From c297be8ae6f7d7cfc10970c4e4074f8dd3f48e44 Mon Sep 17 00:00:00 2001 From: mcbride Date: Thu, 24 Apr 2014 13:06:52 +0000 Subject: [PATCH] More KNF, things that couldn't be verified with md5(1), and some whitespace I missed on the first go around. --- lib/libssl/s3_clnt.c | 87 +++++++------- lib/libssl/s3_lib.c | 16 +-- lib/libssl/s3_srvr.c | 166 ++++++++++++++------------ lib/libssl/src/ssl/s3_clnt.c | 87 +++++++------- lib/libssl/src/ssl/s3_lib.c | 16 +-- lib/libssl/src/ssl/s3_srvr.c | 166 ++++++++++++++------------ lib/libssl/src/ssl/ssl_lib.c | 219 ++++++++++++++++++----------------- lib/libssl/ssl_lib.c | 219 ++++++++++++++++++----------------- 8 files changed, 508 insertions(+), 468 deletions(-) diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index b63f0bf0c99..e765da9ecd7 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -111,7 +111,7 @@ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * - * Portions of the attached software ("Contribution") are developed by + * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source @@ -412,12 +412,12 @@ ssl3_connect(SSL *s) * For TLS, cert_req is set to 2, so a cert chain * of nothing is sent, but no verify packet is sent */ - /* - * XXX: For now, we do not support client + /* + * XXX: For now, we do not support client * authentication in ECDH cipher suites with * ECDH (rather than ECDSA) certificates. - * We need to skip the certificate verify - * message when client's ECDH public key is sent + * We need to skip the certificate verify + * message when client's ECDH public key is sent * inside the client certificate. */ if (s->s3->tmp.cert_req == 1) { @@ -679,7 +679,7 @@ ssl3_client_hello(SSL *s) /* Do the message type and length last */ d = p = &(buf[4]); - /* + /* * Version indicates the negotiated version: for example from * an SSLv2/v3 compatible client hello). The client_version * field is the maximum version we permit and it is also @@ -832,7 +832,7 @@ ssl3_get_server_hello(SSL *s) if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { s->s3->tmp.reuse_message = 1; - return 1; + return (1); } else /* already sent a cookie */ { @@ -1473,7 +1473,7 @@ ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; - /* + /* * This should be because we are using an * export cipher */ @@ -2038,9 +2038,9 @@ ssl3_get_new_session_ticket(SSL *s) * There are two ways to detect a resumed ticket sesion. * One is to set an appropriate session ID and then the server * must return a match in ServerHello. This allows the normal - * client session ID matching to work and we know much + * client session ID matching to work and we know much * earlier that the ticket has been accepted. - * + * * The other way is to set zero length session ID when the * ticket is presented and rely on the handshake to determine * session resumption. @@ -2049,7 +2049,7 @@ ssl3_get_new_session_ticket(SSL *s) * assumptions elsewhere in OpenSSL. The session ID is set * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the * ticket. - */ + */ EVP_Digest(p, ticklen, s->session->session_id, &s->session->session_id_length, EVP_sha256(), NULL); ret = 1; @@ -2067,12 +2067,9 @@ ssl3_get_cert_status(SSL *s) unsigned long resplen, n; const unsigned char *p; - n = s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_STATUS_A, - SSL3_ST_CR_CERT_STATUS_B, - SSL3_MT_CERTIFICATE_STATUS, - 16384, - &ok); + n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A, + SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS, + 16384, &ok); if (!ok) return ((int)n); @@ -2123,7 +2120,7 @@ ssl3_get_cert_status(SSL *s) goto f_err; } } - return 1; + return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return (-1); @@ -2147,7 +2144,7 @@ ssl3_get_server_done(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); - return -1; + return (-1); } ret = 1; return (ret); @@ -2229,8 +2226,7 @@ ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc->generate_master_secret( - s, s->session->master_key, tmp_buf, - sizeof tmp_buf); + s, s->session->master_key, tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); } #ifndef OPENSSL_NO_KRB5 @@ -2246,7 +2242,7 @@ ssl3_send_client_key_exchange(SSL *s) unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int padl, outl = sizeof(epms); + int padl, outl = sizeof(epms); EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2283,14 +2279,14 @@ ssl3_send_client_key_exchange(SSL *s) goto err; } - /* + /* * 20010406 VRS - Earlier versions used KRB5 AP_REQ * in place of RFC 2712 KerberosWrapper, as in: * * Send ticket (copy to *p, set n = length) * n = krb5_ap_req.length; * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - * if (krb5_ap_req.data) + * if (krb5_ap_req.data) * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); * * Now using real RFC 2712 KerberosWrapper @@ -2435,7 +2431,7 @@ ssl3_send_client_key_exchange(SSL *s) } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_ECDH else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; @@ -2449,11 +2445,11 @@ ssl3_send_client_key_exchange(SSL *s) */ if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { - /* + /* * XXX: For now, we do not support client * authentication using ECDH certificates. * To add such support, one needs to add - * code that checks for appropriate + * code that checks for appropriate * conditions and sets ecdh_clnt_cert to 1. * For example, the cert have an ECC * key on the same curve as the server's @@ -2561,7 +2557,7 @@ ssl3_send_client_key_exchange(SSL *s) /* generate master key from the result */ s->session->master_key_length = s->method->ssl3_enc \ - -> generate_master_secret(s, + -> generate_master_secret(s, s->session->master_key, p, n); memset(p, 0, n); /* clean up */ @@ -2895,7 +2891,7 @@ ssl3_send_client_verify(SSL *s) } else { ERR_clear_error(); } - /* + /* * For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ @@ -3024,9 +3020,10 @@ ssl3_send_client_certificate(SSL *s) /* We need to get a client cert */ if (s->state == SSL3_ST_CW_CERT_B) { - /* If we get an error, we need to + /* + * If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later + * We then get retied later */ i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { @@ -3120,7 +3117,7 @@ ssl3_check_cert_and_algorithm(SSL *s) SSL_R_BAD_ECC_CERT); goto f_err; } else { - return 1; + return (1); } } #endif @@ -3221,7 +3218,7 @@ ssl3_send_next_proto(SSL *s) s->init_off = 0; } - return ssl3_do_write(s, SSL3_RT_HANDSHAKE); + return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); } #endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ @@ -3240,7 +3237,7 @@ ssl3_check_finished(SSL *s) /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) - return 1; + return (1); /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, @@ -3250,9 +3247,9 @@ ssl3_check_finished(SSL *s) s->s3->tmp.reuse_message = 1; if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) - return 2; + return (2); - return 1; + return (1); } #endif @@ -3267,10 +3264,10 @@ ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL); if (i != 0) - return i; + return (i); } #endif if (s->ctx->client_cert_cb) i = s->ctx->client_cert_cb(s, px509, ppkey); - return i; + return (i}; } diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 28a3d51b9e5..12ce8a16055 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -2962,9 +2962,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) - > (512 / 8)))) + ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || + (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) + > (512 / 8)))) ret = 1; break; case SSL_CTRL_SET_TMP_RSA: @@ -3113,10 +3113,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } if (s->tlsext_opaque_prf_input != NULL) free(s->tlsext_opaque_prf_input); - if ((size_t)larg == 0) - s->tlsext_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */ - else - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); + if ((size_t)larg == 0) { + /* dummy byte just to get non-NULL */ + s->tlsext_opaque_prf_input = malloc(1); + } else + s->tlsext_opaque_prf_input = + BUF_memdup(parg, (size_t)larg); if (s->tlsext_opaque_prf_input != NULL) { s->tlsext_opaque_prf_input_len = (size_t)larg; ret = 1; diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index f3edcc2efb6..6d8ccd66b7e 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -111,7 +111,7 @@ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * - * Portions of the attached software ("Contribution") are developed by + * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source @@ -190,15 +190,17 @@ ssl_check_srp_ext_ClientHello(SSL *s, int *al) if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if (s->srp_ctx.login == NULL) { - /* RFC 5054 says SHOULD reject, - we do so if There is no srp login name */ + /* + * RFC 5054 says SHOULD reject, + * we do so if There is no srp login name + */ ret = SSL3_AL_FATAL; *al = SSL_AD_UNKNOWN_PSK_IDENTITY; } else { ret = SSL_srp_server_param_with_username(s, al); } } - return ret; + return (ret); } #endif @@ -228,7 +230,8 @@ ssl3_accept(SSL *s) SSL_clear(s); if (s->cert == NULL) { - SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET); + SSLerr(SSL_F_SSL3_ACCEPT, + SSL_R_NO_CERTIFICATE_SET); return (-1); } @@ -250,8 +253,9 @@ ssl3_accept(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version >> 8) != 3) { - SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); - return -1; + SSLerr(SSL_F_SSL3_ACCEPT, + ERR_R_INTERNAL_ERROR); + return (-1); } s->type = SSL_ST_ACCEPT; @@ -342,7 +346,7 @@ ssl3_accept(SSL *s) { int al; if ((ret = - ssl_check_srp_ext_ClientHello(s, &al)) + ssl_check_srp_ext_ClientHello(s, &al)) < 0) { /* * Callback indicates further work to @@ -531,7 +535,7 @@ ssl3_accept(SSL *s) s->state = SSL3_ST_SW_SRVR_DONE_A; if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) - return -1; + return (-1); } else { s->s3->tmp.cert_request = 1; ret = ssl3_send_certificate_request(s); @@ -635,11 +639,11 @@ ssl3_accept(SSL *s) if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); - return -1; + return (-1); } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; if (!ssl3_digest_cached_records(s)) - return -1; + return (-1); } else { int offset = 0; int dgst_num; @@ -647,7 +651,7 @@ ssl3_accept(SSL *s) s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; - /* + /* * We need to get hashes here so if there is * a client cert, it can be verified * FIXME - digest processing for @@ -656,7 +660,7 @@ ssl3_accept(SSL *s) */ if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) - return -1; + return (-1); for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { @@ -827,7 +831,8 @@ ssl3_accept(SSL *s) /* break; */ default: - SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); + SSLerr(SSL_F_SSL3_ACCEPT, + SSL_R_UNKNOWN_STATE); ret = -1; goto end; /* break; */ @@ -903,7 +908,7 @@ ssl3_check_client_hello(SSL *s) if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) { SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); - return -1; + return (-1); } /* * Throw away what we have done so far in the current handshake, @@ -923,9 +928,9 @@ ssl3_check_client_hello(SSL *s) } #endif s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; - return 2; + return (2); } - return 1; + return (1); } int @@ -974,7 +979,8 @@ ssl3_get_client_hello(SSL *s) if ((s->version == DTLS1_VERSION && s->client_version > s->version) || (s->version != DTLS1_VERSION && s->client_version < s->version)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_WRONG_VERSION_NUMBER); if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && !s->enc_write_ctx && !s->write_hash) { /* @@ -999,7 +1005,7 @@ ssl3_get_client_hello(SSL *s) cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); if (cookie_length == 0) - return 1; + return (1); } /* load the client random */ @@ -1048,7 +1054,7 @@ ssl3_get_client_hello(SSL *s) /* cookie stuff */ cookie_len = *(p++); - /* + /* * The ClientHello may contain a cookie even if the * HelloVerify message has not been sent--make sure that it * does not cause an overflow. @@ -1094,13 +1100,15 @@ ssl3_get_client_hello(SSL *s) if ((i == 0) && (j != 0)) { /* we need a cipher if we are not resuming a session */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; } if ((p + i) >= (d + n)) { /* not enough data */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); goto f_err; } if ((i > 0) && @@ -1143,7 +1151,8 @@ ssl3_get_client_hello(SSL *s) if ((p + i) > (d + n)) { /* not enough data */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); goto f_err; } q = p; @@ -1172,7 +1181,8 @@ ssl3_get_client_hello(SSL *s) } } if (ssl_check_clienthello_tlsext_early(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_CLIENTHELLO_TLSEXT); goto err; } @@ -1377,7 +1387,7 @@ ssl3_get_client_hello(SSL *s) } /* - * We now have the following setup. + * We now have the following setup. * client_random * cipher_list - our prefered list of ciphers * ciphers - the clients prefered list of ciphers @@ -1422,7 +1432,7 @@ ssl3_send_server_hello(SSL *s) #ifdef OPENSSL_NO_TLSEXT p = s->s3->server_random; if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) - return -1; + return (-1); #endif /* Do the message type and length last */ d = p= &(buf[4]); @@ -1460,7 +1470,7 @@ ssl3_send_server_hello(SSL *s) if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return -1; + return (-1); } *(p++) = sl; memcpy(p, s->session->session_id, sl); @@ -1483,13 +1493,13 @@ ssl3_send_server_hello(SSL *s) if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); - return -1; + return (-1); } if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return -1; + return (-1); } #endif /* do the header */ @@ -1714,9 +1724,9 @@ ssl3_send_server_key_exchange(SSL *s) goto err; } - /* + /* * XXX: For now, we only support ephemeral ECDH - * keys over named (not generic) curves. For + * keys over named (not generic) curves. For * supported named curves, curve_id is non-zero. */ if ((curve_id = tls1_ec_nid2curve_id( @@ -1726,7 +1736,7 @@ ssl3_send_server_key_exchange(SSL *s) goto err; } - /* + /* * Encode the public key. * First check the size of encoding and * allocate memory accordingly. @@ -1760,12 +1770,12 @@ ssl3_send_server_key_exchange(SSL *s) BN_CTX_free(bn_ctx); bn_ctx = NULL; - /* - * XXX: For now, we only support named (not + /* + * XXX: For now, we only support named (not * generic) curves in ECDH ephemeral key exchanges. * In this situation, we need four additional bytes * to encode the entire ServerECDHParams - * structure. + * structure. */ n = 4 + encodedlen; @@ -1790,7 +1800,8 @@ ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kSRP) { if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSL_R_MISSING_SRP_PARAM); goto err; } r[0] = s->srp_ctx.N; @@ -1801,7 +1812,8 @@ ssl3_send_server_key_exchange(SSL *s) #endif { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } for (i = 0; i < 4 && r[i] != NULL; i++) { @@ -1922,7 +1934,7 @@ ssl3_send_server_key_exchange(SSL *s) n += u + 2; } else if (md) { - /* + /* * For TLS1.2 and later send signature * algorithm */ @@ -2384,7 +2396,8 @@ ssl3_get_client_key_exchange(SSL *s) } if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + krb5rc); goto err; } @@ -2436,7 +2449,7 @@ ssl3_get_client_key_exchange(SSL *s) * instead of the protocol version. * * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such - * clients. + * clients. * (Perhaps we should have a separate BUG value for * the Kerberos cipher) */ @@ -2463,7 +2476,7 @@ ssl3_get_client_key_exchange(SSL *s) } - /* + /* * Was doing kssl_ctx_free() here, but it caused problems for * apache. * kssl_ctx = kssl_ctx_free(kssl_ctx); @@ -2528,13 +2541,13 @@ ssl3_get_client_key_exchange(SSL *s) if (((clnt_pub_pkey = X509_get_pubkey( s->session->peer)) == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) { - /* + /* * XXX: For now, we do not support client * authentication using ECDH certificates * so this branch (n == 0L) of the code is * never executed. When that support is - * added, we ought to ensure the key - * received in the certificate is + * added, we ought to ensure the key + * received in the certificate is * authorized for key agreement. * ECDH_compute_key implicitly checks that * the two ECDH shares are for the same @@ -2582,7 +2595,7 @@ ssl3_get_client_key_exchange(SSL *s) /* * p is pointing to somewhere in the buffer * currently, so set it to the start. - */ + */ p = (unsigned char *)s->init_buf->data; } @@ -2808,7 +2821,7 @@ ssl3_get_client_key_exchange(SSL *s) EVP_PKEY_free(client_pub_pkey); EVP_PKEY_CTX_free(pkey_ctx); if (ret) - return ret; + return (ret); else goto err; } else { @@ -2897,7 +2910,7 @@ ssl3_get_cert_verify(SSL *s) p = (unsigned char *)s->init_msg; /* * Check for broken implementations of GOST ciphersuites. - * + * * If key is GOST and n is exactly 64, it is a bare * signature without length field. */ @@ -2946,7 +2959,8 @@ ssl3_get_cert_verify(SSL *s) } j = EVP_PKEY_size(pkey); if ((i > j) || (n > j) || (n <= 0)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSL_R_WRONG_SIGNATURE_SIZE); al = SSL_AD_DECODE_ERROR; goto f_err; } @@ -2967,14 +2981,16 @@ ssl3_get_cert_verify(SSL *s) #endif if (!EVP_VerifyInit_ex(&mctx, md, NULL) || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto f_err; } if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSL_R_BAD_SIGNATURE); goto f_err; } } else @@ -3043,7 +3059,8 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); al = SSL_AD_UNSUPPORTED_CERTIFICATE; goto f_err; } @@ -3277,10 +3294,10 @@ ssl3_send_newsession_ticket(SSL *s) * too long */ if (slen_full > 0xFF00) - return -1; + return (-1); senc = malloc(slen_full); if (!senc) - return -1; + return (-1); p = senc; i2d_SSL_SESSION(s->session, &p); @@ -3292,7 +3309,7 @@ ssl3_send_newsession_ticket(SSL *s) sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); if (sess == NULL) { free(senc); - return -1; + return (-1); } /* ID is irrelevant for the ticket */ @@ -3302,13 +3319,13 @@ ssl3_send_newsession_ticket(SSL *s) if (slen > slen_full) { /* shouldn't ever happen */ free(senc); - return -1; + return (-1); } p = senc; i2d_SSL_SESSION(sess, &p); SSL_SESSION_free(sess); - /* + /* * Grow buffer if need be: the length calculation is as * follows 1 (size of message name) + 3 (message length * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + @@ -3319,7 +3336,7 @@ ssl3_send_newsession_ticket(SSL *s) if (!BUF_MEM_grow(s->init_buf, 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; + return (-1); p = (unsigned char *)s->init_buf->data; /* do the header */ @@ -3337,7 +3354,7 @@ ssl3_send_newsession_ticket(SSL *s) if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { free(senc); - return -1; + return (-1); } } else { RAND_pseudo_bytes(iv, 16); @@ -3409,7 +3426,7 @@ ssl3_send_cert_status(SSL *s) * + (ocsp response) */ if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) - return -1; + return (-1); p = (unsigned char *)s->init_buf->data; @@ -3453,7 +3470,7 @@ ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); - return -1; + return (-1); } n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A, @@ -3470,11 +3487,11 @@ ssl3_get_next_proto(SSL *s) if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); - return -1; + return (-1); } if (n < 2) - return 0; + return (0); /* The body must be > 1 bytes long */ p = (unsigned char *)s->init_msg; @@ -3488,20 +3505,21 @@ ssl3_get_next_proto(SSL *s) */ proto_len = p[0]; if (proto_len + 2 > s->init_num) - return 0; + return (0); padding_len = p[proto_len + 1]; if (proto_len + padding_len + 2 != s->init_num) - return 0; + return (0); s->next_proto_negotiated = malloc(proto_len); if (!s->next_proto_negotiated) { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); - return 0; + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, + ERR_R_MALLOC_FAILURE); + return (0); } memcpy(s->next_proto_negotiated, p + 1, proto_len); s->next_proto_negotiated_len = proto_len; - return 1; + return (1); } # endif #endif diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index b63f0bf0c99..e765da9ecd7 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -111,7 +111,7 @@ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * - * Portions of the attached software ("Contribution") are developed by + * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source @@ -412,12 +412,12 @@ ssl3_connect(SSL *s) * For TLS, cert_req is set to 2, so a cert chain * of nothing is sent, but no verify packet is sent */ - /* - * XXX: For now, we do not support client + /* + * XXX: For now, we do not support client * authentication in ECDH cipher suites with * ECDH (rather than ECDSA) certificates. - * We need to skip the certificate verify - * message when client's ECDH public key is sent + * We need to skip the certificate verify + * message when client's ECDH public key is sent * inside the client certificate. */ if (s->s3->tmp.cert_req == 1) { @@ -679,7 +679,7 @@ ssl3_client_hello(SSL *s) /* Do the message type and length last */ d = p = &(buf[4]); - /* + /* * Version indicates the negotiated version: for example from * an SSLv2/v3 compatible client hello). The client_version * field is the maximum version we permit and it is also @@ -832,7 +832,7 @@ ssl3_get_server_hello(SSL *s) if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { s->s3->tmp.reuse_message = 1; - return 1; + return (1); } else /* already sent a cookie */ { @@ -1473,7 +1473,7 @@ ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; - /* + /* * This should be because we are using an * export cipher */ @@ -2038,9 +2038,9 @@ ssl3_get_new_session_ticket(SSL *s) * There are two ways to detect a resumed ticket sesion. * One is to set an appropriate session ID and then the server * must return a match in ServerHello. This allows the normal - * client session ID matching to work and we know much + * client session ID matching to work and we know much * earlier that the ticket has been accepted. - * + * * The other way is to set zero length session ID when the * ticket is presented and rely on the handshake to determine * session resumption. @@ -2049,7 +2049,7 @@ ssl3_get_new_session_ticket(SSL *s) * assumptions elsewhere in OpenSSL. The session ID is set * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the * ticket. - */ + */ EVP_Digest(p, ticklen, s->session->session_id, &s->session->session_id_length, EVP_sha256(), NULL); ret = 1; @@ -2067,12 +2067,9 @@ ssl3_get_cert_status(SSL *s) unsigned long resplen, n; const unsigned char *p; - n = s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_STATUS_A, - SSL3_ST_CR_CERT_STATUS_B, - SSL3_MT_CERTIFICATE_STATUS, - 16384, - &ok); + n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A, + SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS, + 16384, &ok); if (!ok) return ((int)n); @@ -2123,7 +2120,7 @@ ssl3_get_cert_status(SSL *s) goto f_err; } } - return 1; + return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return (-1); @@ -2147,7 +2144,7 @@ ssl3_get_server_done(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); - return -1; + return (-1); } ret = 1; return (ret); @@ -2229,8 +2226,7 @@ ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc->generate_master_secret( - s, s->session->master_key, tmp_buf, - sizeof tmp_buf); + s, s->session->master_key, tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); } #ifndef OPENSSL_NO_KRB5 @@ -2246,7 +2242,7 @@ ssl3_send_client_key_exchange(SSL *s) unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int padl, outl = sizeof(epms); + int padl, outl = sizeof(epms); EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2283,14 +2279,14 @@ ssl3_send_client_key_exchange(SSL *s) goto err; } - /* + /* * 20010406 VRS - Earlier versions used KRB5 AP_REQ * in place of RFC 2712 KerberosWrapper, as in: * * Send ticket (copy to *p, set n = length) * n = krb5_ap_req.length; * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - * if (krb5_ap_req.data) + * if (krb5_ap_req.data) * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); * * Now using real RFC 2712 KerberosWrapper @@ -2435,7 +2431,7 @@ ssl3_send_client_key_exchange(SSL *s) } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_ECDH else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; @@ -2449,11 +2445,11 @@ ssl3_send_client_key_exchange(SSL *s) */ if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { - /* + /* * XXX: For now, we do not support client * authentication using ECDH certificates. * To add such support, one needs to add - * code that checks for appropriate + * code that checks for appropriate * conditions and sets ecdh_clnt_cert to 1. * For example, the cert have an ECC * key on the same curve as the server's @@ -2561,7 +2557,7 @@ ssl3_send_client_key_exchange(SSL *s) /* generate master key from the result */ s->session->master_key_length = s->method->ssl3_enc \ - -> generate_master_secret(s, + -> generate_master_secret(s, s->session->master_key, p, n); memset(p, 0, n); /* clean up */ @@ -2895,7 +2891,7 @@ ssl3_send_client_verify(SSL *s) } else { ERR_clear_error(); } - /* + /* * For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ @@ -3024,9 +3020,10 @@ ssl3_send_client_certificate(SSL *s) /* We need to get a client cert */ if (s->state == SSL3_ST_CW_CERT_B) { - /* If we get an error, we need to + /* + * If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later + * We then get retied later */ i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { @@ -3120,7 +3117,7 @@ ssl3_check_cert_and_algorithm(SSL *s) SSL_R_BAD_ECC_CERT); goto f_err; } else { - return 1; + return (1); } } #endif @@ -3221,7 +3218,7 @@ ssl3_send_next_proto(SSL *s) s->init_off = 0; } - return ssl3_do_write(s, SSL3_RT_HANDSHAKE); + return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); } #endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ @@ -3240,7 +3237,7 @@ ssl3_check_finished(SSL *s) /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) - return 1; + return (1); /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, @@ -3250,9 +3247,9 @@ ssl3_check_finished(SSL *s) s->s3->tmp.reuse_message = 1; if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) - return 2; + return (2); - return 1; + return (1); } #endif @@ -3267,10 +3264,10 @@ ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL); if (i != 0) - return i; + return (i); } #endif if (s->ctx->client_cert_cb) i = s->ctx->client_cert_cb(s, px509, ppkey); - return i; + return (i}; } diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 28a3d51b9e5..12ce8a16055 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -2962,9 +2962,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) - > (512 / 8)))) + ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || + (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) + > (512 / 8)))) ret = 1; break; case SSL_CTRL_SET_TMP_RSA: @@ -3113,10 +3113,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } if (s->tlsext_opaque_prf_input != NULL) free(s->tlsext_opaque_prf_input); - if ((size_t)larg == 0) - s->tlsext_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */ - else - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); + if ((size_t)larg == 0) { + /* dummy byte just to get non-NULL */ + s->tlsext_opaque_prf_input = malloc(1); + } else + s->tlsext_opaque_prf_input = + BUF_memdup(parg, (size_t)larg); if (s->tlsext_opaque_prf_input != NULL) { s->tlsext_opaque_prf_input_len = (size_t)larg; ret = 1; diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index f3edcc2efb6..6d8ccd66b7e 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -111,7 +111,7 @@ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * - * Portions of the attached software ("Contribution") are developed by + * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source @@ -190,15 +190,17 @@ ssl_check_srp_ext_ClientHello(SSL *s, int *al) if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if (s->srp_ctx.login == NULL) { - /* RFC 5054 says SHOULD reject, - we do so if There is no srp login name */ + /* + * RFC 5054 says SHOULD reject, + * we do so if There is no srp login name + */ ret = SSL3_AL_FATAL; *al = SSL_AD_UNKNOWN_PSK_IDENTITY; } else { ret = SSL_srp_server_param_with_username(s, al); } } - return ret; + return (ret); } #endif @@ -228,7 +230,8 @@ ssl3_accept(SSL *s) SSL_clear(s); if (s->cert == NULL) { - SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET); + SSLerr(SSL_F_SSL3_ACCEPT, + SSL_R_NO_CERTIFICATE_SET); return (-1); } @@ -250,8 +253,9 @@ ssl3_accept(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); if ((s->version >> 8) != 3) { - SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); - return -1; + SSLerr(SSL_F_SSL3_ACCEPT, + ERR_R_INTERNAL_ERROR); + return (-1); } s->type = SSL_ST_ACCEPT; @@ -342,7 +346,7 @@ ssl3_accept(SSL *s) { int al; if ((ret = - ssl_check_srp_ext_ClientHello(s, &al)) + ssl_check_srp_ext_ClientHello(s, &al)) < 0) { /* * Callback indicates further work to @@ -531,7 +535,7 @@ ssl3_accept(SSL *s) s->state = SSL3_ST_SW_SRVR_DONE_A; if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) - return -1; + return (-1); } else { s->s3->tmp.cert_request = 1; ret = ssl3_send_certificate_request(s); @@ -635,11 +639,11 @@ ssl3_accept(SSL *s) if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); - return -1; + return (-1); } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; if (!ssl3_digest_cached_records(s)) - return -1; + return (-1); } else { int offset = 0; int dgst_num; @@ -647,7 +651,7 @@ ssl3_accept(SSL *s) s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; - /* + /* * We need to get hashes here so if there is * a client cert, it can be verified * FIXME - digest processing for @@ -656,7 +660,7 @@ ssl3_accept(SSL *s) */ if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) - return -1; + return (-1); for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { @@ -827,7 +831,8 @@ ssl3_accept(SSL *s) /* break; */ default: - SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); + SSLerr(SSL_F_SSL3_ACCEPT, + SSL_R_UNKNOWN_STATE); ret = -1; goto end; /* break; */ @@ -903,7 +908,7 @@ ssl3_check_client_hello(SSL *s) if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) { SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); - return -1; + return (-1); } /* * Throw away what we have done so far in the current handshake, @@ -923,9 +928,9 @@ ssl3_check_client_hello(SSL *s) } #endif s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; - return 2; + return (2); } - return 1; + return (1); } int @@ -974,7 +979,8 @@ ssl3_get_client_hello(SSL *s) if ((s->version == DTLS1_VERSION && s->client_version > s->version) || (s->version != DTLS1_VERSION && s->client_version < s->version)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_WRONG_VERSION_NUMBER); if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && !s->enc_write_ctx && !s->write_hash) { /* @@ -999,7 +1005,7 @@ ssl3_get_client_hello(SSL *s) cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); if (cookie_length == 0) - return 1; + return (1); } /* load the client random */ @@ -1048,7 +1054,7 @@ ssl3_get_client_hello(SSL *s) /* cookie stuff */ cookie_len = *(p++); - /* + /* * The ClientHello may contain a cookie even if the * HelloVerify message has not been sent--make sure that it * does not cause an overflow. @@ -1094,13 +1100,15 @@ ssl3_get_client_hello(SSL *s) if ((i == 0) && (j != 0)) { /* we need a cipher if we are not resuming a session */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; } if ((p + i) >= (d + n)) { /* not enough data */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); goto f_err; } if ((i > 0) && @@ -1143,7 +1151,8 @@ ssl3_get_client_hello(SSL *s) if ((p + i) > (d + n)) { /* not enough data */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); goto f_err; } q = p; @@ -1172,7 +1181,8 @@ ssl3_get_client_hello(SSL *s) } } if (ssl_check_clienthello_tlsext_early(s) <= 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_CLIENTHELLO_TLSEXT); goto err; } @@ -1377,7 +1387,7 @@ ssl3_get_client_hello(SSL *s) } /* - * We now have the following setup. + * We now have the following setup. * client_random * cipher_list - our prefered list of ciphers * ciphers - the clients prefered list of ciphers @@ -1422,7 +1432,7 @@ ssl3_send_server_hello(SSL *s) #ifdef OPENSSL_NO_TLSEXT p = s->s3->server_random; if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) - return -1; + return (-1); #endif /* Do the message type and length last */ d = p= &(buf[4]); @@ -1460,7 +1470,7 @@ ssl3_send_server_hello(SSL *s) if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return -1; + return (-1); } *(p++) = sl; memcpy(p, s->session->session_id, sl); @@ -1483,13 +1493,13 @@ ssl3_send_server_hello(SSL *s) if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); - return -1; + return (-1); } if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - return -1; + return (-1); } #endif /* do the header */ @@ -1714,9 +1724,9 @@ ssl3_send_server_key_exchange(SSL *s) goto err; } - /* + /* * XXX: For now, we only support ephemeral ECDH - * keys over named (not generic) curves. For + * keys over named (not generic) curves. For * supported named curves, curve_id is non-zero. */ if ((curve_id = tls1_ec_nid2curve_id( @@ -1726,7 +1736,7 @@ ssl3_send_server_key_exchange(SSL *s) goto err; } - /* + /* * Encode the public key. * First check the size of encoding and * allocate memory accordingly. @@ -1760,12 +1770,12 @@ ssl3_send_server_key_exchange(SSL *s) BN_CTX_free(bn_ctx); bn_ctx = NULL; - /* - * XXX: For now, we only support named (not + /* + * XXX: For now, we only support named (not * generic) curves in ECDH ephemeral key exchanges. * In this situation, we need four additional bytes * to encode the entire ServerECDHParams - * structure. + * structure. */ n = 4 + encodedlen; @@ -1790,7 +1800,8 @@ ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kSRP) { if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSL_R_MISSING_SRP_PARAM); goto err; } r[0] = s->srp_ctx.N; @@ -1801,7 +1812,8 @@ ssl3_send_server_key_exchange(SSL *s) #endif { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } for (i = 0; i < 4 && r[i] != NULL; i++) { @@ -1922,7 +1934,7 @@ ssl3_send_server_key_exchange(SSL *s) n += u + 2; } else if (md) { - /* + /* * For TLS1.2 and later send signature * algorithm */ @@ -2384,7 +2396,8 @@ ssl3_get_client_key_exchange(SSL *s) } if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + krb5rc); goto err; } @@ -2436,7 +2449,7 @@ ssl3_get_client_key_exchange(SSL *s) * instead of the protocol version. * * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such - * clients. + * clients. * (Perhaps we should have a separate BUG value for * the Kerberos cipher) */ @@ -2463,7 +2476,7 @@ ssl3_get_client_key_exchange(SSL *s) } - /* + /* * Was doing kssl_ctx_free() here, but it caused problems for * apache. * kssl_ctx = kssl_ctx_free(kssl_ctx); @@ -2528,13 +2541,13 @@ ssl3_get_client_key_exchange(SSL *s) if (((clnt_pub_pkey = X509_get_pubkey( s->session->peer)) == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) { - /* + /* * XXX: For now, we do not support client * authentication using ECDH certificates * so this branch (n == 0L) of the code is * never executed. When that support is - * added, we ought to ensure the key - * received in the certificate is + * added, we ought to ensure the key + * received in the certificate is * authorized for key agreement. * ECDH_compute_key implicitly checks that * the two ECDH shares are for the same @@ -2582,7 +2595,7 @@ ssl3_get_client_key_exchange(SSL *s) /* * p is pointing to somewhere in the buffer * currently, so set it to the start. - */ + */ p = (unsigned char *)s->init_buf->data; } @@ -2808,7 +2821,7 @@ ssl3_get_client_key_exchange(SSL *s) EVP_PKEY_free(client_pub_pkey); EVP_PKEY_CTX_free(pkey_ctx); if (ret) - return ret; + return (ret); else goto err; } else { @@ -2897,7 +2910,7 @@ ssl3_get_cert_verify(SSL *s) p = (unsigned char *)s->init_msg; /* * Check for broken implementations of GOST ciphersuites. - * + * * If key is GOST and n is exactly 64, it is a bare * signature without length field. */ @@ -2946,7 +2959,8 @@ ssl3_get_cert_verify(SSL *s) } j = EVP_PKEY_size(pkey); if ((i > j) || (n > j) || (n <= 0)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSL_R_WRONG_SIGNATURE_SIZE); al = SSL_AD_DECODE_ERROR; goto f_err; } @@ -2967,14 +2981,16 @@ ssl3_get_cert_verify(SSL *s) #endif if (!EVP_VerifyInit_ex(&mctx, md, NULL) || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto f_err; } if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) { al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + SSL_R_BAD_SIGNATURE); goto f_err; } } else @@ -3043,7 +3059,8 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); al = SSL_AD_UNSUPPORTED_CERTIFICATE; goto f_err; } @@ -3277,10 +3294,10 @@ ssl3_send_newsession_ticket(SSL *s) * too long */ if (slen_full > 0xFF00) - return -1; + return (-1); senc = malloc(slen_full); if (!senc) - return -1; + return (-1); p = senc; i2d_SSL_SESSION(s->session, &p); @@ -3292,7 +3309,7 @@ ssl3_send_newsession_ticket(SSL *s) sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); if (sess == NULL) { free(senc); - return -1; + return (-1); } /* ID is irrelevant for the ticket */ @@ -3302,13 +3319,13 @@ ssl3_send_newsession_ticket(SSL *s) if (slen > slen_full) { /* shouldn't ever happen */ free(senc); - return -1; + return (-1); } p = senc; i2d_SSL_SESSION(sess, &p); SSL_SESSION_free(sess); - /* + /* * Grow buffer if need be: the length calculation is as * follows 1 (size of message name) + 3 (message length * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + @@ -3319,7 +3336,7 @@ ssl3_send_newsession_ticket(SSL *s) if (!BUF_MEM_grow(s->init_buf, 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; + return (-1); p = (unsigned char *)s->init_buf->data; /* do the header */ @@ -3337,7 +3354,7 @@ ssl3_send_newsession_ticket(SSL *s) if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { free(senc); - return -1; + return (-1); } } else { RAND_pseudo_bytes(iv, 16); @@ -3409,7 +3426,7 @@ ssl3_send_cert_status(SSL *s) * + (ocsp response) */ if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) - return -1; + return (-1); p = (unsigned char *)s->init_buf->data; @@ -3453,7 +3470,7 @@ ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); - return -1; + return (-1); } n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A, @@ -3470,11 +3487,11 @@ ssl3_get_next_proto(SSL *s) if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); - return -1; + return (-1); } if (n < 2) - return 0; + return (0); /* The body must be > 1 bytes long */ p = (unsigned char *)s->init_msg; @@ -3488,20 +3505,21 @@ ssl3_get_next_proto(SSL *s) */ proto_len = p[0]; if (proto_len + 2 > s->init_num) - return 0; + return (0); padding_len = p[proto_len + 1]; if (proto_len + padding_len + 2 != s->init_num) - return 0; + return (0); s->next_proto_negotiated = malloc(proto_len); if (!s->next_proto_negotiated) { - SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); - return 0; + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, + ERR_R_MALLOC_FAILURE); + return (0); } memcpy(s->next_proto_negotiated, p + 1, proto_len); s->next_proto_negotiated_len = proto_len; - return 1; + return (1); } # endif #endif diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index 830f574183e..21a48da182a 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -7,21 +7,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -36,10 +36,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -51,7 +51,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,7 +65,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -112,7 +112,7 @@ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by + * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ /* ==================================================================== @@ -203,7 +203,7 @@ SSL_clear(SSL *s) if (s->renegotiate) { SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); - return 0; + return (0); } s->type = 0; @@ -393,12 +393,12 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, if (sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; + return (0); } ctx->sid_ctx_length = sid_ctx_len; memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); - return 1; + return (1); } int @@ -407,13 +407,13 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, - SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; + SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + return (0); } ssl->sid_ctx_length = sid_ctx_len; memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); - return 1; + return (1); } int @@ -422,7 +422,7 @@ SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); ctx->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return 1; + return (1); } int @@ -431,7 +431,7 @@ SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) CRYPTO_w_lock(CRYPTO_LOCK_SSL); ssl->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - return 1; + return (1); } int @@ -448,7 +448,7 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, SSL_SESSION r, *p; if (id_len > sizeof r.session_id) - return 0; + return (0); r.ssl_version = ssl->version; r.session_id_length = id_len; @@ -463,37 +463,37 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) { - return X509_VERIFY_PARAM_set_purpose(s->param, purpose); + return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); } int SSL_set_purpose(SSL *s, int purpose) { - return X509_VERIFY_PARAM_set_purpose(s->param, purpose); + return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); } int SSL_CTX_set_trust(SSL_CTX *s, int trust) { - return X509_VERIFY_PARAM_set_trust(s->param, trust); + return (X509_VERIFY_PARAM_set_trust(s->param, trust)); } int SSL_set_trust(SSL *s, int trust) { - return X509_VERIFY_PARAM_set_trust(s->param, trust); + return (X509_VERIFY_PARAM_set_trust(s->param, trust)); } int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) { - return X509_VERIFY_PARAM_set1(ctx->param, vpm); + return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); } int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { - return X509_VERIFY_PARAM_set1(ssl->param, vpm); + return (X509_VERIFY_PARAM_set1(ssl->param, vpm)); } void @@ -743,7 +743,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) count = ret; memcpy(buf, s->s3->tmp.finish_md, count); } - return ret; + return (ret); } /* return length of latest Finished message we expected, copy to 'buf' */ @@ -758,7 +758,7 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) count = ret; memcpy(buf, s->s3->tmp.peer_finish_md, count); } - return ret; + return (ret); } @@ -771,10 +771,11 @@ SSL_get_verify_mode(const SSL *s) int SSL_get_verify_depth(const SSL *s) { - return X509_VERIFY_PARAM_get_depth(s->param); + return (X509_VERIFY_PARAM_get_depth(s->param)); } -int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) +int +(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) { return (s->verify_callback); } @@ -788,7 +789,7 @@ SSL_CTX_get_verify_mode(const SSL_CTX *ctx) int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { - return X509_VERIFY_PARAM_get_depth(ctx->param); + return (X509_VERIFY_PARAM_get_depth(ctx->param)); } int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) @@ -938,7 +939,7 @@ SSL_check_private_key(const SSL *ssl) if (ssl->cert == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); - return 0; + return (0); } if (ssl->cert->key->x509 == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, @@ -984,7 +985,7 @@ SSL_read(SSL *s, void *buf, int num) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { @@ -1000,7 +1001,7 @@ SSL_peek(SSL *s, void *buf, int num) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { @@ -1015,7 +1016,7 @@ SSL_write(SSL *s, const void *buf, int num) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if (s->shutdown & SSL_SENT_SHUTDOWN) { @@ -1040,7 +1041,7 @@ SSL_shutdown(SSL *s) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if ((s != NULL) && !SSL_in_init(s)) @@ -1096,7 +1097,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_MSG_CALLBACK_ARG: s->msg_callback_arg = parg; - return 1; + return (1); case SSL_CTRL_OPTIONS: return (s->options|=larg); @@ -1115,24 +1116,24 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_MTU: #ifndef OPENSSL_NO_DTLS1 if (larg < (long)dtls1_min_mtu()) - return 0; + return (0); #endif if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; - return larg; + return (larg); } - return 0; + return (0); case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; + return (0); s->max_send_fragment = larg; - return 1; + return (1); case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) - return s->s3->send_connection_binding; - else return 0; + return (s->s3->send_connection_binding); + else return (0); default: return (s->method->ssl_ctrl(s, cmd, larg, parg)); } @@ -1146,7 +1147,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); - return 1; + return (1); default: return (s->method->ssl_callback_ctrl(s, cmd, fp)); @@ -1156,7 +1157,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) LHASH_OF(SSL_SESSION) * SSL_CTX_sessions(SSL_CTX *ctx) { - return ctx->sessions; + return (ctx->sessions); } long @@ -1174,7 +1175,7 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_MSG_CALLBACK_ARG: ctx->msg_callback_arg = parg; - return 1; + return (1); case SSL_CTRL_GET_MAX_CERT_LIST: return (ctx->max_cert_list); @@ -1230,9 +1231,9 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (ctx->mode&=~larg); case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; + return (0); ctx->max_send_fragment = larg; - return 1; + return (1); default: return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); } @@ -1246,7 +1247,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); - return 1; + return (1); default: return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); @@ -1339,7 +1340,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id, str); - /* + /* * ssl_create_cipher_list may return an empty stack if it * was unable to find a cipher matching the given rule string * (for example if the rule string specifies a cipher which @@ -1349,13 +1350,13 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) * updated. */ if (sk == NULL) - return 0; + return (0); else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); - return 0; + return (0); } - return 1; + return (1); } /* Specify the ciphers to be used by the SSL. */ @@ -1368,13 +1369,13 @@ SSL_set_cipher_list(SSL *s, const char *str) &s->cipher_list_by_id, str); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) - return 0; + return (0); else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); - return 0; + return (0); } - return 1; + return (1); } /* works well for SSLv2, not so good for SSLv3 */ @@ -1540,11 +1541,11 @@ const char * SSL_get_servername(const SSL *s, const int type) { if (type != TLSEXT_NAMETYPE_host_name) - return NULL; + return (NULL); - return s->session && !s->tlsext_hostname ? + return (s->session && !s->tlsext_hostname ? s->session->tlsext_hostname : - s->tlsext_hostname; + s->tlsext_hostname); } int @@ -1553,8 +1554,8 @@ SSL_get_servername_type(const SSL *s) if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) - return TLSEXT_NAMETYPE_host_name; - return -1; + return (TLSEXT_NAMETYPE_host_name); + return (-1); } # ifndef OPENSSL_NO_NEXTPROTONEG @@ -1626,7 +1627,7 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, found: *out = (unsigned char *) result + 1; *outlen = result[0]; - return status; + return (status); } /* @@ -1697,10 +1698,10 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, int use_context) { if (s->version < TLS1_VERSION) - return -1; + return (-1); - return s->method->ssl3_enc->export_keying_material(s, out, olen, - label, llen, p, plen, use_context); + return (s->method->ssl3_enc->export_keying_material(s, out, olen, + label, llen, p, plen, use_context)); } static unsigned long @@ -2087,7 +2088,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #ifdef CIPHER_DEBUG - printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", + printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d " + "rs=%d ds=%d dhr=%d dhd=%d\n", rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif @@ -2247,11 +2249,11 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) /* ECDH key length in export ciphers must be <= 163 bits */ pkey = X509_get_pubkey(x); if (pkey == NULL) - return 0; + return (0); keysize = EVP_PKEY_bits(pkey); EVP_PKEY_free(pkey); if (keysize > 163) - return 0; + return (0); } /* This call populates the ex_flags field correctly */ @@ -2265,7 +2267,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); - return 0; + return (0); } if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { @@ -2273,7 +2275,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (pk_nid != NID_X9_62_id_ecPublicKey) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); - return 0; + return (0); } } if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < @@ -2282,7 +2284,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); - return 0; + return (0); } } } @@ -2291,11 +2293,11 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); - return 0; + return (0); } } - return 1; + return (1); /* all checks are ok */ } @@ -2355,7 +2357,7 @@ ssl_get_server_send_pkey(const SSL *s) return (NULL); } - return c->pkeys + i; + return (c->pkeys + i); } X509 * @@ -2365,8 +2367,8 @@ ssl_get_server_send_cert(const SSL *s) cpk = ssl_get_server_send_pkey(s); if (!cpk) - return NULL; - return cpk->x509; + return (NULL); + return (cpk->x509); } EVP_PKEY * @@ -2397,7 +2399,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) } if (pmd) *pmd = c->pkeys[idx].digest; - return c->pkeys[idx].privatekey; + return (c->pkeys[idx].privatekey); } void @@ -2506,7 +2508,7 @@ SSL_get_error(const SSL *s, int i) else if (reason == BIO_RR_ACCEPT) return (SSL_ERROR_WANT_ACCEPT); else - return(SSL_ERROR_SYSCALL); /* unknown */ + return (SSL_ERROR_SYSCALL); /* unknown */ } } @@ -2514,13 +2516,13 @@ SSL_get_error(const SSL *s, int i) bio = SSL_get_wbio(s); if (BIO_should_write(bio)) return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_read(bio)) - return (SSL_ERROR_WANT_READ); + else if (BIO_should_read(bio)) { /* * See above (SSL_want_read(s) with * BIO_should_write(bio)) */ - else if (BIO_should_io_special(bio)) { + return (SSL_ERROR_WANT_READ); + } else if (BIO_should_io_special(bio)) { reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) return (SSL_ERROR_WANT_CONNECT); @@ -2561,7 +2563,7 @@ SSL_do_handshake(SSL *s) return (ret); } -/* +/* * For the next 2 functions, SSL_clear() sets shutdown and so * one of these calls will reset it */ @@ -2627,15 +2629,15 @@ const char * SSL_get_version(const SSL *s) { if (s->version == TLS1_2_VERSION) - return("TLSv1.2"); + return ("TLSv1.2"); else if (s->version == TLS1_1_VERSION) - return("TLSv1.1"); + return ("TLSv1.1"); else if (s->version == TLS1_VERSION) - return("TLSv1"); + return ("TLSv1"); else if (s->version == SSL3_VERSION) - return("SSLv3"); + return ("SSLv3"); else - return("unknown"); + return ("unknown"); } SSL * @@ -2722,14 +2724,14 @@ SSL_dup(SSL *s) ret->quiet_shutdown = s->quiet_shutdown; ret->shutdown = s->shutdown; /* SSL_dup does not really work at any state, though */ - ret->state=s->state; + ret->state=s->state; ret->rstate = s->rstate; /* * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, * ret->init_off */ - ret->init_num = 0; + ret->init_num = 0; ret->hit = s->hit; @@ -2741,10 +2743,11 @@ SSL_dup(SSL *s) sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; } - if (s->cipher_list_by_id != NULL) + if (s->cipher_list_by_id != NULL) { if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) goto err; + } /* Dup the client_CA list */ if (s->client_CA != NULL) { @@ -2825,13 +2828,13 @@ SSL_get_current_cipher(const SSL *s) const void * SSL_get_current_compression(SSL *s) { - return NULL; + return (NULL); } const void * SSL_get_current_expansion(SSL *s) { - return NULL; + return (NULL); } #else @@ -2950,7 +2953,7 @@ SSL_CTX * SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { if (ssl->ctx == ctx) - return ssl->ctx; + return (ssl->ctx); #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; @@ -2993,7 +2996,7 @@ SSL_set_info_callback(SSL *ssl, */ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) { - return ssl->info_callback; + return (ssl->info_callback); } int @@ -3024,8 +3027,8 @@ int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); + return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, + new_func, dup_func, free_func)); } int @@ -3044,8 +3047,8 @@ int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); + return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, + new_func, dup_func, free_func)); } int @@ -3171,50 +3174,50 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; + return (0); } if (ctx->psk_identity_hint != NULL) free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) - return 0; + return (0); } else ctx->psk_identity_hint = NULL; - return 1; + return (1); } int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) { if (s == NULL) - return 0; + return (0); if (s->session == NULL) - return 1; /* session not created yet, ignored */ + return (1); /* session not created yet, ignored */ if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; + return (0); } if (s->session->psk_identity_hint != NULL) free(s->session->psk_identity_hint); if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL) - return 0; + return (0); } else s->session->psk_identity_hint = NULL; - return 1; + return (1); } const char * SSL_get_psk_identity_hint(const SSL *s) { if (s == NULL || s->session == NULL) - return NULL; + return (NULL); return (s->session->psk_identity_hint); } @@ -3222,7 +3225,7 @@ const char * SSL_get_psk_identity(const SSL *s) { if (s == NULL || s->session == NULL) - return NULL; + return (NULL); return (s->session->psk_identity); } @@ -3289,7 +3292,7 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) *hash = EVP_MD_CTX_create(); if (md) EVP_DigestInit_ex(*hash, md, NULL); - return *hash; + return (*hash); } void @@ -3309,7 +3312,7 @@ SSL_set_debug(SSL *s, int debug) int SSL_cache_hit(SSL *s) { - return s->hit; + return (s->hit); } IMPLEMENT_STACK_OF(SSL_CIPHER) diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 830f574183e..21a48da182a 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -7,21 +7,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -36,10 +36,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -51,7 +51,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,7 +65,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -112,7 +112,7 @@ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by + * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ /* ==================================================================== @@ -203,7 +203,7 @@ SSL_clear(SSL *s) if (s->renegotiate) { SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); - return 0; + return (0); } s->type = 0; @@ -393,12 +393,12 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, if (sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; + return (0); } ctx->sid_ctx_length = sid_ctx_len; memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); - return 1; + return (1); } int @@ -407,13 +407,13 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, - SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; + SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + return (0); } ssl->sid_ctx_length = sid_ctx_len; memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); - return 1; + return (1); } int @@ -422,7 +422,7 @@ SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); ctx->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return 1; + return (1); } int @@ -431,7 +431,7 @@ SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) CRYPTO_w_lock(CRYPTO_LOCK_SSL); ssl->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - return 1; + return (1); } int @@ -448,7 +448,7 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, SSL_SESSION r, *p; if (id_len > sizeof r.session_id) - return 0; + return (0); r.ssl_version = ssl->version; r.session_id_length = id_len; @@ -463,37 +463,37 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) { - return X509_VERIFY_PARAM_set_purpose(s->param, purpose); + return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); } int SSL_set_purpose(SSL *s, int purpose) { - return X509_VERIFY_PARAM_set_purpose(s->param, purpose); + return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); } int SSL_CTX_set_trust(SSL_CTX *s, int trust) { - return X509_VERIFY_PARAM_set_trust(s->param, trust); + return (X509_VERIFY_PARAM_set_trust(s->param, trust)); } int SSL_set_trust(SSL *s, int trust) { - return X509_VERIFY_PARAM_set_trust(s->param, trust); + return (X509_VERIFY_PARAM_set_trust(s->param, trust)); } int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) { - return X509_VERIFY_PARAM_set1(ctx->param, vpm); + return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); } int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { - return X509_VERIFY_PARAM_set1(ssl->param, vpm); + return (X509_VERIFY_PARAM_set1(ssl->param, vpm)); } void @@ -743,7 +743,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) count = ret; memcpy(buf, s->s3->tmp.finish_md, count); } - return ret; + return (ret); } /* return length of latest Finished message we expected, copy to 'buf' */ @@ -758,7 +758,7 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) count = ret; memcpy(buf, s->s3->tmp.peer_finish_md, count); } - return ret; + return (ret); } @@ -771,10 +771,11 @@ SSL_get_verify_mode(const SSL *s) int SSL_get_verify_depth(const SSL *s) { - return X509_VERIFY_PARAM_get_depth(s->param); + return (X509_VERIFY_PARAM_get_depth(s->param)); } -int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) +int +(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) { return (s->verify_callback); } @@ -788,7 +789,7 @@ SSL_CTX_get_verify_mode(const SSL_CTX *ctx) int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { - return X509_VERIFY_PARAM_get_depth(ctx->param); + return (X509_VERIFY_PARAM_get_depth(ctx->param)); } int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) @@ -938,7 +939,7 @@ SSL_check_private_key(const SSL *ssl) if (ssl->cert == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); - return 0; + return (0); } if (ssl->cert->key->x509 == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, @@ -984,7 +985,7 @@ SSL_read(SSL *s, void *buf, int num) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { @@ -1000,7 +1001,7 @@ SSL_peek(SSL *s, void *buf, int num) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { @@ -1015,7 +1016,7 @@ SSL_write(SSL *s, const void *buf, int num) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if (s->shutdown & SSL_SENT_SHUTDOWN) { @@ -1040,7 +1041,7 @@ SSL_shutdown(SSL *s) if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); - return -1; + return (-1); } if ((s != NULL) && !SSL_in_init(s)) @@ -1096,7 +1097,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_MSG_CALLBACK_ARG: s->msg_callback_arg = parg; - return 1; + return (1); case SSL_CTRL_OPTIONS: return (s->options|=larg); @@ -1115,24 +1116,24 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_MTU: #ifndef OPENSSL_NO_DTLS1 if (larg < (long)dtls1_min_mtu()) - return 0; + return (0); #endif if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; - return larg; + return (larg); } - return 0; + return (0); case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; + return (0); s->max_send_fragment = larg; - return 1; + return (1); case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) - return s->s3->send_connection_binding; - else return 0; + return (s->s3->send_connection_binding); + else return (0); default: return (s->method->ssl_ctrl(s, cmd, larg, parg)); } @@ -1146,7 +1147,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); - return 1; + return (1); default: return (s->method->ssl_callback_ctrl(s, cmd, fp)); @@ -1156,7 +1157,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) LHASH_OF(SSL_SESSION) * SSL_CTX_sessions(SSL_CTX *ctx) { - return ctx->sessions; + return (ctx->sessions); } long @@ -1174,7 +1175,7 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_MSG_CALLBACK_ARG: ctx->msg_callback_arg = parg; - return 1; + return (1); case SSL_CTRL_GET_MAX_CERT_LIST: return (ctx->max_cert_list); @@ -1230,9 +1231,9 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (ctx->mode&=~larg); case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; + return (0); ctx->max_send_fragment = larg; - return 1; + return (1); default: return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); } @@ -1246,7 +1247,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); - return 1; + return (1); default: return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); @@ -1339,7 +1340,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id, str); - /* + /* * ssl_create_cipher_list may return an empty stack if it * was unable to find a cipher matching the given rule string * (for example if the rule string specifies a cipher which @@ -1349,13 +1350,13 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) * updated. */ if (sk == NULL) - return 0; + return (0); else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); - return 0; + return (0); } - return 1; + return (1); } /* Specify the ciphers to be used by the SSL. */ @@ -1368,13 +1369,13 @@ SSL_set_cipher_list(SSL *s, const char *str) &s->cipher_list_by_id, str); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) - return 0; + return (0); else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); - return 0; + return (0); } - return 1; + return (1); } /* works well for SSLv2, not so good for SSLv3 */ @@ -1540,11 +1541,11 @@ const char * SSL_get_servername(const SSL *s, const int type) { if (type != TLSEXT_NAMETYPE_host_name) - return NULL; + return (NULL); - return s->session && !s->tlsext_hostname ? + return (s->session && !s->tlsext_hostname ? s->session->tlsext_hostname : - s->tlsext_hostname; + s->tlsext_hostname); } int @@ -1553,8 +1554,8 @@ SSL_get_servername_type(const SSL *s) if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) - return TLSEXT_NAMETYPE_host_name; - return -1; + return (TLSEXT_NAMETYPE_host_name); + return (-1); } # ifndef OPENSSL_NO_NEXTPROTONEG @@ -1626,7 +1627,7 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, found: *out = (unsigned char *) result + 1; *outlen = result[0]; - return status; + return (status); } /* @@ -1697,10 +1698,10 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, int use_context) { if (s->version < TLS1_VERSION) - return -1; + return (-1); - return s->method->ssl3_enc->export_keying_material(s, out, olen, - label, llen, p, plen, use_context); + return (s->method->ssl3_enc->export_keying_material(s, out, olen, + label, llen, p, plen, use_context)); } static unsigned long @@ -2087,7 +2088,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #ifdef CIPHER_DEBUG - printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", + printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d " + "rs=%d ds=%d dhr=%d dhd=%d\n", rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif @@ -2247,11 +2249,11 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) /* ECDH key length in export ciphers must be <= 163 bits */ pkey = X509_get_pubkey(x); if (pkey == NULL) - return 0; + return (0); keysize = EVP_PKEY_bits(pkey); EVP_PKEY_free(pkey); if (keysize > 163) - return 0; + return (0); } /* This call populates the ex_flags field correctly */ @@ -2265,7 +2267,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); - return 0; + return (0); } if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { @@ -2273,7 +2275,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (pk_nid != NID_X9_62_id_ecPublicKey) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); - return 0; + return (0); } } if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < @@ -2282,7 +2284,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); - return 0; + return (0); } } } @@ -2291,11 +2293,11 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); - return 0; + return (0); } } - return 1; + return (1); /* all checks are ok */ } @@ -2355,7 +2357,7 @@ ssl_get_server_send_pkey(const SSL *s) return (NULL); } - return c->pkeys + i; + return (c->pkeys + i); } X509 * @@ -2365,8 +2367,8 @@ ssl_get_server_send_cert(const SSL *s) cpk = ssl_get_server_send_pkey(s); if (!cpk) - return NULL; - return cpk->x509; + return (NULL); + return (cpk->x509); } EVP_PKEY * @@ -2397,7 +2399,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) } if (pmd) *pmd = c->pkeys[idx].digest; - return c->pkeys[idx].privatekey; + return (c->pkeys[idx].privatekey); } void @@ -2506,7 +2508,7 @@ SSL_get_error(const SSL *s, int i) else if (reason == BIO_RR_ACCEPT) return (SSL_ERROR_WANT_ACCEPT); else - return(SSL_ERROR_SYSCALL); /* unknown */ + return (SSL_ERROR_SYSCALL); /* unknown */ } } @@ -2514,13 +2516,13 @@ SSL_get_error(const SSL *s, int i) bio = SSL_get_wbio(s); if (BIO_should_write(bio)) return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_read(bio)) - return (SSL_ERROR_WANT_READ); + else if (BIO_should_read(bio)) { /* * See above (SSL_want_read(s) with * BIO_should_write(bio)) */ - else if (BIO_should_io_special(bio)) { + return (SSL_ERROR_WANT_READ); + } else if (BIO_should_io_special(bio)) { reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) return (SSL_ERROR_WANT_CONNECT); @@ -2561,7 +2563,7 @@ SSL_do_handshake(SSL *s) return (ret); } -/* +/* * For the next 2 functions, SSL_clear() sets shutdown and so * one of these calls will reset it */ @@ -2627,15 +2629,15 @@ const char * SSL_get_version(const SSL *s) { if (s->version == TLS1_2_VERSION) - return("TLSv1.2"); + return ("TLSv1.2"); else if (s->version == TLS1_1_VERSION) - return("TLSv1.1"); + return ("TLSv1.1"); else if (s->version == TLS1_VERSION) - return("TLSv1"); + return ("TLSv1"); else if (s->version == SSL3_VERSION) - return("SSLv3"); + return ("SSLv3"); else - return("unknown"); + return ("unknown"); } SSL * @@ -2722,14 +2724,14 @@ SSL_dup(SSL *s) ret->quiet_shutdown = s->quiet_shutdown; ret->shutdown = s->shutdown; /* SSL_dup does not really work at any state, though */ - ret->state=s->state; + ret->state=s->state; ret->rstate = s->rstate; /* * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, * ret->init_off */ - ret->init_num = 0; + ret->init_num = 0; ret->hit = s->hit; @@ -2741,10 +2743,11 @@ SSL_dup(SSL *s) sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; } - if (s->cipher_list_by_id != NULL) + if (s->cipher_list_by_id != NULL) { if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) goto err; + } /* Dup the client_CA list */ if (s->client_CA != NULL) { @@ -2825,13 +2828,13 @@ SSL_get_current_cipher(const SSL *s) const void * SSL_get_current_compression(SSL *s) { - return NULL; + return (NULL); } const void * SSL_get_current_expansion(SSL *s) { - return NULL; + return (NULL); } #else @@ -2950,7 +2953,7 @@ SSL_CTX * SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { if (ssl->ctx == ctx) - return ssl->ctx; + return (ssl->ctx); #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; @@ -2993,7 +2996,7 @@ SSL_set_info_callback(SSL *ssl, */ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) { - return ssl->info_callback; + return (ssl->info_callback); } int @@ -3024,8 +3027,8 @@ int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); + return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, + new_func, dup_func, free_func)); } int @@ -3044,8 +3047,8 @@ int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); + return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, + new_func, dup_func, free_func)); } int @@ -3171,50 +3174,50 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; + return (0); } if (ctx->psk_identity_hint != NULL) free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) - return 0; + return (0); } else ctx->psk_identity_hint = NULL; - return 1; + return (1); } int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) { if (s == NULL) - return 0; + return (0); if (s->session == NULL) - return 1; /* session not created yet, ignored */ + return (1); /* session not created yet, ignored */ if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; + return (0); } if (s->session->psk_identity_hint != NULL) free(s->session->psk_identity_hint); if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL) - return 0; + return (0); } else s->session->psk_identity_hint = NULL; - return 1; + return (1); } const char * SSL_get_psk_identity_hint(const SSL *s) { if (s == NULL || s->session == NULL) - return NULL; + return (NULL); return (s->session->psk_identity_hint); } @@ -3222,7 +3225,7 @@ const char * SSL_get_psk_identity(const SSL *s) { if (s == NULL || s->session == NULL) - return NULL; + return (NULL); return (s->session->psk_identity); } @@ -3289,7 +3292,7 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) *hash = EVP_MD_CTX_create(); if (md) EVP_DigestInit_ex(*hash, md, NULL); - return *hash; + return (*hash); } void @@ -3309,7 +3312,7 @@ SSL_set_debug(SSL *s, int debug) int SSL_cache_hit(SSL *s) { - return s->hit; + return (s->hit); } IMPLEMENT_STACK_OF(SSL_CIPHER) -- 2.20.1