diff options
Diffstat (limited to 'src/core/tsi/ssl_transport_security.cc')
-rw-r--r-- | src/core/tsi/ssl_transport_security.cc | 407 |
1 files changed, 204 insertions, 203 deletions
diff --git a/src/core/tsi/ssl_transport_security.cc b/src/core/tsi/ssl_transport_security.cc index b1c69e9c7b..c1c2de6ca9 100644 --- a/src/core/tsi/ssl_transport_security.cc +++ b/src/core/tsi/ssl_transport_security.cc @@ -70,14 +70,14 @@ extern "C" { /* --- Structure definitions. ---*/ struct tsi_ssl_handshaker_factory { - const tsi_ssl_handshaker_factory_vtable *vtable; + const tsi_ssl_handshaker_factory_vtable* vtable; gpr_refcount refcount; }; struct tsi_ssl_client_handshaker_factory { tsi_ssl_handshaker_factory base; - SSL_CTX *ssl_context; - unsigned char *alpn_protocol_list; + SSL_CTX* ssl_context; + unsigned char* alpn_protocol_list; size_t alpn_protocol_list_length; }; @@ -86,28 +86,28 @@ struct tsi_ssl_server_handshaker_factory { The tsi_peer array contains the subject names of the server certificates associated with the contexts at the same index. */ tsi_ssl_handshaker_factory base; - SSL_CTX **ssl_contexts; - tsi_peer *ssl_context_x509_subject_names; + SSL_CTX** ssl_contexts; + tsi_peer* ssl_context_x509_subject_names; size_t ssl_context_count; - unsigned char *alpn_protocol_list; + unsigned char* alpn_protocol_list; size_t alpn_protocol_list_length; }; typedef struct { tsi_handshaker base; - SSL *ssl; - BIO *into_ssl; - BIO *from_ssl; + SSL* ssl; + BIO* into_ssl; + BIO* from_ssl; tsi_result result; - tsi_ssl_handshaker_factory *factory_ref; + tsi_ssl_handshaker_factory* factory_ref; } tsi_ssl_handshaker; typedef struct { tsi_frame_protector base; - SSL *ssl; - BIO *into_ssl; - BIO *from_ssl; - unsigned char *buffer; + SSL* ssl; + BIO* into_ssl; + BIO* from_ssl; + unsigned char* buffer; size_t buffer_size; size_t buffer_offset; } tsi_ssl_frame_protector; @@ -115,9 +115,9 @@ typedef struct { /* --- Library Initialization. ---*/ static gpr_once init_openssl_once = GPR_ONCE_INIT; -static gpr_mu *openssl_mutexes = NULL; +static gpr_mu* openssl_mutexes = NULL; -static void openssl_locking_cb(int mode, int type, const char *file, int line) { +static void openssl_locking_cb(int mode, int type, const char* file, int line) { if (mode & CRYPTO_LOCK) { gpr_mu_lock(&openssl_mutexes[type]); } else { @@ -137,7 +137,7 @@ static void init_openssl(void) { OpenSSL_add_all_algorithms(); num_locks = CRYPTO_num_locks(); GPR_ASSERT(num_locks > 0); - openssl_mutexes = (gpr_mu *)gpr_malloc((size_t)num_locks * sizeof(gpr_mu)); + openssl_mutexes = (gpr_mu*)gpr_malloc((size_t)num_locks * sizeof(gpr_mu)); for (i = 0; i < CRYPTO_num_locks(); i++) { gpr_mu_init(&openssl_mutexes[i]); } @@ -147,7 +147,7 @@ static void init_openssl(void) { /* --- Ssl utils. ---*/ -static const char *ssl_error_string(int error) { +static const char* ssl_error_string(int error) { switch (error) { case SSL_ERROR_NONE: return "SSL_ERROR_NONE"; @@ -173,8 +173,8 @@ static const char *ssl_error_string(int error) { } /* TODO(jboeuf): Remove when we are past the debugging phase with this code. */ -static void ssl_log_where_info(const SSL *ssl, int where, int flag, - const char *msg) { +static void ssl_log_where_info(const SSL* ssl, int where, int flag, + const char* msg) { if ((where & flag) && GRPC_TRACER_ON(tsi_tracing_enabled)) { gpr_log(GPR_INFO, "%20.20s - %30.30s - %5.10s", msg, SSL_state_string_long(ssl), SSL_state_string(ssl)); @@ -182,7 +182,7 @@ static void ssl_log_where_info(const SSL *ssl, int where, int flag, } /* Used for debugging. TODO(jboeuf): Remove when code is mature enough. */ -static void ssl_info_callback(const SSL *ssl, int where, int ret) { +static void ssl_info_callback(const SSL* ssl, int where, int ret) { if (ret == 0) { gpr_log(GPR_ERROR, "ssl_info_callback: error occured.\n"); return; @@ -195,7 +195,7 @@ static void ssl_info_callback(const SSL *ssl, int where, int ret) { /* Returns 1 if name looks like an IP address, 0 otherwise. This is a very rough heuristic, and only handles IPv6 in hexadecimal form. */ -static int looks_like_ip_address(const char *name) { +static int looks_like_ip_address(const char* name) { size_t i; size_t dot_count = 0; size_t num_size = 0; @@ -220,12 +220,12 @@ static int looks_like_ip_address(const char *name) { } /* Gets the subject CN from an X509 cert. */ -static tsi_result ssl_get_x509_common_name(X509 *cert, unsigned char **utf8, - size_t *utf8_size) { +static tsi_result ssl_get_x509_common_name(X509* cert, unsigned char** utf8, + size_t* utf8_size) { int common_name_index = -1; - X509_NAME_ENTRY *common_name_entry = NULL; - ASN1_STRING *common_name_asn1 = NULL; - X509_NAME *subject_name = X509_get_subject_name(cert); + X509_NAME_ENTRY* common_name_entry = NULL; + ASN1_STRING* common_name_asn1 = NULL; + X509_NAME* subject_name = X509_get_subject_name(cert); int utf8_returned_size = 0; if (subject_name == NULL) { gpr_log(GPR_ERROR, "Could not get subject name from certificate."); @@ -260,8 +260,8 @@ static tsi_result ssl_get_x509_common_name(X509 *cert, unsigned char **utf8, /* Gets the subject CN of an X509 cert as a tsi_peer_property. */ static tsi_result peer_property_from_x509_common_name( - X509 *cert, tsi_peer_property *property) { - unsigned char *common_name; + X509* cert, tsi_peer_property* property) { + unsigned char* common_name; size_t common_name_size; tsi_result result = ssl_get_x509_common_name(cert, &common_name, &common_name_size); @@ -275,35 +275,34 @@ static tsi_result peer_property_from_x509_common_name( } result = tsi_construct_string_peer_property( TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, - common_name == NULL ? "" : (const char *)common_name, common_name_size, + common_name == NULL ? "" : (const char*)common_name, common_name_size, property); OPENSSL_free(common_name); return result; } /* Gets the X509 cert in PEM format as a tsi_peer_property. */ -static tsi_result add_pem_certificate(X509 *cert, tsi_peer_property *property) { - BIO *bio = BIO_new(BIO_s_mem()); +static tsi_result add_pem_certificate(X509* cert, tsi_peer_property* property) { + BIO* bio = BIO_new(BIO_s_mem()); if (!PEM_write_bio_X509(bio, cert)) { BIO_free(bio); return TSI_INTERNAL_ERROR; } - char *contents; + char* contents; long len = BIO_get_mem_data(bio, &contents); if (len <= 0) { BIO_free(bio); return TSI_INTERNAL_ERROR; } tsi_result result = tsi_construct_string_peer_property( - TSI_X509_PEM_CERT_PROPERTY, (const char *)contents, (size_t)len, - property); + TSI_X509_PEM_CERT_PROPERTY, (const char*)contents, (size_t)len, property); BIO_free(bio); return result; } /* Gets the subject SANs from an X509 cert as a tsi_peer_property. */ static tsi_result add_subject_alt_names_properties_to_peer( - tsi_peer *peer, GENERAL_NAMES *subject_alt_names, + tsi_peer* peer, GENERAL_NAMES* subject_alt_names, size_t subject_alt_name_count) { size_t i; tsi_result result = TSI_OK; @@ -312,11 +311,11 @@ static tsi_result add_subject_alt_names_properties_to_peer( peer->property_count -= subject_alt_name_count; for (i = 0; i < subject_alt_name_count; i++) { - GENERAL_NAME *subject_alt_name = + GENERAL_NAME* subject_alt_name = sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i)); /* Filter out the non-dns entries names. */ if (subject_alt_name->type == GEN_DNS) { - unsigned char *name = NULL; + unsigned char* name = NULL; int name_size; name_size = ASN1_STRING_to_UTF8(&name, subject_alt_name->d.dNSName); if (name_size < 0) { @@ -325,7 +324,7 @@ static tsi_result add_subject_alt_names_properties_to_peer( break; } result = tsi_construct_string_peer_property( - TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, (const char *)name, + TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, (const char*)name, (size_t)name_size, &peer->properties[peer->property_count++]); OPENSSL_free(name); } else if (subject_alt_name->type == GEN_IPADD) { @@ -341,7 +340,7 @@ static tsi_result add_subject_alt_names_properties_to_peer( result = TSI_INTERNAL_ERROR; break; } - const char *name = inet_ntop(af, subject_alt_name->d.iPAddress->data, + const char* name = inet_ntop(af, subject_alt_name->d.iPAddress->data, ntop_buf, INET6_ADDRSTRLEN); if (name == NULL) { gpr_log(GPR_ERROR, "Could not get IP string from asn1 octet."); @@ -359,11 +358,11 @@ static tsi_result add_subject_alt_names_properties_to_peer( } /* Gets information about the peer's X509 cert as a tsi_peer object. */ -static tsi_result peer_from_x509(X509 *cert, int include_certificate_type, - tsi_peer *peer) { +static tsi_result peer_from_x509(X509* cert, int include_certificate_type, + tsi_peer* peer) { /* TODO(jboeuf): Maybe add more properties. */ - GENERAL_NAMES *subject_alt_names = - (GENERAL_NAMES *)X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0); + GENERAL_NAMES* subject_alt_names = + (GENERAL_NAMES*)X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0); int subject_alt_name_count = (subject_alt_names != NULL) ? (int)sk_GENERAL_NAME_num(subject_alt_names) : 0; @@ -415,8 +414,8 @@ static void log_ssl_error_stack(void) { } /* Performs an SSL_read and handle errors. */ -static tsi_result do_ssl_read(SSL *ssl, unsigned char *unprotected_bytes, - size_t *unprotected_bytes_size) { +static tsi_result do_ssl_read(SSL* ssl, unsigned char* unprotected_bytes, + size_t* unprotected_bytes_size) { int read_from_ssl; GPR_ASSERT(*unprotected_bytes_size <= INT_MAX); read_from_ssl = @@ -448,7 +447,7 @@ static tsi_result do_ssl_read(SSL *ssl, unsigned char *unprotected_bytes, } /* Performs an SSL_write and handle errors. */ -static tsi_result do_ssl_write(SSL *ssl, unsigned char *unprotected_bytes, +static tsi_result do_ssl_write(SSL* ssl, unsigned char* unprotected_bytes, size_t unprotected_bytes_size) { int ssl_write_result; GPR_ASSERT(unprotected_bytes_size <= INT_MAX); @@ -470,18 +469,18 @@ static tsi_result do_ssl_write(SSL *ssl, unsigned char *unprotected_bytes, } /* Loads an in-memory PEM certificate chain into the SSL context. */ -static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX *context, - const char *pem_cert_chain, +static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX* context, + const char* pem_cert_chain, size_t pem_cert_chain_size) { tsi_result result = TSI_OK; - X509 *certificate = NULL; - BIO *pem; + X509* certificate = NULL; + BIO* pem; GPR_ASSERT(pem_cert_chain_size <= INT_MAX); - pem = BIO_new_mem_buf((void *)pem_cert_chain, (int)pem_cert_chain_size); + pem = BIO_new_mem_buf((void*)pem_cert_chain, (int)pem_cert_chain_size); if (pem == NULL) return TSI_OUT_OF_RESOURCES; do { - certificate = PEM_read_bio_X509_AUX(pem, NULL, NULL, (void *)""); + certificate = PEM_read_bio_X509_AUX(pem, NULL, NULL, (void*)""); if (certificate == NULL) { result = TSI_INVALID_ARGUMENT; break; @@ -491,8 +490,8 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX *context, break; } while (1) { - X509 *certificate_authority = - PEM_read_bio_X509(pem, NULL, NULL, (void *)""); + X509* certificate_authority = + PEM_read_bio_X509(pem, NULL, NULL, (void*)""); if (certificate_authority == NULL) { ERR_clear_error(); break; /* Done reading. */ @@ -514,16 +513,16 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX *context, } /* Loads an in-memory PEM private key into the SSL context. */ -static tsi_result ssl_ctx_use_private_key(SSL_CTX *context, const char *pem_key, +static tsi_result ssl_ctx_use_private_key(SSL_CTX* context, const char* pem_key, size_t pem_key_size) { tsi_result result = TSI_OK; - EVP_PKEY *private_key = NULL; - BIO *pem; + EVP_PKEY* private_key = NULL; + BIO* pem; GPR_ASSERT(pem_key_size <= INT_MAX); - pem = BIO_new_mem_buf((void *)pem_key, (int)pem_key_size); + pem = BIO_new_mem_buf((void*)pem_key, (int)pem_key_size); if (pem == NULL) return TSI_OUT_OF_RESOURCES; do { - private_key = PEM_read_bio_PrivateKey(pem, NULL, NULL, (void *)""); + private_key = PEM_read_bio_PrivateKey(pem, NULL, NULL, (void*)""); if (private_key == NULL) { result = TSI_INVALID_ARGUMENT; break; @@ -540,19 +539,19 @@ static tsi_result ssl_ctx_use_private_key(SSL_CTX *context, const char *pem_key, /* Loads in-memory PEM verification certs into the SSL context and optionally returns the verification cert names (root_names can be NULL). */ -static tsi_result ssl_ctx_load_verification_certs(SSL_CTX *context, - const char *pem_roots, +static tsi_result ssl_ctx_load_verification_certs(SSL_CTX* context, + const char* pem_roots, size_t pem_roots_size, STACK_OF(X509_NAME) * *root_names) { tsi_result result = TSI_OK; size_t num_roots = 0; - X509 *root = NULL; - X509_NAME *root_name = NULL; - BIO *pem; - X509_STORE *root_store; + X509* root = NULL; + X509_NAME* root_name = NULL; + BIO* pem; + X509_STORE* root_store; GPR_ASSERT(pem_roots_size <= INT_MAX); - pem = BIO_new_mem_buf((void *)pem_roots, (int)pem_roots_size); + pem = BIO_new_mem_buf((void*)pem_roots, (int)pem_roots_size); root_store = SSL_CTX_get_cert_store(context); if (root_store == NULL) return TSI_INVALID_ARGUMENT; if (pem == NULL) return TSI_OUT_OF_RESOURCES; @@ -562,7 +561,7 @@ static tsi_result ssl_ctx_load_verification_certs(SSL_CTX *context, } while (1) { - root = PEM_read_bio_X509_AUX(pem, NULL, NULL, (void *)""); + root = PEM_read_bio_X509_AUX(pem, NULL, NULL, (void*)""); if (root == NULL) { ERR_clear_error(); break; /* We're at the end of stream. */ @@ -611,8 +610,8 @@ static tsi_result ssl_ctx_load_verification_certs(SSL_CTX *context, /* Populates the SSL context with a private key and a cert chain, and sets the cipher list and the ephemeral ECDH key. */ static tsi_result populate_ssl_context( - SSL_CTX *context, const tsi_ssl_pem_key_cert_pair *key_cert_pair, - const char *cipher_list) { + SSL_CTX* context, const tsi_ssl_pem_key_cert_pair* key_cert_pair, + const char* cipher_list) { tsi_result result = TSI_OK; if (key_cert_pair != NULL) { if (key_cert_pair->cert_chain != NULL) { @@ -637,7 +636,7 @@ static tsi_result populate_ssl_context( return TSI_INVALID_ARGUMENT; } { - EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); if (!SSL_CTX_set_tmp_ecdh(context, ecdh)) { gpr_log(GPR_ERROR, "Could not set ephemeral ECDH key."); EC_KEY_free(ecdh); @@ -650,15 +649,15 @@ static tsi_result populate_ssl_context( } /* Extracts the CN and the SANs from an X509 cert as a peer object. */ -static tsi_result extract_x509_subject_names_from_pem_cert(const char *pem_cert, - tsi_peer *peer) { +static tsi_result extract_x509_subject_names_from_pem_cert(const char* pem_cert, + tsi_peer* peer) { tsi_result result = TSI_OK; - X509 *cert = NULL; - BIO *pem; - pem = BIO_new_mem_buf((void *)pem_cert, (int)strlen(pem_cert)); + X509* cert = NULL; + BIO* pem; + pem = BIO_new_mem_buf((void*)pem_cert, (int)strlen(pem_cert)); if (pem == NULL) return TSI_OUT_OF_RESOURCES; - cert = PEM_read_bio_X509(pem, NULL, NULL, (void *)""); + cert = PEM_read_bio_X509(pem, NULL, NULL, (void*)""); if (cert == NULL) { gpr_log(GPR_ERROR, "Invalid certificate"); result = TSI_INVALID_ARGUMENT; @@ -672,10 +671,10 @@ static tsi_result extract_x509_subject_names_from_pem_cert(const char *pem_cert, /* Builds the alpn protocol name list according to rfc 7301. */ static tsi_result build_alpn_protocol_name_list( - const char **alpn_protocols, uint16_t num_alpn_protocols, - unsigned char **protocol_name_list, size_t *protocol_name_list_length) { + const char** alpn_protocols, uint16_t num_alpn_protocols, + unsigned char** protocol_name_list, size_t* protocol_name_list_length) { uint16_t i; - unsigned char *current; + unsigned char* current; *protocol_name_list = NULL; *protocol_name_list_length = 0; if (num_alpn_protocols == 0) return TSI_INVALID_ARGUMENT; @@ -687,7 +686,7 @@ static tsi_result build_alpn_protocol_name_list( } *protocol_name_list_length += length + 1; } - *protocol_name_list = (unsigned char *)gpr_malloc(*protocol_name_list_length); + *protocol_name_list = (unsigned char*)gpr_malloc(*protocol_name_list_length); if (*protocol_name_list == NULL) return TSI_OUT_OF_RESOURCES; current = *protocol_name_list; for (i = 0; i < num_alpn_protocols; i++) { @@ -709,18 +708,18 @@ static tsi_result build_alpn_protocol_name_list( // the server's certificate, but we need to pull it anyway, in case a higher // layer wants to look at it. In this case the verification may fail, but // we don't really care. -static int NullVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx) { +static int NullVerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) { return 1; } /* --- tsi_frame_protector methods implementation. ---*/ -static tsi_result ssl_protector_protect(tsi_frame_protector *self, - const unsigned char *unprotected_bytes, - size_t *unprotected_bytes_size, - unsigned char *protected_output_frames, - size_t *protected_output_frames_size) { - tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self; +static tsi_result ssl_protector_protect(tsi_frame_protector* self, + const unsigned char* unprotected_bytes, + size_t* unprotected_bytes_size, + unsigned char* protected_output_frames, + size_t* protected_output_frames_size) { + tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self; int read_from_ssl; size_t available; tsi_result result = TSI_OK; @@ -771,10 +770,10 @@ static tsi_result ssl_protector_protect(tsi_frame_protector *self, } static tsi_result ssl_protector_protect_flush( - tsi_frame_protector *self, unsigned char *protected_output_frames, - size_t *protected_output_frames_size, size_t *still_pending_size) { + tsi_frame_protector* self, unsigned char* protected_output_frames, + size_t* protected_output_frames_size, size_t* still_pending_size) { tsi_result result = TSI_OK; - tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self; + tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self; int read_from_ssl = 0; int pending; @@ -804,14 +803,14 @@ static tsi_result ssl_protector_protect_flush( } static tsi_result ssl_protector_unprotect( - tsi_frame_protector *self, const unsigned char *protected_frames_bytes, - size_t *protected_frames_bytes_size, unsigned char *unprotected_bytes, - size_t *unprotected_bytes_size) { + tsi_frame_protector* self, const unsigned char* protected_frames_bytes, + size_t* protected_frames_bytes_size, unsigned char* unprotected_bytes, + size_t* unprotected_bytes_size) { tsi_result result = TSI_OK; int written_into_ssl = 0; size_t output_bytes_size = *unprotected_bytes_size; size_t output_bytes_offset = 0; - tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self; + tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self; /* First, try to read remaining data from ssl. */ result = do_ssl_read(impl->ssl, unprotected_bytes, unprotected_bytes_size); @@ -845,22 +844,24 @@ static tsi_result ssl_protector_unprotect( return result; } -static void ssl_protector_destroy(tsi_frame_protector *self) { - tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self; +static void ssl_protector_destroy(tsi_frame_protector* self) { + tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self; if (impl->buffer != NULL) gpr_free(impl->buffer); if (impl->ssl != NULL) SSL_free(impl->ssl); gpr_free(self); } static const tsi_frame_protector_vtable frame_protector_vtable = { - ssl_protector_protect, ssl_protector_protect_flush, ssl_protector_unprotect, + ssl_protector_protect, + ssl_protector_protect_flush, + ssl_protector_unprotect, ssl_protector_destroy, }; /* --- tsi_server_handshaker_factory methods implementation. --- */ static void tsi_ssl_handshaker_factory_destroy( - tsi_ssl_handshaker_factory *self) { + tsi_ssl_handshaker_factory* self) { if (self == NULL) return; if (self->vtable != NULL && self->vtable->destroy != NULL) { @@ -871,14 +872,14 @@ static void tsi_ssl_handshaker_factory_destroy( * any memory, it should be free'd here. */ } -static tsi_ssl_handshaker_factory *tsi_ssl_handshaker_factory_ref( - tsi_ssl_handshaker_factory *self) { +static tsi_ssl_handshaker_factory* tsi_ssl_handshaker_factory_ref( + tsi_ssl_handshaker_factory* self) { if (self == NULL) return NULL; gpr_refn(&self->refcount, 1); return self; } -static void tsi_ssl_handshaker_factory_unref(tsi_ssl_handshaker_factory *self) { +static void tsi_ssl_handshaker_factory_unref(tsi_ssl_handshaker_factory* self) { if (self == NULL) return; if (gpr_unref(&self->refcount)) { @@ -891,7 +892,7 @@ static tsi_ssl_handshaker_factory_vtable handshaker_factory_vtable = {NULL}; /* Initializes a tsi_ssl_handshaker_factory object. Caller is responsible for * allocating memory for the factory. */ static void tsi_ssl_handshaker_factory_init( - tsi_ssl_handshaker_factory *factory) { + tsi_ssl_handshaker_factory* factory) { GPR_ASSERT(factory != NULL); factory->vtable = &handshaker_factory_vtable; @@ -900,10 +901,10 @@ static void tsi_ssl_handshaker_factory_init( /* --- tsi_handshaker methods implementation. ---*/ -static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(tsi_handshaker *self, - unsigned char *bytes, - size_t *bytes_size) { - tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self; +static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(tsi_handshaker* self, + unsigned char* bytes, + size_t* bytes_size) { + tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self; int bytes_read_from_ssl = 0; if (bytes == NULL || bytes_size == NULL || *bytes_size == 0 || *bytes_size > INT_MAX) { @@ -924,8 +925,8 @@ static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(tsi_handshaker *self, return BIO_pending(impl->from_ssl) == 0 ? TSI_OK : TSI_INCOMPLETE_DATA; } -static tsi_result ssl_handshaker_get_result(tsi_handshaker *self) { - tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self; +static tsi_result ssl_handshaker_get_result(tsi_handshaker* self) { + tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self; if ((impl->result == TSI_HANDSHAKE_IN_PROGRESS) && SSL_is_init_finished(impl->ssl)) { impl->result = TSI_OK; @@ -934,8 +935,8 @@ static tsi_result ssl_handshaker_get_result(tsi_handshaker *self) { } static tsi_result ssl_handshaker_process_bytes_from_peer( - tsi_handshaker *self, const unsigned char *bytes, size_t *bytes_size) { - tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self; + tsi_handshaker* self, const unsigned char* bytes, size_t* bytes_size) { + tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self; int bytes_written_into_ssl_size = 0; if (bytes == NULL || bytes_size == 0 || *bytes_size > INT_MAX) { return TSI_INVALID_ARGUMENT; @@ -979,13 +980,13 @@ static tsi_result ssl_handshaker_process_bytes_from_peer( } } -static tsi_result ssl_handshaker_extract_peer(tsi_handshaker *self, - tsi_peer *peer) { +static tsi_result ssl_handshaker_extract_peer(tsi_handshaker* self, + tsi_peer* peer) { tsi_result result = TSI_OK; - const unsigned char *alpn_selected = NULL; + const unsigned char* alpn_selected = NULL; unsigned int alpn_selected_len; - tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self; - X509 *peer_cert = SSL_get_peer_certificate(impl->ssl); + tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self; + X509* peer_cert = SSL_get_peer_certificate(impl->ssl); if (peer_cert != NULL) { result = peer_from_x509(peer_cert, 1, peer); X509_free(peer_cert); @@ -1001,13 +1002,13 @@ static tsi_result ssl_handshaker_extract_peer(tsi_handshaker *self, } if (alpn_selected != NULL) { size_t i; - tsi_peer_property *new_properties = (tsi_peer_property *)gpr_zalloc( + tsi_peer_property* new_properties = (tsi_peer_property*)gpr_zalloc( sizeof(*new_properties) * (peer->property_count + 1)); for (i = 0; i < peer->property_count; i++) { new_properties[i] = peer->properties[i]; } result = tsi_construct_string_peer_property( - TSI_SSL_ALPN_SELECTED_PROTOCOL, (const char *)alpn_selected, + TSI_SSL_ALPN_SELECTED_PROTOCOL, (const char*)alpn_selected, alpn_selected_len, &new_properties[peer->property_count]); if (result != TSI_OK) { gpr_free(new_properties); @@ -1021,13 +1022,13 @@ static tsi_result ssl_handshaker_extract_peer(tsi_handshaker *self, } static tsi_result ssl_handshaker_create_frame_protector( - tsi_handshaker *self, size_t *max_output_protected_frame_size, - tsi_frame_protector **protector) { + tsi_handshaker* self, size_t* max_output_protected_frame_size, + tsi_frame_protector** protector) { size_t actual_max_output_protected_frame_size = TSI_SSL_MAX_PROTECTED_FRAME_SIZE_UPPER_BOUND; - tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self; - tsi_ssl_frame_protector *protector_impl = - (tsi_ssl_frame_protector *)gpr_zalloc(sizeof(*protector_impl)); + tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self; + tsi_ssl_frame_protector* protector_impl = + (tsi_ssl_frame_protector*)gpr_zalloc(sizeof(*protector_impl)); if (max_output_protected_frame_size != NULL) { if (*max_output_protected_frame_size > @@ -1044,7 +1045,7 @@ static tsi_result ssl_handshaker_create_frame_protector( protector_impl->buffer_size = actual_max_output_protected_frame_size - TSI_SSL_MAX_PROTECTION_OVERHEAD; protector_impl->buffer = - (unsigned char *)gpr_malloc(protector_impl->buffer_size); + (unsigned char*)gpr_malloc(protector_impl->buffer_size); if (protector_impl->buffer == NULL) { gpr_log(GPR_ERROR, "Could not allocated buffer for tsi_ssl_frame_protector."); @@ -1064,8 +1065,8 @@ static tsi_result ssl_handshaker_create_frame_protector( return TSI_OK; } -static void ssl_handshaker_destroy(tsi_handshaker *self) { - tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self; +static void ssl_handshaker_destroy(tsi_handshaker* self) { + tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self; SSL_free(impl->ssl); /* The BIO objects are owned by ssl */ tsi_ssl_handshaker_factory_unref(impl->factory_ref); gpr_free(impl); @@ -1083,14 +1084,14 @@ static const tsi_handshaker_vtable handshaker_vtable = { /* --- tsi_ssl_handshaker_factory common methods. --- */ -static tsi_result create_tsi_ssl_handshaker(SSL_CTX *ctx, int is_client, - const char *server_name_indication, - tsi_ssl_handshaker_factory *factory, - tsi_handshaker **handshaker) { - SSL *ssl = SSL_new(ctx); - BIO *into_ssl = NULL; - BIO *from_ssl = NULL; - tsi_ssl_handshaker *impl = NULL; +static tsi_result create_tsi_ssl_handshaker(SSL_CTX* ctx, int is_client, + const char* server_name_indication, + tsi_ssl_handshaker_factory* factory, + tsi_handshaker** handshaker) { + SSL* ssl = SSL_new(ctx); + BIO* into_ssl = NULL; + BIO* from_ssl = NULL; + tsi_ssl_handshaker* impl = NULL; *handshaker = NULL; if (ctx == NULL) { gpr_log(GPR_ERROR, "SSL Context is null. Should never happen."); @@ -1135,7 +1136,7 @@ static tsi_result create_tsi_ssl_handshaker(SSL_CTX *ctx, int is_client, SSL_set_accept_state(ssl); } - impl = (tsi_ssl_handshaker *)gpr_zalloc(sizeof(*impl)); + impl = (tsi_ssl_handshaker*)gpr_zalloc(sizeof(*impl)); impl->ssl = ssl; impl->into_ssl = into_ssl; impl->from_ssl = from_ssl; @@ -1147,16 +1148,16 @@ static tsi_result create_tsi_ssl_handshaker(SSL_CTX *ctx, int is_client, return TSI_OK; } -static int select_protocol_list(const unsigned char **out, - unsigned char *outlen, - const unsigned char *client_list, +static int select_protocol_list(const unsigned char** out, + unsigned char* outlen, + const unsigned char* client_list, size_t client_list_len, - const unsigned char *server_list, + const unsigned char* server_list, size_t server_list_len) { - const unsigned char *client_current = client_list; + const unsigned char* client_current = client_list; while ((unsigned int)(client_current - client_list) < client_list_len) { unsigned char client_current_len = *(client_current++); - const unsigned char *server_current = server_list; + const unsigned char* server_current = server_list; while ((server_current >= server_list) && (uintptr_t)(server_current - server_list) < server_list_len) { unsigned char server_current_len = *(server_current++); @@ -1176,36 +1177,36 @@ static int select_protocol_list(const unsigned char **out, /* --- tsi_ssl_client_handshaker_factory methods implementation. --- */ tsi_result tsi_ssl_client_handshaker_factory_create_handshaker( - tsi_ssl_client_handshaker_factory *self, const char *server_name_indication, - tsi_handshaker **handshaker) { + tsi_ssl_client_handshaker_factory* self, const char* server_name_indication, + tsi_handshaker** handshaker) { return create_tsi_ssl_handshaker(self->ssl_context, 1, server_name_indication, &self->base, handshaker); } void tsi_ssl_client_handshaker_factory_unref( - tsi_ssl_client_handshaker_factory *self) { + tsi_ssl_client_handshaker_factory* self) { if (self == NULL) return; tsi_ssl_handshaker_factory_unref(&self->base); } static void tsi_ssl_client_handshaker_factory_destroy( - tsi_ssl_handshaker_factory *factory) { + tsi_ssl_handshaker_factory* factory) { if (factory == NULL) return; - tsi_ssl_client_handshaker_factory *self = - (tsi_ssl_client_handshaker_factory *)factory; + tsi_ssl_client_handshaker_factory* self = + (tsi_ssl_client_handshaker_factory*)factory; if (self->ssl_context != NULL) SSL_CTX_free(self->ssl_context); if (self->alpn_protocol_list != NULL) gpr_free(self->alpn_protocol_list); gpr_free(self); } -static int client_handshaker_factory_npn_callback(SSL *ssl, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, +static int client_handshaker_factory_npn_callback(SSL* ssl, unsigned char** out, + unsigned char* outlen, + const unsigned char* in, unsigned int inlen, - void *arg) { - tsi_ssl_client_handshaker_factory *factory = - (tsi_ssl_client_handshaker_factory *)arg; - return select_protocol_list((const unsigned char **)out, outlen, + void* arg) { + tsi_ssl_client_handshaker_factory* factory = + (tsi_ssl_client_handshaker_factory*)arg; + return select_protocol_list((const unsigned char**)out, outlen, factory->alpn_protocol_list, factory->alpn_protocol_list_length, in, inlen); } @@ -1213,7 +1214,7 @@ static int client_handshaker_factory_npn_callback(SSL *ssl, unsigned char **out, /* --- tsi_ssl_server_handshaker_factory methods implementation. --- */ tsi_result tsi_ssl_server_handshaker_factory_create_handshaker( - tsi_ssl_server_handshaker_factory *self, tsi_handshaker **handshaker) { + tsi_ssl_server_handshaker_factory* self, tsi_handshaker** handshaker) { if (self->ssl_context_count == 0) return TSI_INVALID_ARGUMENT; /* Create the handshaker with the first context. We will switch if needed because of SNI in ssl_server_handshaker_factory_servername_callback. */ @@ -1222,16 +1223,16 @@ tsi_result tsi_ssl_server_handshaker_factory_create_handshaker( } void tsi_ssl_server_handshaker_factory_unref( - tsi_ssl_server_handshaker_factory *self) { + tsi_ssl_server_handshaker_factory* self) { if (self == NULL) return; tsi_ssl_handshaker_factory_unref(&self->base); } static void tsi_ssl_server_handshaker_factory_destroy( - tsi_ssl_handshaker_factory *factory) { + tsi_ssl_handshaker_factory* factory) { if (factory == NULL) return; - tsi_ssl_server_handshaker_factory *self = - (tsi_ssl_server_handshaker_factory *)factory; + tsi_ssl_server_handshaker_factory* self = + (tsi_ssl_server_handshaker_factory*)factory; size_t i; for (i = 0; i < self->ssl_context_count; i++) { if (self->ssl_contexts[i] != NULL) { @@ -1247,10 +1248,10 @@ static void tsi_ssl_server_handshaker_factory_destroy( gpr_free(self); } -static int does_entry_match_name(const char *entry, size_t entry_length, - const char *name) { - const char *dot; - const char *name_subdomain = NULL; +static int does_entry_match_name(const char* entry, size_t entry_length, + const char* name) { + const char* dot; + const char* name_subdomain = NULL; size_t name_length = strlen(name); size_t name_subdomain_length; if (entry_length == 0) return 0; @@ -1295,12 +1296,12 @@ static int does_entry_match_name(const char *entry, size_t entry_length, strncmp(entry, name_subdomain, entry_length) == 0); } -static int ssl_server_handshaker_factory_servername_callback(SSL *ssl, int *ap, - void *arg) { - tsi_ssl_server_handshaker_factory *impl = - (tsi_ssl_server_handshaker_factory *)arg; +static int ssl_server_handshaker_factory_servername_callback(SSL* ssl, int* ap, + void* arg) { + tsi_ssl_server_handshaker_factory* impl = + (tsi_ssl_server_handshaker_factory*)arg; size_t i = 0; - const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + const char* servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); if (servername == NULL || strlen(servername) == 0) { return SSL_TLSEXT_ERR_NOACK; } @@ -1318,10 +1319,10 @@ static int ssl_server_handshaker_factory_servername_callback(SSL *ssl, int *ap, #if TSI_OPENSSL_ALPN_SUPPORT static int server_handshaker_factory_alpn_callback( - SSL *ssl, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) { - tsi_ssl_server_handshaker_factory *factory = - (tsi_ssl_server_handshaker_factory *)arg; + SSL* ssl, const unsigned char** out, unsigned char* outlen, + const unsigned char* in, unsigned int inlen, void* arg) { + tsi_ssl_server_handshaker_factory* factory = + (tsi_ssl_server_handshaker_factory*)arg; return select_protocol_list(out, outlen, in, inlen, factory->alpn_protocol_list, factory->alpn_protocol_list_length); @@ -1329,9 +1330,9 @@ static int server_handshaker_factory_alpn_callback( #endif /* TSI_OPENSSL_ALPN_SUPPORT */ static int server_handshaker_factory_npn_advertised_callback( - SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg) { - tsi_ssl_server_handshaker_factory *factory = - (tsi_ssl_server_handshaker_factory *)arg; + SSL* ssl, const unsigned char** out, unsigned int* outlen, void* arg) { + tsi_ssl_server_handshaker_factory* factory = + (tsi_ssl_server_handshaker_factory*)arg; *out = factory->alpn_protocol_list; GPR_ASSERT(factory->alpn_protocol_list_length <= UINT_MAX); *outlen = (unsigned int)factory->alpn_protocol_list_length; @@ -1344,12 +1345,12 @@ static tsi_ssl_handshaker_factory_vtable client_handshaker_factory_vtable = { tsi_ssl_client_handshaker_factory_destroy}; tsi_result tsi_create_ssl_client_handshaker_factory( - const tsi_ssl_pem_key_cert_pair *pem_key_cert_pair, - const char *pem_root_certs, const char *cipher_suites, - const char **alpn_protocols, uint16_t num_alpn_protocols, - tsi_ssl_client_handshaker_factory **factory) { - SSL_CTX *ssl_context = NULL; - tsi_ssl_client_handshaker_factory *impl = NULL; + const tsi_ssl_pem_key_cert_pair* pem_key_cert_pair, + const char* pem_root_certs, const char* cipher_suites, + const char** alpn_protocols, uint16_t num_alpn_protocols, + tsi_ssl_client_handshaker_factory** factory) { + SSL_CTX* ssl_context = NULL; + tsi_ssl_client_handshaker_factory* impl = NULL; tsi_result result = TSI_OK; gpr_once_init(&init_openssl_once, init_openssl); @@ -1364,7 +1365,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory( return TSI_INVALID_ARGUMENT; } - impl = (tsi_ssl_client_handshaker_factory *)gpr_zalloc(sizeof(*impl)); + impl = (tsi_ssl_client_handshaker_factory*)gpr_zalloc(sizeof(*impl)); tsi_ssl_handshaker_factory_init(&impl->base); impl->base.vtable = &client_handshaker_factory_vtable; @@ -1419,11 +1420,11 @@ static tsi_ssl_handshaker_factory_vtable server_handshaker_factory_vtable = { tsi_ssl_server_handshaker_factory_destroy}; tsi_result tsi_create_ssl_server_handshaker_factory( - const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs, - size_t num_key_cert_pairs, const char *pem_client_root_certs, - int force_client_auth, const char *cipher_suites, - const char **alpn_protocols, uint16_t num_alpn_protocols, - tsi_ssl_server_handshaker_factory **factory) { + const tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs, const char* pem_client_root_certs, + int force_client_auth, const char* cipher_suites, + const char** alpn_protocols, uint16_t num_alpn_protocols, + tsi_ssl_server_handshaker_factory** factory) { return tsi_create_ssl_server_handshaker_factory_ex( pem_key_cert_pairs, num_key_cert_pairs, pem_client_root_certs, force_client_auth ? TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY @@ -1432,12 +1433,12 @@ tsi_result tsi_create_ssl_server_handshaker_factory( } tsi_result tsi_create_ssl_server_handshaker_factory_ex( - const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs, - size_t num_key_cert_pairs, const char *pem_client_root_certs, + const tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs, const char* pem_client_root_certs, tsi_client_certificate_request_type client_certificate_request, - const char *cipher_suites, const char **alpn_protocols, - uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory **factory) { - tsi_ssl_server_handshaker_factory *impl = NULL; + const char* cipher_suites, const char** alpn_protocols, + uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory** factory) { + tsi_ssl_server_handshaker_factory* impl = NULL; tsi_result result = TSI_OK; size_t i = 0; @@ -1449,14 +1450,14 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex( return TSI_INVALID_ARGUMENT; } - impl = (tsi_ssl_server_handshaker_factory *)gpr_zalloc(sizeof(*impl)); + impl = (tsi_ssl_server_handshaker_factory*)gpr_zalloc(sizeof(*impl)); tsi_ssl_handshaker_factory_init(&impl->base); impl->base.vtable = &server_handshaker_factory_vtable; impl->ssl_contexts = - (SSL_CTX **)gpr_zalloc(num_key_cert_pairs * sizeof(SSL_CTX *)); + (SSL_CTX**)gpr_zalloc(num_key_cert_pairs * sizeof(SSL_CTX*)); impl->ssl_context_x509_subject_names = - (tsi_peer *)gpr_zalloc(num_key_cert_pairs * sizeof(tsi_peer)); + (tsi_peer*)gpr_zalloc(num_key_cert_pairs * sizeof(tsi_peer)); if (impl->ssl_contexts == NULL || impl->ssl_context_x509_subject_names == NULL) { tsi_ssl_handshaker_factory_unref(&impl->base); @@ -1487,7 +1488,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex( if (result != TSI_OK) break; if (pem_client_root_certs != NULL) { - STACK_OF(X509_NAME) *root_names = NULL; + STACK_OF(X509_NAME)* root_names = NULL; result = ssl_ctx_load_verification_certs( impl->ssl_contexts[i], pem_client_root_certs, strlen(pem_client_root_certs), &root_names); @@ -1552,15 +1553,15 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex( /* --- tsi_ssl utils. --- */ -int tsi_ssl_peer_matches_name(const tsi_peer *peer, const char *name) { +int tsi_ssl_peer_matches_name(const tsi_peer* peer, const char* name) { size_t i = 0; size_t san_count = 0; - const tsi_peer_property *cn_property = NULL; + const tsi_peer_property* cn_property = NULL; int like_ip = looks_like_ip_address(name); /* Check the SAN first. */ for (i = 0; i < peer->property_count; i++) { - const tsi_peer_property *property = &peer->properties[i]; + const tsi_peer_property* property = &peer->properties[i]; if (property->name == NULL) continue; if (strcmp(property->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) { @@ -1594,13 +1595,13 @@ int tsi_ssl_peer_matches_name(const tsi_peer *peer, const char *name) { } /* --- Testing support. --- */ -const tsi_ssl_handshaker_factory_vtable *tsi_ssl_handshaker_factory_swap_vtable( - tsi_ssl_handshaker_factory *factory, - tsi_ssl_handshaker_factory_vtable *new_vtable) { +const tsi_ssl_handshaker_factory_vtable* tsi_ssl_handshaker_factory_swap_vtable( + tsi_ssl_handshaker_factory* factory, + tsi_ssl_handshaker_factory_vtable* new_vtable) { GPR_ASSERT(factory != NULL); GPR_ASSERT(factory->vtable != NULL); - const tsi_ssl_handshaker_factory_vtable *orig_vtable = factory->vtable; + const tsi_ssl_handshaker_factory_vtable* orig_vtable = factory->vtable; factory->vtable = new_vtable; return orig_vtable; } |