summaryrefslogtreecommitdiff
path: root/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-05-30 14:31:04 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-05-30 14:31:04 +0000
commit8ca991ecb7370e15b4c5ae05e9403ed5d55d22cf (patch)
treed439c6e41040cc247563c84dd3d2b06ade9a4323 /lib/libssl/ssl_ciph.c
parent28e24c3349c41f3177c3bf295104a79089e3b9f8 (diff)
More KNF.
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
-rw-r--r--lib/libssl/ssl_ciph.c129
1 files changed, 73 insertions, 56 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index 72061035aa2..456a7536b74 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1038,14 +1038,14 @@ ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
}
static int
-ssl_cipher_process_rulestr(const char *rule_str,
- CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
-const SSL_CIPHER **ca_list)
+ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list)
{
- unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
- const char *l, *buf;
+ unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
+ unsigned long algo_strength;
int j, multi, found, rule, retval, ok, buflen;
unsigned long cipher_id = 0;
+ const char *l, *buf;
char ch;
retval = 1;
@@ -1055,21 +1055,21 @@ const SSL_CIPHER **ca_list)
if (ch == '\0')
break;
- /* done */
- if (ch == '-')
- { rule = CIPHER_DEL;
+
+ if (ch == '-') {
+ rule = CIPHER_DEL;
l++;
- } else if (ch == '+')
- { rule = CIPHER_ORD;
+ } else if (ch == '+') {
+ rule = CIPHER_ORD;
l++;
- } else if (ch == '!')
- { rule = CIPHER_KILL;
+ } else if (ch == '!') {
+ rule = CIPHER_KILL;
l++;
- } else if (ch == '@')
- { rule = CIPHER_SPECIAL;
+ } else if (ch == '@') {
+ rule = CIPHER_SPECIAL;
l++;
- } else
- { rule = CIPHER_ADD;
+ } else {
+ rule = CIPHER_ADD;
}
if (ITEM_SEP(ch)) {
@@ -1091,8 +1091,7 @@ const SSL_CIPHER **ca_list)
while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
- (ch == '-') || (ch == '.'))
- {
+ (ch == '-') || (ch == '.')) {
ch = *(++l);
buflen++;
}
@@ -1104,15 +1103,17 @@ const SSL_CIPHER **ca_list)
* alphanumeric, so we call this an error.
*/
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
+ SSL_R_INVALID_COMMAND);
retval = found = 0;
l++;
break;
}
if (rule == CIPHER_SPECIAL) {
- found = 0; /* unused -- avoid compiler warning */
- break; /* special treatment */
+ /* unused -- avoid compiler warning */
+ found = 0;
+ /* special treatment */
+ break;
}
/* check for multi-part specification */
@@ -1123,15 +1124,16 @@ const SSL_CIPHER **ca_list)
multi = 0;
/*
- * Now search for the cipher alias in the ca_list. Be careful
- * with the strncmp, because the "buflen" limitation
- * will make the rule "ADH:SOME" and the cipher
- * "ADH-MY-CIPHER" look like a match for buflen=3.
- * So additionally check whether the cipher name found
- * has the correct length. We can save a strlen() call:
- * just checking for the '\0' at the right place is
- * sufficient, we have to strncmp() anyway. (We cannot
- * use strcmp(), because buf is not '\0' terminated.)
+ * Now search for the cipher alias in the ca_list.
+ * Be careful with the strncmp, because the "buflen"
+ * limitation will make the rule "ADH:SOME" and the
+ * cipher "ADH-MY-CIPHER" look like a match for
+ * buflen=3. So additionally check whether the cipher
+ * name found has the correct length. We can save a
+ * strlen() call: just checking for the '\0' at the
+ * right place is sufficient, we have to strncmp()
+ * anyway (we cannot use strcmp(), because buf is not
+ * '\0' terminated.)
*/
j = found = 0;
cipher_id = 0;
@@ -1193,44 +1195,59 @@ const SSL_CIPHER **ca_list)
if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
if (algo_strength & SSL_EXP_MASK) {
- algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
+ algo_strength &=
+ (ca_list[j]->algo_strength &
+ SSL_EXP_MASK) | ~SSL_EXP_MASK;
if (!(algo_strength & SSL_EXP_MASK)) {
found = 0;
break;
}
} else
- algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
+ algo_strength |=
+ ca_list[j]->algo_strength &
+ SSL_EXP_MASK;
}
if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
if (algo_strength & SSL_STRONG_MASK) {
- algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
- if (!(algo_strength & SSL_STRONG_MASK)) {
+ algo_strength &=
+ (ca_list[j]->algo_strength &
+ SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
+ if (!(algo_strength &
+ SSL_STRONG_MASK)) {
found = 0;
break;
}
} else
- algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
+ algo_strength |=
+ ca_list[j]->algo_strength &
+ SSL_STRONG_MASK;
}
if (ca_list[j]->valid) {
- /* explicit ciphersuite found; its protocol version
- * does not become part of the search pattern!*/
-
+ /*
+ * explicit ciphersuite found; its protocol
+ * version does not become part of the search
+ * pattern!
+ */
cipher_id = ca_list[j]->id;
} else {
- /* not an explicit ciphersuite; only in this case, the
- * protocol version is considered part of the search pattern */
-
+ /*
+ * not an explicit ciphersuite; only in this
+ * case, the protocol version is considered
+ * part of the search pattern
+ */
if (ca_list[j]->algorithm_ssl) {
if (alg_ssl) {
- alg_ssl &= ca_list[j]->algorithm_ssl;
+ alg_ssl &=
+ ca_list[j]->algorithm_ssl;
if (!alg_ssl) {
found = 0;
break;
}
} else
- alg_ssl = ca_list[j]->algorithm_ssl;
+ alg_ssl =
+ ca_list[j]->algorithm_ssl;
}
}
@@ -1241,15 +1258,14 @@ const SSL_CIPHER **ca_list)
/*
* Ok, we have the rule, now apply it
*/
- if (rule == CIPHER_SPECIAL)
- { /* special command */
+ if (rule == CIPHER_SPECIAL) {
+ /* special command */
ok = 0;
- if ((buflen == 8) &&
- !strncmp(buf, "STRENGTH", 8))
- ok = ssl_cipher_strength_sort(head_p, tail_p);
+ if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
+ ok = ssl_cipher_strength_sort(head_p, tail_p);
else
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
+ SSL_R_INVALID_COMMAND);
if (ok == 0)
retval = 0;
/*
@@ -1259,17 +1275,18 @@ const SSL_CIPHER **ca_list)
* end or ':' is found.
*/
while ((*l != '\0') && !ITEM_SEP(*l))
- l++;
+ l++;
} else if (found) {
- ssl_cipher_apply_rule(cipher_id,
- alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
- rule, -1, head_p, tail_p);
+ ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth,
+ alg_enc, alg_mac, alg_ssl, algo_strength, rule,
+ -1, head_p, tail_p);
} else {
while ((*l != '\0') && !ITEM_SEP(*l))
- l++;
- }
- if (*l == '\0') break; /* done */
+ l++;
}
+ if (*l == '\0')
+ break; /* done */
+ }
return (retval);
}