From a230b26e0959dc5f072fbbdadcc9ed45e904c50c Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Fri, 5 Aug 2016 19:03:17 +0200 Subject: Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz --- ssl/d1_lib.c | 25 +-- ssl/d1_srtp.c | 21 +-- ssl/methods.c | 108 +++--------- ssl/packet_locl.h | 72 ++++---- ssl/record/rec_layer_d1.c | 56 +++---- ssl/record/rec_layer_s3.c | 82 +++++----- ssl/record/record.h | 34 +--- ssl/record/record_locl.h | 12 +- ssl/record/ssl3_record.c | 88 +++++----- ssl/s3_cbc.c | 30 ++-- ssl/s3_enc.c | 50 +++--- ssl/s3_lib.c | 148 +++++++++-------- ssl/s3_msg.c | 3 +- ssl/ssl_asn1.c | 2 +- ssl/ssl_cert.c | 41 ++--- ssl/ssl_ciph.c | 104 ++++++------ ssl/ssl_conf.c | 17 +- ssl/ssl_init.c | 30 ++-- ssl/ssl_lib.c | 209 ++++++++++++------------ ssl/ssl_locl.h | 345 +++++++++++++++++++-------------------- ssl/ssl_mcnf.c | 13 +- ssl/ssl_rsa.c | 18 +- ssl/ssl_sess.c | 39 ++--- ssl/ssl_stat.c | 3 +- ssl/ssl_txt.c | 9 +- ssl/statem/statem.c | 37 +++-- ssl/statem/statem.h | 7 - ssl/statem/statem_clnt.c | 407 +++++++++++++++++++++++----------------------- ssl/statem/statem_dtls.c | 42 ++--- ssl/statem/statem_lib.c | 77 ++++----- ssl/statem/statem_locl.h | 11 +- ssl/statem/statem_srvr.c | 195 +++++++++++----------- ssl/t1_enc.c | 24 ++- ssl/t1_ext.c | 12 +- ssl/t1_lib.c | 181 ++++++++++----------- ssl/t1_reneg.c | 10 +- ssl/t1_trce.c | 46 +++--- ssl/tls_srp.c | 8 +- util/indent.pro | 7 +- 39 files changed, 1218 insertions(+), 1405 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 08a503786f..7fb9b96d1d 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -338,8 +338,7 @@ int dtls1_check_timeout_num(SSL *s) if (s->d1->timeout.num_alerts > 2 && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, - NULL); + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); if (mtu < s->d1->mtu) s->d1->mtu = mtu; } @@ -391,10 +390,13 @@ static void get_current_time(struct timeval *t) GetSystemTime(&st); SystemTimeToFileTime(&st, &now.ft); + /* re-bias to 1/1/1970 */ # ifdef __MINGW32__ now.ul -= 116444736000000000ULL; # else - now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ + /* *INDENT-OFF* */ + now.ul -= 116444736000000000UI64; + /* *INDENT-ON* */ # endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; @@ -408,7 +410,6 @@ static void get_current_time(struct timeval *t) #endif } - #define LISTEN_SUCCESS 2 #define LISTEN_SEND_VERIFY_REQUEST 1 @@ -531,7 +532,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) goto end; } - if (rectype != SSL3_RT_HANDSHAKE) { + if (rectype != SSL3_RT_HANDSHAKE) { SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE); goto end; } @@ -744,7 +745,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) s->msg_callback(1, 0, SSL3_RT_HEADER, buf, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); - if ((tmpclient = BIO_ADDR_new()) == NULL) { SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE); goto end; @@ -805,13 +805,15 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) */ ossl_statem_set_hello_verify_done(s); - /* Some BIOs may not support this. If we fail we clear the client address */ + /* + * Some BIOs may not support this. If we fail we clear the client address + */ if (BIO_dgram_get_peer(rbio, client) <= 0) BIO_ADDR_clear(client); ret = 1; clearpkt = 0; -end: + end: BIO_ADDR_free(tmpclient); BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL); if (clearpkt) { @@ -842,12 +844,12 @@ static int dtls1_handshake_write(SSL *s) #ifndef OPENSSL_NO_HEARTBEATS -#define HEARTBEAT_SIZE(payload, padding) ( \ +# define HEARTBEAT_SIZE(payload, padding) ( \ 1 /* heartbeat type */ + \ 2 /* heartbeat length */ + \ (payload) + (padding)) -#define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) +# define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) { @@ -987,8 +989,7 @@ int dtls1_heartbeat(SSL *s) if (ret >= 0) { if (s->msg_callback) s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, - buf, size, - s, s->msg_callback_arg); + buf, size, s, s->msg_callback_arg); dtls1_start_timer(s); s->tlsext_hb_pending = 1; diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 94c0127312..7e88f17754 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -30,11 +30,11 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { }, { "SRTP_AEAD_AES_128_GCM", - SRTP_AEAD_AES_128_GCM + SRTP_AEAD_AES_128_GCM, }, { "SRTP_AEAD_AES_256_GCM", - SRTP_AEAD_AES_256_GCM + SRTP_AEAD_AES_256_GCM, }, {0} }; @@ -76,8 +76,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, do { col = strchr(ptr, ':'); - if (!find_profile_by_name(ptr, &p, - col ? col - ptr : (int)strlen(ptr))) { + if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) { if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); @@ -104,7 +103,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, *out = profiles; return 0; -err: + err: sk_SRTP_PROTECTION_PROFILE_free(profiles); return 1; } @@ -190,8 +189,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) /* Pull off the length of the cipher suite list and check it is even */ if (!PACKET_get_net_2(pkt, &ct) - || (ct & 1) != 0 - || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { + || (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; @@ -238,7 +236,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) } if (!PACKET_forward(pkt, mki_len) - || PACKET_remaining(pkt)) { + || PACKET_remaining(pkt)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); *al = SSL_AD_DECODE_ERROR; @@ -281,10 +279,9 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) SRTP_PROTECTION_PROFILE *prof; if (!PACKET_get_net_2(pkt, &ct) - || ct != 2 - || !PACKET_get_net_2(pkt, &id) - || !PACKET_get_1(pkt, &mki) - || PACKET_remaining(pkt) != 0) { + || ct != 2 || !PACKET_get_net_2(pkt, &id) + || !PACKET_get_1(pkt, &mki) + || PACKET_remaining(pkt) != 0) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; diff --git a/ssl/methods.c b/ssl/methods.c index 7d27f9d8ff..c846143277 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -11,7 +11,7 @@ #include #include "ssl_locl.h" -/* +/*- * TLS/SSLv3 methods */ @@ -19,201 +19,148 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_method, ossl_statem_accept, ossl_statem_connect, TLSv1_2_enc_data) - #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_method, ossl_statem_accept, ossl_statem_connect, TLSv1_2_enc_data) #endif - #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, tlsv1_1_method, ossl_statem_accept, ossl_statem_connect, TLSv1_1_enc_data) #endif - #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, tlsv1_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_enc_data) + ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data) #endif - #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect) #endif - - -/* +/*- * TLS/SSLv3 server methods */ - IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_server_method, ossl_statem_accept, - ssl_undefined_function, - TLSv1_2_enc_data) - + ssl_undefined_function, TLSv1_2_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_server_method, ossl_statem_accept, - ssl_undefined_function, - TLSv1_2_enc_data) + ssl_undefined_function, TLSv1_2_enc_data) #endif - #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, tlsv1_1_server_method, ossl_statem_accept, - ssl_undefined_function, - TLSv1_1_enc_data) + ssl_undefined_function, TLSv1_1_enc_data) #endif - #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, tlsv1_server_method, ossl_statem_accept, - ssl_undefined_function, - TLSv1_enc_data) + ssl_undefined_function, TLSv1_enc_data) #endif - #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_server_method, - ossl_statem_accept, - ssl_undefined_function) + ossl_statem_accept, ssl_undefined_function) #endif - - -/* +/*- * TLS/SSLv3 client methods */ - IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_client_method, ssl_undefined_function, - ossl_statem_connect, - TLSv1_2_enc_data) - + ossl_statem_connect, TLSv1_2_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_client_method, ssl_undefined_function, - ossl_statem_connect, - TLSv1_2_enc_data) + ossl_statem_connect, TLSv1_2_enc_data) #endif - #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, tlsv1_1_client_method, ssl_undefined_function, - ossl_statem_connect, - TLSv1_1_enc_data) + ossl_statem_connect, TLSv1_1_enc_data) #endif - #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, tlsv1_client_method, ssl_undefined_function, - ossl_statem_connect, - TLSv1_enc_data) + ossl_statem_connect, TLSv1_enc_data) #endif - #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_client_method, - ssl_undefined_function, - ossl_statem_connect) + ssl_undefined_function, ossl_statem_connect) #endif - - -/* +/*- * DTLS methods */ - #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, dtlsv1_method, ossl_statem_accept, - ossl_statem_connect, - DTLSv1_enc_data) + ossl_statem_connect, DTLSv1_enc_data) #endif - #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, dtlsv1_2_method, ossl_statem_accept, - ossl_statem_connect, - DTLSv1_2_enc_data) + ossl_statem_connect, DTLSv1_2_enc_data) #endif - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, DTLS_method, ossl_statem_accept, - ossl_statem_connect, - DTLSv1_2_enc_data) + ossl_statem_connect, DTLSv1_2_enc_data) -/* +/*- * DTLS server methods */ - #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, dtlsv1_server_method, ossl_statem_accept, - ssl_undefined_function, - DTLSv1_enc_data) + ssl_undefined_function, DTLSv1_enc_data) #endif - #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, dtlsv1_2_server_method, ossl_statem_accept, - ssl_undefined_function, - DTLSv1_2_enc_data) + ssl_undefined_function, DTLSv1_2_enc_data) #endif - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, DTLS_server_method, ossl_statem_accept, - ssl_undefined_function, - DTLSv1_2_enc_data) - + ssl_undefined_function, DTLSv1_2_enc_data) -/* +/*- * DTLS client methods */ - #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, dtlsv1_client_method, ssl_undefined_function, - ossl_statem_connect, - DTLSv1_enc_data) + ossl_statem_connect, DTLSv1_enc_data) IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, dtls_bad_ver_client_method, ssl_undefined_function, - ossl_statem_connect, - DTLSv1_enc_data) + ossl_statem_connect, DTLSv1_enc_data) #endif - #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, dtlsv1_2_client_method, ssl_undefined_function, - ossl_statem_connect, - DTLSv1_2_enc_data) + ossl_statem_connect, DTLSv1_2_enc_data) #endif - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, DTLS_client_method, ssl_undefined_function, - ossl_statem_connect, - DTLSv1_2_enc_data) - + ossl_statem_connect, DTLSv1_2_enc_data) #if OPENSSL_API_COMPAT < 0x10100000L - # ifndef OPENSSL_NO_TLS1_2_METHOD const SSL_METHOD *TLSv1_2_method(void) { @@ -317,4 +264,3 @@ const SSL_METHOD *DTLSv1_client_method(void) # endif #endif - diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index 0ff4cccf3b..d34034dedb 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -54,6 +54,7 @@ static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt) { return pkt->curr + pkt->remaining; } + /* * Returns a pointer to the PACKET's current position. * For use in non-PACKETized APIs. @@ -107,8 +108,7 @@ __owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr, * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. */ __owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt, - PACKET *subpkt, - size_t len) + PACKET *subpkt, size_t len) { if (PACKET_remaining(pkt) < len) return 0; @@ -122,8 +122,7 @@ __owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt, * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. */ __owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt, - PACKET *subpkt, - size_t len) + PACKET *subpkt, size_t len) { if (!PACKET_peek_sub_packet(pkt, subpkt, len)) return 0; @@ -151,8 +150,7 @@ __owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt, /* Equivalent of n2s */ /* Get 2 bytes in network order from |pkt| and store the value in |*data| */ -__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, - unsigned int *data) +__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data) { if (!PACKET_peek_net_2(pkt, data)) return 0; @@ -181,8 +179,7 @@ __owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt, /* Equivalent of n2l3 */ /* Get 3 bytes in network order from |pkt| and store the value in |*data| */ -__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, - unsigned long *data) +__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data) { if (!PACKET_peek_net_3(pkt, data)) return 0; @@ -212,8 +209,7 @@ __owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt, /* Equivalent of n2l */ /* Get 4 bytes in network order from |pkt| and store the value in |*data| */ -__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, - unsigned long *data) +__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data) { if (!PACKET_peek_net_4(pkt, data)) return 0; @@ -333,8 +329,7 @@ __owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt, * The caller is responsible for ensuring that |data| can hold |len| bytes. */ __owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt, - unsigned char *data, - size_t len) + unsigned char *data, size_t len) { if (!PACKET_peek_copy_bytes(pkt, data, len)) return 0; @@ -417,7 +412,7 @@ __owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data) /* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */ static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt) { - return memchr(pkt->curr, 0, pkt->remaining) != NULL; + return memchr(pkt->curr, 0, pkt->remaining) != NULL; } /* Move the current reading position forward |len| bytes */ @@ -460,22 +455,23 @@ __owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt, * Like PACKET_get_length_prefixed_1, but additionally, fails when there are * leftover bytes in |pkt|. */ -__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt, PACKET *subpkt) +__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt, + PACKET *subpkt) { - unsigned int length; - const unsigned char *data; - PACKET tmp = *pkt; - if (!PACKET_get_1(&tmp, &length) || - !PACKET_get_bytes(&tmp, &data, (size_t)length) || - PACKET_remaining(&tmp) != 0) { - return 0; - } + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + if (!PACKET_get_1(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length) || + PACKET_remaining(&tmp) != 0) { + return 0; + } - *pkt = tmp; - subpkt->curr = data; - subpkt->remaining = length; + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; - return 1; + return 1; } /* @@ -511,21 +507,21 @@ __owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt, __owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt, PACKET *subpkt) { - unsigned int length; - const unsigned char *data; - PACKET tmp = *pkt; + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; - if (!PACKET_get_net_2(&tmp, &length) || - !PACKET_get_bytes(&tmp, &data, (size_t)length) || - PACKET_remaining(&tmp) != 0) { - return 0; - } + if (!PACKET_get_net_2(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length) || + PACKET_remaining(&tmp) != 0) { + return 0; + } - *pkt = tmp; - subpkt->curr = data; - subpkt->remaining = length; + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; - return 1; + return 1; } /* diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 7ddadfa2bd..f9bf10963c 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -22,7 +22,6 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) return (0); - rl->d = d; d->unprocessed_rcds.q = pqueue_new(); @@ -97,18 +96,14 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e) { if (e == rl->d->w_epoch - 1) { memcpy(rl->d->curr_write_sequence, - rl->write_sequence, - sizeof(rl->write_sequence)); + rl->write_sequence, sizeof(rl->write_sequence)); memcpy(rl->write_sequence, - rl->d->last_write_sequence, - sizeof(rl->write_sequence)); + rl->d->last_write_sequence, sizeof(rl->write_sequence)); } else if (e == rl->d->w_epoch + 1) { memcpy(rl->d->last_write_sequence, - rl->write_sequence, - sizeof(unsigned char[8])); + rl->write_sequence, sizeof(unsigned char[8])); memcpy(rl->write_sequence, - rl->d->curr_write_sequence, - sizeof(rl->write_sequence)); + rl->d->curr_write_sequence, sizeof(rl->write_sequence)); } rl->d->w_epoch = e; } @@ -118,7 +113,6 @@ void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl) memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence)); } - void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) { memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE); @@ -232,7 +226,6 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) dtls1_retrieve_buffered_record((s), \ &((s)->rlayer.d->unprocessed_rcds)) - int dtls1_process_buffered_records(SSL *s) { pitem *item; @@ -249,7 +242,8 @@ int dtls1_process_buffered_records(SSL *s) if (!dtls1_process_record(s)) return (0); if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), - SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < + 0) return -1; } } @@ -264,7 +258,6 @@ int dtls1_process_buffered_records(SSL *s) return (1); } - /*- * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: @@ -390,7 +383,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) - || (s->rlayer.rstate == SSL_ST_READ_BODY)) { + || (s->rlayer.rstate == SSL_ST_READ_BODY)) { ret = dtls1_get_record(s); if (ret <= 0) { ret = dtls1_read_failed(s, ret); @@ -413,7 +406,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * data for later processing rather than dropping the connection. */ if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), - SSL3_RECORD_get_seq_num(rr)) < 0) { + SSL3_RECORD_get_seq_num(rr)) < 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); return -1; } @@ -432,8 +425,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (type == SSL3_RECORD_get_type(rr) - || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC - && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { + || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC + && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { /* * SSL3_RT_APPLICATION_DATA or * SSL3_RT_HANDSHAKE or @@ -525,7 +518,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) { /* We allow a 0 return */ if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr), - SSL3_RECORD_get_length(rr)) < 0) { + SSL3_RECORD_get_length(rr)) < 0) { return -1; } /* Exit and notify application to read again */ @@ -542,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * Application data while renegotiating is allowed. Try again * reading. */ - if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) { + if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) { BIO *bio; s->s3->in_read_app_data = 2; bio = SSL_get_rbio(s); @@ -563,14 +556,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * XDTLS: In a pathological case, the Client Hello may be * fragmented--don't always expect dest_maxlen bytes */ - if (SSL3_RECORD_get_length(rr) < dest_maxlen) { + if (SSL3_RECORD_get_length(rr) < dest_maxlen) { #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE /* * for normal alerts rr->length is 2, while * dest_maxlen is 7 if we were to handle this * non-existing alert... */ - FIX ME + FIX ME; #endif s->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_length(rr, 0); @@ -628,8 +621,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, - SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -734,8 +726,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; - SSLerr(SSL_F_DTLS1_READ_BYTES, - SSL_AD_REASON_OFFSET + alert_descr); + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -874,7 +865,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return (-1); } - /* * this only happens when a client hello is received and a handshake * is started. @@ -884,7 +874,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, { if ((type == SSL3_RT_HANDSHAKE) - && (s->rlayer.d->handshake_fragment_len > 0)) + && (s->rlayer.d->handshake_fragment_len > 0)) /* (partially) satisfy request from storage */ { unsigned char *src = s->rlayer.d->handshake_fragment; @@ -981,7 +971,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * header: otherwise some clients will ignore it. */ if (s->method->version == DTLS_ANY_VERSION && - s->max_proto_version != DTLS1_BAD_VER) { + s->max_proto_version != DTLS1_BAD_VER) { *(p++) = DTLS1_VERSION >> 8; *(p++) = DTLS1_VERSION & 0xff; } else { @@ -1040,7 +1030,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (mac_size != 0) { if (s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr) + eivlen]), 1) < 0) + &(p[SSL3_RECORD_get_length(&wr) + eivlen]), + 1) < 0) goto err; SSL3_RECORD_add_length(&wr, mac_size); } @@ -1115,7 +1106,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, } DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch) + unsigned int *is_next_epoch) { *is_next_epoch = 0; @@ -1126,7 +1117,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, /* Only HM and ALERT messages can be from the next epoch */ else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) && - (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { + (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; return &s->rlayer.d->next_bitmap; } @@ -1144,8 +1135,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) s->rlayer.d->r_epoch++; memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap, sizeof(s->rlayer.d->bitmap)); - memset(&s->rlayer.d->next_bitmap, 0, - sizeof(s->rlayer.d->next_bitmap)); + memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap)); } else { seq = s->rlayer.write_sequence; memcpy(s->rlayer.d->last_write_sequence, seq, diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index c2f96669cb..52a8dcf4e5 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -43,7 +43,8 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) rl->rstate = SSL_ST_READ_HEADER; - /* Do I need to clear read_ahead? As far as I can tell read_ahead did not + /* + * Do I need to clear read_ahead? As far as I can tell read_ahead did not * previously get reset by SSL_clear...so I'll keep it that way..but is * that right? */ @@ -91,7 +92,7 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) { return (rl->numwpipes > 0) - && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes-1]) != 0; + && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; } int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) @@ -130,7 +131,7 @@ int ssl3_pending(const SSL *s) for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) { if (SSL3_RECORD_get_type(&s->rlayer.rrec[i]) - != SSL3_RT_APPLICATION_DATA) + != SSL3_RT_APPLICATION_DATA) return 0; num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]); } @@ -262,7 +263,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) * Move any available bytes to front of buffer: 'len' bytes already * pointed to by 'packet', 'left' extra ones at the end */ - if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ + if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ memmove(pkt, s->rlayer.packet, len + left); s->rlayer.packet = pkt; rb->offset = len + align; @@ -327,7 +328,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) return (n); } - /* * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. @@ -365,7 +365,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) return -1; } - s->rlayer.wnum = 0; if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { @@ -538,22 +537,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) /* * We should have prevented this when we set max_pipelines so we * shouldn't get here - */ + */ SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); return -1; } if (maxpipes == 0 - || s->enc_write_ctx == NULL - || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) - & EVP_CIPH_FLAG_PIPELINE) - || !SSL_USE_EXPLICIT_IV(s)) + || s->enc_write_ctx == NULL + || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) + & EVP_CIPH_FLAG_PIPELINE) + || !SSL_USE_EXPLICIT_IV(s)) maxpipes = 1; if (s->max_send_fragment == 0 || split_send_fragment > s->max_send_fragment - || split_send_fragment == 0) { + || split_send_fragment == 0) { /* * We should have prevented this when we set the split and max send * fragments so we shouldn't get here - */ + */ SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); return -1; } @@ -658,8 +657,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, sess = s->session; if ((sess == NULL) || - (s->enc_write_ctx == NULL) || - (EVP_MD_CTX_md(s->write_hash) == NULL)) { + (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) { clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { @@ -691,8 +689,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, goto err; if (prefix_len > - (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) - { + (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); goto err; @@ -718,9 +715,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } else if (prefix_len) { wb = &s->rlayer.wbuf[0]; outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb) - + prefix_len; + + prefix_len; } else { - for (j=0; j < numpipes; j++) { + for (j = 0; j < numpipes; j++) { wb = &s->rlayer.wbuf[j]; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH; @@ -749,11 +746,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } else eivlen = 0; - totlen = 0; /* Clear our SSL3_RECORD structures */ memset(wr, 0, sizeof wr); - for (j=0; j < numpipes; j++) { + for (j = 0; j < numpipes; j++) { /* write the header */ *(outbuf[j]++) = type & 0xff; SSL3_RECORD_set_type(&wr[j], type); @@ -802,12 +798,12 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (!SSL_USE_ETM(s) && mac_size != 0) { if (s->method->ssl3_enc->mac(s, &wr[j], - &(outbuf[j][wr[j].length + eivlen]), 1) < 0) + &(outbuf[j][wr[j].length + eivlen]), + 1) < 0) goto err; SSL3_RECORD_add_length(&wr[j], mac_size); } - SSL3_RECORD_set_data(&wr[j], outbuf[j]); SSL3_RECORD_reset_input(&wr[j]); @@ -822,7 +818,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) goto err; - for (j=0; j < numpipes; j++) { + for (j = 0; j < numpipes; j++) { if (SSL_USE_ETM(s) && mac_size != 0) { if (s->method->ssl3_enc->mac(s, &wr[j], outbuf[j] + wr[j].length, 1) < 0) @@ -841,7 +837,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * we should now have wr->data pointing to the encrypted data, which is * wr->length long */ - SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for debugging */ + SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for + * debugging */ SSL3_RECORD_add_length(&wr[j], SSL3_RT_HEADER_LENGTH); if (create_empty_fragment) { @@ -859,11 +856,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* now let's set up wb */ SSL3_BUFFER_set_left(&s->rlayer.wbuf[j], - prefix_len + SSL3_RECORD_get_length(&wr[j])); + prefix_len + SSL3_RECORD_get_length(&wr[j])); } - - /* * memorize arguments so that ssl3_write_pending can detect bad write * retries later @@ -899,17 +894,17 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, for (;;) { /* Loop until we find a buffer we haven't written out yet */ if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0 - && currbuf < s->rlayer.numwpipes - 1) { + && currbuf < s->rlayer.numwpipes - 1) { currbuf++; continue; } clear_sys_error(); if (s->wbio != NULL) { s->rwstate = SSL_WRITING; - i = BIO_write(s->wbio, - (char *)&(SSL3_BUFFER_get_buf(&wb[currbuf])[ - SSL3_BUFFER_get_offset(&wb[currbuf])]), - (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); + i = BIO_write(s->wbio, (char *) + &(SSL3_BUFFER_get_buf(&wb[currbuf]) + [SSL3_BUFFER_get_offset(&wb[currbuf])]), + (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); } else { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); i = -1; @@ -1059,7 +1054,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* Skip over any records we have already read */ for (curr_rec = 0; curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]); - curr_rec++); + curr_rec++) ; if (curr_rec == num_recs) { RECORD_LAYER_set_numrpipes(&s->rlayer, 0); num_recs = 0; @@ -1089,8 +1084,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (type == SSL3_RECORD_get_type(rr) - || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC - && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { + || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC + && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { /* * SSL3_RT_APPLICATION_DATA or * SSL3_RT_HANDSHAKE or @@ -1108,8 +1103,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (type == SSL3_RT_HANDSHAKE - && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC - && s->rlayer.handshake_fragment_len > 0) { + && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC + && s->rlayer.handshake_fragment_len > 0) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); goto f_err; @@ -1152,8 +1147,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, goto start; } if (!peek && curr_rec == num_recs - && (s->mode & SSL_MODE_RELEASE_BUFFERS) - && SSL3_BUFFER_get_left(rbuf) == 0) + && (s->mode & SSL_MODE_RELEASE_BUFFERS) + && SSL3_BUFFER_get_left(rbuf) == 0) ssl3_release_read_buffer(s); return read_bytes; } @@ -1186,7 +1181,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (s->method->version == TLS_ANY_VERSION - && (s->server || rr->type != SSL3_RT_ALERT)) { + && (s->server || rr->type != SSL3_RT_ALERT)) { /* * If we've got this far and still haven't decided on what version * we're using then this must be a client side alert we're dealing with @@ -1273,8 +1268,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, - SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1405,7 +1399,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * Unexpected handshake message (Client Hello, or protocol violation) */ if ((s->rlayer.handshake_fragment_len >= 4) - && !ossl_statem_get_in_handshake(s)) { + && !ossl_statem_get_in_handshake(s)) { if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { ossl_statem_set_in_init(s, 1); diff --git a/ssl/record/record.h b/ssl/record/record.h index ce60a1508f..a093aed48f 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -33,46 +33,36 @@ typedef struct ssl3_record_st { /* Record layer version */ /* r */ int rec_version; - /* type of record */ /* r */ int type; - /* How many bytes available */ /* rw */ unsigned int length; - /* * How many bytes were available before padding was removed? This is used * to implement the MAC check in constant time for CBC records. */ /* rw */ unsigned int orig_len; - /* read/write offset into 'buf' */ /* r */ unsigned int off; - /* pointer to the record data */ /* rw */ unsigned char *data; - /* where the decode bytes are */ /* rw */ unsigned char *input; - /* only used with decompression - malloc()ed */ /* r */ unsigned char *comp; - /* Whether the data from this record has already been read or not */ /* r */ unsigned int read; - /* epoch number, needed by DTLS1 */ /* r */ unsigned long epoch; - /* sequence number, needed by DTLS1 */ /* r */ unsigned char seq_num[SEQ_NUM_SIZE]; @@ -81,7 +71,6 @@ typedef struct ssl3_record_st { typedef struct dtls1_bitmap_st { /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */ unsigned long map; - /* Max record number seen so far, 64-bit value in big-endian encoding */ unsigned char max_seq_num[SEQ_NUM_SIZE]; } DTLS1_BITMAP; @@ -96,12 +85,11 @@ typedef struct dtls1_record_data_st { unsigned int packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP struct bio_dgram_sctp_rcvinfo recordinfo; -# endif +#endif } DTLS1_RECORD_DATA; - typedef struct dtls_record_layer_st { /* * The current data and handshake epoch. This is initially @@ -110,12 +98,10 @@ typedef struct dtls_record_layer_st { */ unsigned short r_epoch; unsigned short w_epoch; - /* records being received in the current epoch */ DTLS1_BITMAP bitmap; /* renegotiation starts a new set of sequence numbers */ DTLS1_BITMAP next_bitmap; - /* Received handshake records (processed and unprocessed) */ record_pqueue unprocessed_rcds; record_pqueue processed_rcds; @@ -133,7 +119,6 @@ typedef struct dtls_record_layer_st { unsigned int alert_fragment_len; unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; unsigned int handshake_fragment_len; - /* save last and current sequence numbers for retransmissions */ unsigned char last_write_sequence[8]; unsigned char curr_write_sequence[8]; @@ -157,7 +142,6 @@ typedef struct record_layer_st { int read_ahead; /* where we are when reading */ int rstate; - /* How many pipelines can be used to read data */ unsigned int numrpipes; /* How many pipelines can be used to write data */ @@ -168,14 +152,11 @@ typedef struct record_layer_st { SSL3_BUFFER wbuf[SSL_MAX_PIPELINES]; /* each decoded record goes in here */ SSL3_RECORD rrec[SSL_MAX_PIPELINES]; - /* used internally to point at a raw packet */ unsigned char *packet; unsigned int packet_length; - /* number of bytes sent so far */ unsigned int wnum; - /* * storage for Alert/Handshake protocol data received but not yet * processed by ssl3_read_bytes: @@ -184,10 +165,8 @@ typedef struct record_layer_st { unsigned int alert_fragment_len; unsigned char handshake_fragment[4]; unsigned int handshake_fragment_len; - /* The number of consecutive empty records we have received */ unsigned int empty_record_count; - /* partial write - check the numbers match */ /* number bytes written */ int wpend_tot; @@ -195,17 +174,13 @@ typedef struct record_layer_st { /* number of bytes submitted */ int wpend_ret; const unsigned char *wpend_buf; - unsigned char read_sequence[SEQ_NUM_SIZE]; unsigned char write_sequence[SEQ_NUM_SIZE]; - /* Set to true if this is the first record in a connection */ unsigned int is_first_record; - DTLS_RECORD_LAYER *d; } RECORD_LAYER; - /***************************************************************************** * * * The following macros/functions represent the libssl internal API to the * @@ -247,7 +222,7 @@ __owur int ssl3_setup_buffers(SSL *s); __owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len); + unsigned int len); __owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); @@ -261,6 +236,5 @@ __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, int len, int peek); __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragement); + unsigned int len, int create_empty_fragement); void dtls1_reset_seq_numbers(SSL *s, int rw); - diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index f9dbc33466..3b9a700d9f 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -40,11 +40,10 @@ __owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold); void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws); DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch); + unsigned int *is_next_epoch); int dtls1_process_buffered_records(SSL *s); int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue); -int dtls1_buffer_record(SSL *s, record_pqueue *q, - unsigned char *priority); +int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); void ssl3_record_sequence_update(unsigned char *seq); /* Functions provided by the DTLS1_BITMAP component */ @@ -52,7 +51,6 @@ void ssl3_record_sequence_update(unsigned char *seq); int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); - /* Macros/functions provided by the SSL3_BUFFER component */ #define SSL3_BUFFER_get_buf(b) ((b)->buf) @@ -108,9 +106,9 @@ __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, unsigned md_size); __owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + unsigned block_size, unsigned mac_size); __owur int tls1_cbc_remove_padding(const SSL *s, - SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + SSL3_RECORD *rec, + unsigned block_size, unsigned mac_size); int dtls1_process_record(SSL *s); __owur int dtls1_get_record(SSL *s); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index f1d6f72d83..1782780db9 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -61,7 +61,6 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE); } - /* * Peeks ahead into "read_ahead" data to see if we have a whole record waiting * for us in the buffer. @@ -151,9 +150,10 @@ int ssl3_get_record(SSL *s) (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) { n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(rbuf), 0, num_recs == 0 ? 1 : 0); + SSL3_BUFFER_get_len(rbuf), 0, + num_recs == 0 ? 1 : 0); if (n <= 0) - return (n); /* error or non-blocking */ + return (n); /* error or non-blocking */ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); p = RECORD_LAYER_get_packet(&s->rlayer); @@ -162,7 +162,7 @@ int ssl3_get_record(SSL *s) * The first record received by the server may be a V2ClientHello. */ if (s->server && RECORD_LAYER_is_first_record(&s->rlayer) - && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { + && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { /* * SSLv2 style record * @@ -178,7 +178,7 @@ int ssl3_get_record(SSL *s) rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1]; if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf) - - SSL2_RT_HEADER_LENGTH) { + - SSL2_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; @@ -217,7 +217,7 @@ int ssl3_get_record(SSL *s) * shouldn't send a fatal alert back. We'll just * end. */ - goto err; + goto err; } /* * Send back error using their minor version number :-) @@ -258,7 +258,7 @@ int ssl3_get_record(SSL *s) } if (rr[num_recs].length > - SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { + SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; @@ -284,7 +284,7 @@ int ssl3_get_record(SSL *s) n = ssl3_read_n(s, i, i, 1, 0); if (n <= 0) - return (n); /* error or non-blocking io */ + return (n); /* error or non-blocking io */ } /* set state for later operations */ @@ -335,14 +335,13 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_reset_packet_length(&s->rlayer); RECORD_LAYER_clear_first_record(&s->rlayer); } while (num_recs < max_recs - && rr[num_recs-1].type == SSL3_RT_APPLICATION_DATA + && rr[num_recs - 1].type == SSL3_RT_APPLICATION_DATA && SSL_USE_EXPLICIT_IV(s) && s->enc_read_ctx != NULL && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) - & EVP_CIPH_FLAG_PIPELINE) + & EVP_CIPH_FLAG_PIPELINE) && ssl3_record_app_data_waiting(s)); - /* * If in encrypt-then-mac mode calculate mac from encrypted record. All * the details below are public so no timing details can leak. @@ -402,7 +401,7 @@ int ssl3_get_record(SSL *s) mac_size = EVP_MD_CTX_size(s->read_hash); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); - for (j=0; j < num_recs; j++) { + for (j = 0; j < num_recs; j++) { /* * orig_len is the length of the record before any padding was * removed. This is public information, as is the MAC in use, @@ -495,7 +494,7 @@ int ssl3_get_record(SSL *s) if (rr[j].length == 0) { RECORD_LAYER_inc_empty_record_count(&s->rlayer); if (RECORD_LAYER_get_empty_record_count(&s->rlayer) - > MAX_EMPTY_RECORDS) { + > MAX_EMPTY_RECORDS) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL); goto f_err; @@ -527,8 +526,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) return 0; i = COMP_expand_block(ssl->expand, rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH, rr->data, - (int)rr->length); + SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) return 0; else @@ -709,7 +707,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) if (n_recs > 1) { if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) - & EVP_CIPH_FLAG_PIPELINE)) { + & EVP_CIPH_FLAG_PIPELINE)) { /* * We shouldn't have been called with pipeline data if the * cipher doesn't support pipelining @@ -722,7 +720,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) reclen[ctr] = recs[ctr].length; if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) - & EVP_CIPH_FLAG_AEAD_CIPHER) { + & EVP_CIPH_FLAG_AEAD_CIPHER) { unsigned char *seq; seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer) @@ -786,7 +784,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) data[ctr] = recs[ctr].data; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, - n_recs, data) <= 0) { + n_recs, data) <= 0) { SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); } /* Set the input buffers */ @@ -794,9 +792,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) data[ctr] = recs[ctr].input; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS, - n_recs, data) <= 0 + n_recs, data) <= 0 || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS, - n_recs, reclen) <= 0) { + n_recs, reclen) <= 0) { SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); return -1; } @@ -804,7 +802,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) i = EVP_Cipher(ds, recs[0].data, recs[0].input, reclen[0]); if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) - & EVP_CIPH_FLAG_CUSTOM_CIPHER) + & EVP_CIPH_FLAG_CUSTOM_CIPHER) ? (i < 0) : (i == 0)) return -1; /* AEAD can fail to verify MAC */ @@ -924,18 +922,18 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) p = md; s2n(rec->length, p); if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 - || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0 - || EVP_DigestUpdate(md_ctx, seq, 8) <= 0 - || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0 - || EVP_DigestUpdate(md_ctx, md, 2) <= 0 - || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0 - || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0 - || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 - || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0 - || EVP_DigestUpdate(md_ctx, md, md_size) <= 0 - || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { + || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0 + || EVP_DigestUpdate(md_ctx, seq, 8) <= 0 + || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0 + || EVP_DigestUpdate(md_ctx, md, 2) <= 0 + || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0 + || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0 + || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 + || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0 + || EVP_DigestUpdate(md_ctx, md, md_size) <= 0 + || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { EVP_MD_CTX_reset(md_ctx); return -1; } @@ -977,8 +975,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) mac_ctx = hash; } else { hmac = EVP_MD_CTX_new(); - if (hmac == NULL - || !EVP_MD_CTX_copy(hmac, hash)) + if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) return -1; mac_ctx = hmac; } @@ -1020,8 +1017,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) } } else { if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 - || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 - || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { + || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 + || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { EVP_MD_CTX_free(hmac); return -1; } @@ -1031,7 +1028,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) rec->length, rec->orig_len)) { EVP_MD_CTX_free(hmac); return -1; - } + } } EVP_MD_CTX_free(hmac); @@ -1138,7 +1135,8 @@ int tls1_cbc_remove_padding(const SSL *s, padding_length = rec->data[rec->length - 1]; - if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) { + if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & + EVP_CIPH_FLAG_AEAD_CIPHER) { /* padding is already verified */ rec->length -= padding_length + 1; return 1; @@ -1439,7 +1437,6 @@ int dtls1_process_record(SSL *s) return (0); } - /* * retrieve a buffered record that belongs to the current epoch, ie, * processed @@ -1487,13 +1484,14 @@ int dtls1_get_record(SSL *s) if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1); + SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1); /* read timeout is handled by dtls1_read_bytes */ if (n <= 0) return (n); /* error or non-blocking */ /* this packet contained a partial record, dump it */ - if (RECORD_LAYER_get_packet_length(&s->rlayer) != DTLS1_RT_HEADER_LENGTH) { + if (RECORD_LAYER_get_packet_length(&s->rlayer) != + DTLS1_RT_HEADER_LENGTH) { RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1573,7 +1571,7 @@ int dtls1_get_record(SSL *s) bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if (bitmap == NULL) { rr->length = 0; - RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ + RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } #ifndef OPENSSL_NO_SCTP @@ -1603,7 +1601,7 @@ int dtls1_get_record(SSL *s) if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) { if (dtls1_buffer_record (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), - rr->seq_num) < 0) + rr->seq_num) < 0) return -1; /* Mark receipt of record. */ dtls1_record_bitmap_update(s, bitmap); @@ -1615,7 +1613,7 @@ int dtls1_get_record(SSL *s) if (!dtls1_process_record(s)) { rr->length = 0; - RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ + RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */ diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index febd88a117..9a228f7de2 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -26,8 +26,6 @@ */ #define MAX_HASH_BLOCK_SIZE 128 - - /* * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in * little-endian order. The value of p is advanced by four. @@ -129,14 +127,14 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * Returns 1 on success or 0 on error */ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char header[13], - const unsigned char *data, - size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - unsigned mac_secret_length, char is_sslv3) + unsigned