summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2014-04-18 21:19:21 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2014-04-18 21:19:21 +0000
commit34ff4f115606d84a17fd52507a7b8c32e946005f (patch)
treef5a07f680b02e8866bffc487889375d1c590e1c5 /lib
parentb2142b09d634550fba478e4b9ccbdf651b22747a (diff)
now that knf carpet bombing is finished, switch to hand to hand combat.
still not sure what to make of mysteries like this: for (i = 7; i >= 0; i--) { /* increment */
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/src/ssl/t1_enc.c157
-rw-r--r--lib/libssl/src/ssl/t1_lib.c182
2 files changed, 166 insertions, 173 deletions
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index fb471b2f14f..fc7a23fb4b5 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -219,9 +219,8 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
/* calc the next A1 value */
if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
goto err;
- }
- else /* last one */
- {
+ } else {
+ /* last one */
if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
goto err;
memcpy(out, A1, olen);
@@ -269,10 +268,10 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
goto err;
}
- if (!tls1_P_hash(md , S1, len + (slen&1),
- seed1, seed1_len, seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, seed5, seed5_len,
- out2, olen))
- goto err;
+ if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
+ seed1_len, seed2, seed2_len, seed3, seed3_len,
+ seed4, seed4_len, seed5, seed5_len, out2, olen))
+ goto err;
S1 += len;
for (i = 0; i < olen; i++) {
out1[i] ^= out2[i];
@@ -288,13 +287,14 @@ static int
tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
{
int ret;
+
ret = tls1_PRF(ssl_get_algorithm2(s),
- TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- NULL, 0, NULL, 0,
- s->session->master_key, s->session->master_key_length,
- km, tmp, num);
+ TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
+ s->s3->server_random, SSL3_RANDOM_SIZE,
+ s->s3->client_random, SSL3_RANDOM_SIZE,
+ NULL, 0, NULL, 0,
+ s->session->master_key, s->session->master_key_length,
+ km, tmp, num);
#ifdef KSSL_DEBUG
printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
s->session->master_key_length);
@@ -369,9 +369,10 @@ tls1_change_cipher_state(SSL *s, int which)
reuse_dd = 1;
else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
- else
+ else {
/* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_read_ctx);
+ EVP_CIPHER_CTX_init(s->enc_read_ctx);
+ }
dd = s->enc_read_ctx;
mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
#ifndef OPENSSL_NO_COMP
@@ -386,8 +387,7 @@ tls1_change_cipher_state(SSL *s, int which)
goto err2;
}
if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp = (unsigned char *)
- malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+ s->s3->rrec.comp = malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
@@ -438,11 +438,11 @@ tls1_change_cipher_state(SSL *s, int which)
EVP_CIPHER_CTX_cleanup(dd);
p = s->s3->tmp.key_block;
- i=*mac_secret_size = s->s3->tmp.new_mac_secret_size;
+ i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
cl = EVP_CIPHER_key_length(c);
j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
/* If GCM mode only part of IV comes from PRF */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
@@ -480,7 +480,7 @@ tls1_change_cipher_state(SSL *s, int which)
memcpy(mac_secret, ms, i);
- if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER)) {
+ if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
mac_secret, *mac_secret_size);
EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
@@ -495,22 +495,22 @@ tls1_change_cipher_state(SSL *s, int which)
* same value since only the correct one will be used :-).
*/
if (!tls1_PRF(ssl_get_algorithm2(s),
- exp_label, exp_label_len,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- NULL, 0, NULL, 0,
- key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
- goto err2;
+ exp_label, exp_label_len,
+ s->s3->client_random, SSL3_RANDOM_SIZE,
+ s->s3->server_random, SSL3_RANDOM_SIZE,
+ NULL, 0, NULL, 0,
+ key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
+ goto err2;
key = tmp1;
if (k > 0) {
if (!tls1_PRF(ssl_get_algorithm2(s),
- TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- NULL, 0, NULL, 0,
- empty, 0, iv1, iv2, k*2))
- goto err2;
+ TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
+ s->s3->client_random, SSL3_RANDOM_SIZE,
+ s->s3->server_random, SSL3_RANDOM_SIZE,
+ NULL, 0, NULL, 0,
+ empty, 0, iv1, iv2, k*2))
+ goto err2;
if (client_write)
iv = iv1;
else
@@ -537,9 +537,9 @@ tls1_change_cipher_state(SSL *s, int which)
EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE));
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
- if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
+ if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
- *mac_secret_size, mac_secret);
+ *mac_secret_size, mac_secret);
#ifdef TLS_DEBUG
printf("which = %04X\nkey=", which);
@@ -588,7 +588,7 @@ tls1_setup_key_block(SSL *s)
s->s3->tmp.new_mac_pkey_type = mac_type;
s->s3->tmp.new_mac_secret_size = mac_secret_size;
num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
- num*=2;
+ num *= 2;
ssl3_cleanup_key_block(s);
@@ -620,8 +620,8 @@ tls1_setup_key_block(SSL *s)
{ int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); }
#endif
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
- && s->method->version <= TLS1_VERSION) {
+ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
+ s->method->version <= TLS1_VERSION) {
/* enable vulnerability countermeasure for CBC ciphers with
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
*/
@@ -678,8 +678,8 @@ tls1_enc(SSL *s, int send)
int ivlen;
enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
/* For TLSv1.1 and later explicit IV */
- if (s->version >= TLS1_1_VERSION
- && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+ if (s->version >= TLS1_1_VERSION &&
+ EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
ivlen = EVP_CIPHER_iv_length(enc);
else
ivlen = 0;
@@ -720,7 +720,7 @@ tls1_enc(SSL *s, int send)
l = rec->length;
bs = EVP_CIPHER_block_size(ds->cipher);
- if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) {
+ if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char buf[13], *seq;
seq = send ? s->s3->write_sequence : s->s3->read_sequence;
@@ -733,14 +733,10 @@ tls1_enc(SSL *s, int send)
memcpy(buf, dtlsseq, 8);
} else {
memcpy(buf, seq, 8);
- for (i = 7;
- i >= 0;
- i--) /* increment */
- {
+ for (i = 7; i >= 0; i--) { /* increment */
++seq[i];
if (seq[i] != 0)
break;
-
}
}
@@ -748,7 +744,7 @@ tls1_enc(SSL *s, int send)
buf[9] = (unsigned char)(s->version >> 8);
buf[10] = (unsigned char)(s->version);
buf[11] = rec->length >> 8;
- buf[12] = rec->length&0xff;
+ buf[12] = rec->length & 0xff;
pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf);
if (send) {
l += pad;
@@ -795,10 +791,9 @@ tls1_enc(SSL *s, int send)
}
i = EVP_Cipher(ds, rec->data, rec->input, l);
- if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER)
- ?(i < 0)
- :(i == 0))
- return -1; /* AEAD can fail to verify MAC */
+ if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER) ?
+ (i < 0) : (i == 0))
+ return -1; /* AEAD can fail to verify MAC */
if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
@@ -837,7 +832,8 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
return 0;
for (i = 0; i < SSL_MAX_DIGEST; i++) {
- if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
+ if (s->s3->handshake_dgst[i] &&
+ EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
d = s->s3->handshake_dgst[i];
break;
}
@@ -879,24 +875,25 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
if (mask & ssl_get_algorithm2(s)) {
int hashsize = EVP_MD_size(md);
EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
- if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
+ if (!hdgst || hashsize < 0 ||
+ hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
/* internal error: 'buf' is too small for this cipersuite! */
err = 1;
} else {
if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
- !EVP_DigestFinal_ex(&ctx, q, &i) ||
- (i != (unsigned int)hashsize))
- err = 1;
+ !EVP_DigestFinal_ex(&ctx, q, &i) ||
+ (i != (unsigned int)hashsize))
+ err = 1;
q += hashsize;
}
}
}
- if (!tls1_PRF(ssl_get_algorithm2(s),
- str, slen, buf,(int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
- s->session->master_key, s->session->master_key_length,
- out, buf2, sizeof buf2))
- err = 1;
+ if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf,(int)(q - buf),
+ NULL, 0, NULL, 0, NULL, 0,
+ s->session->master_key, s->session->master_key_length,
+ out, buf2, sizeof buf2))
+ err = 1;
EVP_MD_CTX_cleanup(&ctx);
if (err)
@@ -945,7 +942,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
unsigned char dtlsseq[8], *p = dtlsseq;
s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
- memcpy (p, &seq[2], 6);
+ memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8);
} else
@@ -961,21 +958,18 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
header[11] = (rec->length) >> 8;
header[12] = (rec->length)&0xff;
- if (!send &&
- EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
- ssl3_cbc_record_digest_supported(mac_ctx)) {
+ if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+ ssl3_cbc_record_digest_supported(mac_ctx)) {
/* This is a CBC-encrypted record. We must avoid leaking any
* timing-side channel information about how many blocks of
* data we are hashing because that gives an attacker a
* timing-oracle. */
- ssl3_cbc_digest_record(
- mac_ctx,
- md, &md_size,
- header, rec->input,
- rec->length + md_size, orig_len,
- ssl->s3->read_mac_secret,
- ssl->s3->read_mac_secret_size,
- 0 /* not SSLv3 */);
+ ssl3_cbc_digest_record(mac_ctx,
+ md, &md_size, header, rec->input,
+ rec->length + md_size, orig_len,
+ ssl->s3->read_mac_secret,
+ ssl->s3->read_mac_secret_size,
+ 0 /* not SSLv3 */);
} else {
EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
@@ -1001,7 +995,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
++seq[i];
if (seq[i] != 0)
break;
-
}
}
@@ -1115,20 +1108,20 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
* comparisons won't have buffer overflow
*/
if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
- TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1;
+ TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
+ goto err1;
if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
- TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1;
+ TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
+ goto err1;
if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
- TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1;
+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
+ goto err1;
if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
- TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
+ TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
+ goto err1;
rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- val, vallen,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
+ val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
out, buff, olen);
diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index 6ee2289153f..f6cfb508f60 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -152,8 +152,9 @@ tls1_default_timeout(void)
int
tls1_new(SSL *s)
{
- if (!ssl3_new(s)) return (0);
- s->method->ssl_clear(s);
+ if (!ssl3_new(s))
+ return (0);
+ s->method->ssl_clear(s);
return (1);
}
@@ -349,13 +350,14 @@ unsigned char
unsigned char *ret = p;
/* don't add extensions for SSLv3 unless doing secure renegotiation */
- if (s->client_version == SSL3_VERSION
- && !s->s3->send_connection_binding)
- return p;
+ if (s->client_version == SSL3_VERSION &&
+ !s->s3->send_connection_binding)
+ return p;
ret += 2;
- if (ret>=limit) return NULL; /* this really never occurs, but ... */
+ if (ret>=limit)
+ return NULL; /* this really never occurs, but ... */
if (s->tlsext_hostname != NULL) {
/* Add TLS extension servername to the Client Hello message */
@@ -371,9 +373,9 @@ unsigned char
+ hostname length
*/
- if ((lenmax = limit - ret - 9) < 0
- || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
- return NULL;
+ if ((lenmax = limit - ret - 9) < 0 ||
+ (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
+ return NULL;
/* extension type and length */
s2n(TLSEXT_TYPE_server_name, ret);
@@ -399,8 +401,8 @@ unsigned char
return NULL;
}
- if ((limit - p - 4 - el)
- < 0) return NULL;
+ if ((limit - p - 4 - el) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_renegotiate, ret);
s2n(el, ret);
@@ -415,8 +417,8 @@ unsigned char
#ifndef OPENSSL_NO_SRP
/* Add SRP username if there is one */
- if (s->srp_ctx.login != NULL)
- { /* Add TLS extension SRP username to the Client Hello message */
+ if (s->srp_ctx.login != NULL) {
+ /* Add TLS extension SRP username to the Client Hello message */
int login_len = strlen(s->srp_ctx.login);
@@ -430,8 +432,8 @@ unsigned char
1 for the srp user identity
+ srp user identity length
*/
- if ((limit - ret - 5 - login_len)
- < 0) return NULL;
+ if ((limit - ret - 5 - login_len) < 0)
+ return NULL;
/* fill in the extension */
@@ -445,16 +447,16 @@ unsigned char
#ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist != NULL &&
- s->version != DTLS1_VERSION) {
+ s->version != DTLS1_VERSION) {
/* Add TLS extension ECPointFormats to the ClientHello message */
long lenmax;
+ if ((lenmax = limit - ret - 5) < 0)
+ return NULL;
- if ((lenmax = limit - ret - 5)
- < 0) return NULL;
-
- if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
- if (s->tlsext_ecpointformatlist_length > 255) {
+ if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
+ return NULL;
+ if (s->tlsext_ecpointformatlist_length > 255) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
@@ -466,11 +468,10 @@ unsigned char
ret += s->tlsext_ecpointformatlist_length;
}
if (s->tlsext_ellipticcurvelist != NULL &&
- s->version != DTLS1_VERSION) {
+ s->version != DTLS1_VERSION) {
/* Add TLS extension EllipticCurves to the ClientHello message */
long lenmax;
-
if ((lenmax = limit - ret - 6)
< 0) return NULL;
@@ -499,7 +500,7 @@ unsigned char
if (!s->new_session && s->session && s->session->tlsext_tick)
ticklen = s->session->tlsext_ticklen;
else if (s->session && s->tlsext_session_ticket &&
- s->tlsext_session_ticket->data) {
+ s->tlsext_session_ticket->data) {
ticklen = s->tlsext_session_ticket->length;
s->session->tlsext_tick = malloc(ticklen);
if (!s->session->tlsext_tick)
@@ -511,13 +512,14 @@ unsigned char
} else
ticklen = 0;
if (ticklen == 0 && s->tlsext_session_ticket &&
- s->tlsext_session_ticket->data == NULL)
- goto skip_ext;
+ s->tlsext_session_ticket->data == NULL)
+ goto skip_ext;
/* Check for enough room 2 for extension type, 2 for len
* rest for ticket
*/
- if ((long)(limit - ret - 4 - ticklen) < 0) return NULL;
- s2n(TLSEXT_TYPE_session_ticket, ret);
+ if ((long)(limit - ret - 4 - ticklen) < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_session_ticket, ret);
s2n(ticklen, ret);
if (ticklen) {
@@ -525,7 +527,7 @@ unsigned char
ret += ticklen;
}
}
- skip_ext:
+skip_ext:
if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
@@ -558,7 +560,7 @@ unsigned char
#endif
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
- s->version != DTLS1_VERSION) {
+ s->version != DTLS1_VERSION) {
int i;
long extlen, idlen, itmp;
OCSP_RESPID *id;
@@ -579,8 +581,9 @@ unsigned char
} else
extlen = 0;
- if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
- s2n(TLSEXT_TYPE_status_request, ret);
+ if ((long)(limit - ret - 7 - extlen - idlen) < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_status_request, ret);
if (extlen + idlen > 0xFFF0)
return NULL;
s2n(extlen + idlen + 5, ret);
@@ -618,8 +621,8 @@ unsigned char
ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
- if ((limit - p - 4 - el)
- < 0) return NULL;
+ if ((limit - p - 4 - el) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_use_srtp, ret);
s2n(el, ret);
@@ -682,11 +685,12 @@ unsigned char
return p;
ret += 2;
- if (ret>=limit) return NULL; /* this really never occurs, but ... */
+ if (ret>=limit)
+ return NULL; /* this really never occurs, but ... */
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) {
- if ((long)(limit - ret - 4) < 0) return NULL;
-
+ if ((long)(limit - ret - 4) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_server_name, ret);
s2n(0, ret);
@@ -724,8 +728,9 @@ unsigned char
if ((lenmax = limit - ret - 5)
< 0) return NULL;
- if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
- if (s->tlsext_ecpointformatlist_length > 255) {
+ if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
+ return NULL;
+ if (s->tlsext_ecpointformatlist_length > 255) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
@@ -740,24 +745,24 @@ unsigned char
/* Currently the server should not respond with a SupportedCurves extension */
#endif /* OPENSSL_NO_EC */
- if (s->tlsext_ticket_expected
- && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
- if ((long)(limit - ret - 4) < 0) return NULL;
+ if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
+ if ((long)(limit - ret - 4) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_session_ticket, ret);
s2n(0, ret);
}
if (s->tlsext_status_expected) {
- if ((long)(limit - ret - 4) < 0) return NULL;
+ if ((long)(limit - ret - 4) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_status_request, ret);
s2n(0, ret);
}
#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->server_opaque_prf_input != NULL &&
- s->version != DTLS1_VERSION) {
+ if (s->s3->server_opaque_prf_input != NULL && s->version != DTLS1_VERSION) {
size_t sol = s->s3->server_opaque_prf_input_len;
if ((long)(limit - ret - 6 - sol) < 0)
@@ -794,8 +799,9 @@ unsigned char
}
#endif
- if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81)
- && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
+ if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 ||
+ (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) &&
+ (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
const unsigned char cryptopro_ext[36] = {
0xfd, 0xe8, /*65000*/
0x00, 0x20, /*32 bytes length*/
@@ -820,8 +826,9 @@ unsigned char
r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
- if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
- s2n(TLSEXT_TYPE_next_proto_neg, ret);
+ if ((long)(limit - ret - 4 - npalen) < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_next_proto_neg, ret);
s2n(npalen, ret);
memcpy(ret, npa, npalen);
ret += npalen;
@@ -987,7 +994,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
int servname_type;
int dsize;
-
if (size < 2) {
*al = SSL_AD_DECODE_ERROR;
return 0;
@@ -1013,7 +1019,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}
if (s->servername_done == 0)
switch (servname_type) {
- case TLSEXT_NAMETYPE_host_name:
+ case TLSEXT_NAMETYPE_host_name:
if (!s->hit) {
if (s->session->tlsext_hostname) {
*al = SSL_AD_DECODE_ERROR;
@@ -1038,14 +1044,14 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
s->servername_done = 1;
- } else
- s->servername_done = s->session->tlsext_hostname
- && strlen(s->session->tlsext_hostname) == len
- && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
-
+ } else {
+ s->servername_done = s->session->tlsext_hostname &&
+ strlen(s->session->tlsext_hostname) == len &&
+ strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
+ }
break;
- default:
+ default:
break;
}
@@ -1285,12 +1291,12 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
return 0;
}
}
- }
+ } else {
/* We don't know what to do with any other type
* so ignore it.
*/
- else
s->tlsext_status_type = -1;
+ }
}
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
@@ -1317,9 +1323,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
/* session ticket processed earlier */
#ifndef OPENSSL_NO_SRTP
else if (type == TLSEXT_TYPE_use_srtp) {
- if (ssl_parse_clienthello_use_srtp_ext(s, data, size,
- al))
- return 0;
+ if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
+ return 0;
}
#endif
@@ -1404,7 +1409,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
tlsext_servername = 1;
}
-
#ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats &&
s->version != DTLS1_VERSION) {
@@ -1434,15 +1438,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
#endif
}
#endif /* OPENSSL_NO_EC */
-
else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb &&
- !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
+ !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
- if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
- || (size > 0)) {
+ if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) {
*al = TLS1_AD_UNSUPPORTED_EXTENSION;
return 0;
}
@@ -1450,7 +1452,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
}
#ifdef TLSEXT_TYPE_opaque_prf_input
else if (type == TLSEXT_TYPE_opaque_prf_input &&
- s->version != DTLS1_VERSION) {
+ s->version != DTLS1_VERSION) {
unsigned char *sdata = data;
if (size < 2) {
@@ -1477,7 +1479,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
}
#endif
else if (type == TLSEXT_TYPE_status_request &&
- s->version != DTLS1_VERSION) {
+ s->version != DTLS1_VERSION) {
/* MUST be empty and only sent if we've requested
* a status request message.
*/
@@ -1490,7 +1492,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
}
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
- s->s3->tmp.finish_md_len == 0) {
+ s->s3->tmp.finish_md_len == 0) {
unsigned char *selected;
unsigned char selected_len;
@@ -1558,7 +1560,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
*p = data;
- ri_check:
+ri_check:
/* Determine if we need to see RI. Strictly speaking if we want to
* avoid an attack we should *always* see RI even on initial server
@@ -1567,8 +1569,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
* which doesn't support RI so for the immediate future tolerate RI
* absence on initial connect only.
*/
- if (!renegotiate_seen
- && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
+ if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
@@ -1578,7 +1579,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
return 1;
}
-
int
ssl_prepare_clienthello_tlsext(SSL *s)
{
@@ -1597,7 +1597,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) {
+ if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) ||
+ (alg_a & SSL_aECDSA))) {
using_ecc = 1;
break;
}
@@ -1625,9 +1626,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
return -1;
}
for (i = 0, j = s->tlsext_ellipticcurvelist;
- (unsigned int)i <
- sizeof(pref_list)/sizeof(pref_list[0]);
- i++) {
+ (unsigned int)i < sizeof(pref_list)/sizeof(pref_list[0]);
+ i++) {
int id = tls1_ec_nid2curve_id(pref_list[i]);
s2n(id, j);
}
@@ -1659,9 +1659,11 @@ ssl_prepare_clienthello_tlsext(SSL *s)
s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
}
- if (r == 2)
+ if (r == 2) {
/* at callback's request, insist on receiving an appropriate server opaque PRF input */
- s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+ s->s3->server_opaque_prf_input_len =
+ s->tlsext_opaque_prf_input_len;
+ }
}
#endif
@@ -1743,7 +1745,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
if (s->tlsext_opaque_prf_input != NULL) {
if (s->s3->client_opaque_prf_input != NULL &&
- s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) {
+ s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) {
/* can only use this extension if we have a server opaque PRF input
* of the same length as the client opaque PRF input! */
@@ -1770,7 +1772,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
}
}
- err:
+err:
#endif
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -1842,12 +1844,10 @@ err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return -1;
-
case SSL_TLSEXT_ERR_ALERT_WARNING:
ssl3_send_alert(s, SSL3_AL_WARNING, al);
return 1;
-
default:
return 1;
}
@@ -1866,9 +1866,11 @@ ssl_check_serverhello_tlsext(SSL *s)
*/
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
- (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
- ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
+ if ((s->tlsext_ecpointformatlist != NULL) &&
+ (s->tlsext_ecpointformatlist_length > 0) &&
+ (s->session->tlsext_ecpointformatlist != NULL) &&
+ (s->session->tlsext_ecpointformatlist_length > 0) &&
+ ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
@@ -1943,12 +1945,10 @@ ssl_check_serverhello_tlsext(SSL *s)
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return -1;
-
case SSL_TLSEXT_ERR_ALERT_WARNING:
ssl3_send_alert(s, SSL3_AL_WARNING, al);
- return 1;
-
+ return 1;
case SSL_TLSEXT_ERR_NOACK:
s->servername_done = 0;
default:
@@ -2279,6 +2279,7 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
int i, idx;
const EVP_MD *md;
CERT *c = s->cert;
+
/* Extension ignored for TLS versions below 1.2 */
if (TLS1_get_version(s) < TLS1_2_VERSION)
return 1;
@@ -2321,7 +2322,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
}
-
/* Set any remaining keys to default values. NOTE: if alg is not
* supported it stays as NULL.
*/