src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2014-06-05 14:31:45 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2014-06-05 14:31:45 +0000
commit	f5a5391fdf83691578269bc0a01b6e7de214e400 (patch)
tree	ba5ccc02585781bdc323501b941423c8f7d635fc /lib/libssl/s3_clnt.c
parent	fa4abe4a84ad1f360ead9cda5579a392f7b45e67 (diff)

More KNF.

Diffstat (limited to 'lib/libssl/s3_clnt.c')

-rw-r--r--

lib/libssl/s3_clnt.c

1 files changed, 32 insertions, 49 deletions

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 2c3ce60fb3a..66fb26345ec 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c

@@ -826,9 +826,8 @@ ssl3_get_server_hello(SSL *s)

if (s->d1->send_cookie == 0) {

s->s3->tmp.reuse_message = 1;

return (1);

- }

- else /* already sent a cookie */

- {

+ } else {

+ /* Already sent a cookie. */

al = SSL_AD_UNEXPECTED_MESSAGE;

SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,

SSL_R_BAD_MESSAGE_TYPE);

@@ -844,12 +843,11 @@ ssl3_get_server_hello(SSL *s)

goto f_err;

}

- d = p=(unsigned char *)s->init_msg;

+ d = p = (unsigned char *)s->init_msg;

if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {

- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,

- SSL_R_WRONG_SSL_VERSION);

- s->version = (s->version&0xff00)|p[1];

+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);

+ s->version = (s->version&0xff00) | p[1];

al = SSL_AD_PROTOCOL_VERSION;

goto f_err;

}

@@ -898,7 +896,8 @@ ssl3_get_server_hello(SSL *s)

goto f_err;

}

s->hit = 1;

- } else { /* a miss or crap from the other end */

+ } else {

+ /* a miss or crap from the other end */

/* If we were trying for session-id reuse, make a new

* SSL_SESSION so we don't stuff up other people */

@@ -1124,8 +1123,7 @@ ssl3_get_server_certificate(SSL *s)

}

i = ssl_verify_cert_chain(s, sk);

- if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)

- ) {

+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {

al = ssl_verify_alarm_type(s->verify_result);

SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,

SSL_R_CERTIFICATE_VERIFY_FAILED);

@@ -1738,7 +1736,7 @@ ssl3_get_certificate_request(SSL *s)

}

- p = d=(unsigned char *)s->init_msg;

+ p = d = (unsigned char *)s->init_msg;

if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {

SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,

@@ -2008,8 +2006,7 @@ ssl3_get_server_done(SSL *s)

if (n > 0) {

/* should contain no data */

ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);

- SSLerr(SSL_F_SSL3_GET_SERVER_DONE,

- SSL_R_LENGTH_MISMATCH);

+ SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);

return (-1);

}

ret = 1;

@@ -2089,8 +2086,7 @@ ssl3_send_client_key_exchange(SSL *s)

s->method->ssl3_enc->generate_master_secret(

s, s->session->master_key, tmp_buf, sizeof tmp_buf);

OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);

- }

- else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {

+ } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {

DH *dh_srvr, *dh_clnt;

if (s->session->sess_cert == NULL) {

@@ -2154,9 +2150,7 @@ ssl3_send_client_key_exchange(SSL *s)

DH_free(dh_clnt);

/* perhaps clean things up a bit EAY EAY EAY EAY*/

- }

- else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {

+ } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {

const EC_GROUP *srvr_group = NULL;

EC_KEY *tkey;

int ecdh_clnt_cert = 0;

@@ -2334,8 +2328,7 @@ ssl3_send_client_key_exchange(SSL *s)

if (clnt_ecdh != NULL)

EC_KEY_free(clnt_ecdh);

EVP_PKEY_free(srvr_pub_pkey);

- }

- else if (alg_k & SSL_kGOST) {

+ } else if (alg_k & SSL_kGOST) {

/* GOST key exchange message creation */

EVP_PKEY_CTX *pkey_ctx;

X509 *peer_cert;

@@ -2354,7 +2347,7 @@ ssl3_send_client_key_exchange(SSL *s)

if (!peer_cert)

peer_cert = s->session->sess_cert->peer_pkeys[

(keytype = SSL_PKEY_GOST94)].x509;

- if (!peer_cert) {

+ if (!peer_cert) {

SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,

SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);

goto err;

@@ -2610,8 +2603,7 @@ ssl3_send_client_verify(SSL *s)

n = u + 4;

if (!ssl3_digest_cached_records(s))

goto err;

- } else

- if (pkey->type == EVP_PKEY_RSA) {

+ } else if (pkey->type == EVP_PKEY_RSA) {

s->method->ssl3_enc->cert_verify_mac(

s, NID_md5, &(data[0]));

if (RSA_sign(NID_md5_sha1, data,

@@ -2623,8 +2615,7 @@ ssl3_send_client_verify(SSL *s)

}

s2n(u, p);

n = u + 2;

- } else

- if (pkey->type == EVP_PKEY_DSA) {

+ } else if (pkey->type == EVP_PKEY_DSA) {

if (!DSA_sign(pkey->save_type,

&(data[MD5_DIGEST_LENGTH]),

SHA_DIGEST_LENGTH, &(p[2]),

@@ -2635,8 +2626,7 @@ ssl3_send_client_verify(SSL *s)

}

s2n(j, p);

n = j + 2;

- } else

- if (pkey->type == EVP_PKEY_EC) {

+ } else if (pkey->type == EVP_PKEY_EC) {

if (!ECDSA_sign(pkey->save_type,

&(data[MD5_DIGEST_LENGTH]),

SHA_DIGEST_LENGTH, &(p[2]),

@@ -2647,8 +2637,7 @@ ssl3_send_client_verify(SSL *s)

}

s2n(j, p);

n = j + 2;

- } else

- if (pkey->type == NID_id_GostR3410_94 ||

+ } else if (pkey->type == NID_id_GostR3410_94 ||

pkey->type == NID_id_GostR3410_2001) {

unsigned char signbuf[64];

int i;

@@ -2791,8 +2780,8 @@ ssl3_check_cert_and_algorithm(SSL *s)

idx = sc->peer_cert_type;

if (idx == SSL_PKEY_ECC) {

if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,

- s) == 0)

- { /* check failed */

+ s) == 0) {

+ /* check failed */

SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

SSL_R_BAD_ECC_CERT);

goto f_err;

@@ -2804,14 +2793,13 @@ ssl3_check_cert_and_algorithm(SSL *s)

i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);

EVP_PKEY_free(pkey);

/* Check that we have a certificate if we require one */

if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {

SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

SSL_R_MISSING_RSA_SIGNING_CERT);

goto f_err;

- }

- else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {

+ } else if ((alg_a & SSL_aDSS) &&

+ !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {

SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

SSL_R_MISSING_DSA_SIGNING_CERT);

goto f_err;

@@ -2831,8 +2819,7 @@ ssl3_check_cert_and_algorithm(SSL *s)

SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

SSL_R_MISSING_DH_RSA_CERT);

goto f_err;

- }

- else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {

+ } else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {

SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

SSL_R_MISSING_DH_DSA_CERT);

goto f_err;

@@ -2847,22 +2834,18 @@ ssl3_check_cert_and_algorithm(SSL *s)

SSL_R_MISSING_EXPORT_TMP_RSA_KEY);

goto f_err;

}

- } else

- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {

- if (dh == NULL || DH_size(dh) * 8 >

- SSL_C_EXPORT_PKEYLENGTH(

- s->s3->tmp.new_cipher)) {

- SSLerr(

- SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

- SSL_R_MISSING_EXPORT_TMP_DH_KEY);

- goto f_err;

- }

- } else

- {

+ } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {

+ if (dh == NULL || DH_size(dh) * 8 >

+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {

SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

- SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);

+ SSL_R_MISSING_EXPORT_TMP_DH_KEY);

goto f_err;

}

+ } else {

+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);

+ goto f_err;

+ }

}

return (1);

f_err: