style(9), fix comments, wrap long lines and tweak whitespace.

author: jsing <> 2015-09-11 16:27:40 +0000
committer: jsing <> 2015-09-11 16:27:40 +0000
commit: 17940a7d2ce479d9b1d953966cf5889735aa9714 (patch)
tree: eb674be88c4c5d3082434a4baefe0d85730a4414 /src
parent: 7cc0ff236ba2392f4e38f24b0ff89771d4a18a2b (diff)
download: openbsd-17940a7d2ce479d9b1d953966cf5889735aa9714.tar.gz
openbsd-17940a7d2ce479d9b1d953966cf5889735aa9714.tar.bz2
openbsd-17940a7d2ce479d9b1d953966cf5889735aa9714.zip
2 files changed, 118 insertions, 62 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 6448f27a03..7b5139bbe3 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.44 2015/09/11 15:59:21 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.45 2015/09/11 16:27:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -127,28 +127,38 @@
 #include "bytestring.h"
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+/*
+ * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC).
+ */
 int
 ssl3_do_write(SSL *s, int type)
 {
        int ret;
        ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
-        s->init_num);
+            s->init_num);
        if (ret < 0)
                return (-1);
        if (type == SSL3_RT_HANDSHAKE)
-                /* should not be done for 'Hello Request's, but in that case
+                /*
-                 * we'll ignore the result anyway */
+                 * Should not be done for 'Hello Request's, but in that case
-                ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);
+                 * we'll ignore the result anyway.
+                 */
+                ssl3_finish_mac(s,
+                    (unsigned char *)&s->init_buf->data[s->init_off], ret);
        if (ret == s->init_num) {
                if (s->msg_callback)
-                        s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
+                        s->msg_callback(1, s->version, type, s->init_buf->data,
+                            (size_t)(s->init_off + s->init_num), s,
+                            s->msg_callback_arg);
                return (1);
        }
        s->init_off += ret;
        s->init_num -= ret;
        return (0);
 }
@@ -191,17 +201,23 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
        return (ssl3_handshake_write(s));
 }
-/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
+/*
+ * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
+ * so far.
+ */
 static void
 ssl3_take_mac(SSL *s)
 {
        const char *sender;
        int slen;
-        /* If no new cipher setup return immediately: other functions will
+        /*
+         * If no new cipher setup return immediately: other functions will
         * set the appropriate error.
         */
        if (s->s3->tmp.new_cipher == NULL)
                return;
        if (s->state & SSL_ST_CONNECT) {
                sender = s->method->ssl3_enc->server_finished_label;
                slen = s->method->ssl3_enc->server_finished_label_len;
@@ -210,8 +226,9 @@ ssl3_take_mac(SSL *s)
                slen = s->method->ssl3_enc->client_finished_label_len;
        }
-        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+        s->s3->tmp.peer_finish_md_len =
-        sender, slen, s->s3->tmp.peer_finish_md);
+            s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+                s->s3->tmp.peer_finish_md);
 }
 int
@@ -221,9 +238,8 @@ ssl3_get_finished(SSL *s, int a, int b)
        long n;
        CBS cbs;
-        n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
+        /* should actually be 36+4 :-) */
-            64, /* should actually be 36+4 :-) */ &ok);
+        n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
        if (!ok)
                return ((int)n);
@@ -347,16 +363,18 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
                } else {
                        X509_STORE_CTX xs_ctx;
-                        if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+                        if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
-                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
+                            x, NULL)) {
+                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                                    ERR_R_X509_LIB);
                                return (0);
                        }
                        X509_verify_cert(&xs_ctx);
-                        /* Don't leave errors in the queue */
+                        /* Don't leave errors in the queue. */
                        ERR_clear_error();
                        for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
                                x = sk_X509_value(xs_ctx.chain, i);
                                if (ssl3_add_cert_to_buf(buf, &l, x)) {
                                        X509_STORE_CTX_cleanup(&xs_ctx);
                                        return 0;
@@ -383,7 +401,8 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
        return (l);
 }
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1),
 * maximum acceptable body length 'max'.
 * The first four bytes (msg_type and length) are read in state 'st1',
 * the body is read in state 'stn'.
@@ -402,7 +421,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                s->s3->tmp.reuse_message = 0;
                if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,
+                            SSL_R_UNEXPECTED_MESSAGE);
                        goto f_err;
                }
                *ok = 1;
@@ -413,8 +433,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        p = (unsigned char *)s->init_buf->data;
-        if (s->state == st1) /* s->init_num < 4 */
+        /* s->init_num < 4 */
-        {
+        if (s->state == st1) {
                int skip_message;
                do {
@@ -443,17 +463,19 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                                        skip_message = 1;
                                        if (s->msg_callback)
-                                                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
+                                                s->msg_callback(0, s->version,
+                                                    SSL3_RT_HANDSHAKE, p, 4, s,
+                                                    s->msg_callback_arg);
                                }
                        }
                } while (skip_message);
                /* s->init_num == 4 */
                if ((mt >= 0) && (*p != mt)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,
+                            SSL_R_UNEXPECTED_MESSAGE);
                        goto f_err;
                }
@@ -468,7 +490,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                if (l > (unsigned long)max) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,
+                            SSL_R_EXCESSIVE_MESSAGE_SIZE);
                        goto f_err;
                }
                if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
@@ -505,9 +528,13 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        /* Feed this message into MAC computation. */
        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
        if (s->msg_callback)
-                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                    s->init_buf->data, (size_t)s->init_num + 4, s,
+                    s->msg_callback_arg);
        *ok = 1;
-        return s->init_num;
+        return (s->init_num);
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
@@ -533,12 +560,13 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                ret = SSL_PKEY_RSA_ENC;
        } else if (i == EVP_PKEY_DSA) {
                ret = SSL_PKEY_DSA_SIGN;
-        }
+        } else if (i == EVP_PKEY_EC) {
-        else if (i == EVP_PKEY_EC) {
                ret = SSL_PKEY_ECC;
-        } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
+        } else if (i == NID_id_GostR3410_2001 ||
+            i == NID_id_GostR3410_2001_cc) {
                ret = SSL_PKEY_GOST01;
        }
 err:
        if (!pkey)
                EVP_PKEY_free(pk);
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 6448f27a03..7b5139bbe3 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.44 2015/09/11 15:59:21 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.45 2015/09/11 16:27:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -127,28 +127,38 @@
 #include "bytestring.h"
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+/*
+ * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC).
+ */
 int
 ssl3_do_write(SSL *s, int type)
 {
        int ret;
        ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
-        s->init_num);
+            s->init_num);
        if (ret < 0)
                return (-1);
        if (type == SSL3_RT_HANDSHAKE)
-                /* should not be done for 'Hello Request's, but in that case
+                /*
-                 * we'll ignore the result anyway */
+                 * Should not be done for 'Hello Request's, but in that case
-                ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);
+                 * we'll ignore the result anyway.
+                 */
+                ssl3_finish_mac(s,
+                    (unsigned char *)&s->init_buf->data[s->init_off], ret);
        if (ret == s->init_num) {
                if (s->msg_callback)
-                        s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
+                        s->msg_callback(1, s->version, type, s->init_buf->data,
+                            (size_t)(s->init_off + s->init_num), s,
+                            s->msg_callback_arg);
                return (1);
        }
        s->init_off += ret;
        s->init_num -= ret;
        return (0);
 }
@@ -191,17 +201,23 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
        return (ssl3_handshake_write(s));
 }
-/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
+/*
+ * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
+ * so far.
+ */
 static void
 ssl3_take_mac(SSL *s)
 {
        const char *sender;
        int slen;
-        /* If no new cipher setup return immediately: other functions will
+        /*
+         * If no new cipher setup return immediately: other functions will
         * set the appropriate error.
         */
        if (s->s3->tmp.new_cipher == NULL)
                return;
        if (s->state & SSL_ST_CONNECT) {
                sender = s->method->ssl3_enc->server_finished_label;
                slen = s->method->ssl3_enc->server_finished_label_len;
@@ -210,8 +226,9 @@ ssl3_take_mac(SSL *s)
                slen = s->method->ssl3_enc->client_finished_label_len;
        }
-        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+        s->s3->tmp.peer_finish_md_len =
-        sender, slen, s->s3->tmp.peer_finish_md);
+            s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+                s->s3->tmp.peer_finish_md);
 }
 int
@@ -221,9 +238,8 @@ ssl3_get_finished(SSL *s, int a, int b)
        long n;
        CBS cbs;
-        n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
+        /* should actually be 36+4 :-) */
-            64, /* should actually be 36+4 :-) */ &ok);
+        n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
        if (!ok)
                return ((int)n);
@@ -347,16 +363,18 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
                } else {
                        X509_STORE_CTX xs_ctx;
-                        if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+                        if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
-                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
+                            x, NULL)) {
+                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                                    ERR_R_X509_LIB);
                                return (0);
                        }
                        X509_verify_cert(&xs_ctx);
-                        /* Don't leave errors in the queue */
+                        /* Don't leave errors in the queue. */
                        ERR_clear_error();
                        for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
                                x = sk_X509_value(xs_ctx.chain, i);
                                if (ssl3_add_cert_to_buf(buf, &l, x)) {
                                        X509_STORE_CTX_cleanup(&xs_ctx);
                                        return 0;
@@ -383,7 +401,8 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
        return (l);
 }
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1),
 * maximum acceptable body length 'max'.
 * The first four bytes (msg_type and length) are read in state 'st1',
 * the body is read in state 'stn'.
@@ -402,7 +421,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                s->s3->tmp.reuse_message = 0;
                if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,
+                            SSL_R_UNEXPECTED_MESSAGE);
                        goto f_err;
                }
                *ok = 1;
@@ -413,8 +433,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        p = (unsigned char *)s->init_buf->data;
-        if (s->state == st1) /* s->init_num < 4 */
+        /* s->init_num < 4 */
-        {
+        if (s->state == st1) {
                int skip_message;
                do {
@@ -443,17 +463,19 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                                        skip_message = 1;
                                        if (s->msg_callback)
-                                                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
+                                                s->msg_callback(0, s->version,
+                                                    SSL3_RT_HANDSHAKE, p, 4, s,
+                                                    s->msg_callback_arg);
                                }
                        }
                } while (skip_message);
                /* s->init_num == 4 */
                if ((mt >= 0) && (*p != mt)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,
+                            SSL_R_UNEXPECTED_MESSAGE);
                        goto f_err;
                }
@@ -468,7 +490,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                if (l > (unsigned long)max) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                        SSLerr(SSL_F_SSL3_GET_MESSAGE,
+                            SSL_R_EXCESSIVE_MESSAGE_SIZE);
                        goto f_err;
                }
                if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
@@ -505,9 +528,13 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        /* Feed this message into MAC computation. */
        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
        if (s->msg_callback)
-                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                    s->init_buf->data, (size_t)s->init_num + 4, s,
+                    s->msg_callback_arg);
        *ok = 1;
-        return s->init_num;
+        return (s->init_num);
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
@@ -533,12 +560,13 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                ret = SSL_PKEY_RSA_ENC;
        } else if (i == EVP_PKEY_DSA) {
                ret = SSL_PKEY_DSA_SIGN;
-        }
+        } else if (i == EVP_PKEY_EC) {
-        else if (i == EVP_PKEY_EC) {
                ret = SSL_PKEY_ECC;
-        } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
+        } else if (i == NID_id_GostR3410_2001 ||
+            i == NID_id_GostR3410_2001_cc) {
                ret = SSL_PKEY_GOST01;
        }
 err:
        if (!pkey)
                EVP_PKEY_free(pk);
author	jsing <>	2015-09-11 16:27:40 +0000
committer	jsing <>	2015-09-11 16:27:40 +0000
commit	17940a7d2ce479d9b1d953966cf5889735aa9714 (patch)
tree	eb674be88c4c5d3082434a4baefe0d85730a4414 /src
parent	7cc0ff236ba2392f4e38f24b0ff89771d4a18a2b (diff)
download	openbsd-17940a7d2ce479d9b1d953966cf5889735aa9714.tar.gz openbsd-17940a7d2ce479d9b1d953966cf5889735aa9714.tar.bz2 openbsd-17940a7d2ce479d9b1d953966cf5889735aa9714.zip

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 6448f27a03..7b5139bbe3 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_both.c,v 1.44 2015/09/11 15:59:21 jsing Exp $ */	1	/* $OpenBSD: s3_both.c,v 1.45 2015/09/11 16:27:40 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -127,28 +127,38 @@
127		127
128	#include "bytestring.h"	128	#include "bytestring.h"
129		129
130	/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */	130	/*
		131	* Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
		132	* SSL3_RT_CHANGE_CIPHER_SPEC).
		133	*/
131	int	134	int
132	ssl3_do_write(SSL *s, int type)	135	ssl3_do_write(SSL *s, int type)
133	{	136	{
134	int ret;	137	int ret;
135		138
136	ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],	139	ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
137	s->init_num);	140	s->init_num);
138	if (ret < 0)	141	if (ret < 0)
139	return (-1);	142	return (-1);
140	if (type == SSL3_RT_HANDSHAKE)	143	if (type == SSL3_RT_HANDSHAKE)
141	/* should not be done for 'Hello Request's, but in that case	144	/*
142	* we'll ignore the result anyway */	145	* Should not be done for 'Hello Request's, but in that case
143	ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);	146	* we'll ignore the result anyway.
		147	*/
		148	ssl3_finish_mac(s,
		149	(unsigned char *)&s->init_buf->data[s->init_off], ret);
144		150
145	if (ret == s->init_num) {	151	if (ret == s->init_num) {
146	if (s->msg_callback)	152	if (s->msg_callback)
147	s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);	153	s->msg_callback(1, s->version, type, s->init_buf->data,
		154	(size_t)(s->init_off + s->init_num), s,
		155	s->msg_callback_arg);
148	return (1);	156	return (1);
149	}	157	}
		158
150	s->init_off += ret;	159	s->init_off += ret;
151	s->init_num -= ret;	160	s->init_num -= ret;
		161
152	return (0);	162	return (0);
153	}	163	}
154		164
@@ -191,17 +201,23 @@ ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
191	return (ssl3_handshake_write(s));	201	return (ssl3_handshake_write(s));
192	}	202	}
193		203
194	/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */	204	/*
		205	* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
		206	* so far.
		207	*/
195	static void	208	static void
196	ssl3_take_mac(SSL *s)	209	ssl3_take_mac(SSL *s)
197	{	210	{
198	const char *sender;	211	const char *sender;
199	int slen;	212	int slen;
200	/* If no new cipher setup return immediately: other functions will	213
		214	/*
		215	* If no new cipher setup return immediately: other functions will
201	* set the appropriate error.	216	* set the appropriate error.
202	*/	217	*/
203	if (s->s3->tmp.new_cipher == NULL)	218	if (s->s3->tmp.new_cipher == NULL)
204	return;	219	return;
		220
205	if (s->state & SSL_ST_CONNECT) {	221	if (s->state & SSL_ST_CONNECT) {
206	sender = s->method->ssl3_enc->server_finished_label;	222	sender = s->method->ssl3_enc->server_finished_label;
207	slen = s->method->ssl3_enc->server_finished_label_len;	223	slen = s->method->ssl3_enc->server_finished_label_len;
@@ -210,8 +226,9 @@ ssl3_take_mac(SSL *s)
210	slen = s->method->ssl3_enc->client_finished_label_len;	226	slen = s->method->ssl3_enc->client_finished_label_len;
211	}	227	}
212		228
213	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,	229	s->s3->tmp.peer_finish_md_len =
214	sender, slen, s->s3->tmp.peer_finish_md);	230	s->method->ssl3_enc->final_finish_mac(s, sender, slen,
		231	s->s3->tmp.peer_finish_md);
215	}	232	}
216		233
217	int	234	int
@@ -221,9 +238,8 @@ ssl3_get_finished(SSL *s, int a, int b)
221	long n;	238	long n;
222	CBS cbs;	239	CBS cbs;
223		240
224	n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,	241	/* should actually be 36+4 :-) */
225	64, /* should actually be 36+4 :-) */ &ok);	242	n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
226
227	if (!ok)	243	if (!ok)
228	return ((int)n);	244	return ((int)n);
229		245
@@ -347,16 +363,18 @@ ssl3_output_cert_chain(SSL s, X509 x)
347	} else {	363	} else {
348	X509_STORE_CTX xs_ctx;	364	X509_STORE_CTX xs_ctx;
349		365
350	if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {	366	if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
351	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);	367	x, NULL)) {
		368	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
		369	ERR_R_X509_LIB);
352	return (0);	370	return (0);
353	}	371	}
354	X509_verify_cert(&xs_ctx);	372	X509_verify_cert(&xs_ctx);
355	/* Don't leave errors in the queue */	373
		374	/* Don't leave errors in the queue. */
356	ERR_clear_error();	375	ERR_clear_error();
357	for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {	376	for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
358	x = sk_X509_value(xs_ctx.chain, i);	377	x = sk_X509_value(xs_ctx.chain, i);
359
360	if (ssl3_add_cert_to_buf(buf, &l, x)) {	378	if (ssl3_add_cert_to_buf(buf, &l, x)) {
361	X509_STORE_CTX_cleanup(&xs_ctx);	379	X509_STORE_CTX_cleanup(&xs_ctx);
362	return 0;	380	return 0;
@@ -383,7 +401,8 @@ ssl3_output_cert_chain(SSL s, X509 x)
383	return (l);	401	return (l);
384	}	402	}
385		403
386	/* Obtain handshake message of message type 'mt' (any if mt == -1),	404	/*
		405	* Obtain handshake message of message type 'mt' (any if mt == -1),
387	* maximum acceptable body length 'max'.	406	* maximum acceptable body length 'max'.
388	* The first four bytes (msg_type and length) are read in state 'st1',	407	* The first four bytes (msg_type and length) are read in state 'st1',
389	* the body is read in state 'stn'.	408	* the body is read in state 'stn'.
@@ -402,7 +421,8 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
402	s->s3->tmp.reuse_message = 0;	421	s->s3->tmp.reuse_message = 0;
403	if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {	422	if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
404	al = SSL_AD_UNEXPECTED_MESSAGE;	423	al = SSL_AD_UNEXPECTED_MESSAGE;
405	SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);	424	SSLerr(SSL_F_SSL3_GET_MESSAGE,
		425	SSL_R_UNEXPECTED_MESSAGE);
406	goto f_err;	426	goto f_err;
407	}	427	}
408	*ok = 1;	428	*ok = 1;
@@ -413,8 +433,8 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
413		433
414	p = (unsigned char *)s->init_buf->data;	434	p = (unsigned char *)s->init_buf->data;
415		435
416	if (s->state == st1) /* s->init_num < 4 */	436	/* s->init_num < 4 */
417	{	437	if (s->state == st1) {
418	int skip_message;	438	int skip_message;
419		439
420	do {	440	do {
@@ -443,17 +463,19 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
443	skip_message = 1;	463	skip_message = 1;
444		464
445	if (s->msg_callback)	465	if (s->msg_callback)
446	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);	466	s->msg_callback(0, s->version,
		467	SSL3_RT_HANDSHAKE, p, 4, s,
		468	s->msg_callback_arg);
447	}	469	}
448	}	470	}
449
450	} while (skip_message);	471	} while (skip_message);
451		472
452	/* s->init_num == 4 */	473	/* s->init_num == 4 */
453		474
454	if ((mt >= 0) && (*p != mt)) {	475	if ((mt >= 0) && (*p != mt)) {
455	al = SSL_AD_UNEXPECTED_MESSAGE;	476	al = SSL_AD_UNEXPECTED_MESSAGE;
456	SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);	477	SSLerr(SSL_F_SSL3_GET_MESSAGE,
		478	SSL_R_UNEXPECTED_MESSAGE);
457	goto f_err;	479	goto f_err;
458	}	480	}
459		481
@@ -468,7 +490,8 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
468		490
469	if (l > (unsigned long)max) {	491	if (l > (unsigned long)max) {
470	al = SSL_AD_ILLEGAL_PARAMETER;	492	al = SSL_AD_ILLEGAL_PARAMETER;
471	SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);	493	SSLerr(SSL_F_SSL3_GET_MESSAGE,
		494	SSL_R_EXCESSIVE_MESSAGE_SIZE);
472	goto f_err;	495	goto f_err;
473	}	496	}
474	if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {	497	if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
@@ -505,9 +528,13 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
505	/* Feed this message into MAC computation. */	528	/* Feed this message into MAC computation. */
506	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);	529	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
507	if (s->msg_callback)	530	if (s->msg_callback)
508	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);	531	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
		532	s->init_buf->data, (size_t)s->init_num + 4, s,
		533	s->msg_callback_arg);
		534
509	*ok = 1;	535	*ok = 1;
510	return s->init_num;	536	return (s->init_num);
		537
511	f_err:	538	f_err:
512	ssl3_send_alert(s, SSL3_AL_FATAL, al);	539	ssl3_send_alert(s, SSL3_AL_FATAL, al);
513	err:	540	err:
@@ -533,12 +560,13 @@ ssl_cert_type(X509 x, EVP_PKEY pkey)
533	ret = SSL_PKEY_RSA_ENC;	560	ret = SSL_PKEY_RSA_ENC;
534	} else if (i == EVP_PKEY_DSA) {	561	} else if (i == EVP_PKEY_DSA) {
535	ret = SSL_PKEY_DSA_SIGN;	562	ret = SSL_PKEY_DSA_SIGN;
536	}	563	} else if (i == EVP_PKEY_EC) {
537	else if (i == EVP_PKEY_EC) {
538	ret = SSL_PKEY_ECC;	564	ret = SSL_PKEY_ECC;
539	} else if (i == NID_id_GostR3410_2001 \|\| i == NID_id_GostR3410_2001_cc) {	565	} else if (i == NID_id_GostR3410_2001 \|\|
		566	i == NID_id_GostR3410_2001_cc) {
540	ret = SSL_PKEY_GOST01;	567	ret = SSL_PKEY_GOST01;
541	}	568	}
		569
542	err:	570	err:
543	if (!pkey)	571	if (!pkey)
544	EVP_PKEY_free(pk);	572	EVP_PKEY_free(pk);


diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 6448f27a03..7b5139bbe3 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_both.c,v 1.44 2015/09/11 15:59:21 jsing Exp $ */	1	/* $OpenBSD: s3_both.c,v 1.45 2015/09/11 16:27:40 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -127,28 +127,38 @@
127		127
128	#include "bytestring.h"	128	#include "bytestring.h"
129		129
130	/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */	130	/*
		131	* Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
		132	* SSL3_RT_CHANGE_CIPHER_SPEC).
		133	*/
131	int	134	int
132	ssl3_do_write(SSL *s, int type)	135	ssl3_do_write(SSL *s, int type)
133	{	136	{
134	int ret;	137	int ret;
135		138
136	ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],	139	ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
137	s->init_num);	140	s->init_num);
138	if (ret < 0)	141	if (ret < 0)
139	return (-1);	142	return (-1);
140	if (type == SSL3_RT_HANDSHAKE)	143	if (type == SSL3_RT_HANDSHAKE)
141	/* should not be done for 'Hello Request's, but in that case	144	/*
142	* we'll ignore the result anyway */	145	* Should not be done for 'Hello Request's, but in that case
143	ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);	146	* we'll ignore the result anyway.
		147	*/
		148	ssl3_finish_mac(s,
		149	(unsigned char *)&s->init_buf->data[s->init_off], ret);
144		150
145	if (ret == s->init_num) {	151	if (ret == s->init_num) {
146	if (s->msg_callback)	152	if (s->msg_callback)
147	s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);	153	s->msg_callback(1, s->version, type, s->init_buf->data,
		154	(size_t)(s->init_off + s->init_num), s,
		155	s->msg_callback_arg);
148	return (1);	156	return (1);
149	}	157	}
		158
150	s->init_off += ret;	159	s->init_off += ret;
151	s->init_num -= ret;	160	s->init_num -= ret;
		161
152	return (0);	162	return (0);
153	}	163	}
154		164
@@ -191,17 +201,23 @@ ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
191	return (ssl3_handshake_write(s));	201	return (ssl3_handshake_write(s));
192	}	202	}
193		203
194	/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */	204	/*
		205	* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
		206	* so far.
		207	*/
195	static void	208	static void
196	ssl3_take_mac(SSL *s)	209	ssl3_take_mac(SSL *s)
197	{	210	{
198	const char *sender;	211	const char *sender;
199	int slen;	212	int slen;
200	/* If no new cipher setup return immediately: other functions will	213
		214	/*
		215	* If no new cipher setup return immediately: other functions will
201	* set the appropriate error.	216	* set the appropriate error.
202	*/	217	*/
203	if (s->s3->tmp.new_cipher == NULL)	218	if (s->s3->tmp.new_cipher == NULL)
204	return;	219	return;
		220
205	if (s->state & SSL_ST_CONNECT) {	221	if (s->state & SSL_ST_CONNECT) {
206	sender = s->method->ssl3_enc->server_finished_label;	222	sender = s->method->ssl3_enc->server_finished_label;
207	slen = s->method->ssl3_enc->server_finished_label_len;	223	slen = s->method->ssl3_enc->server_finished_label_len;
@@ -210,8 +226,9 @@ ssl3_take_mac(SSL *s)
210	slen = s->method->ssl3_enc->client_finished_label_len;	226	slen = s->method->ssl3_enc->client_finished_label_len;
211	}	227	}
212		228
213	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,	229	s->s3->tmp.peer_finish_md_len =
214	sender, slen, s->s3->tmp.peer_finish_md);	230	s->method->ssl3_enc->final_finish_mac(s, sender, slen,
		231	s->s3->tmp.peer_finish_md);
215	}	232	}
216		233
217	int	234	int
@@ -221,9 +238,8 @@ ssl3_get_finished(SSL *s, int a, int b)
221	long n;	238	long n;
222	CBS cbs;	239	CBS cbs;
223		240
224	n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,	241	/* should actually be 36+4 :-) */
225	64, /* should actually be 36+4 :-) */ &ok);	242	n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
226
227	if (!ok)	243	if (!ok)
228	return ((int)n);	244	return ((int)n);
229		245
@@ -347,16 +363,18 @@ ssl3_output_cert_chain(SSL s, X509 x)
347	} else {	363	} else {
348	X509_STORE_CTX xs_ctx;	364	X509_STORE_CTX xs_ctx;
349		365
350	if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {	366	if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
351	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);	367	x, NULL)) {
		368	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
		369	ERR_R_X509_LIB);
352	return (0);	370	return (0);
353	}	371	}
354	X509_verify_cert(&xs_ctx);	372	X509_verify_cert(&xs_ctx);
355	/* Don't leave errors in the queue */	373
		374	/* Don't leave errors in the queue. */
356	ERR_clear_error();	375	ERR_clear_error();
357	for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {	376	for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
358	x = sk_X509_value(xs_ctx.chain, i);	377	x = sk_X509_value(xs_ctx.chain, i);
359
360	if (ssl3_add_cert_to_buf(buf, &l, x)) {	378	if (ssl3_add_cert_to_buf(buf, &l, x)) {
361	X509_STORE_CTX_cleanup(&xs_ctx);	379	X509_STORE_CTX_cleanup(&xs_ctx);
362	return 0;	380	return 0;
@@ -383,7 +401,8 @@ ssl3_output_cert_chain(SSL s, X509 x)
383	return (l);	401	return (l);
384	}	402	}
385		403
386	/* Obtain handshake message of message type 'mt' (any if mt == -1),	404	/*
		405	* Obtain handshake message of message type 'mt' (any if mt == -1),
387	* maximum acceptable body length 'max'.	406	* maximum acceptable body length 'max'.
388	* The first four bytes (msg_type and length) are read in state 'st1',	407	* The first four bytes (msg_type and length) are read in state 'st1',
389	* the body is read in state 'stn'.	408	* the body is read in state 'stn'.
@@ -402,7 +421,8 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
402	s->s3->tmp.reuse_message = 0;	421	s->s3->tmp.reuse_message = 0;
403	if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {	422	if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
404	al = SSL_AD_UNEXPECTED_MESSAGE;	423	al = SSL_AD_UNEXPECTED_MESSAGE;
405	SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);	424	SSLerr(SSL_F_SSL3_GET_MESSAGE,
		425	SSL_R_UNEXPECTED_MESSAGE);
406	goto f_err;	426	goto f_err;
407	}	427	}
408	*ok = 1;	428	*ok = 1;
@@ -413,8 +433,8 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
413		433
414	p = (unsigned char *)s->init_buf->data;	434	p = (unsigned char *)s->init_buf->data;
415		435
416	if (s->state == st1) /* s->init_num < 4 */	436	/* s->init_num < 4 */
417	{	437	if (s->state == st1) {
418	int skip_message;	438	int skip_message;
419		439
420	do {	440	do {
@@ -443,17 +463,19 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
443	skip_message = 1;	463	skip_message = 1;
444		464
445	if (s->msg_callback)	465	if (s->msg_callback)
446	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);	466	s->msg_callback(0, s->version,
		467	SSL3_RT_HANDSHAKE, p, 4, s,
		468	s->msg_callback_arg);
447	}	469	}
448	}	470	}
449
450	} while (skip_message);	471	} while (skip_message);
451		472
452	/* s->init_num == 4 */	473	/* s->init_num == 4 */
453		474
454	if ((mt >= 0) && (*p != mt)) {	475	if ((mt >= 0) && (*p != mt)) {
455	al = SSL_AD_UNEXPECTED_MESSAGE;	476	al = SSL_AD_UNEXPECTED_MESSAGE;
456	SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);	477	SSLerr(SSL_F_SSL3_GET_MESSAGE,
		478	SSL_R_UNEXPECTED_MESSAGE);
457	goto f_err;	479	goto f_err;
458	}	480	}
459		481
@@ -468,7 +490,8 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
468		490
469	if (l > (unsigned long)max) {	491	if (l > (unsigned long)max) {
470	al = SSL_AD_ILLEGAL_PARAMETER;	492	al = SSL_AD_ILLEGAL_PARAMETER;
471	SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);	493	SSLerr(SSL_F_SSL3_GET_MESSAGE,
		494	SSL_R_EXCESSIVE_MESSAGE_SIZE);
472	goto f_err;	495	goto f_err;
473	}	496	}
474	if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {	497	if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
@@ -505,9 +528,13 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
505	/* Feed this message into MAC computation. */	528	/* Feed this message into MAC computation. */
506	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);	529	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
507	if (s->msg_callback)	530	if (s->msg_callback)
508	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);	531	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
		532	s->init_buf->data, (size_t)s->init_num + 4, s,
		533	s->msg_callback_arg);
		534
509	*ok = 1;	535	*ok = 1;
510	return s->init_num;	536	return (s->init_num);
		537
511	f_err:	538	f_err:
512	ssl3_send_alert(s, SSL3_AL_FATAL, al);	539	ssl3_send_alert(s, SSL3_AL_FATAL, al);
513	err:	540	err:
@@ -533,12 +560,13 @@ ssl_cert_type(X509 x, EVP_PKEY pkey)
533	ret = SSL_PKEY_RSA_ENC;	560	ret = SSL_PKEY_RSA_ENC;
534	} else if (i == EVP_PKEY_DSA) {	561	} else if (i == EVP_PKEY_DSA) {
535	ret = SSL_PKEY_DSA_SIGN;	562	ret = SSL_PKEY_DSA_SIGN;
536	}	563	} else if (i == EVP_PKEY_EC) {
537	else if (i == EVP_PKEY_EC) {
538	ret = SSL_PKEY_ECC;	564	ret = SSL_PKEY_ECC;
539	} else if (i == NID_id_GostR3410_2001 \|\| i == NID_id_GostR3410_2001_cc) {	565	} else if (i == NID_id_GostR3410_2001 \|\|
		566	i == NID_id_GostR3410_2001_cc) {
540	ret = SSL_PKEY_GOST01;	567	ret = SSL_PKEY_GOST01;
541	}	568	}
		569
542	err:	570	err:
543	if (!pkey)	571	if (!pkey)
544	EVP_PKEY_free(pk);	572	EVP_PKEY_free(pk);