diff options
| author | Emilia Kasper <emilia@openssl.org> | 2016-08-05 19:03:17 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-08-18 14:02:29 +0200 |
| commit | a230b26e0959dc5f072fbbdadcc9ed45e904c50c (patch) | |
| tree | 85a928954cdf2f564c574138bbcd786f1ab1101e /ssl/record | |
| parent | 604f6eff31a3837abd3d96a2a41a3b269df757c4 (diff) | |
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/record')
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 56 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 82 | ||||
| -rw-r--r-- | ssl/record/record.h | 34 | ||||
| -rw-r--r-- | ssl/record/record_locl.h | 12 | ||||
| -rw-r--r-- | ssl/record/ssl3_record.c | 88 |
5 files changed, 113 insertions, 159 deletions
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 7ddadfa2bd..f9bf10963c 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -22,7 +22,6 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) return (0); - rl->d = d; d->unprocessed_rcds.q = pqueue_new(); @@ -97,18 +96,14 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e) { if (e == rl->d->w_epoch - 1) { memcpy(rl->d->curr_write_sequence, - rl->write_sequence, - sizeof(rl->write_sequence)); + rl->write_sequence, sizeof(rl->write_sequence)); memcpy(rl->write_sequence, - rl->d->last_write_sequence, - sizeof(rl->write_sequence)); + rl->d->last_write_sequence, sizeof(rl->write_sequence)); } else if (e == rl->d->w_epoch + 1) { memcpy(rl->d->last_write_sequence, - rl->write_sequence, - sizeof(unsigned char[8])); + rl->write_sequence, sizeof(unsigned char[8])); memcpy(rl->write_sequence, - rl->d->curr_write_sequence, - sizeof(rl->write_sequence)); + rl->d->curr_write_sequence, sizeof(rl->write_sequence)); } rl->d->w_epoch = e; } @@ -118,7 +113,6 @@ void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl) memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence)); } - void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) { memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE); @@ -232,7 +226,6 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) dtls1_retrieve_buffered_record((s), \ &((s)->rlayer.d->unprocessed_rcds)) - int dtls1_process_buffered_records(SSL *s) { pitem *item; @@ -249,7 +242,8 @@ int dtls1_process_buffered_records(SSL *s) if (!dtls1_process_record(s)) return (0); if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), - SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < + 0) return -1; } } @@ -264,7 +258,6 @@ int dtls1_process_buffered_records(SSL *s) return (1); } - /*- * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: @@ -390,7 +383,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) - || (s->rlayer.rstate == SSL_ST_READ_BODY)) { + || (s->rlayer.rstate == SSL_ST_READ_BODY)) { ret = dtls1_get_record(s); if (ret <= 0) { ret = dtls1_read_failed(s, ret); @@ -413,7 +406,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * data for later processing rather than dropping the connection. */ if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), - SSL3_RECORD_get_seq_num(rr)) < 0) { + SSL3_RECORD_get_seq_num(rr)) < 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); return -1; } @@ -432,8 +425,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (type == SSL3_RECORD_get_type(rr) - || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC - && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { + || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC + && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { /* * SSL3_RT_APPLICATION_DATA or * SSL3_RT_HANDSHAKE or @@ -525,7 +518,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) { /* We allow a 0 return */ if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr), - SSL3_RECORD_get_length(rr)) < 0) { + SSL3_RECORD_get_length(rr)) < 0) { return -1; } /* Exit and notify application to read again */ @@ -542,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * Application data while renegotiating is allowed. Try again * reading. */ - if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) { + if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) { BIO *bio; s->s3->in_read_app_data = 2; bio = SSL_get_rbio(s); @@ -563,14 +556,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * XDTLS: In a pathological case, the Client Hello may be * fragmented--don't always expect dest_maxlen bytes */ - if (SSL3_RECORD_get_length(rr) < dest_maxlen) { + if (SSL3_RECORD_get_length(rr) < dest_maxlen) { #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE /* * for normal alerts rr->length is 2, while * dest_maxlen is 7 if we were to handle this * non-existing alert... */ - FIX ME + FIX ME; #endif s->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_length(rr, 0); @@ -628,8 +621,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, - SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -734,8 +726,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; - SSLerr(SSL_F_DTLS1_READ_BYTES, - SSL_AD_REASON_OFFSET + alert_descr); + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -874,7 +865,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return (-1); } - /* * this only happens when a client hello is received and a handshake * is started. @@ -884,7 +874,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, { if ((type == SSL3_RT_HANDSHAKE) - && (s->rlayer.d->handshake_fragment_len > 0)) + && (s->rlayer.d->handshake_fragment_len > 0)) /* (partially) satisfy request from storage */ { unsigned char *src = s->rlayer.d->handshake_fragment; @@ -981,7 +971,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * header: otherwise some clients will ignore it. */ if (s->method->version == DTLS_ANY_VERSION && - s->max_proto_version != DTLS1_BAD_VER) { + s->max_proto_version != DTLS1_BAD_VER) { *(p++) = DTLS1_VERSION >> 8; *(p++) = DTLS1_VERSION & 0xff; } else { @@ -1040,7 +1030,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (mac_size != 0) { if (s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr) + eivlen]), 1) < 0) + &(p[SSL3_RECORD_get_length(&wr) + eivlen]), + 1) < 0) goto err; SSL3_RECORD_add_length(&wr, mac_size); } @@ -1115,7 +1106,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, } DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch) + unsigned int *is_next_epoch) { *is_next_epoch = 0; @@ -1126,7 +1117,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, /* Only HM and ALERT messages can be from the next epoch */ else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) && - (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { + (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; return &s->rlayer.d->next_bitmap; } @@ -1144,8 +1135,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) s->rlayer.d->r_epoch++; memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap, sizeof(s->rlayer.d->bitmap)); - memset(&s->rlayer.d->next_bitmap, 0, - sizeof(s->rlayer.d->next_bitmap)); + memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap)); } else { seq = s->rlayer.write_sequence; memcpy(s->rlayer.d->last_write_sequence, seq, diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index c2f96669cb..52a8dcf4e5 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -43,7 +43,8 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) rl->rstate = SSL_ST_READ_HEADER; - /* Do I need to clear read_ahead? As far as I can tell read_ahead did not + /* + * Do I need to clear read_ahead? As far as I can tell read_ahead did not * previously get reset by SSL_clear...so I'll keep it that way..but is * that right? */ @@ -91,7 +92,7 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) { return (rl->numwpipes > 0) - && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes-1]) != 0; + && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; } int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) @@ -130,7 +131,7 @@ int ssl3_pending(const SSL *s) for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) { if (SSL3_RECORD_get_type(&s->rlayer.rrec[i]) - != SSL3_RT_APPLICATION_DATA) + != SSL3_RT_APPLICATION_DATA) return 0; num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]); } @@ -262,7 +263,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) * Move any available bytes to front of buffer: 'len' bytes already * pointed to by 'packet', 'left' extra ones at the end */ - if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ + if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ memmove(pkt, s->rlayer.packet, len + left); s->rlayer.packet = pkt; rb->offset = len + align; @@ -327,7 +328,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) return (n); } - /* * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. @@ -365,7 +365,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) return -1; } - s->rlayer.wnum = 0; if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { @@ -538,22 +537,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) /* * We should have prevented this when we set max_pipelines so we * shouldn't get here - */ + */ SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); return -1; } if (maxpipes == 0 - || s->enc_write_ctx == NULL - || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) - & EVP_CIPH_FLAG_PIPELINE) - || !SSL_USE_EXPLICIT_IV(s)) + || s->enc_write_ctx == NULL + || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) + & EVP_CIPH_FLAG_PIPELINE) + || !SSL_USE_EXPLICIT_IV(s)) maxpipes = 1; if (s->max_send_fragment == 0 || split_send_fragment > s->max_send_fragment - || split_send_fragment == 0) { + || split_send_fragment == 0) { /* * We should have prevented this when we set the split and max send * fragments so we shouldn't get here - */ + */ SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); return -1; } @@ -658,8 +657,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, sess = s->session; if ((sess == NULL) || - (s->enc_write_ctx == NULL) || - (EVP_MD_CTX_md(s->write_hash) == NULL)) { + (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) { clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { @@ -691,8 +689,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, goto err; if (prefix_len > - (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) - { + (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); goto err; @@ -718,9 +715,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } else if (prefix_len) { wb = &s->rlayer.wbuf[0]; outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb) - + prefix_len; + + prefix_len; } else { - for (j=0; j < numpipes; j++) { + for (j = 0; j < numpipes; j++) { wb = &s->rlayer.wbuf[j]; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH; @@ -749,11 +746,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } else eivlen = 0; - totlen = 0; /* Clear our SSL3_RECORD structures */ memset(wr, 0, sizeof wr); - for (j=0; j < numpipes; j++) { + for (j = 0; j < numpipes; j++) { /* write the header */ *(outbuf[j]++) = type & 0xff; SSL3_RECORD_set_type(&wr[j], type); @@ -802,12 +798,12 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (!SSL_USE_ETM(s) && mac_size != 0) { if (s->method->ssl3_enc->mac(s, &wr[j], - &(outbuf[j][wr[j].length + eivlen]), 1) < 0) + &(outbuf[j][wr[j].length + eivlen]), + 1) < 0) goto err; SSL3_RECORD_add_length(&wr[j], mac_size); } - SSL3_RECORD_set_data(&wr[j], outbuf[j]); SSL3_RECORD_reset_input(&wr[j]); @@ -822,7 +818,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) goto err; - for (j=0; j < numpipes; j++) { + for (j = 0; j < numpipes; j++) { if (SSL_USE_ETM(s) && mac_size != 0) { if (s->method->ssl3_enc->mac(s, &wr[j], outbuf[j] + wr[j].length, 1) < 0) @@ -841,7 +837,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * we should now have wr->data pointing to the encrypted data, which is * wr->length long */ - SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for debugging */ + SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for + * debugging */ SSL3_RECORD_add_length(&wr[j], SSL3_RT_HEADER_LENGTH); if (create_empty_fragment) { @@ -859,11 +856,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* now let's set up wb */ SSL3_BUFFER_set_left(&s->rlayer.wbuf[j], - prefix_len + SSL3_RECORD_get_length(&wr[j])); + prefix_len + SSL3_RECORD_get_length(&wr[j])); } - - /* * memorize arguments so that ssl3_write_pending can detect bad write * retries later @@ -899,17 +894,17 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, for (;;) { /* Loop until we find a buffer we haven't written out yet */ if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0 - && currbuf < s->rlayer.numwpipes - 1) { + && currbuf < s->rlayer.numwpipes - 1) { currbuf++; continue; } clear_sys_error(); if (s->wbio != NULL) { s->rwstate = SSL_WRITING; - i = BIO_write(s->wbio, - (char *)&(SSL3_BUFFER_get_buf(&wb[currbuf])[ - SSL3_BUFFER_get_offset(&wb[currbuf])]), - (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); + i = BIO_write(s->wbio, (char *) + &(SSL3_BUFFER_get_buf(&wb[currbuf]) + [SSL3_BUFFER_get_offset(&wb[currbuf])]), + (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); } else { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); i = -1; @@ -1059,7 +1054,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* Skip over any records we have already read */ for (curr_rec = 0; curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]); - curr_rec++); + curr_rec++) ; if (curr_rec == num_recs) { RECORD_LAYER_set_numrpipes(&s->rlayer, 0); num_recs = 0; @@ -1089,8 +1084,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (type == SSL3_RECORD_get_type(rr) - || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC - && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { + || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC + && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { /* * SSL3_RT_APPLICATION_DATA or * SSL3_RT_HANDSHAKE or @@ -1108,8 +1103,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (type == SSL3_RT_HANDSHAKE - && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC - && s->rlayer.handshake_fragment_len > 0) { + && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC + && s->rlayer.handshake_fragment_len > 0) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); goto f_err; @@ -1152,8 +1147,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, goto start; } if (!peek && curr_rec == num_recs - && (s->mode & SSL_MODE_RELEASE_BUFFERS) - && SSL3_BUFFER_get_left(rbuf) == 0) + && (s->mode & SSL_MODE_RELEASE_BUFFERS) + && SSL3_BUFFER_get_left(rbuf) == 0) ssl3_release_read_buffer(s); return read_bytes; } @@ -1186,7 +1181,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (s->method->version == TLS_ANY_VERSION - && (s->server || rr->type != SSL3_RT_ALERT)) { + && (s->server || rr->type != SSL3_RT_ALERT)) { /* * If we've got this far and still haven't decided on what version * we're using then this must be a client side alert we're dealing with @@ -1273,8 +1268,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, - SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1405,7 +1399,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * Unexpected handshake message (Client Hello, or protocol violation) */ if ((s->rlayer.handshake_fragment_len >= 4) - && !ossl_statem_get_in_handshake(s)) { + && !ossl_statem_get_in_handshake(s)) { if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { ossl_statem_set_in_init(s, 1); diff --git a/ssl/record/record.h b/ssl/record/record.h index ce60a1508f..a093aed48f 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -33,46 +33,36 @@ typedef struct ssl3_record_st { /* Record layer version */ /* r */ int rec_version; - /* type of record */ /* r */ int type; - /* How many bytes available */ /* rw */ unsigned int length; - /* * How many bytes were available before padding was removed? This is used * to implement the MAC check in constant time for CBC records. */ /* rw */ unsigned int orig_len; - /* read/write offset into 'buf' */ /* r */ unsigned int off; - /* pointer to the record data */ /* rw */ unsigned char *data; - /* where the decode bytes are */ /* rw */ unsigned char *input; - /* only used with decompression - malloc()ed */ /* r */ unsigned char *comp; - /* Whether the data from this record has already been read or not */ /* r */ unsigned int read; - /* epoch number, needed by DTLS1 */ /* r */ unsigned long epoch; - /* sequence number, needed by DTLS1 */ /* r */ unsigned char seq_num[SEQ_NUM_SIZE]; @@ -81,7 +71,6 @@ typedef struct ssl3_record_st { typedef struct dtls1_bitmap_st { /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */ unsigned long map; - /* Max record number seen so far, 64-bit value in big-endian encoding */ unsigned char max_seq_num[SEQ_NUM_SIZE]; } DTLS1_BITMAP; @@ -96,12 +85,11 @@ typedef struct dtls1_record_data_st { unsigned int packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP struct bio_dgram_sctp_rcvinfo recordinfo; -# endif +#endif } DTLS1_RECORD_DATA; - typedef struct dtls_record_layer_st { /* * The current data and handshake epoch. This is initially @@ -110,12 +98,10 @@ typedef struct dtls_record_layer_st { */ unsigned short r_epoch; unsigned short w_epoch; - /* records being received in the current epoch */ DTLS1_BITMAP bitmap; /* renegotiation starts a new set of sequence numbers */ DTLS1_BITMAP next_bitmap; - /* Received handshake records (processed and unprocessed) */ record_pqueue unprocessed_rcds; record_pqueue processed_rcds; @@ -133,7 +119,6 @@ typedef struct dtls_record_layer_st { unsigned int alert_fragment_len; unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; unsigned int handshake_fragment_len; - /* save last and current sequence numbers for retransmissions */ unsigned char last_write_sequence[8]; unsigned char curr_write_sequence[8]; @@ -157,7 +142,6 @@ typedef struct record_layer_st { int read_ahead; /* where we are when reading */ int rstate; - /* How many pipelines can be used to read data */ unsigned int numrpipes; /* How many pipelines can be used to write data */ @@ -168,14 +152,11 @@ typedef struct record_layer_st { SSL3_BUFFER wbuf[SSL_MAX_PIPELINES]; /* each decoded record goes in here */ SSL3_RECORD rrec[SSL_MAX_PIPELINES]; - /* used internally to point at a raw packet */ unsigned char *packet; unsigned int packet_length; - /* number of bytes sent so far */ unsigned int wnum; - /* * storage for Alert/Handshake protocol data received but not yet * processed by ssl3_read_bytes: @@ -184,10 +165,8 @@ typedef struct record_layer_st { unsigned int alert_fragment_len; unsigned char handshake_fragment[4]; unsigned int handshake_fragment_len; - /* The number of consecutive empty records we have received */ unsigned int empty_record_count; - /* partial write - check the numbers match */ /* number bytes written */ int wpend_tot; @@ -195,17 +174,13 @@ typedef struct record_layer_st { /* number of bytes submitted */ int wpend_ret; const unsigned char *wpend_buf; - unsigned char read_sequence[SEQ_NUM_SIZE]; unsigned char write_sequence[SEQ_NUM_SIZE]; - /* Set to true if this is the first record in a connection */ unsigned int is_first_record; - DTLS_RECORD_LAYER *d; } RECORD_LAYER; - /***************************************************************************** * * * The following macros/functions represent the libssl internal API to the * @@ -247,7 +222,7 @@ __owur int ssl3_setup_buffers(SSL *s); __owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len); + unsigned int len); __owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); @@ -261,6 +236,5 @@ __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, int len, int peek); __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragement); + unsigned int len, int create_empty_fragement); void dtls1_reset_seq_numbers(SSL *s, int rw); - diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index f9dbc33466..3b9a700d9f 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -40,11 +40,10 @@ __owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold); void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws); DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch); + unsigned int *is_next_epoch); int dtls1_process_buffered_records(SSL *s); int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue); -int dtls1_buffer_record(SSL *s, record_pqueue *q, - unsigned char *priority); +int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); void ssl3_record_sequence_update(unsigned char *seq); /* Functions provided by the DTLS1_BITMAP component */ @@ -52,7 +51,6 @@ void ssl3_record_sequence_update(unsigned char *seq); int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); - /* Macros/functions provided by the SSL3_BUFFER component */ #define SSL3_BUFFER_get_buf(b) ((b)->buf) @@ -108,9 +106,9 @@ __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, unsigned md_size); __owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + unsigned block_size, unsigned mac_size); __owur int tls1_cbc_remove_padding(const SSL *s, - SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + SSL3_RECORD *rec, + unsigned block_size, unsigned mac_size); int dtls1_process_record(SSL *s); __owur int dtls1_get_record(SSL *s); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index f1d6f72d83..1782780db9 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -61,7 +61,6 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE); } - /* * Peeks ahead into "read_ahead" data to see if we have a whole record waiting * for us in the buffer. @@ -151,9 +150,10 @@ int ssl3_get_record(SSL *s) (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) { n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(rbuf), 0, num_recs == 0 ? 1 : 0); + SSL3_BUFFER_get_len(rbuf), 0, + num_recs == 0 ? 1 : 0); if (n <= 0) - return (n); /* error or non-blocking */ + return (n); /* error or non-blocking */ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); p = RECORD_LAYER_get_packet(&s->rlayer); @@ -162,7 +162,7 @@ int ssl3_get_record(SSL *s) * The first record received by the server may be a V2ClientHello. */ if (s->server && RECORD_LAYER_is_first_record(&s->rlayer) - && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { + && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { /* * SSLv2 style record * @@ -178,7 +178,7 @@ int ssl3_get_record(SSL *s) rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1]; if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf) - - SSL2_RT_HEADER_LENGTH) { + - SSL2_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; @@ -217,7 +217,7 @@ int ssl3_get_record(SSL *s) * shouldn't send a fatal alert back. We'll just * end. */ - goto err; + goto err; } /* * Send back error using their minor version number :-) @@ -258,7 +258,7 @@ int ssl3_get_record(SSL *s) } if (rr[num_recs].length > - SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { + SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; @@ -284,7 +284,7 @@ int ssl3_get_record(SSL *s) n = ssl3_read_n(s, i, i, 1, 0); if (n <= 0) - return (n); /* error or non-blocking io */ + return (n); /* error or non-blocking io */ } /* set state for later operations */ @@ -335,14 +335,13 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_reset_packet_length(&s->rlayer); RECORD_LAYER_clear_first_record(&s->rlayer); } while (num_recs < max_recs - && rr[num_recs-1].type == SSL3_RT_APPLICATION_DATA + && rr[num_recs - 1].type == SSL3_RT_APPLICATION_DATA && SSL_USE_EXPLICIT_IV(s) && s->enc_read_ctx != NULL && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) - & EVP_CIPH_FLAG_PIPELINE) + & EVP_CIPH_FLAG_PIPELINE) && ssl3_record_app_data_waiting(s)); - /* * If in encrypt-then-mac mode calculate mac from encrypted record. All * the details below are public so no timing details can leak. @@ -402,7 +401,7 @@ int ssl3_get_record(SSL *s) mac_size = EVP_MD_CTX_size(s->read_hash); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); - for (j=0; j < num_recs; j++) { + for (j = 0; j < num_recs; j++) { /* * orig_len is the length of the record before any padding was * removed. This is public information, as is the MAC in use, @@ -495,7 +494,7 @@ int ssl3_get_record(SSL *s) if (rr[j].length == 0) { RECORD_LAYER_inc_empty_record_count(&s->rlayer); if (RECORD_LAYER_get_empty_record_count(&s->rlayer) - > MAX_EMPTY_RECORDS) { + > MAX_EMPTY_RECORDS) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL); goto f_err; @@ -527,8 +526,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) return 0; i = COMP_expand_block(ssl->expand, rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH, rr->data, - (int)rr->length); + SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) return 0; else @@ -709,7 +707,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) if (n_recs > 1) { if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) - & EVP_CIPH_FLAG_PIPELINE)) { + & EVP_CIPH_FLAG_PIPELINE)) { /* * We shouldn't have been called with pipeline data if the * cipher doesn't support pipelining @@ -722,7 +720,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) reclen[ctr] = recs[ctr].length; if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) - & EVP_CIPH_FLAG_AEAD_CIPHER) { + & EVP_CIPH_FLAG_AEAD_CIPHER) { unsigned char *seq; seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer) @@ -786,7 +784,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) data[ctr] = recs[ctr].data; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, - n_recs, data) <= 0) { + n_recs, data) <= 0) { SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); } /* Set the input buffers */ @@ -794,9 +792,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) data[ctr] = recs[ctr].input; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_ |