, rlen);
                        if (errval == SSL_ERROR_WANT_READ || errval == SSL_ERROR_WANT_WRITE) {
                                sleep(1);
@@ -479,5 +450,5 @@ int client_read_ssl(struct client_handle *ch, char *buf, int nbytes)
                }
                bytes_read += rlen;
        }
-       return(bytes_read);
+       return (bytes_read);
 }
Citadel server, clients, utilities