I missed on the first go around.
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* For TLS, cert_req is set to 2, so a cert chain
* of nothing is sent, but no verify packet is sent
*/
- /*
- * XXX: For now, we do not support client
+ /*
+ * XXX: For now, we do not support client
* authentication in ECDH cipher suites with
* ECDH (rather than ECDSA) certificates.
- * We need to skip the certificate verify
- * message when client's ECDH public key is sent
+ * We need to skip the certificate verify
+ * message when client's ECDH public key is sent
* inside the client certificate.
*/
if (s->s3->tmp.cert_req == 1) {
/* Do the message type and length last */
d = p = &(buf[4]);
- /*
+ /*
* Version indicates the negotiated version: for example from
* an SSLv2/v3 compatible client hello). The client_version
* field is the maximum version we permit and it is also
if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
s->s3->tmp.reuse_message = 1;
- return 1;
+ return (1);
}
else /* already sent a cookie */
{
p += i;
n -= param_len;
- /*
+ /*
* This should be because we are using an
* export cipher
*/
* There are two ways to detect a resumed ticket sesion.
* One is to set an appropriate session ID and then the server
* must return a match in ServerHello. This allows the normal
- * client session ID matching to work and we know much
+ * client session ID matching to work and we know much
* earlier that the ticket has been accepted.
- *
+ *
* The other way is to set zero length session ID when the
* ticket is presented and rely on the handshake to determine
* session resumption.
* assumptions elsewhere in OpenSSL. The session ID is set
* to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
* ticket.
- */
+ */
EVP_Digest(p, ticklen, s->session->session_id,
&s->session->session_id_length, EVP_sha256(), NULL);
ret = 1;
unsigned long resplen, n;
const unsigned char *p;
- n = s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_STATUS_A,
- SSL3_ST_CR_CERT_STATUS_B,
- SSL3_MT_CERTIFICATE_STATUS,
- 16384,
- &ok);
+ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
+ SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
+ 16384, &ok);
if (!ok)
return ((int)n);
goto f_err;
}
}
- return 1;
+ return (1);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_SERVER_DONE,
SSL_R_LENGTH_MISMATCH);
- return -1;
+ return (-1);
}
ret = 1;
return (ret);
s->session->master_key_length =
s->method->ssl3_enc->generate_master_secret(
- s, s->session->master_key, tmp_buf,
- sizeof tmp_buf);
+ s, s->session->master_key, tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
#ifndef OPENSSL_NO_KRB5
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
+ EVP_MAX_IV_LENGTH];
- int padl, outl = sizeof(epms);
+ int padl, outl = sizeof(epms);
EVP_CIPHER_CTX_init(&ciph_ctx);
goto err;
}
- /*
+ /*
* 20010406 VRS - Earlier versions used KRB5 AP_REQ
* in place of RFC 2712 KerberosWrapper, as in:
*
* Send ticket (copy to *p, set n = length)
* n = krb5_ap_req.length;
* memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- * if (krb5_ap_req.data)
+ * if (krb5_ap_req.data)
* kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
*
* Now using real RFC 2712 KerberosWrapper
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
*/
if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
(s->cert != NULL)) {
- /*
+ /*
* XXX: For now, we do not support client
* authentication using ECDH certificates.
* To add such support, one needs to add
- * code that checks for appropriate
+ * code that checks for appropriate
* conditions and sets ecdh_clnt_cert to 1.
* For example, the cert have an ECC
* key on the same curve as the server's
/* generate master key from the result */
s->session->master_key_length = s->method->ssl3_enc \
- -> generate_master_secret(s,
+ -> generate_master_secret(s,
s->session->master_key, p, n);
memset(p, 0, n); /* clean up */
} else {
ERR_clear_error();
}
- /*
+ /*
* For TLS v1.2 send signature algorithm and signature
* using agreed digest and cached handshake records.
*/
/* We need to get a client cert */
if (s->state == SSL3_ST_CW_CERT_B) {
- /* If we get an error, we need to
+ /*
+ * If we get an error, we need to
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later
+ * We then get retied later
*/
i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0) {
SSL_R_BAD_ECC_CERT);
goto f_err;
} else {
- return 1;
+ return (1);
}
}
#endif
s->init_off = 0;
}
- return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
/* If we have no ticket it cannot be a resumed session. */
if (!s->session->tlsext_tick)
- return 1;
+ return (1);
/* this function is called when we really expect a Certificate
* message, so permit appropriate message length */
n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
s->s3->tmp.reuse_message = 1;
if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
(s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
- return 2;
+ return (2);
- return 1;
+ return (1);
}
#endif
SSL_get_client_CA_list(s),
px509, ppkey, NULL, NULL, NULL);
if (i != 0)
- return i;
+ return (i);
}
#endif
if (s->ctx->client_cert_cb)
i = s->ctx->client_cert_cb(s, px509, ppkey);
- return i;
+ return (i};
}
break;
case SSL_CTRL_NEED_TMP_RSA:
if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
- ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
- > (512 / 8))))
+ ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+ (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
+ > (512 / 8))))
ret = 1;
break;
case SSL_CTRL_SET_TMP_RSA:
}
if (s->tlsext_opaque_prf_input != NULL)
free(s->tlsext_opaque_prf_input);
- if ((size_t)larg == 0)
- s->tlsext_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
- else
- s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
+ if ((size_t)larg == 0) {
+ /* dummy byte just to get non-NULL */
+ s->tlsext_opaque_prf_input = malloc(1);
+ } else
+ s->tlsext_opaque_prf_input =
+ BUF_memdup(parg, (size_t)larg);
if (s->tlsext_opaque_prf_input != NULL) {
s->tlsext_opaque_prf_input_len = (size_t)larg;
ret = 1;
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
if (s->srp_ctx.login == NULL) {
- /* RFC 5054 says SHOULD reject,
- we do so if There is no srp login name */
+ /*
+ * RFC 5054 says SHOULD reject,
+ * we do so if There is no srp login name
+ */
ret = SSL3_AL_FATAL;
*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
} else {
ret = SSL_srp_server_param_with_username(s, al);
}
}
- return ret;
+ return (ret);
}
#endif
SSL_clear(s);
if (s->cert == NULL) {
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ SSL_R_NO_CERTIFICATE_SET);
return (-1);
}
cb(s, SSL_CB_HANDSHAKE_START, 1);
if ((s->version >> 8) != 3) {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ ERR_R_INTERNAL_ERROR);
+ return (-1);
}
s->type = SSL_ST_ACCEPT;
{
int al;
if ((ret =
- ssl_check_srp_ext_ClientHello(s, &al))
+ ssl_check_srp_ext_ClientHello(s, &al))
< 0) {
/*
* Callback indicates further work to
s->state = SSL3_ST_SW_SRVR_DONE_A;
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
} else {
s->s3->tmp.cert_request = 1;
ret = ssl3_send_certificate_request(s);
if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_SSL3_ACCEPT,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
} else {
int offset = 0;
int dgst_num;
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
- /*
+ /*
* We need to get hashes here so if there is
* a client cert, it can be verified
* FIXME - digest processing for
*/
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
dgst_num++)
if (s->s3->handshake_dgst[dgst_num]) {
/* break; */
default:
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ SSL_R_UNKNOWN_STATE);
ret = -1;
goto end;
/* break; */
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
SSL_R_MULTIPLE_SGC_RESTARTS);
- return -1;
+ return (-1);
}
/*
* Throw away what we have done so far in the current handshake,
}
#endif
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
- return 2;
+ return (2);
}
- return 1;
+ return (1);
}
int
if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
(s->version != DTLS1_VERSION && s->client_version < s->version)) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_WRONG_VERSION_NUMBER);
if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
!s->enc_write_ctx && !s->write_hash) {
/*
cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
if (cookie_length == 0)
- return 1;
+ return (1);
}
/* load the client random */
/* cookie stuff */
cookie_len = *(p++);
- /*
+ /*
* The ClientHello may contain a cookie even if the
* HelloVerify message has not been sent--make sure that it
* does not cause an overflow.
if ((i == 0) && (j != 0)) {
/* we need a cipher if we are not resuming a session */
al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
if ((p + i) >= (d + n)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
goto f_err;
}
if ((i > 0) &&
if ((p + i) > (d + n)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
goto f_err;
}
q = p;
}
}
if (ssl_check_clienthello_tlsext_early(s) <= 0) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
}
/*
- * We now have the following setup.
+ * We now have the following setup.
* client_random
* cipher_list - our prefered list of ciphers
* ciphers - the clients prefered list of ciphers
#ifdef OPENSSL_NO_TLSEXT
p = s->s3->server_random;
if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
- return -1;
+ return (-1);
#endif
/* Do the message type and length last */
d = p= &(buf[4]);
if (sl > (int)sizeof(s->session->session_id)) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
*(p++) = sl;
memcpy(p, s->session->session_id, sl);
if (ssl_prepare_serverhello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
SSL_R_SERVERHELLO_TLSEXT);
- return -1;
+ return (-1);
}
if ((p = ssl_add_serverhello_tlsext(s, p,
buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
#endif
/* do the header */
goto err;
}
- /*
+ /*
* XXX: For now, we only support ephemeral ECDH
- * keys over named (not generic) curves. For
+ * keys over named (not generic) curves. For
* supported named curves, curve_id is non-zero.
*/
if ((curve_id = tls1_ec_nid2curve_id(
goto err;
}
- /*
+ /*
* Encode the public key.
* First check the size of encoding and
* allocate memory accordingly.
BN_CTX_free(bn_ctx);
bn_ctx = NULL;
- /*
- * XXX: For now, we only support named (not
+ /*
+ * XXX: For now, we only support named (not
* generic) curves in ECDH ephemeral key exchanges.
* In this situation, we need four additional bytes
* to encode the entire ServerECDHParams
- * structure.
+ * structure.
*/
n = 4 + encodedlen;
if (type & SSL_kSRP) {
if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
(s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_SRP_PARAM);
goto err;
}
r[0] = s->srp_ctx.N;
#endif
{
al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
}
for (i = 0; i < 4 && r[i] != NULL; i++) {
n += u + 2;
} else
if (md) {
- /*
+ /*
* For TLS1.2 and later send signature
* algorithm
*/
}
if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ krb5rc);
goto err;
}
* instead of the protocol version.
*
* If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
- * clients.
+ * clients.
* (Perhaps we should have a separate BUG value for
* the Kerberos cipher)
*/
}
- /*
+ /*
* Was doing kssl_ctx_free() here, but it caused problems for
* apache.
* kssl_ctx = kssl_ctx_free(kssl_ctx);
if (((clnt_pub_pkey = X509_get_pubkey(
s->session->peer)) == NULL) ||
(clnt_pub_pkey->type != EVP_PKEY_EC)) {
- /*
+ /*
* XXX: For now, we do not support client
* authentication using ECDH certificates
* so this branch (n == 0L) of the code is
* never executed. When that support is
- * added, we ought to ensure the key
- * received in the certificate is
+ * added, we ought to ensure the key
+ * received in the certificate is
* authorized for key agreement.
* ECDH_compute_key implicitly checks that
* the two ECDH shares are for the same
/*
* p is pointing to somewhere in the buffer
* currently, so set it to the start.
- */
+ */
p = (unsigned char *)s->init_buf->data;
}
EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
if (ret)
- return ret;
+ return (ret);
else
goto err;
} else {
p = (unsigned char *)s->init_msg;
/*
* Check for broken implementations of GOST ciphersuites.
- *
+ *
* If key is GOST and n is exactly 64, it is a bare
* signature without length field.
*/
}
j = EVP_PKEY_size(pkey);
if ((i > j) || (n > j) || (n <= 0)) {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
#endif
if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
!EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_BAD_SIGNATURE);
goto f_err;
}
} else
goto f_err;
}
} else {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ ERR_R_INTERNAL_ERROR);
al = SSL_AD_UNSUPPORTED_CERTIFICATE;
goto f_err;
}
* too long
*/
if (slen_full > 0xFF00)
- return -1;
+ return (-1);
senc = malloc(slen_full);
if (!senc)
- return -1;
+ return (-1);
p = senc;
i2d_SSL_SESSION(s->session, &p);
sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
if (sess == NULL) {
free(senc);
- return -1;
+ return (-1);
}
/* ID is irrelevant for the ticket */
if (slen > slen_full) {
/* shouldn't ever happen */
free(senc);
- return -1;
+ return (-1);
}
p = senc;
i2d_SSL_SESSION(sess, &p);
SSL_SESSION_free(sess);
- /*
+ /*
* Grow buffer if need be: the length calculation is as
* follows 1 (size of message name) + 3 (message length
* bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
if (!BUF_MEM_grow(s->init_buf,
26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
EVP_MAX_MD_SIZE + slen))
- return -1;
+ return (-1);
p = (unsigned char *)s->init_buf->data;
/* do the header */
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
&hctx, 1) < 0) {
free(senc);
- return -1;
+ return (-1);
}
} else {
RAND_pseudo_bytes(iv, 16);
* + (ocsp response)
*/
if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
- return -1;
+ return (-1);
p = (unsigned char *)s->init_buf->data;
if (!s->s3->next_proto_neg_seen) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
- return -1;
+ return (-1);
}
n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
if (!s->s3->change_cipher_spec) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
- return -1;
+ return (-1);
}
if (n < 2)
- return 0;
+ return (0);
/* The body must be > 1 bytes long */
p = (unsigned char *)s->init_msg;
*/
proto_len = p[0];
if (proto_len + 2 > s->init_num)
- return 0;
+ return (0);
padding_len = p[proto_len + 1];
if (proto_len + padding_len + 2 != s->init_num)
- return 0;
+ return (0);
s->next_proto_negotiated = malloc(proto_len);
if (!s->next_proto_negotiated) {
- SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
- return 0;
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
+ ERR_R_MALLOC_FAILURE);
+ return (0);
}
memcpy(s->next_proto_negotiated, p + 1, proto_len);
s->next_proto_negotiated_len = proto_len;
- return 1;
+ return (1);
}
# endif
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* For TLS, cert_req is set to 2, so a cert chain
* of nothing is sent, but no verify packet is sent
*/
- /*
- * XXX: For now, we do not support client
+ /*
+ * XXX: For now, we do not support client
* authentication in ECDH cipher suites with
* ECDH (rather than ECDSA) certificates.
- * We need to skip the certificate verify
- * message when client's ECDH public key is sent
+ * We need to skip the certificate verify
+ * message when client's ECDH public key is sent
* inside the client certificate.
*/
if (s->s3->tmp.cert_req == 1) {
/* Do the message type and length last */
d = p = &(buf[4]);
- /*
+ /*
* Version indicates the negotiated version: for example from
* an SSLv2/v3 compatible client hello). The client_version
* field is the maximum version we permit and it is also
if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
s->s3->tmp.reuse_message = 1;
- return 1;
+ return (1);
}
else /* already sent a cookie */
{
p += i;
n -= param_len;
- /*
+ /*
* This should be because we are using an
* export cipher
*/
* There are two ways to detect a resumed ticket sesion.
* One is to set an appropriate session ID and then the server
* must return a match in ServerHello. This allows the normal
- * client session ID matching to work and we know much
+ * client session ID matching to work and we know much
* earlier that the ticket has been accepted.
- *
+ *
* The other way is to set zero length session ID when the
* ticket is presented and rely on the handshake to determine
* session resumption.
* assumptions elsewhere in OpenSSL. The session ID is set
* to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
* ticket.
- */
+ */
EVP_Digest(p, ticklen, s->session->session_id,
&s->session->session_id_length, EVP_sha256(), NULL);
ret = 1;
unsigned long resplen, n;
const unsigned char *p;
- n = s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_STATUS_A,
- SSL3_ST_CR_CERT_STATUS_B,
- SSL3_MT_CERTIFICATE_STATUS,
- 16384,
- &ok);
+ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
+ SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
+ 16384, &ok);
if (!ok)
return ((int)n);
goto f_err;
}
}
- return 1;
+ return (1);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_SERVER_DONE,
SSL_R_LENGTH_MISMATCH);
- return -1;
+ return (-1);
}
ret = 1;
return (ret);
s->session->master_key_length =
s->method->ssl3_enc->generate_master_secret(
- s, s->session->master_key, tmp_buf,
- sizeof tmp_buf);
+ s, s->session->master_key, tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
#ifndef OPENSSL_NO_KRB5
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
+ EVP_MAX_IV_LENGTH];
- int padl, outl = sizeof(epms);
+ int padl, outl = sizeof(epms);
EVP_CIPHER_CTX_init(&ciph_ctx);
goto err;
}
- /*
+ /*
* 20010406 VRS - Earlier versions used KRB5 AP_REQ
* in place of RFC 2712 KerberosWrapper, as in:
*
* Send ticket (copy to *p, set n = length)
* n = krb5_ap_req.length;
* memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- * if (krb5_ap_req.data)
+ * if (krb5_ap_req.data)
* kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
*
* Now using real RFC 2712 KerberosWrapper
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
*/
if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
(s->cert != NULL)) {
- /*
+ /*
* XXX: For now, we do not support client
* authentication using ECDH certificates.
* To add such support, one needs to add
- * code that checks for appropriate
+ * code that checks for appropriate
* conditions and sets ecdh_clnt_cert to 1.
* For example, the cert have an ECC
* key on the same curve as the server's
/* generate master key from the result */
s->session->master_key_length = s->method->ssl3_enc \
- -> generate_master_secret(s,
+ -> generate_master_secret(s,
s->session->master_key, p, n);
memset(p, 0, n); /* clean up */
} else {
ERR_clear_error();
}
- /*
+ /*
* For TLS v1.2 send signature algorithm and signature
* using agreed digest and cached handshake records.
*/
/* We need to get a client cert */
if (s->state == SSL3_ST_CW_CERT_B) {
- /* If we get an error, we need to
+ /*
+ * If we get an error, we need to
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later
+ * We then get retied later
*/
i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0) {
SSL_R_BAD_ECC_CERT);
goto f_err;
} else {
- return 1;
+ return (1);
}
}
#endif
s->init_off = 0;
}
- return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
/* If we have no ticket it cannot be a resumed session. */
if (!s->session->tlsext_tick)
- return 1;
+ return (1);
/* this function is called when we really expect a Certificate
* message, so permit appropriate message length */
n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
s->s3->tmp.reuse_message = 1;
if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
(s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
- return 2;
+ return (2);
- return 1;
+ return (1);
}
#endif
SSL_get_client_CA_list(s),
px509, ppkey, NULL, NULL, NULL);
if (i != 0)
- return i;
+ return (i);
}
#endif
if (s->ctx->client_cert_cb)
i = s->ctx->client_cert_cb(s, px509, ppkey);
- return i;
+ return (i};
}
break;
case SSL_CTRL_NEED_TMP_RSA:
if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
- ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
- > (512 / 8))))
+ ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+ (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
+ > (512 / 8))))
ret = 1;
break;
case SSL_CTRL_SET_TMP_RSA:
}
if (s->tlsext_opaque_prf_input != NULL)
free(s->tlsext_opaque_prf_input);
- if ((size_t)larg == 0)
- s->tlsext_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
- else
- s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
+ if ((size_t)larg == 0) {
+ /* dummy byte just to get non-NULL */
+ s->tlsext_opaque_prf_input = malloc(1);
+ } else
+ s->tlsext_opaque_prf_input =
+ BUF_memdup(parg, (size_t)larg);
if (s->tlsext_opaque_prf_input != NULL) {
s->tlsext_opaque_prf_input_len = (size_t)larg;
ret = 1;
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
if (s->srp_ctx.login == NULL) {
- /* RFC 5054 says SHOULD reject,
- we do so if There is no srp login name */
+ /*
+ * RFC 5054 says SHOULD reject,
+ * we do so if There is no srp login name
+ */
ret = SSL3_AL_FATAL;
*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
} else {
ret = SSL_srp_server_param_with_username(s, al);
}
}
- return ret;
+ return (ret);
}
#endif
SSL_clear(s);
if (s->cert == NULL) {
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ SSL_R_NO_CERTIFICATE_SET);
return (-1);
}
cb(s, SSL_CB_HANDSHAKE_START, 1);
if ((s->version >> 8) != 3) {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ ERR_R_INTERNAL_ERROR);
+ return (-1);
}
s->type = SSL_ST_ACCEPT;
{
int al;
if ((ret =
- ssl_check_srp_ext_ClientHello(s, &al))
+ ssl_check_srp_ext_ClientHello(s, &al))
< 0) {
/*
* Callback indicates further work to
s->state = SSL3_ST_SW_SRVR_DONE_A;
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
} else {
s->s3->tmp.cert_request = 1;
ret = ssl3_send_certificate_request(s);
if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_SSL3_ACCEPT,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
} else {
int offset = 0;
int dgst_num;
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
- /*
+ /*
* We need to get hashes here so if there is
* a client cert, it can be verified
* FIXME - digest processing for
*/
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
- return -1;
+ return (-1);
for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
dgst_num++)
if (s->s3->handshake_dgst[dgst_num]) {
/* break; */
default:
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ SSL_R_UNKNOWN_STATE);
ret = -1;
goto end;
/* break; */
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
SSL_R_MULTIPLE_SGC_RESTARTS);
- return -1;
+ return (-1);
}
/*
* Throw away what we have done so far in the current handshake,
}
#endif
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
- return 2;
+ return (2);
}
- return 1;
+ return (1);
}
int
if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
(s->version != DTLS1_VERSION && s->client_version < s->version)) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_WRONG_VERSION_NUMBER);
if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
!s->enc_write_ctx && !s->write_hash) {
/*
cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
if (cookie_length == 0)
- return 1;
+ return (1);
}
/* load the client random */
/* cookie stuff */
cookie_len = *(p++);
- /*
+ /*
* The ClientHello may contain a cookie even if the
* HelloVerify message has not been sent--make sure that it
* does not cause an overflow.
if ((i == 0) && (j != 0)) {
/* we need a cipher if we are not resuming a session */
al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
if ((p + i) >= (d + n)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
goto f_err;
}
if ((i > 0) &&
if ((p + i) > (d + n)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
goto f_err;
}
q = p;
}
}
if (ssl_check_clienthello_tlsext_early(s) <= 0) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
}
/*
- * We now have the following setup.
+ * We now have the following setup.
* client_random
* cipher_list - our prefered list of ciphers
* ciphers - the clients prefered list of ciphers
#ifdef OPENSSL_NO_TLSEXT
p = s->s3->server_random;
if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
- return -1;
+ return (-1);
#endif
/* Do the message type and length last */
d = p= &(buf[4]);
if (sl > (int)sizeof(s->session->session_id)) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
*(p++) = sl;
memcpy(p, s->session->session_id, sl);
if (ssl_prepare_serverhello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
SSL_R_SERVERHELLO_TLSEXT);
- return -1;
+ return (-1);
}
if ((p = ssl_add_serverhello_tlsext(s, p,
buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
ERR_R_INTERNAL_ERROR);
- return -1;
+ return (-1);
}
#endif
/* do the header */
goto err;
}
- /*
+ /*
* XXX: For now, we only support ephemeral ECDH
- * keys over named (not generic) curves. For
+ * keys over named (not generic) curves. For
* supported named curves, curve_id is non-zero.
*/
if ((curve_id = tls1_ec_nid2curve_id(
goto err;
}
- /*
+ /*
* Encode the public key.
* First check the size of encoding and
* allocate memory accordingly.
BN_CTX_free(bn_ctx);
bn_ctx = NULL;
- /*
- * XXX: For now, we only support named (not
+ /*
+ * XXX: For now, we only support named (not
* generic) curves in ECDH ephemeral key exchanges.
* In this situation, we need four additional bytes
* to encode the entire ServerECDHParams
- * structure.
+ * structure.
*/
n = 4 + encodedlen;
if (type & SSL_kSRP) {
if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
(s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_SRP_PARAM);
goto err;
}
r[0] = s->srp_ctx.N;
#endif
{
al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
}
for (i = 0; i < 4 && r[i] != NULL; i++) {
n += u + 2;
} else
if (md) {
- /*
+ /*
* For TLS1.2 and later send signature
* algorithm
*/
}
if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ krb5rc);
goto err;
}
* instead of the protocol version.
*
* If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
- * clients.
+ * clients.
* (Perhaps we should have a separate BUG value for
* the Kerberos cipher)
*/
}
- /*
+ /*
* Was doing kssl_ctx_free() here, but it caused problems for
* apache.
* kssl_ctx = kssl_ctx_free(kssl_ctx);
if (((clnt_pub_pkey = X509_get_pubkey(
s->session->peer)) == NULL) ||
(clnt_pub_pkey->type != EVP_PKEY_EC)) {
- /*
+ /*
* XXX: For now, we do not support client
* authentication using ECDH certificates
* so this branch (n == 0L) of the code is
* never executed. When that support is
- * added, we ought to ensure the key
- * received in the certificate is
+ * added, we ought to ensure the key
+ * received in the certificate is
* authorized for key agreement.
* ECDH_compute_key implicitly checks that
* the two ECDH shares are for the same
/*
* p is pointing to somewhere in the buffer
* currently, so set it to the start.
- */
+ */
p = (unsigned char *)s->init_buf->data;
}
EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
if (ret)
- return ret;
+ return (ret);
else
goto err;
} else {
p = (unsigned char *)s->init_msg;
/*
* Check for broken implementations of GOST ciphersuites.
- *
+ *
* If key is GOST and n is exactly 64, it is a bare
* signature without length field.
*/
}
j = EVP_PKEY_size(pkey);
if ((i > j) || (n > j) || (n <= 0)) {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
#endif
if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
!EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_BAD_SIGNATURE);
goto f_err;
}
} else
goto f_err;
}
} else {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ ERR_R_INTERNAL_ERROR);
al = SSL_AD_UNSUPPORTED_CERTIFICATE;
goto f_err;
}
* too long
*/
if (slen_full > 0xFF00)
- return -1;
+ return (-1);
senc = malloc(slen_full);
if (!senc)
- return -1;
+ return (-1);
p = senc;
i2d_SSL_SESSION(s->session, &p);
sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
if (sess == NULL) {
free(senc);
- return -1;
+ return (-1);
}
/* ID is irrelevant for the ticket */
if (slen > slen_full) {
/* shouldn't ever happen */
free(senc);
- return -1;
+ return (-1);
}
p = senc;
i2d_SSL_SESSION(sess, &p);
SSL_SESSION_free(sess);
- /*
+ /*
* Grow buffer if need be: the length calculation is as
* follows 1 (size of message name) + 3 (message length
* bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
if (!BUF_MEM_grow(s->init_buf,
26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
EVP_MAX_MD_SIZE + slen))
- return -1;
+ return (-1);
p = (unsigned char *)s->init_buf->data;
/* do the header */
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
&hctx, 1) < 0) {
free(senc);
- return -1;
+ return (-1);
}
} else {
RAND_pseudo_bytes(iv, 16);
* + (ocsp response)
*/
if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
- return -1;
+ return (-1);
p = (unsigned char *)s->init_buf->data;
if (!s->s3->next_proto_neg_seen) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
- return -1;
+ return (-1);
}
n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
if (!s->s3->change_cipher_spec) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
- return -1;
+ return (-1);
}
if (n < 2)
- return 0;
+ return (0);
/* The body must be > 1 bytes long */
p = (unsigned char *)s->init_msg;
*/
proto_len = p[0];
if (proto_len + 2 > s->init_num)
- return 0;
+ return (0);
padding_len = p[proto_len + 1];
if (proto_len + padding_len + 2 != s->init_num)
- return 0;
+ return (0);
s->next_proto_negotiated = malloc(proto_len);
if (!s->next_proto_negotiated) {
- SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
- return 0;
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
+ ERR_R_MALLOC_FAILURE);
+ return (0);
}
memcpy(s->next_proto_negotiated, p + 1, proto_len);
s->next_proto_negotiated_len = proto_len;
- return 1;
+ return (1);
}
# endif
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
+ * ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
/* ====================================================================
if (s->renegotiate) {
SSLerr(SSL_F_SSL_CLEAR,
ERR_R_INTERNAL_ERROR);
- return 0;
+ return (0);
}
s->type = 0;
if (sid_ctx_len > sizeof ctx->sid_ctx) {
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
+ return (0);
}
ctx->sid_ctx_length = sid_ctx_len;
memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
- return 1;
+ return (1);
}
int
{
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
- SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return (0);
}
ssl->sid_ctx_length = sid_ctx_len;
memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
- return 1;
+ return (1);
}
int
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
ctx->generate_session_id = cb;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return 1;
+ return (1);
}
int
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
ssl->generate_session_id = cb;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- return 1;
+ return (1);
}
int
SSL_SESSION r, *p;
if (id_len > sizeof r.session_id)
- return 0;
+ return (0);
r.ssl_version = ssl->version;
r.session_id_length = id_len;
int
SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+ return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
}
int
SSL_set_purpose(SSL *s, int purpose)
{
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+ return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
}
int
SSL_CTX_set_trust(SSL_CTX *s, int trust)
{
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
+ return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_set_trust(SSL *s, int trust)
{
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
+ return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
{
- return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+ return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
}
int
SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
{
- return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+ return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
}
void
count = ret;
memcpy(buf, s->s3->tmp.finish_md, count);
}
- return ret;
+ return (ret);
}
/* return length of latest Finished message we expected, copy to 'buf' */
count = ret;
memcpy(buf, s->s3->tmp.peer_finish_md, count);
}
- return ret;
+ return (ret);
}
int
SSL_get_verify_depth(const SSL *s)
{
- return X509_VERIFY_PARAM_get_depth(s->param);
+ return (X509_VERIFY_PARAM_get_depth(s->param));
}
-int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
+int
+(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
{
return (s->verify_callback);
}
int
SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
- return X509_VERIFY_PARAM_get_depth(ctx->param);
+ return (X509_VERIFY_PARAM_get_depth(ctx->param));
}
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
if (ssl->cert == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
+ return (0);
}
if (ssl->cert->key->x509 == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_READ,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_PEEK,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_WRITE,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_SENT_SHUTDOWN) {
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_SHUTDOWN,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if ((s != NULL) && !SSL_in_init(s))
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
s->msg_callback_arg = parg;
- return 1;
+ return (1);
case SSL_CTRL_OPTIONS:
return (s->options|=larg);
case SSL_CTRL_SET_MTU:
#ifndef OPENSSL_NO_DTLS1
if (larg < (long)dtls1_min_mtu())
- return 0;
+ return (0);
#endif
if (SSL_version(s) == DTLS1_VERSION ||
SSL_version(s) == DTLS1_BAD_VER) {
s->d1->mtu = larg;
- return larg;
+ return (larg);
}
- return 0;
+ return (0);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
+ return (0);
s->max_send_fragment = larg;
- return 1;
+ return (1);
case SSL_CTRL_GET_RI_SUPPORT:
if (s->s3)
- return s->s3->send_connection_binding;
- else return 0;
+ return (s->s3->send_connection_binding);
+ else return (0);
default:
return (s->method->ssl_ctrl(s, cmd, larg, parg));
}
s->msg_callback = (void (*)(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl, void *arg))(fp);
- return 1;
+ return (1);
default:
return (s->method->ssl_callback_ctrl(s, cmd, fp));
LHASH_OF(SSL_SESSION) *
SSL_CTX_sessions(SSL_CTX *ctx)
{
- return ctx->sessions;
+ return (ctx->sessions);
}
long
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
ctx->msg_callback_arg = parg;
- return 1;
+ return (1);
case SSL_CTRL_GET_MAX_CERT_LIST:
return (ctx->max_cert_list);
return (ctx->mode&=~larg);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
+ return (0);
ctx->max_send_fragment = larg;
- return 1;
+ return (1);
default:
return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
}
ctx->msg_callback = (void (*)(int write_p, int version,
int content_type, const void *buf, size_t len, SSL *ssl,
void *arg))(fp);
- return 1;
+ return (1);
default:
return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
&ctx->cipher_list_by_id, str);
- /*
+ /*
* ssl_create_cipher_list may return an empty stack if it
* was unable to find a cipher matching the given rule string
* (for example if the rule string specifies a cipher which
* updated.
*/
if (sk == NULL)
- return 0;
+ return (0);
else if (sk_SSL_CIPHER_num(sk) == 0) {
SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
SSL_R_NO_CIPHER_MATCH);
- return 0;
+ return (0);
}
- return 1;
+ return (1);
}
/* Specify the ciphers to be used by the SSL. */
&s->cipher_list_by_id, str);
/* see comment in SSL_CTX_set_cipher_list */
if (sk == NULL)
- return 0;
+ return (0);
else if (sk_SSL_CIPHER_num(sk) == 0) {
SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
SSL_R_NO_CIPHER_MATCH);
- return 0;
+ return (0);
}
- return 1;
+ return (1);
}
/* works well for SSLv2, not so good for SSLv3 */
SSL_get_servername(const SSL *s, const int type)
{
if (type != TLSEXT_NAMETYPE_host_name)
- return NULL;
+ return (NULL);
- return s->session && !s->tlsext_hostname ?
+ return (s->session && !s->tlsext_hostname ?
s->session->tlsext_hostname :
- s->tlsext_hostname;
+ s->tlsext_hostname);
}
int
if (s->session &&
(!s->tlsext_hostname ?
s->session->tlsext_hostname : s->tlsext_hostname))
- return TLSEXT_NAMETYPE_host_name;
- return -1;
+ return (TLSEXT_NAMETYPE_host_name);
+ return (-1);
}
# ifndef OPENSSL_NO_NEXTPROTONEG
found:
*out = (unsigned char *) result + 1;
*outlen = result[0];
- return status;
+ return (status);
}
/*
int use_context)
{
if (s->version < TLS1_VERSION)
- return -1;
+ return (-1);
- return s->method->ssl3_enc->export_keying_material(s, out, olen,
- label, llen, p, plen, use_context);
+ return (s->method->ssl3_enc->export_keying_material(s, out, olen,
+ label, llen, p, plen, use_context));
}
static unsigned long
#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d "
+ "rs=%d ds=%d dhr=%d dhd=%d\n",
rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
#endif
/* ECDH key length in export ciphers must be <= 163 bits */
pkey = X509_get_pubkey(x);
if (pkey == NULL)
- return 0;
+ return (0);
keysize = EVP_PKEY_bits(pkey);
EVP_PKEY_free(pkey);
if (keysize > 163)
- return 0;
+ return (0);
}
/* This call populates the ex_flags field correctly */
if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
- return 0;
+ return (0);
}
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
TLS1_2_VERSION) {
if (pk_nid != NID_X9_62_id_ecPublicKey) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
- return 0;
+ return (0);
}
}
if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
- return 0;
+ return (0);
}
}
}
if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_SIGNING);
- return 0;
+ return (0);
}
}
- return 1;
+ return (1);
/* all checks are ok */
}
return (NULL);
}
- return c->pkeys + i;
+ return (c->pkeys + i);
}
X509 *
cpk = ssl_get_server_send_pkey(s);
if (!cpk)
- return NULL;
- return cpk->x509;
+ return (NULL);
+ return (cpk->x509);
}
EVP_PKEY *
}
if (pmd)
*pmd = c->pkeys[idx].digest;
- return c->pkeys[idx].privatekey;
+ return (c->pkeys[idx].privatekey);
}
void
else if (reason == BIO_RR_ACCEPT)
return (SSL_ERROR_WANT_ACCEPT);
else
- return(SSL_ERROR_SYSCALL); /* unknown */
+ return (SSL_ERROR_SYSCALL); /* unknown */
}
}
bio = SSL_get_wbio(s);
if (BIO_should_write(bio))
return (SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
- return (SSL_ERROR_WANT_READ);
+ else if (BIO_should_read(bio)) {
/*
* See above (SSL_want_read(s) with
* BIO_should_write(bio))
*/
- else if (BIO_should_io_special(bio)) {
+ return (SSL_ERROR_WANT_READ);
+ } else if (BIO_should_io_special(bio)) {
reason = BIO_get_retry_reason(bio);
if (reason == BIO_RR_CONNECT)
return (SSL_ERROR_WANT_CONNECT);
return (ret);
}
-/*
+/*
* For the next 2 functions, SSL_clear() sets shutdown and so
* one of these calls will reset it
*/
SSL_get_version(const SSL *s)
{
if (s->version == TLS1_2_VERSION)
- return("TLSv1.2");
+ return ("TLSv1.2");
else if (s->version == TLS1_1_VERSION)
- return("TLSv1.1");
+ return ("TLSv1.1");
else if (s->version == TLS1_VERSION)
- return("TLSv1");
+ return ("TLSv1");
else if (s->version == SSL3_VERSION)
- return("SSLv3");
+ return ("SSLv3");
else
- return("unknown");
+ return ("unknown");
}
SSL *
ret->quiet_shutdown = s->quiet_shutdown;
ret->shutdown = s->shutdown;
/* SSL_dup does not really work at any state, though */
- ret->state=s->state;
+ ret->state=s->state;
ret->rstate = s->rstate;
/*
* Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
* ret->init_off
*/
- ret->init_num = 0;
+ ret->init_num = 0;
ret->hit = s->hit;
sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
goto err;
}
- if (s->cipher_list_by_id != NULL)
+ if (s->cipher_list_by_id != NULL) {
if ((ret->cipher_list_by_id =
sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
goto err;
+ }
/* Dup the client_CA list */
if (s->client_CA != NULL) {
const void *
SSL_get_current_compression(SSL *s)
{
- return NULL;
+ return (NULL);
}
const void *
SSL_get_current_expansion(SSL *s)
{
- return NULL;
+ return (NULL);
}
#else
SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
{
if (ssl->ctx == ctx)
- return ssl->ctx;
+ return (ssl->ctx);
#ifndef OPENSSL_NO_TLSEXT
if (ctx == NULL)
ctx = ssl->initial_ctx;
*/
void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
{
- return ssl->info_callback;
+ return (ssl->info_callback);
}
int
SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
- new_func, dup_func, free_func);
+ return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+ new_func, dup_func, free_func));
}
int
SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
- new_func, dup_func, free_func);
+ return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+ new_func, dup_func, free_func));
}
int
PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
SSL_R_DATA_LENGTH_TOO_LONG);
- return 0;
+ return (0);
}
if (ctx->psk_identity_hint != NULL)
free(ctx->psk_identity_hint);
if (identity_hint != NULL) {
ctx->psk_identity_hint = BUF_strdup(identity_hint);
if (ctx->psk_identity_hint == NULL)
- return 0;
+ return (0);
} else
ctx->psk_identity_hint = NULL;
- return 1;
+ return (1);
}
int
SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
{
if (s == NULL)
- return 0;
+ return (0);
if (s->session == NULL)
- return 1; /* session not created yet, ignored */
+ return (1); /* session not created yet, ignored */
if (identity_hint != NULL && strlen(identity_hint) >
PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT,
SSL_R_DATA_LENGTH_TOO_LONG);
- return 0;
+ return (0);
}
if (s->session->psk_identity_hint != NULL)
free(s->session->psk_identity_hint);
if (identity_hint != NULL) {
s->session->psk_identity_hint = BUF_strdup(identity_hint);
if (s->session->psk_identity_hint == NULL)
- return 0;
+ return (0);
} else
s->session->psk_identity_hint = NULL;
- return 1;
+ return (1);
}
const char *
SSL_get_psk_identity_hint(const SSL *s)
{
if (s == NULL || s->session == NULL)
- return NULL;
+ return (NULL);
return (s->session->psk_identity_hint);
}
SSL_get_psk_identity(const SSL *s)
{
if (s == NULL || s->session == NULL)
- return NULL;
+ return (NULL);
return (s->session->psk_identity);
}
*hash = EVP_MD_CTX_create();
if (md)
EVP_DigestInit_ex(*hash, md, NULL);
- return *hash;
+ return (*hash);
}
void
int
SSL_cache_hit(SSL *s)
{
- return s->hit;
+ return (s->hit);
}
IMPLEMENT_STACK_OF(SSL_CIPHER)
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
+ * ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
/* ====================================================================
if (s->renegotiate) {
SSLerr(SSL_F_SSL_CLEAR,
ERR_R_INTERNAL_ERROR);
- return 0;
+ return (0);
}
s->type = 0;
if (sid_ctx_len > sizeof ctx->sid_ctx) {
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
+ return (0);
}
ctx->sid_ctx_length = sid_ctx_len;
memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
- return 1;
+ return (1);
}
int
{
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
- SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return (0);
}
ssl->sid_ctx_length = sid_ctx_len;
memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
- return 1;
+ return (1);
}
int
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
ctx->generate_session_id = cb;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return 1;
+ return (1);
}
int
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
ssl->generate_session_id = cb;
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- return 1;
+ return (1);
}
int
SSL_SESSION r, *p;
if (id_len > sizeof r.session_id)
- return 0;
+ return (0);
r.ssl_version = ssl->version;
r.session_id_length = id_len;
int
SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+ return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
}
int
SSL_set_purpose(SSL *s, int purpose)
{
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+ return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
}
int
SSL_CTX_set_trust(SSL_CTX *s, int trust)
{
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
+ return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_set_trust(SSL *s, int trust)
{
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
+ return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
{
- return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+ return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
}
int
SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
{
- return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+ return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
}
void
count = ret;
memcpy(buf, s->s3->tmp.finish_md, count);
}
- return ret;
+ return (ret);
}
/* return length of latest Finished message we expected, copy to 'buf' */
count = ret;
memcpy(buf, s->s3->tmp.peer_finish_md, count);
}
- return ret;
+ return (ret);
}
int
SSL_get_verify_depth(const SSL *s)
{
- return X509_VERIFY_PARAM_get_depth(s->param);
+ return (X509_VERIFY_PARAM_get_depth(s->param));
}
-int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
+int
+(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
{
return (s->verify_callback);
}
int
SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
- return X509_VERIFY_PARAM_get_depth(ctx->param);
+ return (X509_VERIFY_PARAM_get_depth(ctx->param));
}
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
if (ssl->cert == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
+ return (0);
}
if (ssl->cert->key->x509 == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_READ,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_PEEK,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_WRITE,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if (s->shutdown & SSL_SENT_SHUTDOWN) {
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_SHUTDOWN,
SSL_R_UNINITIALIZED);
- return -1;
+ return (-1);
}
if ((s != NULL) && !SSL_in_init(s))
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
s->msg_callback_arg = parg;
- return 1;
+ return (1);
case SSL_CTRL_OPTIONS:
return (s->options|=larg);
case SSL_CTRL_SET_MTU:
#ifndef OPENSSL_NO_DTLS1
if (larg < (long)dtls1_min_mtu())
- return 0;
+ return (0);
#endif
if (SSL_version(s) == DTLS1_VERSION ||
SSL_version(s) == DTLS1_BAD_VER) {
s->d1->mtu = larg;
- return larg;
+ return (larg);
}
- return 0;
+ return (0);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
+ return (0);
s->max_send_fragment = larg;
- return 1;
+ return (1);
case SSL_CTRL_GET_RI_SUPPORT:
if (s->s3)
- return s->s3->send_connection_binding;
- else return 0;
+ return (s->s3->send_connection_binding);
+ else return (0);
default:
return (s->method->ssl_ctrl(s, cmd, larg, parg));
}
s->msg_callback = (void (*)(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl, void *arg))(fp);
- return 1;
+ return (1);
default:
return (s->method->ssl_callback_ctrl(s, cmd, fp));
LHASH_OF(SSL_SESSION) *
SSL_CTX_sessions(SSL_CTX *ctx)
{
- return ctx->sessions;
+ return (ctx->sessions);
}
long
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
ctx->msg_callback_arg = parg;
- return 1;
+ return (1);
case SSL_CTRL_GET_MAX_CERT_LIST:
return (ctx->max_cert_list);
return (ctx->mode&=~larg);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
+ return (0);
ctx->max_send_fragment = larg;
- return 1;
+ return (1);
default:
return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
}
ctx->msg_callback = (void (*)(int write_p, int version,
int content_type, const void *buf, size_t len, SSL *ssl,
void *arg))(fp);
- return 1;
+ return (1);
default:
return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
&ctx->cipher_list_by_id, str);
- /*
+ /*
* ssl_create_cipher_list may return an empty stack if it
* was unable to find a cipher matching the given rule string
* (for example if the rule string specifies a cipher which
* updated.
*/
if (sk == NULL)
- return 0;
+ return (0);
else if (sk_SSL_CIPHER_num(sk) == 0) {
SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
SSL_R_NO_CIPHER_MATCH);
- return 0;
+ return (0);
}
- return 1;
+ return (1);
}
/* Specify the ciphers to be used by the SSL. */
&s->cipher_list_by_id, str);
/* see comment in SSL_CTX_set_cipher_list */
if (sk == NULL)
- return 0;
+ return (0);
else if (sk_SSL_CIPHER_num(sk) == 0) {
SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
SSL_R_NO_CIPHER_MATCH);
- return 0;
+ return (0);
}
- return 1;
+ return (1);
}
/* works well for SSLv2, not so good for SSLv3 */
SSL_get_servername(const SSL *s, const int type)
{
if (type != TLSEXT_NAMETYPE_host_name)
- return NULL;
+ return (NULL);
- return s->session && !s->tlsext_hostname ?
+ return (s->session && !s->tlsext_hostname ?
s->session->tlsext_hostname :
- s->tlsext_hostname;
+ s->tlsext_hostname);
}
int
if (s->session &&
(!s->tlsext_hostname ?
s->session->tlsext_hostname : s->tlsext_hostname))
- return TLSEXT_NAMETYPE_host_name;
- return -1;
+ return (TLSEXT_NAMETYPE_host_name);
+ return (-1);
}
# ifndef OPENSSL_NO_NEXTPROTONEG
found:
*out = (unsigned char *) result + 1;
*outlen = result[0];
- return status;
+ return (status);
}
/*
int use_context)
{
if (s->version < TLS1_VERSION)
- return -1;
+ return (-1);
- return s->method->ssl3_enc->export_keying_material(s, out, olen,
- label, llen, p, plen, use_context);
+ return (s->method->ssl3_enc->export_keying_material(s, out, olen,
+ label, llen, p, plen, use_context));
}
static unsigned long
#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d "
+ "rs=%d ds=%d dhr=%d dhd=%d\n",
rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
#endif
/* ECDH key length in export ciphers must be <= 163 bits */
pkey = X509_get_pubkey(x);
if (pkey == NULL)
- return 0;
+ return (0);
keysize = EVP_PKEY_bits(pkey);
EVP_PKEY_free(pkey);
if (keysize > 163)
- return 0;
+ return (0);
}
/* This call populates the ex_flags field correctly */
if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
- return 0;
+ return (0);
}
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
TLS1_2_VERSION) {
if (pk_nid != NID_X9_62_id_ecPublicKey) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
- return 0;
+ return (0);
}
}
if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
- return 0;
+ return (0);
}
}
}
if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_SIGNING);
- return 0;
+ return (0);
}
}
- return 1;
+ return (1);
/* all checks are ok */
}
return (NULL);
}
- return c->pkeys + i;
+ return (c->pkeys + i);
}
X509 *
cpk = ssl_get_server_send_pkey(s);
if (!cpk)
- return NULL;
- return cpk->x509;
+ return (NULL);
+ return (cpk->x509);
}
EVP_PKEY *
}
if (pmd)
*pmd = c->pkeys[idx].digest;
- return c->pkeys[idx].privatekey;
+ return (c->pkeys[idx].privatekey);
}
void
else if (reason == BIO_RR_ACCEPT)
return (SSL_ERROR_WANT_ACCEPT);
else
- return(SSL_ERROR_SYSCALL); /* unknown */
+ return (SSL_ERROR_SYSCALL); /* unknown */
}
}
bio = SSL_get_wbio(s);
if (BIO_should_write(bio))
return (SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
- return (SSL_ERROR_WANT_READ);
+ else if (BIO_should_read(bio)) {
/*
* See above (SSL_want_read(s) with
* BIO_should_write(bio))
*/
- else if (BIO_should_io_special(bio)) {
+ return (SSL_ERROR_WANT_READ);
+ } else if (BIO_should_io_special(bio)) {
reason = BIO_get_retry_reason(bio);
if (reason == BIO_RR_CONNECT)
return (SSL_ERROR_WANT_CONNECT);
return (ret);
}
-/*
+/*
* For the next 2 functions, SSL_clear() sets shutdown and so
* one of these calls will reset it
*/
SSL_get_version(const SSL *s)
{
if (s->version == TLS1_2_VERSION)
- return("TLSv1.2");
+ return ("TLSv1.2");
else if (s->version == TLS1_1_VERSION)
- return("TLSv1.1");
+ return ("TLSv1.1");
else if (s->version == TLS1_VERSION)
- return("TLSv1");
+ return ("TLSv1");
else if (s->version == SSL3_VERSION)
- return("SSLv3");
+ return ("SSLv3");
else
- return("unknown");
+ return ("unknown");
}
SSL *
ret->quiet_shutdown = s->quiet_shutdown;
ret->shutdown = s->shutdown;
/* SSL_dup does not really work at any state, though */
- ret->state=s->state;
+ ret->state=s->state;
ret->rstate = s->rstate;
/*
* Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
* ret->init_off
*/
- ret->init_num = 0;
+ ret->init_num = 0;
ret->hit = s->hit;
sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
goto err;
}
- if (s->cipher_list_by_id != NULL)
+ if (s->cipher_list_by_id != NULL) {
if ((ret->cipher_list_by_id =
sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
goto err;
+ }
/* Dup the client_CA list */
if (s->client_CA != NULL) {
const void *
SSL_get_current_compression(SSL *s)
{
- return NULL;
+ return (NULL);
}
const void *
SSL_get_current_expansion(SSL *s)
{
- return NULL;
+ return (NULL);
}
#else
SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
{
if (ssl->ctx == ctx)
- return ssl->ctx;
+ return (ssl->ctx);
#ifndef OPENSSL_NO_TLSEXT
if (ctx == NULL)
ctx = ssl->initial_ctx;
*/
void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
{
- return ssl->info_callback;
+ return (ssl->info_callback);
}
int
SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
- new_func, dup_func, free_func);
+ return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+ new_func, dup_func, free_func));
}
int
SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
- new_func, dup_func, free_func);
+ return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+ new_func, dup_func, free_func));
}
int
PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
SSL_R_DATA_LENGTH_TOO_LONG);
- return 0;
+ return (0);
}
if (ctx->psk_identity_hint != NULL)
free(ctx->psk_identity_hint);
if (identity_hint != NULL) {
ctx->psk_identity_hint = BUF_strdup(identity_hint);
if (ctx->psk_identity_hint == NULL)
- return 0;
+ return (0);
} else
ctx->psk_identity_hint = NULL;
- return 1;
+ return (1);
}
int
SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
{
if (s == NULL)
- return 0;
+ return (0);
if (s->session == NULL)
- return 1; /* session not created yet, ignored */
+ return (1); /* session not created yet, ignored */
if (identity_hint != NULL && strlen(identity_hint) >
PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT,
SSL_R_DATA_LENGTH_TOO_LONG);
- return 0;
+ return (0);
}
if (s->session->psk_identity_hint != NULL)
free(s->session->psk_identity_hint);
if (identity_hint != NULL) {
s->session->psk_identity_hint = BUF_strdup(identity_hint);
if (s->session->psk_identity_hint == NULL)
- return 0;
+ return (0);
} else
s->session->psk_identity_hint = NULL;
- return 1;
+ return (1);
}
const char *
SSL_get_psk_identity_hint(const SSL *s)
{
if (s == NULL || s->session == NULL)
- return NULL;
+ return (NULL);
return (s->session->psk_identity_hint);
}
SSL_get_psk_identity(const SSL *s)
{
if (s == NULL || s->session == NULL)
- return NULL;
+ return (NULL);
return (s->session->psk_identity);
}
*hash = EVP_MD_CTX_create();
if (md)
EVP_DigestInit_ex(*hash, md, NULL);
- return *hash;
+ return (*hash);
}
void
int
SSL_cache_hit(SSL *s)
{
- return s->hit;
+ return (s->hit);
}
IMPLEMENT_STACK_OF(SSL_CIPHER)
projects / openbsd / commitdiff