Hi tech@
Apply this diff after my previous diff.
This diff cleans up the non-whitespace KNF in s3_lib.c
--- s3_lib.c Thu May 1 21:32:06 2014
+++ /usr/src/lib/libssl/src/ssl/s3_lib.c Fri May 2 22:10:24 2014
@@ -1357,7 +1357,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
256,
- 256
+ 256,
},
{
@@ -1372,7 +1372,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
256,
- 256
+ 256,
},
{
@@ -1387,7 +1387,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP|SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
0,
- 0
+ 0,
},
{
@@ -1402,7 +1402,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP|SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
0,
- 0
+ 0,
},
#ifndef OPENSSL_NO_CAMELLIA
@@ -2704,7 +2704,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
- 256
+ 256,
},
{
@@ -2719,7 +2719,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
- 256
+ 256,
},
{
@@ -2734,7 +2734,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
256,
- 256
+ 256,
},
#endif
@@ -2779,18 +2779,17 @@ ssl3_get_cipher(unsigned int u)
{
if (u < SSL3_NUM_CIPHERS)
return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
- else
- return (NULL);
+ return (NULL);
}
int
ssl3_pending(const SSL *s)
{
if (s->rstate == SSL_ST_READ_BODY)
- return 0;
+ return (0);
- return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
- s->s3->rrec.length : 0;
+ return ((s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
+ s->s3->rrec.length : 0);
}
int
@@ -2845,9 +2844,8 @@ ssl3_free(SSL *s)
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
- if (s->s3->handshake_buffer) {
+ if (s->s3->handshake_buffer)
BIO_free(s->s3->handshake_buffer);
- }
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
#ifndef OPENSSL_NO_SRP
@@ -2909,9 +2907,8 @@ ssl3_clear(SSL *s)
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
}
- if (s->s3->handshake_dgst) {
+ if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
- }
memset(s->s3, 0, sizeof *s->s3);
s->s3->rbuf.buf = rp;
s->s3->wbuf.buf = wp;
@@ -2986,7 +2983,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ret = 1;
break;
case SSL_CTRL_SET_TMP_RSA:
- {
RSA *rsa = (RSA *)parg;
if (rsa == NULL) {
SSLerr(SSL_F_SSL3_CTRL,
@@ -3002,18 +2998,14 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
RSA_free(s->cert->rsa_tmp);
s->cert->rsa_tmp = rsa;
ret = 1;
- }
break;
case SSL_CTRL_SET_TMP_RSA_CB:
- {
SSLerr(SSL_F_SSL3_CTRL,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
- }
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
- {
DH *dh = (DH *)parg;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL,
@@ -3037,19 +3029,15 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
ret = 1;
- }
break;
case SSL_CTRL_SET_TMP_DH_CB:
- {
SSLerr(SSL_F_SSL3_CTRL,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
- }
break;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
- {
EC_KEY *ecdh = NULL;
if (parg == NULL) {
@@ -3075,14 +3063,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
EC_KEY_free(s->cert->ecdh_tmp);
s->cert->ecdh_tmp = ecdh;
ret = 1;
- }
break;
case SSL_CTRL_SET_TMP_ECDH_CB:
- {
SSLerr(SSL_F_SSL3_CTRL,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
- }
break;
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
@@ -3098,18 +3083,18 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
SSLerr(SSL_F_SSL3_CTRL,
SSL_R_SSL3_EXT_INVALID_SERVERNAME);
- return 0;
+ return (0);
}
if ((s->tlsext_hostname = BUF_strdup((char *)parg))
== NULL) {
SSLerr(SSL_F_SSL3_CTRL,
ERR_R_INTERNAL_ERROR);
- return 0;
+ return (0);
}
} else {
SSLerr(SSL_F_SSL3_CTRL,
SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
- return 0;
+ return (0);
}
break;
case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
@@ -3165,7 +3150,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
*(unsigned char **)parg = s->tlsext_ocsp_resp;
- return s->tlsext_ocsp_resplen;
+ return (s->tlsext_ocsp_resplen);
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
if (s->tlsext_ocsp_resp)
free(s->tlsext_ocsp_resp);
@@ -3195,23 +3180,16 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
switch (cmd) {
case SSL_CTRL_SET_TMP_RSA_CB:
- {
s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
- {
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
break;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- s->cert->ecdh_tmp_cb =
- (EC_KEY *(*)(SSL *, int, int))fp;
- }
+ s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
break;
#endif
#ifndef OPENSSL_NO_TLSEXT
@@ -3240,13 +3218,11 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *
(EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
(512 / 8))))
return (1);
- else
- return (0);
- /* break; */
+ return (0);
+ break;
case SSL_CTRL_SET_TMP_RSA:
- {
- RSA *rsa;
- int i;
+ RSA *rsa;
+ int i;
rsa = (RSA *)parg;
i = 1;
@@ -3266,86 +3242,74 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *
cert->rsa_tmp = rsa;
return (1);
}
- }
- /* break; */
+ break;
case SSL_CTRL_SET_TMP_RSA_CB:
- {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
- }
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
- {
DH *new = NULL, *dh;
dh = (DH *)parg;
if ((new = DHparams_dup(dh)) == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_DH_LIB);
- return 0;
+ return (0);
}
if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
if (!DH_generate_key(new)) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_DH_LIB);
DH_free(new);
- return 0;
+ return (0);
}
}
if (cert->dh_tmp != NULL)
DH_free(cert->dh_tmp);
cert->dh_tmp = new;
- return 1;
- }
- /*break; */
+ return (1);
+ break;
case SSL_CTRL_SET_TMP_DH_CB:
- {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
- }
break;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
- {
EC_KEY *ecdh = NULL;
if (parg == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_ECDH_LIB);
- return 0;
+ return (0);
}
ecdh = EC_KEY_dup((EC_KEY *)parg);
if (ecdh == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_EC_LIB);
- return 0;
+ return (0);
}
if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
if (!EC_KEY_generate_key(ecdh)) {
EC_KEY_free(ecdh);
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_ECDH_LIB);
- return 0;
+ return (0);
}
}
- if (cert->ecdh_tmp != NULL) {
+ if (cert->ecdh_tmp != NULL)
EC_KEY_free(cert->ecdh_tmp);
- }
cert->ecdh_tmp = ecdh;
- return 1;
- }
- /* break; */
+ return (1);
+ break;
case SSL_CTRL_SET_TMP_ECDH_CB:
- {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
- }
break;
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
@@ -3354,37 +3318,32 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *
break;
case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
- {
unsigned char *keys = parg;
if (!keys)
- return 48;
+ return (48);
if (larg != 48) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
SSL_R_INVALID_TICKET_KEYS_LENGTH);
- return 0;
+ return (0);
}
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
memcpy(ctx->tlsext_tick_key_name, keys, 16);
- memcpy(ctx->tlsext_tick_hmac_key,
- keys + 16, 16);
+ memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
} else {
memcpy(keys, ctx->tlsext_tick_key_name, 16);
- memcpy(keys + 16,
- ctx->tlsext_tick_hmac_key, 16);
- memcpy(keys + 32,
- ctx->tlsext_tick_aes_key, 16);
+ memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
+ memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
}
- return 1;
- }
+ return (1);
#ifdef TLSEXT_TYPE_opaque_prf_input
case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
ctx->tlsext_opaque_prf_input_callback_arg = parg;
- return 1;
+ return (1);
#endif
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
ctx->tlsext_status_arg = parg;
- return 1;
+ return (1);
break;
#ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
@@ -3398,12 +3357,12 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *
strlen((const char *)parg) < 1) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
SSL_R_INVALID_SRP_USERNAME);
- return 0;
+ return (0);
}
if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_INTERNAL_ERROR);
- return 0;
+ return (0);
}
break;
case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
@@ -3452,22 +3411,16 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*f
switch (cmd) {
case SSL_CTRL_SET_TMP_RSA_CB:
- {
cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
- {
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
break;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
- {
cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
break;
#endif
#ifndef OPENSSL_NO_TLSEXT
@@ -3512,8 +3465,10 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*f
return (1);
}
-/* This function needs to check if the ciphers required are actually
- * available */
+/*
+ * This function needs to check if the ciphers required are actually
+ * available.
+ */
const SSL_CIPHER *
ssl3_get_cipher_by_char(const unsigned char *p)
{
@@ -3529,9 +3484,8 @@ ssl3_get_cipher_by_char(const unsigned char *p)
fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
#endif
if (cp == NULL || cp->valid == 0)
- return NULL;
- else
- return cp;
+ return (NULL);
+ return (cp);
}
int
@@ -3557,12 +3511,12 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok;
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
- unsigned int j;
- int ec_ok, ec_nid;
- unsigned char ec_search1 = 0, ec_search2 = 0;
+ unsigned int j;
+ int ec_ok, ec_nid;
+ unsigned char ec_search1 = 0, ec_search2 = 0;
#endif
CERT *cert;
- unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
+ unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
/* Let's see which ciphers we can support */
cert = s->cert;
@@ -3668,8 +3622,10 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
* and the client specified a Supported Point Formats
* extension
*/
- && ((s->session->tlsext_ecpointformatlist_length > 0) &&
- (s->session->tlsext_ecpointformatlist != NULL))
+ && (
+ (s->session->tlsext_ecpointformatlist_length > 0)
+ && (s->session->tlsext_ecpointformatlist != NULL)
+ )
/* and our certificate's point is compressed */
&& (
(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
@@ -3837,7 +3793,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
p[ret++] = SSL3_CT_DSS_FIXED_DH;
}
if ((s->version == SSL3_VERSION) &&
- (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
+ (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
}
@@ -3845,7 +3801,8 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
p[ret++] = SSL3_CT_RSA_SIGN;
p[ret++] = SSL3_CT_DSS_SIGN;
#ifndef OPENSSL_NO_ECDH
- if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >=
TLS1_VERSION)) {
+ if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) &&
+ (s->version >= TLS1_VERSION)) {
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
}
@@ -3856,9 +3813,8 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
* ECDSA certs can be used with RSA cipher suites as well
* so we don't need to check for SSL_kECDH or SSL_kEECDH
*/
- if (s->version >= TLS1_VERSION) {
+ if (s->version >= TLS1_VERSION)
p[ret++] = TLS_CT_ECDSA_SIGN;
- }
#endif
return (ret);
}
@@ -3886,8 +3842,10 @@ ssl3_shutdown(SSL *s)
* Our shutdown alert has been sent now, and if it still needs
* to be written, s->s3->alert_dispatch will be true
*/
- if (s->s3->alert_dispatch)
- return (-1); /* return WANT_WRITE */
+ if (s->s3->alert_dispatch) {
+ /* return WANT_WRITE */
+ return (-1);
+ }
} else if (s->s3->alert_dispatch) {
/* resend it if not sent */
#if 1
@@ -3906,15 +3864,15 @@ ssl3_shutdown(SSL *s)
/* If we are waiting for a close from our peer, we are closed */
s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
- return (-1); /* return WANT_READ */
+ /* return WANT_READ */
+ return (-1);
}
}
if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
!s->s3->alert_dispatch)
return (1);
- else
- return (0);
+ return (0);
}
int
@@ -4060,6 +4018,6 @@ ssl_get_algorithm2(SSL *s)
if (s->method->version == TLS1_2_VERSION &&
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
- return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
- return alg2;
+ return (SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256);
+ return (alg2);
}
