diff options
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/ssl/ssl_algs.c | 25 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_asn1.c | 634 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_cert.c | 649 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_ciph.c | 1393 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_err.c | 1064 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_err2.c | 7 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_lib.c | 3159 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_rsa.c | 882 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_sess.c | 1094 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_stat.c | 893 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_task.c | 287 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_txt.c | 211 |
12 files changed, 5245 insertions, 5053 deletions
diff --git a/lib/libssl/src/ssl/ssl_algs.c b/lib/libssl/src/ssl/ssl_algs.c index 9c34d19725b..76644bda916 100644 --- a/lib/libssl/src/ssl/ssl_algs.c +++ b/lib/libssl/src/ssl/ssl_algs.c @@ -61,8 +61,9 @@ #include <openssl/lhash.h> #include "ssl_locl.h" -int SSL_library_init(void) - { +int +SSL_library_init(void) +{ #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); @@ -104,16 +105,16 @@ int SSL_library_init(void) #ifndef OPENSSL_NO_SEED EVP_add_cipher(EVP_seed_cbc()); #endif - + #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5,"ssl2-md5"); - EVP_add_digest_alias(SN_md5,"ssl3-md5"); + EVP_add_digest_alias(SN_md5, "ssl2-md5"); + EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #endif #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); @@ -125,9 +126,9 @@ int SSL_library_init(void) #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); + EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); + EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); + EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); @@ -145,6 +146,6 @@ int SSL_library_init(void) #endif /* initialize cipher/digest methods table */ ssl_load_ciphers(); - return(1); - } + return (1); +} diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c index 38540be1e53..51668db7859 100644 --- a/lib/libssl/src/ssl/ssl_asn1.c +++ b/lib/libssl/src/ssl/ssl_asn1.c @@ -89,8 +89,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -typedef struct ssl_session_asn1_st - { +typedef struct ssl_session_asn1_st { ASN1_INTEGER version; ASN1_INTEGER ssl_version; ASN1_OCTET_STRING cipher; @@ -100,7 +99,7 @@ typedef struct ssl_session_asn1_st ASN1_OCTET_STRING session_id_context; ASN1_OCTET_STRING key_arg; #ifndef OPENSSL_NO_KRB5 - ASN1_OCTET_STRING krb5_princ; + ASN1_OCTET_STRING krb5_princ; #endif /* OPENSSL_NO_KRB5 */ ASN1_INTEGER time; ASN1_INTEGER timeout; @@ -117,169 +116,156 @@ typedef struct ssl_session_asn1_st #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; #endif /* OPENSSL_NO_SRP */ - } SSL_SESSION_ASN1; +} SSL_SESSION_ASN1; -int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) - { +int +i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) +{ #define LSIZE2 (sizeof(long)*2) - int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0; - unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; - unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; + int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; + unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; + unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; #ifndef OPENSSL_NO_TLSEXT - int v6=0,v9=0,v10=0; + int v6 = 0, v9 = 0, v10 = 0; unsigned char ibuf6[LSIZE2]; #endif #ifndef OPENSSL_NO_COMP unsigned char cbuf; - int v11=0; + int v11 = 0; #endif #ifndef OPENSSL_NO_SRP - int v12=0; + int v12 = 0; #endif long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) - return(0); + return (0); /* Note that I cheat in the following 2 assignments. I know * that if the ASN1_INTEGER passed to ASN1_INTEGER_set * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. * This is a bit evil but makes things simple, no dynamic allocation * to clean up :-) */ - a.version.length=LSIZE2; - a.version.type=V_ASN1_INTEGER; - a.version.data=ibuf1; - ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); + a.version.length = LSIZE2; + a.version.type = V_ASN1_INTEGER; + a.version.data = ibuf1; + ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION); - a.ssl_version.length=LSIZE2; - a.ssl_version.type=V_ASN1_INTEGER; - a.ssl_version.data=ibuf2; - ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); + a.ssl_version.length = LSIZE2; + a.ssl_version.type = V_ASN1_INTEGER; + a.ssl_version.data = ibuf2; + ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version); - a.cipher.type=V_ASN1_OCTET_STRING; - a.cipher.data=buf; + a.cipher.type = V_ASN1_OCTET_STRING; + a.cipher.data = buf; if (in->cipher == NULL) - l=in->cipher_id; + l = in->cipher_id; else - l=in->cipher->id; - if (in->ssl_version == SSL2_VERSION) - { - a.cipher.length=3; - buf[0]=((unsigned char)(l>>16L))&0xff; - buf[1]=((unsigned char)(l>> 8L))&0xff; - buf[2]=((unsigned char)(l ))&0xff; - } - else - { - a.cipher.length=2; - buf[0]=((unsigned char)(l>>8L))&0xff; - buf[1]=((unsigned char)(l ))&0xff; - } + l = in->cipher->id; + if (in->ssl_version == SSL2_VERSION) { + a.cipher.length = 3; + buf[0] = ((unsigned char)(l >> 16L))&0xff; + buf[1] = ((unsigned char)(l >> 8L))&0xff; + buf[2] = ((unsigned char)(l ))&0xff; + } else { + a.cipher.length = 2; + buf[0] = ((unsigned char)(l >> 8L))&0xff; + buf[1] = ((unsigned char)(l ))&0xff; + } #ifndef OPENSSL_NO_COMP - if (in->compress_meth) - { + if (in->compress_meth) { cbuf = (unsigned char)in->compress_meth; a.comp_id.length = 1; a.comp_id.type = V_ASN1_OCTET_STRING; a.comp_id.data = &cbuf; - } + } #endif - a.master_key.length=in->master_key_length; - a.master_key.type=V_ASN1_OCTET_STRING; - a.master_key.data=in->master_key; + a.master_key.length = in->master_key_length; + a.master_key.type = V_ASN1_OCTET_STRING; + a.master_key.data = in->master_key; - a.session_id.length=in->session_id_length; - a.session_id.type=V_ASN1_OCTET_STRING; - a.session_id.data=in->session_id; + a.session_id.length = in->session_id_length; + a.session_id.type = V_ASN1_OCTET_STRING; + a.session_id.data = in->session_id; - a.session_id_context.length=in->sid_ctx_length; - a.session_id_context.type=V_ASN1_OCTET_STRING; - a.session_id_context.data=in->sid_ctx; + a.session_id_context.length = in->sid_ctx_length; + a.session_id_context.type = V_ASN1_OCTET_STRING; + a.session_id_context.data = in->sid_ctx; - a.key_arg.length=in->key_arg_length; - a.key_arg.type=V_ASN1_OCTET_STRING; - a.key_arg.data=in->key_arg; + a.key_arg.length = in->key_arg_length; + a.key_arg.type = V_ASN1_OCTET_STRING; + a.key_arg.data = in->key_arg; #ifndef OPENSSL_NO_KRB5 - if (in->krb5_client_princ_len) - { - a.krb5_princ.length=in->krb5_client_princ_len; - a.krb5_princ.type=V_ASN1_OCTET_STRING; - a.krb5_princ.data=in->krb5_client_princ; - } + if (in->krb5_client_princ_len) { + a.krb5_princ.length = in->krb5_client_princ_len; + a.krb5_princ.type = V_ASN1_OCTET_STRING; + a.krb5_princ.data = in->krb5_client_princ; + } #endif /* OPENSSL_NO_KRB5 */ - if (in->time != 0L) - { - a.time.length=LSIZE2; - a.time.type=V_ASN1_INTEGER; - a.time.data=ibuf3; - ASN1_INTEGER_set(&(a.time),in->time); - } + if (in->time != 0L) { + a.time.length = LSIZE2; + a.time.type = V_ASN1_INTEGER; + a.time.data = ibuf3; + ASN1_INTEGER_set(&(a.time), in->time); + } - if (in->timeout != 0L) - { - a.timeout.length=LSIZE2; - a.timeout.type=V_ASN1_INTEGER; - a.timeout.data=ibuf4; - ASN1_INTEGER_set(&(a.timeout),in->timeout); - } + if (in->timeout != 0L) { + a.timeout.length = LSIZE2; + a.timeout.type = V_ASN1_INTEGER; + a.timeout.data = ibuf4; + ASN1_INTEGER_set(&(a.timeout), in->timeout); + } - if (in->verify_result != X509_V_OK) - { - a.verify_result.length=LSIZE2; - a.verify_result.type=V_ASN1_INTEGER; - a.verify_result.data=ibuf5; - ASN1_INTEGER_set(&a.verify_result,in->verify_result); - } + if (in->verify_result != X509_V_OK) { + a.verify_result.length = LSIZE2; + a.verify_result.type = V_ASN1_INTEGER; + a.verify_result.data = ibuf5; + ASN1_INTEGER_set(&a.verify_result, in->verify_result); + } #ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_hostname) - { - a.tlsext_hostname.length=strlen(in->tlsext_hostname); - a.tlsext_hostname.type=V_ASN1_OCTET_STRING; - a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; - } - if (in->tlsext_tick) - { - a.tlsext_tick.length= in->tlsext_ticklen; - a.tlsext_tick.type=V_ASN1_OCTET_STRING; - a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; - } - if (in->tlsext_tick_lifetime_hint > 0) - { - a.tlsext_tick_lifetime.length=LSIZE2; - a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; - a.tlsext_tick_lifetime.data=ibuf6; - ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); - } + if (in->tlsext_hostname) { + a.tlsext_hostname.length = strlen(in->tlsext_hostname); + a.tlsext_hostname.type = V_ASN1_OCTET_STRING; + a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname; + } + if (in->tlsext_tick) { + a.tlsext_tick.length = in->tlsext_ticklen; + a.tlsext_tick.type = V_ASN1_OCTET_STRING; + a.tlsext_tick.data = (unsigned char *)in->tlsext_tick; + } + if (in->tlsext_tick_lifetime_hint > 0) { + a.tlsext_tick_lifetime.length = LSIZE2; + a.tlsext_tick_lifetime.type = V_ASN1_INTEGER; + a.tlsext_tick_lifetime.data = ibuf6; + ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); + } #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK - if (in->psk_identity_hint) - { - a.psk_identity_hint.length=strlen(in->psk_identity_hint); - a.psk_identity_hint.type=V_ASN1_OCTET_STRING; - a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); - } - if (in->psk_identity) - { - a.psk_identity.length=strlen(in->psk_identity); - a.psk_identity.type=V_ASN1_OCTET_STRING; - a.psk_identity.data=(unsigned char *)(in->psk_identity); - } + if (in->psk_identity_hint) { + a.psk_identity_hint.length = strlen(in->psk_identity_hint); + a.psk_identity_hint.type = V_ASN1_OCTET_STRING; + a.psk_identity_hint.data = (unsigned char *)(in->psk_identity_hint); + } + if (in->psk_identity) { + a.psk_identity.length = strlen(in->psk_identity); + a.psk_identity.type = V_ASN1_OCTET_STRING; + a.psk_identity.data = (unsigned char *)(in->psk_identity); + } #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP - if (in->srp_username) - { - a.srp_username.length=strlen(in->srp_username); - a.srp_username.type=V_ASN1_OCTET_STRING; - a.srp_username.data=(unsigned char *)(in->srp_username); - } + if (in->srp_username) { + a.srp_username.length = strlen(in->srp_username); + a.srp_username.type = V_ASN1_OCTET_STRING; + a.srp_username.data = (unsigned char *)(in->srp_username); + } #endif /* OPENSSL_NO_SRP */ M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); @@ -289,41 +275,41 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); #ifndef OPENSSL_NO_KRB5 if (in->krb5_client_princ_len) - M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); #endif /* OPENSSL_NO_KRB5 */ if (in->key_arg_length > 0) - M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); if (in->time != 0L) - M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); + M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); if (in->timeout != 0L) - M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); + M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); if (in->peer != NULL) - M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); - M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); + M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3); + M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4); if (in->verify_result != X509_V_OK) - M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); + M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_tick_lifetime_hint > 0) - M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); + M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); if (in->tlsext_tick) - M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); + M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); if (in->tlsext_hostname) - M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); + M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); #ifndef OPENSSL_NO_COMP if (in->compress_meth) - M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); + M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); #endif #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) - M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); + M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); if (in->psk_identity) - M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); + M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP if (in->srp_username) - M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); + M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ M_ASN1_I2D_seq_total(); @@ -335,308 +321,296 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); #ifndef OPENSSL_NO_KRB5 if (in->krb5_client_princ_len) - M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); #endif /* OPENSSL_NO_KRB5 */ if (in->key_arg_length > 0) - M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); + M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); if (in->time != 0L) - M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); + M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); if (in->timeout != 0L) - M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); + M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); if (in->peer != NULL) - M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); - M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, - v4); + M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3); + M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, + v4); if (in->verify_result != X509_V_OK) - M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); + M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_hostname) - M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); + M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) - M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); + M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); if (in->psk_identity) - M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); + M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_tick_lifetime_hint > 0) - M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); + M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); if (in->tlsext_tick) - M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); + M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_COMP if (in->compress_meth) - M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); + M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); #endif #ifndef OPENSSL_NO_SRP if (in->srp_username) - M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); + M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ M_ASN1_I2D_finish(); - } +} -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length) - { - int ssl_version=0,i; +SSL_SESSION +*d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, +long length) +{ + int ssl_version = 0, i; long id; - ASN1_INTEGER ai,*aip; - ASN1_OCTET_STRING os,*osp; - M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); + ASN1_INTEGER ai, *aip; + ASN1_OCTET_STRING os, *osp; + M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new); - aip= &ai; - osp= &os; + aip = &ai; + osp = &os; M_ASN1_D2I_Init(); M_ASN1_D2I_start_sequence(); - ai.data=NULL; ai.length=0; - M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } + ai.data = NULL; + ai.length = 0; + M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); + if (ai.data != NULL) { + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } /* we don't care about the version right now :-) */ - M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - ssl_version=(int)ASN1_INTEGER_get(aip); - ret->ssl_version=ssl_version; - if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } - - os.data=NULL; os.length=0; - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if (ssl_version == SSL2_VERSION) - { - if (os.length != 3) - { - c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; + M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); + ssl_version = (int)ASN1_INTEGER_get(aip); + ret->ssl_version = ssl_version; + if (ai.data != NULL) { + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } + + os.data = NULL; + os.length = 0; + M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); + if (ssl_version == SSL2_VERSION) { + if (os.length != 3) { + c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; goto err; - } - id=0x02000000L| - ((unsigned long)os.data[0]<<16L)| - ((unsigned long)os.data[1]<< 8L)| - (unsigned long)os.data[2]; } - else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) - { - if (os.length != 2) - { - c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; + id = 0x02000000L| + ((unsigned long)os.data[0]<<16L)| + ((unsigned long)os.data[1]<< 8L)| + (unsigned long)os.data[2]; + } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + if (os.length != 2) { + c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; goto err; - } - id=0x03000000L| - ((unsigned long)os.data[0]<<8L)| - (unsigned long)os.data[1]; } - else - { - c.error=SSL_R_UNKNOWN_SSL_VERSION; + id = 0x03000000L| + ((unsigned long)os.data[0]<<8L)| + (unsigned long)os.data[1]; + } else { + c.error = SSL_R_UNKNOWN_SSL_VERSION; goto err; - } - - ret->cipher=NULL; - ret->cipher_id=id; + } + + ret->cipher = NULL; + ret->cipher_id = id; - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) - i=SSL3_MAX_SSL_SESSION_ID_LENGTH; + M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); + if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) + i = SSL3_MAX_SSL_SESSION_ID_LENGTH; else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ - i=SSL2_MAX_SSL_SESSION_ID_LENGTH; + i = SSL2_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) os.length = i; if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ os.length = sizeof(ret->session_id); - ret->session_id_length=os.length; + ret->session_id_length = os.length; OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); - memcpy(ret->session_id,os.data,os.length); + memcpy(ret->session_id, os.data, os.length); - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); + M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); if (os.length > SSL_MAX_MASTER_KEY_LENGTH) - ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; + ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; else - ret->master_key_length=os.length; - memcpy(ret->master_key,os.data,ret->master_key_length); + ret->master_key_length = os.length; + memcpy(ret->master_key, os.data, ret->master_key_length); - os.length=0; + os.length = 0; #ifndef OPENSSL_NO_KRB5 - os.length=0; - M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); - if (os.data) - { - if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) - ret->krb5_client_princ_len=0; + os.length = 0; + M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); + if (os.data) { + if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) + ret->krb5_client_princ_len = 0; else - ret->krb5_client_princ_len=os.length; - memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); + ret->krb5_client_princ_len = os.length; + memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->krb5_client_princ_len=0; + } else + ret->krb5_client_princ_len = 0; #endif /* OPENSSL_NO_KRB5 */ - M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); + M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); if (os.length > SSL_MAX_KEY_ARG_LENGTH) - ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; + ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; else - ret->key_arg_length=os.length; - memcpy(ret->key_arg,os.data,ret->key_arg_length); - if (os.data != NULL) OPENSSL_free(os.data); - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); - if (ai.data != NULL) - { - ret->time=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else - ret->time=(unsigned long)time(NULL); - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); - if (ai.data != NULL) - { - ret->timeout=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else - ret->timeout=3; + ret->key_arg_length = os.length; + memcpy(ret->key_arg, os.data, ret->key_arg_length); + if (os.data != NULL) + OPENSSL_free(os.data); - if (ret->peer != NULL) - { + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); + if (ai.data != NULL) { + ret->time = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->time = (unsigned long)time(NULL); + + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); + if (ai.data != NULL) { + ret->timeout = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->timeout = 3; + + if (ret->peer != NULL) { X509_free(ret->peer); - ret->peer=NULL; - } - M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); + ret->peer = NULL; + } + M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3); - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4); - if(os.data != NULL) - { - if (os.length > SSL_MAX_SID_CTX_LENGTH) - { - c.error=SSL_R_BAD_LENGTH; - goto err; - } - else - { - ret->sid_ctx_length=os.length; - memcpy(ret->sid_ctx,os.data,os.length); - } - OPENSSL_free(os.data); os.data=NULL; os.length=0; - } - else - ret->sid_ctx_length=0; - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); - if (ai.data != NULL) - { - ret->verify_result=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; + if (os.data != NULL) { + if (os.length > SSL_MAX_SID_CTX_LENGTH) { + c.error = SSL_R_BAD_LENGTH; + goto err; + } else { + ret->sid_ctx_length = os.length; + memcpy(ret->sid_ctx, os.data, os.length); } - else - ret->verify_result=X509_V_OK; + OPENSSL_free(os.data); + os.data = NULL; + os.length = 0; + } else + ret->sid_ctx_length = 0; + + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5); + if (ai.data != NULL) { + ret->verify_result = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->verify_result = X509_V_OK; #ifndef OPENSSL_NO_TLSEXT - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); + if (os.data) { ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->tlsext_hostname=NULL; + } else + ret->tlsext_hostname = NULL; #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 7); + if (os.data) { ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->psk_identity_hint=NULL; + } else + ret->psk_identity_hint = NULL; - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 8); + if (os.data) { ret->psk_identity = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->psk_identity=NULL; + } else + ret->psk_identity = NULL; #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_TLSEXT - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); - if (ai.data != NULL) - { - ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else if (ret->tlsext_ticklen && ret->session_id_length) - ret->tlsext_tick_lifetime_hint = -1; + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); + if (ai.data != NULL) { + ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else if (ret->tlsext_ticklen && ret->session_id_length) + ret->tlsext_tick_lifetime_hint = -1; else - ret->tlsext_tick_lifetime_hint=0; - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); - if (os.data) - { + ret->tlsext_tick_lifetime_hint = 0; + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10); + if (os.data) { ret->tlsext_tick = os.data; ret->tlsext_ticklen = os.length; os.data = NULL; os.length = 0; - } - else - ret->tlsext_tick=NULL; + } else + ret->tlsext_tick = NULL; #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_COMP - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11); + if (os.data) { ret->compress_meth = os.data[0]; OPENSSL_free(os.data); os.data = NULL; - } + } #endif #ifndef OPENSSL_NO_SRP - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12); + if (os.data) { ret->srp_username = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->srp_username=NULL; + } else + ret->srp_username = NULL; #endif /* OPENSSL_NO_SRP */ - M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); - } + M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); +} diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index 1aaddc351f8..79eb4ee0313 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -132,36 +132,36 @@ #include <openssl/bn.h> #include "ssl_locl.h" -int SSL_get_ex_data_X509_STORE_CTX_idx(void) - { - static volatile int ssl_x509_store_ctx_idx= -1; +int +SSL_get_ex_data_X509_STORE_CTX_idx(void) +{ + static volatile int ssl_x509_store_ctx_idx = -1; int got_write_lock = 0; CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - if (ssl_x509_store_ctx_idx < 0) - { + if (ssl_x509_store_ctx_idx < 0) { CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); got_write_lock = 1; - - if (ssl_x509_store_ctx_idx < 0) - { - ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( - 0,"SSL for verify callback",NULL,NULL,NULL); - } + + if (ssl_x509_store_ctx_idx < 0) { + ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( + 0, "SSL for verify callback", NULL, NULL, NULL); } + } if (got_write_lock) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); else CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - + return ssl_x509_store_ctx_idx; - } +} -static void ssl_cert_set_default_md(CERT *cert) - { +static void +ssl_cert_set_default_md(CERT *cert) +{ /* Set digest values to defaults */ #ifndef OPENSSL_NO_DSA cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); @@ -173,37 +173,37 @@ static void ssl_cert_set_default_md(CERT *cert) #ifndef OPENSSL_NO_ECDSA cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif - } +} -CERT *ssl_cert_new(void) - { +CERT +*ssl_cert_new(void) +{ CERT *ret; - ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - memset(ret,0,sizeof(CERT)); + ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); + if (ret == NULL) { + SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } + memset(ret, 0, sizeof(CERT)); - ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); - ret->references=1; + ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); + ret->references = 1; ssl_cert_set_default_md(ret); - return(ret); - } + return (ret); +} -CERT *ssl_cert_dup(CERT *cert) - { +CERT +*ssl_cert_dup(CERT *cert) +{ CERT *ret; int i; ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); - if (ret == NULL) - { + if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); - return(NULL); - } + return (NULL); + } memset(ret, 0, sizeof(CERT)); @@ -218,77 +218,64 @@ CERT *ssl_cert_dup(CERT *cert) ret->export_mask_a = cert->export_mask_a; #ifndef OPENSSL_NO_RSA - if (cert->rsa_tmp != NULL) - { + if (cert->rsa_tmp != NULL) { RSA_up_ref(cert->rsa_tmp); ret->rsa_tmp = cert->rsa_tmp; - } + } ret->rsa_tmp_cb = cert->rsa_tmp_cb; #endif #ifndef OPENSSL_NO_DH - if (cert->dh_tmp != NULL) - { + if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); - if (ret->dh_tmp == NULL) - { + if (ret->dh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); goto err; - } - if (cert->dh_tmp->priv_key) - { + } + if (cert->dh_tmp->priv_key) { BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); - if (!b) - { + if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; - } - ret->dh_tmp->priv_key = b; } - if (cert->dh_tmp->pub_key) - { + ret->dh_tmp->priv_key = b; + } + if (cert->dh_tmp->pub_key) { BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); - if (!b) - { + if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; - } - ret->dh_tmp->pub_key = b; } + ret->dh_tmp->pub_key = b; } + } ret->dh_tmp_cb = cert->dh_tmp_cb; #endif #ifndef OPENSSL_NO_ECDH - if (cert->ecdh_tmp) - { + if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); - if (ret->ecdh_tmp == NULL) - { + if (ret->ecdh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); goto err; - } } + } ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; #endif - for (i = 0; i < SSL_PKEY_NUM; i++) - { - if (cert->pkeys[i].x509 != NULL) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { + if (cert->pkeys[i].x509 != NULL) { ret->pkeys[i].x509 = cert->pkeys[i].x509; CRYPTO_add(&ret->pkeys[i].x509->references, 1, - CRYPTO_LOCK_X509); - } - - if (cert->pkeys[i].privatekey != NULL) - { + CRYPTO_LOCK_X509); + } + + if (cert->pkeys[i].privatekey != NULL) { ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, - CRYPTO_LOCK_EVP_PKEY); + CRYPTO_LOCK_EVP_PKEY); - switch(i) - { + switch (i) { /* If there was anything special to do for * certain types of keys, we'd do it here. * (Nothing at the moment, I think.) */ @@ -297,11 +284,11 @@ CERT *ssl_cert_dup(CERT *cert) case SSL_PKEY_RSA_SIGN: /* We have an RSA key. */ break; - + case SSL_PKEY_DSA_SIGN: /* We have a DSA key. */ break; - + case SSL_PKEY_DH_RSA: case SSL_PKEY_DH_DSA: /* We have a DH key. */ @@ -314,21 +301,21 @@ CERT *ssl_cert_dup(CERT *cert) default: /* Can't happen. */ SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); - } } } - + } + /* ret->extra_certs *should* exist, but currently the own certificate * chain is held inside SSL_CTX */ - ret->references=1; + ret->references = 1; /* Set digests to defaults. NB: we don't copy existing values as they * will be set during handshake. */ ssl_cert_set_default_md(ret); - return(ret); - + return (ret); + #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) err: #endif @@ -345,50 +332,52 @@ err: EC_KEY_free(ret->ecdh_tmp); #endif - for (i = 0; i < SSL_PKEY_NUM; i++) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { if (ret->pkeys[i].x509 != NULL) X509_free(ret->pkeys[i].x509); if (ret->pkeys[i].privatekey != NULL) EVP_PKEY_free(ret->pkeys[i].privatekey); - } + } return NULL; - } +} -void ssl_cert_free(CERT *c) - { +void +ssl_cert_free(CERT *c) +{ int i; - if(c == NULL) - return; + if (c == NULL) + return; - i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); + i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); #ifdef REF_PRINT - REF_PRINT("CERT",c); + REF_PRINT("CERT", c); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ssl_cert_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "ssl_cert_free, bad reference count\n"); abort(); /* ok */ - } + } #endif #ifndef OPENSSL_NO_RSA - if (c->rsa_tmp) RSA_free(c->rsa_tmp); + if (c->rsa_tmp) + RSA_free(c->rsa_tmp); #endif #ifndef OPENSSL_NO_DH - if (c->dh_tmp) DH_free(c->dh_tmp); + if (c->dh_tmp) + DH_free(c->dh_tmp); #endif #ifndef OPENSSL_NO_ECDH - if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); + if (c->ecdh_tmp) + EC_KEY_free(c->ecdh_tmp); #endif - for (i=0; i<SSL_PKEY_NUM; i++) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { if (c->pkeys[i].x509 != NULL) X509_free(c->pkeys[i].x509); if (c->pkeys[i].privatekey != NULL) @@ -397,12 +386,13 @@ void ssl_cert_free(CERT *c) if (c->pkeys[i].publickey != NULL) EVP_PKEY_free(c->pkeys[i].publickey); #endif - } - OPENSSL_free(c); } + OPENSSL_free(c); +} -int ssl_cert_inst(CERT **o) - { +int +ssl_cert_inst(CERT **o) +{ /* Create a CERT if there isn't already one * (which cannot really happen, as it is initially created in * SSL_CTX_new; but the earlier code usually allows for that one @@ -412,44 +402,42 @@ int ssl_cert_inst(CERT **o) * s->cert being NULL, otherwise we could do without the * initialization in SSL_CTX_new). */ - - if (o == NULL) - { + + if (o == NULL) { SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (*o == NULL) - { - if ((*o = ssl_cert_new()) == NULL) - { + return (0); + } + if (*o == NULL) { + if ((*o = ssl_cert_new()) == NULL) { SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); - return(0); - } + return (0); } - return(1); } + return (1); +} -SESS_CERT *ssl_sess_cert_new(void) - { +SESS_CERT +*ssl_sess_cert_new(void) +{ SESS_CERT *ret; ret = OPENSSL_malloc(sizeof *ret); - if (ret == NULL) - { + if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; - } + } - memset(ret, 0 ,sizeof *ret); + memset(ret, 0 , sizeof *ret); ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; return ret; - } +} -void ssl_sess_cert_free(SESS_CERT *sc) - { +void +ssl_sess_cert_free(SESS_CERT *sc) +{ int i; if (sc == NULL) @@ -462,27 +450,25 @@ void ssl_sess_cert_free(SESS_CERT *sc) if (i > 0) return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); abort(); /* ok */ - } + } #endif /* i == 0 */ if (sc->cert_chain != NULL) sk_X509_pop_free(sc->cert_chain, X509_free); - for (i = 0; i < SSL_PKEY_NUM; i++) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { if (sc->peer_pkeys[i].x509 != NULL) X509_free(sc->peer_pkeys[i].x509); #if 0 /* We don't have the peer's private key. These lines are just - * here as a reminder that we're still using a not-quite-appropriate - * data structure. */ + * here as a reminder that we're still using a not-quite-appropriate + * data structure. */ if (sc->peer_pkeys[i].privatekey != NULL) EVP_PKEY_free(sc->peer_pkeys[i].privatekey); #endif - } + } #ifndef OPENSSL_NO_RSA if (sc->peer_rsa_tmp != NULL) @@ -498,34 +484,35 @@ void ssl_sess_cert_free(SESS_CERT *sc) #endif OPENSSL_free(sc); - } +} -int ssl_set_peer_cert_type(SESS_CERT *sc,int type) - { +int +ssl_set_peer_cert_type(SESS_CERT *sc, int type) +{ sc->peer_cert_type = type; - return(1); - } + return (1); +} -int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) - { +int +ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) +{ X509 *x; int i; X509_STORE_CTX ctx; if ((sk == NULL) || (sk_X509_num(sk) == 0)) - return(0); + return (0); - x=sk_X509_value(sk,0); - if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) - { - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } + x = sk_X509_value(sk, 0); + if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { + SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); + return (0); + } #if 0 if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); #endif - X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); + X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); /* We need to inherit the verify parameters. These can be determined by * the context: if its a server it will verify SSL client certificates @@ -533,7 +520,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) */ X509_STORE_CTX_set_default(&ctx, - s->server ? "ssl_client" : "ssl_server"); + s->server ? "ssl_client" : "ssl_server"); /* Anything non-default in "param" should overwrite anything in the * ctx. */ @@ -544,121 +531,127 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) if (s->ctx->app_verify_callback != NULL) #if 1 /* new with OpenSSL 0.9.7 */ - i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); + i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); + #else - i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ + i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ #endif - else - { + else { #ifndef OPENSSL_NO_X509_VERIFY - i=X509_verify_cert(&ctx); + i = X509_verify_cert(&ctx); #else - i=0; - ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); + i = 0; + ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; + SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); #endif - } + } - s->verify_result=ctx.error; + s->verify_result = ctx.error; X509_STORE_CTX_cleanup(&ctx); - return(i); - } + return (i); +} -static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) - { +static void +set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) +{ if (*ca_list != NULL) - sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); + sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); - *ca_list=name_list; - } + *ca_list = name_list; +} -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) - { +STACK_OF(X509_NAME) +*SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) +{ int i; STACK_OF(X509_NAME) *ret; X509_NAME *name; - ret=sk_X509_NAME_new_null(); - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); - if ((name == NULL) || !sk_X509_NAME_push(ret,name)) - { - sk_X509_NAME_pop_free(ret,X509_NAME_free); - return(NULL); - } + ret = sk_X509_NAME_new_null(); + for (i = 0; i < sk_X509_NAME_num(sk); i++) { + name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); + if ((name == NULL) || !sk_X509_NAME_push(ret, name)) { + sk_X509_NAME_pop_free(ret, X509_NAME_free); + return (NULL); } - return(ret); } - -void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) - { - set_client_CA_list(&(s->client_CA),name_list); - } - -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) - { - set_client_CA_list(&(ctx->client_CA),name_list); - } - -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) - { - return(ctx->client_CA); - } - -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) - { + return (ret); +} + +void +SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) +{ + set_client_CA_list(&(s->client_CA), name_list); +} + +void +SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) +{ + set_client_CA_list(&(ctx->client_CA), name_list); +} + +STACK_OF(X509_NAME) +*SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) +{ + return (ctx->client_CA); +} + +STACK_OF(X509_NAME) +*SSL_get_client_CA_list(const SSL *s) +{ if (s->type == SSL_ST_CONNECT) - { /* we are in the client */ - if (((s->version>>8) == SSL3_VERSION_MAJOR) && + { /* we are in the client */ + if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL)) - return(s->s3->tmp.ca_names); + return (s->s3->tmp.ca_names); else - return(NULL); - } - else - { + return (NULL); + } else { if (s->client_CA != NULL) - return(s->client_CA); + return (s->client_CA); else - return(s->ctx->client_CA); - } + return (s->ctx->client_CA); } +} -static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) - { +static int +add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) +{ X509_NAME *name; - if (x == NULL) return(0); - if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) - return(0); - - if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) - return(0); - - if (!sk_X509_NAME_push(*sk,name)) - { - X509_NAME_free(name); - return(0); - } - return(1); - } + if (x == NULL) + return (0); + if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) + return (0); -int SSL_add_client_CA(SSL *ssl,X509 *x) - { - return(add_client_CA(&(ssl->client_CA),x)); - } + if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) + return (0); -int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) - { - return(add_client_CA(&(ctx->client_CA),x)); - } - -static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) - { - return(X509_NAME_cmp(*a,*b)); + if (!sk_X509_NAME_push(*sk, name)) { + X509_NAME_free(name); + return (0); } + return (1); +} + +int +SSL_add_client_CA(SSL *ssl, X509 *x) +{ + return (add_client_CA(&(ssl->client_CA), x)); +} + +int +SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +{ + return (add_client_CA(&(ctx->client_CA), x)); +} + +static int +xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) +{ + return (X509_NAME_cmp(*a, *b)); +} #ifndef OPENSSL_NO_STDIO /*! @@ -669,65 +662,65 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) * \param file the file containing one or more certs. * \return a ::STACK containing the certs. */ -STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) - { +STACK_OF(X509_NAME) +*SSL_load_client_CA_file(const char *file) +{ BIO *in; - X509 *x=NULL; - X509_NAME *xn=NULL; - STACK_OF(X509_NAME) *ret = NULL,*sk; + X509 *x = NULL; + X509_NAME *xn = NULL; + STACK_OF(X509_NAME) *ret = NULL, *sk; - sk=sk_X509_NAME_new(xname_cmp); + sk = sk_X509_NAME_new(xname_cmp); - in=BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file_internal()); - if ((sk == NULL) || (in == NULL)) - { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); + if ((sk == NULL) || (in == NULL)) { + SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); goto err; - } - - if (!BIO_read_filename(in,file)) + } + + if (!BIO_read_filename(in, file)) goto err; - for (;;) - { - if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) + for (;;) { + if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) break; - if (ret == NULL) - { + if (ret == NULL) { ret = sk_X509_NAME_new_null(); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); + if (ret == NULL) { + SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); goto err; - } } - if ((xn=X509_get_subject_name(x)) == NULL) goto err; - /* check for duplicates */ - xn=X509_NAME_dup(xn); - if (xn == NULL) goto err; - if (sk_X509_NAME_find(sk,xn) >= 0) + } + if ((xn = X509_get_subject_name(x)) == NULL) goto err; + /* check for duplicates */ + xn = X509_NAME_dup(xn); + if (xn == NULL) + goto err; + if (sk_X509_NAME_find(sk, xn) >= 0) X509_NAME_free(xn); - else - { - sk_X509_NAME_push(sk,xn); - sk_X509_NAME_push(ret,xn); - } + else { + sk_X509_NAME_push(sk, xn); + sk_X509_NAME_push(ret, xn); } + } - if (0) - { + if (0) { err: - if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); - ret=NULL; - } - if (sk != NULL) sk_X509_NAME_free(sk); - if (in != NULL) BIO_free(in); - if (x != NULL) X509_free(x); + if (ret != NULL) + sk_X509_NAME_pop_free(ret, X509_NAME_free); + ret = NULL; + } + if (sk != NULL) + sk_X509_NAME_free(sk); + if (in != NULL) + BIO_free(in); + if (x != NULL) + X509_free(x); if (ret != NULL) ERR_clear_error(); - return(ret); - } + return (ret); +} #endif /*! @@ -739,57 +732,56 @@ err: * certs may have been added to \c stack. */ -int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *file) - { +int +SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *file) +{ BIO *in; - X509 *x=NULL; - X509_NAME *xn=NULL; - int ret=1; + X509 *x = NULL; + X509_NAME *xn = NULL; + int ret = 1; int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); - - oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); - - in=BIO_new(BIO_s_file_internal()); - - if (in == NULL) - { - SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); + + oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); + + in = BIO_new(BIO_s_file_internal()); + + if (in == NULL) { + SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); goto err; - } - - if (!BIO_read_filename(in,file)) + } + + if (!BIO_read_filename(in, file)) goto err; - - for (;;) - { - if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) + + for (;;) { + if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) break; - if ((xn=X509_get_subject_name(x)) == NULL) goto err; - xn=X509_NAME_dup(xn); - if (xn == NULL) goto err; - if (sk_X509_NAME_find(stack,xn) >= 0) + if ((xn = X509_get_subject_name(x)) == NULL) goto err; + xn = X509_NAME_dup(xn); + if (xn == NULL) + goto err; + if (sk_X509_NAME_find(stack, xn) >= 0) X509_NAME_free(xn); else - sk_X509_NAME_push(stack,xn); - } + sk_X509_NAME_push(stack, xn); + } ERR_clear_error(); - if (0) - { + if (0) { err: - ret=0; - } - if(in != NULL) + ret = 0; + } + if (in != NULL) BIO_free(in); - if(x != NULL) + if (x != NULL) X509_free(x); - - (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); + + (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); return ret; - } +} /*! * Add a directory of certs to a stack. @@ -802,9 +794,10 @@ err: * certs may have been added to \c stack. */ -int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *dir) - { +int +SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *dir) +{ OPENSSL_DIR_CTX *d = NULL; const char *filename; int ret = 0; @@ -813,36 +806,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, /* Note that a side effect is that the CAs will be sorted by name */ - while((filename = OPENSSL_DIR_read(&d, dir))) - { + while ((filename = OPENSSL_DIR_read(&d, dir))) { char buf[1024]; int r; - if(strlen(dir)+strlen(filename)+2 > sizeof buf) - { - SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); + if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { + SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); goto err; - } - r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); + } + r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); if (r <= 0 || r >= (int)sizeof(buf)) goto err; - if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) + if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) goto err; - } + } - if (errno) - { + if (errno) { SYSerr(SYS_F_OPENDIR, errno); ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); goto err; - } + } ret = 1; err: - if (d) OPENSSL_DIR_end(&d); + if (d) + OPENSSL_DIR_end(&d); CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; - } +} diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index 0aba8e048c5..f37c70cf915 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -167,15 +167,15 @@ #define SSL_ENC_NUM_IDX 14 -static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ - NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL - }; +static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL +}; #define SSL_COMP_NULL_IDX 0 #define SSL_COMP_ZLIB_IDX 1 #define SSL_COMP_NUM_IDX 2 -static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; +static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #define SSL_MD_MD5_IDX 0 #define SSL_MD_SHA1_IDX 1 @@ -187,27 +187,27 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; * defined in the * ssl_locl.h */ #define SSL_MD_NUM_IDX SSL_MAX_DIGEST -static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ - NULL,NULL,NULL,NULL,NULL,NULL - }; +static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { + NULL, NULL, NULL, NULL, NULL, NULL +}; /* PKEY_TYPE for GOST89MAC is known in advance, but, because * implementation is engine-provided, we'll fill it only if * corresponding EVP_PKEY_METHOD is found */ -static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ - EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, - EVP_PKEY_HMAC,EVP_PKEY_HMAC - }; +static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { + EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, + EVP_PKEY_HMAC, EVP_PKEY_HMAC +}; -static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ - 0,0,0,0,0,0 - }; +static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { + 0, 0, 0, 0, 0, 0 +}; -static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ - SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, +static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { + SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, SSL_HANDSHAKE_MAC_SHA384 - }; +}; #define CIPHER_ADD 1 #define CIPHER_KILL 2 @@ -215,376 +215,371 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ #define CIPHER_ORD 4 #define CIPHER_SPECIAL 5 -typedef struct cipher_order_st - { +typedef struct cipher_order_st { const SSL_CIPHER *cipher; int active; int dead; - struct cipher_order_st *next,*prev; - } CIPHER_ORDER; + struct cipher_order_st *next, *prev; +} CIPHER_ORDER; -static const SSL_CIPHER cipher_aliases[]={ +static const SSL_CIPHER cipher_aliases[] = { /* "ALL" doesn't include eNULL (must be specifically enabled) */ - {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, + {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, /* "COMPLEMENTOFALL" */ - {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, + {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ - {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, + {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, /* key exchange aliases * (some of those using only a single bit here combine * multiple key exchange algs according to the RFCs, * e.g. kEDH combines DHE_DSS and DHE_RSA) */ - {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, - {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, - {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, - {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, /* server authentication aliases */ - {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, - {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, + {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, + {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, /* aliases combining key exchange and server authentication */ - {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, - {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, - {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, - {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, - {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, /* symmetric encryption aliases */ - {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, - {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, - {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, - {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, - {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, - {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, - {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, - {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, - {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, - {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, - {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, - - /* MAC aliases */ - {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, - {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, - {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, - {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, - {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, - {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, - {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, + {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, + + /* MAC aliases */ + {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, + {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, + {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, /* protocol version aliases */ - {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, - {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, - {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, - {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, + {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, + {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, + {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, + {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, /* export flag */ - {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, - {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, + {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, + {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, /* strength classes */ - {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, - {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, - {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, - {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, - {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, + {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, + {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, + {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, + {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, + {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, /* FIPS 140-2 approved ciphersuite */ - {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, - }; + {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, +}; /* Search for public key algorithm with given name and * return its pkey_id if it is available. Otherwise return 0 */ #ifdef OPENSSL_NO_ENGINE -static int get_optional_pkey_id(const char *pkey_name) - { +static int +get_optional_pkey_id(const char *pkey_name) +{ const EVP_PKEY_ASN1_METHOD *ameth; - int pkey_id=0; - ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); - if (ameth) - { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); - } - return pkey_id; + int pkey_id = 0; + ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); + if (ameth) { + EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); } + return pkey_id; +} #else -static int get_optional_pkey_id(const char *pkey_name) - { +static int +get_optional_pkey_id(const char *pkey_name) +{ const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *tmpeng = NULL; - int pkey_id=0; - ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); - if (ameth) - { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); - } - if (tmpeng) ENGINE_finish(tmpeng); - return pkey_id; + int pkey_id = 0; + ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); + if (ameth) { + EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); } + if (tmpeng) + ENGINE_finish(tmpeng); + return pkey_id; +} #endif -void ssl_load_ciphers(void) - { - ssl_cipher_methods[SSL_ENC_DES_IDX]= - EVP_get_cipherbyname(SN_des_cbc); +void +ssl_load_ciphers(void) +{ + ssl_cipher_methods[SSL_ENC_DES_IDX]= + EVP_get_cipherbyname(SN_des_cbc); ssl_cipher_methods[SSL_ENC_3DES_IDX]= - EVP_get_cipherbyname(SN_des_ede3_cbc); + EVP_get_cipherbyname(SN_des_ede3_cbc); ssl_cipher_methods[SSL_ENC_RC4_IDX]= - EVP_get_cipherbyname(SN_rc4); - ssl_cipher_methods[SSL_ENC_RC2_IDX]= - EVP_get_cipherbyname(SN_rc2_cbc); + EVP_get_cipherbyname(SN_rc4); + ssl_cipher_methods[SSL_ENC_RC2_IDX]= + EVP_get_cipherbyname(SN_rc2_cbc); #ifndef OPENSSL_NO_IDEA - ssl_cipher_methods[SSL_ENC_IDEA_IDX]= - EVP_get_cipherbyname(SN_idea_cbc); + ssl_cipher_methods[SSL_ENC_IDEA_IDX]= + EVP_get_cipherbyname(SN_idea_cbc); #else - ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; + ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; #endif ssl_cipher_methods[SSL_ENC_AES128_IDX]= - EVP_get_cipherbyname(SN_aes_128_cbc); + EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= - EVP_get_cipherbyname(SN_aes_256_cbc); + EVP_get_cipherbyname(SN_aes_256_cbc); ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= - EVP_get_cipherbyname(SN_camellia_128_cbc); + EVP_get_cipherbyname(SN_camellia_128_cbc); ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= - EVP_get_cipherbyname(SN_camellia_256_cbc); + EVP_get_cipherbyname(SN_camellia_256_cbc); ssl_cipher_methods[SSL_ENC_GOST89_IDX]= - EVP_get_cipherbyname(SN_gost89_cnt); + EVP_get_cipherbyname(SN_gost89_cnt); ssl_cipher_methods[SSL_ENC_SEED_IDX]= - EVP_get_cipherbyname(SN_seed_cbc); + EVP_get_cipherbyname(SN_seed_cbc); ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= - EVP_get_cipherbyname(SN_aes_128_gcm); + EVP_get_cipherbyname(SN_aes_128_gcm); ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= - EVP_get_cipherbyname(SN_aes_256_gcm); + EVP_get_cipherbyname(SN_aes_256_gcm); ssl_digest_methods[SSL_MD_MD5_IDX]= - EVP_get_digestbyname(SN_md5); + EVP_get_digestbyname(SN_md5); ssl_mac_secret_size[SSL_MD_MD5_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); ssl_digest_methods[SSL_MD_SHA1_IDX]= - EVP_get_digestbyname(SN_sha1); + EVP_get_digestbyname(SN_sha1); ssl_mac_secret_size[SSL_MD_SHA1_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); ssl_digest_methods[SSL_MD_GOST94_IDX]= - EVP_get_digestbyname(SN_id_GostR3411_94); - if (ssl_digest_methods[SSL_MD_GOST94_IDX]) - { + EVP_get_digestbyname(SN_id_GostR3411_94); + if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { ssl_mac_secret_size[SSL_MD_GOST94_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); - } + } ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= - EVP_get_digestbyname(SN_id_Gost28147_89_MAC); - ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); - if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { - ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; - } + EVP_get_digestbyname(SN_id_Gost28147_89_MAC); + ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); + if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { + ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; + } ssl_digest_methods[SSL_MD_SHA256_IDX]= - EVP_get_digestbyname(SN_sha256); + EVP_get_digestbyname(SN_sha256); ssl_mac_secret_size[SSL_MD_SHA256_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); ssl_digest_methods[SSL_MD_SHA384_IDX]= - EVP_get_digestbyname(SN_sha384); + EVP_get_digestbyname(SN_sha384); ssl_mac_secret_size[SSL_MD_SHA384_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); - } + EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); +} #ifndef OPENSSL_NO_COMP -static int sk_comp_cmp(const SSL_COMP * const *a, - const SSL_COMP * const *b) - { - return((*a)->id-(*b)->id); - } +static int +sk_comp_cmp(const SSL_COMP * const *a, + const SSL_COMP * const *b) +{ + return ((*a)->id - (*b)->id); +} -static void load_builtin_compressions(void) - { +static void +load_builtin_compressions(void) +{ int got_write_lock = 0; CRYPTO_r_lock(CRYPTO_LOCK_SSL); - if (ssl_comp_methods == NULL) - { + if (ssl_comp_methods == NULL) { CRYPTO_r_unlock(CRYPTO_LOCK_SSL); CRYPTO_w_lock(CRYPTO_LOCK_SSL); got_write_lock = 1; - - if (ssl_comp_methods == NULL) - { + + if (ssl_comp_methods == NULL) { SSL_COMP *comp = NULL; MemCheck_off(); - ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) - { - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) - { - comp->method=COMP_zlib(); + ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); + if (ssl_comp_methods != NULL) { + comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (comp != NULL) { + comp->method = COMP_zlib(); if (comp->method && comp->method->type == NID_undef) - OPENSSL_free(comp); - else - { - comp->id=SSL_COMP_ZLIB_IDX; - comp->name=comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods,comp); - } + OPENSSL_free(comp); + else { + comp->id = SSL_COMP_ZLIB_IDX; + comp->name = comp->method->name; + sk_SSL_COMP_push(ssl_comp_methods, comp); } - sk_SSL_COMP_sort(ssl_comp_methods); } - MemCheck_on(); + sk_SSL_COMP_sort(ssl_comp_methods); } + MemCheck_on(); } - + } + if (got_write_lock) CRYPTO_w_unlock(CRYPTO_LOCK_SSL); else CRYPTO_r_unlock(CRYPTO_LOCK_SSL); - } +} #endif -int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) - { +int +ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, + const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp) +{ int i; const SSL_CIPHER *c; - c=s->cipher; - if (c == NULL) return(0); - if (comp != NULL) - { + c = s->cipher; + if (c == NULL) + return (0); + if (comp != NULL) { SSL_COMP ctmp; #ifndef OPENSSL_NO_COMP load_builtin_compressions(); #endif - *comp=NULL; - ctmp.id=s->compress_meth; - if (ssl_comp_methods != NULL) - { - i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); + *comp = NULL; + ctmp.id = s->compress_meth; + if (ssl_comp_methods != NULL) { + i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); if (i >= 0) - *comp=sk_SSL_COMP_value(ssl_comp_methods,i); + *comp = sk_SSL_COMP_value(ssl_comp_methods, i); else - *comp=NULL; - } + *comp = NULL; } + } - if ((enc == NULL) || (md == NULL)) return(0); + if ((enc == NULL) + || (md == NULL)) return (0); - switch (c->algorithm_enc) - { + switch (c->algorithm_enc) { case SSL_DES: - i=SSL_ENC_DES_IDX; + i = SSL_ENC_DES_IDX; break; case SSL_3DES: - i=SSL_ENC_3DES_IDX; + i = SSL_ENC_3DES_IDX; break; case SSL_RC4: - i=SSL_ENC_RC4_IDX; + i = SSL_ENC_RC4_IDX; break; case SSL_RC2: - i=SSL_ENC_RC2_IDX; + i = SSL_ENC_RC2_IDX; break; case SSL_IDEA: - i=SSL_ENC_IDEA_IDX; + i = SSL_ENC_IDEA_IDX; break; case SSL_eNULL: - i=SSL_ENC_NULL_IDX; + i = SSL_ENC_NULL_IDX; break; case SSL_AES128: - i=SSL_ENC_AES128_IDX; + i = SSL_ENC_AES128_IDX; break; case SSL_AES256: - i=SSL_ENC_AES256_IDX; + i = SSL_ENC_AES256_IDX; break; case SSL_CAMELLIA128: - i=SSL_ENC_CAMELLIA128_IDX; + i = SSL_ENC_CAMELLIA128_IDX; break; case SSL_CAMELLIA256: - i=SSL_ENC_CAMELLIA256_IDX; + i = SSL_ENC_CAMELLIA256_IDX; break; case SSL_eGOST2814789CNT: - i=SSL_ENC_GOST89_IDX; + i = SSL_ENC_GOST89_IDX; break; case SSL_SEED: - i=SSL_ENC_SEED_IDX; + i = SSL_ENC_SEED_IDX; break; case SSL_AES128GCM: - i=SSL_ENC_AES128GCM_IDX; + i = SSL_ENC_AES128GCM_IDX; break; case SSL_AES256GCM: - i=SSL_ENC_AES256GCM_IDX; + i = SSL_ENC_AES256GCM_IDX; break; default: - i= -1; + i = -1; break; - } + } if ((i < 0) || (i > SSL_ENC_NUM_IDX)) - *enc=NULL; - else - { + *enc = NULL; + else { if (i == SSL_ENC_NULL_IDX) - *enc=EVP_enc_null(); + *enc = EVP_enc_null(); else - *enc=ssl_cipher_methods[i]; - } + *enc = ssl_cipher_methods[i]; + } - switch (c->algorithm_mac) - { + switch (c->algorithm_mac) { case SSL_MD5: - i=SSL_MD_MD5_IDX; + i = SSL_MD_MD5_IDX; break; case SSL_SHA1: - i=SSL_MD_SHA1_IDX; + i = SSL_MD_SHA1_IDX; break; case SSL_SHA256: - i=SSL_MD_SHA256_IDX; + i = SSL_MD_SHA256_IDX; break; case SSL_SHA384: - i=SSL_MD_SHA384_IDX; + i = SSL_MD_SHA384_IDX; break; case SSL_GOST94: i = SSL_MD_GOST94_IDX; @@ -593,63 +588,63 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, i = SSL_MD_GOST89MAC_IDX; break; default: - i= -1; + i = -1; break; - } - if ((i < 0) || (i > SSL_MD_NUM_IDX)) - { - *md=NULL; - if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; - if (mac_secret_size!=NULL) *mac_secret_size = 0; + } + if ((i < 0) || (i > SSL_MD_NUM_IDX)) { + *md = NULL; + + if (mac_pkey_type != NULL) + *mac_pkey_type = NID_undef; + if (mac_secret_size != NULL) + *mac_secret_size = 0; if (c->algorithm_mac == SSL_AEAD) mac_pkey_type = NULL; - } - else - { - *md=ssl_digest_methods[i]; - if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; - if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; + } else { + *md = ssl_digest_methods[i]; + if (mac_pkey_type != NULL) + *mac_pkey_type = ssl_mac_pkey_id[i]; + if (mac_secret_size != NULL) + *mac_secret_size = ssl_mac_secret_size[i]; } if ((*enc != NULL) && - (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && - (!mac_pkey_type||*mac_pkey_type != NID_undef)) - { + (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && + (!mac_pkey_type || *mac_pkey_type != NID_undef)) { const EVP_CIPHER *evp; - if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || - s->ssl_version < TLS1_VERSION) - return 1; + if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || + s->ssl_version < TLS1_VERSION) + return 1; #ifdef OPENSSL_FIPS if (FIPS_mode()) return 1; #endif - if (c->algorithm_enc == SSL_RC4 && - c->algorithm_mac == SSL_MD5 && - (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) - *enc = evp, *md = NULL; + if (c->algorithm_enc == SSL_RC4 && + c->algorithm_mac == SSL_MD5 && + (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) + *enc = evp, *md = NULL; else if (c->algorithm_enc == SSL_AES128 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; + c->algorithm_mac == SSL_SHA1 && + (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; else if (c->algorithm_enc == SSL_AES256 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; - return(1); - } - else - return(0); - } + c->algorithm_mac == SSL_SHA1 && + (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; + return (1); + } else + return (0); +} -int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) +int +ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) { - if (idx <0||idx>=SSL_MD_NUM_IDX) - { + if (idx < 0 || idx >= SSL_MD_NUM_IDX) { return 0; - } + } *mask = ssl_handshake_digest_flag[idx]; if (*mask) *md = ssl_digest_methods[idx]; @@ -661,40 +656,45 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) #define ITEM_SEP(a) \ (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) -static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) - { - if (curr == *tail) return; +static void +ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, + CIPHER_ORDER **tail) +{ + if (curr == *tail) + return; if (curr == *head) - *head=curr->next; + *head = curr->next; if (curr->prev != NULL) - curr->prev->next=curr->next; + curr->prev->next = curr->next; if (curr->next != NULL) - curr->next->prev=curr->prev; - (*tail)->next=curr; + curr->next->prev = curr->prev; + (*tail)->next = curr; curr->prev= *tail; - curr->next=NULL; - *tail=curr; - } + curr->next = NULL; + *tail = curr; +} -static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) - { - if (curr == *head) return; +static void +ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, + CIPHER_ORDER **tail) +{ + if (curr == *head) + return; if (curr == *tail) - *tail=curr->prev; + *tail = curr->prev; if (curr->next != NULL) - curr->next->prev=curr->prev; + curr->next->prev = curr->prev; if (curr->prev != NULL) - curr->prev->next=curr->next; - (*head)->prev=curr; + curr->prev->next = curr->next; + (*head)->prev = curr; curr->next= *head; - curr->prev=NULL; - *head=curr; - } + curr->prev = NULL; + *head = curr; +} -static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) - { +static void +ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) +{ *mkey = 0; *auth = 0; *enc = 0; @@ -743,44 +743,45 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un /* Disable GOST key exchange if no GOST signature algs are available * */ if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { *mkey |= SSL_kGOST; - } + } #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; #endif - - - - *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; - *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; - *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0; - *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; - *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; - *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; - *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; - - *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; - *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; - *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0; - *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0; - *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; - *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; - } -static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, - CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) - { + + *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; + + *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; + *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; + *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; + *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; + *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; + *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; + +} + +static void +ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, + int num_of_ciphers, +unsigned long disabled_mkey, unsigned long disabled_auth, + unsigned long disabled_enc, unsigned long disabled_mac, +unsigned long disabled_ssl, + CIPHER_ORDER *co_list, +CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) +{ int i, co_list_num; const SSL_CIPHER *c; @@ -793,68 +794,64 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* Get the initial list of ciphers */ co_list_num = 0; /* actual count of ciphers */ - for (i = 0; i < num_of_ciphers; i++) - { + for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && #ifdef OPENSSL_FIPS - (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && + (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && #endif - !(c->algorithm_mkey & disabled_mkey) && - !(c->algorithm_auth & disabled_auth) && - !(c->algorithm_enc & disabled_enc) && - !(c->algorithm_mac & disabled_mac) && - !(c->algorithm_ssl & disabled_ssl)) - { + !(c->algorithm_mkey & disabled_mkey) && + !(c->algorithm_auth & disabled_auth) && + !(c->algorithm_enc & disabled_enc) && + !(c->algorithm_mac & disabled_mac) && + !(c->algorithm_ssl & disabled_ssl)) { co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL; co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; co_list_num++; #ifdef KSSL_DEBUG - printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); + printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth); #endif /* KSSL_DEBUG */ /* if (!sk_push(ca_list,(char *)c)) goto err; */ - } } + } /* * Prepare linked list from list entries */ - if (co_list_num > 0) - { + if (co_list_num > 0) { co_list[0].prev = NULL; - if (co_list_num > 1) - { + if (co_list_num > 1) { co_list[0].next = &co_list[1]; - - for (i = 1; i < co_list_num - 1; i++) - { + + for (i = 1; i < co_list_num - 1; i++) { co_list[i].prev = &co_list[i - 1]; co_list[i].next = &co_list[i + 1]; - } + } co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; - } - + } + co_list[co_list_num - 1].next = NULL; *head_p = &co_list[0]; *tail_p = &co_list[co_list_num - 1]; - } } +} -static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, - int num_of_group_aliases, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, - CIPHER_ORDER *head) - { +static void +ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, + int num_of_group_aliases, +unsigned long disabled_mkey, unsigned long disabled_auth, + unsigned long disabled_enc, unsigned long disabled_mac, +unsigned long disabled_ssl, + CIPHER_ORDER *head) +{ CIPHER_ORDER *ciph_curr; const SSL_CIPHER **ca_curr; int i; @@ -869,12 +866,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, */ ciph_curr = head; ca_curr = ca_list; - while (ciph_curr != NULL) - { + while (ciph_curr != NULL) { *ca_curr = ciph_curr->cipher; ca_curr++; ciph_curr = ciph_curr->next; - } + } /* * Now we add the available ones from the cipher_aliases[] table. @@ -882,8 +878,7 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, * in any affected category must be supported (set in enabled_mask), * or represent a cipher strength value (will be added in any case because algorithms=0). */ - for (i = 0; i < num_of_group_aliases; i++) - { + for (i = 0; i < num_of_group_aliases; i++) { unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; @@ -893,45 +888,46 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, if (algorithm_mkey) if ((algorithm_mkey & mask_mkey) == 0) continue; - + if (algorithm_auth) if ((algorithm_auth & mask_auth) == 0) continue; - + if (algorithm_enc) if ((algorithm_enc & mask_enc) == 0) continue; - + if (algorithm_mac) if ((algorithm_mac & mask_mac) == 0) continue; - + if (algorithm_ssl) if ((algorithm_ssl & mask_ssl) == 0) continue; - + *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); ca_curr++; - } + } *ca_curr = NULL; /* end of list */ - } +} -static void ssl_cipher_apply_rule(unsigned long cipher_id, - unsigned long alg_mkey, unsigned long alg_auth, - unsigned long alg_enc, unsigned long alg_mac, - unsigned long alg_ssl, - unsigned long algo_strength, - int rule, int strength_bits, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) - { +static void +ssl_cipher_apply_rule(unsigned long cipher_id, + unsigned long alg_mkey, unsigned long alg_auth, +unsigned long alg_enc, unsigned long alg_mac, + unsigned long alg_ssl, +unsigned long algo_strength, + int rule, int strength_bits, +CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) +{ CIPHER_ORDER *head, *tail, *curr, *curr2, *last; const SSL_CIPHER *cp; int reverse = 0; #ifdef CIPHER_DEBUG printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", - rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); + rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); #endif if (rule == CIPHER_DEL) @@ -940,21 +936,18 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, head = *head_p; tail = *tail_p; - if (reverse) - { + if (reverse) { curr = tail; last = head; - } - else - { + } else { curr = head; last = tail; - } + } curr2 = curr; - for (;;) - { - if ((curr == NULL) || (curr == last)) break; + for (;;) { + if ((curr == NULL) + || (curr == last)) break; curr = curr2; curr2 = reverse ? curr->prev : curr->next; @@ -964,13 +957,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, * Selection criteria is either the value of strength_bits * or the algorithms used. */ - if (strength_bits >= 0) - { + if (strength_bits >= 0) { if (strength_bits != cp->strength_bits) continue; - } - else - { + } else { #ifdef CIPHER_DEBUG printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); #endif @@ -989,45 +979,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, continue; if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) continue; - } + } #ifdef CIPHER_DEBUG printf("Action = %d\n", rule); #endif /* add the cipher if it has not been added yet. */ - if (rule == CIPHER_ADD) - { + if (rule == CIPHER_ADD) { /* reverse == 0 */ - if (!curr->active) - { + if (!curr->active) { ll_append_tail(&head, curr, &tail); curr->active = 1; - } } + } /* Move the added cipher to this location */ - else if (rule == CIPHER_ORD) - { + else if (rule == CIPHER_ORD) { /* reverse == 0 */ - if (curr->active) - { + if (curr->active) { ll_append_tail(&head, curr, &tail); - } } - else if (rule == CIPHER_DEL) - { + } else if (rule == CIPHER_DEL) { /* reverse == 1 */ - if (curr->active) - { + if (curr->active) { /* most recently deleted ciphersuites get best positions * for any future CIPHER_ADD (note that the CIPHER_DEL loop * works in reverse to maintain the order) */ ll_append_head(&head, curr, &tail); curr->active = 0; - } } - else if (rule == CIPHER_KILL) - { + } else if (rule == CIPHER_KILL) { /* reverse == 0 */ if (head == curr) head = curr->next; @@ -1042,16 +1023,17 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, curr->prev->next = curr->next; curr->next = NULL; curr->prev = NULL; - } } + } *head_p = head; *tail_p = tail; - } +} -static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) - { +static int +ssl_cipher_strength_sort(CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) +{ int max_strength_bits, i, *number_uses; CIPHER_ORDER *curr; @@ -1062,32 +1044,29 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, */ max_strength_bits = 0; curr = *head_p; - while (curr != NULL) - { + while (curr != NULL) { if (curr->active && - (curr->cipher->strength_bits > max_strength_bits)) - max_strength_bits = curr->cipher->strength_bits; + (curr->cipher->strength_bits > max_strength_bits)) + max_strength_bits = curr->cipher->strength_bits; curr = curr->next; - } + } number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); - if (!number_uses) - { - SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); - return(0); - } + if (!number_uses) { + SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); + return (0); + } memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); /* * Now find the strength_bits values actually used */ curr = *head_p; - while (curr != NULL) - { + while (curr != NULL) { if (curr->active) number_uses[curr->cipher->strength_bits]++; curr = curr->next; - } + } /* * Go through the list of used strength_bits values in descending * order. @@ -1097,13 +1076,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); OPENSSL_free(number_uses); - return(1); - } + return (1); +} -static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, - const SSL_CIPHER **ca_list) - { +static int +ssl_cipher_process_rulestr(const char *rule_str, + CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, +const SSL_CIPHER **ca_list) +{ unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; @@ -1112,28 +1092,32 @@ static int ssl_cipher_process_rulestr(const char *rule_str, retval = 1; l = rule_str; - for (;;) - { + for (;;) { ch = *l; if (ch == '\0') - break; /* done */ + break; + /* done */ if (ch == '-') - { rule = CIPHER_DEL; l++; } - else if (ch == '+') - { rule = CIPHER_ORD; l++; } - else if (ch == '!') - { rule = CIPHER_KILL; l++; } - else if (ch == '@') - { rule = CIPHER_SPECIAL; l++; } - else - { rule = CIPHER_ADD; } + { rule = CIPHER_DEL; + l++; + } else if (ch == '+') + { rule = CIPHER_ORD; + l++; + } else if (ch == '!') + { rule = CIPHER_KILL; + l++; + } else if (ch == '@') + { rule = CIPHER_SPECIAL; + l++; + } else + { rule = CIPHER_ADD; + } - if (ITEM_SEP(ch)) - { + if (ITEM_SEP(ch)) { l++; continue; - } + } alg_mkey = 0; alg_auth = 0; @@ -1142,52 +1126,47 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_ssl = 0; algo_strength = 0; - for (;;) - { + for (;;) { ch = *l; buf = l; buflen = 0; #ifndef CHARSET_EBCDIC - while ( ((ch >= 'A') && (ch <= 'Z')) || - ((ch >= '0') && (ch <= '9')) || - ((ch >= 'a') && (ch <= 'z')) || - (ch == '-') || (ch == '.')) + while (((ch >= 'A') && (ch <= 'Z')) || + ((ch >= '0') && (ch <= '9')) || + ((ch >= 'a') && (ch <= 'z')) || + (ch == '-') || (ch == '.')) #else - while ( isalnum(ch) || (ch == '-') || (ch == '.')) + while (isalnum(ch) || (ch == '-') || (ch == '.')) #endif - { - ch = *(++l); - buflen++; - } + { + ch = *(++l); + buflen++; + } - if (buflen == 0) - { + if (buflen == 0) { /* * We hit something we cannot deal with, * it is no command or separator nor * alphanumeric, so we call this an error. */ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); + SSL_R_INVALID_COMMAND); retval = found = 0; l++; break; - } + } - if (rule == CIPHER_SPECIAL) - { + if (rule == CIPHER_SPECIAL) { found = 0; /* unused -- avoid compiler warning */ break; /* special treatment */ - } + } /* check for multi-part specification */ - if (ch == '+') - { - multi=1; + if (ch == '+') { + multi = 1; l++; - } - else - multi=0; + } else + multi = 0; /* * Now search for the cipher alias in the ca_list. Be careful @@ -1202,126 +1181,121 @@ static int ssl_cipher_process_rulestr(const char *rule_str, */ j = found = 0; cipher_id = 0; - while (ca_list[j]) - { + while (ca_list[j]) { if (!strncmp(buf, ca_list[j]->name, buflen) && - (ca_list[j]->name[buflen] == '\0')) - { + (ca_list[j]->name[buflen] == '\0')) { found = 1; break; - } - else + } else j++; - } + } if (!found) break; /* ignore this entry */ - if (ca_list[j]->algorithm_mkey) - { - if (alg_mkey) - { + if (ca_list[j]->algorithm_mkey) { + if (alg_mkey) { alg_mkey &= ca_list[j]->algorithm_mkey; - if (!alg_mkey) { found = 0; break; } + if (!alg_mkey) { + found = 0; + break; } - else + } else alg_mkey = ca_list[j]->algorithm_mkey; - } + } - if (ca_list[j]->algorithm_auth) - { - if (alg_auth) - { + if (ca_list[j]->algorithm_auth) { + if (alg_auth) { alg_auth &= ca_list[j]->algorithm_auth; - if (!alg_auth) { found = 0; break; } + if (!alg_auth) { + found = 0; + break; } - else + } else alg_auth = ca_list[j]->algorithm_auth; - } - - if (ca_list[j]->algorithm_enc) - { - if (alg_enc) - { + } + + if (ca_list[j]->algorithm_enc) { + if (alg_enc) { alg_enc &= ca_list[j]->algorithm_enc; - if (!alg_enc) { found = 0; break; } + if (!alg_enc) { + found = 0; + break; } - else + } else alg_enc = ca_list[j]->algorithm_enc; - } - - if (ca_list[j]->algorithm_mac) - { - if (alg_mac) - { + } + + if (ca_list[j]->algorithm_mac) { + if (alg_mac) { alg_mac &= ca_list[j]->algorithm_mac; - if (!alg_mac) { found = 0; break; } + if (!alg_mac) { + found = 0; + break; } - else + } else alg_mac = ca_list[j]->algorithm_mac; - } - - if (ca_list[j]->algo_strength & SSL_EXP_MASK) - { - if (algo_strength & SSL_EXP_MASK) - { + } + + if (ca_list[j]->algo_strength & SSL_EXP_MASK) { + if (algo_strength & SSL_EXP_MASK) { algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; - if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } + if (!(algo_strength & SSL_EXP_MASK)) { + found = 0; + break; } - else + } else algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; - } + } - if (ca_list[j]->algo_strength & SSL_STRONG_MASK) - { - if (algo_strength & SSL_STRONG_MASK) - { + if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { + if (algo_strength & SSL_STRONG_MASK) { algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; - if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } + if (!(algo_strength & SSL_STRONG_MASK)) { + found = 0; + break; } - else + } else algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; - } - - if (ca_list[j]->valid) - { + } + + if (ca_list[j]->valid) { /* explicit ciphersuite found; its protocol version * does not become part of the search pattern!*/ cipher_id = ca_list[j]->id; - } - else - { + } else { /* not an explicit ciphersuite; only in this case, the * protocol version is considered part of the search pattern */ - if (ca_list[j]->algorithm_ssl) - { - if (alg_ssl) - { + if (ca_list[j]->algorithm_ssl) { + if (alg_ssl) { alg_ssl &= ca_list[j]->algorithm_ssl; - if (!alg_ssl) { found = 0; break; } + if (!alg_ssl) { + found = 0; + break; } - else + } else alg_ssl = ca_list[j]->algorithm_ssl; - } } - - if (!multi) break; } + if (!multi) + break; + } + /* * Ok, we have the rule, now apply it */ if (rule == CIPHER_SPECIAL) - { /* special command */ + { /* special command */ ok = 0; if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) - ok = ssl_cipher_strength_sort(head_p, tail_p); + ok = ssl_cipher_strength_sort(head_p, tail_p); else SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); + SSL_R_INVALID_COMMAND); if (ok == 0) retval = 0; /* @@ -1331,30 +1305,27 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * end or ':' is found. */ while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } - else if (found) - { + l++; + } else if (found) { ssl_cipher_apply_rule(cipher_id, - alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, - rule, -1, head_p, tail_p); - } - else - { + alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, + rule, -1, head_p, tail_p); + } else { while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } + l++; + } if (*l == '\0') break; /* done */ } - return(retval); - } + return (retval); +} -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - const char *rule_str) - { +STACK_OF(SSL_CIPHER) +*ssl_create_cipher_list(const SSL_METHOD *ssl_method, +STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, +const char *rule_str) +{ int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; @@ -1384,15 +1355,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); #endif /* KSSL_DEBUG */ co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); - if (co_list == NULL) - { - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + if (co_list == NULL) { + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ - } + } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, - disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, - co_list, &head, &tail); + disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, + co_list, &head, &tail); /* Now arrange all ciphers by preference: */ @@ -1419,19 +1389,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); /* RC4 is sort-of broken -- move the the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); /* Now sort by symmetric encryption strength. The above ordering remains * in force within each class */ - if (!ssl_cipher_strength_sort(&head, &tail)) - { + if (!ssl_cipher_strength_sort(&head, &tail)) { OPENSSL_free(co_list); return NULL; - } + } /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -1448,15 +1417,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); - if (ca_list == NULL) - { + if (ca_list == NULL) { OPENSSL_free(co_list); - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ - } + } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, disabled_ssl, head); + disabled_mkey, disabled_auth, disabled_enc, + disabled_mac, disabled_ssl, head); /* * If the rule_string begins with DEFAULT, apply the default rule @@ -1464,14 +1432,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ ok = 1; rule_p = rule_str; - if (strncmp(rule_str,"DEFAULT",7) == 0) - { + if (strncmp(rule_str, "DEFAULT", 7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, - &head, &tail, ca_list); + &head, &tail, ca_list); rule_p += 7; if (*rule_p == ':') rule_p++; - } + } if (ok && (strlen(rule_p) > 0)) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); @@ -1479,65 +1446,63 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, OPENSSL_free((void *)ca_list); /* Not needed anymore */ if (!ok) - { /* Rule processing failure */ + { /* Rule processing failure */ OPENSSL_free(co_list); - return(NULL); - } - + return (NULL); + } + /* * Allocate new "cipherstack" for the result, return with error * if we cannot get one. */ - if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) - { + if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { OPENSSL_free(co_list); - return(NULL); - } + return (NULL); + } /* * The cipher selection for the list is done. The ciphers are added * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ - for (curr = head; curr != NULL; curr = curr->next) - { + for (curr = head; curr != NULL; curr = curr->next) { #ifdef OPENSSL_FIPS if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) #else if (curr->active) #endif - { + { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG - printf("<%s>\n",curr->cipher->name); + printf("<%s>\n", curr->cipher->name); #endif - } } + } OPENSSL_free(co_list); /* Not needed any longer */ tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); - if (tmp_cipher_list == NULL) - { + if (tmp_cipher_list == NULL) { sk_SSL_CIPHER_free(cipherstack); return NULL; - } + } if (*cipher_list != NULL) sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; if (*cipher_list_by_id != NULL) sk_SSL_CIPHER_free(*cipher_list_by_id); *cipher_list_by_id = tmp_cipher_list; - (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); + (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); sk_SSL_CIPHER_sort(*cipher_list_by_id); - return(cipherstack); - } + return (cipherstack); +} -char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - { - int is_export,pkl,kl; - const char *ver,*exp_str; - const char *kx,*au,*enc,*mac; - unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; +char +*SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +{ + int is_export, pkl, kl; + const char *ver, *exp_str; + const char *kx, *au, *enc, *mac; + unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; #else @@ -1550,13 +1515,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) alg_mac = cipher->algorithm_mac; alg_ssl = cipher->algorithm_ssl; - alg2=cipher->algorithm2; + alg2 = cipher->algorithm2; + + is_export = SSL_C_IS_EXPORT(cipher); + pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); + kl = SSL_C_EXPORT_KEYLENGTH(cipher); + exp_str = is_export?" export":""; - is_export=SSL_C_IS_EXPORT(cipher); - pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); - kl=SSL_C_EXPORT_KEYLENGTH(cipher); - exp_str=is_export?" export":""; - if (alg_ssl & SSL_SSLV2) ver="SSLv2"; else if (alg_ssl & SSL_SSLV3) @@ -1566,10 +1531,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) else ver="unknown"; - switch (alg_mkey) - { + switch (alg_mkey) { case SSL_kRSA: - kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; + kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; break; case SSL_kDHr: kx="DH/RSA"; @@ -1577,11 +1541,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kDHd: kx="DH/DSS"; break; - case SSL_kKRB5: + case SSL_kKRB5: kx="KRB5"; break; case SSL_kEDH: - kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; + kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; break; case SSL_kECDHr: kx="ECDH/RSA"; @@ -1600,10 +1564,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) break; default: kx="unknown"; - } + } - switch (alg_auth) - { + switch (alg_auth) { case SSL_aRSA: au="RSA"; break; @@ -1613,10 +1576,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aDH: au="DH"; break; - case SSL_aKRB5: + case SSL_aKRB5: au="KRB5"; break; - case SSL_aECDH: + case SSL_aECDH: au="ECDH"; break; case SSL_aNULL: @@ -1631,22 +1594,21 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) default: au="unknown"; break; - } + } - switch (alg_enc) - { + switch (alg_enc) { case SSL_DES: - enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; + enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; break; case SSL_3DES: enc="3DES(168)"; break; case SSL_RC4: - enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") - :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); + enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") + :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); break; case SSL_RC2: - enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; + enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; break; case SSL_IDEA: enc="IDEA(128)"; @@ -1678,10 +1640,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) default: enc="unknown"; break; - } + } - switch (alg_mac) - { + switch (alg_mac) { case SSL_MD5: mac="MD5"; break; @@ -1700,108 +1661,119 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) default: mac="unknown"; break; - } + } - if (buf == NULL) - { - len=128; - buf=OPENSSL_malloc(len); - if (buf == NULL) return("OPENSSL_malloc Error"); - } - else if (len < 128) - return("Buffer too small"); + if (buf == NULL) { + len = 128; + buf = OPENSSL_malloc(len); + if (buf == NULL) + return("OPENSSL_malloc Error"); + } else if (len < 128) + return("Buffer too small"); #ifdef KSSL_DEBUG - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); + BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); #else - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); + BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); #endif /* KSSL_DEBUG */ - return(buf); - } + return (buf); +} -char *SSL_CIPHER_get_version(const SSL_CIPHER *c) - { +char +*SSL_CIPHER_get_version(const SSL_CIPHER *c) +{ int i; - if (c == NULL) return("(NONE)"); - i=(int)(c->id>>24L); + if (c == NULL) + return("(NONE)"); + i = (int)(c->id >> 24L); if (i == 3) return("TLSv1/SSLv3"); else if (i == 2) return("SSLv2"); else return("unknown"); - } +} /* return the actual cipher being used */ -const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) - { +const char +*SSL_CIPHER_get_name(const SSL_CIPHER *c) +{ if (c != NULL) - return(c->name); + return (c->name); return("(NONE)"); - } +} /* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) - { - int ret=0; +int +SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) +{ + int ret = 0; - if (c != NULL) - { - if (alg_bits != NULL) *alg_bits = c->alg_bits; + if (c != NULL) { + if (alg_bits != NULL) + *alg_bits = c->alg_bits; ret = c->strength_bits; - } - return(ret); } + return (ret); +} -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) - { +unsigned long +SSL_CIPHER_get_id(const SSL_CIPHER *c) +{ return c->id; - } +} -SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) - { +SSL_COMP +*ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) +{ SSL_COMP *ctmp; - int i,nn; + int i, nn; - if ((n == 0) || (sk == NULL)) return(NULL); - nn=sk_SSL_COMP_num(sk); - for (i=0; i<nn; i++) - { - ctmp=sk_SSL_COMP_value(sk,i); + if ((n == 0) + || (sk == NULL)) return (NULL); + nn = sk_SSL_COMP_num(sk); + for (i = 0; i < nn; i++) { + ctmp = sk_SSL_COMP_value(sk, i); if (ctmp->id == n) - return(ctmp); - } - return(NULL); + return (ctmp); } + return (NULL); +} #ifdef OPENSSL_NO_COMP -void *SSL_COMP_get_compression_methods(void) - { +void +*SSL_COMP_get_compression_methods(void) +{ return NULL; - } -int SSL_COMP_add_compression_method(int id, void *cm) - { +} + +int +SSL_COMP_add_compression_method(int id, void *cm) +{ return 1; - } +} -const char *SSL_COMP_get_name(const void *comp) - { +const char +*SSL_COMP_get_name(const void *comp) +{ return NULL; - } +} #else -STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) - { +STACK_OF(SSL_COMP) +*SSL_COMP_get_compression_methods(void) +{ load_builtin_compressions(); - return(ssl_comp_methods); - } + return (ssl_comp_methods); +} -int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) - { +int +SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) +{ SSL_COMP *comp; - if (cm == NULL || cm->type == NID_undef) - return 1; + if (cm == NULL || cm->type == NID_undef) + return 1; /* According to draft-ietf-tls-compression-04.txt, the compression number ranges should be the following: @@ -1809,45 +1781,40 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 0 to 63: methods defined by the IETF 64 to 192: external party methods assigned by IANA 193 to 255: reserved for private use */ - if (id < 193 || id > 255) - { - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); + if (id < 193 || id > 255) { + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); return 0; - } + } MemCheck_off(); - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - comp->id=id; - comp->method=cm; + comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + comp->id = id; + comp->method = cm; load_builtin_compressions(); if (ssl_comp_methods - && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) - { + && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { OPENSSL_free(comp); MemCheck_on(); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); - return(1); - } - else if ((ssl_comp_methods == NULL) - || !sk_SSL_COMP_push(ssl_comp_methods,comp)) - { + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); + return (1); + } else if ((ssl_comp_methods == NULL) + || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { OPENSSL_free(comp); MemCheck_on(); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); - return(1); - } - else - { + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); + return (1); + } else { MemCheck_on(); - return(0); - } + return (0); } +} -const char *SSL_COMP_get_name(const COMP_METHOD *comp) - { +const char +*SSL_COMP_get_name(const COMP_METHOD *comp) +{ if (comp) return comp->name; return NULL; - } +} #endif diff --git a/lib/libssl/src/ssl/ssl_err.c b/lib/libssl/src/ssl/ssl_err.c index 370fb57e3b8..67ba3c76991 100644 --- a/lib/libssl/src/ssl/ssl_err.c +++ b/lib/libssl/src/ssl/ssl_err.c @@ -68,543 +68,541 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) -static ERR_STRING_DATA SSL_str_functs[]= - { -{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, -{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, -{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, -{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, -{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, -{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, -{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, -{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, -{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, -{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, -{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, -{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, -{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, -{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, -{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, -{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, -{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, -{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, -{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, -{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, -{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, -{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, -{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, -{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, -{ERR_FUNC(SSL_F_READ_N), "READ_N"}, -{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, -{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, -{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, -{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, -{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, -{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, -{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, -{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, -{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, -{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, -{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, -{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, -{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, -{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, -{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, -{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, -{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, -{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, -{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, -{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, -{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, -{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, -{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, -{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, -{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, -{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, -{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, -{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, -{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, -{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, -{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, -{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, -{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, -{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, -{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, -{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, -{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, -{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, -{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, -{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, -{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, -{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, -{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, -{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, -{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, -{ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, -{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, -{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, -{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, -{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, -{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, -{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, -{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, -{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, -{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, -{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, -{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, -{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, -{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, -{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, -{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, -{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, -{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, -{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, -{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, -{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, -{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, -{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, -{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, -{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, -{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, -{ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, -{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, -{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, -{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, -{ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, -{ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, -{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, -{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, -{0,NULL} - }; +static ERR_STRING_DATA SSL_str_functs[]= { + {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, + {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, + {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, + {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, + {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, + {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, + {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, + {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, + {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, + {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, + {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, + {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, + {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, + {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, + {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, + {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, + {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, + {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, + {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, + {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, + {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, + {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, + {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, + {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, + {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, + {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, + {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, + {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, + {ERR_FUNC(SSL_F_READ_N), "READ_N"}, + {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, + {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, + {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, + {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, + {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, + {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, + {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, + {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, + {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, + {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, + {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, + {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, + {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, + {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, + {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, + {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, + {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, + {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, + {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, + {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, + {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, + {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, + {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, + {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, + {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, + {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, + {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, + {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, + {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, + {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, + {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, + {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, + {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, + {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, + {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, + {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, + {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, + {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, + {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, + {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, + {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, + {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, + {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, + {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, + {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, + {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, + {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, + {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, + {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, + {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, + {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, + {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, + {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, + {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, + {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, + {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, + {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, + {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, + {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, + {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, + {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, + {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, + {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, + {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, + {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, + {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, + {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, + {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, + {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, + {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, + {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, + {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, + {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, + {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, + {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, + {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, + {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, + {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, + {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, + {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, + {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, + {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, + {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, + {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, + {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, + {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, + {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, + {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, + {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, + {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, + {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, + {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, + {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, + {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, + {0, NULL} +}; -static ERR_STRING_DATA SSL_str_reasons[]= - { -{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, -{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, -{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, -{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, -{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, -{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, -{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, -{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, -{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, -{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, -{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, -{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, -{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, -{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, -{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, -{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, -{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, -{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, -{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, -{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, -{ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, -{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, -{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, -{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, -{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, -{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, -{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, -{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, -{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, -{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, -{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, -{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, -{ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"}, -{ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"}, -{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"}, -{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"}, -{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"}, -{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"}, -{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"}, -{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, -{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, -{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, -{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, -{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, -{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, -{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, -{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, -{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, -{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, -{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, -{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, -{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, -{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, -{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, -{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, -{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, -{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, -{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, -{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, -{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, -{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, -{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, -{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, -{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, -{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, -{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, -{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, -{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, -{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, -{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, -{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, -{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, -{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, -{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, -{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, -{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, -{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, -{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, -{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, -{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, -{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, -{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, -{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, -{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, -{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, -{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, -{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, -{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, -{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, -{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, -{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, -{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, -{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, -{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, -{ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, -{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, -{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, -{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, -{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, -{ERR_REASON(SSL_R_KRB5) ,"krb5"}, -{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, -{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, -{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, -{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, -{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, -{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, -{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, -{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, -{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, -{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, -{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, -{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, -{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, -{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, -{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, -{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, -{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, -{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, -{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, -{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, -{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, -{ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"}, -{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, -{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, -{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, -{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, -{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, -{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, -{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, -{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, -{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, -{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, -{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, -{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, -{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, -{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, -{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, -{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, -{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, -{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, -{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, -{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, -{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, -{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, -{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, -{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, -{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, -{ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"}, -{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, -{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, -{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, -{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, -{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, -{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, -{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, -{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, -{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, -{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, -{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, -{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, -{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, -{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, -{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, -{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, -{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, -{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, -{ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, -{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, -{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, -{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, -{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, -{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, -{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, -{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, -{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, -{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, -{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, -{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, -{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, -{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, -{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, -{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, -{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, -{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, -{ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, -{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"}, -{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, -{ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"}, -{ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"}, -{ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"}, -{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"}, -{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, -{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, -{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, -{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, -{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, -{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, -{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, -{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, -{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, -{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, -{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, -{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, -{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, -{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"}, -{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"}, -{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"}, -{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, -{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, -{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, -{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, -{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, -{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, -{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, -{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, -{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, -{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, -{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, -{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, -{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, -{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, -{ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"}, -{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, -{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, -{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, -{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, -{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, -{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, -{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, -{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, -{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, -{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, -{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, -{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, -{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, -{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, -{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, -{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, -{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, -{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, -{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"}, -{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, -{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, -{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, -{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, -{0,NULL} - }; +static ERR_STRING_DATA SSL_str_reasons[]= { + {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, + {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, + {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, + {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, + {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, + {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, + {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, + {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, + {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, + {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, + {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, + {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, + {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, + {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, + {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, + {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, + {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, + {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, + {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, + {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, + {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, + {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, + {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, + {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, + {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, + {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, + {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, + {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, + {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, + {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, + {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, + {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, + {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, + {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, + {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, + {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, + {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, + {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, + {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, + {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, + {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, + {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, + {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, + {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, + {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, + {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, + {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, + {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, + {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, + {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, + {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, + {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, + {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, + {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, + {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, + {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, + {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, + {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, + {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, + {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, + {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, + {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, + {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, + {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, + {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, + {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, + {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, + {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, + {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, + {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, + {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, + {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, + {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, + {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, + {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, + {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, + {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, + {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, + {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, + {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, + {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, + {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, + {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, + {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, + {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, + {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, + {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, + {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, + {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, + {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, + {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, + {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, + {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, + {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, + {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, + {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, + {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, + {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, + {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, + {ERR_REASON(SSL_R_KRB5) , "krb5"}, + {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, + {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, + {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, + {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, + {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, + {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, + {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, + {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, + {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, + {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, + {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, + {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, + {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, + {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, + {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, + {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, + {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, + {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, + {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, + {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, + {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, + {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, + {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, + {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, + {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, + {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, + {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, + {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, + {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, + {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, + {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, + {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, + {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, + {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, + {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, + {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, + {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, + {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, + {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, + {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, + {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, + {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, + {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, + {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, + {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, + {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, + {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, + {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, + {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, + {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, + {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, + {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, + {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, + {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, + {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, + {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, + {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, + {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"}, + {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, + {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, + {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, + {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, + {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, + {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, + {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, + {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, + {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, + {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, + {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, + {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, + {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, + {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, + {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, + {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, + {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, + {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, + {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, + {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, + {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, + {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, + {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, + {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, + {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, + {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, + {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, + {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, + {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, + {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, + {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, + {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, + {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, + {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, + {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, + {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, + {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, + {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, + {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, + {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, + {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, + {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, + {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, + {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, + {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, + {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, + {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, + {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, + {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, + {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, + {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, + {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, + {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, + {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, + {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, + {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, + {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, + {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, + {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbearts"}, + {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, + {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, + {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, + {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, + {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, + {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"}, + {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, + {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, + {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, + {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, + {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, + {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, + {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, + {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, + {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, + {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, + {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, + {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, + {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, + {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, + {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, + {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, + {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, + {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, + {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, + {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, + {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, + {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, + {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, + {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, + {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, + {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, + {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, + {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, + {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, + {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, + {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, + {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, + {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, + {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, + {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, + {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, + {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, + {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, + {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, + {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, + {0, NULL} +}; #endif -void ERR_load_SSL_strings(void) - { +void +ERR_load_SSL_strings(void) +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) - { - ERR_load_strings(0,SSL_str_functs); - ERR_load_strings(0,SSL_str_reasons); - } -#endif + if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { + ERR_load_strings(0, SSL_str_functs); + ERR_load_strings(0, SSL_str_reasons); } +#endif +} diff --git a/lib/libssl/src/ssl/ssl_err2.c b/lib/libssl/src/ssl/ssl_err2.c index ea95a5f983c..cd781d38aa4 100644 --- a/lib/libssl/src/ssl/ssl_err2.c +++ b/lib/libssl/src/ssl/ssl_err2.c @@ -60,11 +60,12 @@ #include <openssl/err.h> #include <openssl/ssl.h> -void SSL_load_error_strings(void) - { +void +SSL_load_error_strings(void) +{ #ifndef OPENSSL_NO_ERR ERR_load_crypto_strings(); ERR_load_SSL_strings(); #endif - } +} diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index d9a728493e2..98764b82aa1 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -160,11 +160,11 @@ #include <openssl/engine.h> #endif -const char *SSL_version_str=OPENSSL_VERSION_TEXT; +const char *SSL_version_str = OPENSSL_VERSION_TEXT; -SSL3_ENC_METHOD ssl3_undef_enc_method={ +SSL3_ENC_METHOD ssl3_undef_enc_method = { /* evil casts, but these functions are only called if there's a library bug */ - (int (*)(SSL *,int))ssl_undefined_function, + (int (*)(SSL *, int))ssl_undefined_function, (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, @@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ 0, /* server_finished_label_len */ (int (*)(int))ssl_undefined_function, (int (*)(SSL *, unsigned char *, size_t, const char *, - size_t, const unsigned char *, size_t, - int use_context)) ssl_undefined_function, - }; + size_t, const unsigned char *, size_t, + int use_context)) ssl_undefined_function, +}; -int SSL_clear(SSL *s) - { +int +SSL_clear(SSL *s) +{ - if (s->method == NULL) - { - SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); - return(0); - } + if (s->method == NULL) { + SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); + return (0); + } - if (ssl_clear_bad_session(s)) - { + if (ssl_clear_bad_session(s)) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - s->error=0; - s->hit=0; - s->shutdown=0; + s->error = 0; + s->hit = 0; + s->shutdown = 0; #if 0 /* Disabled since version 1.10 of this file (early return not * needed because SSL_clear is not called when doing renegotiation) */ /* This is set if we are doing dynamic renegotiation so keep * the old cipher. It is sort of a SSL_clear_lite :-) */ - if (s->renegotiate) return(1); -#else if (s->renegotiate) - { - SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); + return (1); +#else + if (s->renegotiate) { + SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); return 0; - } + } #endif - s->type=0; + s->type = 0; - s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); + s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); - s->version=s->method->version; - s->client_version=s->version; - s->rwstate=SSL_NOTHING; - s->rstate=SSL_ST_READ_HEADER; + s->version = s->method->version; + s->client_version = s->version; + s->rwstate = SSL_NOTHING; + s->rstate = SSL_ST_READ_HEADER; #if 0 - s->read_ahead=s->ctx->read_ahead; + s->read_ahead = s->ctx->read_ahead; #endif - if (s->init_buf != NULL) - { + if (s->init_buf != NULL) { BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - } + s->init_buf = NULL; + } ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - s->first_packet=0; + s->first_packet = 0; #if 1 /* Check to see if we were changed into a different method, if * so, revert back if we are not doing session-id reuse. */ - if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) - { + if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { s->method->ssl_free(s); - s->method=s->ctx->method; + s->method = s->ctx->method; if (!s->method->ssl_new(s)) - return(0); - } - else + return (0); + } else #endif - s->method->ssl_clear(s); - return(1); - } + s->method->ssl_clear(s); + return (1); +} /** Used to change an SSL_CTXs default SSL method type */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) - { +int +SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) +{ STACK_OF(SSL_CIPHER) *sk; - ctx->method=meth; + ctx->method = meth; - sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), - &(ctx->cipher_list_by_id), - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); - if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) - { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); - return(0); - } - return(1); + sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), + &(ctx->cipher_list_by_id), + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); + if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return (0); } + return (1); +} -SSL *SSL_new(SSL_CTX *ctx) - { +SSL +*SSL_new(SSL_CTX *ctx) +{ SSL *s; - if (ctx == NULL) - { - SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); - return(NULL); - } - if (ctx->method == NULL) - { - SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); - return(NULL); - } + if (ctx == NULL) { + SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); + return (NULL); + } + if (ctx->method == NULL) { + SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); + return (NULL); + } - s=(SSL *)OPENSSL_malloc(sizeof(SSL)); - if (s == NULL) goto err; - memset(s,0,sizeof(SSL)); + s = (SSL *)OPENSSL_malloc(sizeof(SSL)); + if (s == NULL) + goto err; + memset(s, 0, sizeof(SSL)); #ifndef OPENSSL_NO_KRB5 s->kssl_ctx = kssl_ctx_new(); #endif /* OPENSSL_NO_KRB5 */ - s->options=ctx->options; - s->mode=ctx->mode; - s->max_cert_list=ctx->max_cert_list; + s->options = ctx->options; + s->mode = ctx->mode; + s->max_cert_list = ctx->max_cert_list; - if (ctx->cert != NULL) - { + if (ctx->cert != NULL) { /* Earlier library versions used to copy the pointer to * the CERT, not its contents; only when setting new * parameters for the per-SSL copy, ssl_cert_new would be @@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx) s->cert = ssl_cert_dup(ctx->cert); if (s->cert == NULL) goto err; - } - else + } else s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ - s->read_ahead=ctx->read_ahead; - s->msg_callback=ctx->msg_callback; - s->msg_callback_arg=ctx->msg_callback_arg; - s->verify_mode=ctx->verify_mode; + s->read_ahead = ctx->read_ahead; + s->msg_callback = ctx->msg_callback; + s->msg_callback_arg = ctx->msg_callback_arg; + s->verify_mode = ctx->verify_mode; #if 0 - s->verify_depth=ctx->verify_depth; + s->verify_depth = ctx->verify_depth; #endif - s->sid_ctx_length=ctx->sid_ctx_length; + s->sid_ctx_length = ctx->sid_ctx_length; OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); - memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); - s->verify_callback=ctx->default_verify_callback; - s->generate_session_id=ctx->generate_session_id; + memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); + s->verify_callback = ctx->default_verify_callback; + s->generate_session_id = ctx->generate_session_id; s->param = X509_VERIFY_PARAM_new(); if (!s->param) @@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx) s->purpose = ctx->purpose; s->trust = ctx->trust; #endif - s->quiet_shutdown=ctx->quiet_shutdown; + s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - s->ctx=ctx; + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + s->ctx = ctx; #ifndef OPENSSL_NO_TLSEXT s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; @@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ocsp_exts = NULL; s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - s->initial_ctx=ctx; + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + s->initial_ctx = ctx; # ifndef OPENSSL_NO_NEXTPROTONEG s->next_proto_negotiated = NULL; # endif #endif - s->verify_result=X509_V_OK; + s->verify_result = X509_V_OK; - s->method=ctx->method; + s->method = ctx->method; if (!s->method->ssl_new(s)) goto err; - s->references=1; - s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; + s->references = 1; + s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; SSL_clear(s); CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); #ifndef OPENSSL_NO_PSK - s->psk_client_callback=ctx->psk_client_callback; - s->psk_server_callback=ctx->psk_server_callback; + s->psk_client_callback = ctx->psk_client_callback; + s->psk_server_callback = ctx->psk_server_callback; #endif - return(s); + return (s); err: - if (s != NULL) - { + if (s != NULL) { if (s->cert != NULL) ssl_cert_free(s->cert); if (s->ctx != NULL) SSL_CTX_free(s->ctx); /* decrement reference count */ OPENSSL_free(s); - } - SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); } + SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); +} -int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > sizeof ctx->sid_ctx) - { - SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; +int +SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) +{ + if (sid_ctx_len > sizeof ctx->sid_ctx) { + SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + return 0; } - ctx->sid_ctx_length=sid_ctx_len; - memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); + ctx->sid_ctx_length = sid_ctx_len; + memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); - return 1; - } + return 1; +} -int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) - { - SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; +int +SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) +{ + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { + SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + return 0; } - ssl->sid_ctx_length=sid_ctx_len; - memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); + ssl->sid_ctx_length = sid_ctx_len; + memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); - return 1; - } + return 1; +} -int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) - { +int +SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) +{ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); ctx->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); return 1; - } +} -int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) - { +int +SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) +{ CRYPTO_w_lock(CRYPTO_LOCK_SSL); ssl->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL); return 1; - } +} -int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len) - { +int +SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, + unsigned int id_len) +{ /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how * we can "construct" a session to give us the desired check - ie. to * find if there's a session in the hash table that would conflict with @@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * use by this SSL. */ SSL_SESSION r, *p; - if(id_len > sizeof r.session_id) + if (id_len > sizeof r.session_id) return 0; r.ssl_version = ssl->version; @@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * callback is calling us to check the uniqueness of a shorter ID, it * must be compared as a padded-out ID because that is what it will be * converted to when the callback has finished choosing it. */ - if((r.ssl_version == SSL2_VERSION) && - (id_len < SSL2_SSL_SESSION_ID_LENGTH)) - { + if ((r.ssl_version == SSL2_VERSION) && + (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { memset(r.session_id + id_len, 0, - SSL2_SSL_SESSION_ID_LENGTH - id_len); + SSL2_SSL_SESSION_ID_LENGTH - id_len); r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } + } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); return (p != NULL); - } +} -int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) - { +int +SSL_CTX_set_purpose(SSL_CTX *s, int purpose) +{ return X509_VERIFY_PARAM_set_purpose(s->param, purpose); - } +} -int SSL_set_purpose(SSL *s, int purpose) - { +int +SSL_set_purpose(SSL *s, int purpose) +{ return X509_VERIFY_PARAM_set_purpose(s->param, purpose); - } +} -int SSL_CTX_set_trust(SSL_CTX *s, int trust) - { +int +SSL_CTX_set_trust(SSL_CTX *s, int trust) +{ return X509_VERIFY_PARAM_set_trust(s->param, trust); - } +} -int SSL_set_trust(SSL *s, int trust) - { +int +SSL_set_trust(SSL *s, int trust) +{ return X509_VERIFY_PARAM_set_trust(s->param, trust); - } +} -int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) - { +int +SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +{ return X509_VERIFY_PARAM_set1(ctx->param, vpm); - } +} -int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) - { +int +SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +{ return X509_VERIFY_PARAM_set1(ssl->param, vpm); - } +} -void SSL_free(SSL *s) - { +void +SSL_free(SSL *s) +{ int i; - if(s == NULL) - return; + if (s == NULL) + return; - i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); + i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); #ifdef REF_PRINT - REF_PRINT("SSL",s); + REF_PRINT("SSL", s); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "SSL_free, bad reference count\n"); abort(); /* ok */ - } + } #endif if (s->param) @@ -527,53 +529,58 @@ void SSL_free(SSL *s) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); - if (s->bbio != NULL) - { + if (s->bbio != NULL) { /* If the buffering BIO is in place, pop it off */ - if (s->bbio == s->wbio) - { - s->wbio=BIO_pop(s->wbio); - } - BIO_free(s->bbio); - s->bbio=NULL; + if (s->bbio == s->wbio) { + s->wbio = BIO_pop(s->wbio); } + BIO_free(s->bbio); + s->bbio = NULL; + } if (s->rbio != NULL) BIO_free_all(s->rbio); if ((s->wbio != NULL) && (s->wbio != s->rbio)) BIO_free_all(s->wbio); - if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); + if (s->init_buf != NULL) + BUF_MEM_free(s->init_buf); /* add extra stuff */ - if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); + if (s->cipher_list != NULL) + sk_SSL_CIPHER_free(s->cipher_list); + if (s->cipher_list_by_id != NULL) + sk_SSL_CIPHER_free(s->cipher_list_by_id); /* Make the next call work :-) */ - if (s->session != NULL) - { + if (s->session != NULL) { ssl_clear_bad_session(s); SSL_SESSION_free(s->session); - } + } ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - if (s->cert != NULL) ssl_cert_free(s->cert); + if (s->cert != NULL) + ssl_cert_free(s->cert); /* Free up if allocated */ #ifndef OPENSSL_NO_TLSEXT if (s->tlsext_hostname) OPENSSL_free(s->tlsext_hostname); - if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); + if (s->initial_ctx) + SSL_CTX_free(s->initial_ctx); #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); - if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); + if (s->tlsext_ecpointformatlist) + OPENSSL_free(s->tlsext_ecpointformatlist); + if (s->tlsext_ellipticcurvelist) + OPENSSL_free(s->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ - if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); + if (s->tlsext_opaque_prf_input) + OPENSSL_free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); + X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); if (s->tlsext_ocsp_resp) @@ -581,11 +588,13 @@ void SSL_free(SSL *s) #endif if (s->client_CA != NULL) - sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); + sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); - if (s->method != NULL) s->method->ssl_free(s); + if (s->method != NULL) + s->method->ssl_free(s); - if (s->ctx) SSL_CTX_free(s->ctx); + if (s->ctx) + SSL_CTX_free(s->ctx); #ifndef OPENSSL_NO_KRB5 if (s->kssl_ctx != NULL) @@ -598,223 +607,237 @@ void SSL_free(SSL *s) #endif #ifndef OPENSSL_NO_SRTP - if (s->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); + if (s->srtp_profiles) + sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif OPENSSL_free(s); - } +} -void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) - { +void +SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) +{ /* If the output buffering BIO is still in place, remove it */ - if (s->bbio != NULL) - { - if (s->wbio == s->bbio) - { - s->wbio=s->wbio->next_bio; - s->bbio->next_bio=NULL; - } + if (s->bbio != NULL) { + if (s->wbio == s->bbio) { + s->wbio = s->wbio->next_bio; + s->bbio->next_bio = NULL; } + } if ((s->rbio != NULL) && (s->rbio != rbio)) BIO_free_all(s->rbio); if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) BIO_free_all(s->wbio); - s->rbio=rbio; - s->wbio=wbio; - } + s->rbio = rbio; + s->wbio = wbio; +} -BIO *SSL_get_rbio(const SSL *s) - { return(s->rbio); } +BIO +*SSL_get_rbio(const SSL *s) + { return (s->rbio); +} -BIO *SSL_get_wbio(const SSL *s) - { return(s->wbio); } +BIO +*SSL_get_wbio(const SSL *s) + { return (s->wbio); +} -int SSL_get_fd(const SSL *s) - { - return(SSL_get_rfd(s)); - } +int +SSL_get_fd(const SSL *s) +{ + return (SSL_get_rfd(s)); +} -int SSL_get_rfd(const SSL *s) - { - int ret= -1; - BIO *b,*r; +int +SSL_get_rfd(const SSL *s) +{ + int ret = -1; + BIO *b, *r; - b=SSL_get_rbio(s); - r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); + b = SSL_get_rbio(s); + r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); if (r != NULL) - BIO_get_fd(r,&ret); - return(ret); - } + BIO_get_fd(r, &ret); + return (ret); +} -int SSL_get_wfd(const SSL *s) - { - int ret= -1; - BIO *b,*r; +int +SSL_get_wfd(const SSL *s) +{ + int ret = -1; + BIO *b, *r; - b=SSL_get_wbio(s); - r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); + b = SSL_get_wbio(s); + r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); if (r != NULL) - BIO_get_fd(r,&ret); - return(ret); - } + BIO_get_fd(r, &ret); + return (ret); +} #ifndef OPENSSL_NO_SOCK -int SSL_set_fd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; +int +SSL_set_fd(SSL *s, int fd) +{ + int ret = 0; + BIO *bio = NULL; - bio=BIO_new(BIO_s_socket()); + bio = BIO_new(BIO_s_socket()); - if (bio == NULL) - { - SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); + if (bio == NULL) { + SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); goto err; - } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,bio,bio); - ret=1; -err: - return(ret); } + BIO_set_fd(bio, fd, BIO_NOCLOSE); + SSL_set_bio(s, bio, bio); + ret = 1; +err: + return (ret); +} -int SSL_set_wfd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; +int +SSL_set_wfd(SSL *s, int fd) +{ + int ret = 0; + BIO *bio = NULL; if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->rbio,NULL) != fd)) - { - bio=BIO_new(BIO_s_socket()); + || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { + bio = BIO_new(BIO_s_socket()); if (bio == NULL) - { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,SSL_get_rbio(s),bio); + { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); + goto err; } - else - SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); - ret=1; + BIO_set_fd(bio, fd, BIO_NOCLOSE); + SSL_set_bio(s, SSL_get_rbio(s), bio); + } else + SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); + ret = 1; err: - return(ret); - } + return (ret); +} -int SSL_set_rfd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; +int +SSL_set_rfd(SSL *s, int fd) +{ + int ret = 0; + BIO *bio = NULL; if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->wbio,NULL) != fd)) - { - bio=BIO_new(BIO_s_socket()); + || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { + bio = BIO_new(BIO_s_socket()); - if (bio == NULL) - { - SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); + if (bio == NULL) { + SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); goto err; - } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,bio,SSL_get_wbio(s)); } - else - SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); - ret=1; + BIO_set_fd(bio, fd, BIO_NOCLOSE); + SSL_set_bio(s, bio, SSL_get_wbio(s)); + } else + SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); + ret = 1; err: - return(ret); - } + return (ret); +} #endif /* return length of latest Finished message we sent, copy to 'buf' */ -size_t SSL_get_finished(const SSL *s, void *buf, size_t count) - { +size_t +SSL_get_finished(const SSL *s, void *buf, size_t count) +{ size_t ret = 0; - - if (s->s3 != NULL) - { + + if (s->s3 != NULL) { ret = s->s3->tmp.finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.finish_md, count); - } - return ret; } + return ret; +} /* return length of latest Finished message we expected, copy to 'buf' */ -size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) - { +size_t +SSL_get_peer_finished(const SSL *s, void *buf, size_t count) +{ size_t ret = 0; - - if (s->s3 != NULL) - { + + if (s->s3 != NULL) { ret = s->s3->tmp.peer_finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.peer_finish_md, count); - } - return ret; } + return ret; +} -int SSL_get_verify_mode(const SSL *s) - { - return(s->verify_mode); - } +int +SSL_get_verify_mode(const SSL *s) +{ + return (s->verify_mode); +} -int SSL_get_verify_depth(const SSL *s) - { +int +SSL_get_verify_depth(const SSL *s) +{ return X509_VERIFY_PARAM_get_depth(s->param); - } +} -int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) - { - return(s->verify_callback); - } +int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) +{ + return (s->verify_callback); +} -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) - { - return(ctx->verify_mode); - } +int +SSL_CTX_get_verify_mode(const SSL_CTX *ctx) +{ + return (ctx->verify_mode); +} -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) - { +int +SSL_CTX_get_verify_depth(const SSL_CTX *ctx) +{ return X509_VERIFY_PARAM_get_depth(ctx->param); - } +} -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) - { - return(ctx->default_verify_callback); - } +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) +{ + return (ctx->default_verify_callback); +} -void SSL_set_verify(SSL *s,int mode, - int (*callback)(int ok,X509_STORE_CTX *ctx)) - { - s->verify_mode=mode; +void +SSL_set_verify(SSL *s, int mode, + int (*callback)(int ok, X509_STORE_CTX *ctx)) +{ + s->verify_mode = mode; if (callback != NULL) - s->verify_callback=callback; - } + s->verify_callback = callback; +} -void SSL_set_verify_depth(SSL *s,int depth) - { +void +SSL_set_verify_depth(SSL *s, int depth) +{ X509_VERIFY_PARAM_set_depth(s->param, depth); - } +} -void SSL_set_read_ahead(SSL *s,int yes) - { - s->read_ahead=yes; - } +void +SSL_set_read_ahead(SSL *s, int yes) +{ + s->read_ahead = yes; +} -int SSL_get_read_ahead(const SSL *s) - { - return(s->read_ahead); - } +int +SSL_get_read_ahead(const SSL *s) +{ + return (s->read_ahead); +} -int SSL_pending(const SSL *s) - { +int +SSL_pending(const SSL *s) +{ /* SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), * and it is impossible to fix since SSL_pending cannot report @@ -822,264 +845,266 @@ int SSL_pending(const SSL *s) * (Note that SSL_pending() is often used as a boolean value, * so we'd better not return -1.) */ - return(s->method->ssl_pending(s)); - } + return (s->method->ssl_pending(s)); +} -X509 *SSL_get_peer_certificate(const SSL *s) - { +X509 +*SSL_get_peer_certificate(const SSL *s) +{ X509 *r; - + if ((s == NULL) || (s->session == NULL)) - r=NULL; + r = NULL; else - r=s->session->peer; + r = s->session->peer; - if (r == NULL) return(r); + if (r == NULL) + return (r); - CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); + CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); - return(r); - } + return (r); +} -STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) - { +STACK_OF(X509) +*SSL_get_peer_cert_chain(const SSL *s) +{ STACK_OF(X509) *r; - + if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) - r=NULL; + r = NULL; else - r=s->session->sess_cert->cert_chain; + r = s->session->sess_cert->cert_chain; /* If we are a client, cert_chain includes the peer's own - * certificate; if we are a server, it does not. */ - - return(r); - } + * certificate; +if we are a server, it does not. */ + + return (r); +} /* Now in theory, since the calling process own 't' it should be safe to * modify. We need to be able to read f without being hassled */ -void SSL_copy_session_id(SSL *t,const SSL *f) - { +void +SSL_copy_session_id(SSL *t, const SSL *f) +{ CERT *tmp; /* Do we need to to SSL locking? */ - SSL_set_session(t,SSL_get_session(f)); + SSL_set_session(t, SSL_get_session(f)); /* what if we are setup as SSLv2 but want to talk SSLv3 or * vice-versa */ - if (t->method != f->method) - { + if (t->method != f->method) { t->method->ssl_free(t); /* cleanup current */ t->method=f->method; /* change method */ t->method->ssl_new(t); /* setup new */ - } - - tmp=t->cert; - if (f->cert != NULL) - { - CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); - t->cert=f->cert; - } - else - t->cert=NULL; - if (tmp != NULL) ssl_cert_free(tmp); - SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); } + tmp = t->cert; + if (f->cert != NULL) { + CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); + t->cert = f->cert; + } else + t->cert = NULL; + if (tmp != NULL) + ssl_cert_free(tmp); + SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); +} + /* Fix this so it checks all the valid key/cert options */ -int SSL_CTX_check_private_key(const SSL_CTX *ctx) - { - if ( (ctx == NULL) || +int +SSL_CTX_check_private_key(const SSL_CTX *ctx) +{ + if ((ctx == NULL) || (ctx->cert == NULL) || - (ctx->cert->key->x509 == NULL)) - { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ctx->cert->key->privatekey == NULL) - { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return(0); - } - return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); + (ctx->cert->key->x509 == NULL)) { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + return (0); + } + if (ctx->cert->key->privatekey == NULL) { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + return (0); } + return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); +} /* Fix this function so that it takes an optional type parameter */ -int SSL_check_private_key(const SSL *ssl) - { - if (ssl == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (ssl->cert == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); +int +SSL_check_private_key(const SSL *ssl) +{ + if (ssl == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (ssl->cert == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); return 0; - } - if (ssl->cert->key->x509 == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ssl->cert->key->privatekey == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return(0); - } - return(X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey)); } + if (ssl->cert->key->x509 == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + return (0); + } + if (ssl->cert->key->privatekey == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + return (0); + } + return(X509_check_private_key(ssl->cert->key->x509, + ssl->cert->key->privatekey)); +} -int SSL_accept(SSL *s) - { +int +SSL_accept(SSL *s) +{ if (s->handshake_func == 0) /* Not properly initialized yet */ - SSL_set_accept_state(s); + SSL_set_accept_state(s); - return(s->method->ssl_accept(s)); - } + return (s->method->ssl_accept(s)); +} -int SSL_connect(SSL *s) - { +int +SSL_connect(SSL *s) +{ if (s->handshake_func == 0) /* Not properly initialized yet */ - SSL_set_connect_state(s); + SSL_set_connect_state(s); - return(s->method->ssl_connect(s)); - } + return (s->method->ssl_connect(s)); +} -long SSL_get_default_timeout(const SSL *s) - { - return(s->method->get_timeout()); - } +long +SSL_get_default_timeout(const SSL *s) +{ + return (s->method->get_timeout()); +} -int SSL_read(SSL *s,void *buf,int num) - { - if (s->handshake_func == 0) - { +int +SSL_read(SSL *s, void *buf, int num) +{ + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); return -1; - } + } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - return(0); - } - return(s->method->ssl_read(s,buf,num)); + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + s->rwstate = SSL_NOTHING; + return (0); } + return (s->method->ssl_read(s, buf, num)); +} -int SSL_peek(SSL *s,void *buf,int num) - { - if (s->handshake_func == 0) - { +int +SSL_peek(SSL *s, void *buf, int num) +{ + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); return -1; - } + } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - return(0); - } - return(s->method->ssl_peek(s,buf,num)); + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + return (0); } + return (s->method->ssl_peek(s, buf, num)); +} -int SSL_write(SSL *s,const void *buf,int num) - { - if (s->handshake_func == 0) - { +int +SSL_write(SSL *s, const void *buf, int num) +{ + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); return -1; - } + } - if (s->shutdown & SSL_SENT_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); - return(-1); - } - return(s->method->ssl_write(s,buf,num)); + if (s->shutdown & SSL_SENT_SHUTDOWN) { + s->rwstate = SSL_NOTHING; + SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); + return (-1); } + return (s->method->ssl_write(s, buf, num)); +} -int SSL_shutdown(SSL *s) - { +int +SSL_shutdown(SSL *s) +{ /* Note that this function behaves differently from what one might * expect. Return values are 0 for no success (yet), * 1 for success; but calling it once is usually not enough, * even if blocking I/O is used (see ssl3_shutdown). */ - if (s->handshake_func == 0) - { + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); return -1; - } + } if ((s != NULL) && !SSL_in_init(s)) - return(s->method->ssl_shutdown(s)); + return (s->method->ssl_shutdown(s)); else - return(1); - } + return (1); +} -int SSL_renegotiate(SSL *s) - { +int +SSL_renegotiate(SSL *s) +{ if (s->renegotiate == 0) - s->renegotiate=1; + s->renegotiate = 1; - s->new_session=1; + s->new_session = 1; - return(s->method->ssl_renegotiate(s)); - } + return (s->method->ssl_renegotiate(s)); +} -int SSL_renegotiate_abbreviated(SSL *s) - { +int +SSL_renegotiate_abbreviated(SSL *s) +{ if (s->renegotiate == 0) - s->renegotiate=1; + s->renegotiate = 1; - s->new_session=0; + s->new_session = 0; - return(s->method->ssl_renegotiate(s)); - } + return (s->method->ssl_renegotiate(s)); +} -int SSL_renegotiate_pending(SSL *s) - { +int +SSL_renegotiate_pending(SSL *s) +{ /* becomes true when negotiation is requested; * false again once a handshake has finished */ return (s->renegotiate != 0); - } +} -long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) - { +long +SSL_ctrl(SSL *s, int cmd, long larg, void *parg) +{ long l; - switch (cmd) - { + switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return(s->read_ahead); + return (s->read_ahead); case SSL_CTRL_SET_READ_AHEAD: - l=s->read_ahead; - s->read_ahead=larg; - return(l); + l = s->read_ahead; + s->read_ahead = larg; + return (l); case SSL_CTRL_SET_MSG_CALLBACK_ARG: s->msg_callback_arg = parg; return 1; case SSL_CTRL_OPTIONS: - return(s->options|=larg); + return (s->options|=larg); case SSL_CTRL_CLEAR_OPTIONS: - return(s->options&=~larg); + return (s->options&=~larg); case SSL_CTRL_MODE: - return(s->mode|=larg); + return (s->mode|=larg); case SSL_CTRL_CLEAR_MODE: - return(s->mode &=~larg); + return (s->mode &=~larg); case SSL_CTRL_GET_MAX_CERT_LIST: - return(s->max_cert_list); + return (s->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: - l=s->max_cert_list; - s->max_cert_list=larg; - return(l); + l = s->max_cert_list; + s->max_cert_list = larg; + return (l); case SSL_CTRL_SET_MTU: #ifndef OPENSSL_NO_DTLS1 if (larg < (long)dtls1_min_mtu()) @@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) #endif if (SSL_version(s) == DTLS1_VERSION || - SSL_version(s) == DTLS1_BAD_VER) - { + SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; - } + } return 0; case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) @@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) return s->s3->send_connection_binding; else return 0; default: - return(s->method->ssl_ctrl(s,cmd,larg,parg)); - } + return (s->method->ssl_ctrl(s, cmd, larg, parg)); } +} -long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) - { - switch(cmd) - { +long +SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) +{ + switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; - + default: - return(s->method->ssl_callback_ctrl(s,cmd,fp)); - } + return (s->method->ssl_callback_ctrl(s, cmd, fp)); } +} -LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) - { +LHASH_OF(SSL_SESSION) +*SSL_CTX_sessions(SSL_CTX *ctx) +{ return ctx->sessions; - } +} -long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) - { +long +SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) +{ long l; - switch (cmd) - { + switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return(ctx->read_ahead); + return (ctx->read_ahead); case SSL_CTRL_SET_READ_AHEAD: - l=ctx->read_ahead; - ctx->read_ahead=larg; - return(l); - + l = ctx->read_ahead; + ctx->read_ahead = larg; + return (l); + case SSL_CTRL_SET_MSG_CALLBACK_ARG: ctx->msg_callback_arg = parg; return 1; case SSL_CTRL_GET_MAX_CERT_LIST: - return(ctx->max_cert_list); + return (ctx->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: - l=ctx->max_cert_list; - ctx->max_cert_list=larg; - return(l); + l = ctx->max_cert_list; + ctx->max_cert_list = larg; + return (l); case SSL_CTRL_SET_SESS_CACHE_SIZE: - l=ctx->session_cache_size; - ctx->session_cache_size=larg; - return(l); + l = ctx->session_cache_size; + ctx->session_cache_size = larg; + return (l); case SSL_CTRL_GET_SESS_CACHE_SIZE: - return(ctx->session_cache_size); + return (ctx->session_cache_size); case SSL_CTRL_SET_SESS_CACHE_MODE: - l=ctx->session_cache_mode; - ctx->session_cache_mode=larg; - return(l); + l = ctx->session_cache_mode; + ctx->session_cache_mode = larg; + return (l); case SSL_CTRL_GET_SESS_CACHE_MODE: - return(ctx->session_cache_mode); + return (ctx->session_cache_mode); case SSL_CTRL_SESS_NUMBER: - return(lh_SSL_SESSION_num_items(ctx->sessions)); + return (lh_SSL_SESSION_num_items(ctx->sessions)); case SSL_CTRL_SESS_CONNECT: - return(ctx->stats.sess_connect); + return (ctx->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: - return(ctx->stats.sess_connect_good); + return (ctx->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return(ctx->stats.sess_connect_renegotiate); + return (ctx->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: - return(ctx->stats.sess_accept); + return (ctx->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: - return(ctx->stats.sess_accept_good); + return (ctx->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return(ctx->stats.sess_accept_renegotiate); + return (ctx->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: - return(ctx->stats.sess_hit); + return (ctx->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: - return(ctx->stats.sess_cb_hit); + return (ctx->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: - return(ctx->stats.sess_miss); + return (ctx->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: - return(ctx->stats.sess_timeout); + return (ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: - return(ctx->stats.sess_cache_full); + return (ctx->stats.sess_cache_full); case SSL_CTRL_OPTIONS: - return(ctx->options|=larg); + return (ctx->options|=larg); case SSL_CTRL_CLEAR_OPTIONS: - return(ctx->options&=~larg); + return (ctx->options&=~larg); case SSL_CTRL_MODE: - return(ctx->mode|=larg); + return (ctx->mode|=larg); case SSL_CTRL_CLEAR_MODE: - return(ctx->mode&=~larg); + return (ctx->mode&=~larg); case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; ctx->max_send_fragment = larg; return 1; default: - return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); - } + return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); } +} -long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) - { - switch(cmd) - { +long +SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) +{ + switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; default: - return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); - } + return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); } +} -int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) - { +int +ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) +{ long l; - l=a->id-b->id; + l = a->id - b->id; if (l == 0L) - return(0); + return (0); else - return((l > 0)?1:-1); - } + return ((l > 0) ? 1:-1); +} -int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, - const SSL_CIPHER * const *bp) - { +int +ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp) +{ long l; - l=(*ap)->id-(*bp)->id; + l = (*ap)->id - (*bp)->id; if (l == 0L) - return(0); + return (0); else - return((l > 0)?1:-1); - } + return ((l > 0) ? 1:-1); +} /** return a STACK of the ciphers available for the SSL and in order of * preference */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) - { - if (s != NULL) - { - if (s->cipher_list != NULL) - { - return(s->cipher_list); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) - { - return(s->ctx->cipher_list); - } +STACK_OF(SSL_CIPHER) +*SSL_get_ciphers(const SSL *s) +{ + if (s != NULL) { + if (s->cipher_list != NULL) { + return (s->cipher_list); + } else if ((s->ctx != NULL) && + (s->ctx->cipher_list != NULL)) { + return (s->ctx->cipher_list); } - return(NULL); } + return (NULL); +} /** return a STACK of the ciphers available for the SSL and in order of * algorithm id */ -STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) - { - if (s != NULL) - { - if (s->cipher_list_by_id != NULL) - { - return(s->cipher_list_by_id); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) - { - return(s->ctx->cipher_list_by_id); - } +STACK_OF(SSL_CIPHER) +*ssl_get_ciphers_by_id(SSL *s) +{ + if (s != NULL) { + if (s->cipher_list_by_id != NULL) { + return (s->cipher_list_by_id); + } else if ((s->ctx != NULL) && + (s->ctx->cipher_list_by_id != NULL)) { + return (s->ctx->cipher_list_by_id); } - return(NULL); } + return (NULL); +} /** The old interface to get the same thing as SSL_get_ciphers() */ -const char *SSL_get_cipher_list(const SSL *s,int n) - { +const char +*SSL_get_cipher_list(const SSL *s, int n) +{ SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; - if (s == NULL) return(NULL); - sk=SSL_get_ciphers(s); + if (s == NULL) + return (NULL); + sk = SSL_get_ciphers(s); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) - return(NULL); - c=sk_SSL_CIPHER_value(sk,n); - if (c == NULL) return(NULL); - return(c->name); - } + return (NULL); + c = sk_SSL_CIPHER_value(sk, n); + if (c == NULL) + return (NULL); + return (c->name); +} /** specify the ciphers to be used by default by the SSL_CTX */ -int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) - { +int +SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) +{ STACK_OF(SSL_CIPHER) *sk; - - sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, - &ctx->cipher_list_by_id,str); + + sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, + &ctx->cipher_list_by_id, str); /* ssl_create_cipher_list may return an empty stack if it * was unable to find a cipher matching the given rule string * (for example if the rule string specifies a cipher which @@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) * updated. */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) - { + else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; - } - return 1; } + return 1; +} /** specify the ciphers to be used by the SSL */ -int SSL_set_cipher_list(SSL *s,const char *str) - { +int +SSL_set_cipher_list(SSL *s, const char *str) +{ STACK_OF(SSL_CIPHER) *sk; - - sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, - &s->cipher_list_by_id,str); + + sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, + &s->cipher_list_by_id, str); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) - { + else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; - } - return 1; } + return 1; +} /* works well for SSLv2, not so good for SSLv3 */ -char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) - { +char +*SSL_get_shared_ciphers(const SSL *s, char *buf, int len) +{ char *end; STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; @@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) - return(NULL); + return (NULL); - sk=s->session->ciphers; + sk = s->session->ciphers; buf[0] = '\0'; - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { - c=sk_SSL_CIPHER_value(sk,i); + for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + c = sk_SSL_CIPHER_value(sk, i); end = buf + curlen; if (strlcat(buf, c->name, len) >= len || - (curlen = strlcat(buf, ":", len)) >= len) - { + (curlen = strlcat(buf, ":", len)) >= len) { /* remove truncated cipher from list */ *end = '\0'; break; - } } + } /* remove trailing colon */ if ((end = strrchr(buf, ':')) != NULL) *end = '\0'; - return(buf); - } + return (buf); +} -int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, - int (*put_cb)(const SSL_CIPHER *, unsigned char *)) - { - int i,j=0; +int +ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, + int (*put_cb)(const SSL_CIPHER *, unsigned char *)) +{ + int i, j = 0; SSL_CIPHER *c; unsigned char *q; #ifndef OPENSSL_NO_KRB5 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); #endif /* OPENSSL_NO_KRB5 */ - if (sk == NULL) return(0); - q=p; + if (sk == NULL) + return (0); + q = p; - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { - c=sk_SSL_CIPHER_value(sk,i); + for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + c = sk_SSL_CIPHER_value(sk, i); /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && + if ((c->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_client_version(s) < TLS1_2_VERSION)) - continue; + continue; #ifndef OPENSSL_NO_KRB5 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && - nokrb5) - continue; + nokrb5) + continue; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && - s->psk_client_callback == NULL) - continue; + s->psk_client_callback == NULL) + continue; #endif /* OPENSSL_NO_PSK */ - j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); - p+=j; - } + j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); + p += j; + } /* If p == q, no ciphers and caller indicates an error. Otherwise * add SCSV if not renegotiating. */ - if (p != q && !s->renegotiate) - { - static SSL_CIPHER scsv = - { + if (p != q && !s->renegotiate) { + static SSL_CIPHER scsv = { 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); - p+=j; + }; + j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); + p += j; #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "SCSV sent by client\n"); #endif - } - - return(p-q); } -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, - STACK_OF(SSL_CIPHER) **skp) - { + return (p - q); +} + +STACK_OF(SSL_CIPHER) +*ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, +STACK_OF(SSL_CIPHER) **skp) +{ const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; - int i,n; + int i, n; if (s->s3) s->s3->send_connection_binding = 0; - n=ssl_put_cipher_by_char(s,NULL,NULL); - if ((num%n) != 0) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - return(NULL); - } + n = ssl_put_cipher_by_char(s, NULL, NULL); + if ((num % n) != 0) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + return (NULL); + } if ((skp == NULL) || (*skp == NULL)) sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else - { + else { sk= *skp; sk_SSL_CIPHER_zero(sk); - } + } - for (i=0; i<num; i+=n) - { + for (i = 0; i < num; i += n) { /* Check for SCSV */ if (s->s3 && (n != 3 || !p[0]) && - (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n-1] == (SSL3_CK_SCSV & 0xff))) - { + (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { /* SCSV fatal if renegotiating */ - if (s->renegotiate) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); + if (s->renegotiate) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + goto err; - } + } s->s3->send_connection_binding = 1; p += n; #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "SCSV received by server\n"); #endif continue; - } + } - c=ssl_get_cipher_by_char(s,p); - p+=n; - if (c != NULL) - { - if (!sk_SSL_CIPHER_push(sk,c)) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + c = ssl_get_cipher_by_char(s, p); + p += n; + if (c != NULL) { + if (!sk_SSL_CIPHER_push(sk, c)) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); goto err; - } } } + } if (skp != NULL) - *skp=sk; - return(sk); + *skp = sk; + return (sk); err: if ((skp == NULL) || (*skp == NULL)) sk_SSL_CIPHER_free(sk); - return(NULL); - } + return (NULL); +} #ifndef OPENSSL_NO_TLSEXT @@ -1493,22 +1510,24 @@ err: * So far, only host_name types are defined (RFC 3546). */ -const char *SSL_get_servername(const SSL *s, const int type) - { +const char +*SSL_get_servername(const SSL *s, const int type) +{ if (type != TLSEXT_NAMETYPE_host_name) return NULL; return s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : - s->tlsext_hostname; - } + s->session->tlsext_hostname : + s->tlsext_hostname; +} -int SSL_get_servername_type(const SSL *s) - { +int +SSL_get_servername_type(const SSL *s) +{ if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) return TLSEXT_NAMETYPE_host_name; return -1; - } +} # ifndef OPENSSL_NO_NEXTPROTONEG /* SSL_select_next_proto implements the standard protocol selection. It is @@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s) * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. */ -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) - { +int +SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) +{ unsigned int i, j; const unsigned char *result; int status = OPENSSL_NPN_UNSUPPORTED; /* For each protocol in server preference order, see if we support it. */ - for (i = 0; i < server_len; ) - { - for (j = 0; j < client_len; ) - { + for (i = 0; i < server_len; ) { + for (j = 0; j < client_len; ) { if (server[i] == client[j] && - memcmp(&server[i+1], &client[j+1], server[i]) == 0) - { + memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { /* We found a match */ result = &server[i]; status = OPENSSL_NPN_NEGOTIATED; goto found; - } + } j += client[j]; j++; - } + } i += server[i]; i++; - } + } /* There's no overlap between our protocols and the server's list. */ result = client; @@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi *out = (unsigned char *) result + 1; *outlen = result[0]; return status; - } +} /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's * requested protocol for this connection and returns 0. If the client didn't @@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi * from this function need not be a member of the list of supported protocols * provided by the callback. */ -void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) - { +void +SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) +{ *data = s->next_proto_negotiated; if (!*data) { *len = 0; @@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un * * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no * such extension will be included in the ServerHello. */ -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) - { +void +SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) +{ ctx->next_protos_advertised_cb = cb; ctx->next_protos_advertised_cb_arg = arg; - } +} /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a * client needs to select a protocol from the server's provided list. |out| @@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co * The client must select a protocol. It is fatal to the connection if this * callback returns a value other than SSL_TLSEXT_ERR_OK. */ -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) - { +void +SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) +{ ctx->next_proto_select_cb = cb; ctx->next_proto_select_cb_arg = arg; - } +} # endif #endif -int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, const unsigned char *p, size_t plen, - int use_context) - { +int +SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *p, size_t plen, +int use_context) +{ if (s->version < TLS1_VERSION) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, p, plen, - use_context); - } + llen, p, plen, + use_context); +} -static unsigned long ssl_session_hash(const SSL_SESSION *a) - { +static unsigned long +ssl_session_hash(const SSL_SESSION *a) +{ unsigned long l; - l=(unsigned long) - ((unsigned int) a->session_id[0] )| - ((unsigned int) a->session_id[1]<< 8L)| - ((unsigned long)a->session_id[2]<<16L)| - ((unsigned long)a->session_id[3]<<24L); - return(l); - } + l = (unsigned long) + ((unsigned int) a->session_id[0] )| + ((unsigned int) a->session_id[1]<< 8L)| + ((unsigned long)a->session_id[2]<<16L)| + ((unsigned long)a->session_id[3]<<24L); + return (l); +} /* NB: If this function (or indeed the hash function which uses a sort of * coarser function than this one) is changed, ensure * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being * able to construct an SSL_SESSION that will collide with any existing session * with a matching session ID. */ -static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) - { +static int +ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) +{ if (a->ssl_version != b->ssl_version) - return(1); + return (1); if (a->session_id_length != b->session_id_length) - return(1); - return(memcmp(a->session_id,b->session_id,a->session_id_length)); - } + return (1); + return (memcmp(a->session_id, b->session_id, a->session_id_length)); +} /* These wrapper functions should remain rather than redeclaring * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each * variable. The reason is that the functions aren't static, they're exposed via * ssl.h. */ -static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) -static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) +static +IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) +static +IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) - { - SSL_CTX *ret=NULL; +SSL_CTX +*SSL_CTX_new(const SSL_METHOD *meth) +{ + SSL_CTX *ret = NULL; - if (meth == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); - return(NULL); - } + if (meth == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); + return (NULL); + } #ifdef OPENSSL_FIPS - if (FIPS_mode() && (meth->version < TLS1_VERSION)) - { + if (FIPS_mode() && (meth->version < TLS1_VERSION)) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); return NULL; - } + } #endif - if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; - } - ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); + } + ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); if (ret == NULL) goto err; - memset(ret,0,sizeof(SSL_CTX)); + memset(ret, 0, sizeof(SSL_CTX)); - ret->method=meth; + ret->method = meth; - ret->cert_store=NULL; - ret->session_cache_mode=SSL_SESS_CACHE_SERVER; - ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; - ret->session_cache_head=NULL; - ret->session_cache_tail=NULL; + ret->cert_store = NULL; + ret->session_cache_mode = SSL_SESS_CACHE_SERVER; + ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; + ret->session_cache_head = NULL; + ret->session_cache_tail = NULL; /* We take the system default */ - ret->session_timeout=meth->get_timeout(); + ret->session_timeout = meth->get_timeout(); - ret->new_session_cb=0; - ret->remove_session_cb=0; - ret->get_session_cb=0; - ret->generate_session_id=0; + ret->new_session_cb = 0; + ret->remove_session_cb = 0; + ret->get_session_cb = 0; + ret->generate_session_id = 0; - memset((char *)&ret->stats,0,sizeof(ret->stats)); + memset((char *)&ret->stats, 0, sizeof(ret->stats)); - ret->references=1; - ret->quiet_shutdown=0; + ret->references = 1; + ret->quiet_shutdown = 0; /* ret->cipher=NULL;*/ /* ret->s2->challenge=NULL; ret->master_key=NULL; ret->key_arg=NULL; - ret->s2->conn_id=NULL; */ + ret->s2->conn_id=NULL; +*/ - ret->info_callback=NULL; + ret->info_callback = NULL; - ret->app_verify_callback=0; - ret->app_verify_arg=NULL; + ret->app_verify_callback = 0; + ret->app_verify_arg = NULL; - ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; - ret->read_ahead=0; - ret->msg_callback=0; - ret->msg_callback_arg=NULL; - ret->verify_mode=SSL_VERIFY_NONE; + ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; + ret->read_ahead = 0; + ret->msg_callback = 0; + ret->msg_callback_arg = NULL; + ret->verify_mode = SSL_VERIFY_NONE; #if 0 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ #endif - ret->sid_ctx_length=0; - ret->default_verify_callback=NULL; - if ((ret->cert=ssl_cert_new()) == NULL) + ret->sid_ctx_length = 0; + ret->default_verify_callback = NULL; + if ((ret->cert = ssl_cert_new()) == NULL) goto err; - ret->default_passwd_callback=0; - ret->default_passwd_callback_userdata=NULL; - ret->client_cert_cb=0; - ret->app_gen_cookie_cb=0; - ret->app_verify_cookie_cb=0; + ret->default_passwd_callback = 0; + ret->default_passwd_callback_userdata = NULL; + ret->client_cert_cb = 0; + ret->app_gen_cookie_cb = 0; + ret->app_verify_cookie_cb = 0; - ret->sessions=lh_SSL_SESSION_new(); - if (ret->sessions == NULL) goto err; - ret->cert_store=X509_STORE_new(); - if (ret->cert_store == NULL) goto err; + ret->sessions = lh_SSL_SESSION_new(); + if (ret->sessions == NULL) + goto err; + ret->cert_store = X509_STORE_new(); + if (ret->cert_store == NULL) + goto err; ssl_create_cipher_list(ret->method, - &ret->cipher_list,&ret->cipher_list_by_id, - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); + &ret->cipher_list, &ret->cipher_list_by_id, + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL - || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); + || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; - } + } ret->param = X509_VERIFY_PARAM_new(); if (!ret->param) goto err; - if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); + if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); goto err2; - } - if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); + } + if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; - } - if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); + } + if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); goto err2; - } + } - if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) + if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) goto err; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); - ret->extra_certs=NULL; + ret->extra_certs = NULL; /* No compression for DTLS */ if (meth->version != DTLS1_VERSION) - ret->comp_methods=SSL_COMP_get_compression_methods(); + ret->comp_methods = SSL_COMP_get_compression_methods(); ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; @@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) /* Setup RFC4507 ticket keys */ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) - ret->options |= SSL_OP_NO_TICKET; + || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + ret->options |= SSL_OP_NO_TICKET; ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; @@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) # endif #endif #ifndef OPENSSL_NO_PSK - ret->psk_identity_hint=NULL; - ret->psk_client_callback=NULL; - ret->psk_server_callback=NULL; + ret->psk_identity_hint = NULL; + ret->psk_client_callback = NULL; + ret->psk_server_callback = NULL; #endif #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_init(ret); @@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->rbuf_freelist->len = 0; ret->rbuf_freelist->head = NULL; ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) - { + if (!ret->wbuf_freelist) { OPENSSL_free(ret->rbuf_freelist); goto err; - } + } ret->wbuf_freelist->chunklen = 0; ret->wbuf_freelist->len = 0; ret->wbuf_freelist->head = NULL; @@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) #define eng_str(x) eng_strx(x) /* Use specific client engine automatically... ignore errors */ { - ENGINE *eng; - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - if (!eng) - { - ERR_clear_error(); - ENGINE_load_builtin_engines(); + ENGINE *eng; eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + if (!eng) { + ERR_clear_error(); + ENGINE_load_builtin_engines(); + eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); } - if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) - ERR_clear_error(); + if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) + ERR_clear_error(); } #endif #endif @@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - return(ret); + return (ret); err: - SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); err2: - if (ret != NULL) SSL_CTX_free(ret); - return(NULL); - } + if (ret != NULL) + SSL_CTX_free(ret); + return (NULL); +} #if 0 -static void SSL_COMP_free(SSL_COMP *comp) - { OPENSSL_free(comp); } +static void +SSL_COMP_free(SSL_COMP *comp) + { OPENSSL_free(comp); +} #endif #ifndef OPENSSL_NO_BUF_FREELISTS static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) - { +{ SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) - { + for (ent = list->head; ent; ent = next) { next = ent->next; OPENSSL_free(ent); - } - OPENSSL_free(list); } + OPENSSL_free(list); +} #endif -void SSL_CTX_free(SSL_CTX *a) - { +void +SSL_CTX_free(SSL_CTX *a) +{ int i; - if (a == NULL) return; + if (a == NULL) + return; - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); + i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); #ifdef REF_PRINT - REF_PRINT("SSL_CTX",a); + REF_PRINT("SSL_CTX", a); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_CTX_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "SSL_CTX_free, bad reference count\n"); abort(); /* ok */ - } + } #endif if (a->param) @@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a) * (See ticket [openssl.org #212].) */ if (a->sessions != NULL) - SSL_CTX_flush_sessions(a,0); + SSL_CTX_flush_sessions(a, 0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); @@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a) if (a->cert != NULL) ssl_cert_free(a->cert); if (a->client_CA != NULL) - sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); + sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); if (a->extra_certs != NULL) - sk_X509_pop_free(a->extra_certs,X509_free); + sk_X509_pop_free(a->extra_certs, X509_free); #if 0 /* This should never be done, since it removes a global database */ if (a->comp_methods != NULL) - sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); + sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); #else a->comp_methods = NULL; #endif #ifndef OPENSSL_NO_SRTP - if (a->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); + if (a->srtp_profiles) + sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); #endif #ifndef OPENSSL_NO_PSK @@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a) #endif OPENSSL_free(a); - } +} -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) - { - ctx->default_passwd_callback=cb; - } +void +SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) +{ + ctx->default_passwd_callback = cb; +} -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) - { - ctx->default_passwd_callback_userdata=u; - } +void +SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) +{ + ctx->default_passwd_callback_userdata = u; +} -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) - { - ctx->app_verify_callback=cb; - ctx->app_verify_arg=arg; - } +void +SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) +{ + ctx->app_verify_callback = cb; + ctx->app_verify_arg = arg; +} -void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) - { - ctx->verify_mode=mode; - ctx->default_verify_callback=cb; - } +void +SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) +{ + ctx->verify_mode = mode; + ctx->default_verify_callback = cb; +} -void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) - { +void +SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) +{ X509_VERIFY_PARAM_set_depth(ctx->param, depth); - } +} -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) - { +void +ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) +{ CERT_PKEY *cpk; - int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; - int rsa_enc_export,dh_rsa_export,dh_dsa_export; - int rsa_tmp_export,dh_tmp_export,kl; - unsigned long mask_k,mask_a,emask_k,emask_a; + int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; + int rsa_enc_export, dh_rsa_export, dh_dsa_export; + int rsa_tmp_export, dh_tmp_export, kl; + unsigned long mask_k, mask_a, emask_k, emask_a; int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; #ifndef OPENSSL_NO_ECDH int have_ecdh_tmp; @@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0, pk_nid = 0, md_nid = 0; - if (c == NULL) return; + if (c == NULL) + return; - kl=SSL_C_EXPORT_PKEYLENGTH(cipher); + kl = SSL_C_EXPORT_PKEYLENGTH(cipher); #ifndef OPENSSL_NO_RSA - rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); - rsa_tmp_export=(c->rsa_tmp_cb != NULL || - (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); + rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); + rsa_tmp_export = (c->rsa_tmp_cb != NULL || + (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); #else - rsa_tmp=rsa_tmp_export=0; + rsa_tmp = rsa_tmp_export = 0; #endif #ifndef OPENSSL_NO_DH - dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); - dh_tmp_export=(c->dh_tmp_cb != NULL || - (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); + dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); + dh_tmp_export = (c->dh_tmp_cb != NULL || + (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); #else - dh_tmp=dh_tmp_export=0; + dh_tmp = dh_tmp_export = 0; #endif #ifndef OPENSSL_NO_ECDH - have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); + have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); #endif - cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); - rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); - rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); - rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); - cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); - dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); - cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); - dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); - dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); + cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); + rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); + rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); + cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); + rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); + cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); + dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); + cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); + dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); + dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); + cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); /* FIX THIS EAY EAY EAY */ - dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); - dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_ECC]); - have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); - mask_k=0; - mask_a=0; - emask_k=0; - emask_a=0; + dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); + dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); + cpk = &(c->pkeys[SSL_PKEY_ECC]); + have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); + mask_k = 0; + mask_a = 0; + emask_k = 0; + emask_a = 0; + - #ifdef CIPHER_DEBUG printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, - rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); + rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, + rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif - + cpk = &(c->pkeys[SSL_PKEY_GOST01]); if (cpk->x509 != NULL && cpk->privatekey !=NULL) { mask_k |= SSL_kGOST; @@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #if 0 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ - if ( (dh_tmp || dh_rsa || dh_dsa) && + if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign)) - mask_k|=SSL_kEDH; + mask_k|=SSL_kEDH; if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && (rsa_enc || rsa_sign || dsa_sign)) - emask_k|=SSL_kEDH; + emask_k|=SSL_kEDH; #endif if (dh_tmp_export) @@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (dh_tmp) mask_k|=SSL_kEDH; - if (dh_rsa) mask_k|=SSL_kDHr; - if (dh_rsa_export) emask_k|=SSL_kDHr; + if (dh_rsa) + mask_k|=SSL_kDHr; + if (dh_rsa_export) + emask_k|=SSL_kDHr; - if (dh_dsa) mask_k|=SSL_kDHd; - if (dh_dsa_export) emask_k|=SSL_kDHd; + if (dh_dsa) + mask_k|=SSL_kDHd; + if (dh_dsa_export) + emask_k|=SSL_kDHd; - if (rsa_enc || rsa_sign) - { + if (rsa_enc || rsa_sign) { mask_a|=SSL_aRSA; emask_a|=SSL_aRSA; - } + } - if (dsa_sign) - { + if (dsa_sign) { mask_a|=SSL_aDSS; emask_a|=SSL_aDSS; - } + } mask_a|=SSL_aNULL; emask_a|=SSL_aNULL; @@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) /* An ECC certificate may be usable for ECDH and/or * ECDSA cipher suites depending on the key usage extension. */ - if (have_ecc_cert) - { + if (have_ecc_cert) { /* This call populates extension flags (ex_flags) */ x = (c->pkeys[SSL_PKEY_ECC]).x509; X509_check_purpose(x, -1, 0); ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? - (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; + (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? - (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; + (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; ecc_pkey = X509_get_pubkey(x); ecc_pkey_size = (ecc_pkey != NULL) ? - EVP_PKEY_bits(ecc_pkey) : 0; + EVP_PKEY_bits(ecc_pkey) : 0; EVP_PKEY_free(ecc_pkey); - if ((x->sig_alg) && (x->sig_alg->algorithm)) - { + if ((x->sig_alg) && (x->sig_alg->algorithm)) { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); - } + } #ifndef OPENSSL_NO_ECDH - if (ecdh_ok) - { + if (ecdh_ok) { - if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) - { + if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { mask_k|=SSL_kECDHr; mask_a|=SSL_aECDH; - if (ecc_pkey_size <= 163) - { + if (ecc_pkey_size <= 163) { emask_k|=SSL_kECDHr; emask_a|=SSL_aECDH; - } } + } - if (pk_nid == NID_X9_62_id_ecPublicKey) - { + if (pk_nid == NID_X9_62_id_ecPublicKey) { mask_k|=SSL_kECDHe; mask_a|=SSL_aECDH; - if (ecc_pkey_size <= 163) - { + if (ecc_pkey_size <= 163) { emask_k|=SSL_kECDHe; emask_a|=SSL_aECDH; - } } } + } #endif #ifndef OPENSSL_NO_ECDSA - if (ecdsa_ok) - { + if (ecdsa_ok) { mask_a|=SSL_aECDSA; emask_a|=SSL_aECDSA; - } -#endif } +#endif + } #ifndef OPENSSL_NO_ECDH - if (have_ecdh_tmp) - { + if (have_ecdh_tmp) { mask_k|=SSL_kEECDH; emask_k|=SSL_kEECDH; - } + } #endif #ifndef OPENSSL_NO_PSK @@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) emask_a |= SSL_aPSK; #endif - c->mask_k=mask_k; - c->mask_a=mask_a; - c->export_mask_k=emask_k; - c->export_mask_a=emask_a; - c->valid=1; - } + c->mask_k = mask_k; + c->mask_a = mask_a; + c->export_mask_k = emask_k; + c->export_mask_a = emask_a; + c->valid = 1; +} /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ #define ku_reject(x, usage) \ @@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #ifndef OPENSSL_NO_EC -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) - { +int +ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) +{ unsigned long alg_k, alg_a; EVP_PKEY *pkey = NULL; int keysize = 0; @@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; - if (SSL_C_IS_EXPORT(cs)) - { + if (SSL_C_IS_EXPORT(cs)) { /* ECDH key length in export ciphers must be <= 163 bits */ pkey = X509_get_pubkey(x); - if (pkey == NULL) return 0; + if (pkey == NULL) + return 0; keysize = EVP_PKEY_bits(pkey); EVP_PKEY_free(pkey); - if (keysize > 163) return 0; - } + if (keysize > 163) + return 0; + } /* This call populates the ex_flags field correctly */ X509_check_purpose(x, -1, 0); - if ((x->sig_alg) && (x->sig_alg->algorithm)) - { + if ((x->sig_alg) && (x->sig_alg->algorithm)) { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); - } - if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) - { + } + if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { /* key usage, if present, must allow key agreement */ - if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) - { + if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); return 0; - } - if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) - { + } + if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be ECDSA */ - if (pk_nid != NID_X9_62_id_ecPublicKey) - { + if (pk_nid != NID_X9_62_id_ecPublicKey) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); return 0; - } } - if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) - { + } + if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be RSA */ - if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) - { + if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); return 0; - } } } - if (alg_a & SSL_aECDSA) - { + } + if (alg_a & SSL_aECDSA) { /* key usage, if present, must allow signing */ - if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) - { + if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); return 0; - } } - - return 1; /* all checks are ok */ } + return 1; + /* all checks are ok */ +} + #endif /* THIS NEEDS CLEANING UP */ -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) - { - unsigned long alg_k,alg_a; +CERT_PKEY +*ssl_get_server_send_pkey(const SSL *s) +{ + unsigned long alg_k, alg_a; CERT *c; int i; - c=s->cert; + c = s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); - + alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if (alg_k & (SSL_kECDHr|SSL_kECDHe)) - { + if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { /* we don't need to look at SSL_kEECDH * since no certificate is needed for * anon ECDH and for authenticated @@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) * checks for SSL_kECDH before RSA * checks ensures the correct cert is chosen. */ - i=SSL_PKEY_ECC; - } - else if (alg_a & SSL_aECDSA) - { - i=SSL_PKEY_ECC; - } - else if (alg_k & SSL_kDHr) - i=SSL_PKEY_DH_RSA; + i = SSL_PKEY_ECC; + } else if (alg_a & SSL_aECDSA) { + i = SSL_PKEY_ECC; + } else if (alg_k & SSL_kDHr) + i = SSL_PKEY_DH_RSA; else if (alg_k & SSL_kDHd) - i=SSL_PKEY_DH_DSA; + i = SSL_PKEY_DH_DSA; else if (alg_a & SSL_aDSS) - i=SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) - { + i = SSL_PKEY_DSA_SIGN; + else if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) - i=SSL_PKEY_RSA_SIGN; + i = SSL_PKEY_RSA_SIGN; else - i=SSL_PKEY_RSA_ENC; - } - else if (alg_a & SSL_aKRB5) - { + i = SSL_PKEY_RSA_ENC; + } else if (alg_a & SSL_aKRB5) { /* VRS something else here? */ - return(NULL); - } - else if (alg_a & SSL_aGOST94) - i=SSL_PKEY_GOST94; + return (NULL); + } else if (alg_a & SSL_aGOST94) + i = SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) - i=SSL_PKEY_GOST01; + i = SSL_PKEY_GOST01; else /* if (alg_a & SSL_aNULL) */ - { - SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); - return(NULL); - } + { + SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); + return (NULL); + } return c->pkeys + i; - } +} -X509 *ssl_get_server_send_cert(const SSL *s) - { +X509 +*ssl_get_server_send_cert(const SSL *s) +{ CERT_PKEY *cpk; cpk = ssl_get_server_send_pkey(s); if (!cpk) return NULL; return cpk->x509; - } +} -EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) - { +EVP_PKEY +*ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) +{ unsigned long alg_a; CERT *c; int idx = -1; alg_a = cipher->algorithm_auth; - c=s->cert; + c = s->cert; if ((alg_a & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) - idx = SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) - { + idx = SSL_PKEY_DSA_SIGN; + else if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) idx = SSL_PKEY_RSA_SIGN; else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) idx = SSL_PKEY_RSA_ENC; - } - else if ((alg_a & SSL_aECDSA) && - (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) - idx = SSL_PKEY_ECC; - if (idx == -1) - { - SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); - return(NULL); - } + } else if ((alg_a & SSL_aECDSA) && + (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) + idx = SSL_PKEY_ECC; + if (idx == -1) { + SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); + return (NULL); + } if (pmd) *pmd = c->pkeys[idx].digest; return c->pkeys[idx].privatekey; - } +} -void ssl_update_cache(SSL *s,int mode) - { +void +ssl_update_cache(SSL *s, int mode) +{ int i; /* If the session_id_length is 0, we are not supposed to cache it, * and it would be rather hard to do anyway :-) */ - if (s->session->session_id_length == 0) return; + if (s->session->session_id_length == 0) + return; - i=s->session_ctx->session_cache_mode; + i = s->session_ctx->session_cache_mode; if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx,s->session)) - && (s->session_ctx->new_session_cb != NULL)) - { - CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); - if (!s->session_ctx->new_session_cb(s,s->session)) + || SSL_CTX_add_session(s->session_ctx, s->session)) + && (s->session_ctx->new_session_cb != NULL)) { + CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); + if (!s->session_ctx->new_session_cb(s, s->session)) SSL_SESSION_free(s->session); - } + } /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && - ((i & mode) == mode)) - { - if ( (((mode & SSL_SESS_CACHE_CLIENT) + ((i & mode) == mode)) { + if ((((mode & SSL_SESS_CACHE_CLIENT) ?s->session_ctx->stats.sess_connect_good - :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) - { + :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); - } } } +} -const SSL_METHOD *SSL_get_ssl_method(SSL *s) - { - return(s->method); - } +const SSL_METHOD +*SSL_get_ssl_method(SSL *s) +{ + return (s->method); +} -int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) - { - int conn= -1; - int ret=1; +int +SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) +{ + int conn = -1; + int ret = 1; - if (s->method != meth) - { + if (s->method != meth) { if (s->handshake_func != NULL) - conn=(s->handshake_func == s->method->ssl_connect); + conn = (s->handshake_func == s->method->ssl_connect); if (s->method->version == meth->version) - s->method=meth; - else - { + s->method = meth; + else { s->method->ssl_free(s); - s->method=meth; - ret=s->method->ssl_new(s); - } + s->method = meth; + ret = s->method->ssl_new(s); + } if (conn == 1) - s->handshake_func=meth->ssl_connect; + s->handshake_func = meth->ssl_connect; else if (conn == 0) - s->handshake_func=meth->ssl_accept; - } - return(ret); + s->handshake_func = meth->ssl_accept; } + return (ret); +} -int SSL_get_error(const SSL *s,int i) - { +int +SSL_get_error(const SSL *s, int i) +{ int reason; unsigned long l; BIO *bio; - if (i > 0) return(SSL_ERROR_NONE); + if (i > 0) + return (SSL_ERROR_NONE); /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake * etc, where we do encode the error */ - if ((l=ERR_peek_error()) != 0) - { + if ((l = ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) - return(SSL_ERROR_SYSCALL); + return (SSL_ERROR_SYSCALL); else - return(SSL_ERROR_SSL); - } + return (SSL_ERROR_SSL); + } - if ((i < 0) && SSL_want_read(s)) - { - bio=SSL_get_rbio(s); + if ((i < 0) && SSL_want_read(s)) { + bio = SSL_get_rbio(s); if (BIO_should_read(bio)) - return(SSL_ERROR_WANT_READ); + return (SSL_ERROR_WANT_READ); else if (BIO_should_write(bio)) /* This one doesn't make too much sense ... We never try * to write to the rbio, and an application program where @@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i) * SSL_want_write(s)) and rbio and wbio *are* the same, * this test works around that bug; so it might be safer * to keep it. */ - return(SSL_ERROR_WANT_WRITE); - else if (BIO_should_io_special(bio)) - { - reason=BIO_get_retry_reason(bio); + return (SSL_ERROR_WANT_WRITE); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) - return(SSL_ERROR_WANT_CONNECT); + return (SSL_ERROR_WANT_CONNECT); else if (reason == BIO_RR_ACCEPT) - return(SSL_ERROR_WANT_ACCEPT); + return (SSL_ERROR_WANT_ACCEPT); else return(SSL_ERROR_SYSCALL); /* unknown */ - } } + } - if ((i < 0) && SSL_want_write(s)) - { - bio=SSL_get_wbio(s); + if ((i < 0) && SSL_want_write(s)) { + bio = SSL_get_wbio(s); if (BIO_should_write(bio)) - return(SSL_ERROR_WANT_WRITE); + return (SSL_ERROR_WANT_WRITE); else if (BIO_should_read(bio)) /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ - return(SSL_ERROR_WANT_READ); - else if (BIO_should_io_special(bio)) - { - reason=BIO_get_retry_reason(bio); + return (SSL_ERROR_WANT_READ); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) - return(SSL_ERROR_WANT_CONNECT); + return (SSL_ERROR_WANT_CONNECT); else if (reason == BIO_RR_ACCEPT) - return(SSL_ERROR_WANT_ACCEPT); + return (SSL_ERROR_WANT_ACCEPT); else - return(SSL_ERROR_SYSCALL); - } - } - if ((i < 0) && SSL_want_x509_lookup(s)) - { - return(SSL_ERROR_WANT_X509_LOOKUP); + return (SSL_ERROR_SYSCALL); } + } + if ((i < 0) && SSL_want_x509_lookup(s)) { + return (SSL_ERROR_WANT_X509_LOOKUP); + } - if (i == 0) - { - if (s->version == SSL2_VERSION) - { + if (i == 0) { + if (s->version == SSL2_VERSION) { /* assume it is the socket being closed */ - return(SSL_ERROR_ZERO_RETURN); - } - else - { + return (SSL_ERROR_ZERO_RETURN); + } else { if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return(SSL_ERROR_ZERO_RETURN); - } + return (SSL_ERROR_ZERO_RETURN); } - return(SSL_ERROR_SYSCALL); } + return (SSL_ERROR_SYSCALL); +} -int SSL_do_handshake(SSL *s) - { - int ret=1; +int +SSL_do_handshake(SSL *s) +{ + int ret = 1; - if (s->handshake_func == NULL) - { - SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); - return(-1); - } + if (s->handshake_func == NULL) { + SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); + return (-1); + } s->method->ssl_renegotiate_check(s); - if (SSL_in_init(s) || SSL_in_before(s)) - { - ret=s->handshake_func(s); - } - return(ret); + if (SSL_in_init(s) || SSL_in_before(s)) { + ret = s->handshake_func(s); } + return (ret); +} /* For the next 2 functions, SSL_clear() sets shutdown and so * one of these calls will reset it */ -void SSL_set_accept_state(SSL *s) - { - s->server=1; - s->shutdown=0; - s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; - s->handshake_func=s->method->ssl_accept; +void +SSL_set_accept_state(SSL *s) +{ + s->server = 1; + s->shutdown = 0; + s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; + s->handshake_func = s->method->ssl_accept; /* clear the current cipher */ ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - } +} -void SSL_set_connect_state(SSL *s) - { - s->server=0; - s->shutdown=0; - s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; - s->handshake_func=s->method->ssl_connect; +void +SSL_set_connect_state(SSL *s) +{ + s->server = 0; + s->shutdown = 0; + s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; + s->handshake_func = s->method->ssl_connect; /* clear the current cipher */ ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - } +} -int ssl_undefined_function(SSL *s) - { - SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } +int +ssl_undefined_function(SSL *s) +{ + SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); +} -int ssl_undefined_void_function(void) - { - SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } +int +ssl_undefined_void_function(void) +{ + SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); +} -int ssl_undefined_const_function(const SSL *s) - { - SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } +int +ssl_undefined_const_function(const SSL *s) +{ + SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); +} -SSL_METHOD *ssl_bad_method(int ver) - { - SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(NULL); - } +SSL_METHOD +*ssl_bad_method(int ver) +{ + SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (NULL); +} -const char *SSL_get_version(const SSL *s) - { +const char +*SSL_get_version(const SSL *s) +{ if (s->version == TLS1_2_VERSION) return("TLSv1.2"); else if (s->version == TLS1_1_VERSION) @@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s) return("SSLv2"); else return("unknown"); - } +} -SSL *SSL_dup(SSL *s) - { +SSL +*SSL_dup(SSL *s) +{ STACK_OF(X509_NAME) *sk; X509_NAME *xn; SSL *ret; int i; - - if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) - return(NULL); + + if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) + return (NULL); ret->version = s->version; ret->type = s->type; ret->method = s->method; - if (s->session != NULL) - { + if (s->session != NULL) { /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ - SSL_copy_session_id(ret,s); - } - else - { + SSL_copy_session_id(ret, s); + } else { /* No session has been established yet, so we have to expect * that s->cert or ret->cert will be changed later -- * they should not both point to the same object, @@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s) ret->method = s->method; ret->method->ssl_new(ret); - if (s->cert != NULL) - { - if (ret->cert != NULL) - { + if (s->cert != NULL) { + if (ret->cert != NULL) { ssl_cert_free(ret->cert); - } + } ret->cert = ssl_cert_dup(s->cert); if (ret->cert == NULL) goto err; - } - - SSL_set_session_id_context(ret, - s->sid_ctx, s->sid_ctx_length); } - ret->options=s->options; - ret->mode=s->mode; - SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); - SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); + SSL_set_session_id_context(ret, + s->sid_ctx, s->sid_ctx_length); + } + + ret->options = s->options; + ret->mode = s->mode; + SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); + SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); ret->msg_callback = s->msg_callback; ret->msg_callback_arg = s->msg_callback_arg; - SSL_set_verify(ret,SSL_get_verify_mode(s), - SSL_get_verify_callback(s)); - SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); + SSL_set_verify(ret, SSL_get_verify_mode(s), + SSL_get_verify_callback(s)); + SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); ret->generate_session_id = s->generate_session_id; - SSL_set_info_callback(ret,SSL_get_info_callback(s)); - - ret->debug=s->debug; + SSL_set_info_callback(ret, SSL_get_info_callback(s)); + + ret->debug = s->debug; /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; /* setup rbio, and wbio */ - if (s->rbio != NULL) - { + if (s->rbio != NULL) { if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) goto err; - } - if (s->wbio != NULL) - { - if (s->wbio != s->rbio) - { + } + if (s->wbio != NULL) { + if (s->wbio != s->rbio) { if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) goto err; - } - else - ret->wbio=ret->rbio; - } + } else + ret->wbio = ret->rbio; + } ret->rwstate = s->rwstate; ret->in_handshake = s->in_handshake; ret->handshake_func = s->handshake_func; @@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s) ret->renegotiate = s->renegotiate; ret->new_session = s->new_session; ret->quiet_shutdown = s->quiet_shutdown; - ret->shutdown=s->shutdown; + ret->shutdown = s->shutdown; ret->state=s->state; /* SSL_dup does not really work at any state, though */ - ret->rstate=s->rstate; + ret->rstate = s->rstate; ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ - ret->hit=s->hit; + ret->hit = s->hit; X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ - if (s->cipher_list != NULL) - { - if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) + if (s->cipher_list != NULL) { + if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; - } + } if (s->cipher_list_by_id != NULL) - if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) + if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) - goto err; + goto err; /* Dup the client_CA list */ - if (s->client_CA != NULL) - { - if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; - ret->client_CA=sk; - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - xn=sk_X509_NAME_value(sk,i); - if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) - { + if (s->client_CA != NULL) { + if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; + ret->client_CA = sk; + for (i = 0; i < sk_X509_NAME_num(sk); i++) { + xn = sk_X509_NAME_value(sk, i); + if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { X509_NAME_free(xn); goto err; - } } } + } - if (0) - { + if (0) { err: - if (ret != NULL) SSL_free(ret); - ret=NULL; - } - return(ret); + if (ret != NULL) + SSL_free(ret); + ret = NULL; } + return (ret); +} -void ssl_clear_cipher_ctx(SSL *s) - { - if (s->enc_read_ctx != NULL) - { +void +ssl_clear_cipher_ctx(SSL *s) +{ + if (s->enc_read_ctx != NULL) { EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); OPENSSL_free(s->enc_read_ctx); - s->enc_read_ctx=NULL; - } - if (s->enc_write_ctx != NULL) - { + s->enc_read_ctx = NULL; + } + if (s->enc_write_ctx != NULL) { EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); OPENSSL_free(s->enc_write_ctx); - s->enc_write_ctx=NULL; - } + s->enc_write_ctx = NULL; + } #ifndef OPENSSL_NO_COMP - if (s->expand != NULL) - { + if (s->expand != NULL) { COMP_CTX_free(s->expand); - s->expand=NULL; - } - if (s->compress != NULL) - { + s->expand = NULL; + } + if (s->compress != NULL) { COMP_CTX_free(s->compress); - s->compress=NULL; - } -#endif + s->compress = NULL; } +#endif +} /* Fix this function so that it takes an optional type parameter */ -X509 *SSL_get_certificate(const SSL *s) - { +X509 +*SSL_get_certificate(const SSL *s) +{ if (s->cert != NULL) - return(s->cert->key->x509); + return (s->cert->key->x509); else - return(NULL); - } + return (NULL); +} /* Fix this function so that it takes an optional type parameter */ -EVP_PKEY *SSL_get_privatekey(SSL *s) - { +EVP_PKEY +*SSL_get_privatekey(SSL *s) +{ if (s->cert != NULL) - return(s->cert->key->privatekey); + return (s->cert->key->privatekey); else - return(NULL); - } + return (NULL); +} -const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) - { +const SSL_CIPHER +*SSL_get_current_cipher(const SSL *s) +{ if ((s->session != NULL) && (s->session->cipher != NULL)) - return(s->session->cipher); - return(NULL); - } + return (s->session->cipher); + return (NULL); +} #ifdef OPENSSL_NO_COMP -const void *SSL_get_current_compression(SSL *s) - { +const void +*SSL_get_current_compression(SSL *s) +{ return NULL; - } -const void *SSL_get_current_expansion(SSL *s) - { +} + +const void +*SSL_get_current_expansion(SSL *s) +{ return NULL; - } +} #else -const COMP_METHOD *SSL_get_current_compression(SSL *s) - { +const COMP_METHOD +*SSL_get_current_compression(SSL *s) +{ if (s->compress != NULL) - return(s->compress->meth); - return(NULL); - } + return (s->compress->meth); + return (NULL); +} -const COMP_METHOD *SSL_get_current_expansion(SSL *s) - { +const COMP_METHOD +*SSL_get_current_expansion(SSL *s) +{ if (s->expand != NULL) - return(s->expand->meth); - return(NULL); - } + return (s->expand->meth); + return (NULL); +} #endif -int ssl_init_wbio_buffer(SSL *s,int push) - { +int +ssl_init_wbio_buffer(SSL *s, int push) +{ BIO *bbio; - if (s->bbio == NULL) - { - bbio=BIO_new(BIO_f_buffer()); - if (bbio == NULL) return(0); - s->bbio=bbio; - } - else - { - bbio=s->bbio; + if (s->bbio == NULL) { + bbio = BIO_new(BIO_f_buffer()); + if (bbio == NULL) + return (0); + s->bbio = bbio; + } else { + bbio = s->bbio; if (s->bbio == s->wbio) - s->wbio=BIO_pop(s->wbio); - } + s->wbio = BIO_pop(s->wbio); + } (void)BIO_reset(bbio); /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ - if (!BIO_set_read_buffer_size(bbio,1)) - { - SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); - return(0); - } - if (push) - { + if (!BIO_set_read_buffer_size(bbio, 1)) { + SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); + return (0); + } + if (push) { if (s->wbio != bbio) - s->wbio=BIO_push(bbio,s->wbio); - } - else - { + s->wbio = BIO_push(bbio, s->wbio); + } else { if (s->wbio == bbio) - s->wbio=BIO_pop(bbio); - } - return(1); + s->wbio = BIO_pop(bbio); } + return (1); +} -void ssl_free_wbio_buffer(SSL *s) - { - if (s->bbio == NULL) return; +void +ssl_free_wbio_buffer(SSL *s) +{ + if (s->bbio == NULL) + return; - if (s->bbio == s->wbio) - { + if (s->bbio == s->wbio) { /* remove buffering */ - s->wbio=BIO_pop(s->wbio); + s->wbio = BIO_pop(s->wbio); #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ assert(s->wbio != NULL); #endif } BIO_free(s->bbio); - s->bbio=NULL; - } - -void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) - { - ctx->quiet_shutdown=mode; - } + s->bbio = NULL; +} -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) - { - return(ctx->quiet_shutdown); - } +void +SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) +{ + ctx->quiet_shutdown = mode; +} -void SSL_set_quiet_shutdown(SSL *s,int mode) - { - s->quiet_shutdown=mode; - } +int +SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) +{ + return (ctx->quiet_shutdown); +} -int SSL_get_quiet_shutdown(const SSL *s) - { - return(s->quiet_shutdown); - } +void +SSL_set_quiet_shutdown(SSL *s, int mode) +{ + s->quiet_shutdown = mode; +} -void SSL_set_shutdown(SSL *s,int mode) - { - s->shutdown=mode; - } +int +SSL_get_quiet_shutdown(const SSL *s) +{ + return (s->quiet_shutdown); +} -int SSL_get_shutdown(const SSL *s) - { - return(s->shutdown); - } +void +SSL_set_shutdown(SSL *s, int mode) +{ + s->shutdown = mode; +} -int SSL_version(const SSL *s) - { - return(s->version); - } +int +SSL_get_shutdown(const SSL *s) +{ + return (s->shutdown); +} -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) - { - return(ssl->ctx); - } +int +SSL_version(const SSL *s) +{ + return (s->version); +} -SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) - { +SSL_CTX +*SSL_get_SSL_CTX(const SSL *ssl) +{ + return (ssl->ctx); +} + +SSL_CTX +*SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) +{ if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT @@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) if (ssl->cert != NULL) ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; - return(ssl->ctx); - } + return (ssl->ctx); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) - { - return(X509_STORE_set_default_paths(ctx->cert_store)); - } +int +SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) +{ + return (X509_STORE_set_default_paths(ctx->cert_store)); +} -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath) - { - return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); - } +int +SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath) +{ + return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); +} #endif -void SSL_set_info_callback(SSL *ssl, - void (*cb)(const SSL *ssl,int type,int val)) - { - ssl->info_callback=cb; - } +void +SSL_set_info_callback(SSL *ssl, + void (*cb)(const SSL *ssl, int type, int val)) +{ + ssl->info_callback = cb; +} /* One compiler (Diab DCC) doesn't like argument names in returned function pointer. */ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) - { +{ return ssl->info_callback; - } +} -int SSL_state(const SSL *ssl) - { - return(ssl->state); - } +int +SSL_state(const SSL *ssl) +{ + return (ssl->state); +} -void SSL_set_state(SSL *ssl, int state) - { +void +SSL_set_state(SSL *ssl, int state) +{ ssl->state = state; - } +} -void SSL_set_verify_result(SSL *ssl,long arg) - { - ssl->verify_result=arg; - } +void +SSL_set_verify_result(SSL *ssl, long arg) +{ + ssl->verify_result = arg; +} -long SSL_get_verify_result(const SSL *ssl) - { - return(ssl->verify_result); - } +long +SSL_get_verify_result(const SSL *ssl) +{ + return (ssl->verify_result); +} -int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) - { +int +SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int SSL_set_ex_data(SSL *s,int idx,void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } +int +SSL_set_ex_data(SSL *s, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); +} -void *SSL_get_ex_data(const SSL *s,int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } +void +*SSL_get_ex_data(const SSL *s, int idx) +{ + return (CRYPTO_get_ex_data(&s->ex_data, idx)); +} -int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) - { +int +SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } +int +SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); +} -void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } +void +*SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) +{ + return (CRYPTO_get_ex_data(&s->ex_data, idx)); +} -int ssl_ok(SSL *s) - { - return(1); - } +int +ssl_ok(SSL *s) +{ + return (1); +} -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) - { - return(ctx->cert_store); - } +X509_STORE +*SSL_CTX_get_cert_store(const SSL_CTX *ctx) +{ + return (ctx->cert_store); +} -void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) - { +void +SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) +{ if (ctx->cert_store != NULL) X509_STORE_free(ctx->cert_store); - ctx->cert_store=store; - } + ctx->cert_store = store; +} -int SSL_want(const SSL *s) - { - return(s->rwstate); - } +int +SSL_want(const SSL *s) +{ + return (s->rwstate); +} /*! * \brief Set the callback for generating temporary RSA keys. @@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s) */ #ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, - int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); - } - -void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, - int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); - } +void +SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, + int is_export, +int keylength)) +{ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); +} + +void +SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, + int is_export, +int keylength)) +{ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); +} #endif #ifdef DOXYGEN @@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback */ -RSA *cb(SSL *ssl,int is_export,int keylength) - {} +RSA +*cb(SSL *ssl, int is_export, int keylength) +{} #endif /*! @@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength) */ #ifndef OPENSSL_NO_DH -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); - } +void +SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); +} -void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); - } +void +SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); +} #endif #ifndef OPENSSL_NO_ECDH -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); - } +void +SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); +} -void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); - } +void +SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); +} #endif #ifndef OPENSSL_NO_PSK -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) - { - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) - { +int +SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) +{ + if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); return 0; - } + } if (ctx->psk_identity_hint != NULL) OPENSSL_free(ctx->psk_identity_hint); - if (identity_hint != NULL) - { + if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) return 0; - } - else + } else ctx->psk_identity_hint = NULL; return 1; - } +} -int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) - { +int +SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) +{ if (s == NULL) return 0; if (s->session == NULL) return 1; /* session not created yet, ignored */ - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) - { + if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); return 0; - } + } if (s->session->psk_identity_hint != NULL) OPENSSL_free(s->session->psk_identity_hint); - if (identity_hint != NULL) - { + if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL) return 0; - } - else + } else s->session->psk_identity_hint = NULL; return 1; - } +} -const char *SSL_get_psk_identity_hint(const SSL *s) - { +const char +*SSL_get_psk_identity_hint(const SSL *s) +{ if (s == NULL || s->session == NULL) return NULL; - return(s->session->psk_identity_hint); - } + return (s->session->psk_identity_hint); +} -const char *SSL_get_psk_identity(const SSL *s) - { +const char +*SSL_get_psk_identity(const SSL *s) +{ if (s == NULL || s->session == NULL) return NULL; - return(s->session->psk_identity); - } + return (s->session->psk_identity); +} -void SSL_set_psk_client_callback(SSL *s, +void +SSL_set_psk_client_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)) - { +char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)) +{ s->psk_client_callback = cb; - } +} -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, +void +SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)) - { +char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)) +{ ctx->psk_client_callback = cb; - } +} -void SSL_set_psk_server_callback(SSL *s, +void +SSL_set_psk_server_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)) - { +unsigned char *psk, unsigned int max_psk_len)) +{ s->psk_server_callback = cb; - } +} -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, +void +SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)) - { +unsigned char *psk, unsigned int max_psk_len)) +{ ctx->psk_server_callback = cb; - } +} #endif -void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) - { +void +SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +{ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); - } -void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) - { +} + +void +SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +{ SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); - } +} /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer * vairable, freeing EVP_MD_CTX previously stored in that variable, if @@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con * Returns newly allocated ctx; */ -EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) +EVP_MD_CTX +*ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { ssl_clear_hash_ctx(hash); *hash = EVP_MD_CTX_create(); - if (md) EVP_DigestInit_ex(*hash,md,NULL); + if (md) + EVP_DigestInit_ex(*hash, md, NULL); return *hash; } -void ssl_clear_hash_ctx(EVP_MD_CTX **hash) + +void +ssl_clear_hash_ctx(EVP_MD_CTX **hash) { - if (*hash) EVP_MD_CTX_destroy(*hash); - *hash=NULL; + if (*hash) + EVP_MD_CTX_destroy(*hash); + *hash = NULL; } -void SSL_set_debug(SSL *s, int debug) - { +void +SSL_set_debug(SSL *s, int debug) +{ s->debug = debug; - } +} -int SSL_cache_hit(SSL *s) - { +int +SSL_cache_hit(SSL *s) +{ return s->hit; - } +} IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, - ssl_cipher_id); +ssl_cipher_id); diff --git a/lib/libssl/src/ssl/ssl_rsa.c b/lib/libssl/src/ssl/ssl_rsa.c index 60e7b66859d..078df55f06a 100644 --- a/lib/libssl/src/ssl/ssl_rsa.c +++ b/lib/libssl/src/ssl/ssl_rsa.c @@ -66,135 +66,126 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -int SSL_use_certificate(SSL *ssl, X509 *x) - { - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ssl->cert,x)); +int +SSL_use_certificate(SSL *ssl, X509 *x) +{ + if (x == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ssl->cert)) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); + return (0); } + return (ssl_set_cert(ssl->cert, x)); +} #ifndef OPENSSL_NO_STDIO -int SSL_use_certificate_file(SSL *ssl, const char *file, int type) - { +int +SSL_use_certificate_file(SSL *ssl, const char *file, int type) +{ int j; BIO *in; - int ret=0; - X509 *x=NULL; + int ret = 0; + X509 *x = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + x = d2i_X509_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } + } - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); + if (x == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); goto end; - } + } - ret=SSL_use_certificate(ssl,x); + ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } + if (x != NULL) + X509_free(x); + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) - { +int +SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) +{ X509 *x; int ret; - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); - return(0); - } + x = d2i_X509(NULL, &d,(long)len); + if (x == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_use_certificate(ssl,x); + ret = SSL_use_certificate(ssl, x); X509_free(x); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_RSA -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) - { +int +SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) +{ EVP_PKEY *pkey; int ret; - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); - return(0); - } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ssl->cert)) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); + } + if ((pkey = EVP_PKEY_new()) == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); + return (0); + } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); + EVP_PKEY_assign_RSA(pkey, rsa); - ret=ssl_set_pkey(ssl->cert,pkey); + ret = ssl_set_pkey(ssl->cert, pkey); EVP_PKEY_free(pkey); - return(ret); - } + return (ret); +} #endif -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) - { +static int +ssl_set_pkey(CERT *c, EVP_PKEY *pkey) +{ int i; - i=ssl_cert_type(NULL,pkey); - if (i < 0) - { - SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return(0); - } + i = ssl_cert_type(NULL, pkey); + if (i < 0) { + SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + return (0); + } - if (c->pkeys[i].x509 != NULL) - { + if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); - EVP_PKEY_copy_parameters(pktmp,pkey); + pktmp = X509_get_pubkey(c->pkeys[i].x509); + EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); @@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) * for smart cards. */ if ((pkey->type == EVP_PKEY_RSA) && (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) - ; +; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) - { + if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; return 0; - } } + } if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - c->pkeys[i].privatekey=pkey; - c->key= &(c->pkeys[i]); + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + c->pkeys[i].privatekey = pkey; + c->key = &(c->pkeys[i]); - c->valid=0; - return(1); - } + c->valid = 0; + return (1); +} #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_STDIO -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) - { - int j,ret=0; +int +SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) +{ + int j, ret = 0; BIO *in; - RSA *rsa=NULL; + RSA *rsa = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + rsa = PEM_read_bio_RSAPrivateKey(in, NULL, + ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); + } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); goto end; - } - ret=SSL_use_RSAPrivateKey(ssl,rsa); + } + ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) - { +int +SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) +{ int ret; const unsigned char *p; RSA *rsa; - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_use_RSAPrivateKey(ssl,rsa); + ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); - return(ret); - } + return (ret); +} #endif /* !OPENSSL_NO_RSA */ -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) - { +int +SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) +{ int ret; - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - ret=ssl_set_pkey(ssl->cert,pkey); - return(ret); + if (pkey == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ssl->cert)) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); } + ret = ssl_set_pkey(ssl->cert, pkey); + return (ret); +} #ifndef OPENSSL_NO_STDIO -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) - { - int j,ret=0; +int +SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) +{ + int j, ret = 0; BIO *in; - EVP_PKEY *pkey=NULL; + EVP_PKEY *pkey = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { + } + if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + pkey = PEM_read_bio_PrivateKey(in, NULL, + ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); + } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + pkey = d2i_PrivateKey_bio(in, NULL); + } else { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); + } + if (pkey == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); goto end; - } - ret=SSL_use_PrivateKey(ssl,pkey); + } + ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) - { +int +SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) +{ int ret; const unsigned char *p; EVP_PKEY *pkey; - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_use_PrivateKey(ssl,pkey); + ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); - return(ret); + return (ret); +} + +int +SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) +{ + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return (0); } - -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) - { - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ctx->cert, x)); + if (!ssl_cert_inst(&ctx->cert)) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); + return (0); } + return (ssl_set_cert(ctx->cert, x)); +} -static int ssl_set_cert(CERT *c, X509 *x) - { +static int +ssl_set_cert(CERT *c, X509 *x) +{ EVP_PKEY *pkey; int i; - pkey=X509_get_pubkey(x); - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); - return(0); - } + pkey = X509_get_pubkey(x); + if (pkey == NULL) { + SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); + return (0); + } - i=ssl_cert_type(x,pkey); - if (i < 0) - { - SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + i = ssl_cert_type(x, pkey); + if (i < 0) { + SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); - return(0); - } + return (0); + } - if (c->pkeys[i].privatekey != NULL) - { - EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); + if (c->pkeys[i].privatekey != NULL) { + EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); #ifndef OPENSSL_NO_RSA @@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x) * for smart cards. */ if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & - RSA_METHOD_FLAG_NO_CHECK)) - ; + RSA_METHOD_FLAG_NO_CHECK)) +; else #endif /* OPENSSL_NO_RSA */ - if (!X509_check_private_key(x,c->pkeys[i].privatekey)) - { + if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* don't fail for a cert/key mismatch, just free * current private key (when switching to a different * cert & key, first this function should be used, * then ssl_set_pkey */ EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey=NULL; + c->pkeys[i].privatekey = NULL; /* clear error queue */ ERR_clear_error(); - } } + } EVP_PKEY_free(pkey); if (c->pkeys[i].x509 != NULL) X509_free(c->pkeys[i].x509); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - c->pkeys[i].x509=x; - c->key= &(c->pkeys[i]); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + c->pkeys[i].x509 = x; + c->key = &(c->pkeys[i]); - c->valid=0; - return(1); - } + c->valid = 0; + return (1); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) - { +int +SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) +{ int j; BIO *in; - int ret=0; - X509 *x=NULL; + int ret = 0; + X509 *x = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + x = d2i_X509_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } + } - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); goto end; - } + } - ret=SSL_CTX_use_certificate(ctx,x); + ret = SSL_CTX_use_certificate(ctx, x); end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } + if (x != NULL) + X509_free(x); + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) - { +int +SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) +{ X509 *x; int ret; - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); - return(0); - } + x = d2i_X509(NULL, &d,(long)len); + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_CTX_use_certificate(ctx,x); + ret = SSL_CTX_use_certificate(ctx, x); X509_free(x); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_RSA -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) - { +int +SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) +{ int ret; EVP_PKEY *pkey; - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); - return(0); - } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ctx->cert)) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); + } + if ((pkey = EVP_PKEY_new()) == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); + return (0); + } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); + EVP_PKEY_assign_RSA(pkey, rsa); - ret=ssl_set_pkey(ctx->cert, pkey); + ret = ssl_set_pkey(ctx->cert, pkey); EVP_PKEY_free(pkey); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int j,ret=0; +int +SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) +{ + int j, ret = 0; BIO *in; - RSA *rsa=NULL; + RSA *rsa = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + rsa = PEM_read_bio_RSAPrivateKey(in, NULL, + ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); + } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); goto end; - } - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); + } + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) - { +int +SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) +{ int ret; const unsigned char *p; RSA *rsa; - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); - return(ret); - } + return (ret); +} #endif /* !OPENSSL_NO_RSA */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) - { - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_pkey(ctx->cert,pkey)); +int +SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) +{ + if (pkey == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); } + if (!ssl_cert_inst(&ctx->cert)) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); + } + return (ssl_set_pkey(ctx->cert, pkey)); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int j,ret=0; +int +SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) +{ + int j, ret = 0; BIO *in; - EVP_PKEY *pkey=NULL; + EVP_PKEY *pkey = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { + } + if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + pkey = PEM_read_bio_PrivateKey(in, NULL, + ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); + } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + pkey = d2i_PrivateKey_bio(in, NULL); + } else { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); + } + if (pkey == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); goto end; - } - ret=SSL_CTX_use_PrivateKey(ctx,pkey); + } + ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, - long len) - { +int +SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, + long len) +{ int ret; const unsigned char *p; EVP_PKEY *pkey; - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_CTX_use_PrivateKey(ctx,pkey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_STDIO @@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, * possibly followed by a sequence of CA certificates that should be * sent to the peer in the Certificate message. */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) - { +int +SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +{ BIO *in; - int ret=0; - X509 *x=NULL; + int ret = 0; + X509 *x = NULL; ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ in = BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); goto end; - } + } - x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); + x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; - } + } ret = SSL_CTX_use_certificate(ctx, x); if (ERR_peek_error() != 0) - ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ - if (ret) - { + ret = 0; + /* Key/certificate mismatch doesn't imply ret==0 ... */ + if (ret) { /* If we could set up our certificate, now proceed to * the CA certificates. */ X509 *ca; int r; unsigned long err; - - if (ctx->extra_certs != NULL) - { + + if (ctx->extra_certs != NULL) { sk_X509_pop_free(ctx->extra_certs, X509_free); ctx->extra_certs = NULL; - } + } while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) - { + ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata)) + != NULL) { r = SSL_CTX_add_extra_chain_cert(ctx, ca); - if (!r) - { + if (!r) { X509_free(ca); ret = 0; goto end; - } + } /* Note that we must not free r if it was successfully * added to the chain (while we must free the main * certificate, since its reference count is increased * by SSL_CTX_use_certificate). */ - } + } /* When the while loop ends, it's usually just EOF. */ err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) ERR_clear_error(); - else + else ret = 0; /* some real error */ - } + } end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } + if (x != NULL) + X509_free(x); + if (in != NULL) + BIO_free(in); + return (ret); +} #endif diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c index ad40fadd02c..b29115862b9 100644 --- a/lib/libssl/src/ssl/ssl_sess.c +++ b/lib/libssl/src/ssl/ssl_sess.c @@ -144,68 +144,74 @@ #include "ssl_locl.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); -static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); +static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); -SSL_SESSION *SSL_get_session(const SSL *ssl) +SSL_SESSION +*SSL_get_session(const SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ - { - return(ssl->session); - } +{ + return (ssl->session); +} -SSL_SESSION *SSL_get1_session(SSL *ssl) +SSL_SESSION +*SSL_get1_session(SSL *ssl) /* variant of SSL_get_session: caller really gets something */ - { +{ SSL_SESSION *sess; /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; - if(sess) + if (sess) sess->references++; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); - return(sess); - } + return (sess); +} -int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } +int +SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); +} -void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } +void +*SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) +{ + return (CRYPTO_get_ex_data(&s->ex_data, idx)); +} -SSL_SESSION *SSL_SESSION_new(void) - { +SSL_SESSION +*SSL_SESSION_new(void) +{ SSL_SESSION *ss; - ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); - if (ss == NULL) - { - SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(ss,0,sizeof(SSL_SESSION)); + ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); + if (ss == NULL) { + SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); + return (0); + } + memset(ss, 0, sizeof(SSL_SESSION)); ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ - ss->references=1; + ss->references = 1; ss->timeout=60*5+4; /* 5 minute timeout by default */ - ss->time=(unsigned long)time(NULL); - ss->prev=NULL; - ss->next=NULL; - ss->compress_meth=0; + ss->time = (unsigned long)time(NULL); + ss->prev = NULL; + ss->next = NULL; + ss->compress_meth = 0; #ifndef OPENSSL_NO_TLSEXT - ss->tlsext_hostname = NULL; + ss->tlsext_hostname = NULL; + #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; ss->tlsext_ecpointformatlist = NULL; @@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void) #endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); #ifndef OPENSSL_NO_PSK - ss->psk_identity_hint=NULL; - ss->psk_identity=NULL; + ss->psk_identity_hint = NULL; + ss->psk_identity = NULL; #endif #ifndef OPENSSL_NO_SRP - ss->srp_username=NULL; + ss->srp_username = NULL; #endif - return(ss); - } + return (ss); +} -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if(len) +const unsigned char +*SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) +{ + if (len) *len = s->session_id_length; return s->session_id; - } +} -unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) - { +unsigned int +SSL_SESSION_get_compress_id(const SSL_SESSION *s) +{ return s->compress_meth; - } +} /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly @@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) * store that many sessions is perhaps a more interesting question ... */ #define MAX_SESS_ID_ATTEMPTS 10 -static int def_generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len) +static int +def_generate_session_id(const SSL *ssl, unsigned char *id, + unsigned int *id_len) { unsigned int retry = 0; do - if (RAND_pseudo_bytes(id, *id_len) <= 0) - return 0; - while(SSL_has_matching_session_id(ssl, id, *id_len) && - (++retry < MAX_SESS_ID_ATTEMPTS)); - if(retry < MAX_SESS_ID_ATTEMPTS) + if (RAND_pseudo_bytes(id, *id_len) <= 0) + return 0; + while (SSL_has_matching_session_id(ssl, id, *id_len) && + (++retry < MAX_SESS_ID_ATTEMPTS)); + if (retry < MAX_SESS_ID_ATTEMPTS) return 1; /* else - woops a session_id match */ /* XXX We should also check the external cache -- @@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, return 0; } -int ssl_get_new_session(SSL *s, int session) - { +int +ssl_get_new_session(SSL *s, int session) +{ /* This gets used by clients and servers. */ unsigned int tmp; - SSL_SESSION *ss=NULL; + SSL_SESSION *ss = NULL; GEN_SESSION_CB cb = def_generate_session_id; - if ((ss=SSL_SESSION_new()) == NULL) return(0); + if ((ss = SSL_SESSION_new()) == NULL) return (0); /* If the context has a default timeout, use it */ if (s->session_ctx->session_timeout == 0) - ss->timeout=SSL_get_default_timeout(s); + ss->timeout = SSL_get_default_timeout(s); else - ss->timeout=s->session_ctx->session_timeout; + ss->timeout = s->session_ctx->session_timeout; - if (s->session != NULL) - { + if (s->session != NULL) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - if (session) - { - if (s->version == SSL2_VERSION) - { - ss->ssl_version=SSL2_VERSION; - ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - } - else if (s->version == SSL3_VERSION) - { - ss->ssl_version=SSL3_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_VERSION) - { - ss->ssl_version=TLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_1_VERSION) - { - ss->ssl_version=TLS1_1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_2_VERSION) - { - ss->ssl_version=TLS1_2_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_BAD_VER) - { - ss->ssl_version=DTLS1_BAD_VER; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_VERSION) - { - ss->ssl_version=DTLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); + if (session) { + if (s->version == SSL2_VERSION) { + ss->ssl_version = SSL2_VERSION; + ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; + } else if (s->version == SSL3_VERSION) { + ss->ssl_version = SSL3_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_VERSION) { + ss->ssl_version = TLS1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_1_VERSION) { + ss->ssl_version = TLS1_1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_2_VERSION) { + ss->ssl_version = TLS1_2_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_BAD_VER) { + ss->ssl_version = DTLS1_BAD_VER; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_VERSION) { + ss->ssl_version = DTLS1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else { + SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); SSL_SESSION_free(ss); - return(0); - } + return (0); + } #ifndef OPENSSL_NO_TLSEXT /* If RFC4507 ticket use empty session ID */ - if (s->tlsext_ticket_expected) - { + if (s->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; - } + } #endif /* Choose which callback will set the session ID */ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - if(s->generate_session_id) + if (s->generate_session_id) cb = s->generate_session_id; - else if(s->session_ctx->generate_session_id) + else if (s->session_ctx->generate_session_id) cb = s->session_ctx->generate_session_id; CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); /* Choose a session ID */ tmp = ss->session_id_length; - if(!cb(s, ss->session_id, &tmp)) - { + if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); SSL_SESSION_free(ss); - return(0); - } + return (0); + } /* Don't allow the callback to set the session length to zero. * nor set it higher than it was. */ - if(!tmp || (tmp > ss->session_id_length)) - { + if (!tmp || (tmp > ss->session_id_length)) { /* The callback set an illegal length */ SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); + SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); SSL_SESSION_free(ss); - return(0); - } + return (0); + } /* If the session length was shrunk and we're SSLv2, pad it */ - if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) + if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); else ss->session_id_length = tmp; /* Finally, check for a conflict */ - if(SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) - { + if (SSL_has_matching_session_id(s, ss->session_id, + ss->session_id_length)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CONFLICT); + SSL_R_SSL_SESSION_ID_CONFLICT); SSL_SESSION_free(ss); - return(0); - } + return (0); + } #ifndef OPENSSL_NO_TLSEXT sess_id_done: if (s->tlsext_hostname) { @@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session) SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; - } } + } #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - { - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); - if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) - { + if (s->tlsext_ecpointformatlist) { + if (ss->tlsext_ecpointformatlist != NULL) + OPENSSL_free(ss->tlsext_ecpointformatlist); + if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); return 0; - } + } ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); - } - if (s->tlsext_ellipticcurvelist) - { - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); - if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) - { + } + if (s->tlsext_ellipticcurvelist) { + if (ss->tlsext_ellipticcurvelist != NULL) + OPENSSL_free(ss->tlsext_ellipticcurvelist); + if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); return 0; - } + } ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); - } + } #endif #endif - } - else - { - ss->session_id_length=0; - } + } else { + ss->session_id_length = 0; + } - if (s->sid_ctx_length > sizeof ss->sid_ctx) - { + if (s->sid_ctx_length > sizeof ss->sid_ctx) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; - } - memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); - ss->sid_ctx_length=s->sid_ctx_length; - s->session=ss; - ss->ssl_version=s->version; + } + memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); + ss->sid_ctx_length = s->sid_ctx_length; + s->session = ss; + ss->ssl_version = s->version; ss->verify_result = X509_V_OK; - return(1); - } + return (1); +} /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this * connection. It is only called by servers. @@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session) * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ -int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, - const unsigned char *limit) - { +int +ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, + const unsigned char *limit) +{ /* This is used only by servers. */ - SSL_SESSION *ret=NULL; + SSL_SESSION *ret = NULL; int fatal = 0; int try_session_cache = 1; #ifndef OPENSSL_NO_TLSEXT @@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, #ifndef OPENSSL_NO_TLSEXT r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ - switch (r) - { + switch (r) { case -1: /* Error during processing */ fatal = 1; goto err; @@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, break; default: abort(); - } + } #endif if (try_session_cache && - ret == NULL && - !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) - { + ret == NULL && + !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; - data.ssl_version=s->version; - data.session_id_length=len; + data.ssl_version = s->version; + data.session_id_length = len; if (len == 0) return 0; - memcpy(data.session_id,session_id,len); + memcpy(data.session_id, session_id, len); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); - if (ret != NULL) - { + ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); + if (ret != NULL) { /* don't allow other threads to steal it: */ - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - } + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); + } CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); if (ret == NULL) s->session_ctx->stats.sess_miss++; - } + } if (try_session_cache && - ret == NULL && - s->session_ctx->get_session_cb != NULL) - { - int copy=1; - - if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) - { + ret == NULL && + s->session_ctx->get_session_cb != NULL) { + int copy = 1; + + if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { s->session_ctx->stats.sess_cb_hit++; /* Increment reference count now if the session callback @@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, * it must handle the reference count itself [i.e. copy == 0], * or things won't be thread-safe). */ if (copy) - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); /* Add the externally cached session to the internal * cache as well if and only if we are supposed to. */ - if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) /* The following should not return 1, otherwise, * things are very strange */ - SSL_CTX_add_session(s->session_ctx,ret); - } + SSL_CTX_add_session(s->session_ctx, ret); } + } if (ret == NULL) goto err; @@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length - || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) - { + || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't * want to use it in this context. */ goto err; /* treat like cache miss */ - } - - if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) - { + } + + if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { /* We can't be sure if this session is being used out of * context, which is especially important for SSL_VERIFY_PEER. * The application should have used SSL[_CTX]_set_session_id_context. @@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, * applications to effectively disable the session cache by * accident without anyone noticing). */ - - SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + + SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; - } + } - if (ret->cipher == NULL) - { - unsigned char buf[5],*p; + if (ret->cipher == NULL) { + unsigned char buf[5], *p; unsigned long l; - p=buf; - l=ret->cipher_id; - l2n(l,p); - if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) - ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); - else - ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); + p = buf; + l = ret->cipher_id; + l2n(l, p); + if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) + ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); + else + ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); if (ret->cipher == NULL) goto err; - } + } if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ - { + { s->session_ctx->stats.sess_timeout++; - if (try_session_cache) - { + if (try_session_cache) { /* session was from the cache, so remove it */ - SSL_CTX_remove_session(s->session_ctx,ret); - } - goto err; + SSL_CTX_remove_session(s->session_ctx, ret); } + goto err; + } s->session_ctx->stats.sess_hit++; if (s->session != NULL) SSL_SESSION_free(s->session); - s->session=ret; + s->session = ret; s->verify_result = s->session->verify_result; return 1; - err: - if (ret != NULL) - { + err: + if (ret != NULL) { SSL_SESSION_free(ret); #ifndef OPENSSL_NO_TLSEXT - if (!try_session_cache) - { + if (!try_session_cache) { /* The session was from a ticket, so we should * issue a ticket for the new session */ s->tlsext_ticket_expected = 1; - } -#endif } +#endif + } if (fatal) return -1; else return 0; - } +} -int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) - { - int ret=0; +int +SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) +{ + int ret = 0; SSL_SESSION *s; /* add just 1 reference count for the SSL_CTX's session cache * even though it has two ways of access: each session is in a * doubly linked list and an lhash */ - CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); /* if session c is in already in cache, we take back the increment later */ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - s=lh_SSL_SESSION_insert(ctx->sessions,c); - + s = lh_SSL_SESSION_insert(ctx->sessions, c); + /* s != NULL iff we already had a session with the given PID. * In this case, s == c should hold (then we did not really modify * ctx->sessions), or we're in trouble. */ - if (s != NULL && s != c) - { + if (s != NULL && s != c) { /* We *are* in trouble ... */ - SSL_SESSION_list_remove(ctx,s); + SSL_SESSION_list_remove(ctx, s); SSL_SESSION_free(s); /* ... so pretend the other session did not exist in cache * (we cannot handle two SSL_SESSION structures with identical @@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) * two threads concurrently obtain the same session from an external * cache) */ s = NULL; - } + } - /* Put at the head of the queue unless it is already in the cache */ + /* Put at the head of the queue unless it is already in the cache */ if (s == NULL) - SSL_SESSION_list_add(ctx,c); + SSL_SESSION_list_add(ctx, c); - if (s != NULL) - { + if (s != NULL) { /* existing cache entry -- decrement previously incremented reference * count because it already takes into account the cache */ SSL_SESSION_free(s); /* s == c */ - ret=0; - } - else - { + ret = 0; + } else { /* new cache entry -- remove old ones if cache has become too large */ - - ret=1; - if (SSL_CTX_sess_get_cache_size(ctx) > 0) - { + ret = 1; + + if (SSL_CTX_sess_get_cache_size(ctx) > 0) { while (SSL_CTX_sess_number(ctx) > - SSL_CTX_sess_get_cache_size(ctx)) - { + SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) - break; + break; else ctx->stats.sess_cache_full++; - } } } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return(ret); } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + return (ret); +} -int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) +int +SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) { return remove_session_lock(ctx, c, 1); } -static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) - { +static int +remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) +{ SSL_SESSION *r; - int ret=0; - - if ((c != NULL) && (c->session_id_length != 0)) - { - if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) - { - ret=1; - r=lh_SSL_SESSION_delete(ctx->sessions,c); - SSL_SESSION_list_remove(ctx,c); - } + int ret = 0; + + if ((c != NULL) && (c->session_id_length != 0)) { + if (lck) + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { + ret = 1; + r = lh_SSL_SESSION_delete(ctx->sessions, c); + SSL_SESSION_list_remove(ctx, c); + } - if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + if (lck) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (ret) - { - r->not_resumable=1; + if (ret) { + r->not_resumable = 1; if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx,r); + ctx->remove_session_cb(ctx, r); SSL_SESSION_free(r); - } } - else - ret=0; - return(ret); - } + } else + ret = 0; + return (ret); +} -void SSL_SESSION_free(SSL_SESSION *ss) - { +void +SSL_SESSION_free(SSL_SESSION *ss) +{ int i; - if(ss == NULL) - return; + if (ss == NULL) + return; - i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); + i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); #ifdef REF_PRINT - REF_PRINT("SSL_SESSION",ss); + REF_PRINT("SSL_SESSION", ss); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "SSL_SESSION_free, bad reference count\n"); abort(); /* ok */ - } + } #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); - OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); - if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) X509_free(ss->peer); - if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); + OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); + OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); + OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); + if (ss->sess_cert != NULL) + ssl_sess_cert_free(ss->sess_cert); + if (ss->peer != NULL) + X509_free(ss->peer); + if (ss->ciphers != NULL) + sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT - if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); - if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); + if (ss->tlsext_hostname != NULL) + OPENSSL_free(ss->tlsext_hostname); + if (ss->tlsext_tick != NULL) + OPENSSL_free(ss->tlsext_tick); #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); + if (ss->tlsext_ecpointformatlist != NULL) + OPENSSL_free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); + if (ss->tlsext_ellipticcurvelist != NULL) + OPENSSL_free(ss->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ #endif #ifndef OPENSSL_NO_PSK @@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss->srp_username != NULL) OPENSSL_free(ss->srp_username); #endif - OPENSSL_cleanse(ss,sizeof(*ss)); + OPENSSL_cleanse(ss, sizeof(*ss)); OPENSSL_free(ss); - } +} -int SSL_set_session(SSL *s, SSL_SESSION *session) - { - int ret=0; +int +SSL_set_session(SSL *s, SSL_SESSION *session) +{ + int ret = 0; const SSL_METHOD *meth; - if (session != NULL) - { - meth=s->ctx->method->get_ssl_method(session->ssl_version); + if (session != NULL) { + meth = s->ctx->method->get_ssl_method(session->ssl_version); if (meth == NULL) - meth=s->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - { - SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return(0); - } + meth = s->method->get_ssl_method(session->ssl_version); + if (meth == NULL) { + SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); + return (0); + } - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } + if (meth != s->method) { + if (!SSL_set_ssl_method(s, meth)) + return (0); + } #ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx && !s->kssl_ctx->client_princ && - session->krb5_client_princ_len > 0) - { - s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); - memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, - session->krb5_client_princ_len); - s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; - } + if (s->kssl_ctx && !s->kssl_ctx->client_princ && + session->krb5_client_princ_len > 0) { + s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); + memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, + session->krb5_client_princ_len); + s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; + } #endif /* OPENSSL_NO_KRB5 */ /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ - CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); if (s->session != NULL) SSL_SESSION_free(s->session); - s->session=session; + s->session = session; s->verify_result = s->session->verify_result; /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ - ret=1; - } - else - { - if (s->session != NULL) - { + ret = 1; + } else { + if (s->session != NULL) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - meth=s->ctx->method; - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } - ret=1; + meth = s->ctx->method; + if (meth != s->method) { + if (!SSL_set_ssl_method(s, meth)) + return (0); } - return(ret); + ret = 1; } + return (ret); +} -long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->timeout=t; - return(1); - } +long +SSL_SESSION_set_timeout(SSL_SESSION *s, long t) +{ + if (s == NULL) + return (0); + s->timeout = t; + return (1); +} -long SSL_SESSION_get_timeout(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->timeout); - } +long +SSL_SESSION_get_timeout(const SSL_SESSION *s) +{ + if (s == NULL) + return (0); + return (s->timeout); +} -long SSL_SESSION_get_time(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->time); - } +long +SSL_SESSION_get_time(const SSL_SESSION *s) +{ + if (s == NULL) + return (0); + return (s->time); +} -long SSL_SESSION_set_time(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->time=t; - return(t); - } +long +SSL_SESSION_set_time(SSL_SESSION *s, long t) +{ + if (s == NULL) + return (0); + s->time = t; + return (t); +} -X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) - { +X509 +*SSL_SESSION_get0_peer(SSL_SESSION *s) +{ return s->peer; - } +} -int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) - { - SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); +int +SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) +{ + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { + SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; - } - s->sid_ctx_length=sid_ctx_len; - memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); + } + s->sid_ctx_length = sid_ctx_len; + memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); return 1; - } +} -long SSL_CTX_set_timeout(SSL_CTX *s, long t) - { +long +SSL_CTX_set_timeout(SSL_CTX *s, long t) +{ long l; - if (s == NULL) return(0); - l=s->session_timeout; - s->session_timeout=t; - return(l); - } + if (s == NULL) + return (0); + l = s->session_timeout; + s->session_timeout = t; + return (l); +} -long SSL_CTX_get_timeout(const SSL_CTX *s) - { - if (s == NULL) return(0); - return(s->session_timeout); - } +long +SSL_CTX_get_timeout(const SSL_CTX *s) +{ + if (s == NULL) + return (0); + return (s->session_timeout); +} #ifndef OPENSSL_NO_TLSEXT -int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) - { - if (s == NULL) return(0); +int +SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) +{ + if (s == NULL) + return (0); s->tls_session_secret_cb = tls_session_secret_cb; s->tls_session_secret_cb_arg = arg; - return(1); - } + return (1); +} -int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg) - { - if (s == NULL) return(0); +int +SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, + void *arg) +{ + if (s == NULL) + return (0); s->tls_session_ticket_ext_cb = cb; s->tls_session_ticket_ext_cb_arg = arg; - return(1); - } + return (1); +} -int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) - { - if (s->version >= TLS1_VERSION) - { - if (s->tlsext_session_ticket) - { +int +SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) +{ + if (s->version >= TLS1_VERSION) { + if (s->tlsext_session_ticket) { OPENSSL_free(s->tlsext_session_ticket); s->tlsext_session_ticket = NULL; - } + } s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (!s->tlsext_session_ticket) - { + if (!s->tlsext_session_ticket) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); return 0; - } + } - if (ext_data) - { + if (ext_data) { s->tlsext_session_ticket->length = ext_len; s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); - } - else - { + } else { s->tlsext_session_ticket->length = 0; s->tlsext_session_ticket->data = NULL; - } + } return 1; - } + } return 0; - } +} #endif /* OPENSSL_NO_TLSEXT */ -typedef struct timeout_param_st - { +typedef struct timeout_param_st { SSL_CTX *ctx; long time; LHASH_OF(SSL_SESSION) *cache; - } TIMEOUT_PARAM; +} TIMEOUT_PARAM; -static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) - { +static void +timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) +{ if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ - { + { /* The reason we don't call SSL_CTX_remove_session() is to * save on locking overhead */ - (void)lh_SSL_SESSION_delete(p->cache,s); - SSL_SESSION_list_remove(p->ctx,s); - s->not_resumable=1; + (void)lh_SSL_SESSION_delete(p->cache, s); + SSL_SESSION_list_remove(p->ctx, s); + s->not_resumable = 1; if (p->ctx->remove_session_cb != NULL) - p->ctx->remove_session_cb(p->ctx,s); + p->ctx->remove_session_cb(p->ctx, s); SSL_SESSION_free(s); - } } +} -static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) +static +IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) -void SSL_CTX_flush_sessions(SSL_CTX *s, long t) - { +void +SSL_CTX_flush_sessions(SSL_CTX *s, long t) +{ unsigned long i; TIMEOUT_PARAM tp; - tp.ctx=s; - tp.cache=s->sessions; - if (tp.cache == NULL) return; - tp.time=t; + tp.ctx = s; + tp.cache = s->sessions; + if (tp.cache == NULL) + return; + tp.time = t; CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; + i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; + CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), - TIMEOUT_PARAM, &tp); - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; + TIMEOUT_PARAM, &tp); + CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - } +} -int ssl_clear_bad_session(SSL *s) - { - if ( (s->session != NULL) && +int +ssl_clear_bad_session(SSL *s) +{ + if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) - { - SSL_CTX_remove_session(s->ctx,s->session); - return(1); - } - else - return(0); - } + !(SSL_in_init(s) || SSL_in_before(s))) { + SSL_CTX_remove_session(s->ctx, s->session); + return (1); + } else + return (0); +} /* locked by SSL_CTX in the calling function */ -static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) - { - if ((s->next == NULL) || (s->prev == NULL)) return; +static void +SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) +{ + if ((s->next == NULL) + || (s->prev == NULL)) return; if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) - { /* last element in list */ + { /* last element in list */ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* only one element in list */ - ctx->session_cache_head=NULL; - ctx->session_cache_tail=NULL; - } - else - { - ctx->session_cache_tail=s->prev; - s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } + { /* only one element in list */ + ctx->session_cache_head = NULL; + ctx->session_cache_tail = NULL; + } else { + ctx->session_cache_tail = s->prev; + s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); } - else - { + } else { if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* first element in list */ - ctx->session_cache_head=s->next; - s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); - } - else - { /* middle of list */ - s->next->prev=s->prev; - s->prev->next=s->next; - } + { /* first element in list */ + ctx->session_cache_head = s->next; + s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); + } else + { /* middle of list */ + s->next->prev = s->prev; + s->prev->next = s->next; } - s->prev=s->next=NULL; } + s->prev = s->next = NULL; +} -static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) - { +static void +SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) +{ if ((s->next != NULL) && (s->prev != NULL)) - SSL_SESSION_list_remove(ctx,s); - - if (ctx->session_cache_head == NULL) - { - ctx->session_cache_head=s; - ctx->session_cache_tail=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - s->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } - else - { - s->next=ctx->session_cache_head; - s->next->prev=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - ctx->session_cache_head=s; - } + SSL_SESSION_list_remove(ctx, s); + + if (ctx->session_cache_head == NULL) { + ctx->session_cache_head = s; + ctx->session_cache_tail = s; + s->prev = (SSL_SESSION *)&(ctx->session_cache_head); + s->next = (SSL_SESSION *)&(ctx->session_cache_tail); + } else { + s->next = ctx->session_cache_head; + s->next->prev = s; + s->prev = (SSL_SESSION *)&(ctx->session_cache_head); + ctx->session_cache_head = s; } +} -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) - { - ctx->new_session_cb=cb; - } +void +SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { + ctx->new_session_cb = cb; +} int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) - { +{ return ctx->new_session_cb; - } +} -void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) - { - ctx->remove_session_cb=cb; - } +void +SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) +{ + ctx->remove_session_cb = cb; +} -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) - { +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) +{ return ctx->remove_session_cb; - } +} -void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*cb)(struct ssl_st *ssl, - unsigned char *data,int len,int *copy)) - { - ctx->get_session_cb=cb; - } +void +SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*cb)(struct ssl_st *ssl, +unsigned char *data, int len, int *copy)) +{ + ctx->get_session_cb = cb; +} SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, - unsigned char *data,int len,int *copy) - { + unsigned char *data, int len, int *copy) +{ return ctx->get_session_cb; - } +} -void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb)(const SSL *ssl,int type,int val)) - { - ctx->info_callback=cb; - } +void +SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb)(const SSL *ssl, int type, int val)) +{ + ctx->info_callback = cb; +} -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) - { +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) +{ return ctx->info_callback; - } +} -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) - { - ctx->client_cert_cb=cb; - } +void +SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) +{ + ctx->client_cert_cb = cb; +} int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) - { +{ return ctx->client_cert_cb; - } +} #ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) - { - if (!ENGINE_init(e)) - { +int +SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) +{ + if (!ENGINE_init(e)) { SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); return 0; - } - if(!ENGINE_get_ssl_client_cert_function(e)) - { + } + if (!ENGINE_get_ssl_client_cert_function(e)) { SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); ENGINE_finish(e); return 0; - } + } ctx->client_cert_engine = e; return 1; - } +} #endif -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) - { - ctx->app_gen_cookie_cb=cb; - } +void +SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) +{ + ctx->app_gen_cookie_cb = cb; +} -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) - { - ctx->app_verify_cookie_cb=cb; - } +void +SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) +{ + ctx->app_verify_cookie_cb = cb; +} IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) diff --git a/lib/libssl/src/ssl/ssl_stat.c b/lib/libssl/src/ssl/ssl_stat.c index 144b81e55fe..3d9371cdd7a 100644 --- a/lib/libssl/src/ssl/ssl_stat.c +++ b/lib/libssl/src/ssl/ssl_stat.c @@ -85,311 +85,533 @@ #include <stdio.h> #include "ssl_locl.h" -const char *SSL_state_string_long(const SSL *s) - { +const char +*SSL_state_string_long(const SSL *s) +{ const char *str; - switch (s->state) - { -case SSL_ST_BEFORE: str="before SSL initialization"; break; -case SSL_ST_ACCEPT: str="before accept initialization"; break; -case SSL_ST_CONNECT: str="before connect initialization"; break; -case SSL_ST_OK: str="SSL negotiation finished successfully"; break; -case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; -case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; -case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; -case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; -case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; + switch (s->state) { + case SSL_ST_BEFORE: + str="before SSL initialization"; break; + case SSL_ST_ACCEPT: + str="before accept initialization"; break; + case SSL_ST_CONNECT: + str="before connect initialization"; break; + case SSL_ST_OK: + str="SSL negotiation finished successfully"; break; + case SSL_ST_RENEGOTIATE: + str="SSL renegotiate ciphers"; break; + case SSL_ST_BEFORE|SSL_ST_CONNECT: + str="before/connect initialization"; break; + case SSL_ST_OK|SSL_ST_CONNECT: + str="ok/connect SSL initialization"; break; + case SSL_ST_BEFORE|SSL_ST_ACCEPT: + str="before/accept initialization"; break; + case SSL_ST_OK|SSL_ST_ACCEPT: + str="ok/accept SSL initialization"; break; #ifndef OPENSSL_NO_SSL2 -case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; -case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; -case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; -case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; -case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; -case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; -case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; -case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; -case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; -case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; -case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; -case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; -case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; -case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; -case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; -case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; -case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; -case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; -case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; -case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; -case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; -case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; + case SSL2_ST_CLIENT_START_ENCRYPTION: + str="SSLv2 client start encryption"; break; + case SSL2_ST_SERVER_START_ENCRYPTION: + str="SSLv2 server start encryption"; break; + case SSL2_ST_SEND_CLIENT_HELLO_A: + str="SSLv2 write client hello A"; break; + case SSL2_ST_SEND_CLIENT_HELLO_B: + str="SSLv2 write client hello B"; break; + case SSL2_ST_GET_SERVER_HELLO_A: + str="SSLv2 read server hello A"; break; + case SSL2_ST_GET_SERVER_HELLO_B: + str="SSLv2 read server hello B"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: + str="SSLv2 write client master key A"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: + str="SSLv2 write client master key B"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_A: + str="SSLv2 write client finished A"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_B: + str="SSLv2 write client finished B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: + str="SSLv2 write client certificate A"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: + str="SSLv2 write client certificate B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: + str="SSLv2 write client certificate C"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: + str="SSLv2 write client certificate D"; break; + case SSL2_ST_GET_SERVER_VERIFY_A: + str="SSLv2 read server verify A"; break; + case SSL2_ST_GET_SERVER_VERIFY_B: + str="SSLv2 read server verify B"; break; + case SSL2_ST_GET_SERVER_FINISHED_A: + str="SSLv2 read server finished A"; break; + case SSL2_ST_GET_SERVER_FINISHED_B: + str="SSLv2 read server finished B"; break; + case SSL2_ST_GET_CLIENT_HELLO_A: + str="SSLv2 read client hello A"; break; + case SSL2_ST_GET_CLIENT_HELLO_B: + str="SSLv2 read client hello B"; break; + case SSL2_ST_GET_CLIENT_HELLO_C: + str="SSLv2 read client hello C"; break; + case SSL2_ST_SEND_SERVER_HELLO_A: + str="SSLv2 write server hello A"; break; + case SSL2_ST_SEND_SERVER_HELLO_B: + str="SSLv2 write server hello B"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_A: + str="SSLv2 read client master key A"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_B: + str="SSLv2 read client master key B"; break; + case SSL2_ST_SEND_SERVER_VERIFY_A: + str="SSLv2 write server verify A"; break; + case SSL2_ST_SEND_SERVER_VERIFY_B: + str="SSLv2 write server verify B"; break; + case SSL2_ST_SEND_SERVER_VERIFY_C: + str="SSLv2 write server verify C"; break; + case SSL2_ST_GET_CLIENT_FINISHED_A: + str="SSLv2 read client finished A"; break; + case SSL2_ST_GET_CLIENT_FINISHED_B: + str="SSLv2 read client finished B"; break; + case SSL2_ST_SEND_SERVER_FINISHED_A: + str="SSLv2 write server finished A"; break; + case SSL2_ST_SEND_SERVER_FINISHED_B: + str="SSLv2 write server finished B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: + str="SSLv2 write request certificate A"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: + str="SSLv2 write request certificate B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: + str="SSLv2 write request certificate C"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: + str="SSLv2 write request certificate D"; break; + case SSL2_ST_X509_GET_SERVER_CERTIFICATE: + str="SSLv2 X509 read server certificate"; break; + case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: + str="SSLv2 X509 read client certificate"; break; #endif #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ -case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; -case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; -case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; -case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; -case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; -case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; -case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; -case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; -case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; -case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; -case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; -case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; -case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; -case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; -case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; -case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; -case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; -case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; -case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; -case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; -case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; -case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; + case SSL3_ST_CW_CLNT_HELLO_A: + str="SSLv3 write client hello A"; break; + case SSL3_ST_CW_CLNT_HELLO_B: + str="SSLv3 write client hello B"; break; + case SSL3_ST_CR_SRVR_HELLO_A: + str="SSLv3 read server hello A"; break; + case SSL3_ST_CR_SRVR_HELLO_B: + str="SSLv3 read server hello B"; break; + case SSL3_ST_CR_CERT_A: + str="SSLv3 read server certificate A"; break; + case SSL3_ST_CR_CERT_B: + str="SSLv3 read server certificate B"; break; + case SSL3_ST_CR_KEY_EXCH_A: + str="SSLv3 read server key exchange A"; break; + case SSL3_ST_CR_KEY_EXCH_B: + str="SSLv3 read server key exchange B"; break; + case SSL3_ST_CR_CERT_REQ_A: + str="SSLv3 read server certificate request A"; break; + case SSL3_ST_CR_CERT_REQ_B: + str="SSLv3 read server certificate request B"; break; + case SSL3_ST_CR_SESSION_TICKET_A: + str="SSLv3 read server session ticket A";break; + case SSL3_ST_CR_SESSION_TICKET_B: + str="SSLv3 read server session ticket B";break; + case SSL3_ST_CR_SRVR_DONE_A: + str="SSLv3 read server done A"; break; + case SSL3_ST_CR_SRVR_DONE_B: + str="SSLv3 read server done B"; break; + case SSL3_ST_CW_CERT_A: + str="SSLv3 write client certificate A"; break; + case SSL3_ST_CW_CERT_B: + str="SSLv3 write client certificate B"; break; + case SSL3_ST_CW_CERT_C: + str="SSLv3 write client certificate C"; break; + case SSL3_ST_CW_CERT_D: + str="SSLv3 write client certificate D"; break; + case SSL3_ST_CW_KEY_EXCH_A: + str="SSLv3 write client key exchange A"; break; + case SSL3_ST_CW_KEY_EXCH_B: + str="SSLv3 write client key exchange B"; break; + case SSL3_ST_CW_CERT_VRFY_A: + str="SSLv3 write certificate verify A"; break; + case SSL3_ST_CW_CERT_VRFY_B: + str="SSLv3 write certificate verify B"; break; -case SSL3_ST_CW_CHANGE_A: -case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; -case SSL3_ST_CW_CHANGE_B: -case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; -case SSL3_ST_CW_FINISHED_A: -case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; -case SSL3_ST_CW_FINISHED_B: -case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; -case SSL3_ST_CR_CHANGE_A: -case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; -case SSL3_ST_CR_CHANGE_B: -case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; -case SSL3_ST_CR_FINISHED_A: -case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; -case SSL3_ST_CR_FINISHED_B: -case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; + case SSL3_ST_CW_CHANGE_A: + case SSL3_ST_SW_CHANGE_A: + str="SSLv3 write change cipher spec A"; break; + case SSL3_ST_CW_CHANGE_B: + case SSL3_ST_SW_CHANGE_B: + str="SSLv3 write change cipher spec B"; break; + case SSL3_ST_CW_FINISHED_A: + case SSL3_ST_SW_FINISHED_A: + str="SSLv3 write finished A"; break; + case SSL3_ST_CW_FINISHED_B: + case SSL3_ST_SW_FINISHED_B: + str="SSLv3 write finished B"; break; + case SSL3_ST_CR_CHANGE_A: + case SSL3_ST_SR_CHANGE_A: + str="SSLv3 read change cipher spec A"; break; + case SSL3_ST_CR_CHANGE_B: + case SSL3_ST_SR_CHANGE_B: + str="SSLv3 read change cipher spec B"; break; + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_SR_FINISHED_A: + str="SSLv3 read finished A"; break; + case SSL3_ST_CR_FINISHED_B: + case SSL3_ST_SR_FINISHED_B: + str="SSLv3 read finished B"; break; -case SSL3_ST_CW_FLUSH: -case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; + case SSL3_ST_CW_FLUSH: + case SSL3_ST_SW_FLUSH: + str="SSLv3 flush data"; break; -case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; -case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; -case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; -case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; -case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; -case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; -case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; -case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; -case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; -case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; -case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; -case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; -case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; -case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; -case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; -case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; -case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; -case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; -case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; -case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; -case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; -case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; -case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; -case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; + case SSL3_ST_SR_CLNT_HELLO_A: + str="SSLv3 read client hello A"; break; + case SSL3_ST_SR_CLNT_HELLO_B: + str="SSLv3 read client hello B"; break; + case SSL3_ST_SR_CLNT_HELLO_C: + str="SSLv3 read client hello C"; break; + case SSL3_ST_SW_HELLO_REQ_A: + str="SSLv3 write hello request A"; break; + case SSL3_ST_SW_HELLO_REQ_B: + str="SSLv3 write hello request B"; break; + case SSL3_ST_SW_HELLO_REQ_C: + str="SSLv3 write hello request C"; break; + case SSL3_ST_SW_SRVR_HELLO_A: + str="SSLv3 write server hello A"; break; + case SSL3_ST_SW_SRVR_HELLO_B: + str="SSLv3 write server hello B"; break; + case SSL3_ST_SW_CERT_A: + str="SSLv3 write certificate A"; break; + case SSL3_ST_SW_CERT_B: + str="SSLv3 write certificate B"; break; + case SSL3_ST_SW_KEY_EXCH_A: + str="SSLv3 write key exchange A"; break; + case SSL3_ST_SW_KEY_EXCH_B: + str="SSLv3 write key exchange B"; break; + case SSL3_ST_SW_CERT_REQ_A: + str="SSLv3 write certificate request A"; break; + case SSL3_ST_SW_CERT_REQ_B: + str="SSLv3 write certificate request B"; break; + case SSL3_ST_SW_SESSION_TICKET_A: + str="SSLv3 write session ticket A"; break; + case SSL3_ST_SW_SESSION_TICKET_B: + str="SSLv3 write session ticket B"; break; + case SSL3_ST_SW_SRVR_DONE_A: + str="SSLv3 write server done A"; break; + case SSL3_ST_SW_SRVR_DONE_B: + str="SSLv3 write server done B"; break; + case SSL3_ST_SR_CERT_A: + str="SSLv3 read client certificate A"; break; + case SSL3_ST_SR_CERT_B: + str="SSLv3 read client certificate B"; break; + case SSL3_ST_SR_KEY_EXCH_A: + str="SSLv3 read client key exchange A"; break; + case SSL3_ST_SR_KEY_EXCH_B: + str="SSLv3 read client key exchange B"; break; + case SSL3_ST_SR_CERT_VRFY_A: + str="SSLv3 read certificate verify A"; break; + case SSL3_ST_SR_CERT_VRFY_B: + str="SSLv3 read certificate verify B"; break; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ -case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; -case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; -case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; -case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; + case SSL23_ST_CW_CLNT_HELLO_A: + str="SSLv2/v3 write client hello A"; break; + case SSL23_ST_CW_CLNT_HELLO_B: + str="SSLv2/v3 write client hello B"; break; + case SSL23_ST_CR_SRVR_HELLO_A: + str="SSLv2/v3 read server hello A"; break; + case SSL23_ST_CR_SRVR_HELLO_B: + str="SSLv2/v3 read server hello B"; break; /* server */ -case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; -case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; + case SSL23_ST_SR_CLNT_HELLO_A: + str="SSLv2/v3 read client hello A"; break; + case SSL23_ST_SR_CLNT_HELLO_B: + str="SSLv2/v3 read client hello B"; break; #endif /* DTLS */ -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: + str="DTLS1 read hello verify request A"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: + str="DTLS1 read hello verify request B"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: + str="DTLS1 write hello verify request A"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: + str="DTLS1 write hello verify request B"; break; -default: str="unknown state"; break; - } - return(str); + default: + str="unknown state"; break; } + return (str); +} -const char *SSL_rstate_string_long(const SSL *s) - { +const char +*SSL_rstate_string_long(const SSL *s) +{ const char *str; - switch (s->rstate) - { - case SSL_ST_READ_HEADER: str="read header"; break; - case SSL_ST_READ_BODY: str="read body"; break; - case SSL_ST_READ_DONE: str="read done"; break; - default: str="unknown"; break; - } - return(str); + switch (s->rstate) { + case SSL_ST_READ_HEADER: + str="read header"; break; + case SSL_ST_READ_BODY: + str="read body"; break; + case SSL_ST_READ_DONE: + str="read done"; break; + default: + str="unknown"; break; } + return (str); +} -const char *SSL_state_string(const SSL *s) - { +const char +*SSL_state_string(const SSL *s) +{ const char *str; - switch (s->state) - { -case SSL_ST_BEFORE: str="PINIT "; break; -case SSL_ST_ACCEPT: str="AINIT "; break; -case SSL_ST_CONNECT: str="CINIT "; break; -case SSL_ST_OK: str="SSLOK "; break; + switch (s->state) { + case SSL_ST_BEFORE: + str="PINIT "; break; + case SSL_ST_ACCEPT: + str="AINIT "; break; + case SSL_ST_CONNECT: + str="CINIT "; break; + case SSL_ST_OK: + str="SSLOK "; break; #ifndef OPENSSL_NO_SSL2 -case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; -case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; -case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; -case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; -case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; -case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; -case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; -case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; -case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; -case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; -case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; -case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; -case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; -case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; -case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; -case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; -case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; -case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; -case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; -case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; -case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; -case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; -case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; + case SSL2_ST_CLIENT_START_ENCRYPTION: + str="2CSENC"; break; + case SSL2_ST_SERVER_START_ENCRYPTION: + str="2SSENC"; break; + case SSL2_ST_SEND_CLIENT_HELLO_A: + str="2SCH_A"; break; + case SSL2_ST_SEND_CLIENT_HELLO_B: + str="2SCH_B"; break; + case SSL2_ST_GET_SERVER_HELLO_A: + str="2GSH_A"; break; + case SSL2_ST_GET_SERVER_HELLO_B: + str="2GSH_B"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: + str="2SCMKA"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: + str="2SCMKB"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_A: + str="2SCF_A"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_B: + str="2SCF_B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: + str="2SCC_A"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: + str="2SCC_B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: + str="2SCC_C"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: + str="2SCC_D"; break; + case SSL2_ST_GET_SERVER_VERIFY_A: + str="2GSV_A"; break; + case SSL2_ST_GET_SERVER_VERIFY_B: + str="2GSV_B"; break; + case SSL2_ST_GET_SERVER_FINISHED_A: + str="2GSF_A"; break; + case SSL2_ST_GET_SERVER_FINISHED_B: + str="2GSF_B"; break; + case SSL2_ST_GET_CLIENT_HELLO_A: + str="2GCH_A"; break; + case SSL2_ST_GET_CLIENT_HELLO_B: + str="2GCH_B"; break; + case SSL2_ST_GET_CLIENT_HELLO_C: + str="2GCH_C"; break; + case SSL2_ST_SEND_SERVER_HELLO_A: + str="2SSH_A"; break; + case SSL2_ST_SEND_SERVER_HELLO_B: + str="2SSH_B"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_A: + str="2GCMKA"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_B: + str="2GCMKA"; break; + case SSL2_ST_SEND_SERVER_VERIFY_A: + str="2SSV_A"; break; + case SSL2_ST_SEND_SERVER_VERIFY_B: + str="2SSV_B"; break; + case SSL2_ST_SEND_SERVER_VERIFY_C: + str="2SSV_C"; break; + case SSL2_ST_GET_CLIENT_FINISHED_A: + str="2GCF_A"; break; + case SSL2_ST_GET_CLIENT_FINISHED_B: + str="2GCF_B"; break; + case SSL2_ST_SEND_SERVER_FINISHED_A: + str="2SSF_A"; break; + case SSL2_ST_SEND_SERVER_FINISHED_B: + str="2SSF_B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: + str="2SRC_A"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: + str="2SRC_B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: + str="2SRC_C"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: + str="2SRC_D"; break; + case SSL2_ST_X509_GET_SERVER_CERTIFICATE: + str="2X9GSC"; break; + case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: + str="2X9GCC"; break; #endif #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ -case SSL3_ST_SW_FLUSH: -case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; -case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; -case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; -case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; -case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; -case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; -case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; -case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; -case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; -case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; -case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; -case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; -case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; -case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; -case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; -case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; -case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; -case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; -case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; -case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; -case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; + case SSL3_ST_SW_FLUSH: + case SSL3_ST_CW_FLUSH: + str="3FLUSH"; break; + case SSL3_ST_CW_CLNT_HELLO_A: + str="3WCH_A"; break; + case SSL3_ST_CW_CLNT_HELLO_B: + str="3WCH_B"; break; + case SSL3_ST_CR_SRVR_HELLO_A: + str="3RSH_A"; break; + case SSL3_ST_CR_SRVR_HELLO_B: + str="3RSH_B"; break; + case SSL3_ST_CR_CERT_A: + str="3RSC_A"; break; + case SSL3_ST_CR_CERT_B: + str="3RSC_B"; break; + case SSL3_ST_CR_KEY_EXCH_A: + str="3RSKEA"; break; + case SSL3_ST_CR_KEY_EXCH_B: + str="3RSKEB"; break; + case SSL3_ST_CR_CERT_REQ_A: + str="3RCR_A"; break; + case SSL3_ST_CR_CERT_REQ_B: + str="3RCR_B"; break; + case SSL3_ST_CR_SRVR_DONE_A: + str="3RSD_A"; break; + case SSL3_ST_CR_SRVR_DONE_B: + str="3RSD_B"; break; + case SSL3_ST_CW_CERT_A: + str="3WCC_A"; break; + case SSL3_ST_CW_CERT_B: + str="3WCC_B"; break; + case SSL3_ST_CW_CERT_C: + str="3WCC_C"; break; + case SSL3_ST_CW_CERT_D: + str="3WCC_D"; break; + case SSL3_ST_CW_KEY_EXCH_A: + str="3WCKEA"; break; + case SSL3_ST_CW_KEY_EXCH_B: + str="3WCKEB"; break; + case SSL3_ST_CW_CERT_VRFY_A: + str="3WCV_A"; break; + case SSL3_ST_CW_CERT_VRFY_B: + str="3WCV_B"; break; -case SSL3_ST_SW_CHANGE_A: -case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; -case SSL3_ST_SW_CHANGE_B: -case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; -case SSL3_ST_SW_FINISHED_A: -case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; -case SSL3_ST_SW_FINISHED_B: -case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; -case SSL3_ST_SR_CHANGE_A: -case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; -case SSL3_ST_SR_CHANGE_B: -case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; -case SSL3_ST_SR_FINISHED_A: -case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; -case SSL3_ST_SR_FINISHED_B: -case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; + case SSL3_ST_SW_CHANGE_A: + case SSL3_ST_CW_CHANGE_A: + str="3WCCSA"; break; + case SSL3_ST_SW_CHANGE_B: + case SSL3_ST_CW_CHANGE_B: + str="3WCCSB"; break; + case SSL3_ST_SW_FINISHED_A: + case SSL3_ST_CW_FINISHED_A: + str="3WFINA"; break; + case SSL3_ST_SW_FINISHED_B: + case SSL3_ST_CW_FINISHED_B: + str="3WFINB"; break; + case SSL3_ST_SR_CHANGE_A: + case SSL3_ST_CR_CHANGE_A: + str="3RCCSA"; break; + case SSL3_ST_SR_CHANGE_B: + case SSL3_ST_CR_CHANGE_B: + str="3RCCSB"; break; + case SSL3_ST_SR_FINISHED_A: + case SSL3_ST_CR_FINISHED_A: + str="3RFINA"; break; + case SSL3_ST_SR_FINISHED_B: + case SSL3_ST_CR_FINISHED_B: + str="3RFINB"; break; -case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; -case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; -case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; -case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; -case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; -case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; -case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; -case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; -case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; -case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; -case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; -case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; -case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; -case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; -case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; -case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; -case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; -case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; -case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; -case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; -case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; -case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; + case SSL3_ST_SW_HELLO_REQ_A: + str="3WHR_A"; break; + case SSL3_ST_SW_HELLO_REQ_B: + str="3WHR_B"; break; + case SSL3_ST_SW_HELLO_REQ_C: + str="3WHR_C"; break; + case SSL3_ST_SR_CLNT_HELLO_A: + str="3RCH_A"; break; + case SSL3_ST_SR_CLNT_HELLO_B: + str="3RCH_B"; break; + case SSL3_ST_SR_CLNT_HELLO_C: + str="3RCH_C"; break; + case SSL3_ST_SW_SRVR_HELLO_A: + str="3WSH_A"; break; + case SSL3_ST_SW_SRVR_HELLO_B: + str="3WSH_B"; break; + case SSL3_ST_SW_CERT_A: + str="3WSC_A"; break; + case SSL3_ST_SW_CERT_B: + str="3WSC_B"; break; + case SSL3_ST_SW_KEY_EXCH_A: + str="3WSKEA"; break; + case SSL3_ST_SW_KEY_EXCH_B: + str="3WSKEB"; break; + case SSL3_ST_SW_CERT_REQ_A: + str="3WCR_A"; break; + case SSL3_ST_SW_CERT_REQ_B: + str="3WCR_B"; break; + case SSL3_ST_SW_SRVR_DONE_A: + str="3WSD_A"; break; + case SSL3_ST_SW_SRVR_DONE_B: + str="3WSD_B"; break; + case SSL3_ST_SR_CERT_A: + str="3RCC_A"; break; + case SSL3_ST_SR_CERT_B: + str="3RCC_B"; break; + case SSL3_ST_SR_KEY_EXCH_A: + str="3RCKEA"; break; + case SSL3_ST_SR_KEY_EXCH_B: + str="3RCKEB"; break; + case SSL3_ST_SR_CERT_VRFY_A: + str="3RCV_A"; break; + case SSL3_ST_SR_CERT_VRFY_B: + str="3RCV_B"; break; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ -case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; -case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; -case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; -case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; + case SSL23_ST_CW_CLNT_HELLO_A: + str="23WCHA"; break; + case SSL23_ST_CW_CLNT_HELLO_B: + str="23WCHB"; break; + case SSL23_ST_CR_SRVR_HELLO_A: + str="23RSHA"; break; + case SSL23_ST_CR_SRVR_HELLO_B: + str="23RSHA"; break; /* server */ -case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; -case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; + case SSL23_ST_SR_CLNT_HELLO_A: + str="23RCHA"; break; + case SSL23_ST_SR_CLNT_HELLO_B: + str="23RCHB"; break; #endif /* DTLS */ -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: + str="DRCHVA"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: + str="DRCHVB"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: + str="DWCHVA"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: + str="DWCHVB"; break; -default: str="UNKWN "; break; - } - return(str); + default: + str="UNKWN "; break; } + return (str); +} -const char *SSL_alert_type_string_long(int value) - { +const char +*SSL_alert_type_string_long(int value) +{ value>>=8; if (value == SSL3_AL_WARNING) return("warning"); @@ -397,10 +619,11 @@ const char *SSL_alert_type_string_long(int value) return("fatal"); else return("unknown"); - } +} -const char *SSL_alert_type_string(int value) - { +const char +*SSL_alert_type_string(int value) +{ value>>=8; if (value == SSL3_AL_WARNING) return("W"); @@ -408,55 +631,86 @@ const char *SSL_alert_type_string(int value) return("F"); else return("U"); - } +} -const char *SSL_alert_desc_string(int value) - { +const char +*SSL_alert_desc_string(int value) +{ const char *str; - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; - case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; - case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; - case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; - case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; - case SSL3_AD_NO_CERTIFICATE: str="NC"; break; - case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; - case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; - case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; - case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; - case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; - case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; - case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; - case TLS1_AD_UNKNOWN_CA: str="CA"; break; - case TLS1_AD_ACCESS_DENIED: str="AD"; break; - case TLS1_AD_DECODE_ERROR: str="DE"; break; - case TLS1_AD_DECRYPT_ERROR: str="CY"; break; - case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; - case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; - case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; - case TLS1_AD_INTERNAL_ERROR: str="IE"; break; - case TLS1_AD_USER_CANCELLED: str="US"; break; - case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; - case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; - case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; - default: str="UK"; break; - } - return(str); + switch (value & 0xff) { + case SSL3_AD_CLOSE_NOTIFY: + str="CN"; break; + case SSL3_AD_UNEXPECTED_MESSAGE: + str="UM"; break; + case SSL3_AD_BAD_RECORD_MAC: + str="BM"; break; + case SSL3_AD_DECOMPRESSION_FAILURE: + str="DF"; break; + case SSL3_AD_HANDSHAKE_FAILURE: + str="HF"; break; + case SSL3_AD_NO_CERTIFICATE: + str="NC"; break; + case SSL3_AD_BAD_CERTIFICATE: + str="BC"; break; + case SSL3_AD_UNSUPPORTED_CERTIFICATE: + str="UC"; break; + case SSL3_AD_CERTIFICATE_REVOKED: + str="CR"; break; + case SSL3_AD_CERTIFICATE_EXPIRED: + str="CE"; break; + case SSL3_AD_CERTIFICATE_UNKNOWN: + str="CU"; break; + case SSL3_AD_ILLEGAL_PARAMETER: + str="IP"; break; + case TLS1_AD_DECRYPTION_FAILED: + str="DC"; break; + case TLS1_AD_RECORD_OVERFLOW: + str="RO"; break; + case TLS1_AD_UNKNOWN_CA: + str="CA"; break; + case TLS1_AD_ACCESS_DENIED: + str="AD"; break; + case TLS1_AD_DECODE_ERROR: + str="DE"; break; + case TLS1_AD_DECRYPT_ERROR: + str="CY"; break; + case TLS1_AD_EXPORT_RESTRICTION: + str="ER"; break; + case TLS1_AD_PROTOCOL_VERSION: + str="PV"; break; + case TLS1_AD_INSUFFICIENT_SECURITY: + str="IS"; break; + case TLS1_AD_INTERNAL_ERROR: + str="IE"; break; + case TLS1_AD_USER_CANCELLED: + str="US"; break; + case TLS1_AD_NO_RENEGOTIATION: + str="NR"; break; + case TLS1_AD_UNSUPPORTED_EXTENSION: + str="UE"; break; + case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + str="CO"; break; + case TLS1_AD_UNRECOGNIZED_NAME: + str="UN"; break; + case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + str="BR"; break; + case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + str="BH"; break; + case TLS1_AD_UNKNOWN_PSK_IDENTITY: + str="UP"; break; + default: + str="UK"; break; } + return (str); +} -const char *SSL_alert_desc_string_long(int value) - { +const char +*SSL_alert_desc_string_long(int value) +{ const char *str; - switch (value & 0xff) - { + switch (value & 0xff) { case SSL3_AD_CLOSE_NOTIFY: str="close notify"; break; @@ -547,21 +801,26 @@ const char *SSL_alert_desc_string_long(int value) case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="unknown PSK identity"; break; - default: str="unknown"; break; - } - return(str); + default: + str="unknown"; break; } + return (str); +} -const char *SSL_rstate_string(const SSL *s) - { +const char +*SSL_rstate_string(const SSL *s) +{ const char *str; - switch (s->rstate) - { - case SSL_ST_READ_HEADER:str="RH"; break; - case SSL_ST_READ_BODY: str="RB"; break; - case SSL_ST_READ_DONE: str="RD"; break; - default: str="unknown"; break; - } - return(str); + switch (s->rstate) { + case SSL_ST_READ_HEADER: + str="RH"; break; + case SSL_ST_READ_BODY: + str="RB"; break; + case SSL_ST_READ_DONE: + str="RD"; break; + default: + str="unknown"; break; } + return (str); +} diff --git a/lib/libssl/src/ssl/ssl_task.c b/lib/libssl/src/ssl/ssl_task.c index 366204f097a..25d20b06a0b 100644 --- a/lib/libssl/src/ssl/ssl_task.c +++ b/lib/libssl/src/ssl/ssl_task.c @@ -134,24 +134,28 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER(); #include <openssl/ssl.h> #include <openssl/err.h> -int verify_callback(int ok, X509 *xs, X509 *xi, int depth, - int error); -BIO *bio_err=NULL; -BIO *bio_stdout=NULL; +int +verify_callback(int ok, X509 *xs, X509 *xi, int depth, +int error); +BIO *bio_err = NULL; +BIO *bio_stdout = NULL; BIO_METHOD *BIO_s_rtcp(); -static char *cipher=NULL; -int verbose=1; +static char *cipher = NULL; +int verbose = 1; #ifdef FIONBIO -static int s_nbio=0; +static int s_nbio = 0; #endif #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" /*************************************************************************/ -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ + struct rpc_msg { /* Should have member alignment inhibited */ + char channel; + /* 'A'-app data. 'R'-remote client 'G'-global */ + char function; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + unsigned short int length; /* Amount of data returned or max to return */ + char data[4092]; + /* variable data */ }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) @@ -159,9 +163,9 @@ static $DESCRIPTOR(sysnet, "SYS$NET"); typedef unsigned short io_channel; struct io_status { - unsigned short status; - unsigned short count; - unsigned long stsval; + unsigned short status; + unsigned short count; + unsigned long stsval; }; int doit(io_channel chan, SSL_CTX *s_ctx ); /*****************************************************************************/ @@ -169,63 +173,66 @@ int doit(io_channel chan, SSL_CTX *s_ctx ); */ static int get ( io_channel chan, char *buffer, int maxlen, int *length ) { - int status; - struct io_status iosb; - status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0, + int status; + struct io_status iosb; + status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0, buffer, maxlen, 0, 0, 0, 0 ); - if ( (status&1) == 1 ) status = iosb.status; - if ( (status&1) == 1 ) *length = iosb.count; - return status; + if ((status&1) + == 1 ) status = iosb.status; + if ((status&1) + == 1 ) *length = iosb.count; + return status; } static int put ( io_channel chan, char *buffer, int length ) { - int status; - struct io_status iosb; - status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, + int status; + struct io_status iosb; + status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, buffer, length, 0, 0, 0, 0 ); - if ( (status&1) == 1 ) status = iosb.status; - return status; + if ((status&1) + == 1 ) status = iosb.status; + return status; } /***************************************************************************/ /* Handle operations on the 'G' channel. */ -static int general_request ( io_channel chan, struct rpc_msg *msg, int length ) -{ - return 48; +static int general_request ( io_channel chan, struct rpc_msg *msg, int length ) { + return 48; } /***************************************************************************/ int main ( int argc, char **argv ) { - int status, length; - io_channel chan; - struct rpc_msg msg; + int status, length; + io_channel chan; + struct rpc_msg msg; - char *CApath=NULL,*CAfile=NULL; - int badop=0; - int ret=1; - int client_auth=0; - int server_auth=0; - SSL_CTX *s_ctx=NULL; + char *CApath = NULL, *CAfile = NULL; + int badop = 0; + int ret = 1; + int client_auth = 0; + int server_auth = 0; + SSL_CTX *s_ctx = NULL; /* * Confirm logical link with initiating client. */ - LIB$INIT_TIMER(); - status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 ); - printf("status of assign to SYS$NET: %d\n", status ); + LIB$INIT_TIMER(); + status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 ); + printf("status of assign to SYS$NET: %d\n", status ); /* * Initialize standard out and error files. */ if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE); if (bio_stdout == NULL) - if ((bio_stdout=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE); + if ((bio_stdout = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_stdout, stdout, BIO_NOCLOSE); /* * get the preferred cipher list and other initialization */ - if (cipher == NULL) cipher=getenv("SSL_CIPHER"); + if (cipher == NULL) + cipher = getenv("SSL_CIPHER"); printf("cipher list: %s\n", cipher ? cipher : "{undefined}" ); SSL_load_error_strings(); @@ -234,48 +241,53 @@ int main ( int argc, char **argv ) /* DRM, this was the original, but there is no such thing as SSLv2() s_ctx=SSL_CTX_new(SSLv2()); */ - s_ctx=SSL_CTX_new(SSLv2_server_method()); + s_ctx = SSL_CTX_new(SSLv2_server_method()); - if (s_ctx == NULL) goto end; + if (s_ctx == NULL) + goto end; - SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); - SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); + SSL_CTX_use_certificate_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM); + SSL_CTX_use_RSAPrivateKey_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM); printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT ); /* * Take commands from client until bad status. */ - LIB$SHOW_TIMER(); - status = doit ( chan, s_ctx ); - LIB$SHOW_TIMER(); + LIB$SHOW_TIMER(); + status = doit ( chan, s_ctx ); + LIB$SHOW_TIMER(); /* * do final cleanup and exit. */ end: - if (s_ctx != NULL) SSL_CTX_free(s_ctx); - LIB$SHOW_TIMER(); - return 1; + if (s_ctx != NULL) + SSL_CTX_free(s_ctx); + LIB$SHOW_TIMER(); + return 1; } -int doit(io_channel chan, SSL_CTX *s_ctx ) +int +doit(io_channel chan, SSL_CTX *s_ctx ) { - int status, length, link_state; - struct rpc_msg msg; + int status, length, link_state; + struct rpc_msg msg; - SSL *s_ssl=NULL; - BIO *c_to_s=NULL; - BIO *s_to_c=NULL; - BIO *c_bio=NULL; - BIO *s_bio=NULL; + SSL *s_ssl = NULL; + BIO *c_to_s = NULL; + BIO *s_to_c = NULL; + BIO *c_bio = NULL; + BIO *s_bio = NULL; int i; - int done=0; + int done = 0; - s_ssl=SSL_new(s_ctx); - if (s_ssl == NULL) goto err; + s_ssl = SSL_new(s_ctx); + if (s_ssl == NULL) + goto err; - c_to_s=BIO_new(BIO_s_rtcp()); - s_to_c=BIO_new(BIO_s_rtcp()); - if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; + c_to_s = BIO_new(BIO_s_rtcp()); + s_to_c = BIO_new(BIO_s_rtcp()); + if ((s_to_c == NULL) + || (c_to_s == NULL)) goto err; /* original, DRM 24-SEP-1997 BIO_set_fd ( c_to_s, "", chan ); BIO_set_fd ( s_to_c, "", chan ); @@ -283,13 +295,14 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) BIO_set_fd ( c_to_s, 0, chan ); BIO_set_fd ( s_to_c, 0, chan ); - c_bio=BIO_new(BIO_f_ssl()); - s_bio=BIO_new(BIO_f_ssl()); - if ((c_bio == NULL) || (s_bio == NULL)) goto err; + c_bio = BIO_new(BIO_f_ssl()); + s_bio = BIO_new(BIO_f_ssl()); + if ((c_bio == NULL) + || (s_bio == NULL)) goto err; SSL_set_accept_state(s_ssl); - SSL_set_bio(s_ssl,c_to_s,s_to_c); - BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE); + SSL_set_bio(s_ssl, c_to_s, s_to_c); + BIO_set_ssl(s_bio, s_ssl, BIO_CLOSE); /* We can always do writes */ printf("Begin doit main loop\n"); @@ -300,59 +313,65 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) /* * Wait for remote end to request data action on A channel. */ - while ( link_state == 0 ) { - status = get ( chan, (char *) &msg, sizeof(msg), &length ); - if ( (status&1) == 0 ) { - printf("Error in main loop get: %d\n", status ); - link_state = 3; - break; - } - if ( length < RPC_HDR_SIZE ) { - printf("Error in main loop get size: %d\n", length ); - break; - link_state = 3; - } - if ( msg.channel != 'A' ) { - printf("Error in main loop, unexpected channel: %c\n", - msg.channel ); - break; - link_state = 3; - } - if ( msg.function == 'G' ) { - link_state = 1; - } else if ( msg.function == 'P' ) { - link_state = 2; /* write pending */ - } else if ( msg.function == 'X' ) { - link_state = 3; - } else { - link_state = 3; - } - } - if ( link_state == 1 ) { - i = BIO_read ( s_bio, msg.data, msg.length ); - if ( i < 0 ) link_state = 3; - else { - msg.channel = 'A'; - msg.function = 'C'; /* confirm */ - msg.length = i; - status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE ); - if ( (status&1) == 0 ) break; - link_state = 0; + while (link_state == 0 ) { + status = get ( chan, (char *) &msg, sizeof(msg), &length ); + if ((status&1) == 0 ) { + printf("Error in main loop get: %d\n", status ); + link_state = 3; + break; + } + if (length < RPC_HDR_SIZE ) { + printf("Error in main loop get size: %d\n", length ); + break; + link_state = 3; + } + if (msg.channel != 'A' ) { + printf("Error in main loop, unexpected channel: %c\n", + msg.channel ); + break; + link_state = 3; + } + if (msg.function == 'G' ) { + link_state = 1; + } else if (msg.function == 'P' ) { + link_state = 2; /* write pending */ + } else if (msg.function == 'X' ) { + link_state = 3; + } else { + link_state = 3; + } } - } else if ( link_state == 2 ) { - i = BIO_write ( s_bio, msg.data, msg.length ); - if ( i < 0 ) link_state = 3; - else { - msg.channel = 'A'; - msg.function = 'C'; /* confirm */ - msg.length = 0; - status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); - if ( (status&1) == 0 ) break; - link_state = 0; + if (link_state == 1 ) { + i = BIO_read ( s_bio, msg.data, msg.length ); + if (i < 0 ) + link_state = 3; + else { + msg.channel = 'A'; + msg.function = 'C'; + /* confirm */ + msg.length = i; + status = put ( chan, (char *) &msg, i + RPC_HDR_SIZE ); + if ((status&1) + == 0 ) break; + link_state = 0; + } + } else if (link_state == 2 ) { + i = BIO_write ( s_bio, msg.data, msg.length ); + if (i < 0 ) + link_state = 3; + else { + msg.channel = 'A'; + msg.function = 'C'; + /* confirm */ + msg.length = 0; + status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); + if ((status&1) + == 0 ) break; + link_state = 0; + } } - } } - fprintf(stdout,"DONE\n"); + fprintf(stdout, "DONE\n"); err: /* We have to set the BIO's to NULL otherwise they will be * free()ed twice. Once when th s_ssl is SSL_free()ed and @@ -361,12 +380,16 @@ err: * BIO structure and SSL_set_bio() and SSL_free() automatically * BIO_free non NULL entries. * You should not normally do this or be required to do this */ - s_ssl->rbio=NULL; - s_ssl->wbio=NULL; + s_ssl->rbio = NULL; + s_ssl->wbio = NULL; - if (c_to_s != NULL) BIO_free(c_to_s); - if (s_to_c != NULL) BIO_free(s_to_c); - if (c_bio != NULL) BIO_free(c_bio); - if (s_bio != NULL) BIO_free(s_bio); - return(0); + if (c_to_s != NULL) + BIO_free(c_to_s); + if (s_to_c != NULL) + BIO_free(s_to_c); + if (c_bio != NULL) + BIO_free(c_bio); + if (s_bio != NULL) + BIO_free(s_bio); + return (0); } diff --git a/lib/libssl/src/ssl/ssl_txt.c b/lib/libssl/src/ssl/ssl_txt.c index 6479d52c0cc..5186e396ecd 100644 --- a/lib/libssl/src/ssl/ssl_txt.c +++ b/lib/libssl/src/ssl/ssl_txt.c @@ -87,30 +87,33 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) - { +int +SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) +{ BIO *b; int ret; - if ((b=BIO_new(BIO_s_file_internal())) == NULL) - { - SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=SSL_SESSION_print(b,x); - BIO_free(b); - return(ret); + if ((b = BIO_new(BIO_s_file_internal())) == NULL) { + SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); + return (0); } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = SSL_SESSION_print(b, x); + BIO_free(b); + return (ret); +} #endif -int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) - { +int +SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) +{ unsigned int i; const char *s; - if (x == NULL) goto err; - if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; + if (x == NULL) + goto err; + if (BIO_puts(bp, "SSL-Session:\n") + <= 0) goto err; if (x->ssl_version == SSL2_VERSION) s="SSLv2"; else if (x->ssl_version == SSL3_VERSION) @@ -127,122 +130,122 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) s="DTLSv1-bad"; else s="unknown"; - if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; + if (BIO_printf(bp, " Protocol : %s\n", s) + <= 0) goto err; - if (x->cipher == NULL) - { - if (((x->cipher_id) & 0xff000000) == 0x02000000) - { - if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) + if (x->cipher == NULL) { + if (((x->cipher_id) & 0xff000000) == 0x02000000) { + if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) goto err; - } - else - { - if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) + } else { + if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) goto err; - } } - else - { - if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) + } else { + if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) goto err; - } - if (BIO_puts(bp," Session-ID: ") <= 0) goto err; - for (i=0; i<x->session_id_length; i++) - { - if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; - for (i=0; i<x->sid_ctx_length; i++) - { - if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) + } + if (BIO_puts(bp, " Session-ID: ") + <= 0) goto err; + for (i = 0; i < x->session_id_length; i++) { + if (BIO_printf(bp, "%02X", x->session_id[i]) + <= 0) goto err; + } + if (BIO_puts(bp, "\n Session-ID-ctx: ") + <= 0) goto err; + for (i = 0; i < x->sid_ctx_length; i++) { + if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; - for (i=0; i<(unsigned int)x->master_key_length; i++) - { - if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; - if (x->key_arg_length == 0) - { - if (BIO_puts(bp,"None") <= 0) goto err; - } - else - for (i=0; i<x->key_arg_length; i++) - { - if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; - } + } + if (BIO_puts(bp, "\n Master-Key: ") + <= 0) goto err; + for (i = 0; i < (unsigned int)x->master_key_length; i++) { + if (BIO_printf(bp, "%02X", x->master_key[i]) + <= 0) goto err; + } + if (BIO_puts(bp, "\n Key-Arg : ") + <= 0) goto err; + if (x->key_arg_length == 0) { + if (BIO_puts(bp, "None") + <= 0) goto err; + } else + for (i = 0; i < x->key_arg_length; i++) { + if (BIO_printf(bp, "%02X", x->key_arg[i]) + <= 0) goto err; + } #ifndef OPENSSL_NO_KRB5 - if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; - if (x->krb5_client_princ_len == 0) - { - if (BIO_puts(bp,"None") <= 0) goto err; - } - else - for (i=0; i<x->krb5_client_princ_len; i++) - { - if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; - } + if (BIO_puts(bp, "\n Krb5 Principal: ") + <= 0) goto err; + if (x->krb5_client_princ_len == 0) { + if (BIO_puts(bp, "None") + <= 0) goto err; + } else + for (i = 0; i < x->krb5_client_princ_len; i++) { + if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) + <= 0) goto err; + } #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK - if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; - if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; + if (BIO_puts(bp, "\n PSK identity: ") + <= 0) goto err; + if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") + <= 0) goto err; + if (BIO_puts(bp, "\n PSK identity hint: ") + <= 0) goto err; + if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") + <= 0) goto err; #endif #ifndef OPENSSL_NO_SRP - if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; + if (BIO_puts(bp, "\n SRP username: ") + <= 0) goto err; + if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") + <= 0) goto err; #endif #ifndef OPENSSL_NO_TLSEXT - if (x->tlsext_tick_lifetime_hint) - { + if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", - x->tlsext_tick_lifetime_hint) <=0) - goto err; - } - if (x->tlsext_tick) - { - if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; + x->tlsext_tick_lifetime_hint) <=0) + goto err; + } + if (x->tlsext_tick) { + if (BIO_puts(bp, "\n TLS session ticket:\n") + <= 0) goto err; if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) goto err; - } + } #endif #ifndef OPENSSL_NO_COMP - if (x->compress_meth != 0) - { + if (x->compress_meth != 0) { SSL_COMP *comp = NULL; - ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); - if (comp == NULL) - { - if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; + ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp); + if (comp == NULL) { + if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) + <= 0) goto err; + } else { + if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0) goto err; } - else - { - if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; - } - } + } #endif - if (x->time != 0L) - { - if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; - } - if (x->timeout != 0L) - { - if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; + if (x->time != 0L) { + if (BIO_printf(bp, "\n Start Time: %ld", x->time) + <= 0) goto err; + } + if (x->timeout != 0L) { + if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; } - if (BIO_puts(bp,"\n") <= 0) goto err; + if (BIO_puts(bp, "\n") + <= 0) goto err; - if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; + if (BIO_puts(bp, " Verify return code: ") + <= 0) goto err; if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; - - return(1); + + return (1); err: - return(0); - } + return (0); +} |