summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src
diff options
context:
space:
mode:
authormcbride <mcbride@openbsd.org>2014-04-24 13:06:52 +0000
committermcbride <mcbride@openbsd.org>2014-04-24 13:06:52 +0000
commitc297be8ae6f7d7cfc10970c4e4074f8dd3f48e44 (patch)
tree4170e37f40296505a57ff7563b2c2f80029d22a4 /lib/libssl/src
parentunifdef -U LINT (diff)
downloadwireguard-openbsd-c297be8ae6f7d7cfc10970c4e4074f8dd3f48e44.tar.xz
wireguard-openbsd-c297be8ae6f7d7cfc10970c4e4074f8dd3f48e44.zip
More KNF, things that couldn't be verified with md5(1), and some whitespace
I missed on the first go around.
Diffstat (limited to 'lib/libssl/src')
-rw-r--r--lib/libssl/src/ssl/s3_clnt.c87
-rw-r--r--lib/libssl/src/ssl/s3_lib.c16
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c166
-rw-r--r--lib/libssl/src/ssl/ssl_lib.c219
4 files changed, 254 insertions, 234 deletions
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index b63f0bf0c99..e765da9ecd7 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,7 +63,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -111,7 +111,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
@@ -412,12 +412,12 @@ ssl3_connect(SSL *s)
* For TLS, cert_req is set to 2, so a cert chain
* of nothing is sent, but no verify packet is sent
*/
- /*
- * XXX: For now, we do not support client
+ /*
+ * XXX: For now, we do not support client
* authentication in ECDH cipher suites with
* ECDH (rather than ECDSA) certificates.
- * We need to skip the certificate verify
- * message when client's ECDH public key is sent
+ * We need to skip the certificate verify
+ * message when client's ECDH public key is sent
* inside the client certificate.
*/
if (s->s3->tmp.cert_req == 1) {
@@ -679,7 +679,7 @@ ssl3_client_hello(SSL *s)
/* Do the message type and length last */
d = p = &(buf[4]);
- /*
+ /*
* Version indicates the negotiated version: for example from
* an SSLv2/v3 compatible client hello). The client_version
* field is the maximum version we permit and it is also
@@ -832,7 +832,7 @@ ssl3_get_server_hello(SSL *s)
if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
s->s3->tmp.reuse_message = 1;
- return 1;
+ return (1);
}
else /* already sent a cookie */
{
@@ -1473,7 +1473,7 @@ ssl3_get_key_exchange(SSL *s)
p += i;
n -= param_len;
- /*
+ /*
* This should be because we are using an
* export cipher
*/
@@ -2038,9 +2038,9 @@ ssl3_get_new_session_ticket(SSL *s)
* There are two ways to detect a resumed ticket sesion.
* One is to set an appropriate session ID and then the server
* must return a match in ServerHello. This allows the normal
- * client session ID matching to work and we know much
+ * client session ID matching to work and we know much
* earlier that the ticket has been accepted.
- *
+ *
* The other way is to set zero length session ID when the
* ticket is presented and rely on the handshake to determine
* session resumption.
@@ -2049,7 +2049,7 @@ ssl3_get_new_session_ticket(SSL *s)
* assumptions elsewhere in OpenSSL. The session ID is set
* to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
* ticket.
- */
+ */
EVP_Digest(p, ticklen, s->session->session_id,
&s->session->session_id_length, EVP_sha256(), NULL);
ret = 1;
@@ -2067,12 +2067,9 @@ ssl3_get_cert_status(SSL *s)
unsigned long resplen, n;
const unsigned char *p;
- n = s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_STATUS_A,
- SSL3_ST_CR_CERT_STATUS_B,
- SSL3_MT_CERTIFICATE_STATUS,
- 16384,
- &ok);
+ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
+ SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
+ 16384, &ok);
if (!ok)
return ((int)n);
@@ -2123,7 +2120,7 @@ ssl3_get_cert_status(SSL *s)
goto f_err;
}
}
- return 1;
+ return (1);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
@@ -2147,7 +2144,7 @@ ssl3_get_server_done(SSL *s)
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_SERVER_DONE,
SSL_R_LENGTH_MISMATCH);
- return -1;
+ return (-1);
}
ret = 1;
return (ret);
@@ -2229,8 +2226,7 @@ ssl3_send_client_key_exchange(SSL *s)
s->session->master_key_length =
s->method->ssl3_enc->generate_master_secret(
- s, s->session->master_key, tmp_buf,
- sizeof tmp_buf);
+ s, s->session->master_key, tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
#ifndef OPENSSL_NO_KRB5
@@ -2246,7 +2242,7 @@ ssl3_send_client_key_exchange(SSL *s)
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
+ EVP_MAX_IV_LENGTH];
- int padl, outl = sizeof(epms);
+ int padl, outl = sizeof(epms);
EVP_CIPHER_CTX_init(&ciph_ctx);
@@ -2283,14 +2279,14 @@ ssl3_send_client_key_exchange(SSL *s)
goto err;
}
- /*
+ /*
* 20010406 VRS - Earlier versions used KRB5 AP_REQ
* in place of RFC 2712 KerberosWrapper, as in:
*
* Send ticket (copy to *p, set n = length)
* n = krb5_ap_req.length;
* memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- * if (krb5_ap_req.data)
+ * if (krb5_ap_req.data)
* kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
*
* Now using real RFC 2712 KerberosWrapper
@@ -2435,7 +2431,7 @@ ssl3_send_client_key_exchange(SSL *s)
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
@@ -2449,11 +2445,11 @@ ssl3_send_client_key_exchange(SSL *s)
*/
if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
(s->cert != NULL)) {
- /*
+ /*
* XXX: For now, we do not support client
* authentication using ECDH certificates.
* To add such support, one needs to add
- * code that checks for appropriate
+ * code that checks for appropriate
* conditions and sets ecdh_clnt_cert to 1.
* For example, the cert have an ECC
* key on the same curve as the server's
@@ -2561,7 +2557,7 @@ ssl3_send_client_key_exchange(SSL *s)
/* generate master key from the result */
s->session->master_key_length = s->method->ssl3_enc \
- -> generate_master_secret(s,
+ -> generate_master_secret(s,
s->session->master_key, p, n);
memset(p, 0, n); /* clean up */
@@ -2895,7 +2891,7 @@ ssl3_send_client_verify(SSL *s)
} else {
ERR_clear_error();
}
- /*
+ /*
* For TLS v1.2 send signature algorithm and signature
* using agreed digest and cached handshake records.
*/
@@ -3024,9 +3020,10 @@ ssl3_send_client_certificate(SSL *s)
/* We need to get a client cert */
if (s->state == SSL3_ST_CW_CERT_B) {
- /* If we get an error, we need to
+ /*
+ * If we get an error, we need to
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later
+ * We then get retied later
*/
i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0) {
@@ -3120,7 +3117,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
SSL_R_BAD_ECC_CERT);
goto f_err;
} else {
- return 1;
+ return (1);
}
}
#endif
@@ -3221,7 +3218,7 @@ ssl3_send_next_proto(SSL *s)
s->init_off = 0;
}
- return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
@@ -3240,7 +3237,7 @@ ssl3_check_finished(SSL *s)
/* If we have no ticket it cannot be a resumed session. */
if (!s->session->tlsext_tick)
- return 1;
+ return (1);
/* this function is called when we really expect a Certificate
* message, so permit appropriate message length */
n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
@@ -3250,9 +3247,9 @@ ssl3_check_finished(SSL *s)
s->s3->tmp.reuse_message = 1;
if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
(s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
- return 2;
+ return (2);
- return 1;
+ return (1);
}
#endif
@@ -3267,10 +3264,10 @@ ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
SSL_get_client_CA_list(s),
px509, ppkey, NULL, NULL, NULL);
if (i != 0)
- return i;
+ return (i);
}
#endif
if (s->ctx->client_cert_cb)
i = s->ctx->client_cert_cb(s, px509, ppkey);
- return i;
+ return (i};
}
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index 28a3d51b9e5..12ce8a16055 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -2962,9 +2962,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
case SSL_CTRL_NEED_TMP_RSA:
if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
- ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
- > (512 / 8))))
+ ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+ (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
+ > (512 / 8))))
ret = 1;
break;
case SSL_CTRL_SET_TMP_RSA:
@@ -3113,10 +3113,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
}
if (s->tlsext_opaque_prf_input != NULL)
free(s->tlsext_opaque_prf_input);
- if ((size_t)larg == 0)
- s->tlsext_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
- else
- s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
+ if ((size_t)larg == 0) {
+ /* dummy byte just to get non-NULL */
+ s->tlsext_opaque_prf_input = malloc(1);
+ } else
+ s->tlsext_opaque_prf_input =
+ BUF_memdup(parg, (size_t)larg);
if (s->tlsext_opaque_prf_input != NULL) {
s->tlsext_opaque_prf_input_len = (size_t)larg;
ret = 1;
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index f3edcc2efb6..6d8ccd66b7e 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,7 +63,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -111,7 +111,7 @@
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
@@ -190,15 +190,17 @@ ssl_check_srp_ext_ClientHello(SSL *s, int *al)
if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
if (s->srp_ctx.login == NULL) {
- /* RFC 5054 says SHOULD reject,
- we do so if There is no srp login name */
+ /*
+ * RFC 5054 says SHOULD reject,
+ * we do so if There is no srp login name
+ */
ret = SSL3_AL_FATAL;
*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
} else {
ret = SSL_srp_server_param_with_username(s, al);
}
}
- return ret;
+ return (ret);
}
#endif
@@ -228,7 +230,8 @@ ssl3_accept(SSL *s)
SSL_clear(s);
if (s->cert == NULL) {
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ SSL_R_NO_CERTIFICATE_SET);
return (-1);
}
@@ -250,8 +253,9 @@ ssl3_accept(SSL *s)
cb(s, SSL_CB_HANDSHAKE_START, 1);
if ((s->version >> 8) != 3) {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ ERR_R_INTERNAL_ERROR);
+ return (-1);
}
s->type = SSL_ST_ACCEPT;
@@ -342,7 +346,7 @@ ssl3_accept(SSL *s)
{
int al;
if ((ret =
- ssl_check_srp_ext_ClientHello(s, &al))
+ ssl_check_srp_ext_ClientHello(s, &al))
< 0) {
/*
* Callback indicates further work to
@@ -531,7 +535,7 @@ ssl3_accept(SSL *s)
s->state = SSL3_ST_SW_SRVR_DONE_A;
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
} else {
s->s3->tmp.cert_request = 1;
ret = ssl3_send_certificate_request(s);
@@ -635,11 +639,11 @@ ssl3_accept(SSL *s)
if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_SSL3_ACCEPT,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
} else {
int offset = 0;
int dgst_num;
@@ -647,7 +651,7 @@ ssl3_accept(SSL *s)
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
- /*
+ /*
* We need to get hashes here so if there is
* a client cert, it can be verified
* FIXME - digest processing for
@@ -656,7 +660,7 @@ ssl3_accept(SSL *s)
*/
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
dgst_num++)
if (s->s3->handshake_dgst[dgst_num]) {
@@ -827,7 +831,8 @@ ssl3_accept(SSL *s)
/* break; */
default:
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ SSL_R_UNKNOWN_STATE);
ret = -1;
goto end;
/* break; */
@@ -903,7 +908,7 @@ ssl3_check_client_hello(SSL *s)
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
SSL_R_MULTIPLE_SGC_RESTARTS);
- return -1;
+ return (-1);
}
/*
* Throw away what we have done so far in the current handshake,
@@ -923,9 +928,9 @@ ssl3_check_client_hello(SSL *s)
}
#endif
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
- return 2;
+ return (2);
}
- return 1;
+ return (1);
}
int
@@ -974,7 +979,8 @@ ssl3_get_client_hello(SSL *s)
if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
(s->version != DTLS1_VERSION && s->client_version < s->version)) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_WRONG_VERSION_NUMBER);
if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
!s->enc_write_ctx && !s->write_hash) {
/*
@@ -999,7 +1005,7 @@ ssl3_get_client_hello(SSL *s)
cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
if (cookie_length == 0)
- return 1;
+ return (1);
}
/* load the client random */
@@ -1048,7 +1054,7 @@ ssl3_get_client_hello(SSL *s)
/* cookie stuff */
cookie_len = *(p++);
- /*
+ /*
* The ClientHello may contain a cookie even if the
* HelloVerify message has not been sent--make sure that it
* does not cause an overflow.
@@ -1094,13 +1100,15 @@ ssl3_get_client_hello(SSL *s)
if ((i == 0) && (j != 0)) {
/* we need a cipher if we are not resuming a session */
al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
if ((p + i) >= (d + n)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
goto f_err;
}
if ((i > 0) &&
@@ -1143,7 +1151,8 @@ ssl3_get_client_hello(SSL *s)
if ((p + i) > (d + n)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
goto f_err;
}
q = p;
@@ -1172,7 +1181,8 @@ ssl3_get_client_hello(SSL *s)
}
}
if (ssl_check_clienthello_tlsext_early(s) <= 0) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
@@ -1377,7 +1387,7 @@ ssl3_get_client_hello(SSL *s)
}
/*
- * We now have the following setup.
+ * We now have the following setup.
* client_random
* cipher_list - our prefered list of ciphers
* ciphers - the clients prefered list of ciphers
@@ -1422,7 +1432,7 @@ ssl3_send_server_hello(SSL *s)
#ifdef OPENSSL_NO_TLSEXT
p = s->s3->server_random;
if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
- return -1;
+ return (-1);
#endif
/* Do the message type and length last */
d = p= &(buf[4]);
@@ -1460,7 +1470,7 @@ ssl3_send_server_hello(SSL *s)
if (sl > (int)sizeof(s->session->session_id)) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
*(p++) = sl;
memcpy(p, s->session->session_id, sl);
@@ -1483,13 +1493,13 @@ ssl3_send_server_hello(SSL *s)
if (ssl_prepare_serverhello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
SSL_R_SERVERHELLO_TLSEXT);
- return -1;
+ return (-1);
}
if ((p = ssl_add_serverhello_tlsext(s, p,
buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
#endif
/* do the header */
@@ -1714,9 +1724,9 @@ ssl3_send_server_key_exchange(SSL *s)
goto err;
}
- /*
+ /*
* XXX: For now, we only support ephemeral ECDH
- * keys over named (not generic) curves. For
+ * keys over named (not generic) curves. For
* supported named curves, curve_id is non-zero.
*/
if ((curve_id = tls1_ec_nid2curve_id(
@@ -1726,7 +1736,7 @@ ssl3_send_server_key_exchange(SSL *s)
goto err;
}
- /*
+ /*
* Encode the public key.
* First check the size of encoding and
* allocate memory accordingly.
@@ -1760,12 +1770,12 @@ ssl3_send_server_key_exchange(SSL *s)
BN_CTX_free(bn_ctx);
bn_ctx = NULL;
- /*
- * XXX: For now, we only support named (not
+ /*
+ * XXX: For now, we only support named (not
* generic) curves in ECDH ephemeral key exchanges.
* In this situation, we need four additional bytes
* to encode the entire ServerECDHParams
- * structure.
+ * structure.
*/
n = 4 + encodedlen;
@@ -1790,7 +1800,8 @@ ssl3_send_server_key_exchange(SSL *s)
if (type & SSL_kSRP) {
if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
(s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_SRP_PARAM);
goto err;
}
r[0] = s->srp_ctx.N;
@@ -1801,7 +1812,8 @@ ssl3_send_server_key_exchange(SSL *s)
#endif
{
al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
}
for (i = 0; i < 4 && r[i] != NULL; i++) {
@@ -1922,7 +1934,7 @@ ssl3_send_server_key_exchange(SSL *s)
n += u + 2;
} else
if (md) {
- /*
+ /*
* For TLS1.2 and later send signature
* algorithm
*/
@@ -2384,7 +2396,8 @@ ssl3_get_client_key_exchange(SSL *s)
}
if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ krb5rc);
goto err;
}
@@ -2436,7 +2449,7 @@ ssl3_get_client_key_exchange(SSL *s)
* instead of the protocol version.
*
* If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
- * clients.
+ * clients.
* (Perhaps we should have a separate BUG value for
* the Kerberos cipher)
*/
@@ -2463,7 +2476,7 @@ ssl3_get_client_key_exchange(SSL *s)
}
- /*
+ /*
* Was doing kssl_ctx_free() here, but it caused problems for
* apache.
* kssl_ctx = kssl_ctx_free(kssl_ctx);
@@ -2528,13 +2541,13 @@ ssl3_get_client_key_exchange(SSL *s)
if (((clnt_pub_pkey = X509_get_pubkey(
s->session->peer)) == NULL) ||
(clnt_pub_pkey->type != EVP_PKEY_EC)) {
- /*
+ /*
* XXX: For now, we do not support client
* authentication using ECDH certificates
* so this branch (n == 0L) of the code is
* never executed. When that support is
- * added, we ought to ensure the key
- * received in the certificate is
+ * added, we ought to ensure the key
+ * received in the certificate is
* authorized for key agreement.
* ECDH_compute_key implicitly checks that
* the two ECDH shares are for the same
@@ -2582,7 +2595,7 @@ ssl3_get_client_key_exchange(SSL *s)
/*
* p is pointing to somewhere in the buffer
* currently, so set it to the start.
- */
+ */
p = (unsigned char *)s->init_buf->data;
}
@@ -2808,7 +2821,7 @@ ssl3_get_client_key_exchange(SSL *s)
EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
if (ret)
- return ret;
+ return (ret);
else
goto err;
} else {
@@ -2897,7 +2910,7 @@ ssl3_get_cert_verify(SSL *s)
p = (unsigned char *)s->init_msg;
/*
* Check for broken implementations of GOST ciphersuites.
- *
+ *
* If key is GOST and n is exactly 64, it is a bare
* signature without length field.
*/
@@ -2946,7 +2959,8 @@ ssl3_get_cert_verify(SSL *s)
}
j = EVP_PKEY_size(pkey);
if ((i > j) || (n > j) || (n <= 0)) {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
@@ -2967,14 +2981,16 @@ ssl3_get_cert_verify(SSL *s)
#endif
if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
!EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_BAD_SIGNATURE);
goto f_err;
}
} else
@@ -3043,7 +3059,8 @@ ssl3_get_cert_verify(SSL *s)
goto f_err;
}
} else {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ ERR_R_INTERNAL_ERROR);
al = SSL_AD_UNSUPPORTED_CERTIFICATE;
goto f_err;
}
@@ -3277,10 +3294,10 @@ ssl3_send_newsession_ticket(SSL *s)
* too long
*/
if (slen_full > 0xFF00)
- return -1;
+ return (-1);
senc = malloc(slen_full);
if (!senc)
- return -1;
+ return (-1);
p = senc;
i2d_SSL_SESSION(s->session, &p);
@@ -3292,7 +3309,7 @@ ssl3_send_newsession_ticket(SSL *s)
sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
if (sess == NULL) {
free(senc);
- return -1;
+ return (-1);
}
/* ID is irrelevant for the ticket */
@@ -3302,13 +3319,13 @@ ssl3_send_newsession_ticket(SSL *s)
if (slen > slen_full) {
/* shouldn't ever happen */
free(senc);
- return -1;
+ return (-1);
}
p = senc;
i2d_SSL_SESSION(sess, &p);
SSL_SESSION_free(sess);
- /*
+ /*
* Grow buffer if need be: the length calculation is as
* follows 1 (size of message name) + 3 (message length
* bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
@@ -3319,7 +3336,7 @@ ssl3_send_newsession_ticket(SSL *s)
if (!BUF_MEM_grow(s->init_buf,
26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
EVP_MAX_MD_SIZE + slen))
- return -1;
+ return (-1);
p = (unsigned char *)s->init_buf->data;
/* do the header */
@@ -3337,7 +3354,7 @@ ssl3_send_newsession_ticket(SSL *s)
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
&hctx, 1) < 0) {
free(senc);
- return -1;
+ return (-1);
}
} else {
RAND_pseudo_bytes(iv, 16);
@@ -3409,7 +3426,7 @@ ssl3_send_cert_status(SSL *s)
* + (ocsp response)
*/
if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
- return -1;
+ return (-1);
p = (unsigned char *)s->init_buf->data;
@@ -3453,7 +3470,7 @@ ssl3_get_next_proto(SSL *s)
if (!s->s3->next_proto_neg_seen) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
- return -1;
+ return (-1);
}
n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
@@ -3470,11 +3487,11 @@ ssl3_get_next_proto(SSL *s)
if (!s->s3->change_cipher_spec) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
- return -1;
+ return (-1);
}
if (n < 2)
- return 0;
+ return (0);
/* The body must be > 1 bytes long */
p = (unsigned char *)s->init_msg;
@@ -3488,20 +3505,21 @@ ssl3_get_next_proto(SSL *s)
*/
proto_len = p[0];
if (proto_len + 2 > s->init_num)
- return 0;
+ return (0);
padding_len = p[proto_len + 1];
if (proto_len + padding_len + 2 != s->init_num)
- return 0;
+ return (0);
s->next_proto_negotiated = malloc(proto_len);
if (!s->next_proto_negotiated) {
- SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
- return 0;
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
+ ERR_R_MALLOC_FAILURE);
+ return (0);
}
memcpy(s->next_proto_negotiated, p + 1, proto_len);
s->next_proto_negotiated_len = proto_len;
- return 1;
+ return (1);
}
# endif
#endif
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 830f574183e..21a48da182a 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -7,21 +7,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -36,10 +36,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -51,7 +51,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -65,7 +65,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -112,7 +112,7 @@
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
+ * ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
/* ====================================================================
@@ -203,7 +203,7 @@ SSL_clear(SSL *s)
if (s->renegotiate) {
SSLerr(SSL_F_SSL_CLEAR,
ERR_R_INTERNAL_ERROR);
- return 0;
+ return (0);
}
s->type = 0;
@@ -393,12 +393,12 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
if (sid_ctx_len > sizeof ctx->sid_ctx) {
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
+ return (0);
}
ctx->sid_ctx_length = sid_ctx_len;
memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
- return 1;
+ return (1);
}
int
@@ -407,13 +407,13 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
{
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
- SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return (0);
}
ssl->sid_ctx_length = sid_ctx_len;
memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
- return 1;
+ return (1);
}
int
@@ -422,7 +422,7 @@ SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
ctx->generate_session_id = cb;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return 1;
+ return (1);
}
int
@@ -431,7 +431,7 @@ SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
ssl->generate_session_id = cb;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- return 1;
+ return (1);
}
int
@@ -448,7 +448,7 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
SSL_SESSION r, *p;
if (id_len > sizeof r.session_id)
- return 0;
+ return (0);
r.ssl_version = ssl->version;
r.session_id_length = id_len;
@@ -463,37 +463,37 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
int
SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+ return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
}
int
SSL_set_purpose(SSL *s, int purpose)
{
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+ return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
}
int
SSL_CTX_set_trust(SSL_CTX *s, int trust)
{
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
+ return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_set_trust(SSL *s, int trust)
{
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
+ return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
{
- return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+ return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
}
int
SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
{
- return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+ return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
}
void
@@ -743,7 +743,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
count = ret;
memcpy(buf, s->s3->tmp.finish_md, count);
}
- return ret;
+ return (ret);
}
/* return length of latest Finished message we expected, copy to 'buf' */
@@ -758,7 +758,7 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
count = ret;
memcpy(buf, s->s3->tmp.peer_finish_md, count);
}
- return ret;
+ return (ret);
}
@@ -771,10 +771,11 @@ SSL_get_verify_mode(const SSL *s)
int
SSL_get_verify_depth(const SSL *s)
{
- return X509_VERIFY_PARAM_get_depth(s->param);
+ return (X509_VERIFY_PARAM_get_depth(s->param));
}
-int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
+int
+(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
{
return (s->verify_callback);
}
@@ -788,7 +789,7 @@ SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
int
SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
- return X509_VERIFY_PARAM_get_depth(ctx->param);
+ return (X509_VERIFY_PARAM_get_depth(ctx->param));
}
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
@@ -938,7 +939,7 @@ SSL_check_private_key(const SSL *ssl)
if (ssl->cert == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
+ return (0);
}
if (ssl->cert->key->x509 == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
@@ -984,7 +985,7 @@ SSL_read(SSL *s, void *buf, int num)
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_READ,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
@@ -1000,7 +1001,7 @@ SSL_peek(SSL *s, void *buf, int num)
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_PEEK,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
@@ -1015,7 +1016,7 @@ SSL_write(SSL *s, const void *buf, int num)
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_WRITE,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_SENT_SHUTDOWN) {
@@ -1040,7 +1041,7 @@ SSL_shutdown(SSL *s)
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_SHUTDOWN,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if ((s != NULL) && !SSL_in_init(s))
@@ -1096,7 +1097,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
s->msg_callback_arg = parg;
- return 1;
+ return (1);
case SSL_CTRL_OPTIONS:
return (s->options|=larg);
@@ -1115,24 +1116,24 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_MTU:
#ifndef OPENSSL_NO_DTLS1
if (larg < (long)dtls1_min_mtu())
- return 0;
+ return (0);
#endif
if (SSL_version(s) == DTLS1_VERSION ||
SSL_version(s) == DTLS1_BAD_VER) {
s->d1->mtu = larg;
- return larg;
+ return (larg);
}
- return 0;
+ return (0);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
+ return (0);
s->max_send_fragment = larg;
- return 1;
+ return (1);
case SSL_CTRL_GET_RI_SUPPORT:
if (s->s3)
- return s->s3->send_connection_binding;
- else return 0;
+ return (s->s3->send_connection_binding);
+ else return (0);
default:
return (s->method->ssl_ctrl(s, cmd, larg, parg));
}
@@ -1146,7 +1147,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
s->msg_callback = (void (*)(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl, void *arg))(fp);
- return 1;
+ return (1);
default:
return (s->method->ssl_callback_ctrl(s, cmd, fp));
@@ -1156,7 +1157,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
LHASH_OF(SSL_SESSION) *
SSL_CTX_sessions(SSL_CTX *ctx)
{
- return ctx->sessions;
+ return (ctx->sessions);
}
long
@@ -1174,7 +1175,7 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
ctx->msg_callback_arg = parg;
- return 1;
+ return (1);
case SSL_CTRL_GET_MAX_CERT_LIST:
return (ctx->max_cert_list);
@@ -1230,9 +1231,9 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return (ctx->mode&=~larg);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
+ return (0);
ctx->max_send_fragment = larg;
- return 1;
+ return (1);
default:
return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
}
@@ -1246,7 +1247,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
ctx->msg_callback = (void (*)(int write_p, int version,
int content_type, const void *buf, size_t len, SSL *ssl,
void *arg))(fp);
- return 1;
+ return (1);
default:
return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
@@ -1339,7 +1340,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
&ctx->cipher_list_by_id, str);
- /*
+ /*
* ssl_create_cipher_list may return an empty stack if it
* was unable to find a cipher matching the given rule string
* (for example if the rule string specifies a cipher which
@@ -1349,13 +1350,13 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
* updated.
*/
if (sk == NULL)
- return 0;
+ return (0);
else if (sk_SSL_CIPHER_num(sk) == 0) {
SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
SSL_R_NO_CIPHER_MATCH);
- return 0;
+ return (0);
}
- return 1;
+ return (1);
}
/* Specify the ciphers to be used by the SSL. */
@@ -1368,13 +1369,13 @@ SSL_set_cipher_list(SSL *s, const char *str)
&s->cipher_list_by_id, str);
/* see comment in SSL_CTX_set_cipher_list */
if (sk == NULL)
- return 0;
+ return (0);
else if (sk_SSL_CIPHER_num(sk) == 0) {
SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
SSL_R_NO_CIPHER_MATCH);
- return 0;
+ return (0);
}
- return 1;
+ return (1);
}
/* works well for SSLv2, not so good for SSLv3 */
@@ -1540,11 +1541,11 @@ const char *
SSL_get_servername(const SSL *s, const int type)
{
if (type != TLSEXT_NAMETYPE_host_name)
- return NULL;
+ return (NULL);
- return s->session && !s->tlsext_hostname ?
+ return (s->session && !s->tlsext_hostname ?
s->session->tlsext_hostname :
- s->tlsext_hostname;
+ s->tlsext_hostname);
}
int
@@ -1553,8 +1554,8 @@ SSL_get_servername_type(const SSL *s)
if (s->session &&
(!s->tlsext_hostname ?
s->session->tlsext_hostname : s->tlsext_hostname))
- return TLSEXT_NAMETYPE_host_name;
- return -1;
+ return (TLSEXT_NAMETYPE_host_name);
+ return (-1);
}
# ifndef OPENSSL_NO_NEXTPROTONEG
@@ -1626,7 +1627,7 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
found:
*out = (unsigned char *) result + 1;
*outlen = result[0];
- return status;
+ return (status);
}
/*
@@ -1697,10 +1698,10 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
int use_context)
{
if (s->version < TLS1_VERSION)
- return -1;
+ return (-1);
- return s->method->ssl3_enc->export_keying_material(s, out, olen,
- label, llen, p, plen, use_context);
+ return (s->method->ssl3_enc->export_keying_material(s, out, olen,
+ label, llen, p, plen, use_context));
}
static unsigned long
@@ -2087,7 +2088,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d "
+ "rs=%d ds=%d dhr=%d dhd=%d\n",
rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
#endif
@@ -2247,11 +2249,11 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
/* ECDH key length in export ciphers must be <= 163 bits */
pkey = X509_get_pubkey(x);
if (pkey == NULL)
- return 0;
+ return (0);
keysize = EVP_PKEY_bits(pkey);
EVP_PKEY_free(pkey);
if (keysize > 163)
- return 0;
+ return (0);
}
/* This call populates the ex_flags field correctly */
@@ -2265,7 +2267,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
- return 0;
+ return (0);
}
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
TLS1_2_VERSION) {
@@ -2273,7 +2275,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
if (pk_nid != NID_X9_62_id_ecPublicKey) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
- return 0;
+ return (0);
}
}
if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
@@ -2282,7 +2284,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
- return 0;
+ return (0);
}
}
}
@@ -2291,11 +2293,11 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_SIGNING);
- return 0;
+ return (0);
}
}
- return 1;
+ return (1);
/* all checks are ok */
}
@@ -2355,7 +2357,7 @@ ssl_get_server_send_pkey(const SSL *s)
return (NULL);
}
- return c->pkeys + i;
+ return (c->pkeys + i);
}
X509 *
@@ -2365,8 +2367,8 @@ ssl_get_server_send_cert(const SSL *s)
cpk = ssl_get_server_send_pkey(s);
if (!cpk)
- return NULL;
- return cpk->x509;
+ return (NULL);
+ return (cpk->x509);
}
EVP_PKEY *
@@ -2397,7 +2399,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
}
if (pmd)
*pmd = c->pkeys[idx].digest;
- return c->pkeys[idx].privatekey;
+ return (c->pkeys[idx].privatekey);
}
void
@@ -2506,7 +2508,7 @@ SSL_get_error(const SSL *s, int i)
else if (reason == BIO_RR_ACCEPT)
return (SSL_ERROR_WANT_ACCEPT);
else
- return(SSL_ERROR_SYSCALL); /* unknown */
+ return (SSL_ERROR_SYSCALL); /* unknown */
}
}
@@ -2514,13 +2516,13 @@ SSL_get_error(const SSL *s, int i)
bio = SSL_get_wbio(s);
if (BIO_should_write(bio))
return (SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
- return (SSL_ERROR_WANT_READ);
+ else if (BIO_should_read(bio)) {
/*
* See above (SSL_want_read(s) with
* BIO_should_write(bio))
*/
- else if (BIO_should_io_special(bio)) {
+ return (SSL_ERROR_WANT_READ);
+ } else if (BIO_should_io_special(bio)) {
reason = BIO_get_retry_reason(bio);
if (reason == BIO_RR_CONNECT)
return (SSL_ERROR_WANT_CONNECT);
@@ -2561,7 +2563,7 @@ SSL_do_handshake(SSL *s)
return (ret);
}
-/*
+/*
* For the next 2 functions, SSL_clear() sets shutdown and so
* one of these calls will reset it
*/
@@ -2627,15 +2629,15 @@ const char *
SSL_get_version(const SSL *s)
{
if (s->version == TLS1_2_VERSION)
- return("TLSv1.2");
+ return ("TLSv1.2");
else if (s->version == TLS1_1_VERSION)
- return("TLSv1.1");
+ return ("TLSv1.1");
else if (s->version == TLS1_VERSION)
- return("TLSv1");
+ return ("TLSv1");
else if (s->version == SSL3_VERSION)
- return("SSLv3");
+ return ("SSLv3");
else
- return("unknown");
+ return ("unknown");
}
SSL *
@@ -2722,14 +2724,14 @@ SSL_dup(SSL *s)
ret->quiet_shutdown = s->quiet_shutdown;
ret->shutdown = s->shutdown;
/* SSL_dup does not really work at any state, though */
- ret->state=s->state;
+ ret->state=s->state;
ret->rstate = s->rstate;
/*
* Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
* ret->init_off
*/
- ret->init_num = 0;
+ ret->init_num = 0;
ret->hit = s->hit;
@@ -2741,10 +2743,11 @@ SSL_dup(SSL *s)
sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
goto err;
}
- if (s->cipher_list_by_id != NULL)
+ if (s->cipher_list_by_id != NULL) {
if ((ret->cipher_list_by_id =
sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
goto err;
+ }
/* Dup the client_CA list */
if (s->client_CA != NULL) {
@@ -2825,13 +2828,13 @@ SSL_get_current_cipher(const SSL *s)
const void *
SSL_get_current_compression(SSL *s)
{
- return NULL;
+ return (NULL);
}
const void *
SSL_get_current_expansion(SSL *s)
{
- return NULL;
+ return (NULL);
}
#else
@@ -2950,7 +2953,7 @@ SSL_CTX *
SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
{
if (ssl->ctx == ctx)
- return ssl->ctx;
+ return (ssl->ctx);
#ifndef OPENSSL_NO_TLSEXT
if (ctx == NULL)
ctx = ssl->initial_ctx;
@@ -2993,7 +2996,7 @@ SSL_set_info_callback(SSL *ssl,
*/
void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
{
- return ssl->info_callback;
+ return (ssl->info_callback);
}
int
@@ -3024,8 +3027,8 @@ int
SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
- new_func, dup_func, free_func);
+ return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+ new_func, dup_func, free_func));
}
int
@@ -3044,8 +3047,8 @@ int
SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
- new_func, dup_func, free_func);
+ return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+ new_func, dup_func, free_func));
}
int
@@ -3171,50 +3174,50 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
SSL_R_DATA_LENGTH_TOO_LONG);
- return 0;
+ return (0);
}
if (ctx->psk_identity_hint != NULL)
free(ctx->psk_identity_hint);
if (identity_hint != NULL) {
ctx->psk_identity_hint = BUF_strdup(identity_hint);
if (ctx->psk_identity_hint == NULL)
- return 0;
+ return (0);
} else
ctx->psk_identity_hint = NULL;
- return 1;
+ return (1);
}
int
SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
{
if (s == NULL)
- return 0;
+ return (0);
if (s->session == NULL)
- return 1; /* session not created yet, ignored */
+ return (1); /* session not created yet, ignored */
if (identity_hint != NULL && strlen(identity_hint) >
PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT,
SSL_R_DATA_LENGTH_TOO_LONG);
- return 0;
+ return (0);
}
if (s->session->psk_identity_hint != NULL)
free(s->session->psk_identity_hint);
if (identity_hint != NULL) {
s->session->psk_identity_hint = BUF_strdup(identity_hint);
if (s->session->psk_identity_hint == NULL)
- return 0;
+ return (0);
} else
s->session->psk_identity_hint = NULL;
- return 1;
+ return (1);
}
const char *
SSL_get_psk_identity_hint(const SSL *s)
{
if (s == NULL || s->session == NULL)
- return NULL;
+ return (NULL);
return (s->session->psk_identity_hint);
}
@@ -3222,7 +3225,7 @@ const char *
SSL_get_psk_identity(const SSL *s)
{
if (s == NULL || s->session == NULL)
- return NULL;
+ return (NULL);
return (s->session->psk_identity);
}
@@ -3289,7 +3292,7 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
*hash = EVP_MD_CTX_create();
if (md)
EVP_DigestInit_ex(*hash, md, NULL);
- return *hash;
+ return (*hash);
}
void
@@ -3309,7 +3312,7 @@ SSL_set_debug(SSL *s, int debug)
int
SSL_cache_hit(SSL *s)
{
- return s->hit;
+ return (s->hit);
}
IMPLEMENT_STACK_OF(SSL_CIPHER)
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.