*/
ssize_t read_bytes(int fd, void *buf, size_t count)
{
- size_t i = 0;
- ssize_t r;
+ size_t i = 0;
+ ssize_t r;
- while (i < count) {
- r = read(fd, buf + i, count - i);
- if (r == 0 || r == -1) {
+ while (i < count) {
+ r = read(fd, buf + i, count - i);
+ if (r == 0 || r == -1) {
if (r == 0) {
#if __DEBUG__
fprintf(stderr, "EOF or peer has performed socket shutdown.\n");
#endif
} else {
- perror("read");
+ perror("read");
}
- return r;
- }
- i += r;
- }
+ return r;
+ }
+ i += r;
+ }
- return count;
+ return count;
}
#endif
/* Fallback to TLS 1.2 */
#if NO(__SSL_3_0__) &&\
- NO(__TLS_1_0__) &&\
+ NO(__TLS_1_0__) &&\
NO(__RFC2712__) &&\
NO(__RFC3268__) &&\
NO(__DFTXP56__) &&\
NO(__RFC4132__) &&\
NO(__RFC4162__) &&\
NO(__RFC4279__) &&\
- NO(__TLS_1_1__) &&\
+ NO(__TLS_1_1__) &&\
NO(__RFC4492__) &&\
NO(__RFC5054__) &&\
- NO(__TLS_1_2__) &&\
+ NO(__TLS_1_2__) &&\
NO(__RFC5288__) &&\
NO(__RFC5289__) &&\
NO(__RFC5932__) &&\
/* Version-specific definitions */
/* SSL 3.0 */
-#if YES(__SSL_3_0__) &&\
- NO(__TLS_1_0__) &&\
- NO(__TLS_1_1__) &&\
- NO(__TLS_1_2__)
+#if YES(__SSL_3_0__) &&\
+ NO(__TLS_1_0__) &&\
+ NO(__TLS_1_1__) &&\
+ NO(__TLS_1_2__)
#undef PROTOCOLMAJOR
#undef PROTOCOLMINOR
#define PROTOCOLMAJOR 3
#define CIPHERSUITEMANDATORY 0x0000 /* TLS_NULL_WITH_NULL_NULL */
/* TLS 1.0 */
#elif NO(__SSL_3_0__) &&\
- YES(__TLS_1_0__) &&\
- NO(__TLS_1_1__) &&\
- NO(__TLS_1_2__)
+ YES(__TLS_1_0__) &&\
+ NO(__TLS_1_1__) &&\
+ NO(__TLS_1_2__)
#undef PROTOCOLMAJOR
#undef PROTOCOLMINOR
#define PROTOCOLMAJOR 3
#define CIPHERSUITEMANDATORY 0x0013 /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
/* TLS 1.1 */
#elif NO(__SSL_3_0__) &&\
- NO(__TLS_1_0__) &&\
- YES(__TLS_1_1__) &&\
- NO(__TLS_1_2__)
+ NO(__TLS_1_0__) &&\
+ YES(__TLS_1_1__) &&\
+ NO(__TLS_1_2__)
#undef PROTOCOLMAJOR
#undef PROTOCOLMINOR
#define PROTOCOLMAJOR 3
#define CIPHERSUITEMANDATORY 0x000A /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
/* TLS 1.2 */
#elif NO(__SSL_3_0__) &&\
- NO(__TLS_1_0__) &&\
- NO(__TLS_1_1__) &&\
- YES(__TLS_1_2__)
+ NO(__TLS_1_0__) &&\
+ NO(__TLS_1_1__) &&\
+ YES(__TLS_1_2__)
#undef PROTOCOLMAJOR
#undef PROTOCOLMINOR
#define PROTOCOLMAJOR 3
}
/* Open file descriptor to dump entire TLS conversation */
- char *s = strdup(tls_suite_name(suite));
- for (r = strlen(s) - 1; r >= 0 && isspace(s[r]); r--) {
- s[r] = '\0';
- }
- char tls_out_filename[0xFFFF]; /* should be enough :D */
- snprintf(tls_out_filename, sizeof(tls_out_filename),
- "%s/%s.%u.%u.0x%04x_%s", opt_dump_dir, "ssl",
+ char *s = strdup(tls_suite_name(suite));
+ for (r = strlen(s) - 1; r >= 0 && isspace(s[r]); r--) {
+ s[r] = '\0';
+ }
+ char tls_out_filename[0xFFFF]; /* should be enough :D */
+ snprintf(tls_out_filename, sizeof(tls_out_filename),
+ "%s/%s.%u.%u.0x%04x_%s", opt_dump_dir, "ssl",
(uint8_t) tls_suite_version_major(),
- (uint8_t) tls_suite_version_minor(), (uint16_t) suite, s);
- if (s) {
- free(s);
- }
+ (uint8_t) tls_suite_version_minor(), (uint16_t) suite, s);
+ if (s) {
+ free(s);
+ }
if ((r = open(tls_out_filename, O_CREAT | O_RDWR | O_TRUNC,
- S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) {
- perror("open");
- }
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) {
+ perror("open");
+ }
return r;
}
/* If specific ciphersuites have been specified, do only use those.
* Else, go over all ciphersuites assuming the target supports STARTTLS.
- * Abort on SMTP error. */
+ * Abort on SMTP error. */
for (x = 0; x < CipherSuite_count; x++) {
/* Set ciphersuite(s) to be used */
tls_init();
must_read_bytes = n24toh32(tls_Handshake_header.Handshake__length);
/* Read up to the session ID length byte. Since the session ID
- * is of variable length we need to figure out how much to read as such. */
+ * is of variable length we need to figure out how much to read as such. */
if (read_bytes(tls_in, &tls_ClientHello_intro,
sizeof(tls_ClientHello_intro)) <= 0) {
}
}
- /* Now we know we must read session_id_length bytes */
+ /* Now we know we must read session_id_length bytes */
assert(tls_ClientHello_session.session_id_length <=
sizeof(tls_ClientHello_session.session_id));
must_read_bytes = n24toh32(tls_Handshake_header.Handshake__length);
/* Read up to the session ID length byte. Since the session ID
- * is of variable length we need to figure out how much to read as such. */
+ * is of variable length we need to figure out how much to read as such. */
if (read_bytes(tls_in, &tls_ServerHello_intro,
sizeof(tls_ServerHello_intro)) <= 0) {
}
}
- /* Now we know we must read session_id_length bytes */
+ /* Now we know we must read session_id_length bytes */
assert(tls_ServerHello_session.session_id_length <=
sizeof(tls_ServerHello_session.session_id));
n24toh32(tls_Handshake_header.Handshake__length));
#endif
- /* The record layer fragments information blocks (e.g., handshake
+ /* The record layer fragments information blocks (e.g., handshake
* messages or application data) into TLSPlaintext records carrying
* data in chunks of 2^14 bytes or less.*/
- assert(ntohs(tls_TLSPlaintext_header.TLSPlaintext__length) <= 0x4000);
+ assert(ntohs(tls_TLSPlaintext_header.TLSPlaintext__length) <= 0x4000);
#if 1
/* We can't handle fragmentation right now.
void tls_print_suites()
{
- uint16_t i;
-
- for (i = 0; i < CIPHERSUITES; i++) {
- fprintf(stderr,
- "%3u CipherSuite %s = { 0x%02X,0x%02X };\n",
- CipherSuites[i], CIPHER_TXT(CipherSuites[i]),
- CipherSuites[i] >> 8, CipherSuites[i] & 0xFF);
- }
+ uint16_t i;
+
+ for (i = 0; i < CIPHERSUITES; i++) {
+ fprintf(stderr,
+ "%3u CipherSuite %s = { 0x%02X,0x%02X };\n",
+ CipherSuites[i], CIPHER_TXT(CipherSuites[i]),
+ CipherSuites[i] >> 8, CipherSuites[i] & 0xFF);
+ }
}
CipherSuite * tls_suites()
void tls_print_version()
{
- fprintf(stderr, "SSL/TLS protocol_version:%u.%u\n",
- PROTOCOLMAJOR, PROTOCOLMINOR);
- fprintf(stderr, "Available cipher_suites:%u\n", CIPHERSUITES);
+ fprintf(stderr, "SSL/TLS protocol_version:%u.%u\n",
+ PROTOCOLMAJOR, PROTOCOLMINOR);
+ fprintf(stderr, "Available cipher_suites:%u\n", CIPHERSUITES);
}
uint8_t tls_stat_flags (void)
};
#define TLS_HASH_ALGORITHM_TXT(n) \
- (((n) >= 0 && (n) <= TLS_HASH_ALGORITHMS_MAX) ? \
+ (((n) >= 0 && (n) <= TLS_HASH_ALGORITHMS_MAX) ? \
tls_HashAlgorithmNames[(n)] : "ERR_NOT_IMPLEMENTED")
#define TLS_SIGNATURE_ALGORITHMS_MAX 3
};
#define TLS_SIGNATURE_ALGORITHM_TXT(n) \
- (((n) >= 0 && (n) <= TLS_SIGNATURE_ALGORITHMS_MAX) ? \
+ (((n) >= 0 && (n) <= TLS_SIGNATURE_ALGORITHMS_MAX) ? \
tls_SignatureAlgorithmNames[(n)] : "ERR_NOT_IMPLEMENTED")
struct __attribute__((__packed__))
#define SERVER_KEYEXCHANGE_UNKNOWN 0x0
#define SERVER_KEYEXCHANGE_DHPARAMS 0x7
struct __attribute__((__packed__)) ServerKeyExchange_DHparams {
- struct ServerDHParams *params;
+ struct ServerDHParams *params;
};
#define SERVER_KEYEXCHANGE_DHPARAMS_SIGNATURE (\
0x3 | SERVER_KEYEXCHANGE_DHPARAMS)
struct __attribute__((__packed__)) ServerKeyExchange_DHparams_signature {
- struct ServerDHParams *params;
- struct DigitallySigned *signed_params;
+ struct ServerDHParams *params;
+ struct DigitallySigned *signed_params;
};
int tls_set_callback_handshake_server_key_exchange (int (*handler)(
uint8_t *ServerKeyExchange, uint32_t ServerKeyExchangeType));
git.99rst.org / starttls.git / commitdiff