From 9f770b10c00de4ffb01d85630e41e3d4adb040de Mon Sep 17 00:00:00 2001 From: Benjamin Sergeant Date: Fri, 24 Apr 2020 15:34:00 -0700 Subject: [PATCH] clang-format --- ixwebsocket/IXSocketMbedTLS.cpp | 20 ++- ixwebsocket/IXSocketOpenSSL.cpp | 95 ++++++++------ ixwebsocket/IXSocketTLSOptions.cpp | 3 +- ixwebsocket/IXSocketTLSOptions.h | 2 +- ixwebsocket/IXUrlParser.cpp | 6 +- ixwebsocket/IXWebSocketHandshakeKeyGen.h | 156 ++++++++++++++--------- test/IXDNSLookupTest.cpp | 12 +- test/IXUnityBuildsTest.cpp | 4 +- 8 files changed, 183 insertions(+), 115 deletions(-) diff --git a/ixwebsocket/IXSocketMbedTLS.cpp b/ixwebsocket/IXSocketMbedTLS.cpp index fd3804cf..5f738ab4 100644 --- a/ixwebsocket/IXSocketMbedTLS.cpp +++ b/ixwebsocket/IXSocketMbedTLS.cpp @@ -104,15 +104,23 @@ namespace ix { ; // FIXME } - else { - if (_tlsOptions.isUsingInMemoryCAs()) { - const char *buffer = _tlsOptions.caFile.c_str(); - size_t bufferSize = _tlsOptions.caFile.size() + 1; // Needs to include null terminating character otherwise mbedtls will fail. - if (mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)buffer, bufferSize) < 0) { + else + { + if (_tlsOptions.isUsingInMemoryCAs()) + { + const char* buffer = _tlsOptions.caFile.c_str(); + size_t bufferSize = + _tlsOptions.caFile.size() + 1; // Needs to include null terminating + // character otherwise mbedtls will fail. + if (mbedtls_x509_crt_parse( + &_cacert, (const unsigned char*) buffer, bufferSize) < 0) + { errMsg = "Cannot parse CA from memory."; return false; } - } else if (mbedtls_x509_crt_parse_file(&_cacert, _tlsOptions.caFile.c_str()) < 0) { + } + else if (mbedtls_x509_crt_parse_file(&_cacert, _tlsOptions.caFile.c_str()) < 0) + { errMsg = "Cannot parse CA file '" + _tlsOptions.caFile + "'"; return false; } diff --git a/ixwebsocket/IXSocketOpenSSL.cpp b/ixwebsocket/IXSocketOpenSSL.cpp index 4e88a23c..11fc39c9 100644 --- a/ixwebsocket/IXSocketOpenSSL.cpp +++ b/ixwebsocket/IXSocketOpenSSL.cpp @@ -195,58 +195,63 @@ namespace ix return ctx; } - bool SocketOpenSSL::openSSLAddCARootsFromString(const std::string roots) { + bool SocketOpenSSL::openSSLAddCARootsFromString(const std::string roots) + { // Create certificate store - X509_STORE *certificate_store = SSL_CTX_get_cert_store(_ssl_context); - if (certificate_store == nullptr) - return false; - + X509_STORE* certificate_store = SSL_CTX_get_cert_store(_ssl_context); + if (certificate_store == nullptr) return false; + // Configure to allow intermediate certs - X509_STORE_set_flags(certificate_store, X509_V_FLAG_TRUSTED_FIRST | X509_V_FLAG_PARTIAL_CHAIN); - + X509_STORE_set_flags(certificate_store, + X509_V_FLAG_TRUSTED_FIRST | X509_V_FLAG_PARTIAL_CHAIN); + // Create a new buffer and populate it with the roots - BIO *buffer = BIO_new_mem_buf((void *)roots.c_str(), static_cast(roots.length())); - if (buffer == nullptr) - return false; - + BIO* buffer = BIO_new_mem_buf((void*) roots.c_str(), static_cast(roots.length())); + if (buffer == nullptr) return false; + // Read each root in the buffer and add to the certificate store bool success = true; size_t number_of_roots = 0; - - while (true) { + + while (true) + { // Read the next root in the buffer - X509 *root = PEM_read_bio_X509_AUX(buffer, nullptr, nullptr, (void *)""); - if (root == nullptr) { + X509* root = PEM_read_bio_X509_AUX(buffer, nullptr, nullptr, (void*) ""); + if (root == nullptr) + { // No more certs left in the buffer, we're done. ERR_clear_error(); break; } - + // Try adding the root to the certificate store ERR_clear_error(); - if (!X509_STORE_add_cert(certificate_store, root)) { - // Failed to add. If the error is unrelated to the x509 lib or the cert already exists, we're safe to continue. + if (!X509_STORE_add_cert(certificate_store, root)) + { + // Failed to add. If the error is unrelated to the x509 lib or the cert already + // exists, we're safe to continue. unsigned long error = ERR_get_error(); - if (ERR_GET_LIB(error) != ERR_LIB_X509 || ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { + if (ERR_GET_LIB(error) != ERR_LIB_X509 || + ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) + { // Failed. Clean up and bail. success = false; X509_free(root); break; } } - + // Clean up and loop X509_free(root); number_of_roots++; } - + // Clean up buffer BIO_free(buffer); - + // Make sure we loaded at least one certificate. - if (number_of_roots == 0) - success = false; - + if (number_of_roots == 0) success = false; + return success; } @@ -457,24 +462,30 @@ namespace ix return false; } #endif - } else { - if (_tlsOptions.isUsingInMemoryCAs()) { + } + else + { + if (_tlsOptions.isUsingInMemoryCAs()) + { // Load from memory openSSLAddCARootsFromString(_tlsOptions.caFile); - } else { + } + else + { if (SSL_CTX_load_verify_locations( - _ssl_context, _tlsOptions.caFile.c_str(), NULL) != 1) + _ssl_context, _tlsOptions.caFile.c_str(), NULL) != 1) { auto sslErr = ERR_get_error(); - errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" + _tlsOptions.caFile + - "\") failed: "; + errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" + + _tlsOptions.caFile + "\") failed: "; errMsg += ERR_error_string(sslErr, nullptr); return false; } - - SSL_CTX_set_verify(_ssl_context, - SSL_VERIFY_PEER, - [](int preverify, X509_STORE_CTX*) -> int { return preverify; }); + + SSL_CTX_set_verify( + _ssl_context, SSL_VERIFY_PEER, [](int preverify, X509_STORE_CTX*) -> int { + return preverify; + }); SSL_CTX_set_verify_depth(_ssl_context, 4); } } @@ -587,24 +598,28 @@ namespace ix } else { - if (_tlsOptions.isUsingInMemoryCAs()) { + if (_tlsOptions.isUsingInMemoryCAs()) + { // Load from memory openSSLAddCARootsFromString(_tlsOptions.caFile); - } else { + } + else + { const char* root_ca_file = _tlsOptions.caFile.c_str(); STACK_OF(X509_NAME) * rootCAs; rootCAs = SSL_load_client_CA_file(root_ca_file); if (rootCAs == NULL) { auto sslErr = ERR_get_error(); - errMsg = "OpenSSL failed - SSL_load_client_CA_file('" + _tlsOptions.caFile + - "') failed: "; + errMsg = "OpenSSL failed - SSL_load_client_CA_file('" + + _tlsOptions.caFile + "') failed: "; errMsg += ERR_error_string(sslErr, nullptr); } else { SSL_CTX_set_client_CA_list(_ssl_context, rootCAs); - if (SSL_CTX_load_verify_locations(_ssl_context, root_ca_file, nullptr) != 1) + if (SSL_CTX_load_verify_locations( + _ssl_context, root_ca_file, nullptr) != 1) { auto sslErr = ERR_get_error(); errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" + diff --git a/ixwebsocket/IXSocketTLSOptions.cpp b/ixwebsocket/IXSocketTLSOptions.cpp index 3780d8d9..da04dc76 100644 --- a/ixwebsocket/IXSocketTLSOptions.cpp +++ b/ixwebsocket/IXSocketTLSOptions.cpp @@ -58,7 +58,8 @@ namespace ix return caFile == kTLSCAFileUseSystemDefaults; } - bool SocketTLSOptions::isUsingInMemoryCAs() const { + bool SocketTLSOptions::isUsingInMemoryCAs() const + { return caFile.find("-----BEGIN CERTIFICATE-----") != std::string::npos; } diff --git a/ixwebsocket/IXSocketTLSOptions.h b/ixwebsocket/IXSocketTLSOptions.h index cb480c6c..e396b388 100644 --- a/ixwebsocket/IXSocketTLSOptions.h +++ b/ixwebsocket/IXSocketTLSOptions.h @@ -36,7 +36,7 @@ namespace ix bool hasCertAndKey() const; bool isUsingSystemDefaults() const; - + bool isUsingInMemoryCAs() const; bool isPeerVerifyDisabled() const; diff --git a/ixwebsocket/IXUrlParser.cpp b/ixwebsocket/IXUrlParser.cpp index 0339c5b2..9018f893 100644 --- a/ixwebsocket/IXUrlParser.cpp +++ b/ixwebsocket/IXUrlParser.cpp @@ -128,8 +128,8 @@ namespace /* * : * := [a-z\+\-\.]+ - * For resiliency, programs interpreting URLs should treat upper case letters as equivalent to - *lower case in scheme names + * For resiliency, programs interpreting URLs should treat upper case letters as + *equivalent to lower case in scheme names */ // try to read scheme @@ -332,7 +332,7 @@ namespace return Result; } -} +} // namespace namespace ix { diff --git a/ixwebsocket/IXWebSocketHandshakeKeyGen.h b/ixwebsocket/IXWebSocketHandshakeKeyGen.h index c048e38b..56528fcf 100644 --- a/ixwebsocket/IXWebSocketHandshakeKeyGen.h +++ b/ixwebsocket/IXWebSocketHandshakeKeyGen.h @@ -18,66 +18,87 @@ #pragma once -#include #include -#include +#include #include +#include -class WebSocketHandshakeKeyGen { - template - struct static_for { - void operator()(uint32_t *a, uint32_t *b) { +class WebSocketHandshakeKeyGen +{ + template + struct static_for + { + void operator()(uint32_t* a, uint32_t* b) + { static_for()(a, b); T::template f(a, b); } }; - template - struct static_for<0, T> { - void operator()(uint32_t * /*a*/, uint32_t * /*hash*/) {} + template + struct static_for<0, T> + { + void operator()(uint32_t* /*a*/, uint32_t* /*hash*/) + { + } }; - template - struct Sha1Loop { - static inline uint32_t rol(uint32_t value, size_t bits) {return (value << bits) | (value >> (32 - bits));} - static inline uint32_t blk(uint32_t b[16], size_t i) { + template + struct Sha1Loop + { + static inline uint32_t rol(uint32_t value, size_t bits) + { + return (value << bits) | (value >> (32 - bits)); + } + static inline uint32_t blk(uint32_t b[16], size_t i) + { return rol(b[(i + 13) & 15] ^ b[(i + 8) & 15] ^ b[(i + 2) & 15] ^ b[i], 1); } - template - static inline void f(uint32_t *a, uint32_t *b) { - switch (state) { - case 1: - a[i % 5] += ((a[(3 + i) % 5] & (a[(2 + i) % 5] ^ a[(1 + i) % 5])) ^ a[(1 + i) % 5]) + b[i] + 0x5a827999 + rol(a[(4 + i) % 5], 5); - a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); - break; - case 2: - b[i] = blk(b, i); - a[(1 + i) % 5] += ((a[(4 + i) % 5] & (a[(3 + i) % 5] ^ a[(2 + i) % 5])) ^ a[(2 + i) % 5]) + b[i] + 0x5a827999 + rol(a[(5 + i) % 5], 5); - a[(4 + i) % 5] = rol(a[(4 + i) % 5], 30); - break; - case 3: - b[(i + 4) % 16] = blk(b, (i + 4) % 16); - a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + b[(i + 4) % 16] + 0x6ed9eba1 + rol(a[(4 + i) % 5], 5); - a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); - break; - case 4: - b[(i + 8) % 16] = blk(b, (i + 8) % 16); - a[i % 5] += (((a[(3 + i) % 5] | a[(2 + i) % 5]) & a[(1 + i) % 5]) | (a[(3 + i) % 5] & a[(2 + i) % 5])) + b[(i + 8) % 16] + 0x8f1bbcdc + rol(a[(4 + i) % 5], 5); - a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); - break; - case 5: - b[(i + 12) % 16] = blk(b, (i + 12) % 16); - a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + b[(i + 12) % 16] + 0xca62c1d6 + rol(a[(4 + i) % 5], 5); - a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); - break; - case 6: - b[i] += a[4 - i]; + template + static inline void f(uint32_t* a, uint32_t* b) + { + switch (state) + { + case 1: + a[i % 5] += + ((a[(3 + i) % 5] & (a[(2 + i) % 5] ^ a[(1 + i) % 5])) ^ a[(1 + i) % 5]) + + b[i] + 0x5a827999 + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 2: + b[i] = blk(b, i); + a[(1 + i) % 5] += + ((a[(4 + i) % 5] & (a[(3 + i) % 5] ^ a[(2 + i) % 5])) ^ a[(2 + i) % 5]) + + b[i] + 0x5a827999 + rol(a[(5 + i) % 5], 5); + a[(4 + i) % 5] = rol(a[(4 + i) % 5], 30); + break; + case 3: + b[(i + 4) % 16] = blk(b, (i + 4) % 16); + a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + + b[(i + 4) % 16] + 0x6ed9eba1 + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 4: + b[(i + 8) % 16] = blk(b, (i + 8) % 16); + a[i % 5] += (((a[(3 + i) % 5] | a[(2 + i) % 5]) & a[(1 + i) % 5]) | + (a[(3 + i) % 5] & a[(2 + i) % 5])) + + b[(i + 8) % 16] + 0x8f1bbcdc + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 5: + b[(i + 12) % 16] = blk(b, (i + 12) % 16); + a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + + b[(i + 12) % 16] + 0xca62c1d6 + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 6: b[i] += a[4 - i]; } } }; - static inline void sha1(uint32_t hash[5], uint32_t b[16]) { + static inline void sha1(uint32_t hash[5], uint32_t b[16]) + { uint32_t a[5] = {hash[4], hash[3], hash[2], hash[1], hash[0]}; static_for<16, Sha1Loop<1>>()(a, b); static_for<4, Sha1Loop<2>>()(a, b); @@ -87,9 +108,11 @@ class WebSocketHandshakeKeyGen { static_for<5, Sha1Loop<6>>()(a, hash); } - static inline void base64(unsigned char *src, char *dst) { - const char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - for (int i = 0; i < 18; i += 3) { + static inline void base64(unsigned char* src, char* dst) + { + const char* b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + for (int i = 0; i < 18; i += 3) + { *dst++ = b64[(src[i] >> 2) & 63]; *dst++ = b64[((src[i] & 3) << 4) | ((src[i + 1] & 240) >> 4)]; *dst++ = b64[((src[i + 1] & 15) << 2) | ((src[i + 2] & 192) >> 6)]; @@ -102,34 +125,47 @@ class WebSocketHandshakeKeyGen { } public: - static inline void generate(const std::string& inputStr, char output[28]) { - + static inline void generate(const std::string& inputStr, char output[28]) + { char input[25] = {}; strncpy(input, inputStr.c_str(), 25 - 1); input[25 - 1] = '\0'; - uint32_t b_output[5] = { - 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 - }; - uint32_t b_input[16] = { - 0, 0, 0, 0, 0, 0, 0x32353845, 0x41464135, 0x2d453931, 0x342d3437, 0x44412d39, - 0x3543412d, 0x43354142, 0x30444338, 0x35423131, 0x80000000 - }; + uint32_t b_output[5] = {0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0}; + uint32_t b_input[16] = {0, + 0, + 0, + 0, + 0, + 0, + 0x32353845, + 0x41464135, + 0x2d453931, + 0x342d3437, + 0x44412d39, + 0x3543412d, + 0x43354142, + 0x30444338, + 0x35423131, + 0x80000000}; - for (int i = 0; i < 6; i++) { - b_input[i] = (input[4 * i + 3] & 0xff) | (input[4 * i + 2] & 0xff) << 8 | (input[4 * i + 1] & 0xff) << 16 | (input[4 * i + 0] & 0xff) << 24; + for (int i = 0; i < 6; i++) + { + b_input[i] = (input[4 * i + 3] & 0xff) | (input[4 * i + 2] & 0xff) << 8 | + (input[4 * i + 1] & 0xff) << 16 | (input[4 * i + 0] & 0xff) << 24; } sha1(b_output, b_input); uint32_t last_b[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 480}; sha1(b_output, last_b); - for (int i = 0; i < 5; i++) { + for (int i = 0; i < 5; i++) + { uint32_t tmp = b_output[i]; - char *bytes = (char *) &b_output[i]; + char* bytes = (char*) &b_output[i]; bytes[3] = tmp & 0xff; bytes[2] = (tmp >> 8) & 0xff; bytes[1] = (tmp >> 16) & 0xff; bytes[0] = (tmp >> 24) & 0xff; } - base64((unsigned char *) b_output, output); + base64((unsigned char*) b_output, output); } }; diff --git a/test/IXDNSLookupTest.cpp b/test/IXDNSLookupTest.cpp index 213a5f5d..31a7e0aa 100644 --- a/test/IXDNSLookupTest.cpp +++ b/test/IXDNSLookupTest.cpp @@ -31,7 +31,11 @@ TEST_CASE("dns", "[net]") auto dnsLookup = std::make_shared("wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww", 80); std::string errMsg; - struct addrinfo* res = dnsLookup->resolve(errMsg, [] { return false; }); + struct addrinfo* res = dnsLookup->resolve(errMsg, + [] + { + return false; + }); std::cerr << "Error message: " << errMsg << std::endl; REQUIRE(res == nullptr); } @@ -42,7 +46,11 @@ TEST_CASE("dns", "[net]") std::string errMsg; // The callback returning true means we are requesting cancellation - struct addrinfo* res = dnsLookup->resolve(errMsg, [] { return true; }); + struct addrinfo* res = dnsLookup->resolve(errMsg, + [] + { + return true; + }); std::cerr << "Error message: " << errMsg << std::endl; REQUIRE(res == nullptr); } diff --git a/test/IXUnityBuildsTest.cpp b/test/IXUnityBuildsTest.cpp index e6d3043a..518523ea 100644 --- a/test/IXUnityBuildsTest.cpp +++ b/test/IXUnityBuildsTest.cpp @@ -18,10 +18,10 @@ #include #include #include -#include -#include #include #include +#include +#include #include #include #include