style(9) and whitespace cleanups.

author: jsing <> 2015-09-12 10:09:16 +0000
committer: jsing <> 2015-09-12 10:09:16 +0000
commit: e44eee81e5e20f236f4bce54afb725d6ba460437 (patch)
tree: 4fc8d60557b1bffab0c51ca536ed13124b548095
parent: a6fad4398c5c6f137d4e06054ff993a175e1149b (diff)
download: openbsd-e44eee81e5e20f236f4bce54afb725d6ba460437.tar.gz
openbsd-e44eee81e5e20f236f4bce54afb725d6ba460437.tar.bz2
openbsd-e44eee81e5e20f236f4bce54afb725d6ba460437.zip
2 files changed, 50 insertions, 58 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index eed359450f..1424641047 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.127 2015/09/11 18:08:21 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.128 2015/09/12 10:09:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1965,7 +1965,6 @@ ssl3_send_client_key_exchange(SSL *s)
                         * make sure to clear it out afterwards.
                         */
                        n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
                        if (n <= 0) {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                    ERR_R_DH_LIB);
@@ -1995,7 +1994,6 @@ ssl3_send_client_key_exchange(SSL *s)
                        EC_KEY *tkey;
                        int field_size = 0;
                        /* Ensure that we have an ephemeral key for ECDHE. */
                        if ((alg_k & SSL_kECDHE) &&
                            s->session->sess_cert->peer_ecdh_tmp == NULL) {
@@ -2045,8 +2043,7 @@ ssl3_send_client_key_exchange(SSL *s)
                        /* Generate a new ECDH key pair */
                        if (!(EC_KEY_generate_key(clnt_ecdh))) {
-                                SSLerr(
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                    ERR_R_ECDH_LIB);
                                goto err;
                        }
@@ -2061,7 +2058,7 @@ ssl3_send_client_key_exchange(SSL *s)
                                    ERR_R_ECDH_LIB);
                                goto err;
                        }
-                        n = ECDH_compute_key(p, (field_size + 7)/8,
+                        n = ECDH_compute_key(p, (field_size + 7) / 8,
                            srvr_ecpoint, clnt_ecdh, NULL);
                        if (n <= 0) {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2070,9 +2067,9 @@ ssl3_send_client_key_exchange(SSL *s)
                        }
                        /* generate master key from the result */
-                        s->session->master_key_length = s->method->ssl3_enc \
+                        s->session->master_key_length =
-                            -> generate_master_secret(s,
+                            s->method->ssl3_enc->generate_master_secret(s,
-                            s->session->master_key, p, n);
+                                s->session->master_key, p, n);
                        memset(p, 0, n); /* clean up */
@@ -2080,19 +2077,15 @@ ssl3_send_client_key_exchange(SSL *s)
                         * First check the size of encoding and
                         * allocate memory accordingly.
                         */
-                        encoded_pt_len = EC_POINT_point2oct(
+                        encoded_pt_len = EC_POINT_point2oct(srvr_group,
-                                srvr_group,
+                            EC_KEY_get0_public_key(clnt_ecdh),
-                                EC_KEY_get0_public_key(clnt_ecdh),
+                            POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
-                                POINT_CONVERSION_UNCOMPRESSED,
-                                NULL, 0, NULL);
                        encodedPoint = malloc(encoded_pt_len);
                        bn_ctx = BN_CTX_new();
-                        if ((encodedPoint == NULL) ||
+                        if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                            (bn_ctx == NULL)) {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                SSLerr(
-                                    SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                    ERR_R_MALLOC_FAILURE);
                                goto err;
                        }
@@ -2100,8 +2093,8 @@ ssl3_send_client_key_exchange(SSL *s)
                        /* Encode the public key */
                        n = EC_POINT_point2oct(srvr_group,
                            EC_KEY_get0_public_key(clnt_ecdh),
-                            POINT_CONVERSION_UNCOMPRESSED,
+                            POINT_CONVERSION_UNCOMPRESSED, encodedPoint,
-                            encodedPoint, encoded_pt_len, bn_ctx);
+                            encoded_pt_len, bn_ctx);
                        *p = n; /* length of encoded point */
                        /* Encoded point will be copied here */
@@ -2141,34 +2134,36 @@ ssl3_send_client_key_exchange(SSL *s)
                        pkey_ctx = EVP_PKEY_CTX_new(
                            pub_key = X509_get_pubkey(peer_cert),
                            NULL);
                        /*
                         * If we have send a certificate, and certificate key
                         * parameters match those of server certificate, use
                         * certificate key for key exchange.
                         * Otherwise, generate ephemeral key pair.
                         */
                        EVP_PKEY_encrypt_init(pkey_ctx);
                        /* Generate session key. */
                        arc4random_buf(premaster_secret, 32);
                        /*
-                         * If we have client certificate, use its secret
+                         * If we have client certificate, use its secret as
-                         * as peer key.
+                         * peer key.
                         */
                        if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
                                if (EVP_PKEY_derive_set_peer(pkey_ctx,
                                    s->cert->key->privatekey) <=0) {
                                        /*
-                                         * If there was an error -
+                                         * If there was an error - just ignore
-                                         * just ignore it. Ephemeral key
+                                         * it. Ephemeral key would be used.
-                                         * would be used
                                         */
                                        ERR_clear_error();
                                }
                        }
                        /*
                         * Compute shared IV and store it in algorithm-specific
-                         * context data
+                         * context data.
                         */
                        ukm_hash = EVP_MD_CTX_create();
                        if (ukm_hash == NULL) {
@@ -2195,9 +2190,10 @@ ssl3_send_client_key_exchange(SSL *s)
                                    SSL_R_LIBRARY_BUG);
                                goto err;
                        }
                        /*
-                         * Make GOST keytransport blob message,
+                         * Make GOST keytransport blob message, encapsulate it
-                         * encapsulate it into sequence.
+                         * into sequence.
                         */
                        *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
                        msglen = 255;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index eed359450f..1424641047 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.127 2015/09/11 18:08:21 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.128 2015/09/12 10:09:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1965,7 +1965,6 @@ ssl3_send_client_key_exchange(SSL *s)
                         * make sure to clear it out afterwards.
                         */
                        n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
                        if (n <= 0) {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                    ERR_R_DH_LIB);
@@ -1995,7 +1994,6 @@ ssl3_send_client_key_exchange(SSL *s)
                        EC_KEY *tkey;
                        int field_size = 0;
                        /* Ensure that we have an ephemeral key for ECDHE. */
                        if ((alg_k & SSL_kECDHE) &&
                            s->session->sess_cert->peer_ecdh_tmp == NULL) {
@@ -2045,8 +2043,7 @@ ssl3_send_client_key_exchange(SSL *s)
                        /* Generate a new ECDH key pair */
                        if (!(EC_KEY_generate_key(clnt_ecdh))) {
-                                SSLerr(
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                    ERR_R_ECDH_LIB);
                                goto err;
                        }
@@ -2061,7 +2058,7 @@ ssl3_send_client_key_exchange(SSL *s)
                                    ERR_R_ECDH_LIB);
                                goto err;
                        }
-                        n = ECDH_compute_key(p, (field_size + 7)/8,
+                        n = ECDH_compute_key(p, (field_size + 7) / 8,
                            srvr_ecpoint, clnt_ecdh, NULL);
                        if (n <= 0) {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2070,9 +2067,9 @@ ssl3_send_client_key_exchange(SSL *s)
                        }
                        /* generate master key from the result */
-                        s->session->master_key_length = s->method->ssl3_enc \
+                        s->session->master_key_length =
-                            -> generate_master_secret(s,
+                            s->method->ssl3_enc->generate_master_secret(s,
-                            s->session->master_key, p, n);
+                                s->session->master_key, p, n);
                        memset(p, 0, n); /* clean up */
@@ -2080,19 +2077,15 @@ ssl3_send_client_key_exchange(SSL *s)
                         * First check the size of encoding and
                         * allocate memory accordingly.
                         */
-                        encoded_pt_len = EC_POINT_point2oct(
+                        encoded_pt_len = EC_POINT_point2oct(srvr_group,
-                                srvr_group,
+                            EC_KEY_get0_public_key(clnt_ecdh),
-                                EC_KEY_get0_public_key(clnt_ecdh),
+                            POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
-                                POINT_CONVERSION_UNCOMPRESSED,
-                                NULL, 0, NULL);
                        encodedPoint = malloc(encoded_pt_len);
                        bn_ctx = BN_CTX_new();
-                        if ((encodedPoint == NULL) ||
+                        if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                            (bn_ctx == NULL)) {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                SSLerr(
-                                    SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                    ERR_R_MALLOC_FAILURE);
                                goto err;
                        }
@@ -2100,8 +2093,8 @@ ssl3_send_client_key_exchange(SSL *s)
                        /* Encode the public key */
                        n = EC_POINT_point2oct(srvr_group,
                            EC_KEY_get0_public_key(clnt_ecdh),
-                            POINT_CONVERSION_UNCOMPRESSED,
+                            POINT_CONVERSION_UNCOMPRESSED, encodedPoint,
-                            encodedPoint, encoded_pt_len, bn_ctx);
+                            encoded_pt_len, bn_ctx);
                        *p = n; /* length of encoded point */
                        /* Encoded point will be copied here */
@@ -2141,34 +2134,36 @@ ssl3_send_client_key_exchange(SSL *s)
                        pkey_ctx = EVP_PKEY_CTX_new(
                            pub_key = X509_get_pubkey(peer_cert),
                            NULL);
                        /*
                         * If we have send a certificate, and certificate key
                         * parameters match those of server certificate, use
                         * certificate key for key exchange.
                         * Otherwise, generate ephemeral key pair.
                         */
                        EVP_PKEY_encrypt_init(pkey_ctx);
                        /* Generate session key. */
                        arc4random_buf(premaster_secret, 32);
                        /*
-                         * If we have client certificate, use its secret
+                         * If we have client certificate, use its secret as
-                         * as peer key.
+                         * peer key.
                         */
                        if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
                                if (EVP_PKEY_derive_set_peer(pkey_ctx,
                                    s->cert->key->privatekey) <=0) {
                                        /*
-                                         * If there was an error -
+                                         * If there was an error - just ignore
-                                         * just ignore it. Ephemeral key
+                                         * it. Ephemeral key would be used.
-                                         * would be used
                                         */
                                        ERR_clear_error();
                                }
                        }
                        /*
                         * Compute shared IV and store it in algorithm-specific
-                         * context data
+                         * context data.
                         */
                        ukm_hash = EVP_MD_CTX_create();
                        if (ukm_hash == NULL) {
@@ -2195,9 +2190,10 @@ ssl3_send_client_key_exchange(SSL *s)
                                    SSL_R_LIBRARY_BUG);
                                goto err;
                        }
                        /*
-                         * Make GOST keytransport blob message,
+                         * Make GOST keytransport blob message, encapsulate it
-                         * encapsulate it into sequence.
+                         * into sequence.
                         */
                        *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
                        msglen = 255;
author	jsing <>	2015-09-12 10:09:16 +0000
committer	jsing <>	2015-09-12 10:09:16 +0000
commit	e44eee81e5e20f236f4bce54afb725d6ba460437 (patch)
tree	4fc8d60557b1bffab0c51ca536ed13124b548095
parent	a6fad4398c5c6f137d4e06054ff993a175e1149b (diff)
download	openbsd-e44eee81e5e20f236f4bce54afb725d6ba460437.tar.gz openbsd-e44eee81e5e20f236f4bce54afb725d6ba460437.tar.bz2 openbsd-e44eee81e5e20f236f4bce54afb725d6ba460437.zip