Hi tech@
I was too ambitious with the previous diffs. Here they are again.
First diff is whitespace only that can be checked with tr and md5.
Second diff is for non-whitespace KNF cleanup.
Index: s3_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_lib.c,v
retrieving revision 1.35
diff -u -p -r1.35 s3_lib.c
--- s3_lib.c 24 Apr 2014 13:06:52 -0000 1.35
+++ s3_lib.c 3 May 2014 18:51:56 -0000
@@ -169,8 +169,9 @@ const char ssl3_version_str[]="SSLv3" OP
/* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
-/* The RSA ciphers */
-/* Cipher 01 */
+ /* The RSA ciphers */
+
+ /* Cipher 01 */
{
1,
SSL3_TXT_RSA_NULL_MD5,
@@ -186,7 +187,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
0,
},
-/* Cipher 02 */
+ /* Cipher 02 */
{
1,
SSL3_TXT_RSA_NULL_SHA,
@@ -202,7 +203,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
0,
},
-/* Cipher 03 */
+ /* Cipher 03 */
{
1,
SSL3_TXT_RSA_RC4_40_MD5,
@@ -218,7 +219,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 04 */
+ /* Cipher 04 */
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
@@ -234,7 +235,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 05 */
+ /* Cipher 05 */
{
1,
SSL3_TXT_RSA_RC4_128_SHA,
@@ -250,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 06 */
+ /* Cipher 06 */
{
1,
SSL3_TXT_RSA_RC2_40_MD5,
@@ -266,7 +267,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 07 */
+ /* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
{
1,
@@ -284,7 +285,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
},
#endif
-/* Cipher 08 */
+ /* Cipher 08 */
{
1,
SSL3_TXT_RSA_DES_40_CBC_SHA,
@@ -300,7 +301,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 09 */
+ /* Cipher 09 */
{
1,
SSL3_TXT_RSA_DES_64_CBC_SHA,
@@ -316,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 0A */
+ /* Cipher 0A */
{
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
@@ -332,8 +333,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
},
-/* The DH ciphers */
-/* Cipher 0B */
+ /* The DH ciphers */
+
+ /* Cipher 0B */
{
0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
@@ -349,7 +351,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 0C */
+ /* Cipher 0C */
{
0, /* not implemented (non-ephemeral DH) */
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
@@ -365,7 +367,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 0D */
+ /* Cipher 0D */
{
0, /* not implemented (non-ephemeral DH) */
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
@@ -381,7 +383,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
},
-/* Cipher 0E */
+ /* Cipher 0E */
{
0, /* not implemented (non-ephemeral DH) */
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
@@ -397,7 +399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 0F */
+ /* Cipher 0F */
{
0, /* not implemented (non-ephemeral DH) */
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
@@ -413,7 +415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 10 */
+ /* Cipher 10 */
{
0, /* not implemented (non-ephemeral DH) */
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
@@ -429,8 +431,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
},
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
+ /* The Ephemeral DH ciphers */
+
+ /* Cipher 11 */
{
1,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
@@ -446,7 +449,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 12 */
+ /* Cipher 12 */
{
1,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
@@ -462,7 +465,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 13 */
+ /* Cipher 13 */
{
1,
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
@@ -478,7 +481,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
},
-/* Cipher 14 */
+ /* Cipher 14 */
{
1,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
@@ -494,7 +497,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 15 */
+ /* Cipher 15 */
{
1,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
@@ -510,7 +513,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 16 */
+ /* Cipher 16 */
{
1,
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
@@ -526,7 +529,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
},
-/* Cipher 17 */
+ /* Cipher 17 */
{
1,
SSL3_TXT_ADH_RC4_40_MD5,
@@ -542,7 +545,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 18 */
+ /* Cipher 18 */
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
@@ -558,7 +561,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 19 */
+ /* Cipher 19 */
{
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
@@ -574,7 +577,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 1A */
+ /* Cipher 1A */
{
1,
SSL3_TXT_ADH_DES_64_CBC_SHA,
@@ -590,7 +593,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 1B */
+ /* Cipher 1B */
{
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
@@ -605,9 +608,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
168,
},
+
#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers*/
-/* Cipher 1E */
+ /* The Kerberos ciphers */
+
+ /* Cipher 1E */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_SHA,
@@ -623,7 +628,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 1F */
+ /* Cipher 1F */
{
1,
SSL3_TXT_KRB5_DES_192_CBC3_SHA,
@@ -639,7 +644,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
},
-/* Cipher 20 */
+ /* Cipher 20 */
{
1,
SSL3_TXT_KRB5_RC4_128_SHA,
@@ -655,7 +660,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 21 */
+ /* Cipher 21 */
{
1,
SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
@@ -671,7 +676,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 22 */
+ /* Cipher 22 */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -687,7 +692,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 23 */
+ /* Cipher 23 */
{
1,
SSL3_TXT_KRB5_DES_192_CBC3_MD5,
@@ -703,7 +708,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
168,
},
-/* Cipher 24 */
+ /* Cipher 24 */
{
1,
SSL3_TXT_KRB5_RC4_128_MD5,
@@ -719,7 +724,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 25 */
+ /* Cipher 25 */
{
1,
SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
@@ -735,7 +740,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 26 */
+ /* Cipher 26 */
{
1,
SSL3_TXT_KRB5_DES_40_CBC_SHA,
@@ -751,7 +756,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 27 */
+ /* Cipher 27 */
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@@ -767,7 +772,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 28 */
+ /* Cipher 28 */
{
1,
SSL3_TXT_KRB5_RC4_40_SHA,
@@ -783,7 +788,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 29 */
+ /* Cipher 29 */
{
1,
SSL3_TXT_KRB5_DES_40_CBC_MD5,
@@ -799,7 +804,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
56,
},
-/* Cipher 2A */
+ /* Cipher 2A */
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@@ -815,7 +820,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 2B */
+ /* Cipher 2B */
{
1,
SSL3_TXT_KRB5_RC4_40_MD5,
@@ -830,10 +835,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
40,
128,
},
-#endif /* OPENSSL_NO_KRB5 */
+#endif /* OPENSSL_NO_KRB5 */
+
+ /* New AES ciphersuites */
-/* New AES ciphersuites */
-/* Cipher 2F */
+ /* Cipher 2F */
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA,
@@ -848,7 +854,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
128,
},
-/* Cipher 30 */
+
+ /* Cipher 30 */
{
0,
TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
@@ -863,7 +870,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
128,
},
-/* Cipher 31 */
+
+ /* Cipher 31 */
{
0,
TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
@@ -878,7 +886,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
128,
},
-/* Cipher 32 */
+
+ /* Cipher 32 */
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
@@ -893,7 +902,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
128,
},
-/* Cipher 33 */
+
+ /* Cipher 33 */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
@@ -908,7 +918,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
128,
},
-/* Cipher 34 */
+
+ /* Cipher 34 */
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA,
@@ -924,7 +935,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
},
-/* Cipher 35 */
+ /* Cipher 35 */
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA,
@@ -939,7 +950,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256,
},
-/* Cipher 36 */
+
+ /* Cipher 36 */
{
0,
TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
@@ -955,7 +967,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
},
-/* Cipher 37 */
+ /* Cipher 37 */
{
0, /* not implemented (non-ephemeral DH) */
TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
@@ -971,7 +983,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
},
-/* Cipher 38 */
+ /* Cipher 38 */
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
@@ -987,7 +999,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
},
-/* Cipher 39 */
+ /* Cipher 39 */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
@@ -1020,6 +1032,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
},
/* TLS v1.2 ciphersuites */
+
/* Cipher 3B */
{
1,
@@ -1217,6 +1230,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
#endif /* OPENSSL_NO_CAMELLIA */
/* TLS v1.2 ciphersuites */
+
/* Cipher 67 */
{
1,
@@ -1345,6 +1359,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256
},
+
{
1,
"GOST2001-GOST89-GOST89",
@@ -1359,6 +1374,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256
},
+
{
1,
"GOST94-NULL-GOST94",
@@ -1373,6 +1389,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
0,
0
},
+
{
1,
"GOST2001-NULL-GOST94",
@@ -1406,6 +1423,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256,
},
+
/* Cipher 85 */
{
0, /* not implemented (non-ephemeral DH) */
@@ -1551,7 +1569,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256,
},
-#endif /* OPENSSL_NO_PSK */
+#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SEED
/* SEED ciphersuites from RFC4162 */
@@ -1651,7 +1669,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
128,
128,
},
-
#endif /* OPENSSL_NO_SEED */
/* GCM ciphersuites from RFC5288 */
@@ -2248,7 +2265,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256,
},
-#endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_SRP
/* Cipher C01A */
@@ -2394,9 +2411,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256,
},
-#endif /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
+#endif /* OPENSSL_NO_SRP */
+#ifndef OPENSSL_NO_ECDH
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C023 */
@@ -2656,12 +2673,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256,
},
-
#endif /* OPENSSL_NO_ECDH */
-
#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
+ /* Cipher FF00 */
{
1,
"GOST-MD5",
@@ -2676,6 +2691,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256,
},
+
{
1,
"GOST-GOST94",
@@ -2690,6 +2706,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256
},
+
{
1,
"GOST-GOST89MAC",
@@ -2704,6 +2721,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256,
256
},
+
{
1,
"GOST-GOST89STREAM",
@@ -2736,8 +2754,8 @@ SSL3_ENC_METHOD SSLv3_enc_data = {
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
(int (*)(SSL *, unsigned char *, size_t, const char *,
- size_t, const unsigned char *, size_t,
- int use_context))ssl_undefined_function,
+ size_t, const unsigned char *, size_t,
+ int use_context))ssl_undefined_function,
};
long
@@ -2770,7 +2788,6 @@ ssl3_pending(const SSL *s)
{
if (s->rstate == SSL_ST_READ_BODY)
return 0;
-
return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
s->s3->rrec.length : 0;
}
@@ -2930,7 +2947,7 @@ srp_password_from_info_cb(SSL *s, void *
long
ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
- int ret = 0;
+ int ret = 0;
if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
@@ -2970,6 +2987,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, vo
case SSL_CTRL_SET_TMP_RSA:
{
RSA *rsa = (RSA *)parg;
+
if (rsa == NULL) {
SSLerr(SSL_F_SSL3_CTRL,
ERR_R_PASSED_NULL_PARAMETER);
@@ -2988,15 +3006,16 @@ ssl3_ctrl(SSL *s, int cmd, long larg, vo
break;
case SSL_CTRL_SET_TMP_RSA_CB:
{
- SSLerr(SSL_F_SSL3_CTRL,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (ret);
+ SSLerr(SSL_F_SSL3_CTRL,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (ret);
}
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
+
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL,
ERR_R_PASSED_NULL_PARAMETER);
@@ -3023,9 +3042,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, vo
break;
case SSL_CTRL_SET_TMP_DH_CB:
{
- SSLerr(SSL_F_SSL3_CTRL,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (ret);
+ SSLerr(SSL_F_SSL3_CTRL,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (ret);
}
break;
#endif
@@ -3061,9 +3080,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, vo
break;
case SSL_CTRL_SET_TMP_ECDH_CB:
{
- SSLerr(SSL_F_SSL3_CTRL,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (ret);
+ SSLerr(SSL_F_SSL3_CTRL,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (ret);
}
break;
#endif /* !OPENSSL_NO_ECDH */
@@ -3098,7 +3117,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, vo
s->tlsext_debug_arg = parg;
ret = 1;
break;
-
#ifdef TLSEXT_TYPE_opaque_prf_input
case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
if (larg > 12288) {
@@ -3126,36 +3144,29 @@ ssl3_ctrl(SSL *s, int cmd, long larg, vo
s->tlsext_opaque_prf_input_len = 0;
break;
#endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
s->tlsext_status_type = larg;
ret = 1;
break;
-
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
*(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
ret = 1;
break;
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
s->tlsext_ocsp_exts = parg;
ret = 1;
break;
-
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
*(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
ret = 1;
break;
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
s->tlsext_ocsp_ids = parg;
ret = 1;
break;
-
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
*(unsigned char **)parg = s->tlsext_ocsp_resp;
return s->tlsext_ocsp_resplen;
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
if (s->tlsext_ocsp_resp)
free(s->tlsext_ocsp_resp);
@@ -3163,7 +3174,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, vo
s->tlsext_ocsp_resplen = larg;
ret = 1;
break;
-
#endif /* !OPENSSL_NO_TLSEXT */
default:
break;
@@ -3187,21 +3197,20 @@ ssl3_callback_ctrl(SSL *s, int cmd, void
switch (cmd) {
case SSL_CTRL_SET_TMP_RSA_CB:
{
- s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+ s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
- s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+ s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
{
- s->cert->ecdh_tmp_cb =
- (EC_KEY *(*)(SSL *, int, int))fp;
+ s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
}
break;
#endif
@@ -3261,9 +3270,9 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, lon
/* break; */
case SSL_CTRL_SET_TMP_RSA_CB:
{
- SSLerr(SSL_F_SSL3_CTX_CTRL,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
+ SSLerr(SSL_F_SSL3_CTX_CTRL,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
}
break;
#ifndef OPENSSL_NO_DH
@@ -3293,9 +3302,9 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, lon
/*break; */
case SSL_CTRL_SET_TMP_DH_CB:
{
- SSLerr(SSL_F_SSL3_CTX_CTRL,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
+ SSLerr(SSL_F_SSL3_CTX_CTRL,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
}
break;
#endif
@@ -3333,9 +3342,9 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, lon
/* break; */
case SSL_CTRL_SET_TMP_ECDH_CB:
{
- SSLerr(SSL_F_SSL3_CTX_CTRL,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
+ SSLerr(SSL_F_SSL3_CTX_CTRL,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
}
break;
#endif /* !OPENSSL_NO_ECDH */
@@ -3347,6 +3356,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, lon
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
{
unsigned char *keys = parg;
+
if (!keys)
return 48;
if (larg != 48) {
@@ -3368,18 +3378,15 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, lon
}
return 1;
}
-
#ifdef TLSEXT_TYPE_opaque_prf_input
case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
ctx->tlsext_opaque_prf_input_callback_arg = parg;
return 1;
#endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
ctx->tlsext_status_arg = parg;
return 1;
break;
-
#ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
ctx->srp_ctx.srp_Mask|=SSL_kSRP;
@@ -3406,36 +3413,31 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, lon
ctx->srp_ctx.info = parg;
break;
case SSL_CTRL_SET_SRP_ARG:
- ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+ ctx->srp_ctx.srp_Mask |= SSL_kSRP;
ctx->srp_ctx.SRP_cb_arg = parg;
break;
-
case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
ctx->srp_ctx.strength = larg;
break;
#endif
#endif /* !OPENSSL_NO_TLSEXT */
-
/* A Thawte special :-) */
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL) {
if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
return (0);
}
- sk_X509_push(ctx->extra_certs,(X509 *)parg);
+ sk_X509_push(ctx->extra_certs, (X509 *)parg);
break;
-
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
*(STACK_OF(X509) **)parg = ctx->extra_certs;
break;
-
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
if (ctx->extra_certs) {
sk_X509_pop_free(ctx->extra_certs, X509_free);
ctx->extra_certs = NULL;
}
break;
-
default:
return (0);
}
@@ -3452,20 +3454,20 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int
switch (cmd) {
case SSL_CTRL_SET_TMP_RSA_CB:
{
- cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+ cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
- cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+ cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
{
- cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+ cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
}
break;
#endif
@@ -3474,36 +3476,32 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int
ctx->tlsext_servername_callback =
(int (*)(SSL *, int *, void *))fp;
break;
-
#ifdef TLSEXT_TYPE_opaque_prf_input
case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
ctx->tlsext_opaque_prf_input_callback =
(int (*)(SSL *, void *, size_t, void *))fp;
break;
#endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
break;
-
case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
break;
-
#ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
- ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+ ctx->srp_ctx.srp_Mask |= SSL_kSRP;
ctx->srp_ctx.SRP_verify_param_callback =
(int (*)(SSL *, void *))fp;
break;
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
- ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+ ctx->srp_ctx.srp_Mask |= SSL_kSRP;
ctx->srp_ctx.TLS_ext_srp_username_callback =
(int (*)(SSL *, int *, void *))fp;
break;
case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
- ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+ ctx->srp_ctx.srp_Mask |= SSL_kSRP;
ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
(char *(*)(SSL *, void *))fp;
break;
@@ -3552,19 +3550,20 @@ ssl3_put_cipher_by_char(const SSL_CIPHER
return (2);
}
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+SSL_CIPHER *
+ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr)
{
SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok;
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
- unsigned int j;
- int ec_ok, ec_nid;
- unsigned char ec_search1 = 0, ec_search2 = 0;
+ unsigned int j;
+ int ec_ok, ec_nid;
+ unsigned char ec_search1 = 0, ec_search2 = 0;
#endif
- CERT *cert;
- unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
+ CERT *cert;
+ unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
/* Let's see which ciphers we can support */
cert = s->cert;
@@ -3585,13 +3584,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
(void *)srvr);
for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
c = sk_SSL_CIPHER_value(srvr, i);
- printf("%p:%s\n",(void *)c, c->name);
+ printf("%p:%s\n", (void *)c, c->name);
}
printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
(void *)clnt);
for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
c = sk_SSL_CIPHER_value(clnt, i);
- printf("%p:%s\n",(void *)c, c->name);
+ printf("%p:%s\n", (void *)c, c->name);
}
#endif
@@ -3622,15 +3621,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
#endif
#ifdef KSSL_DEBUG
-/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
-#endif /* KSSL_DEBUG */
+/* printf("ssl3_choose_cipher %d alg= %lx\n", i, c->algorithms); */
+#endif /* KSSL_DEBUG */
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
#ifndef OPENSSL_NO_KRB5
if (alg_k & SSL_kKRB5) {
- if (!kssl_keytab_is_available(s->kssl_ctx) )
+ if (!kssl_keytab_is_available(s->kssl_ctx))
continue;
}
#endif /* OPENSSL_NO_KRB5 */
@@ -3651,7 +3650,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
ok = (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG
printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
- ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
+ ok, alg_k, alg_a, mask_k, mask_a, (void *)c,
c->name);
#endif
}
@@ -3670,8 +3669,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
* and the client specified a Supported Point Formats
* extension
*/
- && ((s->session->tlsext_ecpointformatlist_length > 0) &&
- (s->session->tlsext_ecpointformatlist != NULL))
+ && (
+ (s->session->tlsext_ecpointformatlist_length > 0)
+ && (s->session->tlsext_ecpointformatlist != NULL)
+ )
/* and our certificate's point is compressed */
&& (
(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
@@ -3745,7 +3746,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
}
if ((ec_search1 != 0) || (ec_search2 != 0)) {
for (j = 0; j <
s->session->tlsext_ellipticcurvelist_length / 2; j++) {
- if
((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) &&
(s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
+ if
((s->session->tlsext_ellipticcurvelist[2 * j] == ec_search1) &&
(s->session->tlsext_ellipticcurvelist[2 * j + 1] == ec_search2)) {
ec_ok = 1;
break;
}
@@ -3784,7 +3785,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
}
if ((ec_search1 != 0) || (ec_search2 != 0)) {
for (j = 0; j <
s->session->tlsext_ellipticcurvelist_length / 2; j++) {
- if
((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) &&
(s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
+ if
((s->session->tlsext_ellipticcurvelist[2 * j] == ec_search1) &&
(s->session->tlsext_ellipticcurvelist[2 * j + 1] == ec_search2)) {
ec_ok = 1;
break;
}
@@ -3834,12 +3835,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kDHr|SSL_kEDH)) {
+ if (alg_k & (SSL_kDHr | SSL_kEDH)) {
p[ret++] = SSL3_CT_RSA_FIXED_DH;
p[ret++] = SSL3_CT_DSS_FIXED_DH;
}
if ((s->version == SSL3_VERSION) &&
- (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
+ (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
}
@@ -3847,7 +3848,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned
p[ret++] = SSL3_CT_RSA_SIGN;
p[ret++] = SSL3_CT_DSS_SIGN;
#ifndef OPENSSL_NO_ECDH
- if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
+ if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >=
TLS1_VERSION)) {
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
}
@@ -3875,12 +3876,12 @@ ssl3_shutdown(SSL *s)
* we don't want to send messages :-)
*/
if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
- s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+ s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
return (1);
}
if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
- s->shutdown|=SSL_SENT_SHUTDOWN;
+ s->shutdown |= SSL_SENT_SHUTDOWN;
#if 1
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
#endif
@@ -3889,7 +3890,7 @@ ssl3_shutdown(SSL *s)
* to be written, s->s3->alert_dispatch will be true
*/
if (s->s3->alert_dispatch)
- return(-1); /* return WANT_WRITE */
+ return (-1); /* return WANT_WRITE */
} else if (s->s3->alert_dispatch) {
/* resend it if not sent */
#if 1
@@ -3908,7 +3909,7 @@ ssl3_shutdown(SSL *s)
/* If we are waiting for a close from our peer, we are closed */
s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
- return(-1); /* return WANT_READ */
+ return (-1); /* return WANT_READ */
}
}
@@ -3960,7 +3961,7 @@ ssl3_write(SSL *s, const void *buf, int
/* We have flushed the buffer, so remove it */
ssl_free_wbio_buffer(s);
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
ret = s->s3->delay_buf_pop_ret;
s->s3->delay_buf_pop_ret = 0;
@@ -4061,7 +4062,7 @@ ssl_get_algorithm2(SSL *s)
long alg2 = s->s3->tmp.new_cipher->algorithm2;
if (s->method->version == TLS1_2_VERSION &&
- alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
return alg2;
}
