diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-19 12:42:01 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:20:06 +0000 |
| commit | e636e2acd753fb68f587c9fac2f381ad8c153528 (patch) | |
| tree | 356224f7a2b351eeba71d2d44121a24fb072397b /ssl | |
| parent | 28470b6095aa1f098860ffdf226f32e4c4cd334f (diff) | |
Fix source where indent will not be able to cope
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s23_srvr.c | 7 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 8 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 3 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 2 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 8 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 3 | ||||
| -rw-r--r-- | ssl/ssltest.c | 3 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 3 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 4 | ||||
| -rw-r--r-- | ssl/tls1.h | 31 |
10 files changed, 50 insertions, 22 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 9193d7bdc9..1a8cbaa4a8 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -317,10 +317,11 @@ int ssl23_get_client_hello(SSL *s) } } } + /* p[4] < 5 ... silly record length? */ else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO) && - ((p[3] == 0 && p[4] < 5 /* silly record length? */) + ((p[3] == 0 && p[4] < 5) || (p[9] >= p[1]))) { /* @@ -472,8 +473,10 @@ int ssl23_get_client_hello(SSL *s) if (j <= 0) return(j); ssl3_finish_mac(s, s->packet+2, s->packet_length-2); + + /* CLIENT-HELLO */ if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ + s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); p=s->packet; p+=5; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ced326b2e7..1ddcf26d49 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -888,7 +888,7 @@ int ssl3_get_server_hello(SSL *s) SSL3_ST_CR_SRVR_HELLO_A, SSL3_ST_CR_SRVR_HELLO_B, -1, - 20000, /* ?? */ + 20000, &ok); if (!ok) return((int)n); @@ -2448,11 +2448,12 @@ int ssl3_get_server_done(SSL *s) int ok,ret=0; long n; + /* Second to last param should be very small, like 0 :-) */ n=s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, - 30, /* should be very small, like 0 :-) */ + 30, &ok); if (!ok) return((int)n); @@ -3574,7 +3575,8 @@ int ssl3_check_cert_and_algorithm(SSL *s) { if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) - { /* check failed */ + { + /* check failed */ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); goto f_err; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index dd3e343ca8..4ae7a32f16 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -794,13 +794,14 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) header[j++] = rec->length >> 8; header[j++] = rec->length & 0xff; + /* Final param == is SSLv3 */ ssl3_cbc_digest_record( hash, md, &md_size, header, rec->input, rec->length + md_size, rec->orig_len, mac_sec, md_size, - 1 /* is SSLv3 */); + 1); } else { diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 3d8f821f92..6f780c066c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -940,7 +940,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, #if 0 && !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK if (type==SSL3_RT_APPLICATION_DATA && s->compress==NULL && - !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && /*!SSL_IS_DTLS(s) &&*/ + !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) do { unsigned char aad[13]; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8550c1b783..df737bd034 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1051,8 +1051,9 @@ int ssl3_get_client_hello(SSL *s) } /* else cookie verification succeeded */ } + /* default verification */ else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) /* default verification */ + s->d1->cookie_len) != 0) { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, @@ -2200,7 +2201,7 @@ int ssl3_get_client_key_exchange(SSL *s) SSL3_ST_SR_KEY_EXCH_A, SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, - 2048, /* ??? */ + 2048, &ok); if (!ok) return((int)n); @@ -3659,11 +3660,12 @@ int ssl3_get_next_proto(SSL *s) return -1; } + /* See the payload format below */ n=s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A, SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, - 514, /* See the payload format below */ + 514, &ok); if (!ok) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 5b31695094..c21aeed8b1 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -464,7 +464,8 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, try_session_cache = 0; #ifndef OPENSSL_NO_TLSEXT - r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ + /* sets s->tlsext_ticket_expected */ + r = tls1_process_ticket(s, session_id, len, limit, &ret); switch (r) { case -1: /* Error during processing */ diff --git a/ssl/ssltest.c b/ssl/ssltest.c index c3684c37ec..77ef1419f1 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -2788,9 +2788,10 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) static void process_proxy_debug(int indent, const char *format, ...) { + /* That's 80 > */ static const char indentation[] = ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" - ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */ + ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; char my_format[256]; va_list args; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a1042f5840..01f6fac9a1 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1040,6 +1040,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) * timing-side channel information about how many blocks of * data we are hashing because that gives an attacker a * timing-oracle. */ + /* Final param == not SSLv3 */ ssl3_cbc_digest_record( mac_ctx, md, &md_size, @@ -1047,7 +1048,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) rec->length + md_size, rec->orig_len, ssl->s3->read_mac_secret, ssl->s3->read_mac_secret_size, - 0 /* not SSLv3 */); + 0); } else { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f399bc0948..2e8e149b96 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2266,8 +2266,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ OPENSSL_free(s->s3->client_opaque_prf_input); + + /* dummy byte just to get non-NULL */ if (s->s3->client_opaque_prf_input_len == 0) - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ + s->s3->client_opaque_prf_input = OPENSSL_malloc(1); else s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); if (s->s3->client_opaque_prf_input == NULL) diff --git a/ssl/tls1.h b/ssl/tls1.h index 7596429e63..4aac4c6172 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -797,21 +797,36 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #ifdef CHARSET_EBCDIC #undef TLS_MD_CLIENT_FINISH_CONST -#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ +/*client finished*/ +#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + #undef TLS_MD_SERVER_FINISH_CONST -#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ +/*server finished*/ +#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + #undef TLS_MD_SERVER_WRITE_KEY_CONST -#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +/*server write key*/ +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + #undef TLS_MD_KEY_EXPANSION_CONST -#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ +/*key expansion*/ +#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + #undef TLS_MD_CLIENT_WRITE_KEY_CONST -#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ +/*client write key*/ +#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + #undef TLS_MD_SERVER_WRITE_KEY_CONST -#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +/*server write key*/ +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + #undef TLS_MD_IV_BLOCK_CONST -#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ +/*IV block*/ +#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + #undef TLS_MD_MASTER_SECRET_CONST -#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ +/*master secret*/ +#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" #endif /* TLS Session Ticket extension struct */ |