now that knf carpet bombing is finished, switch to hand to hand combat.

still not sure what to make of mysteries like this:
	for (i = 7; i >= 0; i--) {      /* increment */

1 files changed, 75 insertions, 82 deletions

diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index fb471b2f14f..fc7a23fb4b5 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -219,9 +219,8 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
 			/* calc the next A1 value */
 			if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
 				goto err;
-		}
-		else	/* last one */
-		{
+		} else {
+			/* last one */
 			if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
 				goto err;
 			memcpy(out, A1, olen);
@@ -269,10 +268,10 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
 				goto err;
 
 			}
-			if (!tls1_P_hash(md , S1, len + (slen&1),
-				seed1, seed1_len, seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, seed5, seed5_len,
-			out2, olen))
-			goto err;
+			if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
+			    seed1_len, seed2, seed2_len, seed3, seed3_len,
+			    seed4, seed4_len, seed5, seed5_len, out2, olen))
+				goto err;
 			S1 += len;
 			for (i = 0; i < olen; i++) {
 				out1[i] ^= out2[i];
@@ -288,13 +287,14 @@ static int
 tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
 {
 	int ret;
+
 	ret = tls1_PRF(ssl_get_algorithm2(s),
-	TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
-	s->s3->server_random, SSL3_RANDOM_SIZE,
-	s->s3->client_random, SSL3_RANDOM_SIZE,
-	NULL, 0, NULL, 0,
-	s->session->master_key, s->session->master_key_length,
-	km, tmp, num);
+	    TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
+	    s->s3->server_random, SSL3_RANDOM_SIZE,
+	    s->s3->client_random, SSL3_RANDOM_SIZE,
+	    NULL, 0, NULL, 0,
+	    s->session->master_key, s->session->master_key_length,
+	    km, tmp, num);
 #ifdef KSSL_DEBUG
 	printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
 	s->session->master_key_length);
@@ -369,9 +369,10 @@ tls1_change_cipher_state(SSL *s, int which)
 			reuse_dd = 1;
 		else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
 			goto err;
-		else
+		else {
 			/* make sure it's intialized in case we exit later with an error */
-		EVP_CIPHER_CTX_init(s->enc_read_ctx);
+			EVP_CIPHER_CTX_init(s->enc_read_ctx);
+		}
 		dd = s->enc_read_ctx;
 		mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
 #ifndef OPENSSL_NO_COMP
@@ -386,8 +387,7 @@ tls1_change_cipher_state(SSL *s, int which)
 				goto err2;
 			}
 			if (s->s3->rrec.comp == NULL)
-				s->s3->rrec.comp = (unsigned char *)
-			malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+				s->s3->rrec.comp = malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
 			if (s->s3->rrec.comp == NULL)
 				goto err;
 		}
@@ -438,11 +438,11 @@ tls1_change_cipher_state(SSL *s, int which)
 		EVP_CIPHER_CTX_cleanup(dd);
 
 	p = s->s3->tmp.key_block;
-	i=*mac_secret_size = s->s3->tmp.new_mac_secret_size;
+	i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
 
 	cl = EVP_CIPHER_key_length(c);
 	j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-	cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	    cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
 	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	/* If GCM mode only part of IV comes from PRF */
 	if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
@@ -480,7 +480,7 @@ tls1_change_cipher_state(SSL *s, int which)
 
 	memcpy(mac_secret, ms, i);
 
-	if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER)) {
+	if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
 		mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
 		mac_secret, *mac_secret_size);
 		EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
@@ -495,22 +495,22 @@ tls1_change_cipher_state(SSL *s, int which)
 		 * same value since only the correct one will be used :-).
 		 */
 		if (!tls1_PRF(ssl_get_algorithm2(s),
-			exp_label, exp_label_len,
-		s->s3->client_random, SSL3_RANDOM_SIZE,
-		s->s3->server_random, SSL3_RANDOM_SIZE,
-		NULL, 0, NULL, 0,
-		key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
-		goto err2;
+		    exp_label, exp_label_len,
+		    s->s3->client_random, SSL3_RANDOM_SIZE,
+		    s->s3->server_random, SSL3_RANDOM_SIZE,
+		    NULL, 0, NULL, 0,
+		    key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
+			goto err2;
 		key = tmp1;
 
 		if (k > 0) {
 			if (!tls1_PRF(ssl_get_algorithm2(s),
-				TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
-			s->s3->client_random, SSL3_RANDOM_SIZE,
-			s->s3->server_random, SSL3_RANDOM_SIZE,
-			NULL, 0, NULL, 0,
-			empty, 0, iv1, iv2, k*2))
-			goto err2;
+			    TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
+			    s->s3->client_random, SSL3_RANDOM_SIZE,
+			    s->s3->server_random, SSL3_RANDOM_SIZE,
+			    NULL, 0, NULL, 0,
+			    empty, 0, iv1, iv2, k*2))
+				goto err2;
 			if (client_write)
 				iv = iv1;
 			else
@@ -537,9 +537,9 @@ tls1_change_cipher_state(SSL *s, int which)
 		EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE));
 
 	/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
-	if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
+	if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
 		EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
-	*mac_secret_size, mac_secret);
+		    *mac_secret_size, mac_secret);
 
 #ifdef TLS_DEBUG
 	printf("which = %04X\nkey=", which);
@@ -588,7 +588,7 @@ tls1_setup_key_block(SSL *s)
 	s->s3->tmp.new_mac_pkey_type = mac_type;
 	s->s3->tmp.new_mac_secret_size = mac_secret_size;
 	num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
-	num*=2;
+	num *= 2;
 
 	ssl3_cleanup_key_block(s);
 
@@ -620,8 +620,8 @@ tls1_setup_key_block(SSL *s)
 	{ int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); }
 #endif
 
-	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
-		&& s->method->version <= TLS1_VERSION) {
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
+	    s->method->version <= TLS1_VERSION) {
 		/* enable vulnerability countermeasure for CBC ciphers with
 		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
 		 */
@@ -678,8 +678,8 @@ tls1_enc(SSL *s, int send)
 			int ivlen;
 			enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
 			/* For TLSv1.1 and later explicit IV */
-			if (s->version >= TLS1_1_VERSION
-				&& EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+			if (s->version >= TLS1_1_VERSION &&
+			    EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
 				ivlen = EVP_CIPHER_iv_length(enc);
 			else
 				ivlen = 0;
@@ -720,7 +720,7 @@ tls1_enc(SSL *s, int send)
 		l = rec->length;
 		bs = EVP_CIPHER_block_size(ds->cipher);
 
-		if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) {
+		if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
 			unsigned char buf[13], *seq;
 
 			seq = send ? s->s3->write_sequence : s->s3->read_sequence;
@@ -733,14 +733,10 @@ tls1_enc(SSL *s, int send)
 				memcpy(buf, dtlsseq, 8);
 			} else {
 				memcpy(buf, seq, 8);
-				for (i = 7;
-					i >= 0;
-				i--)	/* increment */
-				{
+				for (i = 7; i >= 0; i--) {	/* increment */
 					++seq[i];
 					if (seq[i] != 0)
 						break;
-
 				}
 			}
 
@@ -748,7 +744,7 @@ tls1_enc(SSL *s, int send)
 			buf[9] = (unsigned char)(s->version >> 8);
 			buf[10] = (unsigned char)(s->version);
 			buf[11] = rec->length >> 8;
-			buf[12] = rec->length&0xff;
+			buf[12] = rec->length & 0xff;
 			pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf);
 			if (send) {
 				l += pad;
@@ -795,10 +791,9 @@ tls1_enc(SSL *s, int send)
 		}
 
 		i = EVP_Cipher(ds, rec->data, rec->input, l);
-		if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER)
-			?(i < 0)
-		:(i == 0))
-		return -1;	/* AEAD can fail to verify MAC */
+		if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER) ?
+		    (i < 0) : (i == 0))
+			return -1;	/* AEAD can fail to verify MAC */
 		if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
 			rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
 			rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
@@ -837,7 +832,8 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
 			return 0;
 
 	for (i = 0; i < SSL_MAX_DIGEST; i++) {
-		if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
+		if (s->s3->handshake_dgst[i] &&
+		    EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
 			d = s->s3->handshake_dgst[i];
 			break;
 		}
@@ -879,24 +875,25 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
 		if (mask & ssl_get_algorithm2(s)) {
 			int hashsize = EVP_MD_size(md);
 			EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
-			if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
+			if (!hdgst || hashsize < 0 ||
+			    hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
 				/* internal error: 'buf' is too small for this cipersuite! */
 				err = 1;
 			} else {
 				if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-					!EVP_DigestFinal_ex(&ctx, q, &i) ||
-				(i != (unsigned int)hashsize))
-				err = 1;
+				    !EVP_DigestFinal_ex(&ctx, q, &i) ||
+				    (i != (unsigned int)hashsize))
+					err = 1;
 				q += hashsize;
 			}
 		}
 	}
 
-	if (!tls1_PRF(ssl_get_algorithm2(s),
-		str, slen, buf,(int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
-	s->session->master_key, s->session->master_key_length,
-	out, buf2, sizeof buf2))
-	err = 1;
+	if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf,(int)(q - buf),
+	    NULL, 0, NULL, 0, NULL, 0,
+	    s->session->master_key, s->session->master_key_length,
+	    out, buf2, sizeof buf2))
+		err = 1;
 	EVP_MD_CTX_cleanup(&ctx);
 
 	if (err)
@@ -945,7 +942,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 		unsigned char dtlsseq[8], *p = dtlsseq;
 
 		s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
-		memcpy (p, &seq[2], 6);
+		memcpy(p, &seq[2], 6);
 
 		memcpy(header, dtlsseq, 8);
 	} else
@@ -961,21 +958,18 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 	header[11] = (rec->length) >> 8;
 	header[12] = (rec->length)&0xff;
 
-	if (!send &&
-		EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-	ssl3_cbc_record_digest_supported(mac_ctx)) {
+	if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+	    ssl3_cbc_record_digest_supported(mac_ctx)) {
 		/* This is a CBC-encrypted record. We must avoid leaking any
 		 * timing-side channel information about how many blocks of
 		 * data we are hashing because that gives an attacker a
 		 * timing-oracle. */
-		ssl3_cbc_digest_record(
-		mac_ctx,
-		md, &md_size,
-		header, rec->input,
-		rec->length + md_size, orig_len,
-		ssl->s3->read_mac_secret,
-		ssl->s3->read_mac_secret_size,
-		0 /* not SSLv3 */);
+		ssl3_cbc_digest_record(mac_ctx,
+		    md, &md_size, header, rec->input,
+		    rec->length + md_size, orig_len,
+		    ssl->s3->read_mac_secret,
+		    ssl->s3->read_mac_secret_size,
+		    0 /* not SSLv3 */);
 	} else {
 		EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
 		EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
@@ -1001,7 +995,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 			++seq[i];
 			if (seq[i] != 0)
 				break;
-
 		}
 	}
 
@@ -1115,20 +1108,20 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
 	 * comparisons won't have buffer overflow
 	 */
 	if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
-		TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1;
+	    TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
+		goto err1;
 	if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
-		TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1;
+	    TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
+		goto err1;
 	if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
-		TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1;
+	    TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
+		goto err1;
 	if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
-		TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
+	    TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
+		goto err1;
 
 	rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-	    val, vallen,
-	    NULL, 0,
-	    NULL, 0,
-	    NULL, 0,
-	    NULL, 0,
+	    val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
 	    s->session->master_key, s->session->master_key_length,
 	    out, buff, olen);