diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-30 14:31:04 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-30 14:31:04 +0000 |
commit | 8ca991ecb7370e15b4c5ae05e9403ed5d55d22cf (patch) | |
tree | d439c6e41040cc247563c84dd3d2b06ade9a4323 /lib/libssl/ssl_ciph.c | |
parent | 28e24c3349c41f3177c3bf295104a79089e3b9f8 (diff) |
More KNF.
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
-rw-r--r-- | lib/libssl/ssl_ciph.c | 129 |
1 files changed, 73 insertions, 56 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 72061035aa2..456a7536b74 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1038,14 +1038,14 @@ ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) } static int -ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, -const SSL_CIPHER **ca_list) +ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list) { - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; - const char *l, *buf; + unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; + unsigned long algo_strength; int j, multi, found, rule, retval, ok, buflen; unsigned long cipher_id = 0; + const char *l, *buf; char ch; retval = 1; @@ -1055,21 +1055,21 @@ const SSL_CIPHER **ca_list) if (ch == '\0') break; - /* done */ - if (ch == '-') - { rule = CIPHER_DEL; + + if (ch == '-') { + rule = CIPHER_DEL; l++; - } else if (ch == '+') - { rule = CIPHER_ORD; + } else if (ch == '+') { + rule = CIPHER_ORD; l++; - } else if (ch == '!') - { rule = CIPHER_KILL; + } else if (ch == '!') { + rule = CIPHER_KILL; l++; - } else if (ch == '@') - { rule = CIPHER_SPECIAL; + } else if (ch == '@') { + rule = CIPHER_SPECIAL; l++; - } else - { rule = CIPHER_ADD; + } else { + rule = CIPHER_ADD; } if (ITEM_SEP(ch)) { @@ -1091,8 +1091,7 @@ const SSL_CIPHER **ca_list) while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) || ((ch >= 'a') && (ch <= 'z')) || - (ch == '-') || (ch == '.')) - { + (ch == '-') || (ch == '.')) { ch = *(++l); buflen++; } @@ -1104,15 +1103,17 @@ const SSL_CIPHER **ca_list) * alphanumeric, so we call this an error. */ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); + SSL_R_INVALID_COMMAND); retval = found = 0; l++; break; } if (rule == CIPHER_SPECIAL) { - found = 0; /* unused -- avoid compiler warning */ - break; /* special treatment */ + /* unused -- avoid compiler warning */ + found = 0; + /* special treatment */ + break; } /* check for multi-part specification */ @@ -1123,15 +1124,16 @@ const SSL_CIPHER **ca_list) multi = 0; /* - * Now search for the cipher alias in the ca_list. Be careful - * with the strncmp, because the "buflen" limitation - * will make the rule "ADH:SOME" and the cipher - * "ADH-MY-CIPHER" look like a match for buflen=3. - * So additionally check whether the cipher name found - * has the correct length. We can save a strlen() call: - * just checking for the '\0' at the right place is - * sufficient, we have to strncmp() anyway. (We cannot - * use strcmp(), because buf is not '\0' terminated.) + * Now search for the cipher alias in the ca_list. + * Be careful with the strncmp, because the "buflen" + * limitation will make the rule "ADH:SOME" and the + * cipher "ADH-MY-CIPHER" look like a match for + * buflen=3. So additionally check whether the cipher + * name found has the correct length. We can save a + * strlen() call: just checking for the '\0' at the + * right place is sufficient, we have to strncmp() + * anyway (we cannot use strcmp(), because buf is not + * '\0' terminated.) */ j = found = 0; cipher_id = 0; @@ -1193,44 +1195,59 @@ const SSL_CIPHER **ca_list) if (ca_list[j]->algo_strength & SSL_EXP_MASK) { if (algo_strength & SSL_EXP_MASK) { - algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; + algo_strength &= + (ca_list[j]->algo_strength & + SSL_EXP_MASK) | ~SSL_EXP_MASK; if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } } else - algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; + algo_strength |= + ca_list[j]->algo_strength & + SSL_EXP_MASK; } if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { if (algo_strength & SSL_STRONG_MASK) { - algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; - if (!(algo_strength & SSL_STRONG_MASK)) { + algo_strength &= + (ca_list[j]->algo_strength & + SSL_STRONG_MASK) | ~SSL_STRONG_MASK; + if (!(algo_strength & + SSL_STRONG_MASK)) { found = 0; break; } } else - algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; + algo_strength |= + ca_list[j]->algo_strength & + SSL_STRONG_MASK; } if (ca_list[j]->valid) { - /* explicit ciphersuite found; its protocol version - * does not become part of the search pattern!*/ - + /* + * explicit ciphersuite found; its protocol + * version does not become part of the search + * pattern! + */ cipher_id = ca_list[j]->id; } else { - /* not an explicit ciphersuite; only in this case, the - * protocol version is considered part of the search pattern */ - + /* + * not an explicit ciphersuite; only in this + * case, the protocol version is considered + * part of the search pattern + */ if (ca_list[j]->algorithm_ssl) { if (alg_ssl) { - alg_ssl &= ca_list[j]->algorithm_ssl; + alg_ssl &= + ca_list[j]->algorithm_ssl; if (!alg_ssl) { found = 0; break; } } else - alg_ssl = ca_list[j]->algorithm_ssl; + alg_ssl = + ca_list[j]->algorithm_ssl; } } @@ -1241,15 +1258,14 @@ const SSL_CIPHER **ca_list) /* * Ok, we have the rule, now apply it */ - if (rule == CIPHER_SPECIAL) - { /* special command */ + if (rule == CIPHER_SPECIAL) { + /* special command */ ok = 0; - if ((buflen == 8) && - !strncmp(buf, "STRENGTH", 8)) - ok = ssl_cipher_strength_sort(head_p, tail_p); + if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) + ok = ssl_cipher_strength_sort(head_p, tail_p); else SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); + SSL_R_INVALID_COMMAND); if (ok == 0) retval = 0; /* @@ -1259,17 +1275,18 @@ const SSL_CIPHER **ca_list) * end or ':' is found. */ while ((*l != '\0') && !ITEM_SEP(*l)) - l++; + l++; } else if (found) { - ssl_cipher_apply_rule(cipher_id, - alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, - rule, -1, head_p, tail_p); + ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, + alg_enc, alg_mac, alg_ssl, algo_strength, rule, + -1, head_p, tail_p); } else { while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } - if (*l == '\0') break; /* done */ + l++; } + if (*l == '\0') + break; /* done */ + } return (retval); } |