From 3779c39bff8e2ae1adcc6f1324eb388d0bd49a15 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 14 Apr 2014 16:07:22 +0000 Subject: First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5. --- src/lib/libssl/s3_both.c | 668 ++++++++++++++++++++++------------------------- 1 file changed, 314 insertions(+), 354 deletions(-) (limited to 'src/lib/libssl/s3_both.c') diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 77f825af31..b2fd5c6f80 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c @@ -125,82 +125,81 @@ #include /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ -int ssl3_do_write(SSL *s, int type) - { +int +ssl3_do_write(SSL *s, int type) +{ int ret; - ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], - s->init_num); - if (ret < 0) return(-1); + ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], + s->init_num); + if (ret < 0) + return (-1); if (type == SSL3_RT_HANDSHAKE) /* should not be done for 'Hello Request's, but in that case * we'll ignore the result anyway */ - ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); - - if (ret == s->init_num) - { + ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret); + + if (ret == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); - return(1); - } - s->init_off+=ret; - s->init_num-=ret; - return(0); + return (1); } + s->init_off += ret; + s->init_num -= ret; + return (0); +} -int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) - { - unsigned char *p,*d; +int +ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) +{ + unsigned char *p, *d; int i; unsigned long l; - if (s->state == a) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); + if (s->state == a) { + d = (unsigned char *)s->init_buf->data; + p = &(d[4]); - i=s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.finish_md); + i = s->method->ssl3_enc->final_finish_mac(s, + sender, slen, s->s3->tmp.finish_md); if (i == 0) return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); - p+=i; - l=i; + p += i; + l = i; /* Copy the finished so we can use it for renegotiation checks */ - if(s->type == SSL_ST_CONNECT) - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_client_finished_len=i; - } - else - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_server_finished_len=i; - } - - *(d++)=SSL3_MT_FINISHED; - l2n3(l,d); - s->init_num=(int)l+4; - s->init_off=0; - - s->state=b; + if (s->type == SSL_ST_CONNECT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_client_finished_len = i; + } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_server_finished_len = i; } - /* SSL3_ST_SEND_xxxxxx_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + *(d++) = SSL3_MT_FINISHED; + l2n3(l, d); + s->init_num = (int)l + 4; + s->init_off = 0; + + s->state = b; } + /* SSL3_ST_SEND_xxxxxx_HELLO_B */ + return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); +} + #ifndef OPENSSL_NO_NEXTPROTONEG /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ -static void ssl3_take_mac(SSL *s) - { +static void +ssl3_take_mac(SSL *s) +{ const char *sender; int slen; /* If no new cipher setup return immediately: other functions will @@ -208,25 +207,23 @@ static void ssl3_take_mac(SSL *s) */ if (s->s3->tmp.new_cipher == NULL) return; - if (s->state & SSL_ST_CONNECT) - { - sender=s->method->ssl3_enc->server_finished_label; - slen=s->method->ssl3_enc->server_finished_label_len; - } - else - { - sender=s->method->ssl3_enc->client_finished_label; - slen=s->method->ssl3_enc->client_finished_label_len; - } + if (s->state & SSL_ST_CONNECT) { + sender = s->method->ssl3_enc->server_finished_label; + slen = s->method->ssl3_enc->server_finished_label_len; + } else { + sender = s->method->ssl3_enc->client_finished_label; + slen = s->method->ssl3_enc->client_finished_label_len; + } s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.peer_finish_md); - } + sender, slen, s->s3->tmp.peer_finish_md); +} #endif -int ssl3_get_finished(SSL *s, int a, int b) - { - int al,i,ok; +int +ssl3_get_finished(SSL *s, int a, int b) +{ + int al, i, ok; long n; unsigned char *p; @@ -236,64 +233,55 @@ int ssl3_get_finished(SSL *s, int a, int b) */ #endif - n=s->method->ssl_get_message(s, - a, - b, - SSL3_MT_FINISHED, - 64, /* should actually be 36+4 :-) */ - &ok); + n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, + 64, /* should actually be 36+4 :-) */ &ok); - if (!ok) return((int)n); + if (!ok) + return ((int)n); /* If this occurs, we have missed a message */ - if (!s->s3->change_cipher_spec) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS); + if (!s->s3->change_cipher_spec) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); goto f_err; - } - s->s3->change_cipher_spec=0; + } + s->s3->change_cipher_spec = 0; p = (unsigned char *)s->init_msg; i = s->s3->tmp.peer_finish_md_len; - if (i != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); + if (i != n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); goto f_err; - } + } - if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); + if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { + al = SSL_AD_DECRYPT_ERROR; + SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); goto f_err; - } + } /* Copy the finished so we can use it for renegotiation checks */ - if(s->type == SSL_ST_ACCEPT) - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->tmp.peer_finish_md, i); - s->s3->previous_client_finished_len=i; - } - else - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->tmp.peer_finish_md, i); - s->s3->previous_server_finished_len=i; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return(0); + if (s->type == SSL_ST_ACCEPT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_client_finished_len = i; + } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_server_finished_len = i; } + return (1); +f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + return (0); +} + /* for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero @@ -302,48 +290,49 @@ f_err: * ssl->session->read_compression assign * ssl->session->read_hash assign */ -int ssl3_send_change_cipher_spec(SSL *s, int a, int b) - { +int +ssl3_send_change_cipher_spec(SSL *s, int a, int b) +{ unsigned char *p; - if (s->state == a) - { - p=(unsigned char *)s->init_buf->data; - *p=SSL3_MT_CCS; - s->init_num=1; - s->init_off=0; + if (s->state == a) { + p = (unsigned char *)s->init_buf->data; + *p = SSL3_MT_CCS; + s->init_num = 1; + s->init_off = 0; - s->state=b; - } + s->state = b; + } /* SSL3_ST_CW_CHANGE_B */ - return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); - } + return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC)); +} -static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) - { +static int +ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) +{ int n; unsigned char *p; - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) - { - SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); - return(-1); - } - p=(unsigned char *)&(buf->data[*l]); - l2n3(n,p); - i2d_X509(x,&p); - *l+=n+3; - - return(0); + n = i2d_X509(x, NULL); + if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) { + SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); + return (-1); } + p = (unsigned char *)&(buf->data[*l]); + l2n3(n, p); + i2d_X509(x, &p); + *l += n + 3; -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) - { + return (0); +} + +unsigned long +ssl3_output_cert_chain(SSL *s, X509 *x) +{ unsigned char *p; int i; - unsigned long l=7; + unsigned long l = 7; BUF_MEM *buf; int no_chain; @@ -353,111 +342,99 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) no_chain = 0; /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow_clean(buf,10)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - if (no_chain) - { + buf = s->init_buf; + if (!BUF_MEM_grow_clean(buf, 10)) { + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB); + return (0); + } + if (x != NULL) { + if (no_chain) { if (ssl3_add_cert_to_buf(buf, &l, x)) - return(0); - } - else - { + return (0); + } else { X509_STORE_CTX xs_ctx; - if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } + if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) { + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB); + return (0); + } X509_verify_cert(&xs_ctx); /* Don't leave errors in the queue */ ERR_clear_error(); - for (i=0; i < sk_X509_num(xs_ctx.chain); i++) - { + for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) { x = sk_X509_value(xs_ctx.chain, i); - if (ssl3_add_cert_to_buf(buf, &l, x)) - { + if (ssl3_add_cert_to_buf(buf, &l, x)) { X509_STORE_CTX_cleanup(&xs_ctx); return 0; - } } - X509_STORE_CTX_cleanup(&xs_ctx); } + X509_STORE_CTX_cleanup(&xs_ctx); } + } /* Thawte special :-) */ - for (i=0; ictx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); + for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) { + x = sk_X509_value(s->ctx->extra_certs, i); if (ssl3_add_cert_to_buf(buf, &l, x)) - return(0); - } - - l-=7; - p=(unsigned char *)&(buf->data[4]); - l2n3(l,p); - l+=3; - p=(unsigned char *)&(buf->data[0]); - *(p++)=SSL3_MT_CERTIFICATE; - l2n3(l,p); - l+=4; - return(l); + return (0); } + l -= 7; + p = (unsigned char *)&(buf->data[4]); + l2n3(l, p); + l += 3; + p = (unsigned char *)&(buf->data[0]); + *(p++) = SSL3_MT_CERTIFICATE; + l2n3(l, p); + l += 4; + return (l); +} + /* Obtain handshake message of message type 'mt' (any if mt == -1), * maximum acceptable body length 'max'. * The first four bytes (msg_type and length) are read in state 'st1', * the body is read in state 'stn'. */ -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { +long +ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) +{ unsigned char *p; unsigned long l; long n; - int i,al; + int i, al; - if (s->s3->tmp.reuse_message) - { - s->s3->tmp.reuse_message=0; - if ((mt >= 0) && (s->s3->tmp.message_type != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + if (s->s3->tmp.reuse_message) { + s->s3->tmp.reuse_message = 0; + if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; - } - *ok=1; + } + *ok = 1; s->init_msg = s->init_buf->data + 4; s->init_num = (int)s->s3->tmp.message_size; return s->init_num; - } + } - p=(unsigned char *)s->init_buf->data; + p = (unsigned char *)s->init_buf->data; if (s->state == st1) /* s->init_num < 4 */ - { + { int skip_message; - do - { - while (s->init_num < 4) - { - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - &p[s->init_num],4 - s->init_num, 0); - if (i <= 0) - { - s->rwstate=SSL_READING; + do { + while (s->init_num < 4) { + i = s->method->ssl_read_bytes(s, + SSL3_RT_HANDSHAKE, &p[s->init_num], + 4 - s->init_num, 0); + if (i <= 0) { + s->rwstate = SSL_READING; *ok = 0; return i; - } - s->init_num+=i; } - + s->init_num += i; + } + skip_message = 0; if (!s->server) if (p[0] == SSL3_MT_HELLO_REQUEST) @@ -465,79 +442,72 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) * we are doing a handshake anyway now, so ignore them * if their format is correct. Does not count for * 'Finished' MAC. */ - if (p[1] == 0 && p[2] == 0 &&p[3] == 0) - { - s->init_num = 0; - skip_message = 1; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); - } + if (p[1] == 0 && p[2] == 0 &&p[3] == 0) { + s->init_num = 0; + skip_message = 1; + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); } + } while (skip_message); /* s->init_num == 4 */ - if ((mt >= 0) && (*p != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + if ((mt >= 0) && (*p != mt)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; - } + } if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && - (stn == SSL3_ST_SR_CERT_B)) - { + (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) { /* At this point we have got an MS SGC second client * hello (maybe we should always allow the client to * start a new handshake?). We need to restart the mac. * Don't increment {num,total}_renegotiations because * we have not completed the handshake. */ ssl3_init_finished_mac(s); - } + } s->s3->tmp.message_type= *(p++); - n2l3(p,l); - if (l > (unsigned long)max) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + n2l3(p, l); + if (l > (unsigned long)max) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; - } + } if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; - } - if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) - { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); + } + if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) { + SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); goto err; - } - s->s3->tmp.message_size=l; - s->state=stn; + } + s->s3->tmp.message_size = l; + s->state = stn; s->init_msg = s->init_buf->data + 4; s->init_num = 0; - } + } /* next state (stn) */ p = s->init_msg; n = s->s3->tmp.message_size - s->init_num; - while (n > 0) - { - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); - if (i <= 0) - { - s->rwstate=SSL_READING; + while (n > 0) { + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + &p[s->init_num], n, 0); + if (i <= 0) { + s->rwstate = SSL_READING; *ok = 0; return i; - } + } s->init_num += i; n -= i; - } + } #ifndef OPENSSL_NO_NEXTPROTONEG /* If receiving Finished, record MAC of prior handshake messages for @@ -550,64 +520,60 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); - *ok=1; + *ok = 1; return s->init_num; f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - *ok=0; - return(-1); - } + *ok = 0; + return (-1); +} -int ssl_cert_type(X509 *x, EVP_PKEY *pkey) - { +int +ssl_cert_type(X509 *x, EVP_PKEY *pkey) +{ EVP_PKEY *pk; - int ret= -1,i; + int ret = -1, i; if (pkey == NULL) - pk=X509_get_pubkey(x); + pk = X509_get_pubkey(x); else - pk=pkey; - if (pk == NULL) goto err; - - i=pk->type; - if (i == EVP_PKEY_RSA) - { - ret=SSL_PKEY_RSA_ENC; - } - else if (i == EVP_PKEY_DSA) - { - ret=SSL_PKEY_DSA_SIGN; - } + pk = pkey; + if (pk == NULL) + goto err; + + i = pk->type; + if (i == EVP_PKEY_RSA) { + ret = SSL_PKEY_RSA_ENC; + } else if (i == EVP_PKEY_DSA) { + ret = SSL_PKEY_DSA_SIGN; + } #ifndef OPENSSL_NO_EC - else if (i == EVP_PKEY_EC) - { + else if (i == EVP_PKEY_EC) { ret = SSL_PKEY_ECC; - } + } #endif - else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) - { + else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) { ret = SSL_PKEY_GOST94; - } - else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) - { + } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { ret = SSL_PKEY_GOST01; - } -err: - if(!pkey) EVP_PKEY_free(pk); - return(ret); } +err: + if (!pkey) + EVP_PKEY_free(pk); + return (ret); +} -int ssl_verify_alarm_type(long type) - { +int +ssl_verify_alarm_type(long type) +{ int al; - switch(type) - { + switch (type) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: case X509_V_ERR_UNABLE_TO_GET_CRL: case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - al=SSL_AD_UNKNOWN_CA; + al = SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: @@ -620,21 +586,21 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_CRL_NOT_YET_VALID: case X509_V_ERR_CERT_UNTRUSTED: case X509_V_ERR_CERT_REJECTED: - al=SSL_AD_BAD_CERTIFICATE; + al = SSL_AD_BAD_CERTIFICATE; break; case X509_V_ERR_CERT_SIGNATURE_FAILURE: case X509_V_ERR_CRL_SIGNATURE_FAILURE: - al=SSL_AD_DECRYPT_ERROR; + al = SSL_AD_DECRYPT_ERROR; break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_CRL_HAS_EXPIRED: - al=SSL_AD_CERTIFICATE_EXPIRED; + al = SSL_AD_CERTIFICATE_EXPIRED; break; case X509_V_ERR_CERT_REVOKED: - al=SSL_AD_CERTIFICATE_REVOKED; + al = SSL_AD_CERTIFICATE_REVOKED; break; case X509_V_ERR_OUT_OF_MEM: - al=SSL_AD_INTERNAL_ERROR; + al = SSL_AD_INTERNAL_ERROR; break; case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: @@ -643,20 +609,20 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_CERT_CHAIN_TOO_LONG: case X509_V_ERR_PATH_LENGTH_EXCEEDED: case X509_V_ERR_INVALID_CA: - al=SSL_AD_UNKNOWN_CA; + al = SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_APPLICATION_VERIFICATION: - al=SSL_AD_HANDSHAKE_FAILURE; + al = SSL_AD_HANDSHAKE_FAILURE; break; case X509_V_ERR_INVALID_PURPOSE: - al=SSL_AD_UNSUPPORTED_CERTIFICATE; + al = SSL_AD_UNSUPPORTED_CERTIFICATE; break; default: - al=SSL_AD_CERTIFICATE_UNKNOWN; + al = SSL_AD_CERTIFICATE_UNKNOWN; break; - } - return(al); } + return (al); +} #ifndef OPENSSL_NO_BUF_FREELISTS /* On some platforms, malloc() performance is bad enough that you can't just @@ -680,7 +646,7 @@ int ssl_verify_alarm_type(long type) */ static void * freelist_extract(SSL_CTX *ctx, int for_read, int sz) - { +{ SSL3_BUF_FREELIST *list; SSL3_BUF_FREELIST_ENTRY *ent = NULL; void *result = NULL; @@ -689,13 +655,12 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz) list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; if (list != NULL && sz == (int)list->chunklen) ent = list->head; - if (ent != NULL) - { + if (ent != NULL) { list->head = ent->next; result = ent; if (--list->len == 0) list->chunklen = 0; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); if (!result) result = OPENSSL_malloc(sz); @@ -704,80 +669,76 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz) static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) - { +{ SSL3_BUF_FREELIST *list; SSL3_BUF_FREELIST_ENTRY *ent; CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && - (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && - sz >= sizeof(*ent)) - { + if (list != NULL && (sz == list->chunklen || list->chunklen == 0) && + list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) { list->chunklen = sz; ent = mem; ent->next = list->head; list->head = ent; ++list->len; mem = NULL; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); if (mem) OPENSSL_free(mem); - } +} #else #define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) #define freelist_insert(c,fr,sz,m) OPENSSL_free(m) #endif -int ssl3_setup_read_buffer(SSL *s) - { +int +ssl3_setup_read_buffer(SSL *s) +{ unsigned char *p; - size_t len,align=0,headerlen; - + size_t len, align = 0, headerlen; + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); + align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); #endif - if (s->s3->rbuf.buf == NULL) - { - len = SSL3_RT_MAX_PLAIN_LENGTH - + SSL3_RT_MAX_ENCRYPTED_OVERHEAD - + headerlen + align; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - { + if (s->s3->rbuf.buf == NULL) { + len = SSL3_RT_MAX_PLAIN_LENGTH + + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { s->s3->init_extra = 1; len += SSL3_RT_MAX_EXTRA; - } + } #ifndef OPENSSL_NO_COMP if (!(s->options & SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if ((p=freelist_extract(s->ctx, 1, len)) == NULL) + if ((p = freelist_extract(s->ctx, 1, len)) == NULL) goto err; s->s3->rbuf.buf = p; s->s3->rbuf.len = len; - } + } - s->packet= &(s->s3->rbuf.buf[0]); + s->packet = &(s->s3->rbuf.buf[0]); return 1; err: - SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE); return 0; - } +} -int ssl3_setup_write_buffer(SSL *s) - { +int +ssl3_setup_write_buffer(SSL *s) +{ unsigned char *p; - size_t len,align=0,headerlen; + size_t len, align = 0, headerlen; if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) headerlen = DTLS1_RT_HEADER_LENGTH + 1; @@ -785,62 +746,61 @@ int ssl3_setup_write_buffer(SSL *s) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); + align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); #endif - if (s->s3->wbuf.buf == NULL) - { - len = s->max_send_fragment - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - + headerlen + align; + if (s->s3->wbuf.buf == NULL) { + len = s->max_send_fragment + + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; #ifndef OPENSSL_NO_COMP if (!(s->options & SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - len += headerlen + align - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; + len += headerlen + align + + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - if ((p=freelist_extract(s->ctx, 0, len)) == NULL) + if ((p = freelist_extract(s->ctx, 0, len)) == NULL) goto err; s->s3->wbuf.buf = p; s->s3->wbuf.len = len; - } + } return 1; err: - SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); return 0; - } +} -int ssl3_setup_buffers(SSL *s) - { +int +ssl3_setup_buffers(SSL *s) +{ if (!ssl3_setup_read_buffer(s)) return 0; if (!ssl3_setup_write_buffer(s)) return 0; return 1; - } +} -int ssl3_release_write_buffer(SSL *s) - { - if (s->s3->wbuf.buf != NULL) - { +int +ssl3_release_write_buffer(SSL *s) +{ + if (s->s3->wbuf.buf != NULL) { freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); s->s3->wbuf.buf = NULL; - } - return 1; } + return 1; +} -int ssl3_release_read_buffer(SSL *s) - { - if (s->s3->rbuf.buf != NULL) - { +int +ssl3_release_read_buffer(SSL *s) +{ + if (s->s3->rbuf.buf != NULL) { freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); s->s3->rbuf.buf = NULL; - } - return 1; } + return 1; +} -- cgit v1.2.3-55-g6feb