From: mcbride Date: Thu, 24 Apr 2014 12:21:26 +0000 (+0000) Subject: KNF X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=64b912a0579ce827150e4ab2f1675a7b70d7a665;p=openbsd KNF --- diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 0cd40f3a2d0..b63f0bf0c99 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -181,10 +181,10 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method, int ssl3_connect(SSL *s) { - BUF_MEM *buf = NULL; - void (*cb)(const SSL *ssl, int type, int val) = NULL; - int ret = -1; - int new_state, state, skip = 0; + BUF_MEM *buf = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; + int ret = -1; + int new_state, state, skip = 0; ERR_clear_error(); errno = 0; @@ -217,7 +217,8 @@ ssl3_connect(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version & 0xff00 ) != 0x0300) { - SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CONNECT, + ERR_R_INTERNAL_ERROR); ret = -1; goto end; } @@ -230,7 +231,8 @@ ssl3_connect(SSL *s) ret = -1; goto end; } - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { + if (!BUF_MEM_grow(buf, + SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; goto end; } @@ -309,10 +311,11 @@ ssl3_connect(SSL *s) break; } #endif - /* Check if it is anon DH/ECDH */ - /* or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + /* Check if it is anon DH/ECDH or PSK */ + if (!(s->s3->tmp.new_cipher->algorithm_auth & + SSL_aNULL) && + !(s->s3->tmp.new_cipher->algorithm_mkey & + SSL_kPSK)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -342,8 +345,10 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CR_CERT_REQ_A; s->init_num = 0; - /* at this point we check that we have the - * required stuff from the server */ + /* + * At this point we check that we have the + * required stuff from the server. + */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; goto end; @@ -367,8 +372,10 @@ ssl3_connect(SSL *s) #ifndef OPENSSL_NO_SRP if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if ((ret = SRP_Calc_A_param(s)) <= 0) { - SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CONNECT, + SSL_R_SRP_A_CALC); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_INTERNAL_ERROR); goto end; } } @@ -397,11 +404,16 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_key_exchange(s); if (ret <= 0) goto end; - /* EAY EAY EAY need to check for DH fix cert - * sent back */ - /* For TLS, cert_req is set to 2, so a cert chain - * of nothing is sent, but no verify packet is sent */ - /* XXX: For now, we do not support client + /* + * EAY EAY EAY need to check for DH fix cert + * sent back + */ + /* + * For TLS, cert_req is set to 2, so a cert chain + * of nothing is sent, but no verify packet is sent + */ + /* + * XXX: For now, we do not support client * authentication in ECDH cipher suites with * ECDH (rather than ECDSA) certificates. * We need to skip the certificate verify @@ -457,7 +469,7 @@ ssl3_connect(SSL *s) s->session->compress_meth = 0; else s->session->compress_meth = - s->s3->tmp.new_compression->id; + s->s3->tmp.new_compression->id; #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; @@ -465,7 +477,7 @@ ssl3_connect(SSL *s) } if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; goto end; } @@ -496,7 +508,8 @@ ssl3_connect(SSL *s) s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; if (s->hit) { s->s3->tmp.next_state = SSL_ST_OK; - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { + if (s->s3->flags & + SSL3_FLAGS_DELAY_CLIENT_FINISHED) { s->state = SSL_ST_OK; s->s3->flags|=SSL3_FLAGS_POP_BUFFER; s->s3->delay_buf_pop_ret = 0; @@ -505,7 +518,8 @@ ssl3_connect(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) - s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->tmp.next_state = + SSL3_ST_CR_SESSION_TICKET_A; else #endif @@ -568,8 +582,10 @@ ssl3_connect(SSL *s) s->init_buf = NULL; } - /* If we are not 'joining' the last two packets, - * remove the buffering now */ + /* + * If we are not 'joining' the last two packets, + * remove the buffering now + */ if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) ssl_free_wbio_buffer(s); /* else do it later in ssl3_write */ @@ -594,7 +610,8 @@ ssl3_connect(SSL *s) /* break; */ default: - SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); + SSLerr(SSL_F_SSL3_CONNECT, + SSL_R_UNKNOWN_STATE); ret = -1; goto end; /* break; */ @@ -616,7 +633,7 @@ ssl3_connect(SSL *s) } skip = 0; } -end: + end: s->in_handshake--; if (buf != NULL) BUF_MEM_free(buf); @@ -629,13 +646,13 @@ end: int ssl3_client_hello(SSL *s) { - unsigned char *buf; - unsigned char *p, *d; - int i; - unsigned long l; + unsigned char *buf; + unsigned char *p, *d; + int i; + unsigned long l; #ifndef OPENSSL_NO_COMP - int j; - SSL_COMP *comp; + int j; + SSL_COMP *comp; #endif buf = (unsigned char *)s->init_buf->data; @@ -660,9 +677,10 @@ ssl3_client_hello(SSL *s) goto err; /* Do the message type and length last */ - d = p= &(buf[4]); + d = p = &(buf[4]); - /* version indicates the negotiated version: for example from + /* + * Version indicates the negotiated version: for example from * an SSLv2/v3 compatible client hello). The client_version * field is the maximum version we permit and it is also * used in RSA encrypted premaster secrets. Some servers can @@ -697,7 +715,7 @@ ssl3_client_hello(SSL *s) s->client_version = s->version; #else *(p++) = s->client_version >> 8; - *(p++) = s->client_version&0xff; + *(p++) = s->client_version & 0xff; #endif /* Random stuff */ @@ -712,7 +730,8 @@ ssl3_client_hello(SSL *s) *(p++) = i; if (i != 0) { if (i > (int)sizeof(s->session->session_id)) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); goto err; } memcpy(p, s->session->session_id, i); @@ -722,11 +741,13 @@ ssl3_client_hello(SSL *s) /* Ciphers supported */ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); if (i == 0) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSL_R_NO_CIPHERS_AVAILABLE); goto err; } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* Some servers hang if client hello > 256 bytes + /* + * Some servers hang if client hello > 256 bytes * as hack workaround chop number of supported ciphers * to keep it well below this if we use TLS v1.2 */ @@ -758,11 +779,14 @@ ssl3_client_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (ssl_prepare_clienthello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSL_R_CLIENTHELLO_TLSEXT); goto err; } - if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + if ((p = ssl_add_clienthello_tlsext(s, p, + buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); goto err; } #endif @@ -780,21 +804,21 @@ ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); -err: + err: return (-1); } int ssl3_get_server_hello(SSL *s) { - STACK_OF(SSL_CIPHER) *sk; - const SSL_CIPHER *c; - unsigned char *p, *d; - int i, al, ok; - unsigned int j; - long n; + STACK_OF(SSL_CIPHER) *sk; + const SSL_CIPHER *c; + unsigned char *p, *d; + int i, al, ok; + unsigned int j; + long n; #ifndef OPENSSL_NO_COMP - SSL_COMP *comp; + SSL_COMP *comp; #endif n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -803,7 +827,8 @@ ssl3_get_server_hello(SSL *s) if (!ok) return ((int)n); - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { + if (SSL_version(s) == DTLS1_VERSION || + SSL_version(s) == DTLS1_BAD_VER) { if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { s->s3->tmp.reuse_message = 1; @@ -812,7 +837,8 @@ ssl3_get_server_hello(SSL *s) else /* already sent a cookie */ { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } } @@ -820,14 +846,16 @@ ssl3_get_server_hello(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } d = p=(unsigned char *)s->init_msg; if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_WRONG_SSL_VERSION); s->version = (s->version&0xff00)|p[1]; al = SSL_AD_PROTOCOL_VERSION; goto f_err; @@ -842,14 +870,19 @@ ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); - if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { + if ((j > sizeof s->session->session_id) || + (j > SSL3_SESSION_ID_SIZE)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } #ifndef OPENSSL_NO_TLSEXT - /* check if we want to resume the session based on external pre-shared secret */ + /* + * Check if we want to resume the session based on external + * pre-shared secret + */ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); @@ -865,16 +898,17 @@ ssl3_get_server_hello(SSL *s) if (j != 0 && j == s->session->session_id_length && memcmp(p, s->session->session_id, j) == 0) { if (s->sid_ctx_length != s->session->sid_ctx_length || - memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { + memcmp(s->session->sid_ctx, + s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } s->hit = 1; - } - else /* a miss or crap from the other end */ - { + } else { /* a miss or crap from the other end */ + /* If we were trying for session-id reuse, make a new * SSL_SESSION so we don't stuff up other people */ s->hit = 0; @@ -892,14 +926,16 @@ ssl3_get_server_hello(SSL *s) if (c == NULL) { /* unknown cipher */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_UNKNOWN_CIPHER_RETURNED); goto f_err; } /* TLS v1.2 only ciphersuites require v1.2 or later */ if ((c->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_version(s) < TLS1_2_VERSION)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } p += ssl_put_cipher_by_char(s, NULL, NULL); @@ -909,25 +945,31 @@ ssl3_get_server_hello(SSL *s) if (i < 0) { /* we did not say we would use this cipher */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } - /* Depending on the session caching (internal/external), the cipher - and/or cipher_id values may not be set. Make sure that - cipher_id is set and use it for comparison. */ + /* + * Depending on the session caching (internal/external), the cipher + * and/or cipher_id values may not be set. Make sure that + * cipher_id is set and use it for comparison. + */ if (s->session->cipher) s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto f_err; } s->s3->tmp.new_cipher = c; - /* Don't digest cached records if TLS v1.2: we may need them for + /* + * Don't digest cached records if TLS v1.2: we may need them for * client authentication. */ - if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) { + if (TLS1_get_version(s) < TLS1_2_VERSION && + !ssl3_digest_cached_records(s)) { al = SSL_AD_INTERNAL_ERROR; goto f_err; } @@ -936,36 +978,42 @@ ssl3_get_server_hello(SSL *s) #ifdef OPENSSL_NO_COMP if (*(p++) != 0) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } - /* If compression is disabled we'd better not try to resume a session + /* + * If compression is disabled we'd better not try to resume a session * using compression. */ if (s->session->compress_meth != 0) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_INCONSISTENT_COMPRESSION); goto f_err; } #else j= *(p++); if (s->hit && j != s->session->compress_meth) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); goto f_err; } if (j == 0) comp = NULL; else if (s->options & SSL_OP_NO_COMPRESSION) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_COMPRESSION_DISABLED); goto f_err; } else comp = ssl3_comp_find(s->ctx->comp_methods, j); if ((j != 0) && (comp == NULL)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } else { s->s3->tmp.new_compression = comp; @@ -977,12 +1025,14 @@ ssl3_get_server_hello(SSL *s) if (s->version >= SSL3_VERSION) { if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) { /* 'al' set by ssl_parse_serverhello_tlsext */ - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_PARSE_TLSEXT); goto f_err; } if (ssl_check_serverhello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_SERVERHELLO_TLSEXT); goto err; } } @@ -991,29 +1041,32 @@ ssl3_get_server_hello(SSL *s) if (p != (d + n)) { /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_BAD_PACKET_LENGTH); goto f_err; } return (1); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: return (-1); } int ssl3_get_server_certificate(SSL *s) { - int al, i, ok, ret = -1; - unsigned long n, nc, llen, l; - X509 *x = NULL; - const unsigned char *q, *p; - unsigned char *d; - STACK_OF(X509) *sk = NULL; - SESS_CERT *sc; - EVP_PKEY *pkey = NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ + int al, i, ok, ret = -1; + unsigned long n, nc, llen, l; + X509 *x = NULL; + const unsigned char *q, *p; + unsigned char *d; + STACK_OF(X509) *sk = NULL; + SESS_CERT *sc; + EVP_PKEY *pkey = NULL; + + /* VRS: 0=> will allow null cert if auth == KRB5 */ + int need_cert = 1; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); @@ -1030,27 +1083,31 @@ ssl3_get_server_certificate(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } p = d = (unsigned char *)s->init_msg; if ((sk = sk_X509_new_null()) == NULL) { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + ERR_R_MALLOC_FAILURE); goto err; } n2l3(p, llen); if (llen + 3 != n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_LENGTH_MISMATCH); goto f_err; } for (nc = 0; nc < llen; ) { n2l3(p, l); if ((l + nc + 3) > llen) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } @@ -1058,16 +1115,19 @@ ssl3_get_server_certificate(SSL *s) x = d2i_X509(NULL, &q, l); if (x == NULL) { al = SSL_AD_BAD_CERTIFICATE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + ERR_R_ASN1_LIB); goto f_err; } if (q != (p + l)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } if (!sk_X509_push(sk, x)) { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + ERR_R_MALLOC_FAILURE); goto err; } x = NULL; @@ -1083,7 +1143,8 @@ ssl3_get_server_certificate(SSL *s) #endif /* OPENSSL_NO_KRB5 */ ) { al = ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERTIFICATE_VERIFY_FAILED); goto f_err; } @@ -1098,8 +1159,10 @@ ssl3_get_server_certificate(SSL *s) s->session->sess_cert = sc; sc->cert_chain = sk; - /* Inconsistency alert: cert_chain does include the peer's - * certificate, which we don't include in s3_srvr.c */ + /* + * Inconsistency alert: cert_chain does include the peer's + * certificate, which we don't include in s3_srvr.c + */ x = sk_X509_value(sk, 0); sk = NULL; /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ @@ -1108,17 +1171,19 @@ ssl3_get_server_certificate(SSL *s) /* VRS: allow null cert if auth == KRB5 */ need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) - ? 0 : 1; + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) + ? 0 : 1; #ifdef KSSL_DEBUG printf("pkey, x = %p, %p\n", pkey, x); printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey)); - printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); + printf("cipher, alg, nc = %s, %lx, %lx, %d\n", + s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey, + s->s3->tmp.new_cipher->algorithm_auth, need_cert); #endif /* KSSL_DEBUG */ - if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { + if (need_cert && ((pkey == NULL) || + EVP_PKEY_missing_parameters(pkey))) { x = NULL; al = SSL3_AL_FATAL; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1138,8 +1203,10 @@ ssl3_get_server_certificate(SSL *s) if (need_cert) { sc->peer_cert_type = i; CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - /* Why would the following ever happen? - * We just created sc a couple of lines ago. */ + /* + * Why would the following ever happen? + * We just created sc a couple of lines ago. + */ if (sc->peer_pkeys[i].x509 != NULL) X509_free(sc->peer_pkeys[i].x509); sc->peer_pkeys[i].x509 = x; @@ -1163,10 +1230,10 @@ ssl3_get_server_certificate(SSL *s) ret = 1; if (0) { -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } -err: + err: EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -1176,27 +1243,29 @@ err: int ssl3_get_key_exchange(SSL *s) { - unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; - EVP_MD_CTX md_ctx; - unsigned char *param, *p; - int al, i, j, param_len, ok; - long n, alg_k, alg_a; - EVP_PKEY *pkey = NULL; - const EVP_MD *md = NULL; - RSA *rsa = NULL; + unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; + EVP_MD_CTX md_ctx; + unsigned char *param, *p; + int al, i, j, param_len, ok; + long n, alg_k, alg_a; + EVP_PKEY *pkey = NULL; + const EVP_MD *md = NULL; + RSA *rsa = NULL; #ifndef OPENSSL_NO_DH - DH *dh = NULL; + DH *dh = NULL; #endif #ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh = NULL; - BN_CTX *bn_ctx = NULL; - EC_POINT *srvr_ecpoint = NULL; - int curve_nid = 0; - int encoded_pt_len = 0; + EC_KEY *ecdh = NULL; + BN_CTX *bn_ctx = NULL; + EC_POINT *srvr_ecpoint = NULL; + int curve_nid = 0; + int encoded_pt_len = 0; #endif - /* use same message size as in ssl3_get_certificate_request() - * as ServerKeyExchange message may be skipped */ + /* + * Use same message size as in ssl3_get_certificate_request() + * as ServerKeyExchange message may be skipped. + */ n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); if (!ok) @@ -1204,10 +1273,11 @@ ssl3_get_key_exchange(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { #ifndef OPENSSL_NO_PSK - /* In plain PSK ciphersuite, ServerKeyExchange can be - omitted if no identity hint is sent. Set - session->sess_cert anyway to avoid problems - later.*/ + /* + * In plain PSK ciphersuite, ServerKeyExchange can be + * omitted if no identity hint is sent. Set session->sess_cert + * anyway to avoid problems later. + */ if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { s->session->sess_cert = ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1253,32 +1323,37 @@ ssl3_get_key_exchange(SSL *s) al = SSL_AD_HANDSHAKE_FAILURE; n2s(p, i); param_len = i + 2; - /* Store PSK identity hint for later use, hint is used + /* + * Store PSK identity hint for later use, hint is used * in ssl3_send_client_key_exchange. Assume that the * maximum length of a PSK identity hint can be as - * long as the maximum length of a PSK identity. */ + * long as the maximum length of a PSK identity. + */ if (i > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); + SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } if (param_len > n) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); + SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); goto f_err; } - /* If received PSK identity hint contains NULL + /* + * If received PSK identity hint contains NULL * characters, the hint is truncated from the first * NULL. p may not be ending with NULL, so create a - * NULL-terminated string. */ + * NULL-terminated string. + */ memcpy(tmp_id_hint, p, i); memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); if (s->ctx->psk_identity_hint != NULL) free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto f_err; } @@ -1292,11 +1367,13 @@ ssl3_get_key_exchange(SSL *s) param_len = i + 2; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_N_LENGTH); goto f_err; } if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; @@ -1305,11 +1382,13 @@ ssl3_get_key_exchange(SSL *s) param_len += i + 2; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_G_LENGTH); goto f_err; } if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; @@ -1319,11 +1398,13 @@ ssl3_get_key_exchange(SSL *s) param_len += i + 1; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_S_LENGTH); goto f_err; } if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; @@ -1332,224 +1413,268 @@ ssl3_get_key_exchange(SSL *s) param_len += i + 2; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_B_LENGTH); goto f_err; } if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; n -= param_len; -/* We must check if there is a certificate */ + /* We must check if there is a certificate */ if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); else if (alg_a & SSL_aDSS) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_DSA_SIGN].x509); } else #endif /* !OPENSSL_NO_SRP */ - if (alg_k & SSL_kRSA) { - if ((rsa = RSA_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } - n2s(p, i); - param_len = i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH); - goto f_err; - } - if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; + if (alg_k & SSL_kRSA) { + if ((rsa = RSA_new()) == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } + n2s(p, i); + param_len = i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_RSA_MODULUS_LENGTH); + goto f_err; + } + if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; - n2s(p, i); - param_len += i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH); - goto f_err; - } - if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; - n -= param_len; + n2s(p, i); + param_len += i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_RSA_E_LENGTH); + goto f_err; + } + if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; + n -= param_len; - /* this should be because we are using an export cipher */ - if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - else { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; + /* + * This should be because we are using an + * export cipher + */ + if (alg_a & SSL_aRSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); + else { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + s->session->sess_cert->peer_rsa_tmp = rsa; + rsa = NULL; } - s->session->sess_cert->peer_rsa_tmp = rsa; - rsa = NULL; - } #ifndef OPENSSL_NO_DH - else if (alg_k & SSL_kEDH) { - if ((dh = DH_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); - goto err; - } - n2s(p, i); - param_len = i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH); - goto f_err; - } - if (!(dh->p = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; + else if (alg_k & SSL_kEDH) { + if ((dh = DH_new()) == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_DH_LIB); + goto err; + } + n2s(p, i); + param_len = i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_DH_P_LENGTH); + goto f_err; + } + if (!(dh->p = BN_bin2bn(p, i, NULL))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; - n2s(p, i); - param_len += i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH); - goto f_err; - } - if (!(dh->g = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; + n2s(p, i); + param_len += i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_DH_G_LENGTH); + goto f_err; + } + if (!(dh->g = BN_bin2bn(p, i, NULL))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; - n2s(p, i); - param_len += i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH); + n2s(p, i); + param_len += i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_DH_PUB_KEY_LENGTH); + goto f_err; + } + if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; + n -= param_len; + + if (alg_a & SSL_aRSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); + else if (alg_a & SSL_aDSS) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_DSA_SIGN].x509); + /* else anonymous DH, so no certificate or pkey. */ + + s->session->sess_cert->peer_dh_tmp = dh; + dh = NULL; + } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); goto f_err; } - if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; - n -= param_len; - - if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - else if (alg_a & SSL_aDSS) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); - /* else anonymous DH, so no certificate or pkey. */ - - s->session->sess_cert->peer_dh_tmp = dh; - dh = NULL; - } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; - } #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_ECDH - else if (alg_k & SSL_kEECDH) { - EC_GROUP *ngroup; - const EC_GROUP *group; + else if (alg_k & SSL_kEECDH) { + EC_GROUP *ngroup; + const EC_GROUP *group; - if ((ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } + if ((ecdh = EC_KEY_new()) == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } - /* Extract elliptic curve parameters and the - * server's ephemeral ECDH public key. - * Keep accumulating lengths of various components in - * param_len and make sure it never exceeds n. - */ + /* + * Extract elliptic curve parameters and the + * server's ephemeral ECDH public key. + * Keep accumulating lengths of various components in + * param_len and make sure it never exceeds n. + */ - /* XXX: For now we only support named (not generic) curves - * and the ECParameters in this case is just three bytes. - */ - param_len = 3; - if ((param_len > n) || - (*p != NAMED_CURVE_TYPE) || - ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); - goto f_err; - } + /* + * XXX: For now we only support named (not generic) + * curves and the ECParameters in this case is just + * three bytes. + */ + param_len = 3; + if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || + ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) + == 0)) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + goto f_err; + } - ngroup = EC_GROUP_new_by_curve_name(curve_nid); - if (ngroup == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - if (EC_KEY_set_group(ecdh, ngroup) == 0) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - EC_GROUP_free(ngroup); + ngroup = EC_GROUP_new_by_curve_name(curve_nid); + if (ngroup == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } + if (EC_KEY_set_group(ecdh, ngroup) == 0) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } + EC_GROUP_free(ngroup); - group = EC_KEY_get0_group(ecdh); + group = EC_KEY_get0_group(ecdh); - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - (EC_GROUP_get_degree(group) > 163)) { - al = SSL_AD_EXPORT_RESTRICTION; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); - goto f_err; - } + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + (EC_GROUP_get_degree(group) > 163)) { + al = SSL_AD_EXPORT_RESTRICTION; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); + goto f_err; + } - p += 3; + p += 3; - /* Next, get the encoded ECPoint */ - if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || - ((bn_ctx = BN_CTX_new()) == NULL)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } + /* Next, get the encoded ECPoint */ + if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || + ((bn_ctx = BN_CTX_new()) == NULL)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } - encoded_pt_len = *p; - /* length of encoded point */ - p += 1; - param_len += (1 + encoded_pt_len); - if ((param_len > n) || - (EC_POINT_oct2point(group, srvr_ecpoint, - p, encoded_pt_len, bn_ctx) == 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); - goto f_err; - } + encoded_pt_len = *p; + /* length of encoded point */ + p += 1; + param_len += (1 + encoded_pt_len); + if ((param_len > n) || + (EC_POINT_oct2point(group, srvr_ecpoint, + p, encoded_pt_len, bn_ctx) == 0)) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_ECPOINT); + goto f_err; + } - n -= param_len; - p += encoded_pt_len; + n -= param_len; + p += encoded_pt_len; - /* The ECC/TLS specification does not mention - * the use of DSA to sign ECParameters in the server - * key exchange message. We do support RSA and ECDSA. - */ - if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + /* + * The ECC/TLS specification does not mention the use + * of DSA to sign ECParameters in the server key + * exchange message. We do support RSA and ECDSA. + */ + if (alg_a & SSL_aRSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); #ifndef OPENSSL_NO_ECDSA - else if (alg_a & SSL_aECDSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); + else if (alg_a & SSL_aECDSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_ECC].x509); #endif - /* else anonymous ECDH, so no certificate or pkey. */ - EC_KEY_set_public_key(ecdh, srvr_ecpoint); - s->session->sess_cert->peer_ecdh_tmp = ecdh; - ecdh = NULL; - BN_CTX_free(bn_ctx); - bn_ctx = NULL; - EC_POINT_free(srvr_ecpoint); - srvr_ecpoint = NULL; - } else if (alg_k) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } + /* Else anonymous ECDH, so no certificate or pkey. */ + EC_KEY_set_public_key(ecdh, srvr_ecpoint); + s->session->sess_cert->peer_ecdh_tmp = ecdh; + ecdh = NULL; + BN_CTX_free(bn_ctx); + bn_ctx = NULL; + EC_POINT_free(srvr_ecpoint); + srvr_ecpoint = NULL; + } else if (alg_k) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } #endif /* !OPENSSL_NO_ECDH */ - /* p points to the next byte, there are 'n' bytes left */ /* if it was signed, check the signature */ @@ -1558,23 +1683,30 @@ ssl3_get_key_exchange(SSL *s) int sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } - /* Check key type is consistent with signature */ + /* + * Check key type is consistent + * with signature + */ if (sigalg != (int)p[1]) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_TYPE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_WRONG_SIGNATURE_TYPE); al = SSL_AD_DECODE_ERROR; goto f_err; } md = tls12_get_hash(p[0]); if (md == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_UNKNOWN_DIGEST); al = SSL_AD_DECODE_ERROR; goto f_err; } #ifdef SSL_DEBUG - fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); + fprintf(stderr, "USING TLSv1.2 HASH %s\n", + EVP_MD_name(md)); #endif p += 2; n -= 2; @@ -1588,11 +1720,13 @@ ssl3_get_key_exchange(SSL *s) if ((i != n) || (n > j) || (n <= 0)) { /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } - if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { + if (pkey->type == EVP_PKEY_RSA && + TLS1_get_version(s) < TLS1_2_VERSION) { int num; j = 0; @@ -1600,61 +1734,72 @@ ssl3_get_key_exchange(SSL *s) for (num = 2; num > 0; num--) { EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5 : s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); + EVP_DigestInit_ex(&md_ctx, + (num == 2) ? s->ctx->md5 : s->ctx->sha1, + NULL); + EVP_DigestUpdate(&md_ctx, + &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx, + &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx, param, param_len); - EVP_DigestFinal_ex(&md_ctx, q,(unsigned int *)&i); + EVP_DigestFinal_ex(&md_ctx, q, + (unsigned int *)&i); q += i; j += i; } - i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, - pkey->pkey.rsa); + i = RSA_verify(NID_md5_sha1, md_buf, j, + p, n, pkey->pkey.rsa); if (i < 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_RSA_DECRYPT); goto f_err; } if (i == 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SIGNATURE); goto f_err; } - } else - { + } else { EVP_VerifyInit_ex(&md_ctx, md, NULL); - EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx, param, param_len); if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SIGNATURE); goto f_err; } } } else { - if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) - /* aNULL or kPSK do not need public keys */ - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + /* aNULL or kPSK do not need public keys */ + if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } /* still data left over */ if (n != 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } } EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&md_ctx); return (1); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: EVP_PKEY_free(pkey); if (rsa != NULL) RSA_free(rsa); @@ -1675,20 +1820,16 @@ err: int ssl3_get_certificate_request(SSL *s) { - int ok, ret = 0; - unsigned long n, nc, l; - unsigned int llen, ctype_num, i; - X509_NAME *xn = NULL; - const unsigned char *p, *q; - unsigned char *d; - STACK_OF(X509_NAME) *ca_sk = NULL; + int ok, ret = 0; + unsigned long n, nc, l; + unsigned int llen, ctype_num, i; + X509_NAME *xn = NULL; + const unsigned char *p, *q; + unsigned char *d; + STACK_OF(X509_NAME) *ca_sk = NULL; - n = s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, - -1, - s->max_cert_list, - &ok); + n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, + SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok); if (!ok) return ((int)n); @@ -1697,7 +1838,8 @@ ssl3_get_certificate_request(SSL *s) if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { s->s3->tmp.reuse_message = 1; - /* If we get here we don't need any cached handshake records + /* + * If we get here we don't need any cached handshake records * as we wont be doing client auth. */ if (s->s3->handshake_buffer) { @@ -1709,15 +1851,18 @@ ssl3_get_certificate_request(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_WRONG_MESSAGE_TYPE); goto err; } /* TLS does not like anon-DH with client cert */ if (s->version > SSL3_VERSION) { if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; } } @@ -1725,7 +1870,8 @@ ssl3_get_certificate_request(SSL *s) p = d=(unsigned char *)s->init_msg; if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + ERR_R_MALLOC_FAILURE); goto err; } @@ -1743,12 +1889,14 @@ ssl3_get_certificate_request(SSL *s) */ if ((unsigned long)(p - d + llen + 2) > n) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_DATA_LENGTH_TOO_LONG); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_DATA_LENGTH_TOO_LONG); goto err; } if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_SIGNATURE_ALGORITHMS_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } p += llen; @@ -1759,7 +1907,8 @@ ssl3_get_certificate_request(SSL *s) if ((unsigned long)(p - d + llen) != n) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_LENGTH_MISMATCH); goto err; } @@ -1769,7 +1918,8 @@ ssl3_get_certificate_request(SSL *s) if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) goto cont; /* netscape bugs */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_CA_DN_TOO_LONG); goto err; } @@ -1780,19 +1930,23 @@ ssl3_get_certificate_request(SSL *s) if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) goto cont; else { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_DECODE_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + ERR_R_ASN1_LIB); goto err; } } if (q != (p + l)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_CA_DN_LENGTH_MISMATCH); goto err; } if (!sk_X509_NAME_push(ca_sk, xn)) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + ERR_R_MALLOC_FAILURE); goto err; } @@ -1801,7 +1955,7 @@ ssl3_get_certificate_request(SSL *s) } if (0) { -cont: + cont: ERR_clear_error(); } @@ -1814,7 +1968,7 @@ cont: ca_sk = NULL; ret = 1; -err: + err: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); @@ -1830,10 +1984,10 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) int ssl3_get_new_session_ticket(SSL *s) { - int ok, al, ret = 0, ticklen; - long n; - const unsigned char *p; - unsigned char *d; + int ok, al, ret = 0, ticklen; + long n; + const unsigned char *p; + unsigned char *d; n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); @@ -1846,13 +2000,15 @@ ssl3_get_new_session_ticket(SSL *s) } if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } if (n < 6) { /* need at least ticket_lifetime_hint + ticket length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1862,7 +2018,8 @@ ssl3_get_new_session_ticket(SSL *s) /* ticket_lifetime_hint + ticket_length + ticket */ if (ticklen + 6 != n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSL_R_LENGTH_MISMATCH); goto f_err; } if (s->session->tlsext_tick) { @@ -1871,12 +2028,14 @@ ssl3_get_new_session_ticket(SSL *s) } s->session->tlsext_tick = malloc(ticklen); if (!s->session->tlsext_tick) { - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + ERR_R_MALLOC_FAILURE); goto err; } memcpy(s->session->tlsext_tick, p, ticklen); s->session->tlsext_ticklen = ticklen; - /* There are two ways to detect a resumed ticket sesion. + /* + * There are two ways to detect a resumed ticket sesion. * One is to set an appropriate session ID and then the server * must return a match in ServerHello. This allows the normal * client session ID matching to work and we know much @@ -1891,23 +2050,22 @@ ssl3_get_new_session_ticket(SSL *s) * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the * ticket. */ - EVP_Digest(p, ticklen, - s->session->session_id, &s->session->session_id_length, - EVP_sha256(), NULL); + EVP_Digest(p, ticklen, s->session->session_id, + &s->session->session_id_length, EVP_sha256(), NULL); ret = 1; return (ret); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: return (-1); } int ssl3_get_cert_status(SSL *s) { - int ok, al; - unsigned long resplen, n; - const unsigned char *p; + int ok, al; + unsigned long resplen, n; + const unsigned char *p; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A, @@ -1921,19 +2079,22 @@ ssl3_get_cert_status(SSL *s) if (n < 4) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_LENGTH_MISMATCH); goto f_err; } p = (unsigned char *)s->init_msg; if (*p++ != TLSEXT_STATUSTYPE_ocsp) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_UNSUPPORTED_STATUS_TYPE); goto f_err; } n2l3(p, resplen); if (resplen + 4 != n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_LENGTH_MISMATCH); goto f_err; } if (s->tlsext_ocsp_resp) @@ -1941,7 +2102,8 @@ ssl3_get_cert_status(SSL *s) s->tlsext_ocsp_resp = BUF_memdup(p, resplen); if (!s->tlsext_ocsp_resp) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + ERR_R_MALLOC_FAILURE); goto f_err; } s->tlsext_ocsp_resplen = resplen; @@ -1950,17 +2112,19 @@ ssl3_get_cert_status(SSL *s) ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); if (ret == 0) { al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_INVALID_STATUS_RESPONSE); goto f_err; } if (ret < 0) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + ERR_R_MALLOC_FAILURE); goto f_err; } } return 1; -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return (-1); } @@ -1969,8 +2133,8 @@ f_err: int ssl3_get_server_done(SSL *s) { - int ok, ret = 0; - long n; + int ok, ret = 0; + long n; n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, @@ -1981,7 +2145,8 @@ ssl3_get_server_done(SSL *s) if (n > 0) { /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_DONE, + SSL_R_LENGTH_MISMATCH); return -1; } ret = 1; @@ -1992,21 +2157,21 @@ ssl3_get_server_done(SSL *s) int ssl3_send_client_key_exchange(SSL *s) { - unsigned char *p, *d; - int n; - unsigned long alg_k; - unsigned char *q; - EVP_PKEY *pkey = NULL; + unsigned char *p, *d; + int n; + unsigned long alg_k; + unsigned char *q; + EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; + KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH - EC_KEY *clnt_ecdh = NULL; - const EC_POINT *srvr_ecpoint = NULL; - EVP_PKEY *srvr_pub_pkey = NULL; - unsigned char *encodedPoint = NULL; - int encoded_pt_len = 0; - BN_CTX * bn_ctx = NULL; + EC_KEY *clnt_ecdh = NULL; + const EC_POINT *srvr_ecpoint = NULL; + EVP_PKEY *srvr_pub_pkey = NULL; + unsigned char *encodedPoint = NULL; + int encoded_pt_len = 0; + BN_CTX *bn_ctx = NULL; #endif if (s->state == SSL3_ST_CW_KEY_EXCH_A) { @@ -2022,11 +2187,15 @@ ssl3_send_client_key_exchange(SSL *s) if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa = s->session->sess_cert->peer_rsa_tmp; else { - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } rsa = pkey->pkey.rsa; @@ -2047,7 +2216,8 @@ ssl3_send_client_key_exchange(SSL *s) n = RSA_public_encrypt(sizeof tmp_buf, tmp_buf, p, rsa, RSA_PKCS1_PADDING); if (n <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_BAD_RSA_ENCRYPT); goto err; } @@ -2075,14 +2245,14 @@ ssl3_send_client_key_exchange(SSL *s) unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_IV_LENGTH]; + + EVP_MAX_IV_LENGTH]; int padl, outl = sizeof(epms); EVP_CIPHER_CTX_init(&ciph_ctx); #ifdef KSSL_DEBUG printf("ssl3_send_client_key_exchange(%lx & %lx)\n", - alg_k, SSL_kKRB5); + alg_k, SSL_kKRB5); #endif /* KSSL_DEBUG */ authp = NULL; @@ -2100,44 +2270,46 @@ ssl3_send_client_key_exchange(SSL *s) { printf("kssl_cget_tkt rtn %d\n", krb5rc); if (krb5rc && kssl_err.text) - printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); + printf("kssl_cget_tkt kssl_err=%s\n", + kssl_err.text); } #endif /* KSSL_DEBUG */ if (krb5rc) { ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); + SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - kssl_err.reason); + kssl_err.reason); goto err; } - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson ) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ - - /* KerberosWrapper.Ticket */ + /* + * 20010406 VRS - Earlier versions used KRB5 AP_REQ + * in place of RFC 2712 KerberosWrapper, as in: + * + * Send ticket (copy to *p, set n = length) + * n = krb5_ap_req.length; + * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + * if (krb5_ap_req.data) + * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + * + * Now using real RFC 2712 KerberosWrapper + * (Thanks to Simon Wilkinson ) + * Note: 2712 "opaque" types are here replaced + * with a 2-byte length followed by the value. + * Example: + * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms + * Where "xx xx" = length bytes. Shown here with + * optional authenticator omitted. + */ + + /* KerberosWrapper.Ticket */ s2n(enc_ticket->length, p); memcpy(p, enc_ticket->data, enc_ticket->length); p += enc_ticket->length; n = enc_ticket->length + 2; - /* KerberosWrapper.Authenticator */ + /* KerberosWrapper.Authenticator */ if (authp && authp->length) { s2n(authp->length, p); memcpy(p, authp->data, authp->length); @@ -2153,32 +2325,34 @@ ssl3_send_client_key_exchange(SSL *s) } tmp_buf[0] = s->client_version >> 8; - tmp_buf[1] = s->client_version&0xff; + tmp_buf[1] = s->client_version & 0xff; if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) goto err; - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /* + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, - kssl_ctx->key, iv); + kssl_ctx->key, iv); EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, - sizeof tmp_buf); + sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); outl += padl; if (outl > (int)sizeof epms) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } EVP_CIPHER_CTX_cleanup(&ciph_ctx); - /* KerberosWrapper.EncryptedPreMasterSecret */ + /* KerberosWrapper.EncryptedPreMasterSecret */ s2n(outl, p); memcpy(p, epms, outl); p += outl; @@ -2198,50 +2372,58 @@ ssl3_send_client_key_exchange(SSL *s) DH *dh_srvr, *dh_clnt; if (s->session->sess_cert == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_UNEXPECTED_MESSAGE); goto err; } if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr = s->session->sess_cert->peer_dh_tmp; else { - /* we get them from the cert */ - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); + /* We get them from the cert. */ + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } - /* generate a new random key */ + /* Generate a new random key. */ if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_DH_LIB); goto err; } if (!DH_generate_key(dh_clnt)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_DH_LIB); DH_free(dh_clnt); goto err; } - /* use the 'p' output buffer for the DH key, but - * make sure to clear it out afterwards */ - + /* + * Use the 'p' output buffer for the DH key, but + * make sure to clear it out afterwards. + */ n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); if (n <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_DH_LIB); DH_free(dh_clnt); goto err; } - /* generate master key from the result */ + /* Generate master key from the result. */ s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p, n); - /* clean up */ + /* Clean up. */ memset(p, 0, n); - /* send off the data */ + /* Send off the data. */ n = BN_num_bytes(dh_clnt->pub_key); s2n(n, p); BN_bn2bin(dh_clnt->pub_key, p); @@ -2260,13 +2442,15 @@ ssl3_send_client_key_exchange(SSL *s) int ecdh_clnt_cert = 0; int field_size = 0; - /* Did we send out the client's - * ECDH share for use in premaster - * computation as part of client certificate? - * If so, set ecdh_clnt_cert to 1. + /* + * Did we send out the client's ECDH share for use + * in premaster computation as part of client + * certificate? If so, set ecdh_clnt_cert to 1. */ - if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { - /* XXX: For now, we do not support client + if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && + (s->cert != NULL)) { + /* + * XXX: For now, we do not support client * authentication using ECDH certificates. * To add such support, one needs to add * code that checks for appropriate @@ -2294,10 +2478,11 @@ ssl3_send_client_key_exchange(SSL *s) srvr_pub_pkey = X509_get_pubkey(s->session-> \ sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); if ((srvr_pub_pkey == NULL) || - (srvr_pub_pkey->type != EVP_PKEY_EC) || - (srvr_pub_pkey->pkey.ec == NULL)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + (srvr_pub_pkey->type != EVP_PKEY_EC) || + (srvr_pub_pkey->pkey.ec == NULL)) { + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } @@ -2309,21 +2494,24 @@ ssl3_send_client_key_exchange(SSL *s) if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } if ((clnt_ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto err; } if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); goto err; } if (ecdh_clnt_cert) { - /* Reuse key info from our certificate + /* + * Reuse key info from our certificate * We only need our private key to perform * the ECDH computation. */ @@ -2331,73 +2519,83 @@ ssl3_send_client_key_exchange(SSL *s) tkey = s->cert->key->privatekey->pkey.ec; priv_key = EC_KEY_get0_private_key(tkey); if (priv_key == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); + if (!EC_KEY_set_private_key(clnt_ecdh, + priv_key)) { + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); goto err; } } else { /* Generate a new ECDH key pair */ if (!(EC_KEY_generate_key(clnt_ecdh))) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); goto err; } } - /* use the 'p' output buffer for the ECDH key, but - * make sure to clear it out afterwards + /* + * Use the 'p' output buffer for the ECDH key, but + * make sure to clear it out afterwards. */ - field_size = EC_GROUP_get_degree(srvr_group); if (field_size <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); + ERR_R_ECDH_LIB); goto err; } - n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); + n = ECDH_compute_key(p, (field_size + 7)/8, + srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); + ERR_R_ECDH_LIB); goto err; } /* generate master key from the result */ s->session->master_key_length = s->method->ssl3_enc \ -> generate_master_secret(s, - s->session->master_key, - p, n); + s->session->master_key, p, n); memset(p, 0, n); /* clean up */ if (ecdh_clnt_cert) { - /* Send empty client key exch message */ + /* Send empty client key exch message. */ n = 0; } else { - /* First check the size of encoding and + /* + * First check the size of encoding and * allocate memory accordingly. */ - encoded_pt_len = - EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); + encoded_pt_len = EC_POINT_point2oct( + srvr_group, + EC_KEY_get0_public_key(clnt_ecdh), + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, NULL); encodedPoint = malloc(encoded_pt_len); bn_ctx = BN_CTX_new(); if ((encodedPoint == NULL) || (bn_ctx == NULL)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto err; } /* Encode the public key */ n = EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encoded_pt_len, bn_ctx); + EC_KEY_get0_public_key(clnt_ecdh), + POINT_CONVERSION_UNCOMPRESSED, + encodedPoint, encoded_pt_len, bn_ctx); *p = n; /* length of encoded point */ /* Encoded point will be copied here */ @@ -2427,61 +2625,80 @@ ssl3_send_client_key_exchange(SSL *s) size_t msglen; unsigned int md_len; int keytype; - unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; + unsigned char premaster_secret[32], shared_ukm[32], + tmp[256]; EVP_MD_CTX *ukm_hash; EVP_PKEY *pub_key; /* Get server sertificate PKEY and create ctx from it */ - peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509; + peer_cert = s->session->sess_cert->peer_pkeys[( + keytype = SSL_PKEY_GOST01)].x509; if (!peer_cert) - peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509; + peer_cert = s->session->sess_cert->peer_pkeys[ + (keytype = SSL_PKEY_GOST94)].x509; if (!peer_cert) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } - pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); - /* If we have send a certificate, and certificate key - + pkey_ctx = EVP_PKEY_CTX_new( + pub_key = X509_get_pubkey(peer_cert), + NULL); + /* + * If we have send a certificate, and certificate key * parameters match those of server certificate, use - * certificate key for key exchange + * certificate key for key exchange. + * Otherwise, generate ephemeral key pair. */ - /* Otherwise, generate ephemeral key pair */ - EVP_PKEY_encrypt_init(pkey_ctx); - /* Generate session key */ + /* Generate session key. */ RAND_bytes(premaster_secret, 32); - /* If we have client certificate, use its secret as peer key */ + /* + * If we have client certificate, use its secret + * as peer key. + */ if (s->s3->tmp.cert_req && s->cert->key->privatekey) { - if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) { - /* If there was an error - just ignore it. Ephemeral key - * would be used - */ + if (EVP_PKEY_derive_set_peer(pkey_ctx, + s->cert->key->privatekey) <=0) { + /* + * If there was an error - + * just ignore it. Ephemeral key + * would be used + */ ERR_clear_error(); } } - /* Compute shared IV and store it in algorithm-specific - * context data */ + /* + * Compute shared IV and store it in algorithm-specific + * context data + */ ukm_hash = EVP_MD_CTX_create(); - EVP_DigestInit(ukm_hash, EVP_get_digestbynid(NID_id_GostR3411_94)); - EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE); + EVP_DigestInit(ukm_hash, + EVP_get_digestbynid(NID_id_GostR3411_94)); + EVP_DigestUpdate(ukm_hash, + s->s3->client_random, SSL3_RANDOM_SIZE); + EVP_DigestUpdate(ukm_hash, + s->s3->server_random, SSL3_RANDOM_SIZE); EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); EVP_MD_CTX_destroy(ukm_hash); - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, - 8, shared_ukm) < 0) { + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_LIBRARY_BUG); + SSL_R_LIBRARY_BUG); goto err; } - /* Make GOST keytransport blob message */ - /*Encapsulate it into sequence */ + /* + * Make GOST keytransport blob message, + * encapsulate it into sequence. + */ *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; msglen = 255; - if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) < 0) { + if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, + premaster_secret, 32) < 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_LIBRARY_BUG); + SSL_R_LIBRARY_BUG); goto err; } if (msglen >= 0x80) { @@ -2493,16 +2710,17 @@ ssl3_send_client_key_exchange(SSL *s) n = msglen + 2; } memcpy(p, tmp, msglen); - /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { - /* Set flag "skip certificate verify" */ + /* Check if pubkey from client certificate was used. */ + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, + EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { + /* Set flag "skip certificate verify". */ s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; } EVP_PKEY_CTX_free(pkey_ctx); s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, premaster_secret, 32); - EVP_PKEY_free(pub_key); + s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, premaster_secret, 32); + EVP_PKEY_free(pub_key); } #ifndef OPENSSL_NO_SRP @@ -2514,7 +2732,8 @@ ssl3_send_client_key_exchange(SSL *s) BN_bn2bin(s->srp_ctx.A, p); n += 2; } else { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } if (s->session->srp_username != NULL) @@ -2522,12 +2741,15 @@ ssl3_send_client_key_exchange(SSL *s) s->session->srp_username = BUF_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; } - if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + if ((s->session->master_key_length = + SRP_generate_client_master_secret(s, + s->session->master_key)) < 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } } @@ -2543,27 +2765,29 @@ ssl3_send_client_key_exchange(SSL *s) n = 0; if (s->psk_client_callback == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_NO_CLIENT_CB); + SSL_R_PSK_NO_CLIENT_CB); goto err; } - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, - identity, PSK_MAX_IDENTITY_LEN, - psk_or_pre_ms, sizeof(psk_or_pre_ms)); + psk_len = s->psk_client_callback(s, + s->ctx->psk_identity_hint, identity, + PSK_MAX_IDENTITY_LEN, psk_or_pre_ms, + sizeof(psk_or_pre_ms)); if (psk_len > PSK_MAX_PSK_LEN) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto psk_err; } else if (psk_len == 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_IDENTITY_NOT_FOUND); + SSL_R_PSK_IDENTITY_NOT_FOUND); goto psk_err; } /* create PSK pre_master_secret */ pre_ms_len = 2 + psk_len + 2 + psk_len; t = psk_or_pre_ms; - memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); + memmove(psk_or_pre_ms + psk_len + 4, + psk_or_pre_ms, psk_len); s2n(psk_len, t); memset(t, 0, psk_len); t += psk_len; @@ -2571,11 +2795,12 @@ ssl3_send_client_key_exchange(SSL *s) if (s->session->psk_identity_hint != NULL) free(s->session->psk_identity_hint); - s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); + s->session->psk_identity_hint = + BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto psk_err; } @@ -2584,25 +2809,26 @@ ssl3_send_client_key_exchange(SSL *s) s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto psk_err; } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret( - s, s->session->master_key, psk_or_pre_ms, - pre_ms_len); + s, s->session->master_key, psk_or_pre_ms, + pre_ms_len); n = strlen(identity); s2n(n, p); memcpy(p, identity, n); n += 2; psk_err = 0; - psk_err: + psk_err: OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_err != 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); goto err; } } @@ -2626,7 +2852,7 @@ ssl3_send_client_key_exchange(SSL *s) /* SSL3_ST_CW_KEY_EXCH_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); -err: + err: #ifndef OPENSSL_NO_ECDH BN_CTX_free(bn_ctx); if (encodedPoint != NULL) @@ -2641,14 +2867,14 @@ err: int ssl3_send_client_verify(SSL *s) { - unsigned char *p, *d; - unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; - EVP_PKEY *pkey; - EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX mctx; - unsigned u = 0; - unsigned long n; - int j; + unsigned char *p, *d; + unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; + EVP_PKEY *pkey; + EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX mctx; + unsigned u = 0; + unsigned long n; + int j; EVP_MD_CTX_init(&mctx); @@ -2656,18 +2882,21 @@ ssl3_send_client_verify(SSL *s) d = (unsigned char *)s->init_buf->data; p = &(d[4]); pkey = s->cert->key->privatekey; -/* Create context from key and test if sha1 is allowed as digest */ + /* + * Create context from key and test if sha1 is allowed as + * digest. + */ pctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { if (TLS1_get_version(s) < TLS1_2_VERSION) s->method->ssl3_enc->cert_verify_mac(s, - NID_sha1, - &(data[MD5_DIGEST_LENGTH])); + NID_sha1, &(data[MD5_DIGEST_LENGTH])); } else { ERR_clear_error(); } - /* For TLS v1.2 send signature algorithm and signature + /* + * For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ if (TLS1_get_version(s) >= TLS1_2_VERSION) { @@ -2675,10 +2904,11 @@ ssl3_send_client_verify(SSL *s) void *hdata; const EVP_MD *md = s->cert->key->digest; hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, - &hdata); - if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) { + &hdata); + if (hdatalen <= 0 || + !tls12_get_sigandhash(p, pkey, md)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } p += 2; @@ -2690,7 +2920,7 @@ ssl3_send_client_verify(SSL *s) !EVP_SignUpdate(&mctx, hdata, hdatalen) || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_EVP_LIB); + ERR_R_EVP_LIB); goto err; } s2n(u, p); @@ -2704,7 +2934,8 @@ ssl3_send_client_verify(SSL *s) if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_RSA_LIB); goto err; } s2n(u, p); @@ -2715,7 +2946,8 @@ ssl3_send_client_verify(SSL *s) &(data[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, &(p[2]), (unsigned int *)&j, pkey->pkey.dsa)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_DSA_LIB); goto err; } s2n(j, p); @@ -2728,23 +2960,24 @@ ssl3_send_client_verify(SSL *s) SHA_DIGEST_LENGTH, &(p[2]), (unsigned int *)&j, pkey->pkey.ec)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_ECDSA_LIB); + ERR_R_ECDSA_LIB); goto err; } s2n(j, p); n = j + 2; } else #endif - if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) { + if (pkey->type == NID_id_GostR3410_94 || + pkey->type == NID_id_GostR3410_2001) { unsigned char signbuf[64]; int i; size_t sigsize = 64; s->method->ssl3_enc->cert_verify_mac(s, - NID_id_GostR3411_94, - data); - if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { + NID_id_GostR3411_94, data); + if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) + <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } for (i = 63, j = 0; i >= 0; j++, i--) { @@ -2753,7 +2986,8 @@ ssl3_send_client_verify(SSL *s) s2n(j, p); n = j + 2; } else { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_INTERNAL_ERROR); goto err; } *(d++) = SSL3_MT_CERTIFICATE_VERIFY; @@ -2766,7 +3000,7 @@ ssl3_send_client_verify(SSL *s) EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); -err: + err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); return (-1); @@ -2775,10 +3009,10 @@ err: int ssl3_send_client_certificate(SSL *s) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - int i; - unsigned long l; + X509 *x509 = NULL; + EVP_PKEY *pkey = NULL; + int i; + unsigned long l; if (s->state == SSL3_ST_CW_CERT_A) { if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || @@ -2792,7 +3026,8 @@ ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_B) { /* If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later */ + * We then get retied later + */ i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; @@ -2806,7 +3041,8 @@ ssl3_send_client_certificate(SSL *s) i = 0; } else if (i == 1) { i = 0; - SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); + SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, + SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } if (x509 != NULL) @@ -2816,7 +3052,8 @@ ssl3_send_client_certificate(SSL *s) if (i == 0) { if (s->version == SSL3_VERSION) { s->s3->tmp.cert_req = 0; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); + ssl3_send_alert(s, SSL3_AL_WARNING, + SSL_AD_NO_CERTIFICATE); return (1); } else { s->s3->tmp.cert_req = 2; @@ -2830,7 +3067,7 @@ ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_C) { s->state = SSL3_ST_CW_CERT_D; l = ssl3_output_cert_chain(s, - (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); + (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); s->init_num = (int)l; s->init_off = 0; } @@ -2843,25 +3080,26 @@ ssl3_send_client_certificate(SSL *s) int ssl3_check_cert_and_algorithm(SSL *s) { - int i, idx; - long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - SESS_CERT *sc; - RSA *rsa; + int i, idx; + long alg_k, alg_a; + EVP_PKEY *pkey = NULL; + SESS_CERT *sc; + RSA *rsa; #ifndef OPENSSL_NO_DH - DH *dh; + DH *dh; #endif alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; - /* we don't have a certificate */ + /* We don't have a certificate. */ if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) return (1); sc = s->session->sess_cert; if (sc == NULL) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + ERR_R_INTERNAL_ERROR); goto err; } @@ -2870,15 +3108,16 @@ ssl3_check_cert_and_algorithm(SSL *s) dh = s->session->sess_cert->peer_dh_tmp; #endif - /* This is the passed certificate */ + /* This is the passed certificate. */ idx = sc->peer_cert_type; #ifndef OPENSSL_NO_ECDH if (idx == SSL_PKEY_ECC) { if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, - s) == 0) + s) == 0) { /* check failed */ - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_BAD_ECC_CERT); goto f_err; } else { return 1; @@ -2892,59 +3131,71 @@ ssl3_check_cert_and_algorithm(SSL *s) /* Check that we have a certificate if we require one */ if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_SIGNING_CERT); goto f_err; } else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DSA_SIGNING_CERT); goto f_err; } if ((alg_k & SSL_kRSA) && !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kEDH) && !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DH_KEY); goto f_err; } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DH_RSA_CERT); goto f_err; } else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DH_DSA_CERT); goto f_err; } #endif - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + !has_bits(i, EVP_PKT_EXP)) { if (alg_k & SSL_kRSA) { - if (rsa == NULL || - RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + if (rsa == NULL || RSA_size(rsa) * 8 > + SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; } } else #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { - if (dh == NULL || - DH_size(dh) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); + if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { + if (dh == NULL || DH_size(dh) * 8 > + SSL_C_EXPORT_PKEYLENGTH( + s->s3->tmp.new_cipher)) { + SSLerr( + SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; + } + } else +#endif + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } - } else -#endif - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } } return (1); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); -err: + err: return (0); } @@ -2952,8 +3203,8 @@ err: int ssl3_send_next_proto(SSL *s) { - unsigned int len, padding_len; - unsigned char *d; + unsigned int len, padding_len; + unsigned char *d; if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { len = s->next_proto_negotiated_len; @@ -2974,7 +3225,8 @@ ssl3_send_next_proto(SSL *s) } #endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ -/* Check to see if handshake is full or resumed. Usually this is just a +/* + * Check to see if handshake is full or resumed. Usually this is just a * case of checking to see if a cache hit has occurred. In the case of * session tickets we have to check the next message to be sure. */ @@ -2983,8 +3235,9 @@ ssl3_send_next_proto(SSL *s) int ssl3_check_finished(SSL *s) { - int ok; - long n; + int ok; + long n; + /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) return 1; @@ -3006,7 +3259,8 @@ ssl3_check_finished(SSL *s) int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { - int i = 0; + int i = 0; + #ifndef OPENSSL_NO_ENGINE if (s->ctx->client_cert_engine) { i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index c79464da55a..28a3d51b9e5 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -2743,9 +2743,11 @@ SSL3_ENC_METHOD SSLv3_enc_data = { long ssl3_default_timeout(void) { - /* 2 hours, the 24 hours mentioned in the SSLv3 spec - * is way too long for http, the cache would over fill */ - return (60*60*2); + /* + * 2 hours, the 24 hours mentioned in the SSLv3 spec + * is way too long for http, the cache would over fill + */ + return (60 * 60 * 2); } int @@ -2769,13 +2771,14 @@ ssl3_pending(const SSL *s) if (s->rstate == SSL_ST_READ_BODY) return 0; - return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? + s->s3->rrec.length : 0; } int ssl3_new(SSL *s) { - SSL3_STATE *s3; + SSL3_STATE *s3; if ((s3 = calloc(1, sizeof *s3)) == NULL) goto err; @@ -2840,9 +2843,9 @@ ssl3_free(SSL *s) void ssl3_clear(SSL *s) { - unsigned char *rp, *wp; - size_t rlen, wlen; - int init_extra; + unsigned char *rp, *wp; + size_t rlen, wlen; + int init_extra; #ifdef TLSEXT_TYPE_opaque_prf_input if (s->s3->client_opaque_prf_input != NULL) @@ -2932,7 +2935,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_MALLOC_FAILURE); return (0); } } @@ -2959,18 +2963,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) + (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) + > (512 / 8)))) ret = 1; break; case SSL_CTRL_SET_TMP_RSA: { RSA *rsa = (RSA *)parg; if (rsa == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_PASSED_NULL_PARAMETER); return (ret); } if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_RSA_LIB); return (ret); } if (s->cert->rsa_tmp != NULL) @@ -2981,7 +2988,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_RSA_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } break; @@ -2990,17 +2998,20 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { DH *dh = (DH *)parg; if (dh == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_PASSED_NULL_PARAMETER); return (ret); } if ((dh = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_DH_LIB); return (ret); } if (!(s->options & SSL_OP_SINGLE_DH_USE)) { if (!DH_generate_key(dh)) { DH_free(dh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_DH_LIB); return (ret); } } @@ -3012,7 +3023,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_DH_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } break; @@ -3023,18 +3035,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_PASSED_NULL_PARAMETER); return (ret); } if (!EC_KEY_up_ref((EC_KEY *)parg)) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_ECDH_LIB); return (ret); } ecdh = (EC_KEY *)parg; if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_ECDH_LIB); return (ret); } } @@ -3046,7 +3061,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } break; @@ -3062,15 +3078,19 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (parg == NULL) break; if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { - SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); + SSLerr(SSL_F_SSL3_CTRL, + SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); + if ((s->tlsext_hostname = BUF_strdup((char *)parg)) + == NULL) { + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_INTERNAL_ERROR); return 0; } } else { - SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); + SSLerr(SSL_F_SSL3_CTRL, + SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return 0; } break; @@ -3082,9 +3102,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifdef TLSEXT_TYPE_opaque_prf_input case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: if (larg > 12288) { - /* actual internal limit is 2^16 for the complete hello message - * (including the cert chain and everything) */ - SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); + /* + * Actual internal limit is 2^16 for the complete + * hello message (including the cert chain and + * everything) + */ + SSLerr(SSL_F_SSL3_CTRL, + SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); break; } if (s->tlsext_opaque_prf_input != NULL) @@ -3148,11 +3172,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { - int ret = 0; + int ret = 0; if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_CALLBACK_CTRL, + ERR_R_MALLOC_FAILURE); return (0); } } @@ -3173,14 +3198,15 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH_CB: { - s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; + s->cert->ecdh_tmp_cb = + (EC_KEY *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb = (void (*)(SSL *, int , int, - unsigned char *, int, void *))fp; + unsigned char *, int, void *))fp; break; #endif default: @@ -3192,7 +3218,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { - CERT *cert; + CERT *cert; cert = ctx->cert; @@ -3200,7 +3226,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_NEED_TMP_RSA: if ((cert->rsa_tmp == NULL) && ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) + (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > + (512 / 8)))) return (1); else return (0); @@ -3219,7 +3246,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) i = 0; } if (!i) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_RSA_LIB); return (0); } else { if (cert->rsa_tmp != NULL) @@ -3231,7 +3259,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* break; */ case SSL_CTRL_SET_TMP_RSA_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } break; @@ -3242,12 +3271,14 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) dh = (DH *)parg; if ((new = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_DH_LIB); return 0; } if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { if (!DH_generate_key(new)) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_DH_LIB); DH_free(new); return 0; } @@ -3260,7 +3291,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /*break; */ case SSL_CTRL_SET_TMP_DH_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } break; @@ -3271,18 +3303,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_ECDH_LIB); return 0; } ecdh = EC_KEY_dup((EC_KEY *)parg); if (ecdh == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_EC_LIB); return 0; } if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_ECDH_LIB); return 0; } } @@ -3296,7 +3331,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* break; */ case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } break; @@ -3312,17 +3348,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (!keys) return 48; if (larg != 48) { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); + SSLerr(SSL_F_SSL3_CTX_CTRL, + SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { memcpy(ctx->tlsext_tick_key_name, keys, 16); - memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); + memcpy(ctx->tlsext_tick_hmac_key, + keys + 16, 16); memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); } else { memcpy(keys, ctx->tlsext_tick_key_name, 16); - memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); - memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); + memcpy(keys + 16, + ctx->tlsext_tick_hmac_key, 16); + memcpy(keys + 32, + ctx->tlsext_tick_aes_key, 16); } return 1; } @@ -3346,17 +3386,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->srp_ctx.login = NULL; if (parg == NULL) break; - if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); + if (strlen((const char *)parg) > 255 || + strlen((const char *)parg) < 1) { + SSLerr(SSL_F_SSL3_CTX_CTRL, + SSL_R_INVALID_SRP_USERNAME); return 0; } if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_INTERNAL_ERROR); return 0; } break; case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = + srp_password_from_info_cb; ctx->srp_ctx.info = parg; break; case SSL_CTRL_SET_SRP_ARG: @@ -3399,7 +3443,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { - CERT *cert; + CERT *cert; cert = ctx->cert; @@ -3425,12 +3469,14 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; + ctx->tlsext_servername_callback = + (int (*)(SSL *, int *, void *))fp; break; #ifdef TLSEXT_TYPE_opaque_prf_input case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp; + ctx->tlsext_opaque_prf_input_callback = + (int (*)(SSL *, void *, size_t, void *))fp; break; #endif @@ -3472,9 +3518,9 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) const SSL_CIPHER * ssl3_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c; - const SSL_CIPHER *cp; - unsigned long id; + SSL_CIPHER c; + const SSL_CIPHER *cp; + unsigned long id; id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; c.id = id; @@ -3492,7 +3538,7 @@ ssl3_get_cipher_by_char(const unsigned char *p) int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { - long l; + long l; if (p != NULL) { l = c->id; @@ -3507,9 +3553,9 @@ ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) { - SSL_CIPHER *c, *ret = NULL; - STACK_OF(SSL_CIPHER) *prio, *allow; - int i, ii, ok; + SSL_CIPHER *c, *ret = NULL; + STACK_OF(SSL_CIPHER) *prio, *allow; + int i, ii, ok; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) unsigned int j; int ec_ok, ec_nid; @@ -3522,7 +3568,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, cert = s->cert; #if 0 - /* Do not set the compare functions, because this may lead to a + /* + * Do not set the compare functions, because this may lead to a * reordering by "id". We want to keep the original ordering. * We may pay a price in performance during sk_SSL_CIPHER_find(), * but would have to pay with the price of sk_SSL_CIPHER_dup(). @@ -3532,12 +3579,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #endif #ifdef CIPHER_DEBUG - printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); + printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), + (void *)srvr); for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { c = sk_SSL_CIPHER_value(srvr, i); printf("%p:%s\n",(void *)c, c->name); } - printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); + printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), + (void *)clnt); for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { c = sk_SSL_CIPHER_value(clnt, i); printf("%p:%s\n",(void *)c, c->name); @@ -3592,26 +3641,35 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (SSL_C_IS_EXPORT(c)) { ok = (alg_k & emask_k) && (alg_a & emask_a); #ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a, - (void *)c, c->name); + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", + ok, alg_k, alg_a, emask_k, emask_a, (void *)c, + c->name); #endif } else { ok = (alg_k & mask_k) && (alg_a & mask_a); #ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c, - c->name); + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", + ok, alg_k, alg_a, mask_k, mask_a,(void *)c, + c->name); #endif } #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC if ( - /* if we are considering an ECC cipher suite that uses our certificate */ + /* + * if we are considering an ECC cipher suite that uses our + * certificate + */ (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) /* and we have an ECC certificate */ && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) - /* and the client specified a Supported Point Formats extension */ - && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) + /* + * and the client specified a Supported Point Formats + * extension + */ + && ((s->session->tlsext_ecpointformatlist_length > 0) && + (s->session->tlsext_ecpointformatlist != NULL)) /* and our certificate's point is compressed */ && ( (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) @@ -3625,8 +3683,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ) ) { ec_ok = 0; - /* if our certificate's curve is over a field type that the client does not support - * then do not allow this cipher suite to be negotiated */ + /* + * If our certificate's curve is over a field type + * that the client does not support then do not allow + * this cipher suite to be negotiated + */ if ( (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) @@ -3650,7 +3711,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ok = ok && ec_ok; } if ( - /* if we are considering an ECC cipher suite that uses our certificate */ + /* + * If we are considering an ECC cipher suite that uses our + * certificate + */ (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) /* and we have an ECC certificate */ && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) @@ -3689,7 +3753,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ok = ok && ec_ok; } if ( - /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ + /* + * if we are considering an ECC cipher suite that uses an + * ephemeral EC key + */ (alg_k & SSL_kEECDH) /* and we have an ephemeral EC key */ && (s->cert->ecdh_tmp != NULL) @@ -3732,7 +3799,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) - if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { + if ((alg_k & SSL_kEECDH) && + (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { if (!ret) ret = sk_SSL_CIPHER_value(allow, ii); continue; @@ -3748,8 +3816,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { - int ret = 0; - unsigned long alg_k; + int ret = 0; + unsigned long alg_k; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -3784,7 +3852,8 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) #endif #ifndef OPENSSL_NO_ECDSA - /* ECDSA certs can be used with RSA cipher suites as well + /* + * ECDSA certs can be used with RSA cipher suites as well * so we don't need to check for SSL_kECDH or SSL_kEECDH */ if (s->version >= TLS1_VERSION) { @@ -3797,10 +3866,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) int ssl3_shutdown(SSL *s) { - int ret; + int ret; - /* Don't do anything much if we have not done the handshake or - * we don't want to send messages :-) */ + /* + * Don't do anything much if we have not done the handshake or + * we don't want to send messages :-) + */ if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); @@ -3811,8 +3882,10 @@ ssl3_shutdown(SSL *s) #if 1 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); #endif - /* our shutdown alert has been sent now, and if it still needs - * to be written, s->s3->alert_dispatch will be true */ + /* + * Our shutdown alert has been sent now, and if it still needs + * to be written, s->s3->alert_dispatch will be true + */ if (s->s3->alert_dispatch) return(-1); /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { @@ -3820,10 +3893,12 @@ ssl3_shutdown(SSL *s) #if 1 ret = s->method->ssl_dispatch_alert(s); if (ret == -1) { - /* we only get to return -1 here the 2nd/Nth + /* + * We only get to return -1 here the 2nd/Nth * invocation, we must have already signalled * return 0 upon a previous invoation, - * return WANT_WRITE */ + * return WANT_WRITE + */ return (ret); } #endif @@ -3845,7 +3920,7 @@ ssl3_shutdown(SSL *s) int ssl3_write(SSL *s, const void *buf, int len) { - int ret, n; + int ret, n; #if 0 if (s->shutdown & SSL_SEND_SHUTDOWN) { @@ -3857,16 +3932,18 @@ ssl3_write(SSL *s, const void *buf, int len) if (s->s3->renegotiate) ssl3_renegotiate_check(s); - /* This is an experimental flag that sends the + /* + * This is an experimental flag that sends the * last handshake message in the same packet as the first * use data - used to see if it helps the TCP protocol during - * session-id reuse */ + * session-id reuse + */ /* The second test is because the buffer may have been removed */ if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { /* First time through, we write into the buffer */ if (s->s3->delay_buf_pop_ret == 0) { ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len); + buf, len); if (ret <= 0) return (ret); @@ -3887,7 +3964,7 @@ ssl3_write(SSL *s, const void *buf, int len) s->s3->delay_buf_pop_ret = 0; } else { ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len); + buf, len); if (ret <= 0) return (ret); } @@ -3898,21 +3975,25 @@ ssl3_write(SSL *s, const void *buf, int len) static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) { - int ret; + int ret; errno = 0; if (s->s3->renegotiate) ssl3_renegotiate_check(s); s->s3->in_read_app_data = 1; - ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); + ret = s->method->ssl_read_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len, peek); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { - /* ssl3_read_bytes decided to call s->handshake_func, which + /* + * ssl3_read_bytes decided to call s->handshake_func, which * called ssl3_read_bytes to read handshake data. * However, ssl3_read_bytes actually found application data * and thinks that application data makes sense here; so disable - * handshake processing and try to read application data again. */ + * handshake processing and try to read application data again. + */ s->in_handshake++; - ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); + ret = s->method->ssl_read_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len, peek); s->in_handshake--; } else s->s3->in_read_app_data = 0; @@ -3948,7 +4029,7 @@ ssl3_renegotiate(SSL *s) int ssl3_renegotiate_check(SSL *s) { - int ret = 0; + int ret = 0; if (s->s3->renegotiate) { if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && @@ -3968,13 +4049,14 @@ ssl3_renegotiate_check(SSL *s) } return (ret); } -/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch +/* + * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch * to new SHA256 PRF and handshake macs */ long ssl_get_algorithm2(SSL *s) { - long alg2 = s->s3->tmp.new_cipher->algorithm2; + long alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->method->version == TLS1_2_VERSION && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 0cd40f3a2d0..b63f0bf0c99 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -181,10 +181,10 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method, int ssl3_connect(SSL *s) { - BUF_MEM *buf = NULL; - void (*cb)(const SSL *ssl, int type, int val) = NULL; - int ret = -1; - int new_state, state, skip = 0; + BUF_MEM *buf = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; + int ret = -1; + int new_state, state, skip = 0; ERR_clear_error(); errno = 0; @@ -217,7 +217,8 @@ ssl3_connect(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version & 0xff00 ) != 0x0300) { - SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CONNECT, + ERR_R_INTERNAL_ERROR); ret = -1; goto end; } @@ -230,7 +231,8 @@ ssl3_connect(SSL *s) ret = -1; goto end; } - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { + if (!BUF_MEM_grow(buf, + SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; goto end; } @@ -309,10 +311,11 @@ ssl3_connect(SSL *s) break; } #endif - /* Check if it is anon DH/ECDH */ - /* or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + /* Check if it is anon DH/ECDH or PSK */ + if (!(s->s3->tmp.new_cipher->algorithm_auth & + SSL_aNULL) && + !(s->s3->tmp.new_cipher->algorithm_mkey & + SSL_kPSK)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -342,8 +345,10 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CR_CERT_REQ_A; s->init_num = 0; - /* at this point we check that we have the - * required stuff from the server */ + /* + * At this point we check that we have the + * required stuff from the server. + */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; goto end; @@ -367,8 +372,10 @@ ssl3_connect(SSL *s) #ifndef OPENSSL_NO_SRP if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if ((ret = SRP_Calc_A_param(s)) <= 0) { - SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CONNECT, + SSL_R_SRP_A_CALC); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_INTERNAL_ERROR); goto end; } } @@ -397,11 +404,16 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_key_exchange(s); if (ret <= 0) goto end; - /* EAY EAY EAY need to check for DH fix cert - * sent back */ - /* For TLS, cert_req is set to 2, so a cert chain - * of nothing is sent, but no verify packet is sent */ - /* XXX: For now, we do not support client + /* + * EAY EAY EAY need to check for DH fix cert + * sent back + */ + /* + * For TLS, cert_req is set to 2, so a cert chain + * of nothing is sent, but no verify packet is sent + */ + /* + * XXX: For now, we do not support client * authentication in ECDH cipher suites with * ECDH (rather than ECDSA) certificates. * We need to skip the certificate verify @@ -457,7 +469,7 @@ ssl3_connect(SSL *s) s->session->compress_meth = 0; else s->session->compress_meth = - s->s3->tmp.new_compression->id; + s->s3->tmp.new_compression->id; #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; @@ -465,7 +477,7 @@ ssl3_connect(SSL *s) } if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; goto end; } @@ -496,7 +508,8 @@ ssl3_connect(SSL *s) s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; if (s->hit) { s->s3->tmp.next_state = SSL_ST_OK; - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { + if (s->s3->flags & + SSL3_FLAGS_DELAY_CLIENT_FINISHED) { s->state = SSL_ST_OK; s->s3->flags|=SSL3_FLAGS_POP_BUFFER; s->s3->delay_buf_pop_ret = 0; @@ -505,7 +518,8 @@ ssl3_connect(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) - s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->tmp.next_state = + SSL3_ST_CR_SESSION_TICKET_A; else #endif @@ -568,8 +582,10 @@ ssl3_connect(SSL *s) s->init_buf = NULL; } - /* If we are not 'joining' the last two packets, - * remove the buffering now */ + /* + * If we are not 'joining' the last two packets, + * remove the buffering now + */ if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) ssl_free_wbio_buffer(s); /* else do it later in ssl3_write */ @@ -594,7 +610,8 @@ ssl3_connect(SSL *s) /* break; */ default: - SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); + SSLerr(SSL_F_SSL3_CONNECT, + SSL_R_UNKNOWN_STATE); ret = -1; goto end; /* break; */ @@ -616,7 +633,7 @@ ssl3_connect(SSL *s) } skip = 0; } -end: + end: s->in_handshake--; if (buf != NULL) BUF_MEM_free(buf); @@ -629,13 +646,13 @@ end: int ssl3_client_hello(SSL *s) { - unsigned char *buf; - unsigned char *p, *d; - int i; - unsigned long l; + unsigned char *buf; + unsigned char *p, *d; + int i; + unsigned long l; #ifndef OPENSSL_NO_COMP - int j; - SSL_COMP *comp; + int j; + SSL_COMP *comp; #endif buf = (unsigned char *)s->init_buf->data; @@ -660,9 +677,10 @@ ssl3_client_hello(SSL *s) goto err; /* Do the message type and length last */ - d = p= &(buf[4]); + d = p = &(buf[4]); - /* version indicates the negotiated version: for example from + /* + * Version indicates the negotiated version: for example from * an SSLv2/v3 compatible client hello). The client_version * field is the maximum version we permit and it is also * used in RSA encrypted premaster secrets. Some servers can @@ -697,7 +715,7 @@ ssl3_client_hello(SSL *s) s->client_version = s->version; #else *(p++) = s->client_version >> 8; - *(p++) = s->client_version&0xff; + *(p++) = s->client_version & 0xff; #endif /* Random stuff */ @@ -712,7 +730,8 @@ ssl3_client_hello(SSL *s) *(p++) = i; if (i != 0) { if (i > (int)sizeof(s->session->session_id)) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); goto err; } memcpy(p, s->session->session_id, i); @@ -722,11 +741,13 @@ ssl3_client_hello(SSL *s) /* Ciphers supported */ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); if (i == 0) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSL_R_NO_CIPHERS_AVAILABLE); goto err; } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* Some servers hang if client hello > 256 bytes + /* + * Some servers hang if client hello > 256 bytes * as hack workaround chop number of supported ciphers * to keep it well below this if we use TLS v1.2 */ @@ -758,11 +779,14 @@ ssl3_client_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (ssl_prepare_clienthello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + SSL_R_CLIENTHELLO_TLSEXT); goto err; } - if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + if ((p = ssl_add_clienthello_tlsext(s, p, + buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { + SSLerr(SSL_F_SSL3_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); goto err; } #endif @@ -780,21 +804,21 @@ ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); -err: + err: return (-1); } int ssl3_get_server_hello(SSL *s) { - STACK_OF(SSL_CIPHER) *sk; - const SSL_CIPHER *c; - unsigned char *p, *d; - int i, al, ok; - unsigned int j; - long n; + STACK_OF(SSL_CIPHER) *sk; + const SSL_CIPHER *c; + unsigned char *p, *d; + int i, al, ok; + unsigned int j; + long n; #ifndef OPENSSL_NO_COMP - SSL_COMP *comp; + SSL_COMP *comp; #endif n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -803,7 +827,8 @@ ssl3_get_server_hello(SSL *s) if (!ok) return ((int)n); - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { + if (SSL_version(s) == DTLS1_VERSION || + SSL_version(s) == DTLS1_BAD_VER) { if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { s->s3->tmp.reuse_message = 1; @@ -812,7 +837,8 @@ ssl3_get_server_hello(SSL *s) else /* already sent a cookie */ { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } } @@ -820,14 +846,16 @@ ssl3_get_server_hello(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } d = p=(unsigned char *)s->init_msg; if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_WRONG_SSL_VERSION); s->version = (s->version&0xff00)|p[1]; al = SSL_AD_PROTOCOL_VERSION; goto f_err; @@ -842,14 +870,19 @@ ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); - if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { + if ((j > sizeof s->session->session_id) || + (j > SSL3_SESSION_ID_SIZE)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } #ifndef OPENSSL_NO_TLSEXT - /* check if we want to resume the session based on external pre-shared secret */ + /* + * Check if we want to resume the session based on external + * pre-shared secret + */ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); @@ -865,16 +898,17 @@ ssl3_get_server_hello(SSL *s) if (j != 0 && j == s->session->session_id_length && memcmp(p, s->session->session_id, j) == 0) { if (s->sid_ctx_length != s->session->sid_ctx_length || - memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { + memcmp(s->session->sid_ctx, + s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } s->hit = 1; - } - else /* a miss or crap from the other end */ - { + } else { /* a miss or crap from the other end */ + /* If we were trying for session-id reuse, make a new * SSL_SESSION so we don't stuff up other people */ s->hit = 0; @@ -892,14 +926,16 @@ ssl3_get_server_hello(SSL *s) if (c == NULL) { /* unknown cipher */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_UNKNOWN_CIPHER_RETURNED); goto f_err; } /* TLS v1.2 only ciphersuites require v1.2 or later */ if ((c->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_version(s) < TLS1_2_VERSION)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } p += ssl_put_cipher_by_char(s, NULL, NULL); @@ -909,25 +945,31 @@ ssl3_get_server_hello(SSL *s) if (i < 0) { /* we did not say we would use this cipher */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } - /* Depending on the session caching (internal/external), the cipher - and/or cipher_id values may not be set. Make sure that - cipher_id is set and use it for comparison. */ + /* + * Depending on the session caching (internal/external), the cipher + * and/or cipher_id values may not be set. Make sure that + * cipher_id is set and use it for comparison. + */ if (s->session->cipher) s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto f_err; } s->s3->tmp.new_cipher = c; - /* Don't digest cached records if TLS v1.2: we may need them for + /* + * Don't digest cached records if TLS v1.2: we may need them for * client authentication. */ - if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) { + if (TLS1_get_version(s) < TLS1_2_VERSION && + !ssl3_digest_cached_records(s)) { al = SSL_AD_INTERNAL_ERROR; goto f_err; } @@ -936,36 +978,42 @@ ssl3_get_server_hello(SSL *s) #ifdef OPENSSL_NO_COMP if (*(p++) != 0) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } - /* If compression is disabled we'd better not try to resume a session + /* + * If compression is disabled we'd better not try to resume a session * using compression. */ if (s->session->compress_meth != 0) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_INCONSISTENT_COMPRESSION); goto f_err; } #else j= *(p++); if (s->hit && j != s->session->compress_meth) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); goto f_err; } if (j == 0) comp = NULL; else if (s->options & SSL_OP_NO_COMPRESSION) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_COMPRESSION_DISABLED); goto f_err; } else comp = ssl3_comp_find(s->ctx->comp_methods, j); if ((j != 0) && (comp == NULL)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } else { s->s3->tmp.new_compression = comp; @@ -977,12 +1025,14 @@ ssl3_get_server_hello(SSL *s) if (s->version >= SSL3_VERSION) { if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) { /* 'al' set by ssl_parse_serverhello_tlsext */ - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_PARSE_TLSEXT); goto f_err; } if (ssl_check_serverhello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_SERVERHELLO_TLSEXT); goto err; } } @@ -991,29 +1041,32 @@ ssl3_get_server_hello(SSL *s) if (p != (d + n)) { /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_BAD_PACKET_LENGTH); goto f_err; } return (1); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: return (-1); } int ssl3_get_server_certificate(SSL *s) { - int al, i, ok, ret = -1; - unsigned long n, nc, llen, l; - X509 *x = NULL; - const unsigned char *q, *p; - unsigned char *d; - STACK_OF(X509) *sk = NULL; - SESS_CERT *sc; - EVP_PKEY *pkey = NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ + int al, i, ok, ret = -1; + unsigned long n, nc, llen, l; + X509 *x = NULL; + const unsigned char *q, *p; + unsigned char *d; + STACK_OF(X509) *sk = NULL; + SESS_CERT *sc; + EVP_PKEY *pkey = NULL; + + /* VRS: 0=> will allow null cert if auth == KRB5 */ + int need_cert = 1; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); @@ -1030,27 +1083,31 @@ ssl3_get_server_certificate(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } p = d = (unsigned char *)s->init_msg; if ((sk = sk_X509_new_null()) == NULL) { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + ERR_R_MALLOC_FAILURE); goto err; } n2l3(p, llen); if (llen + 3 != n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_LENGTH_MISMATCH); goto f_err; } for (nc = 0; nc < llen; ) { n2l3(p, l); if ((l + nc + 3) > llen) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } @@ -1058,16 +1115,19 @@ ssl3_get_server_certificate(SSL *s) x = d2i_X509(NULL, &q, l); if (x == NULL) { al = SSL_AD_BAD_CERTIFICATE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + ERR_R_ASN1_LIB); goto f_err; } if (q != (p + l)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } if (!sk_X509_push(sk, x)) { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + ERR_R_MALLOC_FAILURE); goto err; } x = NULL; @@ -1083,7 +1143,8 @@ ssl3_get_server_certificate(SSL *s) #endif /* OPENSSL_NO_KRB5 */ ) { al = ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERTIFICATE_VERIFY_FAILED); goto f_err; } @@ -1098,8 +1159,10 @@ ssl3_get_server_certificate(SSL *s) s->session->sess_cert = sc; sc->cert_chain = sk; - /* Inconsistency alert: cert_chain does include the peer's - * certificate, which we don't include in s3_srvr.c */ + /* + * Inconsistency alert: cert_chain does include the peer's + * certificate, which we don't include in s3_srvr.c + */ x = sk_X509_value(sk, 0); sk = NULL; /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ @@ -1108,17 +1171,19 @@ ssl3_get_server_certificate(SSL *s) /* VRS: allow null cert if auth == KRB5 */ need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) - ? 0 : 1; + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) + ? 0 : 1; #ifdef KSSL_DEBUG printf("pkey, x = %p, %p\n", pkey, x); printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey)); - printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); + printf("cipher, alg, nc = %s, %lx, %lx, %d\n", + s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey, + s->s3->tmp.new_cipher->algorithm_auth, need_cert); #endif /* KSSL_DEBUG */ - if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { + if (need_cert && ((pkey == NULL) || + EVP_PKEY_missing_parameters(pkey))) { x = NULL; al = SSL3_AL_FATAL; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1138,8 +1203,10 @@ ssl3_get_server_certificate(SSL *s) if (need_cert) { sc->peer_cert_type = i; CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - /* Why would the following ever happen? - * We just created sc a couple of lines ago. */ + /* + * Why would the following ever happen? + * We just created sc a couple of lines ago. + */ if (sc->peer_pkeys[i].x509 != NULL) X509_free(sc->peer_pkeys[i].x509); sc->peer_pkeys[i].x509 = x; @@ -1163,10 +1230,10 @@ ssl3_get_server_certificate(SSL *s) ret = 1; if (0) { -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } -err: + err: EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -1176,27 +1243,29 @@ err: int ssl3_get_key_exchange(SSL *s) { - unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; - EVP_MD_CTX md_ctx; - unsigned char *param, *p; - int al, i, j, param_len, ok; - long n, alg_k, alg_a; - EVP_PKEY *pkey = NULL; - const EVP_MD *md = NULL; - RSA *rsa = NULL; + unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; + EVP_MD_CTX md_ctx; + unsigned char *param, *p; + int al, i, j, param_len, ok; + long n, alg_k, alg_a; + EVP_PKEY *pkey = NULL; + const EVP_MD *md = NULL; + RSA *rsa = NULL; #ifndef OPENSSL_NO_DH - DH *dh = NULL; + DH *dh = NULL; #endif #ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh = NULL; - BN_CTX *bn_ctx = NULL; - EC_POINT *srvr_ecpoint = NULL; - int curve_nid = 0; - int encoded_pt_len = 0; + EC_KEY *ecdh = NULL; + BN_CTX *bn_ctx = NULL; + EC_POINT *srvr_ecpoint = NULL; + int curve_nid = 0; + int encoded_pt_len = 0; #endif - /* use same message size as in ssl3_get_certificate_request() - * as ServerKeyExchange message may be skipped */ + /* + * Use same message size as in ssl3_get_certificate_request() + * as ServerKeyExchange message may be skipped. + */ n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); if (!ok) @@ -1204,10 +1273,11 @@ ssl3_get_key_exchange(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { #ifndef OPENSSL_NO_PSK - /* In plain PSK ciphersuite, ServerKeyExchange can be - omitted if no identity hint is sent. Set - session->sess_cert anyway to avoid problems - later.*/ + /* + * In plain PSK ciphersuite, ServerKeyExchange can be + * omitted if no identity hint is sent. Set session->sess_cert + * anyway to avoid problems later. + */ if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { s->session->sess_cert = ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1253,32 +1323,37 @@ ssl3_get_key_exchange(SSL *s) al = SSL_AD_HANDSHAKE_FAILURE; n2s(p, i); param_len = i + 2; - /* Store PSK identity hint for later use, hint is used + /* + * Store PSK identity hint for later use, hint is used * in ssl3_send_client_key_exchange. Assume that the * maximum length of a PSK identity hint can be as - * long as the maximum length of a PSK identity. */ + * long as the maximum length of a PSK identity. + */ if (i > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); + SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } if (param_len > n) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); + SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); goto f_err; } - /* If received PSK identity hint contains NULL + /* + * If received PSK identity hint contains NULL * characters, the hint is truncated from the first * NULL. p may not be ending with NULL, so create a - * NULL-terminated string. */ + * NULL-terminated string. + */ memcpy(tmp_id_hint, p, i); memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); if (s->ctx->psk_identity_hint != NULL) free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto f_err; } @@ -1292,11 +1367,13 @@ ssl3_get_key_exchange(SSL *s) param_len = i + 2; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_N_LENGTH); goto f_err; } if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; @@ -1305,11 +1382,13 @@ ssl3_get_key_exchange(SSL *s) param_len += i + 2; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_G_LENGTH); goto f_err; } if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; @@ -1319,11 +1398,13 @@ ssl3_get_key_exchange(SSL *s) param_len += i + 1; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_S_LENGTH); goto f_err; } if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; @@ -1332,224 +1413,268 @@ ssl3_get_key_exchange(SSL *s) param_len += i + 2; if (param_len > n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SRP_B_LENGTH); goto f_err; } if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); goto err; } p += i; n -= param_len; -/* We must check if there is a certificate */ + /* We must check if there is a certificate */ if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); else if (alg_a & SSL_aDSS) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_DSA_SIGN].x509); } else #endif /* !OPENSSL_NO_SRP */ - if (alg_k & SSL_kRSA) { - if ((rsa = RSA_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } - n2s(p, i); - param_len = i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH); - goto f_err; - } - if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; + if (alg_k & SSL_kRSA) { + if ((rsa = RSA_new()) == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } + n2s(p, i); + param_len = i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_RSA_MODULUS_LENGTH); + goto f_err; + } + if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; - n2s(p, i); - param_len += i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH); - goto f_err; - } - if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; - n -= param_len; + n2s(p, i); + param_len += i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_RSA_E_LENGTH); + goto f_err; + } + if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; + n -= param_len; - /* this should be because we are using an export cipher */ - if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - else { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; + /* + * This should be because we are using an + * export cipher + */ + if (alg_a & SSL_aRSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); + else { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + s->session->sess_cert->peer_rsa_tmp = rsa; + rsa = NULL; } - s->session->sess_cert->peer_rsa_tmp = rsa; - rsa = NULL; - } #ifndef OPENSSL_NO_DH - else if (alg_k & SSL_kEDH) { - if ((dh = DH_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); - goto err; - } - n2s(p, i); - param_len = i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH); - goto f_err; - } - if (!(dh->p = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; + else if (alg_k & SSL_kEDH) { + if ((dh = DH_new()) == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_DH_LIB); + goto err; + } + n2s(p, i); + param_len = i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_DH_P_LENGTH); + goto f_err; + } + if (!(dh->p = BN_bin2bn(p, i, NULL))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; - n2s(p, i); - param_len += i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH); - goto f_err; - } - if (!(dh->g = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; + n2s(p, i); + param_len += i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_DH_G_LENGTH); + goto f_err; + } + if (!(dh->g = BN_bin2bn(p, i, NULL))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; - n2s(p, i); - param_len += i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH); + n2s(p, i); + param_len += i + 2; + if (param_len > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_DH_PUB_KEY_LENGTH); + goto f_err; + } + if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_BN_LIB); + goto err; + } + p += i; + n -= param_len; + + if (alg_a & SSL_aRSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); + else if (alg_a & SSL_aDSS) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_DSA_SIGN].x509); + /* else anonymous DH, so no certificate or pkey. */ + + s->session->sess_cert->peer_dh_tmp = dh; + dh = NULL; + } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); goto f_err; } - if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - p += i; - n -= param_len; - - if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - else if (alg_a & SSL_aDSS) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); - /* else anonymous DH, so no certificate or pkey. */ - - s->session->sess_cert->peer_dh_tmp = dh; - dh = NULL; - } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; - } #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_ECDH - else if (alg_k & SSL_kEECDH) { - EC_GROUP *ngroup; - const EC_GROUP *group; + else if (alg_k & SSL_kEECDH) { + EC_GROUP *ngroup; + const EC_GROUP *group; - if ((ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } + if ((ecdh = EC_KEY_new()) == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } - /* Extract elliptic curve parameters and the - * server's ephemeral ECDH public key. - * Keep accumulating lengths of various components in - * param_len and make sure it never exceeds n. - */ + /* + * Extract elliptic curve parameters and the + * server's ephemeral ECDH public key. + * Keep accumulating lengths of various components in + * param_len and make sure it never exceeds n. + */ - /* XXX: For now we only support named (not generic) curves - * and the ECParameters in this case is just three bytes. - */ - param_len = 3; - if ((param_len > n) || - (*p != NAMED_CURVE_TYPE) || - ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); - goto f_err; - } + /* + * XXX: For now we only support named (not generic) + * curves and the ECParameters in this case is just + * three bytes. + */ + param_len = 3; + if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || + ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) + == 0)) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + goto f_err; + } - ngroup = EC_GROUP_new_by_curve_name(curve_nid); - if (ngroup == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - if (EC_KEY_set_group(ecdh, ngroup) == 0) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - EC_GROUP_free(ngroup); + ngroup = EC_GROUP_new_by_curve_name(curve_nid); + if (ngroup == NULL) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } + if (EC_KEY_set_group(ecdh, ngroup) == 0) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } + EC_GROUP_free(ngroup); - group = EC_KEY_get0_group(ecdh); + group = EC_KEY_get0_group(ecdh); - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - (EC_GROUP_get_degree(group) > 163)) { - al = SSL_AD_EXPORT_RESTRICTION; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); - goto f_err; - } + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + (EC_GROUP_get_degree(group) > 163)) { + al = SSL_AD_EXPORT_RESTRICTION; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); + goto f_err; + } - p += 3; + p += 3; - /* Next, get the encoded ECPoint */ - if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || - ((bn_ctx = BN_CTX_new()) == NULL)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } + /* Next, get the encoded ECPoint */ + if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || + ((bn_ctx = BN_CTX_new()) == NULL)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } - encoded_pt_len = *p; - /* length of encoded point */ - p += 1; - param_len += (1 + encoded_pt_len); - if ((param_len > n) || - (EC_POINT_oct2point(group, srvr_ecpoint, - p, encoded_pt_len, bn_ctx) == 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); - goto f_err; - } + encoded_pt_len = *p; + /* length of encoded point */ + p += 1; + param_len += (1 + encoded_pt_len); + if ((param_len > n) || + (EC_POINT_oct2point(group, srvr_ecpoint, + p, encoded_pt_len, bn_ctx) == 0)) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_ECPOINT); + goto f_err; + } - n -= param_len; - p += encoded_pt_len; + n -= param_len; + p += encoded_pt_len; - /* The ECC/TLS specification does not mention - * the use of DSA to sign ECParameters in the server - * key exchange message. We do support RSA and ECDSA. - */ - if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + /* + * The ECC/TLS specification does not mention the use + * of DSA to sign ECParameters in the server key + * exchange message. We do support RSA and ECDSA. + */ + if (alg_a & SSL_aRSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); #ifndef OPENSSL_NO_ECDSA - else if (alg_a & SSL_aECDSA) - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); + else if (alg_a & SSL_aECDSA) + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_ECC].x509); #endif - /* else anonymous ECDH, so no certificate or pkey. */ - EC_KEY_set_public_key(ecdh, srvr_ecpoint); - s->session->sess_cert->peer_ecdh_tmp = ecdh; - ecdh = NULL; - BN_CTX_free(bn_ctx); - bn_ctx = NULL; - EC_POINT_free(srvr_ecpoint); - srvr_ecpoint = NULL; - } else if (alg_k) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } + /* Else anonymous ECDH, so no certificate or pkey. */ + EC_KEY_set_public_key(ecdh, srvr_ecpoint); + s->session->sess_cert->peer_ecdh_tmp = ecdh; + ecdh = NULL; + BN_CTX_free(bn_ctx); + bn_ctx = NULL; + EC_POINT_free(srvr_ecpoint); + srvr_ecpoint = NULL; + } else if (alg_k) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } #endif /* !OPENSSL_NO_ECDH */ - /* p points to the next byte, there are 'n' bytes left */ /* if it was signed, check the signature */ @@ -1558,23 +1683,30 @@ ssl3_get_key_exchange(SSL *s) int sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } - /* Check key type is consistent with signature */ + /* + * Check key type is consistent + * with signature + */ if (sigalg != (int)p[1]) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_TYPE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_WRONG_SIGNATURE_TYPE); al = SSL_AD_DECODE_ERROR; goto f_err; } md = tls12_get_hash(p[0]); if (md == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_UNKNOWN_DIGEST); al = SSL_AD_DECODE_ERROR; goto f_err; } #ifdef SSL_DEBUG - fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); + fprintf(stderr, "USING TLSv1.2 HASH %s\n", + EVP_MD_name(md)); #endif p += 2; n -= 2; @@ -1588,11 +1720,13 @@ ssl3_get_key_exchange(SSL *s) if ((i != n) || (n > j) || (n <= 0)) { /* wrong packet length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } - if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { + if (pkey->type == EVP_PKEY_RSA && + TLS1_get_version(s) < TLS1_2_VERSION) { int num; j = 0; @@ -1600,61 +1734,72 @@ ssl3_get_key_exchange(SSL *s) for (num = 2; num > 0; num--) { EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5 : s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); + EVP_DigestInit_ex(&md_ctx, + (num == 2) ? s->ctx->md5 : s->ctx->sha1, + NULL); + EVP_DigestUpdate(&md_ctx, + &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx, + &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx, param, param_len); - EVP_DigestFinal_ex(&md_ctx, q,(unsigned int *)&i); + EVP_DigestFinal_ex(&md_ctx, q, + (unsigned int *)&i); q += i; j += i; } - i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, - pkey->pkey.rsa); + i = RSA_verify(NID_md5_sha1, md_buf, j, + p, n, pkey->pkey.rsa); if (i < 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_RSA_DECRYPT); goto f_err; } if (i == 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SIGNATURE); goto f_err; } - } else - { + } else { EVP_VerifyInit_ex(&md_ctx, md, NULL); - EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx, param, param_len); if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_SIGNATURE); goto f_err; } } } else { - if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) - /* aNULL or kPSK do not need public keys */ - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + /* aNULL or kPSK do not need public keys */ + if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } /* still data left over */ if (n != 0) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } } EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&md_ctx); return (1); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: EVP_PKEY_free(pkey); if (rsa != NULL) RSA_free(rsa); @@ -1675,20 +1820,16 @@ err: int ssl3_get_certificate_request(SSL *s) { - int ok, ret = 0; - unsigned long n, nc, l; - unsigned int llen, ctype_num, i; - X509_NAME *xn = NULL; - const unsigned char *p, *q; - unsigned char *d; - STACK_OF(X509_NAME) *ca_sk = NULL; + int ok, ret = 0; + unsigned long n, nc, l; + unsigned int llen, ctype_num, i; + X509_NAME *xn = NULL; + const unsigned char *p, *q; + unsigned char *d; + STACK_OF(X509_NAME) *ca_sk = NULL; - n = s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, - -1, - s->max_cert_list, - &ok); + n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, + SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok); if (!ok) return ((int)n); @@ -1697,7 +1838,8 @@ ssl3_get_certificate_request(SSL *s) if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { s->s3->tmp.reuse_message = 1; - /* If we get here we don't need any cached handshake records + /* + * If we get here we don't need any cached handshake records * as we wont be doing client auth. */ if (s->s3->handshake_buffer) { @@ -1709,15 +1851,18 @@ ssl3_get_certificate_request(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_WRONG_MESSAGE_TYPE); goto err; } /* TLS does not like anon-DH with client cert */ if (s->version > SSL3_VERSION) { if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; } } @@ -1725,7 +1870,8 @@ ssl3_get_certificate_request(SSL *s) p = d=(unsigned char *)s->init_msg; if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + ERR_R_MALLOC_FAILURE); goto err; } @@ -1743,12 +1889,14 @@ ssl3_get_certificate_request(SSL *s) */ if ((unsigned long)(p - d + llen + 2) > n) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_DATA_LENGTH_TOO_LONG); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_DATA_LENGTH_TOO_LONG); goto err; } if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_SIGNATURE_ALGORITHMS_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } p += llen; @@ -1759,7 +1907,8 @@ ssl3_get_certificate_request(SSL *s) if ((unsigned long)(p - d + llen) != n) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_LENGTH_MISMATCH); goto err; } @@ -1769,7 +1918,8 @@ ssl3_get_certificate_request(SSL *s) if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) goto cont; /* netscape bugs */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_CA_DN_TOO_LONG); goto err; } @@ -1780,19 +1930,23 @@ ssl3_get_certificate_request(SSL *s) if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) goto cont; else { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_DECODE_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + ERR_R_ASN1_LIB); goto err; } } if (q != (p + l)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + SSL_R_CA_DN_LENGTH_MISMATCH); goto err; } if (!sk_X509_NAME_push(ca_sk, xn)) { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, + ERR_R_MALLOC_FAILURE); goto err; } @@ -1801,7 +1955,7 @@ ssl3_get_certificate_request(SSL *s) } if (0) { -cont: + cont: ERR_clear_error(); } @@ -1814,7 +1968,7 @@ cont: ca_sk = NULL; ret = 1; -err: + err: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); @@ -1830,10 +1984,10 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) int ssl3_get_new_session_ticket(SSL *s) { - int ok, al, ret = 0, ticklen; - long n; - const unsigned char *p; - unsigned char *d; + int ok, al, ret = 0, ticklen; + long n; + const unsigned char *p; + unsigned char *d; n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); @@ -1846,13 +2000,15 @@ ssl3_get_new_session_ticket(SSL *s) } if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_BAD_MESSAGE_TYPE); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSL_R_BAD_MESSAGE_TYPE); goto f_err; } if (n < 6) { /* need at least ticket_lifetime_hint + ticket length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1862,7 +2018,8 @@ ssl3_get_new_session_ticket(SSL *s) /* ticket_lifetime_hint + ticket_length + ticket */ if (ticklen + 6 != n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + SSL_R_LENGTH_MISMATCH); goto f_err; } if (s->session->tlsext_tick) { @@ -1871,12 +2028,14 @@ ssl3_get_new_session_ticket(SSL *s) } s->session->tlsext_tick = malloc(ticklen); if (!s->session->tlsext_tick) { - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, + ERR_R_MALLOC_FAILURE); goto err; } memcpy(s->session->tlsext_tick, p, ticklen); s->session->tlsext_ticklen = ticklen; - /* There are two ways to detect a resumed ticket sesion. + /* + * There are two ways to detect a resumed ticket sesion. * One is to set an appropriate session ID and then the server * must return a match in ServerHello. This allows the normal * client session ID matching to work and we know much @@ -1891,23 +2050,22 @@ ssl3_get_new_session_ticket(SSL *s) * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the * ticket. */ - EVP_Digest(p, ticklen, - s->session->session_id, &s->session->session_id_length, - EVP_sha256(), NULL); + EVP_Digest(p, ticklen, s->session->session_id, + &s->session->session_id_length, EVP_sha256(), NULL); ret = 1; return (ret); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: return (-1); } int ssl3_get_cert_status(SSL *s) { - int ok, al; - unsigned long resplen, n; - const unsigned char *p; + int ok, al; + unsigned long resplen, n; + const unsigned char *p; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A, @@ -1921,19 +2079,22 @@ ssl3_get_cert_status(SSL *s) if (n < 4) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_LENGTH_MISMATCH); goto f_err; } p = (unsigned char *)s->init_msg; if (*p++ != TLSEXT_STATUSTYPE_ocsp) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_UNSUPPORTED_STATUS_TYPE); goto f_err; } n2l3(p, resplen); if (resplen + 4 != n) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_LENGTH_MISMATCH); goto f_err; } if (s->tlsext_ocsp_resp) @@ -1941,7 +2102,8 @@ ssl3_get_cert_status(SSL *s) s->tlsext_ocsp_resp = BUF_memdup(p, resplen); if (!s->tlsext_ocsp_resp) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + ERR_R_MALLOC_FAILURE); goto f_err; } s->tlsext_ocsp_resplen = resplen; @@ -1950,17 +2112,19 @@ ssl3_get_cert_status(SSL *s) ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); if (ret == 0) { al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_INVALID_STATUS_RESPONSE); goto f_err; } if (ret < 0) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + ERR_R_MALLOC_FAILURE); goto f_err; } } return 1; -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return (-1); } @@ -1969,8 +2133,8 @@ f_err: int ssl3_get_server_done(SSL *s) { - int ok, ret = 0; - long n; + int ok, ret = 0; + long n; n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, @@ -1981,7 +2145,8 @@ ssl3_get_server_done(SSL *s) if (n > 0) { /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_SERVER_DONE, + SSL_R_LENGTH_MISMATCH); return -1; } ret = 1; @@ -1992,21 +2157,21 @@ ssl3_get_server_done(SSL *s) int ssl3_send_client_key_exchange(SSL *s) { - unsigned char *p, *d; - int n; - unsigned long alg_k; - unsigned char *q; - EVP_PKEY *pkey = NULL; + unsigned char *p, *d; + int n; + unsigned long alg_k; + unsigned char *q; + EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; + KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH - EC_KEY *clnt_ecdh = NULL; - const EC_POINT *srvr_ecpoint = NULL; - EVP_PKEY *srvr_pub_pkey = NULL; - unsigned char *encodedPoint = NULL; - int encoded_pt_len = 0; - BN_CTX * bn_ctx = NULL; + EC_KEY *clnt_ecdh = NULL; + const EC_POINT *srvr_ecpoint = NULL; + EVP_PKEY *srvr_pub_pkey = NULL; + unsigned char *encodedPoint = NULL; + int encoded_pt_len = 0; + BN_CTX *bn_ctx = NULL; #endif if (s->state == SSL3_ST_CW_KEY_EXCH_A) { @@ -2022,11 +2187,15 @@ ssl3_send_client_key_exchange(SSL *s) if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa = s->session->sess_cert->peer_rsa_tmp; else { - pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + pkey = X509_get_pubkey( + s->session->sess_cert->peer_pkeys[ + SSL_PKEY_RSA_ENC].x509); if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } rsa = pkey->pkey.rsa; @@ -2047,7 +2216,8 @@ ssl3_send_client_key_exchange(SSL *s) n = RSA_public_encrypt(sizeof tmp_buf, tmp_buf, p, rsa, RSA_PKCS1_PADDING); if (n <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_BAD_RSA_ENCRYPT); goto err; } @@ -2075,14 +2245,14 @@ ssl3_send_client_key_exchange(SSL *s) unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_IV_LENGTH]; + + EVP_MAX_IV_LENGTH]; int padl, outl = sizeof(epms); EVP_CIPHER_CTX_init(&ciph_ctx); #ifdef KSSL_DEBUG printf("ssl3_send_client_key_exchange(%lx & %lx)\n", - alg_k, SSL_kKRB5); + alg_k, SSL_kKRB5); #endif /* KSSL_DEBUG */ authp = NULL; @@ -2100,44 +2270,46 @@ ssl3_send_client_key_exchange(SSL *s) { printf("kssl_cget_tkt rtn %d\n", krb5rc); if (krb5rc && kssl_err.text) - printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); + printf("kssl_cget_tkt kssl_err=%s\n", + kssl_err.text); } #endif /* KSSL_DEBUG */ if (krb5rc) { ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); + SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - kssl_err.reason); + kssl_err.reason); goto err; } - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson ) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ - - /* KerberosWrapper.Ticket */ + /* + * 20010406 VRS - Earlier versions used KRB5 AP_REQ + * in place of RFC 2712 KerberosWrapper, as in: + * + * Send ticket (copy to *p, set n = length) + * n = krb5_ap_req.length; + * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + * if (krb5_ap_req.data) + * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + * + * Now using real RFC 2712 KerberosWrapper + * (Thanks to Simon Wilkinson ) + * Note: 2712 "opaque" types are here replaced + * with a 2-byte length followed by the value. + * Example: + * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms + * Where "xx xx" = length bytes. Shown here with + * optional authenticator omitted. + */ + + /* KerberosWrapper.Ticket */ s2n(enc_ticket->length, p); memcpy(p, enc_ticket->data, enc_ticket->length); p += enc_ticket->length; n = enc_ticket->length + 2; - /* KerberosWrapper.Authenticator */ + /* KerberosWrapper.Authenticator */ if (authp && authp->length) { s2n(authp->length, p); memcpy(p, authp->data, authp->length); @@ -2153,32 +2325,34 @@ ssl3_send_client_key_exchange(SSL *s) } tmp_buf[0] = s->client_version >> 8; - tmp_buf[1] = s->client_version&0xff; + tmp_buf[1] = s->client_version & 0xff; if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) goto err; - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /* + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, - kssl_ctx->key, iv); + kssl_ctx->key, iv); EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, - sizeof tmp_buf); + sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); outl += padl; if (outl > (int)sizeof epms) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } EVP_CIPHER_CTX_cleanup(&ciph_ctx); - /* KerberosWrapper.EncryptedPreMasterSecret */ + /* KerberosWrapper.EncryptedPreMasterSecret */ s2n(outl, p); memcpy(p, epms, outl); p += outl; @@ -2198,50 +2372,58 @@ ssl3_send_client_key_exchange(SSL *s) DH *dh_srvr, *dh_clnt; if (s->session->sess_cert == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_UNEXPECTED_MESSAGE); goto err; } if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr = s->session->sess_cert->peer_dh_tmp; else { - /* we get them from the cert */ - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); + /* We get them from the cert. */ + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } - /* generate a new random key */ + /* Generate a new random key. */ if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_DH_LIB); goto err; } if (!DH_generate_key(dh_clnt)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_DH_LIB); DH_free(dh_clnt); goto err; } - /* use the 'p' output buffer for the DH key, but - * make sure to clear it out afterwards */ - + /* + * Use the 'p' output buffer for the DH key, but + * make sure to clear it out afterwards. + */ n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); if (n <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_DH_LIB); DH_free(dh_clnt); goto err; } - /* generate master key from the result */ + /* Generate master key from the result. */ s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p, n); - /* clean up */ + /* Clean up. */ memset(p, 0, n); - /* send off the data */ + /* Send off the data. */ n = BN_num_bytes(dh_clnt->pub_key); s2n(n, p); BN_bn2bin(dh_clnt->pub_key, p); @@ -2260,13 +2442,15 @@ ssl3_send_client_key_exchange(SSL *s) int ecdh_clnt_cert = 0; int field_size = 0; - /* Did we send out the client's - * ECDH share for use in premaster - * computation as part of client certificate? - * If so, set ecdh_clnt_cert to 1. + /* + * Did we send out the client's ECDH share for use + * in premaster computation as part of client + * certificate? If so, set ecdh_clnt_cert to 1. */ - if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { - /* XXX: For now, we do not support client + if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && + (s->cert != NULL)) { + /* + * XXX: For now, we do not support client * authentication using ECDH certificates. * To add such support, one needs to add * code that checks for appropriate @@ -2294,10 +2478,11 @@ ssl3_send_client_key_exchange(SSL *s) srvr_pub_pkey = X509_get_pubkey(s->session-> \ sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); if ((srvr_pub_pkey == NULL) || - (srvr_pub_pkey->type != EVP_PKEY_EC) || - (srvr_pub_pkey->pkey.ec == NULL)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + (srvr_pub_pkey->type != EVP_PKEY_EC) || + (srvr_pub_pkey->pkey.ec == NULL)) { + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } @@ -2309,21 +2494,24 @@ ssl3_send_client_key_exchange(SSL *s) if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } if ((clnt_ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto err; } if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); goto err; } if (ecdh_clnt_cert) { - /* Reuse key info from our certificate + /* + * Reuse key info from our certificate * We only need our private key to perform * the ECDH computation. */ @@ -2331,73 +2519,83 @@ ssl3_send_client_key_exchange(SSL *s) tkey = s->cert->key->privatekey->pkey.ec; priv_key = EC_KEY_get0_private_key(tkey); if (priv_key == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); + if (!EC_KEY_set_private_key(clnt_ecdh, + priv_key)) { + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); goto err; } } else { /* Generate a new ECDH key pair */ if (!(EC_KEY_generate_key(clnt_ecdh))) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); goto err; } } - /* use the 'p' output buffer for the ECDH key, but - * make sure to clear it out afterwards + /* + * Use the 'p' output buffer for the ECDH key, but + * make sure to clear it out afterwards. */ - field_size = EC_GROUP_get_degree(srvr_group); if (field_size <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); + ERR_R_ECDH_LIB); goto err; } - n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); + n = ECDH_compute_key(p, (field_size + 7)/8, + srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); + ERR_R_ECDH_LIB); goto err; } /* generate master key from the result */ s->session->master_key_length = s->method->ssl3_enc \ -> generate_master_secret(s, - s->session->master_key, - p, n); + s->session->master_key, p, n); memset(p, 0, n); /* clean up */ if (ecdh_clnt_cert) { - /* Send empty client key exch message */ + /* Send empty client key exch message. */ n = 0; } else { - /* First check the size of encoding and + /* + * First check the size of encoding and * allocate memory accordingly. */ - encoded_pt_len = - EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); + encoded_pt_len = EC_POINT_point2oct( + srvr_group, + EC_KEY_get0_public_key(clnt_ecdh), + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, NULL); encodedPoint = malloc(encoded_pt_len); bn_ctx = BN_CTX_new(); if ((encodedPoint == NULL) || (bn_ctx == NULL)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr( + SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto err; } /* Encode the public key */ n = EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encoded_pt_len, bn_ctx); + EC_KEY_get0_public_key(clnt_ecdh), + POINT_CONVERSION_UNCOMPRESSED, + encodedPoint, encoded_pt_len, bn_ctx); *p = n; /* length of encoded point */ /* Encoded point will be copied here */ @@ -2427,61 +2625,80 @@ ssl3_send_client_key_exchange(SSL *s) size_t msglen; unsigned int md_len; int keytype; - unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; + unsigned char premaster_secret[32], shared_ukm[32], + tmp[256]; EVP_MD_CTX *ukm_hash; EVP_PKEY *pub_key; /* Get server sertificate PKEY and create ctx from it */ - peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509; + peer_cert = s->session->sess_cert->peer_pkeys[( + keytype = SSL_PKEY_GOST01)].x509; if (!peer_cert) - peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509; + peer_cert = s->session->sess_cert->peer_pkeys[ + (keytype = SSL_PKEY_GOST94)].x509; if (!peer_cert) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } - pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); - /* If we have send a certificate, and certificate key - + pkey_ctx = EVP_PKEY_CTX_new( + pub_key = X509_get_pubkey(peer_cert), + NULL); + /* + * If we have send a certificate, and certificate key * parameters match those of server certificate, use - * certificate key for key exchange + * certificate key for key exchange. + * Otherwise, generate ephemeral key pair. */ - /* Otherwise, generate ephemeral key pair */ - EVP_PKEY_encrypt_init(pkey_ctx); - /* Generate session key */ + /* Generate session key. */ RAND_bytes(premaster_secret, 32); - /* If we have client certificate, use its secret as peer key */ + /* + * If we have client certificate, use its secret + * as peer key. + */ if (s->s3->tmp.cert_req && s->cert->key->privatekey) { - if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) { - /* If there was an error - just ignore it. Ephemeral key - * would be used - */ + if (EVP_PKEY_derive_set_peer(pkey_ctx, + s->cert->key->privatekey) <=0) { + /* + * If there was an error - + * just ignore it. Ephemeral key + * would be used + */ ERR_clear_error(); } } - /* Compute shared IV and store it in algorithm-specific - * context data */ + /* + * Compute shared IV and store it in algorithm-specific + * context data + */ ukm_hash = EVP_MD_CTX_create(); - EVP_DigestInit(ukm_hash, EVP_get_digestbynid(NID_id_GostR3411_94)); - EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE); + EVP_DigestInit(ukm_hash, + EVP_get_digestbynid(NID_id_GostR3411_94)); + EVP_DigestUpdate(ukm_hash, + s->s3->client_random, SSL3_RANDOM_SIZE); + EVP_DigestUpdate(ukm_hash, + s->s3->server_random, SSL3_RANDOM_SIZE); EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); EVP_MD_CTX_destroy(ukm_hash); - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, - 8, shared_ukm) < 0) { + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_LIBRARY_BUG); + SSL_R_LIBRARY_BUG); goto err; } - /* Make GOST keytransport blob message */ - /*Encapsulate it into sequence */ + /* + * Make GOST keytransport blob message, + * encapsulate it into sequence. + */ *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; msglen = 255; - if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) < 0) { + if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, + premaster_secret, 32) < 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_LIBRARY_BUG); + SSL_R_LIBRARY_BUG); goto err; } if (msglen >= 0x80) { @@ -2493,16 +2710,17 @@ ssl3_send_client_key_exchange(SSL *s) n = msglen + 2; } memcpy(p, tmp, msglen); - /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { - /* Set flag "skip certificate verify" */ + /* Check if pubkey from client certificate was used. */ + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, + EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { + /* Set flag "skip certificate verify". */ s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; } EVP_PKEY_CTX_free(pkey_ctx); s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, premaster_secret, 32); - EVP_PKEY_free(pub_key); + s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, premaster_secret, 32); + EVP_PKEY_free(pub_key); } #ifndef OPENSSL_NO_SRP @@ -2514,7 +2732,8 @@ ssl3_send_client_key_exchange(SSL *s) BN_bn2bin(s->srp_ctx.A, p); n += 2; } else { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } if (s->session->srp_username != NULL) @@ -2522,12 +2741,15 @@ ssl3_send_client_key_exchange(SSL *s) s->session->srp_username = BUF_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; } - if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + if ((s->session->master_key_length = + SRP_generate_client_master_secret(s, + s->session->master_key)) < 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } } @@ -2543,27 +2765,29 @@ ssl3_send_client_key_exchange(SSL *s) n = 0; if (s->psk_client_callback == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_NO_CLIENT_CB); + SSL_R_PSK_NO_CLIENT_CB); goto err; } - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, - identity, PSK_MAX_IDENTITY_LEN, - psk_or_pre_ms, sizeof(psk_or_pre_ms)); + psk_len = s->psk_client_callback(s, + s->ctx->psk_identity_hint, identity, + PSK_MAX_IDENTITY_LEN, psk_or_pre_ms, + sizeof(psk_or_pre_ms)); if (psk_len > PSK_MAX_PSK_LEN) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto psk_err; } else if (psk_len == 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_IDENTITY_NOT_FOUND); + SSL_R_PSK_IDENTITY_NOT_FOUND); goto psk_err; } /* create PSK pre_master_secret */ pre_ms_len = 2 + psk_len + 2 + psk_len; t = psk_or_pre_ms; - memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); + memmove(psk_or_pre_ms + psk_len + 4, + psk_or_pre_ms, psk_len); s2n(psk_len, t); memset(t, 0, psk_len); t += psk_len; @@ -2571,11 +2795,12 @@ ssl3_send_client_key_exchange(SSL *s) if (s->session->psk_identity_hint != NULL) free(s->session->psk_identity_hint); - s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); + s->session->psk_identity_hint = + BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto psk_err; } @@ -2584,25 +2809,26 @@ ssl3_send_client_key_exchange(SSL *s) s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto psk_err; } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret( - s, s->session->master_key, psk_or_pre_ms, - pre_ms_len); + s, s->session->master_key, psk_or_pre_ms, + pre_ms_len); n = strlen(identity); s2n(n, p); memcpy(p, identity, n); n += 2; psk_err = 0; - psk_err: + psk_err: OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_err != 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); goto err; } } @@ -2626,7 +2852,7 @@ ssl3_send_client_key_exchange(SSL *s) /* SSL3_ST_CW_KEY_EXCH_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); -err: + err: #ifndef OPENSSL_NO_ECDH BN_CTX_free(bn_ctx); if (encodedPoint != NULL) @@ -2641,14 +2867,14 @@ err: int ssl3_send_client_verify(SSL *s) { - unsigned char *p, *d; - unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; - EVP_PKEY *pkey; - EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX mctx; - unsigned u = 0; - unsigned long n; - int j; + unsigned char *p, *d; + unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; + EVP_PKEY *pkey; + EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX mctx; + unsigned u = 0; + unsigned long n; + int j; EVP_MD_CTX_init(&mctx); @@ -2656,18 +2882,21 @@ ssl3_send_client_verify(SSL *s) d = (unsigned char *)s->init_buf->data; p = &(d[4]); pkey = s->cert->key->privatekey; -/* Create context from key and test if sha1 is allowed as digest */ + /* + * Create context from key and test if sha1 is allowed as + * digest. + */ pctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { if (TLS1_get_version(s) < TLS1_2_VERSION) s->method->ssl3_enc->cert_verify_mac(s, - NID_sha1, - &(data[MD5_DIGEST_LENGTH])); + NID_sha1, &(data[MD5_DIGEST_LENGTH])); } else { ERR_clear_error(); } - /* For TLS v1.2 send signature algorithm and signature + /* + * For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ if (TLS1_get_version(s) >= TLS1_2_VERSION) { @@ -2675,10 +2904,11 @@ ssl3_send_client_verify(SSL *s) void *hdata; const EVP_MD *md = s->cert->key->digest; hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, - &hdata); - if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) { + &hdata); + if (hdatalen <= 0 || + !tls12_get_sigandhash(p, pkey, md)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } p += 2; @@ -2690,7 +2920,7 @@ ssl3_send_client_verify(SSL *s) !EVP_SignUpdate(&mctx, hdata, hdatalen) || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_EVP_LIB); + ERR_R_EVP_LIB); goto err; } s2n(u, p); @@ -2704,7 +2934,8 @@ ssl3_send_client_verify(SSL *s) if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_RSA_LIB); goto err; } s2n(u, p); @@ -2715,7 +2946,8 @@ ssl3_send_client_verify(SSL *s) &(data[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, &(p[2]), (unsigned int *)&j, pkey->pkey.dsa)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_DSA_LIB); goto err; } s2n(j, p); @@ -2728,23 +2960,24 @@ ssl3_send_client_verify(SSL *s) SHA_DIGEST_LENGTH, &(p[2]), (unsigned int *)&j, pkey->pkey.ec)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_ECDSA_LIB); + ERR_R_ECDSA_LIB); goto err; } s2n(j, p); n = j + 2; } else #endif - if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) { + if (pkey->type == NID_id_GostR3410_94 || + pkey->type == NID_id_GostR3410_2001) { unsigned char signbuf[64]; int i; size_t sigsize = 64; s->method->ssl3_enc->cert_verify_mac(s, - NID_id_GostR3411_94, - data); - if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { + NID_id_GostR3411_94, data); + if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) + <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } for (i = 63, j = 0; i >= 0; j++, i--) { @@ -2753,7 +2986,8 @@ ssl3_send_client_verify(SSL *s) s2n(j, p); n = j + 2; } else { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_INTERNAL_ERROR); goto err; } *(d++) = SSL3_MT_CERTIFICATE_VERIFY; @@ -2766,7 +3000,7 @@ ssl3_send_client_verify(SSL *s) EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); -err: + err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); return (-1); @@ -2775,10 +3009,10 @@ err: int ssl3_send_client_certificate(SSL *s) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - int i; - unsigned long l; + X509 *x509 = NULL; + EVP_PKEY *pkey = NULL; + int i; + unsigned long l; if (s->state == SSL3_ST_CW_CERT_A) { if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || @@ -2792,7 +3026,8 @@ ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_B) { /* If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later */ + * We then get retied later + */ i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; @@ -2806,7 +3041,8 @@ ssl3_send_client_certificate(SSL *s) i = 0; } else if (i == 1) { i = 0; - SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); + SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, + SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } if (x509 != NULL) @@ -2816,7 +3052,8 @@ ssl3_send_client_certificate(SSL *s) if (i == 0) { if (s->version == SSL3_VERSION) { s->s3->tmp.cert_req = 0; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); + ssl3_send_alert(s, SSL3_AL_WARNING, + SSL_AD_NO_CERTIFICATE); return (1); } else { s->s3->tmp.cert_req = 2; @@ -2830,7 +3067,7 @@ ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_C) { s->state = SSL3_ST_CW_CERT_D; l = ssl3_output_cert_chain(s, - (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); + (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); s->init_num = (int)l; s->init_off = 0; } @@ -2843,25 +3080,26 @@ ssl3_send_client_certificate(SSL *s) int ssl3_check_cert_and_algorithm(SSL *s) { - int i, idx; - long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - SESS_CERT *sc; - RSA *rsa; + int i, idx; + long alg_k, alg_a; + EVP_PKEY *pkey = NULL; + SESS_CERT *sc; + RSA *rsa; #ifndef OPENSSL_NO_DH - DH *dh; + DH *dh; #endif alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; - /* we don't have a certificate */ + /* We don't have a certificate. */ if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) return (1); sc = s->session->sess_cert; if (sc == NULL) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + ERR_R_INTERNAL_ERROR); goto err; } @@ -2870,15 +3108,16 @@ ssl3_check_cert_and_algorithm(SSL *s) dh = s->session->sess_cert->peer_dh_tmp; #endif - /* This is the passed certificate */ + /* This is the passed certificate. */ idx = sc->peer_cert_type; #ifndef OPENSSL_NO_ECDH if (idx == SSL_PKEY_ECC) { if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, - s) == 0) + s) == 0) { /* check failed */ - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_BAD_ECC_CERT); goto f_err; } else { return 1; @@ -2892,59 +3131,71 @@ ssl3_check_cert_and_algorithm(SSL *s) /* Check that we have a certificate if we require one */ if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_SIGNING_CERT); goto f_err; } else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DSA_SIGNING_CERT); goto f_err; } if ((alg_k & SSL_kRSA) && !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kEDH) && !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DH_KEY); goto f_err; } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DH_RSA_CERT); goto f_err; } else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_DH_DSA_CERT); goto f_err; } #endif - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + !has_bits(i, EVP_PKT_EXP)) { if (alg_k & SSL_kRSA) { - if (rsa == NULL || - RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + if (rsa == NULL || RSA_size(rsa) * 8 > + SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; } } else #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { - if (dh == NULL || - DH_size(dh) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); + if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { + if (dh == NULL || DH_size(dh) * 8 > + SSL_C_EXPORT_PKEYLENGTH( + s->s3->tmp.new_cipher)) { + SSLerr( + SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; + } + } else +#endif + { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } - } else -#endif - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } } return (1); -f_err: + f_err: ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); -err: + err: return (0); } @@ -2952,8 +3203,8 @@ err: int ssl3_send_next_proto(SSL *s) { - unsigned int len, padding_len; - unsigned char *d; + unsigned int len, padding_len; + unsigned char *d; if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { len = s->next_proto_negotiated_len; @@ -2974,7 +3225,8 @@ ssl3_send_next_proto(SSL *s) } #endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ -/* Check to see if handshake is full or resumed. Usually this is just a +/* + * Check to see if handshake is full or resumed. Usually this is just a * case of checking to see if a cache hit has occurred. In the case of * session tickets we have to check the next message to be sure. */ @@ -2983,8 +3235,9 @@ ssl3_send_next_proto(SSL *s) int ssl3_check_finished(SSL *s) { - int ok; - long n; + int ok; + long n; + /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) return 1; @@ -3006,7 +3259,8 @@ ssl3_check_finished(SSL *s) int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { - int i = 0; + int i = 0; + #ifndef OPENSSL_NO_ENGINE if (s->ctx->client_cert_engine) { i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index c79464da55a..28a3d51b9e5 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -2743,9 +2743,11 @@ SSL3_ENC_METHOD SSLv3_enc_data = { long ssl3_default_timeout(void) { - /* 2 hours, the 24 hours mentioned in the SSLv3 spec - * is way too long for http, the cache would over fill */ - return (60*60*2); + /* + * 2 hours, the 24 hours mentioned in the SSLv3 spec + * is way too long for http, the cache would over fill + */ + return (60 * 60 * 2); } int @@ -2769,13 +2771,14 @@ ssl3_pending(const SSL *s) if (s->rstate == SSL_ST_READ_BODY) return 0; - return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? + s->s3->rrec.length : 0; } int ssl3_new(SSL *s) { - SSL3_STATE *s3; + SSL3_STATE *s3; if ((s3 = calloc(1, sizeof *s3)) == NULL) goto err; @@ -2840,9 +2843,9 @@ ssl3_free(SSL *s) void ssl3_clear(SSL *s) { - unsigned char *rp, *wp; - size_t rlen, wlen; - int init_extra; + unsigned char *rp, *wp; + size_t rlen, wlen; + int init_extra; #ifdef TLSEXT_TYPE_opaque_prf_input if (s->s3->client_opaque_prf_input != NULL) @@ -2932,7 +2935,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_MALLOC_FAILURE); return (0); } } @@ -2959,18 +2963,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) + (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) + > (512 / 8)))) ret = 1; break; case SSL_CTRL_SET_TMP_RSA: { RSA *rsa = (RSA *)parg; if (rsa == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_PASSED_NULL_PARAMETER); return (ret); } if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_RSA_LIB); return (ret); } if (s->cert->rsa_tmp != NULL) @@ -2981,7 +2988,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_RSA_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } break; @@ -2990,17 +2998,20 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { DH *dh = (DH *)parg; if (dh == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_PASSED_NULL_PARAMETER); return (ret); } if ((dh = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_DH_LIB); return (ret); } if (!(s->options & SSL_OP_SINGLE_DH_USE)) { if (!DH_generate_key(dh)) { DH_free(dh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_DH_LIB); return (ret); } } @@ -3012,7 +3023,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_DH_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } break; @@ -3023,18 +3035,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_PASSED_NULL_PARAMETER); return (ret); } if (!EC_KEY_up_ref((EC_KEY *)parg)) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_ECDH_LIB); return (ret); } ecdh = (EC_KEY *)parg; if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_ECDH_LIB); return (ret); } } @@ -3046,7 +3061,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } break; @@ -3062,15 +3078,19 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (parg == NULL) break; if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { - SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); + SSLerr(SSL_F_SSL3_CTRL, + SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); + if ((s->tlsext_hostname = BUF_strdup((char *)parg)) + == NULL) { + SSLerr(SSL_F_SSL3_CTRL, + ERR_R_INTERNAL_ERROR); return 0; } } else { - SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); + SSLerr(SSL_F_SSL3_CTRL, + SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return 0; } break; @@ -3082,9 +3102,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifdef TLSEXT_TYPE_opaque_prf_input case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: if (larg > 12288) { - /* actual internal limit is 2^16 for the complete hello message - * (including the cert chain and everything) */ - SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); + /* + * Actual internal limit is 2^16 for the complete + * hello message (including the cert chain and + * everything) + */ + SSLerr(SSL_F_SSL3_CTRL, + SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); break; } if (s->tlsext_opaque_prf_input != NULL) @@ -3148,11 +3172,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { - int ret = 0; + int ret = 0; if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_CALLBACK_CTRL, + ERR_R_MALLOC_FAILURE); return (0); } } @@ -3173,14 +3198,15 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH_CB: { - s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; + s->cert->ecdh_tmp_cb = + (EC_KEY *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb = (void (*)(SSL *, int , int, - unsigned char *, int, void *))fp; + unsigned char *, int, void *))fp; break; #endif default: @@ -3192,7 +3218,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { - CERT *cert; + CERT *cert; cert = ctx->cert; @@ -3200,7 +3226,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_NEED_TMP_RSA: if ((cert->rsa_tmp == NULL) && ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) + (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > + (512 / 8)))) return (1); else return (0); @@ -3219,7 +3246,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) i = 0; } if (!i) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_RSA_LIB); return (0); } else { if (cert->rsa_tmp != NULL) @@ -3231,7 +3259,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* break; */ case SSL_CTRL_SET_TMP_RSA_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } break; @@ -3242,12 +3271,14 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) dh = (DH *)parg; if ((new = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_DH_LIB); return 0; } if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { if (!DH_generate_key(new)) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_DH_LIB); DH_free(new); return 0; } @@ -3260,7 +3291,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /*break; */ case SSL_CTRL_SET_TMP_DH_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } break; @@ -3271,18 +3303,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_ECDH_LIB); return 0; } ecdh = EC_KEY_dup((EC_KEY *)parg); if (ecdh == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_EC_LIB); return 0; } if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_ECDH_LIB); return 0; } } @@ -3296,7 +3331,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* break; */ case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } break; @@ -3312,17 +3348,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (!keys) return 48; if (larg != 48) { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); + SSLerr(SSL_F_SSL3_CTX_CTRL, + SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { memcpy(ctx->tlsext_tick_key_name, keys, 16); - memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); + memcpy(ctx->tlsext_tick_hmac_key, + keys + 16, 16); memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); } else { memcpy(keys, ctx->tlsext_tick_key_name, 16); - memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); - memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); + memcpy(keys + 16, + ctx->tlsext_tick_hmac_key, 16); + memcpy(keys + 32, + ctx->tlsext_tick_aes_key, 16); } return 1; } @@ -3346,17 +3386,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->srp_ctx.login = NULL; if (parg == NULL) break; - if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); + if (strlen((const char *)parg) > 255 || + strlen((const char *)parg) < 1) { + SSLerr(SSL_F_SSL3_CTX_CTRL, + SSL_R_INVALID_SRP_USERNAME); return 0; } if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CTX_CTRL, + ERR_R_INTERNAL_ERROR); return 0; } break; case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = + srp_password_from_info_cb; ctx->srp_ctx.info = parg; break; case SSL_CTRL_SET_SRP_ARG: @@ -3399,7 +3443,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { - CERT *cert; + CERT *cert; cert = ctx->cert; @@ -3425,12 +3469,14 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; + ctx->tlsext_servername_callback = + (int (*)(SSL *, int *, void *))fp; break; #ifdef TLSEXT_TYPE_opaque_prf_input case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp; + ctx->tlsext_opaque_prf_input_callback = + (int (*)(SSL *, void *, size_t, void *))fp; break; #endif @@ -3472,9 +3518,9 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) const SSL_CIPHER * ssl3_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c; - const SSL_CIPHER *cp; - unsigned long id; + SSL_CIPHER c; + const SSL_CIPHER *cp; + unsigned long id; id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; c.id = id; @@ -3492,7 +3538,7 @@ ssl3_get_cipher_by_char(const unsigned char *p) int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { - long l; + long l; if (p != NULL) { l = c->id; @@ -3507,9 +3553,9 @@ ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) { - SSL_CIPHER *c, *ret = NULL; - STACK_OF(SSL_CIPHER) *prio, *allow; - int i, ii, ok; + SSL_CIPHER *c, *ret = NULL; + STACK_OF(SSL_CIPHER) *prio, *allow; + int i, ii, ok; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) unsigned int j; int ec_ok, ec_nid; @@ -3522,7 +3568,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, cert = s->cert; #if 0 - /* Do not set the compare functions, because this may lead to a + /* + * Do not set the compare functions, because this may lead to a * reordering by "id". We want to keep the original ordering. * We may pay a price in performance during sk_SSL_CIPHER_find(), * but would have to pay with the price of sk_SSL_CIPHER_dup(). @@ -3532,12 +3579,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #endif #ifdef CIPHER_DEBUG - printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); + printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), + (void *)srvr); for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { c = sk_SSL_CIPHER_value(srvr, i); printf("%p:%s\n",(void *)c, c->name); } - printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); + printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), + (void *)clnt); for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { c = sk_SSL_CIPHER_value(clnt, i); printf("%p:%s\n",(void *)c, c->name); @@ -3592,26 +3641,35 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (SSL_C_IS_EXPORT(c)) { ok = (alg_k & emask_k) && (alg_a & emask_a); #ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a, - (void *)c, c->name); + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", + ok, alg_k, alg_a, emask_k, emask_a, (void *)c, + c->name); #endif } else { ok = (alg_k & mask_k) && (alg_a & mask_a); #ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c, - c->name); + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", + ok, alg_k, alg_a, mask_k, mask_a,(void *)c, + c->name); #endif } #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC if ( - /* if we are considering an ECC cipher suite that uses our certificate */ + /* + * if we are considering an ECC cipher suite that uses our + * certificate + */ (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) /* and we have an ECC certificate */ && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) - /* and the client specified a Supported Point Formats extension */ - && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) + /* + * and the client specified a Supported Point Formats + * extension + */ + && ((s->session->tlsext_ecpointformatlist_length > 0) && + (s->session->tlsext_ecpointformatlist != NULL)) /* and our certificate's point is compressed */ && ( (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) @@ -3625,8 +3683,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ) ) { ec_ok = 0; - /* if our certificate's curve is over a field type that the client does not support - * then do not allow this cipher suite to be negotiated */ + /* + * If our certificate's curve is over a field type + * that the client does not support then do not allow + * this cipher suite to be negotiated + */ if ( (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) @@ -3650,7 +3711,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ok = ok && ec_ok; } if ( - /* if we are considering an ECC cipher suite that uses our certificate */ + /* + * If we are considering an ECC cipher suite that uses our + * certificate + */ (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) /* and we have an ECC certificate */ && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) @@ -3689,7 +3753,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ok = ok && ec_ok; } if ( - /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ + /* + * if we are considering an ECC cipher suite that uses an + * ephemeral EC key + */ (alg_k & SSL_kEECDH) /* and we have an ephemeral EC key */ && (s->cert->ecdh_tmp != NULL) @@ -3732,7 +3799,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) - if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { + if ((alg_k & SSL_kEECDH) && + (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { if (!ret) ret = sk_SSL_CIPHER_value(allow, ii); continue; @@ -3748,8 +3816,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { - int ret = 0; - unsigned long alg_k; + int ret = 0; + unsigned long alg_k; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -3784,7 +3852,8 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) #endif #ifndef OPENSSL_NO_ECDSA - /* ECDSA certs can be used with RSA cipher suites as well + /* + * ECDSA certs can be used with RSA cipher suites as well * so we don't need to check for SSL_kECDH or SSL_kEECDH */ if (s->version >= TLS1_VERSION) { @@ -3797,10 +3866,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) int ssl3_shutdown(SSL *s) { - int ret; + int ret; - /* Don't do anything much if we have not done the handshake or - * we don't want to send messages :-) */ + /* + * Don't do anything much if we have not done the handshake or + * we don't want to send messages :-) + */ if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); @@ -3811,8 +3882,10 @@ ssl3_shutdown(SSL *s) #if 1 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); #endif - /* our shutdown alert has been sent now, and if it still needs - * to be written, s->s3->alert_dispatch will be true */ + /* + * Our shutdown alert has been sent now, and if it still needs + * to be written, s->s3->alert_dispatch will be true + */ if (s->s3->alert_dispatch) return(-1); /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { @@ -3820,10 +3893,12 @@ ssl3_shutdown(SSL *s) #if 1 ret = s->method->ssl_dispatch_alert(s); if (ret == -1) { - /* we only get to return -1 here the 2nd/Nth + /* + * We only get to return -1 here the 2nd/Nth * invocation, we must have already signalled * return 0 upon a previous invoation, - * return WANT_WRITE */ + * return WANT_WRITE + */ return (ret); } #endif @@ -3845,7 +3920,7 @@ ssl3_shutdown(SSL *s) int ssl3_write(SSL *s, const void *buf, int len) { - int ret, n; + int ret, n; #if 0 if (s->shutdown & SSL_SEND_SHUTDOWN) { @@ -3857,16 +3932,18 @@ ssl3_write(SSL *s, const void *buf, int len) if (s->s3->renegotiate) ssl3_renegotiate_check(s); - /* This is an experimental flag that sends the + /* + * This is an experimental flag that sends the * last handshake message in the same packet as the first * use data - used to see if it helps the TCP protocol during - * session-id reuse */ + * session-id reuse + */ /* The second test is because the buffer may have been removed */ if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { /* First time through, we write into the buffer */ if (s->s3->delay_buf_pop_ret == 0) { ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len); + buf, len); if (ret <= 0) return (ret); @@ -3887,7 +3964,7 @@ ssl3_write(SSL *s, const void *buf, int len) s->s3->delay_buf_pop_ret = 0; } else { ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len); + buf, len); if (ret <= 0) return (ret); } @@ -3898,21 +3975,25 @@ ssl3_write(SSL *s, const void *buf, int len) static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) { - int ret; + int ret; errno = 0; if (s->s3->renegotiate) ssl3_renegotiate_check(s); s->s3->in_read_app_data = 1; - ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); + ret = s->method->ssl_read_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len, peek); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { - /* ssl3_read_bytes decided to call s->handshake_func, which + /* + * ssl3_read_bytes decided to call s->handshake_func, which * called ssl3_read_bytes to read handshake data. * However, ssl3_read_bytes actually found application data * and thinks that application data makes sense here; so disable - * handshake processing and try to read application data again. */ + * handshake processing and try to read application data again. + */ s->in_handshake++; - ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); + ret = s->method->ssl_read_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len, peek); s->in_handshake--; } else s->s3->in_read_app_data = 0; @@ -3948,7 +4029,7 @@ ssl3_renegotiate(SSL *s) int ssl3_renegotiate_check(SSL *s) { - int ret = 0; + int ret = 0; if (s->s3->renegotiate) { if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && @@ -3968,13 +4049,14 @@ ssl3_renegotiate_check(SSL *s) } return (ret); } -/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch +/* + * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch * to new SHA256 PRF and handshake macs */ long ssl_get_algorithm2(SSL *s) { - long alg2 = s->s3->tmp.new_cipher->algorithm2; + long alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->method->version == TLS1_2_VERSION && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index cde564cade1..830f574183e 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -160,7 +160,10 @@ const char *SSL_version_str = OPENSSL_VERSION_TEXT; SSL3_ENC_METHOD ssl3_undef_enc_method = { - /* evil casts, but these functions are only called if there's a library bug */ + /* + * Evil casts, but these functions are only called if there's a + * library bug. + */ (int (*)(SSL *, int))ssl_undefined_function, (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, @@ -182,9 +185,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { int SSL_clear(SSL *s) { - if (s->method == NULL) { - SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); + SSLerr(SSL_F_SSL_CLEAR, + SSL_R_NO_METHOD_SPECIFIED); return (0); } @@ -198,7 +201,8 @@ SSL_clear(SSL *s) s->shutdown = 0; if (s->renegotiate) { - SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL_CLEAR, + ERR_R_INTERNAL_ERROR); return 0; } @@ -226,16 +230,19 @@ SSL_clear(SSL *s) s->first_packet = 0; #if 1 - /* Check to see if we were changed into a different method, if - * so, revert back if we are not doing session-id reuse. */ - if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { + /* + * Check to see if we were changed into a different method, if + * so, revert back if we are not doing session-id reuse. + */ + if (!s->in_handshake && (s->session == NULL) && + (s->method != s->ctx->method)) { s->method->ssl_free(s); s->method = s->ctx->method; if (!s->method->ssl_new(s)) return (0); } else #endif - s->method->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -243,14 +250,15 @@ SSL_clear(SSL *s) int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) { - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *sk; ctx->method = meth; sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, + SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); } return (1); @@ -259,14 +267,16 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) SSL * SSL_new(SSL_CTX *ctx) { - SSL *s; + SSL *s; if (ctx == NULL) { - SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); + SSLerr(SSL_F_SSL_NEW, + SSL_R_NULL_SSL_CTX); return (NULL); } if (ctx->method == NULL) { - SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); + SSLerr(SSL_F_SSL_NEW, + SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); return (NULL); } @@ -283,7 +293,8 @@ SSL_new(SSL_CTX *ctx) s->max_cert_list = ctx->max_cert_list; if (ctx->cert != NULL) { - /* Earlier library versions used to copy the pointer to + /* + * Earlier library versions used to copy the pointer to * the CERT, not its contents; only when setting new * parameters for the per-SSL copy, ssl_cert_new would be * called (and the direct reference to the per-SSL_CTX @@ -291,8 +302,8 @@ SSL_new(SSL_CTX *ctx) * accessed for various purposes, and for that reason they * used to be known as s->ctx->default_cert). * Now we don't look at the SSL_CTX's CERT after having - * duplicated it once. */ - + * duplicated it once. + */ s->cert = ssl_cert_dup(ctx->cert); if (s->cert == NULL) goto err; @@ -362,7 +373,7 @@ SSL_new(SSL_CTX *ctx) #endif return (s); -err: + err: if (s != NULL) { if (s->cert != NULL) ssl_cert_free(s->cert); @@ -370,7 +381,8 @@ err: SSL_CTX_free(s->ctx); /* decrement reference count */ free(s); } - SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_NEW, + ERR_R_MALLOC_FAILURE); return (NULL); } @@ -379,7 +391,8 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if (sid_ctx_len > sizeof ctx->sid_ctx) { - SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, + SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } ctx->sid_ctx_length = sid_ctx_len; @@ -393,7 +406,8 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { - SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, + SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } ssl->sid_ctx_length = sid_ctx_len; @@ -485,7 +499,7 @@ SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) void SSL_free(SSL *s) { - int i; + int i; if (s == NULL) return; @@ -550,7 +564,7 @@ SSL_free(SSL *s) free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); + X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); if (s->tlsext_ocsp_resp) @@ -587,8 +601,7 @@ SSL_free(SSL *s) void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) { - /* If the output buffering BIO is still in place, remove it - */ + /* If the output buffering BIO is still in place, remove it */ if (s->bbio != NULL) { if (s->wbio == s->bbio) { s->wbio = s->wbio->next_bio; @@ -624,8 +637,8 @@ SSL_get_fd(const SSL *s) int SSL_get_rfd(const SSL *s) { - int ret = -1; - BIO *b, *r; + int ret = -1; + BIO *b, *r; b = SSL_get_rbio(s); r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); @@ -637,8 +650,8 @@ SSL_get_rfd(const SSL *s) int SSL_get_wfd(const SSL *s) { - int ret = -1; - BIO *b, *r; + int ret = -1; + BIO *b, *r; b = SSL_get_wbio(s); r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); @@ -651,34 +664,36 @@ SSL_get_wfd(const SSL *s) int SSL_set_fd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; + int ret = 0; + BIO *bio = NULL; bio = BIO_new(BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL_SET_FD, + ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); ret = 1; -err: + err: return (ret); } int SSL_set_wfd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; + int ret = 0; + BIO *bio = NULL; if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { + || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { bio = BIO_new(BIO_s_socket()); - if (bio == NULL) - { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); + if (bio == NULL) { + SSLerr(SSL_F_SSL_SET_WFD, + ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); @@ -686,22 +701,23 @@ SSL_set_wfd(SSL *s, int fd) } else SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); ret = 1; -err: + err: return (ret); } int SSL_set_rfd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; + int ret = 0; + BIO *bio = NULL; if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { + || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { bio = BIO_new(BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL_SET_RFD, + ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); @@ -709,7 +725,7 @@ SSL_set_rfd(SSL *s, int fd) } else SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); ret = 1; -err: + err: return (ret); } #endif @@ -719,7 +735,7 @@ err: size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { - size_t ret = 0; + size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.finish_md_len; @@ -734,7 +750,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { - size_t ret = 0; + size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.peer_finish_md_len; @@ -810,7 +826,8 @@ SSL_get_read_ahead(const SSL *s) int SSL_pending(const SSL *s) { - /* SSL_pending cannot work properly if read-ahead is enabled + /* + * SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), * and it is impossible to fix since SSL_pending cannot report * errors that may be observed while scanning the new data. @@ -823,7 +840,7 @@ SSL_pending(const SSL *s) X509 * SSL_get_peer_certificate(const SSL *s) { - X509 *r; + X509 *r; if ((s == NULL) || (s->session == NULL)) r = NULL; @@ -841,32 +858,38 @@ SSL_get_peer_certificate(const SSL *s) STACK_OF(X509) * SSL_get_peer_cert_chain(const SSL *s) { - STACK_OF(X509) *r; + STACK_OF(X509) *r; - if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) + if ((s == NULL) || (s->session == NULL) || + (s->session->sess_cert == NULL)) r = NULL; else r = s->session->sess_cert->cert_chain; - /* If we are a client, cert_chain includes the peer's own + /* + * If we are a client, cert_chain includes the peer's own * certificate; -if we are a server, it does not. */ - + * if we are a server, it does not. + */ return (r); } -/* Now in theory, since the calling process own 't' it should be safe to - * modify. We need to be able to read f without being hassled */ +/* + * Now in theory, since the calling process own 't' it should be safe to + * modify. We need to be able to read f without being hassled + */ void SSL_copy_session_id(SSL *t, const SSL *f) { - CERT *tmp; + CERT *tmp; /* Do we need to to SSL locking? */ SSL_set_session(t, SSL_get_session(f)); - /* what if we are setup as SSLv2 but want to talk SSLv3 or - * vice-versa */ + /* + * What if we are setup as SSLv2 but want to talk SSLv3 or + * vice-versa. + */ if (t->method != f->method) { t->method->ssl_free(t); /* cleanup current */ t->method=f->method; /* change method */ @@ -888,17 +911,19 @@ SSL_copy_session_id(SSL *t, const SSL *f) int SSL_CTX_check_private_key(const SSL_CTX *ctx) { - if ((ctx == NULL) || - (ctx->cert == NULL) || - (ctx->cert->key->x509 == NULL)) { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + if ((ctx == NULL) || (ctx->cert == NULL) || + (ctx->cert->key->x509 == NULL)) { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, + SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); } if (ctx->cert->key->privatekey == NULL) { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, + SSL_R_NO_PRIVATE_KEY_ASSIGNED); return (0); } - return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); + return (X509_check_private_key(ctx->cert->key->x509, + ctx->cert->key->privatekey)); } /* Fix this function so that it takes an optional type parameter */ @@ -906,31 +931,34 @@ int SSL_check_private_key(const SSL *ssl) { if (ssl == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + ERR_R_PASSED_NULL_PARAMETER); return (0); } if (ssl->cert == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSL_R_NO_CERTIFICATE_ASSIGNED); return 0; } if (ssl->cert->key->x509 == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); } if (ssl->cert->key->privatekey == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSL_R_NO_PRIVATE_KEY_ASSIGNED); return (0); } - return(X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey)); + return (X509_check_private_key(ssl->cert->key->x509, + ssl->cert->key->privatekey)); } int SSL_accept(SSL *s) { if (s->handshake_func == 0) - /* Not properly initialized yet */ - SSL_set_accept_state(s); + SSL_set_accept_state(s); /* Not properly initialized yet */ return (s->method->ssl_accept(s)); } @@ -939,8 +967,7 @@ int SSL_connect(SSL *s) { if (s->handshake_func == 0) - /* Not properly initialized yet */ - SSL_set_connect_state(s); + SSL_set_connect_state(s); /* Not properly initialized yet */ return (s->method->ssl_connect(s)); } @@ -955,7 +982,8 @@ int SSL_read(SSL *s, void *buf, int num) { if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_READ, + SSL_R_UNINITIALIZED); return -1; } @@ -970,7 +998,8 @@ int SSL_peek(SSL *s, void *buf, int num) { if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_PEEK, + SSL_R_UNINITIALIZED); return -1; } @@ -984,13 +1013,15 @@ int SSL_write(SSL *s, const void *buf, int num) { if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_WRITE, + SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_SENT_SHUTDOWN) { s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); + SSLerr(SSL_F_SSL_WRITE, + SSL_R_PROTOCOL_IS_SHUTDOWN); return (-1); } return (s->method->ssl_write(s, buf, num)); @@ -999,14 +1030,16 @@ SSL_write(SSL *s, const void *buf, int num) int SSL_shutdown(SSL *s) { - /* Note that this function behaves differently from what one might + /* + * Note that this function behaves differently from what one might * expect. Return values are 0 for no success (yet), * 1 for success; but calling it once is usually not enough, * even if blocking I/O is used (see ssl3_shutdown). */ if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_SHUTDOWN, + SSL_R_UNINITIALIZED); return -1; } @@ -1041,15 +1074,17 @@ SSL_renegotiate_abbreviated(SSL *s) int SSL_renegotiate_pending(SSL *s) { - /* becomes true when negotiation is requested; - * false again once a handshake has finished */ + /* + * Becomes true when negotiation is requested; + * false again once a handshake has finished. + */ return (s->renegotiate != 0); } long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) { - long l; + long l; switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: @@ -1084,7 +1119,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) #endif if (SSL_version(s) == DTLS1_VERSION || - SSL_version(s) == DTLS1_BAD_VER) { + SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; } @@ -1108,7 +1143,9 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); + s->msg_callback = (void (*)(int write_p, int version, + int content_type, const void *buf, size_t len, + SSL *ssl, void *arg))(fp); return 1; default: @@ -1125,7 +1162,7 @@ SSL_CTX_sessions(SSL_CTX *ctx) long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { - long l; + long l; switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: @@ -1206,7 +1243,9 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); + ctx->msg_callback = (void (*)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, + void *arg))(fp); return 1; default: @@ -1217,7 +1256,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { - long l; + long l; l = a->id - b->id; if (l == 0L) @@ -1230,7 +1269,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp) { - long l; + long l; l = (*ap)->id - (*bp)->id; if (l == 0L) @@ -1239,24 +1278,27 @@ ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, return ((l > 0) ? 1:-1); } -/** return a STACK of the ciphers available for the SSL and in order of - * preference */ +/* + * Return a STACK of the ciphers available for the SSL and in order of + * preference. + */ STACK_OF(SSL_CIPHER) * SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { return (s->cipher_list); - } else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) { + } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { return (s->ctx->cipher_list); } } return (NULL); } -/** return a STACK of the ciphers available for the SSL and in order of - * algorithm id */ +/* + * Return a STACK of the ciphers available for the SSL and in order of + * algorithm id. + */ STACK_OF(SSL_CIPHER) * ssl_get_ciphers_by_id(SSL *s) { @@ -1264,19 +1306,19 @@ ssl_get_ciphers_by_id(SSL *s) if (s->cipher_list_by_id != NULL) { return (s->cipher_list_by_id); } else if ((s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) { + (s->ctx->cipher_list_by_id != NULL)) { return (s->ctx->cipher_list_by_id); } } return (NULL); } -/** The old interface to get the same thing as SSL_get_ciphers() */ +/* The old interface to get the same thing as SSL_get_ciphers(). */ const char * SSL_get_cipher_list(const SSL *s, int n) { - SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk; if (s == NULL) return (NULL); @@ -1289,35 +1331,38 @@ SSL_get_cipher_list(const SSL *s, int n) return (c->name); } -/** specify the ciphers to be used by default by the SSL_CTX */ +/* Specify the ciphers to be used by default by the SSL_CTX. */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - &ctx->cipher_list_by_id, str); - /* ssl_create_cipher_list may return an empty stack if it + &ctx->cipher_list_by_id, str); + /* + * ssl_create_cipher_list may return an empty stack if it * was unable to find a cipher matching the given rule string * (for example if the rule string specifies a cipher which * has been disabled). This is not an error as far as * ssl_create_cipher_list is concerned, and hence * ctx->cipher_list and ctx->cipher_list_by_id has been - * updated. */ + * updated. + */ if (sk == NULL) return 0; else if (sk_SSL_CIPHER_num(sk) == 0) { - SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, + SSL_R_NO_CIPHER_MATCH); return 0; } return 1; } -/** specify the ciphers to be used by the SSL */ +/* Specify the ciphers to be used by the SSL. */ int SSL_set_cipher_list(SSL *s, const char *str) { - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, &s->cipher_list_by_id, str); @@ -1325,7 +1370,8 @@ SSL_set_cipher_list(SSL *s, const char *str) if (sk == NULL) return 0; else if (sk_SSL_CIPHER_num(sk) == 0) { - SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + SSLerr(SSL_F_SSL_SET_CIPHER_LIST, + SSL_R_NO_CIPHER_MATCH); return 0; } return 1; @@ -1335,11 +1381,11 @@ SSL_set_cipher_list(SSL *s, const char *str) char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len) { - char *end; - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - size_t curlen = 0; - int i; + char *end; + STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + size_t curlen = 0; + int i; if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) @@ -1351,7 +1397,7 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) c = sk_SSL_CIPHER_value(sk, i); end = buf + curlen; if (strlcat(buf, c->name, len) >= len || - (curlen = strlcat(buf, ":", len)) >= len) { + (curlen = strlcat(buf, ":", len)) >= len) { /* remove truncated cipher from list */ *end = '\0'; break; @@ -1367,11 +1413,11 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *)) { - int i, j = 0; - SSL_CIPHER *c; - unsigned char *q; + int i, j = 0; + SSL_CIPHER *c; + unsigned char *q; #ifndef OPENSSL_NO_KRB5 - int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); + int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); #endif /* OPENSSL_NO_KRB5 */ if (sk == NULL) @@ -1382,30 +1428,33 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, c = sk_SSL_CIPHER_value(sk, i); /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_client_version(s) < TLS1_2_VERSION)) - continue; + (TLS1_get_client_version(s) < TLS1_2_VERSION)) + continue; #ifndef OPENSSL_NO_KRB5 - if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && - nokrb5) - continue; + if (((c->algorithm_mkey & SSL_kKRB5) || + (c->algorithm_auth & SSL_aKRB5)) && nokrb5) + continue; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ - if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && - s->psk_client_callback == NULL) - continue; + if (((c->algorithm_mkey & SSL_kPSK) || + (c->algorithm_auth & SSL_aPSK)) && + s->psk_client_callback == NULL) + continue; #endif /* OPENSSL_NO_PSK */ j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); p += j; } - /* If p == q, no ciphers and caller indicates an error. Otherwise + /* + * If p == q, no ciphers and caller indicates an error. Otherwise * add SCSV if not renegotiating. */ if (p != q && !s->renegotiate) { static SSL_CIPHER scsv = { 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); + j = put_cb ? put_cb(&scsv, p) : + ssl_put_cipher_by_char(s, &scsv, p); p += j; #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "SCSV sent by client\n"); @@ -1419,15 +1468,17 @@ STACK_OF(SSL_CIPHER) * ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, STACK_OF(SSL_CIPHER) **skp) { - const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; - int i, n; + const SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk; + int i, n; + if (s->s3) s->s3->send_connection_binding = 0; n = ssl_put_cipher_by_char(s, NULL, NULL); if ((num % n) != 0) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } if ((skp == NULL) || (*skp == NULL)) @@ -1440,12 +1491,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, for (i = 0; i < num; i += n) { /* Check for SCSV */ if (s->s3 && (n != 3 || !p[0]) && - (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { + (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { /* SCSV fatal if renegotiating */ if (s->renegotiate) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); goto err; } @@ -1461,7 +1514,8 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, p += n; if (c != NULL) { if (!sk_SSL_CIPHER_push(sk, c)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + ERR_R_MALLOC_FAILURE); goto err; } } @@ -1470,7 +1524,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, if (skp != NULL) *skp = sk; return (sk); -err: + err: if ((skp == NULL) || (*skp == NULL)) sk_SSL_CIPHER_free(sk); return (NULL); @@ -1478,10 +1532,10 @@ err: #ifndef OPENSSL_NO_TLSEXT -/** return a servername extension value if provided in Client Hello, or NULL. +/* + * Return a servername extension value if provided in Client Hello, or NULL. * So far, only host_name types are defined (RFC 3546). */ - const char * SSL_get_servername(const SSL *s, const int type) { @@ -1489,20 +1543,23 @@ SSL_get_servername(const SSL *s, const int type) return NULL; return s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : - s->tlsext_hostname; + s->session->tlsext_hostname : + s->tlsext_hostname; } int SSL_get_servername_type(const SSL *s) { - if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) + if (s->session && + (!s->tlsext_hostname ? + s->session->tlsext_hostname : s->tlsext_hostname)) return TLSEXT_NAMETYPE_host_name; return -1; } # ifndef OPENSSL_NO_NEXTPROTONEG -/* SSL_select_next_proto implements the standard protocol selection. It is +/* + * SSL_select_next_proto implements the standard protocol selection. It is * expected that this function is called from the callback set by * SSL_CTX_set_next_proto_select_cb. * @@ -1533,17 +1590,23 @@ SSL_get_servername_type(const SSL *s) * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. */ int -SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) +SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *server, unsigned int server_len, + const unsigned char *client, unsigned int client_len) { - unsigned int i, j; - const unsigned char *result; - int status = OPENSSL_NPN_UNSUPPORTED; + unsigned int i, j; + const unsigned char *result; + int status = OPENSSL_NPN_UNSUPPORTED; - /* For each protocol in server preference order, see if we support it. */ + /* + * For each protocol in server preference order, + * see if we support it. + */ for (i = 0; i < server_len; ) { for (j = 0; j < client_len; ) { if (server[i] == client[j] && - memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { + memcmp(&server[i + 1], + &client[j + 1], server[i]) == 0) { /* We found a match */ result = &server[i]; status = OPENSSL_NPN_NEGOTIATED; @@ -1560,13 +1623,14 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned result = client; status = OPENSSL_NPN_NO_OVERLAP; - found: + found: *out = (unsigned char *) result + 1; *outlen = result[0]; return status; } -/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's +/* + * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's * requested protocol for this connection and returns 0. If the client didn't * request any protocol, then *data is set to NULL. * @@ -1575,7 +1639,8 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned * provided by the callback. */ void -SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) +SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len) { *data = s->next_proto_negotiated; if (!*data) { @@ -1585,23 +1650,27 @@ SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigne } } -/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a +/* + * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a * TLS server needs a list of supported protocols for Next Protocol * Negotiation. The returned list must be in wire format. The list is returned * by setting |out| to point to it and |outlen| to its length. This memory will * not be modified, but one should assume that the SSL* keeps a reference to * it. * - * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no - * such extension will be included in the ServerHello. */ + * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. + * Otherwise, no such extension will be included in the ServerHello. + */ void -SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) +SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, + const unsigned char **out, unsigned int *outlen, void *arg), void *arg) { ctx->next_protos_advertised_cb = cb; ctx->next_protos_advertised_cb_arg = arg; } -/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a +/* + * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a * client needs to select a protocol from the server's provided list. |out| * must be set to point to the selected protocol (which may be within |in|). * The length of the protocol name must be written into |outlen|. The server's @@ -1612,7 +1681,9 @@ SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const u * callback returns a value other than SSL_TLSEXT_ERR_OK. */ void -SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) +SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, + unsigned char **out, unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg), void *arg) { ctx->next_proto_select_cb = cb; ctx->next_proto_select_cb_arg = arg; @@ -1623,34 +1694,35 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, -int use_context) + int use_context) { if (s->version < TLS1_VERSION) return -1; - return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, p, plen, - use_context); + return s->method->ssl3_enc->export_keying_material(s, out, olen, + label, llen, p, plen, use_context); } static unsigned long ssl_session_hash(const SSL_SESSION *a) { - unsigned long l; + unsigned long l; l = (unsigned long) - ((unsigned int) a->session_id[0] )| - ((unsigned int) a->session_id[1]<< 8L)| - ((unsigned long)a->session_id[2]<<16L)| - ((unsigned long)a->session_id[3]<<24L); + ((unsigned int) a->session_id[0] )| + ((unsigned int) a->session_id[1]<< 8L)| + ((unsigned long)a->session_id[2]<<16L)| + ((unsigned long)a->session_id[3]<<24L); return (l); } -/* NB: If this function (or indeed the hash function which uses a sort of +/* + * NB: If this function (or indeed the hash function which uses a sort of * coarser function than this one) is changed, ensure * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being * able to construct an SSL_SESSION that will collide with any existing session - * with a matching session ID. */ + * with a matching session ID. + */ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { @@ -1661,10 +1733,12 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) return (memcmp(a->session_id, b->session_id, a->session_id_length)); } -/* These wrapper functions should remain rather than redeclaring +/* + * These wrapper functions should remain rather than redeclaring * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each * variable. The reason is that the functions aren't static, they're exposed via - * ssl.h. */ + * ssl.h. + */ static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) static @@ -1673,15 +1747,17 @@ IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) SSL_CTX * SSL_CTX_new(const SSL_METHOD *meth) { - SSL_CTX *ret = NULL; + SSL_CTX *ret = NULL; if (meth == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_NULL_SSL_METHOD_PASSED); return (NULL); } if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } ret = calloc(1, sizeof(SSL_CTX)); @@ -1748,7 +1824,8 @@ SSL_CTX_new(const SSL_METHOD *meth) &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } @@ -1757,11 +1834,13 @@ SSL_CTX_new(const SSL_METHOD *meth) goto err; if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; } if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); goto err2; } @@ -1782,9 +1861,9 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_servername_arg = NULL; /* Setup RFC4507 ticket keys */ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) - ret->options |= SSL_OP_NO_TICKET; + || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) + || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + ret->options |= SSL_OP_NO_TICKET; ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; @@ -1814,22 +1893,25 @@ SSL_CTX_new(const SSL_METHOD *meth) if (!eng) { ERR_clear_error(); ENGINE_load_builtin_engines(); - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + eng = ENGINE_by_id(eng_str( + OPENSSL_SSL_CLIENT_ENGINE_AUTO)); } if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) ERR_clear_error(); } #endif #endif - /* Default is to connect to non-RI servers. When RI is more widely + /* + * Default is to connect to non-RI servers. When RI is more widely * deployed might change this. */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; return (ret); -err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); -err2: + err: + SSLerr(SSL_F_SSL_CTX_NEW, + ERR_R_MALLOC_FAILURE); + err2: if (ret != NULL) SSL_CTX_free(ret); return (NULL); @@ -1845,7 +1927,7 @@ SSL_COMP_free(SSL_COMP *comp) void SSL_CTX_free(SSL_CTX *a) { - int i; + int i; if (a == NULL) return; @@ -1926,7 +2008,8 @@ SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) } void -SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) +SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, + void *), void *arg) { ctx->app_verify_callback = cb; ctx->app_verify_arg = arg; @@ -1948,18 +2031,18 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { - CERT_PKEY *cpk; - int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; - int rsa_enc_export, dh_rsa_export, dh_dsa_export; - int rsa_tmp_export, dh_tmp_export, kl; - unsigned long mask_k, mask_a, emask_k, emask_a; - int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; + CERT_PKEY *cpk; + int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; + int rsa_enc_export, dh_rsa_export, dh_dsa_export; + int rsa_tmp_export, dh_tmp_export, kl; + unsigned long mask_k, mask_a, emask_k, emask_a; + int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; #ifndef OPENSSL_NO_ECDH - int have_ecdh_tmp; + int have_ecdh_tmp; #endif - X509 *x = NULL; - EVP_PKEY *ecc_pkey = NULL; - int signature_nid = 0, pk_nid = 0, md_nid = 0; + X509 *x = NULL; + EVP_PKEY *ecc_pkey = NULL; + int signature_nid = 0, pk_nid = 0, md_nid = 0; if (c == NULL) return; @@ -2005,8 +2088,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #ifdef CIPHER_DEBUG printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, - rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); + rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, + rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif cpk = &(c->pkeys[SSL_PKEY_GOST01]); @@ -2071,7 +2154,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) emask_a|=SSL_aKRB5; #endif - /* An ECC certificate may be usable for ECDH and/or + /* + * An ECC certificate may be usable for ECDH and/or * ECDSA cipher suites depending on the key usage extension. */ if (have_ecc_cert) { @@ -2150,11 +2234,11 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { - unsigned long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - int keysize = 0; - int signature_nid = 0, md_nid = 0, pk_nid = 0; - const SSL_CIPHER *cs = s->s3->tmp.new_cipher; + unsigned long alg_k, alg_a; + EVP_PKEY *pkey = NULL; + int keysize = 0; + int signature_nid = 0, md_nid = 0, pk_nid = 0; + const SSL_CIPHER *cs = s->s3->tmp.new_cipher; alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; @@ -2179,21 +2263,25 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { /* key usage, if present, must allow key agreement */ if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); return 0; } - if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { + if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < + TLS1_2_VERSION) { /* signature alg must be ECDSA */ if (pk_nid != NID_X9_62_id_ecPublicKey) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); return 0; } } - if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { + if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < + TLS1_2_VERSION) { /* signature alg must be RSA */ - if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); return 0; } } @@ -2201,7 +2289,8 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (alg_a & SSL_aECDSA) { /* key usage, if present, must allow signing */ if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_NOT_FOR_SIGNING); return 0; } } @@ -2216,9 +2305,9 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) CERT_PKEY * ssl_get_server_send_pkey(const SSL *s) { - unsigned long alg_k, alg_a; - CERT *c; - int i; + unsigned long alg_k, alg_a; + CERT *c; + int i; c = s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); @@ -2227,7 +2316,8 @@ ssl_get_server_send_pkey(const SSL *s) alg_a = s->s3->tmp.new_cipher->algorithm_auth; if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { - /* we don't need to look at SSL_kEECDH + /* + * We don't need to look at SSL_kEECDH * since no certificate is needed for * anon ECDH and for authenticated * EECDH, the check for the auth @@ -2242,7 +2332,7 @@ ssl_get_server_send_pkey(const SSL *s) } else if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; } else if (alg_k & SSL_kDHr) - i = SSL_PKEY_DH_RSA; + i = SSL_PKEY_DH_RSA; else if (alg_k & SSL_kDHd) i = SSL_PKEY_DH_DSA; else if (alg_a & SSL_aDSS) @@ -2256,12 +2346,12 @@ ssl_get_server_send_pkey(const SSL *s) /* VRS something else here? */ return (NULL); } else if (alg_a & SSL_aGOST94) - i = SSL_PKEY_GOST94; + i = SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) i = SSL_PKEY_GOST01; - else /* if (alg_a & SSL_aNULL) */ - { - SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); + else { /* if (alg_a & SSL_aNULL) */ + SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, + ERR_R_INTERNAL_ERROR); return (NULL); } @@ -2271,7 +2361,8 @@ ssl_get_server_send_pkey(const SSL *s) X509 * ssl_get_server_send_cert(const SSL *s) { - CERT_PKEY *cpk; + CERT_PKEY *cpk; + cpk = ssl_get_server_send_pkey(s); if (!cpk) return NULL; @@ -2281,26 +2372,27 @@ ssl_get_server_send_cert(const SSL *s) EVP_PKEY * ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) { - unsigned long alg_a; - CERT *c; - int idx = -1; + unsigned long alg_a; + CERT *c; + int idx = -1; alg_a = cipher->algorithm_auth; c = s->cert; if ((alg_a & SSL_aDSS) && - (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) - idx = SSL_PKEY_DSA_SIGN; + (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) + idx = SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) idx = SSL_PKEY_RSA_SIGN; else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) idx = SSL_PKEY_RSA_ENC; } else if ((alg_a & SSL_aECDSA) && - (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) - idx = SSL_PKEY_ECC; + (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) + idx = SSL_PKEY_ECC; if (idx == -1) { - SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL_GET_SIGN_PKEY, + ERR_R_INTERNAL_ERROR); return (NULL); } if (pmd) @@ -2311,18 +2403,19 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) void ssl_update_cache(SSL *s, int mode) { - int i; + int i; - /* If the session_id_length is 0, we are not supposed to cache it, - * and it would be rather hard to do anyway :-) */ + /* + * If the session_id_length is 0, we are not supposed to cache it, + * and it would be rather hard to do anyway :-) + */ if (s->session->session_id_length == 0) return; i = s->session_ctx->session_cache_mode; - if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx, s->session)) - && (s->session_ctx->new_session_cb != NULL)) { + if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) + || SSL_CTX_add_session(s->session_ctx, s->session)) + && (s->session_ctx->new_session_cb != NULL)) { CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); if (!s->session_ctx->new_session_cb(s, s->session)) SSL_SESSION_free(s->session); @@ -2330,10 +2423,10 @@ ssl_update_cache(SSL *s, int mode) /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && - ((i & mode) == mode)) { - if ((((mode & SSL_SESS_CACHE_CLIENT) - ?s->session_ctx->stats.sess_connect_good - :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { + ((i & mode) == mode)) { + if ((((mode & SSL_SESS_CACHE_CLIENT) ? + s->session_ctx->stats.sess_connect_good : + s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); } } @@ -2348,8 +2441,8 @@ SSL_get_ssl_method(SSL *s) int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) { - int conn = -1; - int ret = 1; + int conn = -1; + int ret = 1; if (s->method != meth) { if (s->handshake_func != NULL) @@ -2374,9 +2467,9 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) int SSL_get_error(const SSL *s, int i) { - int reason; - unsigned long l; - BIO *bio; + int reason; + unsigned long l; + BIO *bio; if (i > 0) return (SSL_ERROR_NONE); @@ -2422,8 +2515,11 @@ SSL_get_error(const SSL *s, int i) if (BIO_should_write(bio)) return (SSL_ERROR_WANT_WRITE); else if (BIO_should_read(bio)) - /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ - return (SSL_ERROR_WANT_READ); + return (SSL_ERROR_WANT_READ); + /* + * See above (SSL_want_read(s) with + * BIO_should_write(bio)) + */ else if (BIO_should_io_special(bio)) { reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) @@ -2449,10 +2545,11 @@ SSL_get_error(const SSL *s, int i) int SSL_do_handshake(SSL *s) { - int ret = 1; + int ret = 1; if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); + SSLerr(SSL_F_SSL_DO_HANDSHAKE, + SSL_R_CONNECTION_TYPE_NOT_SET); return (-1); } @@ -2464,8 +2561,10 @@ SSL_do_handshake(SSL *s) return (ret); } -/* For the next 2 functions, SSL_clear() sets shutdown and so - * one of these calls will reset it */ +/* + * For the next 2 functions, SSL_clear() sets shutdown and so + * one of these calls will reset it + */ void SSL_set_accept_state(SSL *s) { @@ -2495,28 +2594,32 @@ SSL_set_connect_state(SSL *s) int ssl_undefined_function(SSL *s) { - SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } int ssl_undefined_void_function(void) { - SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } int ssl_undefined_const_function(const SSL *s) { - SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } SSL_METHOD * ssl_bad_method(int ver) { - SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_BAD_METHOD, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (NULL); } @@ -2554,10 +2657,12 @@ SSL_dup(SSL *s) /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ SSL_copy_session_id(ret, s); } else { - /* No session has been established yet, so we have to expect + /* + * No session has been established yet, so we have to expect * that s->cert or ret->cert will be changed later -- * they should not both point to the same object, - * and thus we can't use SSL_copy_session_id. */ + * and thus we can't use SSL_copy_session_id. + */ ret->method->ssl_free(ret); ret->method = s->method; @@ -2592,7 +2697,8 @@ SSL_dup(SSL *s) ret->debug = s->debug; /* copy app data, a little dangerous perhaps */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, + &ret->ex_data, &s->ex_data)) goto err; /* setup rbio, and wbio */ @@ -2615,22 +2721,30 @@ SSL_dup(SSL *s) ret->new_session = s->new_session; ret->quiet_shutdown = s->quiet_shutdown; ret->shutdown = s->shutdown; - ret->state=s->state; /* SSL_dup does not really work at any state, though */ + /* SSL_dup does not really work at any state, though */ + ret->state=s->state; ret->rstate = s->rstate; - ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ + + /* + * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, + * ret->init_off + */ + ret->init_num = 0; + ret->hit = s->hit; X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ if (s->cipher_list != NULL) { - if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) + if ((ret->cipher_list = + sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; } if (s->cipher_list_by_id != NULL) - if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) - == NULL) - goto err; + if ((ret->cipher_list_by_id = + sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) + goto err; /* Dup the client_CA list */ if (s->client_CA != NULL) { @@ -2638,7 +2752,8 @@ SSL_dup(SSL *s) ret->client_CA = sk; for (i = 0; i < sk_X509_NAME_num(sk); i++) { xn = sk_X509_NAME_value(sk, i); - if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { + if (sk_X509_NAME_set(sk, i, + X509_NAME_dup(xn)) == NULL) { X509_NAME_free(xn); goto err; } @@ -2646,7 +2761,7 @@ SSL_dup(SSL *s) } if (0) { -err: + err: if (ret != NULL) SSL_free(ret); ret = NULL; @@ -2740,7 +2855,7 @@ SSL_get_current_expansion(SSL *s) int ssl_init_wbio_buffer(SSL *s, int push) { - BIO *bbio; + BIO *bbio; if (s->bbio == NULL) { bbio = BIO_new(BIO_f_buffer()); @@ -2755,7 +2870,8 @@ ssl_init_wbio_buffer(SSL *s, int push) (void)BIO_reset(bbio); /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ if (!BIO_set_read_buffer_size(bbio, 1)) { - SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, + ERR_R_BUF_LIB); return (0); } if (push) { @@ -2871,8 +2987,10 @@ SSL_set_info_callback(SSL *ssl, ssl->info_callback = cb; } -/* One compiler (Diab DCC) doesn't like argument names in returned - function pointer. */ +/* + * One compiler (Diab DCC) doesn't like argument names in returned + * function pointer. + */ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) { return ssl->info_callback; @@ -2907,7 +3025,7 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); + new_func, dup_func, free_func); } int @@ -2927,7 +3045,7 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); + new_func, dup_func, free_func); } int @@ -3030,10 +3148,11 @@ SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, #ifndef OPENSSL_NO_ECDH void -SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, - int keylength)) +SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, + int is_export, int keylength)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, + (void (*)(void))ecdh); } void @@ -3048,8 +3167,10 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { - SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); + if (identity_hint != NULL && strlen(identity_hint) > + PSK_MAX_IDENTITY_LEN) { + SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, + SSL_R_DATA_LENGTH_TOO_LONG); return 0; } if (ctx->psk_identity_hint != NULL) @@ -3072,8 +3193,10 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) if (s->session == NULL) return 1; /* session not created yet, ignored */ - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { - SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); + if (identity_hint != NULL && strlen(identity_hint) > + PSK_MAX_IDENTITY_LEN) { + SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, + SSL_R_DATA_LENGTH_TOO_LONG); return 0; } if (s->session->psk_identity_hint != NULL) @@ -3106,7 +3229,7 @@ SSL_get_psk_identity(const SSL *s) void SSL_set_psk_client_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *hint, -char *identity, unsigned int max_identity_len, unsigned char *psk, + char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)) { s->psk_client_callback = cb; @@ -3115,7 +3238,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk, void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *hint, -char *identity, unsigned int max_identity_len, unsigned char *psk, + char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)) { ctx->psk_client_callback = cb; @@ -3124,7 +3247,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk, void SSL_set_psk_server_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *identity, -unsigned char *psk, unsigned int max_psk_len)) + unsigned char *psk, unsigned int max_psk_len)) { s->psk_server_callback = cb; } @@ -3132,30 +3255,33 @@ unsigned char *psk, unsigned int max_psk_len)) void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *identity, -unsigned char *psk, unsigned int max_psk_len)) + unsigned char *psk, unsigned int max_psk_len)) { ctx->psk_server_callback = cb; } #endif void -SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, + (void (*)(void))cb); } void -SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } -/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer +/* + * Allocates new EVP_MD_CTX and sets pointer to it into given pointer * vairable, freeing EVP_MD_CTX previously stored in that variable, if * any. If EVP_MD pointer is passed, initializes ctx with this md * Returns newly allocated ctx; */ - EVP_MD_CTX * ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { @@ -3169,7 +3295,6 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) void ssl_clear_hash_ctx(EVP_MD_CTX **hash) { - if (*hash) EVP_MD_CTX_destroy(*hash); *hash = NULL; @@ -3190,4 +3315,4 @@ SSL_cache_hit(SSL *s) IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, -ssl_cipher_id); + ssl_cipher_id); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index cde564cade1..830f574183e 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -160,7 +160,10 @@ const char *SSL_version_str = OPENSSL_VERSION_TEXT; SSL3_ENC_METHOD ssl3_undef_enc_method = { - /* evil casts, but these functions are only called if there's a library bug */ + /* + * Evil casts, but these functions are only called if there's a + * library bug. + */ (int (*)(SSL *, int))ssl_undefined_function, (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, @@ -182,9 +185,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { int SSL_clear(SSL *s) { - if (s->method == NULL) { - SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); + SSLerr(SSL_F_SSL_CLEAR, + SSL_R_NO_METHOD_SPECIFIED); return (0); } @@ -198,7 +201,8 @@ SSL_clear(SSL *s) s->shutdown = 0; if (s->renegotiate) { - SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL_CLEAR, + ERR_R_INTERNAL_ERROR); return 0; } @@ -226,16 +230,19 @@ SSL_clear(SSL *s) s->first_packet = 0; #if 1 - /* Check to see if we were changed into a different method, if - * so, revert back if we are not doing session-id reuse. */ - if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { + /* + * Check to see if we were changed into a different method, if + * so, revert back if we are not doing session-id reuse. + */ + if (!s->in_handshake && (s->session == NULL) && + (s->method != s->ctx->method)) { s->method->ssl_free(s); s->method = s->ctx->method; if (!s->method->ssl_new(s)) return (0); } else #endif - s->method->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -243,14 +250,15 @@ SSL_clear(SSL *s) int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) { - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *sk; ctx->method = meth; sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, + SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); } return (1); @@ -259,14 +267,16 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) SSL * SSL_new(SSL_CTX *ctx) { - SSL *s; + SSL *s; if (ctx == NULL) { - SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); + SSLerr(SSL_F_SSL_NEW, + SSL_R_NULL_SSL_CTX); return (NULL); } if (ctx->method == NULL) { - SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); + SSLerr(SSL_F_SSL_NEW, + SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); return (NULL); } @@ -283,7 +293,8 @@ SSL_new(SSL_CTX *ctx) s->max_cert_list = ctx->max_cert_list; if (ctx->cert != NULL) { - /* Earlier library versions used to copy the pointer to + /* + * Earlier library versions used to copy the pointer to * the CERT, not its contents; only when setting new * parameters for the per-SSL copy, ssl_cert_new would be * called (and the direct reference to the per-SSL_CTX @@ -291,8 +302,8 @@ SSL_new(SSL_CTX *ctx) * accessed for various purposes, and for that reason they * used to be known as s->ctx->default_cert). * Now we don't look at the SSL_CTX's CERT after having - * duplicated it once. */ - + * duplicated it once. + */ s->cert = ssl_cert_dup(ctx->cert); if (s->cert == NULL) goto err; @@ -362,7 +373,7 @@ SSL_new(SSL_CTX *ctx) #endif return (s); -err: + err: if (s != NULL) { if (s->cert != NULL) ssl_cert_free(s->cert); @@ -370,7 +381,8 @@ err: SSL_CTX_free(s->ctx); /* decrement reference count */ free(s); } - SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_NEW, + ERR_R_MALLOC_FAILURE); return (NULL); } @@ -379,7 +391,8 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if (sid_ctx_len > sizeof ctx->sid_ctx) { - SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, + SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } ctx->sid_ctx_length = sid_ctx_len; @@ -393,7 +406,8 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { - SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, + SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; } ssl->sid_ctx_length = sid_ctx_len; @@ -485,7 +499,7 @@ SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) void SSL_free(SSL *s) { - int i; + int i; if (s == NULL) return; @@ -550,7 +564,7 @@ SSL_free(SSL *s) free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); + X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); if (s->tlsext_ocsp_resp) @@ -587,8 +601,7 @@ SSL_free(SSL *s) void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) { - /* If the output buffering BIO is still in place, remove it - */ + /* If the output buffering BIO is still in place, remove it */ if (s->bbio != NULL) { if (s->wbio == s->bbio) { s->wbio = s->wbio->next_bio; @@ -624,8 +637,8 @@ SSL_get_fd(const SSL *s) int SSL_get_rfd(const SSL *s) { - int ret = -1; - BIO *b, *r; + int ret = -1; + BIO *b, *r; b = SSL_get_rbio(s); r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); @@ -637,8 +650,8 @@ SSL_get_rfd(const SSL *s) int SSL_get_wfd(const SSL *s) { - int ret = -1; - BIO *b, *r; + int ret = -1; + BIO *b, *r; b = SSL_get_wbio(s); r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); @@ -651,34 +664,36 @@ SSL_get_wfd(const SSL *s) int SSL_set_fd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; + int ret = 0; + BIO *bio = NULL; bio = BIO_new(BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL_SET_FD, + ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); ret = 1; -err: + err: return (ret); } int SSL_set_wfd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; + int ret = 0; + BIO *bio = NULL; if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { + || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { bio = BIO_new(BIO_s_socket()); - if (bio == NULL) - { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); + if (bio == NULL) { + SSLerr(SSL_F_SSL_SET_WFD, + ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); @@ -686,22 +701,23 @@ SSL_set_wfd(SSL *s, int fd) } else SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); ret = 1; -err: + err: return (ret); } int SSL_set_rfd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; + int ret = 0; + BIO *bio = NULL; if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { + || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { bio = BIO_new(BIO_s_socket()); if (bio == NULL) { - SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL_SET_RFD, + ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); @@ -709,7 +725,7 @@ SSL_set_rfd(SSL *s, int fd) } else SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); ret = 1; -err: + err: return (ret); } #endif @@ -719,7 +735,7 @@ err: size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { - size_t ret = 0; + size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.finish_md_len; @@ -734,7 +750,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { - size_t ret = 0; + size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.peer_finish_md_len; @@ -810,7 +826,8 @@ SSL_get_read_ahead(const SSL *s) int SSL_pending(const SSL *s) { - /* SSL_pending cannot work properly if read-ahead is enabled + /* + * SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), * and it is impossible to fix since SSL_pending cannot report * errors that may be observed while scanning the new data. @@ -823,7 +840,7 @@ SSL_pending(const SSL *s) X509 * SSL_get_peer_certificate(const SSL *s) { - X509 *r; + X509 *r; if ((s == NULL) || (s->session == NULL)) r = NULL; @@ -841,32 +858,38 @@ SSL_get_peer_certificate(const SSL *s) STACK_OF(X509) * SSL_get_peer_cert_chain(const SSL *s) { - STACK_OF(X509) *r; + STACK_OF(X509) *r; - if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) + if ((s == NULL) || (s->session == NULL) || + (s->session->sess_cert == NULL)) r = NULL; else r = s->session->sess_cert->cert_chain; - /* If we are a client, cert_chain includes the peer's own + /* + * If we are a client, cert_chain includes the peer's own * certificate; -if we are a server, it does not. */ - + * if we are a server, it does not. + */ return (r); } -/* Now in theory, since the calling process own 't' it should be safe to - * modify. We need to be able to read f without being hassled */ +/* + * Now in theory, since the calling process own 't' it should be safe to + * modify. We need to be able to read f without being hassled + */ void SSL_copy_session_id(SSL *t, const SSL *f) { - CERT *tmp; + CERT *tmp; /* Do we need to to SSL locking? */ SSL_set_session(t, SSL_get_session(f)); - /* what if we are setup as SSLv2 but want to talk SSLv3 or - * vice-versa */ + /* + * What if we are setup as SSLv2 but want to talk SSLv3 or + * vice-versa. + */ if (t->method != f->method) { t->method->ssl_free(t); /* cleanup current */ t->method=f->method; /* change method */ @@ -888,17 +911,19 @@ SSL_copy_session_id(SSL *t, const SSL *f) int SSL_CTX_check_private_key(const SSL_CTX *ctx) { - if ((ctx == NULL) || - (ctx->cert == NULL) || - (ctx->cert->key->x509 == NULL)) { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + if ((ctx == NULL) || (ctx->cert == NULL) || + (ctx->cert->key->x509 == NULL)) { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, + SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); } if (ctx->cert->key->privatekey == NULL) { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, + SSL_R_NO_PRIVATE_KEY_ASSIGNED); return (0); } - return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); + return (X509_check_private_key(ctx->cert->key->x509, + ctx->cert->key->privatekey)); } /* Fix this function so that it takes an optional type parameter */ @@ -906,31 +931,34 @@ int SSL_check_private_key(const SSL *ssl) { if (ssl == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + ERR_R_PASSED_NULL_PARAMETER); return (0); } if (ssl->cert == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSL_R_NO_CERTIFICATE_ASSIGNED); return 0; } if (ssl->cert->key->x509 == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); } if (ssl->cert->key->privatekey == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, + SSL_R_NO_PRIVATE_KEY_ASSIGNED); return (0); } - return(X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey)); + return (X509_check_private_key(ssl->cert->key->x509, + ssl->cert->key->privatekey)); } int SSL_accept(SSL *s) { if (s->handshake_func == 0) - /* Not properly initialized yet */ - SSL_set_accept_state(s); + SSL_set_accept_state(s); /* Not properly initialized yet */ return (s->method->ssl_accept(s)); } @@ -939,8 +967,7 @@ int SSL_connect(SSL *s) { if (s->handshake_func == 0) - /* Not properly initialized yet */ - SSL_set_connect_state(s); + SSL_set_connect_state(s); /* Not properly initialized yet */ return (s->method->ssl_connect(s)); } @@ -955,7 +982,8 @@ int SSL_read(SSL *s, void *buf, int num) { if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_READ, + SSL_R_UNINITIALIZED); return -1; } @@ -970,7 +998,8 @@ int SSL_peek(SSL *s, void *buf, int num) { if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_PEEK, + SSL_R_UNINITIALIZED); return -1; } @@ -984,13 +1013,15 @@ int SSL_write(SSL *s, const void *buf, int num) { if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_WRITE, + SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_SENT_SHUTDOWN) { s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); + SSLerr(SSL_F_SSL_WRITE, + SSL_R_PROTOCOL_IS_SHUTDOWN); return (-1); } return (s->method->ssl_write(s, buf, num)); @@ -999,14 +1030,16 @@ SSL_write(SSL *s, const void *buf, int num) int SSL_shutdown(SSL *s) { - /* Note that this function behaves differently from what one might + /* + * Note that this function behaves differently from what one might * expect. Return values are 0 for no success (yet), * 1 for success; but calling it once is usually not enough, * even if blocking I/O is used (see ssl3_shutdown). */ if (s->handshake_func == 0) { - SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_SHUTDOWN, + SSL_R_UNINITIALIZED); return -1; } @@ -1041,15 +1074,17 @@ SSL_renegotiate_abbreviated(SSL *s) int SSL_renegotiate_pending(SSL *s) { - /* becomes true when negotiation is requested; - * false again once a handshake has finished */ + /* + * Becomes true when negotiation is requested; + * false again once a handshake has finished. + */ return (s->renegotiate != 0); } long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) { - long l; + long l; switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: @@ -1084,7 +1119,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) #endif if (SSL_version(s) == DTLS1_VERSION || - SSL_version(s) == DTLS1_BAD_VER) { + SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; } @@ -1108,7 +1143,9 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); + s->msg_callback = (void (*)(int write_p, int version, + int content_type, const void *buf, size_t len, + SSL *ssl, void *arg))(fp); return 1; default: @@ -1125,7 +1162,7 @@ SSL_CTX_sessions(SSL_CTX *ctx) long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { - long l; + long l; switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: @@ -1206,7 +1243,9 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); + ctx->msg_callback = (void (*)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, + void *arg))(fp); return 1; default: @@ -1217,7 +1256,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { - long l; + long l; l = a->id - b->id; if (l == 0L) @@ -1230,7 +1269,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp) { - long l; + long l; l = (*ap)->id - (*bp)->id; if (l == 0L) @@ -1239,24 +1278,27 @@ ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, return ((l > 0) ? 1:-1); } -/** return a STACK of the ciphers available for the SSL and in order of - * preference */ +/* + * Return a STACK of the ciphers available for the SSL and in order of + * preference. + */ STACK_OF(SSL_CIPHER) * SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { return (s->cipher_list); - } else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) { + } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { return (s->ctx->cipher_list); } } return (NULL); } -/** return a STACK of the ciphers available for the SSL and in order of - * algorithm id */ +/* + * Return a STACK of the ciphers available for the SSL and in order of + * algorithm id. + */ STACK_OF(SSL_CIPHER) * ssl_get_ciphers_by_id(SSL *s) { @@ -1264,19 +1306,19 @@ ssl_get_ciphers_by_id(SSL *s) if (s->cipher_list_by_id != NULL) { return (s->cipher_list_by_id); } else if ((s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) { + (s->ctx->cipher_list_by_id != NULL)) { return (s->ctx->cipher_list_by_id); } } return (NULL); } -/** The old interface to get the same thing as SSL_get_ciphers() */ +/* The old interface to get the same thing as SSL_get_ciphers(). */ const char * SSL_get_cipher_list(const SSL *s, int n) { - SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk; if (s == NULL) return (NULL); @@ -1289,35 +1331,38 @@ SSL_get_cipher_list(const SSL *s, int n) return (c->name); } -/** specify the ciphers to be used by default by the SSL_CTX */ +/* Specify the ciphers to be used by default by the SSL_CTX. */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - &ctx->cipher_list_by_id, str); - /* ssl_create_cipher_list may return an empty stack if it + &ctx->cipher_list_by_id, str); + /* + * ssl_create_cipher_list may return an empty stack if it * was unable to find a cipher matching the given rule string * (for example if the rule string specifies a cipher which * has been disabled). This is not an error as far as * ssl_create_cipher_list is concerned, and hence * ctx->cipher_list and ctx->cipher_list_by_id has been - * updated. */ + * updated. + */ if (sk == NULL) return 0; else if (sk_SSL_CIPHER_num(sk) == 0) { - SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, + SSL_R_NO_CIPHER_MATCH); return 0; } return 1; } -/** specify the ciphers to be used by the SSL */ +/* Specify the ciphers to be used by the SSL. */ int SSL_set_cipher_list(SSL *s, const char *str) { - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, &s->cipher_list_by_id, str); @@ -1325,7 +1370,8 @@ SSL_set_cipher_list(SSL *s, const char *str) if (sk == NULL) return 0; else if (sk_SSL_CIPHER_num(sk) == 0) { - SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); + SSLerr(SSL_F_SSL_SET_CIPHER_LIST, + SSL_R_NO_CIPHER_MATCH); return 0; } return 1; @@ -1335,11 +1381,11 @@ SSL_set_cipher_list(SSL *s, const char *str) char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len) { - char *end; - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - size_t curlen = 0; - int i; + char *end; + STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + size_t curlen = 0; + int i; if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) @@ -1351,7 +1397,7 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) c = sk_SSL_CIPHER_value(sk, i); end = buf + curlen; if (strlcat(buf, c->name, len) >= len || - (curlen = strlcat(buf, ":", len)) >= len) { + (curlen = strlcat(buf, ":", len)) >= len) { /* remove truncated cipher from list */ *end = '\0'; break; @@ -1367,11 +1413,11 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *)) { - int i, j = 0; - SSL_CIPHER *c; - unsigned char *q; + int i, j = 0; + SSL_CIPHER *c; + unsigned char *q; #ifndef OPENSSL_NO_KRB5 - int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); + int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); #endif /* OPENSSL_NO_KRB5 */ if (sk == NULL) @@ -1382,30 +1428,33 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, c = sk_SSL_CIPHER_value(sk, i); /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_client_version(s) < TLS1_2_VERSION)) - continue; + (TLS1_get_client_version(s) < TLS1_2_VERSION)) + continue; #ifndef OPENSSL_NO_KRB5 - if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && - nokrb5) - continue; + if (((c->algorithm_mkey & SSL_kKRB5) || + (c->algorithm_auth & SSL_aKRB5)) && nokrb5) + continue; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ - if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && - s->psk_client_callback == NULL) - continue; + if (((c->algorithm_mkey & SSL_kPSK) || + (c->algorithm_auth & SSL_aPSK)) && + s->psk_client_callback == NULL) + continue; #endif /* OPENSSL_NO_PSK */ j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); p += j; } - /* If p == q, no ciphers and caller indicates an error. Otherwise + /* + * If p == q, no ciphers and caller indicates an error. Otherwise * add SCSV if not renegotiating. */ if (p != q && !s->renegotiate) { static SSL_CIPHER scsv = { 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); + j = put_cb ? put_cb(&scsv, p) : + ssl_put_cipher_by_char(s, &scsv, p); p += j; #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "SCSV sent by client\n"); @@ -1419,15 +1468,17 @@ STACK_OF(SSL_CIPHER) * ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, STACK_OF(SSL_CIPHER) **skp) { - const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; - int i, n; + const SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk; + int i, n; + if (s->s3) s->s3->send_connection_binding = 0; n = ssl_put_cipher_by_char(s, NULL, NULL); if ((num % n) != 0) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } if ((skp == NULL) || (*skp == NULL)) @@ -1440,12 +1491,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, for (i = 0; i < num; i += n) { /* Check for SCSV */ if (s->s3 && (n != 3 || !p[0]) && - (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { + (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { /* SCSV fatal if renegotiating */ if (s->renegotiate) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); goto err; } @@ -1461,7 +1514,8 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, p += n; if (c != NULL) { if (!sk_SSL_CIPHER_push(sk, c)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + ERR_R_MALLOC_FAILURE); goto err; } } @@ -1470,7 +1524,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, if (skp != NULL) *skp = sk; return (sk); -err: + err: if ((skp == NULL) || (*skp == NULL)) sk_SSL_CIPHER_free(sk); return (NULL); @@ -1478,10 +1532,10 @@ err: #ifndef OPENSSL_NO_TLSEXT -/** return a servername extension value if provided in Client Hello, or NULL. +/* + * Return a servername extension value if provided in Client Hello, or NULL. * So far, only host_name types are defined (RFC 3546). */ - const char * SSL_get_servername(const SSL *s, const int type) { @@ -1489,20 +1543,23 @@ SSL_get_servername(const SSL *s, const int type) return NULL; return s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : - s->tlsext_hostname; + s->session->tlsext_hostname : + s->tlsext_hostname; } int SSL_get_servername_type(const SSL *s) { - if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) + if (s->session && + (!s->tlsext_hostname ? + s->session->tlsext_hostname : s->tlsext_hostname)) return TLSEXT_NAMETYPE_host_name; return -1; } # ifndef OPENSSL_NO_NEXTPROTONEG -/* SSL_select_next_proto implements the standard protocol selection. It is +/* + * SSL_select_next_proto implements the standard protocol selection. It is * expected that this function is called from the callback set by * SSL_CTX_set_next_proto_select_cb. * @@ -1533,17 +1590,23 @@ SSL_get_servername_type(const SSL *s) * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. */ int -SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) +SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *server, unsigned int server_len, + const unsigned char *client, unsigned int client_len) { - unsigned int i, j; - const unsigned char *result; - int status = OPENSSL_NPN_UNSUPPORTED; + unsigned int i, j; + const unsigned char *result; + int status = OPENSSL_NPN_UNSUPPORTED; - /* For each protocol in server preference order, see if we support it. */ + /* + * For each protocol in server preference order, + * see if we support it. + */ for (i = 0; i < server_len; ) { for (j = 0; j < client_len; ) { if (server[i] == client[j] && - memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { + memcmp(&server[i + 1], + &client[j + 1], server[i]) == 0) { /* We found a match */ result = &server[i]; status = OPENSSL_NPN_NEGOTIATED; @@ -1560,13 +1623,14 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned result = client; status = OPENSSL_NPN_NO_OVERLAP; - found: + found: *out = (unsigned char *) result + 1; *outlen = result[0]; return status; } -/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's +/* + * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's * requested protocol for this connection and returns 0. If the client didn't * request any protocol, then *data is set to NULL. * @@ -1575,7 +1639,8 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned * provided by the callback. */ void -SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) +SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len) { *data = s->next_proto_negotiated; if (!*data) { @@ -1585,23 +1650,27 @@ SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigne } } -/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a +/* + * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a * TLS server needs a list of supported protocols for Next Protocol * Negotiation. The returned list must be in wire format. The list is returned * by setting |out| to point to it and |outlen| to its length. This memory will * not be modified, but one should assume that the SSL* keeps a reference to * it. * - * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no - * such extension will be included in the ServerHello. */ + * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. + * Otherwise, no such extension will be included in the ServerHello. + */ void -SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) +SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, + const unsigned char **out, unsigned int *outlen, void *arg), void *arg) { ctx->next_protos_advertised_cb = cb; ctx->next_protos_advertised_cb_arg = arg; } -/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a +/* + * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a * client needs to select a protocol from the server's provided list. |out| * must be set to point to the selected protocol (which may be within |in|). * The length of the protocol name must be written into |outlen|. The server's @@ -1612,7 +1681,9 @@ SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const u * callback returns a value other than SSL_TLSEXT_ERR_OK. */ void -SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) +SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, + unsigned char **out, unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg), void *arg) { ctx->next_proto_select_cb = cb; ctx->next_proto_select_cb_arg = arg; @@ -1623,34 +1694,35 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, -int use_context) + int use_context) { if (s->version < TLS1_VERSION) return -1; - return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, p, plen, - use_context); + return s->method->ssl3_enc->export_keying_material(s, out, olen, + label, llen, p, plen, use_context); } static unsigned long ssl_session_hash(const SSL_SESSION *a) { - unsigned long l; + unsigned long l; l = (unsigned long) - ((unsigned int) a->session_id[0] )| - ((unsigned int) a->session_id[1]<< 8L)| - ((unsigned long)a->session_id[2]<<16L)| - ((unsigned long)a->session_id[3]<<24L); + ((unsigned int) a->session_id[0] )| + ((unsigned int) a->session_id[1]<< 8L)| + ((unsigned long)a->session_id[2]<<16L)| + ((unsigned long)a->session_id[3]<<24L); return (l); } -/* NB: If this function (or indeed the hash function which uses a sort of +/* + * NB: If this function (or indeed the hash function which uses a sort of * coarser function than this one) is changed, ensure * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being * able to construct an SSL_SESSION that will collide with any existing session - * with a matching session ID. */ + * with a matching session ID. + */ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { @@ -1661,10 +1733,12 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) return (memcmp(a->session_id, b->session_id, a->session_id_length)); } -/* These wrapper functions should remain rather than redeclaring +/* + * These wrapper functions should remain rather than redeclaring * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each * variable. The reason is that the functions aren't static, they're exposed via - * ssl.h. */ + * ssl.h. + */ static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) static @@ -1673,15 +1747,17 @@ IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) SSL_CTX * SSL_CTX_new(const SSL_METHOD *meth) { - SSL_CTX *ret = NULL; + SSL_CTX *ret = NULL; if (meth == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_NULL_SSL_METHOD_PASSED); return (NULL); } if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } ret = calloc(1, sizeof(SSL_CTX)); @@ -1748,7 +1824,8 @@ SSL_CTX_new(const SSL_METHOD *meth) &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } @@ -1757,11 +1834,13 @@ SSL_CTX_new(const SSL_METHOD *meth) goto err; if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; } if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); + SSLerr(SSL_F_SSL_CTX_NEW, + SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); goto err2; } @@ -1782,9 +1861,9 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_servername_arg = NULL; /* Setup RFC4507 ticket keys */ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) - ret->options |= SSL_OP_NO_TICKET; + || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) + || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + ret->options |= SSL_OP_NO_TICKET; ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; @@ -1814,22 +1893,25 @@ SSL_CTX_new(const SSL_METHOD *meth) if (!eng) { ERR_clear_error(); ENGINE_load_builtin_engines(); - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + eng = ENGINE_by_id(eng_str( + OPENSSL_SSL_CLIENT_ENGINE_AUTO)); } if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) ERR_clear_error(); } #endif #endif - /* Default is to connect to non-RI servers. When RI is more widely + /* + * Default is to connect to non-RI servers. When RI is more widely * deployed might change this. */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; return (ret); -err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); -err2: + err: + SSLerr(SSL_F_SSL_CTX_NEW, + ERR_R_MALLOC_FAILURE); + err2: if (ret != NULL) SSL_CTX_free(ret); return (NULL); @@ -1845,7 +1927,7 @@ SSL_COMP_free(SSL_COMP *comp) void SSL_CTX_free(SSL_CTX *a) { - int i; + int i; if (a == NULL) return; @@ -1926,7 +2008,8 @@ SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) } void -SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) +SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, + void *), void *arg) { ctx->app_verify_callback = cb; ctx->app_verify_arg = arg; @@ -1948,18 +2031,18 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { - CERT_PKEY *cpk; - int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; - int rsa_enc_export, dh_rsa_export, dh_dsa_export; - int rsa_tmp_export, dh_tmp_export, kl; - unsigned long mask_k, mask_a, emask_k, emask_a; - int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; + CERT_PKEY *cpk; + int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; + int rsa_enc_export, dh_rsa_export, dh_dsa_export; + int rsa_tmp_export, dh_tmp_export, kl; + unsigned long mask_k, mask_a, emask_k, emask_a; + int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; #ifndef OPENSSL_NO_ECDH - int have_ecdh_tmp; + int have_ecdh_tmp; #endif - X509 *x = NULL; - EVP_PKEY *ecc_pkey = NULL; - int signature_nid = 0, pk_nid = 0, md_nid = 0; + X509 *x = NULL; + EVP_PKEY *ecc_pkey = NULL; + int signature_nid = 0, pk_nid = 0, md_nid = 0; if (c == NULL) return; @@ -2005,8 +2088,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #ifdef CIPHER_DEBUG printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, - rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); + rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, + rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif cpk = &(c->pkeys[SSL_PKEY_GOST01]); @@ -2071,7 +2154,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) emask_a|=SSL_aKRB5; #endif - /* An ECC certificate may be usable for ECDH and/or + /* + * An ECC certificate may be usable for ECDH and/or * ECDSA cipher suites depending on the key usage extension. */ if (have_ecc_cert) { @@ -2150,11 +2234,11 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { - unsigned long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - int keysize = 0; - int signature_nid = 0, md_nid = 0, pk_nid = 0; - const SSL_CIPHER *cs = s->s3->tmp.new_cipher; + unsigned long alg_k, alg_a; + EVP_PKEY *pkey = NULL; + int keysize = 0; + int signature_nid = 0, md_nid = 0, pk_nid = 0; + const SSL_CIPHER *cs = s->s3->tmp.new_cipher; alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; @@ -2179,21 +2263,25 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { /* key usage, if present, must allow key agreement */ if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); return 0; } - if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { + if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < + TLS1_2_VERSION) { /* signature alg must be ECDSA */ if (pk_nid != NID_X9_62_id_ecPublicKey) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); return 0; } } - if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { + if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < + TLS1_2_VERSION) { /* signature alg must be RSA */ - if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); return 0; } } @@ -2201,7 +2289,8 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (alg_a & SSL_aECDSA) { /* key usage, if present, must allow signing */ if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { - SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); + SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, + SSL_R_ECC_CERT_NOT_FOR_SIGNING); return 0; } } @@ -2216,9 +2305,9 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) CERT_PKEY * ssl_get_server_send_pkey(const SSL *s) { - unsigned long alg_k, alg_a; - CERT *c; - int i; + unsigned long alg_k, alg_a; + CERT *c; + int i; c = s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); @@ -2227,7 +2316,8 @@ ssl_get_server_send_pkey(const SSL *s) alg_a = s->s3->tmp.new_cipher->algorithm_auth; if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { - /* we don't need to look at SSL_kEECDH + /* + * We don't need to look at SSL_kEECDH * since no certificate is needed for * anon ECDH and for authenticated * EECDH, the check for the auth @@ -2242,7 +2332,7 @@ ssl_get_server_send_pkey(const SSL *s) } else if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; } else if (alg_k & SSL_kDHr) - i = SSL_PKEY_DH_RSA; + i = SSL_PKEY_DH_RSA; else if (alg_k & SSL_kDHd) i = SSL_PKEY_DH_DSA; else if (alg_a & SSL_aDSS) @@ -2256,12 +2346,12 @@ ssl_get_server_send_pkey(const SSL *s) /* VRS something else here? */ return (NULL); } else if (alg_a & SSL_aGOST94) - i = SSL_PKEY_GOST94; + i = SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) i = SSL_PKEY_GOST01; - else /* if (alg_a & SSL_aNULL) */ - { - SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); + else { /* if (alg_a & SSL_aNULL) */ + SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, + ERR_R_INTERNAL_ERROR); return (NULL); } @@ -2271,7 +2361,8 @@ ssl_get_server_send_pkey(const SSL *s) X509 * ssl_get_server_send_cert(const SSL *s) { - CERT_PKEY *cpk; + CERT_PKEY *cpk; + cpk = ssl_get_server_send_pkey(s); if (!cpk) return NULL; @@ -2281,26 +2372,27 @@ ssl_get_server_send_cert(const SSL *s) EVP_PKEY * ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) { - unsigned long alg_a; - CERT *c; - int idx = -1; + unsigned long alg_a; + CERT *c; + int idx = -1; alg_a = cipher->algorithm_auth; c = s->cert; if ((alg_a & SSL_aDSS) && - (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) - idx = SSL_PKEY_DSA_SIGN; + (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) + idx = SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) idx = SSL_PKEY_RSA_SIGN; else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) idx = SSL_PKEY_RSA_ENC; } else if ((alg_a & SSL_aECDSA) && - (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) - idx = SSL_PKEY_ECC; + (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) + idx = SSL_PKEY_ECC; if (idx == -1) { - SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL_GET_SIGN_PKEY, + ERR_R_INTERNAL_ERROR); return (NULL); } if (pmd) @@ -2311,18 +2403,19 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) void ssl_update_cache(SSL *s, int mode) { - int i; + int i; - /* If the session_id_length is 0, we are not supposed to cache it, - * and it would be rather hard to do anyway :-) */ + /* + * If the session_id_length is 0, we are not supposed to cache it, + * and it would be rather hard to do anyway :-) + */ if (s->session->session_id_length == 0) return; i = s->session_ctx->session_cache_mode; - if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx, s->session)) - && (s->session_ctx->new_session_cb != NULL)) { + if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) + || SSL_CTX_add_session(s->session_ctx, s->session)) + && (s->session_ctx->new_session_cb != NULL)) { CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); if (!s->session_ctx->new_session_cb(s, s->session)) SSL_SESSION_free(s->session); @@ -2330,10 +2423,10 @@ ssl_update_cache(SSL *s, int mode) /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && - ((i & mode) == mode)) { - if ((((mode & SSL_SESS_CACHE_CLIENT) - ?s->session_ctx->stats.sess_connect_good - :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { + ((i & mode) == mode)) { + if ((((mode & SSL_SESS_CACHE_CLIENT) ? + s->session_ctx->stats.sess_connect_good : + s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); } } @@ -2348,8 +2441,8 @@ SSL_get_ssl_method(SSL *s) int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) { - int conn = -1; - int ret = 1; + int conn = -1; + int ret = 1; if (s->method != meth) { if (s->handshake_func != NULL) @@ -2374,9 +2467,9 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) int SSL_get_error(const SSL *s, int i) { - int reason; - unsigned long l; - BIO *bio; + int reason; + unsigned long l; + BIO *bio; if (i > 0) return (SSL_ERROR_NONE); @@ -2422,8 +2515,11 @@ SSL_get_error(const SSL *s, int i) if (BIO_should_write(bio)) return (SSL_ERROR_WANT_WRITE); else if (BIO_should_read(bio)) - /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ - return (SSL_ERROR_WANT_READ); + return (SSL_ERROR_WANT_READ); + /* + * See above (SSL_want_read(s) with + * BIO_should_write(bio)) + */ else if (BIO_should_io_special(bio)) { reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) @@ -2449,10 +2545,11 @@ SSL_get_error(const SSL *s, int i) int SSL_do_handshake(SSL *s) { - int ret = 1; + int ret = 1; if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); + SSLerr(SSL_F_SSL_DO_HANDSHAKE, + SSL_R_CONNECTION_TYPE_NOT_SET); return (-1); } @@ -2464,8 +2561,10 @@ SSL_do_handshake(SSL *s) return (ret); } -/* For the next 2 functions, SSL_clear() sets shutdown and so - * one of these calls will reset it */ +/* + * For the next 2 functions, SSL_clear() sets shutdown and so + * one of these calls will reset it + */ void SSL_set_accept_state(SSL *s) { @@ -2495,28 +2594,32 @@ SSL_set_connect_state(SSL *s) int ssl_undefined_function(SSL *s) { - SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } int ssl_undefined_void_function(void) { - SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } int ssl_undefined_const_function(const SSL *s) { - SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } SSL_METHOD * ssl_bad_method(int ver) { - SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerr(SSL_F_SSL_BAD_METHOD, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (NULL); } @@ -2554,10 +2657,12 @@ SSL_dup(SSL *s) /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ SSL_copy_session_id(ret, s); } else { - /* No session has been established yet, so we have to expect + /* + * No session has been established yet, so we have to expect * that s->cert or ret->cert will be changed later -- * they should not both point to the same object, - * and thus we can't use SSL_copy_session_id. */ + * and thus we can't use SSL_copy_session_id. + */ ret->method->ssl_free(ret); ret->method = s->method; @@ -2592,7 +2697,8 @@ SSL_dup(SSL *s) ret->debug = s->debug; /* copy app data, a little dangerous perhaps */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, + &ret->ex_data, &s->ex_data)) goto err; /* setup rbio, and wbio */ @@ -2615,22 +2721,30 @@ SSL_dup(SSL *s) ret->new_session = s->new_session; ret->quiet_shutdown = s->quiet_shutdown; ret->shutdown = s->shutdown; - ret->state=s->state; /* SSL_dup does not really work at any state, though */ + /* SSL_dup does not really work at any state, though */ + ret->state=s->state; ret->rstate = s->rstate; - ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ + + /* + * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, + * ret->init_off + */ + ret->init_num = 0; + ret->hit = s->hit; X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ if (s->cipher_list != NULL) { - if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) + if ((ret->cipher_list = + sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; } if (s->cipher_list_by_id != NULL) - if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) - == NULL) - goto err; + if ((ret->cipher_list_by_id = + sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) + goto err; /* Dup the client_CA list */ if (s->client_CA != NULL) { @@ -2638,7 +2752,8 @@ SSL_dup(SSL *s) ret->client_CA = sk; for (i = 0; i < sk_X509_NAME_num(sk); i++) { xn = sk_X509_NAME_value(sk, i); - if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { + if (sk_X509_NAME_set(sk, i, + X509_NAME_dup(xn)) == NULL) { X509_NAME_free(xn); goto err; } @@ -2646,7 +2761,7 @@ SSL_dup(SSL *s) } if (0) { -err: + err: if (ret != NULL) SSL_free(ret); ret = NULL; @@ -2740,7 +2855,7 @@ SSL_get_current_expansion(SSL *s) int ssl_init_wbio_buffer(SSL *s, int push) { - BIO *bbio; + BIO *bbio; if (s->bbio == NULL) { bbio = BIO_new(BIO_f_buffer()); @@ -2755,7 +2870,8 @@ ssl_init_wbio_buffer(SSL *s, int push) (void)BIO_reset(bbio); /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ if (!BIO_set_read_buffer_size(bbio, 1)) { - SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, + ERR_R_BUF_LIB); return (0); } if (push) { @@ -2871,8 +2987,10 @@ SSL_set_info_callback(SSL *ssl, ssl->info_callback = cb; } -/* One compiler (Diab DCC) doesn't like argument names in returned - function pointer. */ +/* + * One compiler (Diab DCC) doesn't like argument names in returned + * function pointer. + */ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) { return ssl->info_callback; @@ -2907,7 +3025,7 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); + new_func, dup_func, free_func); } int @@ -2927,7 +3045,7 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); + new_func, dup_func, free_func); } int @@ -3030,10 +3148,11 @@ SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, #ifndef OPENSSL_NO_ECDH void -SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, - int keylength)) +SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, + int is_export, int keylength)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, + (void (*)(void))ecdh); } void @@ -3048,8 +3167,10 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { - SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); + if (identity_hint != NULL && strlen(identity_hint) > + PSK_MAX_IDENTITY_LEN) { + SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, + SSL_R_DATA_LENGTH_TOO_LONG); return 0; } if (ctx->psk_identity_hint != NULL) @@ -3072,8 +3193,10 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) if (s->session == NULL) return 1; /* session not created yet, ignored */ - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { - SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); + if (identity_hint != NULL && strlen(identity_hint) > + PSK_MAX_IDENTITY_LEN) { + SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, + SSL_R_DATA_LENGTH_TOO_LONG); return 0; } if (s->session->psk_identity_hint != NULL) @@ -3106,7 +3229,7 @@ SSL_get_psk_identity(const SSL *s) void SSL_set_psk_client_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *hint, -char *identity, unsigned int max_identity_len, unsigned char *psk, + char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)) { s->psk_client_callback = cb; @@ -3115,7 +3238,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk, void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *hint, -char *identity, unsigned int max_identity_len, unsigned char *psk, + char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)) { ctx->psk_client_callback = cb; @@ -3124,7 +3247,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk, void SSL_set_psk_server_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *identity, -unsigned char *psk, unsigned int max_psk_len)) + unsigned char *psk, unsigned int max_psk_len)) { s->psk_server_callback = cb; } @@ -3132,30 +3255,33 @@ unsigned char *psk, unsigned int max_psk_len)) void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *identity, -unsigned char *psk, unsigned int max_psk_len)) + unsigned char *psk, unsigned int max_psk_len)) { ctx->psk_server_callback = cb; } #endif void -SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, + (void (*)(void))cb); } void -SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } -/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer +/* + * Allocates new EVP_MD_CTX and sets pointer to it into given pointer * vairable, freeing EVP_MD_CTX previously stored in that variable, if * any. If EVP_MD pointer is passed, initializes ctx with this md * Returns newly allocated ctx; */ - EVP_MD_CTX * ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { @@ -3169,7 +3295,6 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) void ssl_clear_hash_ctx(EVP_MD_CTX **hash) { - if (*hash) EVP_MD_CTX_destroy(*hash); *hash = NULL; @@ -3190,4 +3315,4 @@ SSL_cache_hit(SSL *s) IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, -ssl_cipher_id); + ssl_cipher_id);