diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-04-14 13:10:36 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-04-14 13:10:36 +0000 |
| commit | e520a2b754f378d4aabb09cb96197a6ddaf681dd (patch) | |
| tree | 81be403f0fa168f762ccf801b25667a92f2a14dd /lib | |
| parent | 5522cd38d5534e249994bc116649fca9d7221856 (diff) | |
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/ssl_algs.c | 25 | ||||
| -rw-r--r-- | lib/libssl/ssl_asn1.c | 634 | ||||
| -rw-r--r-- | lib/libssl/ssl_cert.c | 649 | ||||
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 1393 | ||||
| -rw-r--r-- | lib/libssl/ssl_err.c | 1064 | ||||
| -rw-r--r-- | lib/libssl/ssl_err2.c | 7 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 3159 | ||||
| -rw-r--r-- | lib/libssl/ssl_rsa.c | 882 | ||||
| -rw-r--r-- | lib/libssl/ssl_sess.c | 1094 | ||||
| -rw-r--r-- | lib/libssl/ssl_stat.c | 893 | ||||
| -rw-r--r-- | lib/libssl/ssl_txt.c | 211 |
11 files changed, 5090 insertions, 4921 deletions
diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c index 9c34d19725b..76644bda916 100644 --- a/lib/libssl/ssl_algs.c +++ b/lib/libssl/ssl_algs.c @@ -61,8 +61,9 @@ #include <openssl/lhash.h> #include "ssl_locl.h" -int SSL_library_init(void) - { +int +SSL_library_init(void) +{ #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); @@ -104,16 +105,16 @@ int SSL_library_init(void) #ifndef OPENSSL_NO_SEED EVP_add_cipher(EVP_seed_cbc()); #endif - + #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5,"ssl2-md5"); - EVP_add_digest_alias(SN_md5,"ssl3-md5"); + EVP_add_digest_alias(SN_md5, "ssl2-md5"); + EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #endif #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); @@ -125,9 +126,9 @@ int SSL_library_init(void) #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); + EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); + EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); + EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); @@ -145,6 +146,6 @@ int SSL_library_init(void) #endif /* initialize cipher/digest methods table */ ssl_load_ciphers(); - return(1); - } + return (1); +} diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c index 38540be1e53..51668db7859 100644 --- a/lib/libssl/ssl_asn1.c +++ b/lib/libssl/ssl_asn1.c @@ -89,8 +89,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -typedef struct ssl_session_asn1_st - { +typedef struct ssl_session_asn1_st { ASN1_INTEGER version; ASN1_INTEGER ssl_version; ASN1_OCTET_STRING cipher; @@ -100,7 +99,7 @@ typedef struct ssl_session_asn1_st ASN1_OCTET_STRING session_id_context; ASN1_OCTET_STRING key_arg; #ifndef OPENSSL_NO_KRB5 - ASN1_OCTET_STRING krb5_princ; + ASN1_OCTET_STRING krb5_princ; #endif /* OPENSSL_NO_KRB5 */ ASN1_INTEGER time; ASN1_INTEGER timeout; @@ -117,169 +116,156 @@ typedef struct ssl_session_asn1_st #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; #endif /* OPENSSL_NO_SRP */ - } SSL_SESSION_ASN1; +} SSL_SESSION_ASN1; -int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) - { +int +i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) +{ #define LSIZE2 (sizeof(long)*2) - int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0; - unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; - unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; + int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; + unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; + unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; #ifndef OPENSSL_NO_TLSEXT - int v6=0,v9=0,v10=0; + int v6 = 0, v9 = 0, v10 = 0; unsigned char ibuf6[LSIZE2]; #endif #ifndef OPENSSL_NO_COMP unsigned char cbuf; - int v11=0; + int v11 = 0; #endif #ifndef OPENSSL_NO_SRP - int v12=0; + int v12 = 0; #endif long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) - return(0); + return (0); /* Note that I cheat in the following 2 assignments. I know * that if the ASN1_INTEGER passed to ASN1_INTEGER_set * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. * This is a bit evil but makes things simple, no dynamic allocation * to clean up :-) */ - a.version.length=LSIZE2; - a.version.type=V_ASN1_INTEGER; - a.version.data=ibuf1; - ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); + a.version.length = LSIZE2; + a.version.type = V_ASN1_INTEGER; + a.version.data = ibuf1; + ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION); - a.ssl_version.length=LSIZE2; - a.ssl_version.type=V_ASN1_INTEGER; - a.ssl_version.data=ibuf2; - ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); + a.ssl_version.length = LSIZE2; + a.ssl_version.type = V_ASN1_INTEGER; + a.ssl_version.data = ibuf2; + ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version); - a.cipher.type=V_ASN1_OCTET_STRING; - a.cipher.data=buf; + a.cipher.type = V_ASN1_OCTET_STRING; + a.cipher.data = buf; if (in->cipher == NULL) - l=in->cipher_id; + l = in->cipher_id; else - l=in->cipher->id; - if (in->ssl_version == SSL2_VERSION) - { - a.cipher.length=3; - buf[0]=((unsigned char)(l>>16L))&0xff; - buf[1]=((unsigned char)(l>> 8L))&0xff; - buf[2]=((unsigned char)(l ))&0xff; - } - else - { - a.cipher.length=2; - buf[0]=((unsigned char)(l>>8L))&0xff; - buf[1]=((unsigned char)(l ))&0xff; - } + l = in->cipher->id; + if (in->ssl_version == SSL2_VERSION) { + a.cipher.length = 3; + buf[0] = ((unsigned char)(l >> 16L))&0xff; + buf[1] = ((unsigned char)(l >> 8L))&0xff; + buf[2] = ((unsigned char)(l ))&0xff; + } else { + a.cipher.length = 2; + buf[0] = ((unsigned char)(l >> 8L))&0xff; + buf[1] = ((unsigned char)(l ))&0xff; + } #ifndef OPENSSL_NO_COMP - if (in->compress_meth) - { + if (in->compress_meth) { cbuf = (unsigned char)in->compress_meth; a.comp_id.length = 1; a.comp_id.type = V_ASN1_OCTET_STRING; a.comp_id.data = &cbuf; - } + } #endif - a.master_key.length=in->master_key_length; - a.master_key.type=V_ASN1_OCTET_STRING; - a.master_key.data=in->master_key; + a.master_key.length = in->master_key_length; + a.master_key.type = V_ASN1_OCTET_STRING; + a.master_key.data = in->master_key; - a.session_id.length=in->session_id_length; - a.session_id.type=V_ASN1_OCTET_STRING; - a.session_id.data=in->session_id; + a.session_id.length = in->session_id_length; + a.session_id.type = V_ASN1_OCTET_STRING; + a.session_id.data = in->session_id; - a.session_id_context.length=in->sid_ctx_length; - a.session_id_context.type=V_ASN1_OCTET_STRING; - a.session_id_context.data=in->sid_ctx; + a.session_id_context.length = in->sid_ctx_length; + a.session_id_context.type = V_ASN1_OCTET_STRING; + a.session_id_context.data = in->sid_ctx; - a.key_arg.length=in->key_arg_length; - a.key_arg.type=V_ASN1_OCTET_STRING; - a.key_arg.data=in->key_arg; + a.key_arg.length = in->key_arg_length; + a.key_arg.type = V_ASN1_OCTET_STRING; + a.key_arg.data = in->key_arg; #ifndef OPENSSL_NO_KRB5 - if (in->krb5_client_princ_len) - { - a.krb5_princ.length=in->krb5_client_princ_len; - a.krb5_princ.type=V_ASN1_OCTET_STRING; - a.krb5_princ.data=in->krb5_client_princ; - } + if (in->krb5_client_princ_len) { + a.krb5_princ.length = in->krb5_client_princ_len; + a.krb5_princ.type = V_ASN1_OCTET_STRING; + a.krb5_princ.data = in->krb5_client_princ; + } #endif /* OPENSSL_NO_KRB5 */ - if (in->time != 0L) - { - a.time.length=LSIZE2; - a.time.type=V_ASN1_INTEGER; - a.time.data=ibuf3; - ASN1_INTEGER_set(&(a.time),in->time); - } + if (in->time != 0L) { + a.time.length = LSIZE2; + a.time.type = V_ASN1_INTEGER; + a.time.data = ibuf3; + ASN1_INTEGER_set(&(a.time), in->time); + } - if (in->timeout != 0L) - { - a.timeout.length=LSIZE2; - a.timeout.type=V_ASN1_INTEGER; - a.timeout.data=ibuf4; - ASN1_INTEGER_set(&(a.timeout),in->timeout); - } + if (in->timeout != 0L) { + a.timeout.length = LSIZE2; + a.timeout.type = V_ASN1_INTEGER; + a.timeout.data = ibuf4; + ASN1_INTEGER_set(&(a.timeout), in->timeout); + } - if (in->verify_result != X509_V_OK) - { - a.verify_result.length=LSIZE2; - a.verify_result.type=V_ASN1_INTEGER; - a.verify_result.data=ibuf5; - ASN1_INTEGER_set(&a.verify_result,in->verify_result); - } + if (in->verify_result != X509_V_OK) { + a.verify_result.length = LSIZE2; + a.verify_result.type = V_ASN1_INTEGER; + a.verify_result.data = ibuf5; + ASN1_INTEGER_set(&a.verify_result, in->verify_result); + } #ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_hostname) - { - a.tlsext_hostname.length=strlen(in->tlsext_hostname); - a.tlsext_hostname.type=V_ASN1_OCTET_STRING; - a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; - } - if (in->tlsext_tick) - { - a.tlsext_tick.length= in->tlsext_ticklen; - a.tlsext_tick.type=V_ASN1_OCTET_STRING; - a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; - } - if (in->tlsext_tick_lifetime_hint > 0) - { - a.tlsext_tick_lifetime.length=LSIZE2; - a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; - a.tlsext_tick_lifetime.data=ibuf6; - ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); - } + if (in->tlsext_hostname) { + a.tlsext_hostname.length = strlen(in->tlsext_hostname); + a.tlsext_hostname.type = V_ASN1_OCTET_STRING; + a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname; + } + if (in->tlsext_tick) { + a.tlsext_tick.length = in->tlsext_ticklen; + a.tlsext_tick.type = V_ASN1_OCTET_STRING; + a.tlsext_tick.data = (unsigned char *)in->tlsext_tick; + } + if (in->tlsext_tick_lifetime_hint > 0) { + a.tlsext_tick_lifetime.length = LSIZE2; + a.tlsext_tick_lifetime.type = V_ASN1_INTEGER; + a.tlsext_tick_lifetime.data = ibuf6; + ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); + } #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK - if (in->psk_identity_hint) - { - a.psk_identity_hint.length=strlen(in->psk_identity_hint); - a.psk_identity_hint.type=V_ASN1_OCTET_STRING; - a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); - } - if (in->psk_identity) - { - a.psk_identity.length=strlen(in->psk_identity); - a.psk_identity.type=V_ASN1_OCTET_STRING; - a.psk_identity.data=(unsigned char *)(in->psk_identity); - } + if (in->psk_identity_hint) { + a.psk_identity_hint.length = strlen(in->psk_identity_hint); + a.psk_identity_hint.type = V_ASN1_OCTET_STRING; + a.psk_identity_hint.data = (unsigned char *)(in->psk_identity_hint); + } + if (in->psk_identity) { + a.psk_identity.length = strlen(in->psk_identity); + a.psk_identity.type = V_ASN1_OCTET_STRING; + a.psk_identity.data = (unsigned char *)(in->psk_identity); + } #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP - if (in->srp_username) - { - a.srp_username.length=strlen(in->srp_username); - a.srp_username.type=V_ASN1_OCTET_STRING; - a.srp_username.data=(unsigned char *)(in->srp_username); - } + if (in->srp_username) { + a.srp_username.length = strlen(in->srp_username); + a.srp_username.type = V_ASN1_OCTET_STRING; + a.srp_username.data = (unsigned char *)(in->srp_username); + } #endif /* OPENSSL_NO_SRP */ M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); @@ -289,41 +275,41 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); #ifndef OPENSSL_NO_KRB5 if (in->krb5_client_princ_len) - M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); #endif /* OPENSSL_NO_KRB5 */ if (in->key_arg_length > 0) - M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); if (in->time != 0L) - M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); + M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); if (in->timeout != 0L) - M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); + M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); if (in->peer != NULL) - M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); - M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); + M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3); + M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4); if (in->verify_result != X509_V_OK) - M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); + M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_tick_lifetime_hint > 0) - M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); + M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); if (in->tlsext_tick) - M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); + M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); if (in->tlsext_hostname) - M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); + M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); #ifndef OPENSSL_NO_COMP if (in->compress_meth) - M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); + M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); #endif #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) - M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); + M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); if (in->psk_identity) - M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); + M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP if (in->srp_username) - M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); + M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ M_ASN1_I2D_seq_total(); @@ -335,308 +321,296 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); #ifndef OPENSSL_NO_KRB5 if (in->krb5_client_princ_len) - M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); #endif /* OPENSSL_NO_KRB5 */ if (in->key_arg_length > 0) - M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); + M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); if (in->time != 0L) - M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); + M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); if (in->timeout != 0L) - M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); + M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); if (in->peer != NULL) - M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); - M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, - v4); + M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3); + M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, + v4); if (in->verify_result != X509_V_OK) - M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); + M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_hostname) - M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); + M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) - M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); + M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); if (in->psk_identity) - M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); + M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_tick_lifetime_hint > 0) - M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); + M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); if (in->tlsext_tick) - M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); + M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_COMP if (in->compress_meth) - M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); + M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); #endif #ifndef OPENSSL_NO_SRP if (in->srp_username) - M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); + M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ M_ASN1_I2D_finish(); - } +} -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length) - { - int ssl_version=0,i; +SSL_SESSION +*d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, +long length) +{ + int ssl_version = 0, i; long id; - ASN1_INTEGER ai,*aip; - ASN1_OCTET_STRING os,*osp; - M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); + ASN1_INTEGER ai, *aip; + ASN1_OCTET_STRING os, *osp; + M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new); - aip= &ai; - osp= &os; + aip = &ai; + osp = &os; M_ASN1_D2I_Init(); M_ASN1_D2I_start_sequence(); - ai.data=NULL; ai.length=0; - M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } + ai.data = NULL; + ai.length = 0; + M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); + if (ai.data != NULL) { + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } /* we don't care about the version right now :-) */ - M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - ssl_version=(int)ASN1_INTEGER_get(aip); - ret->ssl_version=ssl_version; - if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } - - os.data=NULL; os.length=0; - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if (ssl_version == SSL2_VERSION) - { - if (os.length != 3) - { - c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; + M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); + ssl_version = (int)ASN1_INTEGER_get(aip); + ret->ssl_version = ssl_version; + if (ai.data != NULL) { + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } + + os.data = NULL; + os.length = 0; + M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); + if (ssl_version == SSL2_VERSION) { + if (os.length != 3) { + c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; goto err; - } - id=0x02000000L| - ((unsigned long)os.data[0]<<16L)| - ((unsigned long)os.data[1]<< 8L)| - (unsigned long)os.data[2]; } - else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) - { - if (os.length != 2) - { - c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; + id = 0x02000000L| + ((unsigned long)os.data[0]<<16L)| + ((unsigned long)os.data[1]<< 8L)| + (unsigned long)os.data[2]; + } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + if (os.length != 2) { + c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; goto err; - } - id=0x03000000L| - ((unsigned long)os.data[0]<<8L)| - (unsigned long)os.data[1]; } - else - { - c.error=SSL_R_UNKNOWN_SSL_VERSION; + id = 0x03000000L| + ((unsigned long)os.data[0]<<8L)| + (unsigned long)os.data[1]; + } else { + c.error = SSL_R_UNKNOWN_SSL_VERSION; goto err; - } - - ret->cipher=NULL; - ret->cipher_id=id; + } + + ret->cipher = NULL; + ret->cipher_id = id; - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) - i=SSL3_MAX_SSL_SESSION_ID_LENGTH; + M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); + if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) + i = SSL3_MAX_SSL_SESSION_ID_LENGTH; else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ - i=SSL2_MAX_SSL_SESSION_ID_LENGTH; + i = SSL2_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) os.length = i; if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ os.length = sizeof(ret->session_id); - ret->session_id_length=os.length; + ret->session_id_length = os.length; OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); - memcpy(ret->session_id,os.data,os.length); + memcpy(ret->session_id, os.data, os.length); - M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); + M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); if (os.length > SSL_MAX_MASTER_KEY_LENGTH) - ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; + ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; else - ret->master_key_length=os.length; - memcpy(ret->master_key,os.data,ret->master_key_length); + ret->master_key_length = os.length; + memcpy(ret->master_key, os.data, ret->master_key_length); - os.length=0; + os.length = 0; #ifndef OPENSSL_NO_KRB5 - os.length=0; - M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); - if (os.data) - { - if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) - ret->krb5_client_princ_len=0; + os.length = 0; + M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); + if (os.data) { + if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) + ret->krb5_client_princ_len = 0; else - ret->krb5_client_princ_len=os.length; - memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); + ret->krb5_client_princ_len = os.length; + memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->krb5_client_princ_len=0; + } else + ret->krb5_client_princ_len = 0; #endif /* OPENSSL_NO_KRB5 */ - M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); + M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); if (os.length > SSL_MAX_KEY_ARG_LENGTH) - ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; + ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; else - ret->key_arg_length=os.length; - memcpy(ret->key_arg,os.data,ret->key_arg_length); - if (os.data != NULL) OPENSSL_free(os.data); - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); - if (ai.data != NULL) - { - ret->time=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else - ret->time=(unsigned long)time(NULL); - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); - if (ai.data != NULL) - { - ret->timeout=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else - ret->timeout=3; + ret->key_arg_length = os.length; + memcpy(ret->key_arg, os.data, ret->key_arg_length); + if (os.data != NULL) + OPENSSL_free(os.data); - if (ret->peer != NULL) - { + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); + if (ai.data != NULL) { + ret->time = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->time = (unsigned long)time(NULL); + + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); + if (ai.data != NULL) { + ret->timeout = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->timeout = 3; + + if (ret->peer != NULL) { X509_free(ret->peer); - ret->peer=NULL; - } - M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); + ret->peer = NULL; + } + M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3); - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4); - if(os.data != NULL) - { - if (os.length > SSL_MAX_SID_CTX_LENGTH) - { - c.error=SSL_R_BAD_LENGTH; - goto err; - } - else - { - ret->sid_ctx_length=os.length; - memcpy(ret->sid_ctx,os.data,os.length); - } - OPENSSL_free(os.data); os.data=NULL; os.length=0; - } - else - ret->sid_ctx_length=0; - - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); - if (ai.data != NULL) - { - ret->verify_result=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; + if (os.data != NULL) { + if (os.length > SSL_MAX_SID_CTX_LENGTH) { + c.error = SSL_R_BAD_LENGTH; + goto err; + } else { + ret->sid_ctx_length = os.length; + memcpy(ret->sid_ctx, os.data, os.length); } - else - ret->verify_result=X509_V_OK; + OPENSSL_free(os.data); + os.data = NULL; + os.length = 0; + } else + ret->sid_ctx_length = 0; + + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5); + if (ai.data != NULL) { + ret->verify_result = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->verify_result = X509_V_OK; #ifndef OPENSSL_NO_TLSEXT - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); + if (os.data) { ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->tlsext_hostname=NULL; + } else + ret->tlsext_hostname = NULL; #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 7); + if (os.data) { ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->psk_identity_hint=NULL; + } else + ret->psk_identity_hint = NULL; - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 8); + if (os.data) { ret->psk_identity = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->psk_identity=NULL; + } else + ret->psk_identity = NULL; #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_TLSEXT - ai.length=0; - M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); - if (ai.data != NULL) - { - ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); - OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; - } - else if (ret->tlsext_ticklen && ret->session_id_length) - ret->tlsext_tick_lifetime_hint = -1; + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); + if (ai.data != NULL) { + ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else if (ret->tlsext_ticklen && ret->session_id_length) + ret->tlsext_tick_lifetime_hint = -1; else - ret->tlsext_tick_lifetime_hint=0; - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); - if (os.data) - { + ret->tlsext_tick_lifetime_hint = 0; + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10); + if (os.data) { ret->tlsext_tick = os.data; ret->tlsext_ticklen = os.length; os.data = NULL; os.length = 0; - } - else - ret->tlsext_tick=NULL; + } else + ret->tlsext_tick = NULL; #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_COMP - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11); + if (os.data) { ret->compress_meth = os.data[0]; OPENSSL_free(os.data); os.data = NULL; - } + } #endif #ifndef OPENSSL_NO_SRP - os.length=0; - os.data=NULL; - M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12); - if (os.data) - { + os.length = 0; + os.data = NULL; + M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12); + if (os.data) { ret->srp_username = BUF_strndup((char *)os.data, os.length); OPENSSL_free(os.data); os.data = NULL; os.length = 0; - } - else - ret->srp_username=NULL; + } else + ret->srp_username = NULL; #endif /* OPENSSL_NO_SRP */ - M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); - } + M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); +} diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 1aaddc351f8..79eb4ee0313 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -132,36 +132,36 @@ #include <openssl/bn.h> #include "ssl_locl.h" -int SSL_get_ex_data_X509_STORE_CTX_idx(void) - { - static volatile int ssl_x509_store_ctx_idx= -1; +int +SSL_get_ex_data_X509_STORE_CTX_idx(void) +{ + static volatile int ssl_x509_store_ctx_idx = -1; int got_write_lock = 0; CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - if (ssl_x509_store_ctx_idx < 0) - { + if (ssl_x509_store_ctx_idx < 0) { CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); got_write_lock = 1; - - if (ssl_x509_store_ctx_idx < 0) - { - ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( - 0,"SSL for verify callback",NULL,NULL,NULL); - } + + if (ssl_x509_store_ctx_idx < 0) { + ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( + 0, "SSL for verify callback", NULL, NULL, NULL); } + } if (got_write_lock) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); else CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - + return ssl_x509_store_ctx_idx; - } +} -static void ssl_cert_set_default_md(CERT *cert) - { +static void +ssl_cert_set_default_md(CERT *cert) +{ /* Set digest values to defaults */ #ifndef OPENSSL_NO_DSA cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); @@ -173,37 +173,37 @@ static void ssl_cert_set_default_md(CERT *cert) #ifndef OPENSSL_NO_ECDSA cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif - } +} -CERT *ssl_cert_new(void) - { +CERT +*ssl_cert_new(void) +{ CERT *ret; - ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - memset(ret,0,sizeof(CERT)); + ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); + if (ret == NULL) { + SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } + memset(ret, 0, sizeof(CERT)); - ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); - ret->references=1; + ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); + ret->references = 1; ssl_cert_set_default_md(ret); - return(ret); - } + return (ret); +} -CERT *ssl_cert_dup(CERT *cert) - { +CERT +*ssl_cert_dup(CERT *cert) +{ CERT *ret; int i; ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); - if (ret == NULL) - { + if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); - return(NULL); - } + return (NULL); + } memset(ret, 0, sizeof(CERT)); @@ -218,77 +218,64 @@ CERT *ssl_cert_dup(CERT *cert) ret->export_mask_a = cert->export_mask_a; #ifndef OPENSSL_NO_RSA - if (cert->rsa_tmp != NULL) - { + if (cert->rsa_tmp != NULL) { RSA_up_ref(cert->rsa_tmp); ret->rsa_tmp = cert->rsa_tmp; - } + } ret->rsa_tmp_cb = cert->rsa_tmp_cb; #endif #ifndef OPENSSL_NO_DH - if (cert->dh_tmp != NULL) - { + if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); - if (ret->dh_tmp == NULL) - { + if (ret->dh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); goto err; - } - if (cert->dh_tmp->priv_key) - { + } + if (cert->dh_tmp->priv_key) { BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); - if (!b) - { + if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; - } - ret->dh_tmp->priv_key = b; } - if (cert->dh_tmp->pub_key) - { + ret->dh_tmp->priv_key = b; + } + if (cert->dh_tmp->pub_key) { BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); - if (!b) - { + if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; - } - ret->dh_tmp->pub_key = b; } + ret->dh_tmp->pub_key = b; } + } ret->dh_tmp_cb = cert->dh_tmp_cb; #endif #ifndef OPENSSL_NO_ECDH - if (cert->ecdh_tmp) - { + if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); - if (ret->ecdh_tmp == NULL) - { + if (ret->ecdh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); goto err; - } } + } ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; #endif - for (i = 0; i < SSL_PKEY_NUM; i++) - { - if (cert->pkeys[i].x509 != NULL) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { + if (cert->pkeys[i].x509 != NULL) { ret->pkeys[i].x509 = cert->pkeys[i].x509; CRYPTO_add(&ret->pkeys[i].x509->references, 1, - CRYPTO_LOCK_X509); - } - - if (cert->pkeys[i].privatekey != NULL) - { + CRYPTO_LOCK_X509); + } + + if (cert->pkeys[i].privatekey != NULL) { ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, - CRYPTO_LOCK_EVP_PKEY); + CRYPTO_LOCK_EVP_PKEY); - switch(i) - { + switch (i) { /* If there was anything special to do for * certain types of keys, we'd do it here. * (Nothing at the moment, I think.) */ @@ -297,11 +284,11 @@ CERT *ssl_cert_dup(CERT *cert) case SSL_PKEY_RSA_SIGN: /* We have an RSA key. */ break; - + case SSL_PKEY_DSA_SIGN: /* We have a DSA key. */ break; - + case SSL_PKEY_DH_RSA: case SSL_PKEY_DH_DSA: /* We have a DH key. */ @@ -314,21 +301,21 @@ CERT *ssl_cert_dup(CERT *cert) default: /* Can't happen. */ SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); - } } } - + } + /* ret->extra_certs *should* exist, but currently the own certificate * chain is held inside SSL_CTX */ - ret->references=1; + ret->references = 1; /* Set digests to defaults. NB: we don't copy existing values as they * will be set during handshake. */ ssl_cert_set_default_md(ret); - return(ret); - + return (ret); + #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) err: #endif @@ -345,50 +332,52 @@ err: EC_KEY_free(ret->ecdh_tmp); #endif - for (i = 0; i < SSL_PKEY_NUM; i++) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { if (ret->pkeys[i].x509 != NULL) X509_free(ret->pkeys[i].x509); if (ret->pkeys[i].privatekey != NULL) EVP_PKEY_free(ret->pkeys[i].privatekey); - } + } return NULL; - } +} -void ssl_cert_free(CERT *c) - { +void +ssl_cert_free(CERT *c) +{ int i; - if(c == NULL) - return; + if (c == NULL) + return; - i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); + i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); #ifdef REF_PRINT - REF_PRINT("CERT",c); + REF_PRINT("CERT", c); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ssl_cert_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "ssl_cert_free, bad reference count\n"); abort(); /* ok */ - } + } #endif #ifndef OPENSSL_NO_RSA - if (c->rsa_tmp) RSA_free(c->rsa_tmp); + if (c->rsa_tmp) + RSA_free(c->rsa_tmp); #endif #ifndef OPENSSL_NO_DH - if (c->dh_tmp) DH_free(c->dh_tmp); + if (c->dh_tmp) + DH_free(c->dh_tmp); #endif #ifndef OPENSSL_NO_ECDH - if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); + if (c->ecdh_tmp) + EC_KEY_free(c->ecdh_tmp); #endif - for (i=0; i<SSL_PKEY_NUM; i++) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { if (c->pkeys[i].x509 != NULL) X509_free(c->pkeys[i].x509); if (c->pkeys[i].privatekey != NULL) @@ -397,12 +386,13 @@ void ssl_cert_free(CERT *c) if (c->pkeys[i].publickey != NULL) EVP_PKEY_free(c->pkeys[i].publickey); #endif - } - OPENSSL_free(c); } + OPENSSL_free(c); +} -int ssl_cert_inst(CERT **o) - { +int +ssl_cert_inst(CERT **o) +{ /* Create a CERT if there isn't already one * (which cannot really happen, as it is initially created in * SSL_CTX_new; but the earlier code usually allows for that one @@ -412,44 +402,42 @@ int ssl_cert_inst(CERT **o) * s->cert being NULL, otherwise we could do without the * initialization in SSL_CTX_new). */ - - if (o == NULL) - { + + if (o == NULL) { SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (*o == NULL) - { - if ((*o = ssl_cert_new()) == NULL) - { + return (0); + } + if (*o == NULL) { + if ((*o = ssl_cert_new()) == NULL) { SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); - return(0); - } + return (0); } - return(1); } + return (1); +} -SESS_CERT *ssl_sess_cert_new(void) - { +SESS_CERT +*ssl_sess_cert_new(void) +{ SESS_CERT *ret; ret = OPENSSL_malloc(sizeof *ret); - if (ret == NULL) - { + if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; - } + } - memset(ret, 0 ,sizeof *ret); + memset(ret, 0 , sizeof *ret); ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; return ret; - } +} -void ssl_sess_cert_free(SESS_CERT *sc) - { +void +ssl_sess_cert_free(SESS_CERT *sc) +{ int i; if (sc == NULL) @@ -462,27 +450,25 @@ void ssl_sess_cert_free(SESS_CERT *sc) if (i > 0) return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); abort(); /* ok */ - } + } #endif /* i == 0 */ if (sc->cert_chain != NULL) sk_X509_pop_free(sc->cert_chain, X509_free); - for (i = 0; i < SSL_PKEY_NUM; i++) - { + for (i = 0; i < SSL_PKEY_NUM; i++) { if (sc->peer_pkeys[i].x509 != NULL) X509_free(sc->peer_pkeys[i].x509); #if 0 /* We don't have the peer's private key. These lines are just - * here as a reminder that we're still using a not-quite-appropriate - * data structure. */ + * here as a reminder that we're still using a not-quite-appropriate + * data structure. */ if (sc->peer_pkeys[i].privatekey != NULL) EVP_PKEY_free(sc->peer_pkeys[i].privatekey); #endif - } + } #ifndef OPENSSL_NO_RSA if (sc->peer_rsa_tmp != NULL) @@ -498,34 +484,35 @@ void ssl_sess_cert_free(SESS_CERT *sc) #endif OPENSSL_free(sc); - } +} -int ssl_set_peer_cert_type(SESS_CERT *sc,int type) - { +int +ssl_set_peer_cert_type(SESS_CERT *sc, int type) +{ sc->peer_cert_type = type; - return(1); - } + return (1); +} -int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) - { +int +ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) +{ X509 *x; int i; X509_STORE_CTX ctx; if ((sk == NULL) || (sk_X509_num(sk) == 0)) - return(0); + return (0); - x=sk_X509_value(sk,0); - if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) - { - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } + x = sk_X509_value(sk, 0); + if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { + SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); + return (0); + } #if 0 if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); #endif - X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); + X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); /* We need to inherit the verify parameters. These can be determined by * the context: if its a server it will verify SSL client certificates @@ -533,7 +520,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) */ X509_STORE_CTX_set_default(&ctx, - s->server ? "ssl_client" : "ssl_server"); + s->server ? "ssl_client" : "ssl_server"); /* Anything non-default in "param" should overwrite anything in the * ctx. */ @@ -544,121 +531,127 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) if (s->ctx->app_verify_callback != NULL) #if 1 /* new with OpenSSL 0.9.7 */ - i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); + i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); + #else - i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ + i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ #endif - else - { + else { #ifndef OPENSSL_NO_X509_VERIFY - i=X509_verify_cert(&ctx); + i = X509_verify_cert(&ctx); #else - i=0; - ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); + i = 0; + ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; + SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); #endif - } + } - s->verify_result=ctx.error; + s->verify_result = ctx.error; X509_STORE_CTX_cleanup(&ctx); - return(i); - } + return (i); +} -static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) - { +static void +set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) +{ if (*ca_list != NULL) - sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); + sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); - *ca_list=name_list; - } + *ca_list = name_list; +} -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) - { +STACK_OF(X509_NAME) +*SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) +{ int i; STACK_OF(X509_NAME) *ret; X509_NAME *name; - ret=sk_X509_NAME_new_null(); - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); - if ((name == NULL) || !sk_X509_NAME_push(ret,name)) - { - sk_X509_NAME_pop_free(ret,X509_NAME_free); - return(NULL); - } + ret = sk_X509_NAME_new_null(); + for (i = 0; i < sk_X509_NAME_num(sk); i++) { + name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); + if ((name == NULL) || !sk_X509_NAME_push(ret, name)) { + sk_X509_NAME_pop_free(ret, X509_NAME_free); + return (NULL); } - return(ret); } - -void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) - { - set_client_CA_list(&(s->client_CA),name_list); - } - -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) - { - set_client_CA_list(&(ctx->client_CA),name_list); - } - -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) - { - return(ctx->client_CA); - } - -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) - { + return (ret); +} + +void +SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) +{ + set_client_CA_list(&(s->client_CA), name_list); +} + +void +SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) +{ + set_client_CA_list(&(ctx->client_CA), name_list); +} + +STACK_OF(X509_NAME) +*SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) +{ + return (ctx->client_CA); +} + +STACK_OF(X509_NAME) +*SSL_get_client_CA_list(const SSL *s) +{ if (s->type == SSL_ST_CONNECT) - { /* we are in the client */ - if (((s->version>>8) == SSL3_VERSION_MAJOR) && + { /* we are in the client */ + if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL)) - return(s->s3->tmp.ca_names); + return (s->s3->tmp.ca_names); else - return(NULL); - } - else - { + return (NULL); + } else { if (s->client_CA != NULL) - return(s->client_CA); + return (s->client_CA); else - return(s->ctx->client_CA); - } + return (s->ctx->client_CA); } +} -static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) - { +static int +add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) +{ X509_NAME *name; - if (x == NULL) return(0); - if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) - return(0); - - if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) - return(0); - - if (!sk_X509_NAME_push(*sk,name)) - { - X509_NAME_free(name); - return(0); - } - return(1); - } + if (x == NULL) + return (0); + if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) + return (0); -int SSL_add_client_CA(SSL *ssl,X509 *x) - { - return(add_client_CA(&(ssl->client_CA),x)); - } + if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) + return (0); -int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) - { - return(add_client_CA(&(ctx->client_CA),x)); - } - -static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) - { - return(X509_NAME_cmp(*a,*b)); + if (!sk_X509_NAME_push(*sk, name)) { + X509_NAME_free(name); + return (0); } + return (1); +} + +int +SSL_add_client_CA(SSL *ssl, X509 *x) +{ + return (add_client_CA(&(ssl->client_CA), x)); +} + +int +SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +{ + return (add_client_CA(&(ctx->client_CA), x)); +} + +static int +xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) +{ + return (X509_NAME_cmp(*a, *b)); +} #ifndef OPENSSL_NO_STDIO /*! @@ -669,65 +662,65 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) * \param file the file containing one or more certs. * \return a ::STACK containing the certs. */ -STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) - { +STACK_OF(X509_NAME) +*SSL_load_client_CA_file(const char *file) +{ BIO *in; - X509 *x=NULL; - X509_NAME *xn=NULL; - STACK_OF(X509_NAME) *ret = NULL,*sk; + X509 *x = NULL; + X509_NAME *xn = NULL; + STACK_OF(X509_NAME) *ret = NULL, *sk; - sk=sk_X509_NAME_new(xname_cmp); + sk = sk_X509_NAME_new(xname_cmp); - in=BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file_internal()); - if ((sk == NULL) || (in == NULL)) - { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); + if ((sk == NULL) || (in == NULL)) { + SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); goto err; - } - - if (!BIO_read_filename(in,file)) + } + + if (!BIO_read_filename(in, file)) goto err; - for (;;) - { - if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) + for (;;) { + if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) break; - if (ret == NULL) - { + if (ret == NULL) { ret = sk_X509_NAME_new_null(); - if (ret == NULL) - { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); + if (ret == NULL) { + SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); goto err; - } } - if ((xn=X509_get_subject_name(x)) == NULL) goto err; - /* check for duplicates */ - xn=X509_NAME_dup(xn); - if (xn == NULL) goto err; - if (sk_X509_NAME_find(sk,xn) >= 0) + } + if ((xn = X509_get_subject_name(x)) == NULL) goto err; + /* check for duplicates */ + xn = X509_NAME_dup(xn); + if (xn == NULL) + goto err; + if (sk_X509_NAME_find(sk, xn) >= 0) X509_NAME_free(xn); - else - { - sk_X509_NAME_push(sk,xn); - sk_X509_NAME_push(ret,xn); - } + else { + sk_X509_NAME_push(sk, xn); + sk_X509_NAME_push(ret, xn); } + } - if (0) - { + if (0) { err: - if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); - ret=NULL; - } - if (sk != NULL) sk_X509_NAME_free(sk); - if (in != NULL) BIO_free(in); - if (x != NULL) X509_free(x); + if (ret != NULL) + sk_X509_NAME_pop_free(ret, X509_NAME_free); + ret = NULL; + } + if (sk != NULL) + sk_X509_NAME_free(sk); + if (in != NULL) + BIO_free(in); + if (x != NULL) + X509_free(x); if (ret != NULL) ERR_clear_error(); - return(ret); - } + return (ret); +} #endif /*! @@ -739,57 +732,56 @@ err: * certs may have been added to \c stack. */ -int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *file) - { +int +SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *file) +{ BIO *in; - X509 *x=NULL; - X509_NAME *xn=NULL; - int ret=1; + X509 *x = NULL; + X509_NAME *xn = NULL; + int ret = 1; int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); - - oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); - - in=BIO_new(BIO_s_file_internal()); - - if (in == NULL) - { - SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); + + oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); + + in = BIO_new(BIO_s_file_internal()); + + if (in == NULL) { + SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); goto err; - } - - if (!BIO_read_filename(in,file)) + } + + if (!BIO_read_filename(in, file)) goto err; - - for (;;) - { - if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) + + for (;;) { + if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) break; - if ((xn=X509_get_subject_name(x)) == NULL) goto err; - xn=X509_NAME_dup(xn); - if (xn == NULL) goto err; - if (sk_X509_NAME_find(stack,xn) >= 0) + if ((xn = X509_get_subject_name(x)) == NULL) goto err; + xn = X509_NAME_dup(xn); + if (xn == NULL) + goto err; + if (sk_X509_NAME_find(stack, xn) >= 0) X509_NAME_free(xn); else - sk_X509_NAME_push(stack,xn); - } + sk_X509_NAME_push(stack, xn); + } ERR_clear_error(); - if (0) - { + if (0) { err: - ret=0; - } - if(in != NULL) + ret = 0; + } + if (in != NULL) BIO_free(in); - if(x != NULL) + if (x != NULL) X509_free(x); - - (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); + + (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); return ret; - } +} /*! * Add a directory of certs to a stack. @@ -802,9 +794,10 @@ err: * certs may have been added to \c stack. */ -int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *dir) - { +int +SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *dir) +{ OPENSSL_DIR_CTX *d = NULL; const char *filename; int ret = 0; @@ -813,36 +806,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, /* Note that a side effect is that the CAs will be sorted by name */ - while((filename = OPENSSL_DIR_read(&d, dir))) - { + while ((filename = OPENSSL_DIR_read(&d, dir))) { char buf[1024]; int r; - if(strlen(dir)+strlen(filename)+2 > sizeof buf) - { - SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); + if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { + SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); goto err; - } - r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); + } + r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); if (r <= 0 || r >= (int)sizeof(buf)) goto err; - if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) + if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) goto err; - } + } - if (errno) - { + if (errno) { SYSerr(SYS_F_OPENDIR, errno); ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); goto err; - } + } ret = 1; err: - if (d) OPENSSL_DIR_end(&d); + if (d) + OPENSSL_DIR_end(&d); CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; - } +} diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 0aba8e048c5..f37c70cf915 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -167,15 +167,15 @@ #define SSL_ENC_NUM_IDX 14 -static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ - NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL - }; +static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL +}; #define SSL_COMP_NULL_IDX 0 #define SSL_COMP_ZLIB_IDX 1 #define SSL_COMP_NUM_IDX 2 -static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; +static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #define SSL_MD_MD5_IDX 0 #define SSL_MD_SHA1_IDX 1 @@ -187,27 +187,27 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; * defined in the * ssl_locl.h */ #define SSL_MD_NUM_IDX SSL_MAX_DIGEST -static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ - NULL,NULL,NULL,NULL,NULL,NULL - }; +static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { + NULL, NULL, NULL, NULL, NULL, NULL +}; /* PKEY_TYPE for GOST89MAC is known in advance, but, because * implementation is engine-provided, we'll fill it only if * corresponding EVP_PKEY_METHOD is found */ -static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ - EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, - EVP_PKEY_HMAC,EVP_PKEY_HMAC - }; +static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { + EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, + EVP_PKEY_HMAC, EVP_PKEY_HMAC +}; -static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ - 0,0,0,0,0,0 - }; +static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { + 0, 0, 0, 0, 0, 0 +}; -static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ - SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, +static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { + SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, SSL_HANDSHAKE_MAC_SHA384 - }; +}; #define CIPHER_ADD 1 #define CIPHER_KILL 2 @@ -215,376 +215,371 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ #define CIPHER_ORD 4 #define CIPHER_SPECIAL 5 -typedef struct cipher_order_st - { +typedef struct cipher_order_st { const SSL_CIPHER *cipher; int active; int dead; - struct cipher_order_st *next,*prev; - } CIPHER_ORDER; + struct cipher_order_st *next, *prev; +} CIPHER_ORDER; -static const SSL_CIPHER cipher_aliases[]={ +static const SSL_CIPHER cipher_aliases[] = { /* "ALL" doesn't include eNULL (must be specifically enabled) */ - {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, + {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, /* "COMPLEMENTOFALL" */ - {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, + {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ - {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, + {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, /* key exchange aliases * (some of those using only a single bit here combine * multiple key exchange algs according to the RFCs, * e.g. kEDH combines DHE_DSS and DHE_RSA) */ - {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, - {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, - {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, - {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, /* server authentication aliases */ - {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, - {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, + {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ - {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, - {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, + {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, /* aliases combining key exchange and server authentication */ - {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, - {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, - {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, - {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, - {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, + {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, /* symmetric encryption aliases */ - {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, - {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, - {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, - {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, - {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, - {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, - {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, - {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, - {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, - {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, - {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, - {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, - - /* MAC aliases */ - {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, - {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, - {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, - {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, - {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, - {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, - {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, + {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, + + /* MAC aliases */ + {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, + {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, + {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, + {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, /* protocol version aliases */ - {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, - {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, - {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, - {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, + {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, + {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, + {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, + {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, /* export flag */ - {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, - {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, + {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, + {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, /* strength classes */ - {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, - {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, - {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, - {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, - {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, + {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, + {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, + {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, + {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, + {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, /* FIPS 140-2 approved ciphersuite */ - {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, - }; + {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, +}; /* Search for public key algorithm with given name and * return its pkey_id if it is available. Otherwise return 0 */ #ifdef OPENSSL_NO_ENGINE -static int get_optional_pkey_id(const char *pkey_name) - { +static int +get_optional_pkey_id(const char *pkey_name) +{ const EVP_PKEY_ASN1_METHOD *ameth; - int pkey_id=0; - ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); - if (ameth) - { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); - } - return pkey_id; + int pkey_id = 0; + ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); + if (ameth) { + EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); } + return pkey_id; +} #else -static int get_optional_pkey_id(const char *pkey_name) - { +static int +get_optional_pkey_id(const char *pkey_name) +{ const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *tmpeng = NULL; - int pkey_id=0; - ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); - if (ameth) - { - EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); - } - if (tmpeng) ENGINE_finish(tmpeng); - return pkey_id; + int pkey_id = 0; + ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); + if (ameth) { + EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); } + if (tmpeng) + ENGINE_finish(tmpeng); + return pkey_id; +} #endif -void ssl_load_ciphers(void) - { - ssl_cipher_methods[SSL_ENC_DES_IDX]= - EVP_get_cipherbyname(SN_des_cbc); +void +ssl_load_ciphers(void) +{ + ssl_cipher_methods[SSL_ENC_DES_IDX]= + EVP_get_cipherbyname(SN_des_cbc); ssl_cipher_methods[SSL_ENC_3DES_IDX]= - EVP_get_cipherbyname(SN_des_ede3_cbc); + EVP_get_cipherbyname(SN_des_ede3_cbc); ssl_cipher_methods[SSL_ENC_RC4_IDX]= - EVP_get_cipherbyname(SN_rc4); - ssl_cipher_methods[SSL_ENC_RC2_IDX]= - EVP_get_cipherbyname(SN_rc2_cbc); + EVP_get_cipherbyname(SN_rc4); + ssl_cipher_methods[SSL_ENC_RC2_IDX]= + EVP_get_cipherbyname(SN_rc2_cbc); #ifndef OPENSSL_NO_IDEA - ssl_cipher_methods[SSL_ENC_IDEA_IDX]= - EVP_get_cipherbyname(SN_idea_cbc); + ssl_cipher_methods[SSL_ENC_IDEA_IDX]= + EVP_get_cipherbyname(SN_idea_cbc); #else - ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; + ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; #endif ssl_cipher_methods[SSL_ENC_AES128_IDX]= - EVP_get_cipherbyname(SN_aes_128_cbc); + EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= - EVP_get_cipherbyname(SN_aes_256_cbc); + EVP_get_cipherbyname(SN_aes_256_cbc); ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= - EVP_get_cipherbyname(SN_camellia_128_cbc); + EVP_get_cipherbyname(SN_camellia_128_cbc); ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= - EVP_get_cipherbyname(SN_camellia_256_cbc); + EVP_get_cipherbyname(SN_camellia_256_cbc); ssl_cipher_methods[SSL_ENC_GOST89_IDX]= - EVP_get_cipherbyname(SN_gost89_cnt); + EVP_get_cipherbyname(SN_gost89_cnt); ssl_cipher_methods[SSL_ENC_SEED_IDX]= - EVP_get_cipherbyname(SN_seed_cbc); + EVP_get_cipherbyname(SN_seed_cbc); ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= - EVP_get_cipherbyname(SN_aes_128_gcm); + EVP_get_cipherbyname(SN_aes_128_gcm); ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= - EVP_get_cipherbyname(SN_aes_256_gcm); + EVP_get_cipherbyname(SN_aes_256_gcm); ssl_digest_methods[SSL_MD_MD5_IDX]= - EVP_get_digestbyname(SN_md5); + EVP_get_digestbyname(SN_md5); ssl_mac_secret_size[SSL_MD_MD5_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); ssl_digest_methods[SSL_MD_SHA1_IDX]= - EVP_get_digestbyname(SN_sha1); + EVP_get_digestbyname(SN_sha1); ssl_mac_secret_size[SSL_MD_SHA1_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); ssl_digest_methods[SSL_MD_GOST94_IDX]= - EVP_get_digestbyname(SN_id_GostR3411_94); - if (ssl_digest_methods[SSL_MD_GOST94_IDX]) - { + EVP_get_digestbyname(SN_id_GostR3411_94); + if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { ssl_mac_secret_size[SSL_MD_GOST94_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); - } + } ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= - EVP_get_digestbyname(SN_id_Gost28147_89_MAC); - ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); - if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { - ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; - } + EVP_get_digestbyname(SN_id_Gost28147_89_MAC); + ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); + if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { + ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; + } ssl_digest_methods[SSL_MD_SHA256_IDX]= - EVP_get_digestbyname(SN_sha256); + EVP_get_digestbyname(SN_sha256); ssl_mac_secret_size[SSL_MD_SHA256_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); + EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); ssl_digest_methods[SSL_MD_SHA384_IDX]= - EVP_get_digestbyname(SN_sha384); + EVP_get_digestbyname(SN_sha384); ssl_mac_secret_size[SSL_MD_SHA384_IDX]= - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); - } + EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); +} #ifndef OPENSSL_NO_COMP -static int sk_comp_cmp(const SSL_COMP * const *a, - const SSL_COMP * const *b) - { - return((*a)->id-(*b)->id); - } +static int +sk_comp_cmp(const SSL_COMP * const *a, + const SSL_COMP * const *b) +{ + return ((*a)->id - (*b)->id); +} -static void load_builtin_compressions(void) - { +static void +load_builtin_compressions(void) +{ int got_write_lock = 0; CRYPTO_r_lock(CRYPTO_LOCK_SSL); - if (ssl_comp_methods == NULL) - { + if (ssl_comp_methods == NULL) { CRYPTO_r_unlock(CRYPTO_LOCK_SSL); CRYPTO_w_lock(CRYPTO_LOCK_SSL); got_write_lock = 1; - - if (ssl_comp_methods == NULL) - { + + if (ssl_comp_methods == NULL) { SSL_COMP *comp = NULL; MemCheck_off(); - ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) - { - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) - { - comp->method=COMP_zlib(); + ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); + if (ssl_comp_methods != NULL) { + comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (comp != NULL) { + comp->method = COMP_zlib(); if (comp->method && comp->method->type == NID_undef) - OPENSSL_free(comp); - else - { - comp->id=SSL_COMP_ZLIB_IDX; - comp->name=comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods,comp); - } + OPENSSL_free(comp); + else { + comp->id = SSL_COMP_ZLIB_IDX; + comp->name = comp->method->name; + sk_SSL_COMP_push(ssl_comp_methods, comp); } - sk_SSL_COMP_sort(ssl_comp_methods); } - MemCheck_on(); + sk_SSL_COMP_sort(ssl_comp_methods); } + MemCheck_on(); } - + } + if (got_write_lock) CRYPTO_w_unlock(CRYPTO_LOCK_SSL); else CRYPTO_r_unlock(CRYPTO_LOCK_SSL); - } +} #endif -int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) - { +int +ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, + const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp) +{ int i; const SSL_CIPHER *c; - c=s->cipher; - if (c == NULL) return(0); - if (comp != NULL) - { + c = s->cipher; + if (c == NULL) + return (0); + if (comp != NULL) { SSL_COMP ctmp; #ifndef OPENSSL_NO_COMP load_builtin_compressions(); #endif - *comp=NULL; - ctmp.id=s->compress_meth; - if (ssl_comp_methods != NULL) - { - i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); + *comp = NULL; + ctmp.id = s->compress_meth; + if (ssl_comp_methods != NULL) { + i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); if (i >= 0) - *comp=sk_SSL_COMP_value(ssl_comp_methods,i); + *comp = sk_SSL_COMP_value(ssl_comp_methods, i); else - *comp=NULL; - } + *comp = NULL; } + } - if ((enc == NULL) || (md == NULL)) return(0); + if ((enc == NULL) + || (md == NULL)) return (0); - switch (c->algorithm_enc) - { + switch (c->algorithm_enc) { case SSL_DES: - i=SSL_ENC_DES_IDX; + i = SSL_ENC_DES_IDX; break; case SSL_3DES: - i=SSL_ENC_3DES_IDX; + i = SSL_ENC_3DES_IDX; break; case SSL_RC4: - i=SSL_ENC_RC4_IDX; + i = SSL_ENC_RC4_IDX; break; case SSL_RC2: - i=SSL_ENC_RC2_IDX; + i = SSL_ENC_RC2_IDX; break; case SSL_IDEA: - i=SSL_ENC_IDEA_IDX; + i = SSL_ENC_IDEA_IDX; break; case SSL_eNULL: - i=SSL_ENC_NULL_IDX; + i = SSL_ENC_NULL_IDX; break; case SSL_AES128: - i=SSL_ENC_AES128_IDX; + i = SSL_ENC_AES128_IDX; break; case SSL_AES256: - i=SSL_ENC_AES256_IDX; + i = SSL_ENC_AES256_IDX; break; case SSL_CAMELLIA128: - i=SSL_ENC_CAMELLIA128_IDX; + i = SSL_ENC_CAMELLIA128_IDX; break; case SSL_CAMELLIA256: - i=SSL_ENC_CAMELLIA256_IDX; + i = SSL_ENC_CAMELLIA256_IDX; break; case SSL_eGOST2814789CNT: - i=SSL_ENC_GOST89_IDX; + i = SSL_ENC_GOST89_IDX; break; case SSL_SEED: - i=SSL_ENC_SEED_IDX; + i = SSL_ENC_SEED_IDX; break; case SSL_AES128GCM: - i=SSL_ENC_AES128GCM_IDX; + i = SSL_ENC_AES128GCM_IDX; break; case SSL_AES256GCM: - i=SSL_ENC_AES256GCM_IDX; + i = SSL_ENC_AES256GCM_IDX; break; default: - i= -1; + i = -1; break; - } + } if ((i < 0) || (i > SSL_ENC_NUM_IDX)) - *enc=NULL; - else - { + *enc = NULL; + else { if (i == SSL_ENC_NULL_IDX) - *enc=EVP_enc_null(); + *enc = EVP_enc_null(); else - *enc=ssl_cipher_methods[i]; - } + *enc = ssl_cipher_methods[i]; + } - switch (c->algorithm_mac) - { + switch (c->algorithm_mac) { case SSL_MD5: - i=SSL_MD_MD5_IDX; + i = SSL_MD_MD5_IDX; break; case SSL_SHA1: - i=SSL_MD_SHA1_IDX; + i = SSL_MD_SHA1_IDX; break; case SSL_SHA256: - i=SSL_MD_SHA256_IDX; + i = SSL_MD_SHA256_IDX; break; case SSL_SHA384: - i=SSL_MD_SHA384_IDX; + i = SSL_MD_SHA384_IDX; break; case SSL_GOST94: i = SSL_MD_GOST94_IDX; @@ -593,63 +588,63 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, i = SSL_MD_GOST89MAC_IDX; break; default: - i= -1; + i = -1; break; - } - if ((i < 0) || (i > SSL_MD_NUM_IDX)) - { - *md=NULL; - if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; - if (mac_secret_size!=NULL) *mac_secret_size = 0; + } + if ((i < 0) || (i > SSL_MD_NUM_IDX)) { + *md = NULL; + + if (mac_pkey_type != NULL) + *mac_pkey_type = NID_undef; + if (mac_secret_size != NULL) + *mac_secret_size = 0; if (c->algorithm_mac == SSL_AEAD) mac_pkey_type = NULL; - } - else - { - *md=ssl_digest_methods[i]; - if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; - if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; + } else { + *md = ssl_digest_methods[i]; + if (mac_pkey_type != NULL) + *mac_pkey_type = ssl_mac_pkey_id[i]; + if (mac_secret_size != NULL) + *mac_secret_size = ssl_mac_secret_size[i]; } if ((*enc != NULL) && - (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && - (!mac_pkey_type||*mac_pkey_type != NID_undef)) - { + (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && + (!mac_pkey_type || *mac_pkey_type != NID_undef)) { const EVP_CIPHER *evp; - if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || - s->ssl_version < TLS1_VERSION) - return 1; + if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || + s->ssl_version < TLS1_VERSION) + return 1; #ifdef OPENSSL_FIPS if (FIPS_mode()) return 1; #endif - if (c->algorithm_enc == SSL_RC4 && - c->algorithm_mac == SSL_MD5 && - (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) - *enc = evp, *md = NULL; + if (c->algorithm_enc == SSL_RC4 && + c->algorithm_mac == SSL_MD5 && + (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) + *enc = evp, *md = NULL; else if (c->algorithm_enc == SSL_AES128 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; + c->algorithm_mac == SSL_SHA1 && + (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; else if (c->algorithm_enc == SSL_AES256 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; - return(1); - } - else - return(0); - } + c->algorithm_mac == SSL_SHA1 && + (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; + return (1); + } else + return (0); +} -int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) +int +ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) { - if (idx <0||idx>=SSL_MD_NUM_IDX) - { + if (idx < 0 || idx >= SSL_MD_NUM_IDX) { return 0; - } + } *mask = ssl_handshake_digest_flag[idx]; if (*mask) *md = ssl_digest_methods[idx]; @@ -661,40 +656,45 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) #define ITEM_SEP(a) \ (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) -static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) - { - if (curr == *tail) return; +static void +ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, + CIPHER_ORDER **tail) +{ + if (curr == *tail) + return; if (curr == *head) - *head=curr->next; + *head = curr->next; if (curr->prev != NULL) - curr->prev->next=curr->next; + curr->prev->next = curr->next; if (curr->next != NULL) - curr->next->prev=curr->prev; - (*tail)->next=curr; + curr->next->prev = curr->prev; + (*tail)->next = curr; curr->prev= *tail; - curr->next=NULL; - *tail=curr; - } + curr->next = NULL; + *tail = curr; +} -static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) - { - if (curr == *head) return; +static void +ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, + CIPHER_ORDER **tail) +{ + if (curr == *head) + return; if (curr == *tail) - *tail=curr->prev; + *tail = curr->prev; if (curr->next != NULL) - curr->next->prev=curr->prev; + curr->next->prev = curr->prev; if (curr->prev != NULL) - curr->prev->next=curr->next; - (*head)->prev=curr; + curr->prev->next = curr->next; + (*head)->prev = curr; curr->next= *head; - curr->prev=NULL; - *head=curr; - } + curr->prev = NULL; + *head = curr; +} -static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) - { +static void +ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) +{ *mkey = 0; *auth = 0; *enc = 0; @@ -743,44 +743,45 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un /* Disable GOST key exchange if no GOST signature algs are available * */ if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { *mkey |= SSL_kGOST; - } + } #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; #endif - - - - *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; - *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; - *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0; - *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; - *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; - *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; - *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; - - *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; - *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; - *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0; - *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0; - *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; - *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; - } -static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, - CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) - { + + *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; + *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; + + *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; + *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; + *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; + *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; + *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; + *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; + +} + +static void +ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, + int num_of_ciphers, +unsigned long disabled_mkey, unsigned long disabled_auth, + unsigned long disabled_enc, unsigned long disabled_mac, +unsigned long disabled_ssl, + CIPHER_ORDER *co_list, +CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) +{ int i, co_list_num; const SSL_CIPHER *c; @@ -793,68 +794,64 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* Get the initial list of ciphers */ co_list_num = 0; /* actual count of ciphers */ - for (i = 0; i < num_of_ciphers; i++) - { + for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && #ifdef OPENSSL_FIPS - (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && + (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && #endif - !(c->algorithm_mkey & disabled_mkey) && - !(c->algorithm_auth & disabled_auth) && - !(c->algorithm_enc & disabled_enc) && - !(c->algorithm_mac & disabled_mac) && - !(c->algorithm_ssl & disabled_ssl)) - { + !(c->algorithm_mkey & disabled_mkey) && + !(c->algorithm_auth & disabled_auth) && + !(c->algorithm_enc & disabled_enc) && + !(c->algorithm_mac & disabled_mac) && + !(c->algorithm_ssl & disabled_ssl)) { co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL; co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; co_list_num++; #ifdef KSSL_DEBUG - printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); + printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth); #endif /* KSSL_DEBUG */ /* if (!sk_push(ca_list,(char *)c)) goto err; */ - } } + } /* * Prepare linked list from list entries */ - if (co_list_num > 0) - { + if (co_list_num > 0) { co_list[0].prev = NULL; - if (co_list_num > 1) - { + if (co_list_num > 1) { co_list[0].next = &co_list[1]; - - for (i = 1; i < co_list_num - 1; i++) - { + + for (i = 1; i < co_list_num - 1; i++) { co_list[i].prev = &co_list[i - 1]; co_list[i].next = &co_list[i + 1]; - } + } co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; - } - + } + co_list[co_list_num - 1].next = NULL; *head_p = &co_list[0]; *tail_p = &co_list[co_list_num - 1]; - } } +} -static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, - int num_of_group_aliases, - unsigned long disabled_mkey, unsigned long disabled_auth, - unsigned long disabled_enc, unsigned long disabled_mac, - unsigned long disabled_ssl, - CIPHER_ORDER *head) - { +static void +ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, + int num_of_group_aliases, +unsigned long disabled_mkey, unsigned long disabled_auth, + unsigned long disabled_enc, unsigned long disabled_mac, +unsigned long disabled_ssl, + CIPHER_ORDER *head) +{ CIPHER_ORDER *ciph_curr; const SSL_CIPHER **ca_curr; int i; @@ -869,12 +866,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, */ ciph_curr = head; ca_curr = ca_list; - while (ciph_curr != NULL) - { + while (ciph_curr != NULL) { *ca_curr = ciph_curr->cipher; ca_curr++; ciph_curr = ciph_curr->next; - } + } /* * Now we add the available ones from the cipher_aliases[] table. @@ -882,8 +878,7 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, * in any affected category must be supported (set in enabled_mask), * or represent a cipher strength value (will be added in any case because algorithms=0). */ - for (i = 0; i < num_of_group_aliases; i++) - { + for (i = 0; i < num_of_group_aliases; i++) { unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; @@ -893,45 +888,46 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, if (algorithm_mkey) if ((algorithm_mkey & mask_mkey) == 0) continue; - + if (algorithm_auth) if ((algorithm_auth & mask_auth) == 0) continue; - + if (algorithm_enc) if ((algorithm_enc & mask_enc) == 0) continue; - + if (algorithm_mac) if ((algorithm_mac & mask_mac) == 0) continue; - + if (algorithm_ssl) if ((algorithm_ssl & mask_ssl) == 0) continue; - + *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); ca_curr++; - } + } *ca_curr = NULL; /* end of list */ - } +} -static void ssl_cipher_apply_rule(unsigned long cipher_id, - unsigned long alg_mkey, unsigned long alg_auth, - unsigned long alg_enc, unsigned long alg_mac, - unsigned long alg_ssl, - unsigned long algo_strength, - int rule, int strength_bits, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) - { +static void +ssl_cipher_apply_rule(unsigned long cipher_id, + unsigned long alg_mkey, unsigned long alg_auth, +unsigned long alg_enc, unsigned long alg_mac, + unsigned long alg_ssl, +unsigned long algo_strength, + int rule, int strength_bits, +CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) +{ CIPHER_ORDER *head, *tail, *curr, *curr2, *last; const SSL_CIPHER *cp; int reverse = 0; #ifdef CIPHER_DEBUG printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", - rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); + rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); #endif if (rule == CIPHER_DEL) @@ -940,21 +936,18 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, head = *head_p; tail = *tail_p; - if (reverse) - { + if (reverse) { curr = tail; last = head; - } - else - { + } else { curr = head; last = tail; - } + } curr2 = curr; - for (;;) - { - if ((curr == NULL) || (curr == last)) break; + for (;;) { + if ((curr == NULL) + || (curr == last)) break; curr = curr2; curr2 = reverse ? curr->prev : curr->next; @@ -964,13 +957,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, * Selection criteria is either the value of strength_bits * or the algorithms used. */ - if (strength_bits >= 0) - { + if (strength_bits >= 0) { if (strength_bits != cp->strength_bits) continue; - } - else - { + } else { #ifdef CIPHER_DEBUG printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); #endif @@ -989,45 +979,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, continue; if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) continue; - } + } #ifdef CIPHER_DEBUG printf("Action = %d\n", rule); #endif /* add the cipher if it has not been added yet. */ - if (rule == CIPHER_ADD) - { + if (rule == CIPHER_ADD) { /* reverse == 0 */ - if (!curr->active) - { + if (!curr->active) { ll_append_tail(&head, curr, &tail); curr->active = 1; - } } + } /* Move the added cipher to this location */ - else if (rule == CIPHER_ORD) - { + else if (rule == CIPHER_ORD) { /* reverse == 0 */ - if (curr->active) - { + if (curr->active) { ll_append_tail(&head, curr, &tail); - } } - else if (rule == CIPHER_DEL) - { + } else if (rule == CIPHER_DEL) { /* reverse == 1 */ - if (curr->active) - { + if (curr->active) { /* most recently deleted ciphersuites get best positions * for any future CIPHER_ADD (note that the CIPHER_DEL loop * works in reverse to maintain the order) */ ll_append_head(&head, curr, &tail); curr->active = 0; - } } - else if (rule == CIPHER_KILL) - { + } else if (rule == CIPHER_KILL) { /* reverse == 0 */ if (head == curr) head = curr->next; @@ -1042,16 +1023,17 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, curr->prev->next = curr->next; curr->next = NULL; curr->prev = NULL; - } } + } *head_p = head; *tail_p = tail; - } +} -static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) - { +static int +ssl_cipher_strength_sort(CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) +{ int max_strength_bits, i, *number_uses; CIPHER_ORDER *curr; @@ -1062,32 +1044,29 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, */ max_strength_bits = 0; curr = *head_p; - while (curr != NULL) - { + while (curr != NULL) { if (curr->active && - (curr->cipher->strength_bits > max_strength_bits)) - max_strength_bits = curr->cipher->strength_bits; + (curr->cipher->strength_bits > max_strength_bits)) + max_strength_bits = curr->cipher->strength_bits; curr = curr->next; - } + } number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); - if (!number_uses) - { - SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); - return(0); - } + if (!number_uses) { + SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); + return (0); + } memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); /* * Now find the strength_bits values actually used */ curr = *head_p; - while (curr != NULL) - { + while (curr != NULL) { if (curr->active) number_uses[curr->cipher->strength_bits]++; curr = curr->next; - } + } /* * Go through the list of used strength_bits values in descending * order. @@ -1097,13 +1076,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); OPENSSL_free(number_uses); - return(1); - } + return (1); +} -static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, - const SSL_CIPHER **ca_list) - { +static int +ssl_cipher_process_rulestr(const char *rule_str, + CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, +const SSL_CIPHER **ca_list) +{ unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; @@ -1112,28 +1092,32 @@ static int ssl_cipher_process_rulestr(const char *rule_str, retval = 1; l = rule_str; - for (;;) - { + for (;;) { ch = *l; if (ch == '\0') - break; /* done */ + break; + /* done */ if (ch == '-') - { rule = CIPHER_DEL; l++; } - else if (ch == '+') - { rule = CIPHER_ORD; l++; } - else if (ch == '!') - { rule = CIPHER_KILL; l++; } - else if (ch == '@') - { rule = CIPHER_SPECIAL; l++; } - else - { rule = CIPHER_ADD; } + { rule = CIPHER_DEL; + l++; + } else if (ch == '+') + { rule = CIPHER_ORD; + l++; + } else if (ch == '!') + { rule = CIPHER_KILL; + l++; + } else if (ch == '@') + { rule = CIPHER_SPECIAL; + l++; + } else + { rule = CIPHER_ADD; + } - if (ITEM_SEP(ch)) - { + if (ITEM_SEP(ch)) { l++; continue; - } + } alg_mkey = 0; alg_auth = 0; @@ -1142,52 +1126,47 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_ssl = 0; algo_strength = 0; - for (;;) - { + for (;;) { ch = *l; buf = l; buflen = 0; #ifndef CHARSET_EBCDIC - while ( ((ch >= 'A') && (ch <= 'Z')) || - ((ch >= '0') && (ch <= '9')) || - ((ch >= 'a') && (ch <= 'z')) || - (ch == '-') || (ch == '.')) + while (((ch >= 'A') && (ch <= 'Z')) || + ((ch >= '0') && (ch <= '9')) || + ((ch >= 'a') && (ch <= 'z')) || + (ch == '-') || (ch == '.')) #else - while ( isalnum(ch) || (ch == '-') || (ch == '.')) + while (isalnum(ch) || (ch == '-') || (ch == '.')) #endif - { - ch = *(++l); - buflen++; - } + { + ch = *(++l); + buflen++; + } - if (buflen == 0) - { + if (buflen == 0) { /* * We hit something we cannot deal with, * it is no command or separator nor * alphanumeric, so we call this an error. */ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); + SSL_R_INVALID_COMMAND); retval = found = 0; l++; break; - } + } - if (rule == CIPHER_SPECIAL) - { + if (rule == CIPHER_SPECIAL) { found = 0; /* unused -- avoid compiler warning */ break; /* special treatment */ - } + } /* check for multi-part specification */ - if (ch == '+') - { - multi=1; + if (ch == '+') { + multi = 1; l++; - } - else - multi=0; + } else + multi = 0; /* * Now search for the cipher alias in the ca_list. Be careful @@ -1202,126 +1181,121 @@ static int ssl_cipher_process_rulestr(const char *rule_str, */ j = found = 0; cipher_id = 0; - while (ca_list[j]) - { + while (ca_list[j]) { if (!strncmp(buf, ca_list[j]->name, buflen) && - (ca_list[j]->name[buflen] == '\0')) - { + (ca_list[j]->name[buflen] == '\0')) { found = 1; break; - } - else + } else j++; - } + } if (!found) break; /* ignore this entry */ - if (ca_list[j]->algorithm_mkey) - { - if (alg_mkey) - { + if (ca_list[j]->algorithm_mkey) { + if (alg_mkey) { alg_mkey &= ca_list[j]->algorithm_mkey; - if (!alg_mkey) { found = 0; break; } + if (!alg_mkey) { + found = 0; + break; } - else + } else alg_mkey = ca_list[j]->algorithm_mkey; - } + } - if (ca_list[j]->algorithm_auth) - { - if (alg_auth) - { + if (ca_list[j]->algorithm_auth) { + if (alg_auth) { alg_auth &= ca_list[j]->algorithm_auth; - if (!alg_auth) { found = 0; break; } + if (!alg_auth) { + found = 0; + break; } - else + } else alg_auth = ca_list[j]->algorithm_auth; - } - - if (ca_list[j]->algorithm_enc) - { - if (alg_enc) - { + } + + if (ca_list[j]->algorithm_enc) { + if (alg_enc) { alg_enc &= ca_list[j]->algorithm_enc; - if (!alg_enc) { found = 0; break; } + if (!alg_enc) { + found = 0; + break; } - else + } else alg_enc = ca_list[j]->algorithm_enc; - } - - if (ca_list[j]->algorithm_mac) - { - if (alg_mac) - { + } + + if (ca_list[j]->algorithm_mac) { + if (alg_mac) { alg_mac &= ca_list[j]->algorithm_mac; - if (!alg_mac) { found = 0; break; } + if (!alg_mac) { + found = 0; + break; } - else + } else alg_mac = ca_list[j]->algorithm_mac; - } - - if (ca_list[j]->algo_strength & SSL_EXP_MASK) - { - if (algo_strength & SSL_EXP_MASK) - { + } + + if (ca_list[j]->algo_strength & SSL_EXP_MASK) { + if (algo_strength & SSL_EXP_MASK) { algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; - if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } + if (!(algo_strength & SSL_EXP_MASK)) { + found = 0; + break; } - else + } else algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; - } + } - if (ca_list[j]->algo_strength & SSL_STRONG_MASK) - { - if (algo_strength & SSL_STRONG_MASK) - { + if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { + if (algo_strength & SSL_STRONG_MASK) { algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; - if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } + if (!(algo_strength & SSL_STRONG_MASK)) { + found = 0; + break; } - else + } else algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; - } - - if (ca_list[j]->valid) - { + } + + if (ca_list[j]->valid) { /* explicit ciphersuite found; its protocol version * does not become part of the search pattern!*/ cipher_id = ca_list[j]->id; - } - else - { + } else { /* not an explicit ciphersuite; only in this case, the * protocol version is considered part of the search pattern */ - if (ca_list[j]->algorithm_ssl) - { - if (alg_ssl) - { + if (ca_list[j]->algorithm_ssl) { + if (alg_ssl) { alg_ssl &= ca_list[j]->algorithm_ssl; - if (!alg_ssl) { found = 0; break; } + if (!alg_ssl) { + found = 0; + break; } - else + } else alg_ssl = ca_list[j]->algorithm_ssl; - } } - - if (!multi) break; } + if (!multi) + break; + } + /* * Ok, we have the rule, now apply it */ if (rule == CIPHER_SPECIAL) - { /* special command */ + { /* special command */ ok = 0; if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) - ok = ssl_cipher_strength_sort(head_p, tail_p); + ok = ssl_cipher_strength_sort(head_p, tail_p); else SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); + SSL_R_INVALID_COMMAND); if (ok == 0) retval = 0; /* @@ -1331,30 +1305,27 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * end or ':' is found. */ while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } - else if (found) - { + l++; + } else if (found) { ssl_cipher_apply_rule(cipher_id, - alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, - rule, -1, head_p, tail_p); - } - else - { + alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, + rule, -1, head_p, tail_p); + } else { while ((*l != '\0') && !ITEM_SEP(*l)) - l++; - } + l++; + } if (*l == '\0') break; /* done */ } - return(retval); - } + return (retval); +} -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - const char *rule_str) - { +STACK_OF(SSL_CIPHER) +*ssl_create_cipher_list(const SSL_METHOD *ssl_method, +STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, +const char *rule_str) +{ int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; @@ -1384,15 +1355,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); #endif /* KSSL_DEBUG */ co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); - if (co_list == NULL) - { - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + if (co_list == NULL) { + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ - } + } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, - disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, - co_list, &head, &tail); + disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, + co_list, &head, &tail); /* Now arrange all ciphers by preference: */ @@ -1419,19 +1389,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); /* RC4 is sort-of broken -- move the the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); /* Now sort by symmetric encryption strength. The above ordering remains * in force within each class */ - if (!ssl_cipher_strength_sort(&head, &tail)) - { + if (!ssl_cipher_strength_sort(&head, &tail)) { OPENSSL_free(co_list); return NULL; - } + } /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -1448,15 +1417,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); - if (ca_list == NULL) - { + if (ca_list == NULL) { OPENSSL_free(co_list); - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ - } + } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, disabled_ssl, head); + disabled_mkey, disabled_auth, disabled_enc, + disabled_mac, disabled_ssl, head); /* * If the rule_string begins with DEFAULT, apply the default rule @@ -1464,14 +1432,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ ok = 1; rule_p = rule_str; - if (strncmp(rule_str,"DEFAULT",7) == 0) - { + if (strncmp(rule_str, "DEFAULT", 7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, - &head, &tail, ca_list); + &head, &tail, ca_list); rule_p += 7; if (*rule_p == ':') rule_p++; - } + } if (ok && (strlen(rule_p) > 0)) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); @@ -1479,65 +1446,63 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, OPENSSL_free((void *)ca_list); /* Not needed anymore */ if (!ok) - { /* Rule processing failure */ + { /* Rule processing failure */ OPENSSL_free(co_list); - return(NULL); - } - + return (NULL); + } + /* * Allocate new "cipherstack" for the result, return with error * if we cannot get one. */ - if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) - { + if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { OPENSSL_free(co_list); - return(NULL); - } + return (NULL); + } /* * The cipher selection for the list is done. The ciphers are added * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ - for (curr = head; curr != NULL; curr = curr->next) - { + for (curr = head; curr != NULL; curr = curr->next) { #ifdef OPENSSL_FIPS if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) #else if (curr->active) #endif - { + { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG - printf("<%s>\n",curr->cipher->name); + printf("<%s>\n", curr->cipher->name); #endif - } } + } OPENSSL_free(co_list); /* Not needed any longer */ tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); - if (tmp_cipher_list == NULL) - { + if (tmp_cipher_list == NULL) { sk_SSL_CIPHER_free(cipherstack); return NULL; - } + } if (*cipher_list != NULL) sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; if (*cipher_list_by_id != NULL) sk_SSL_CIPHER_free(*cipher_list_by_id); *cipher_list_by_id = tmp_cipher_list; - (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); + (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); sk_SSL_CIPHER_sort(*cipher_list_by_id); - return(cipherstack); - } + return (cipherstack); +} -char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - { - int is_export,pkl,kl; - const char *ver,*exp_str; - const char *kx,*au,*enc,*mac; - unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; +char +*SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +{ + int is_export, pkl, kl; + const char *ver, *exp_str; + const char *kx, *au, *enc, *mac; + unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; #else @@ -1550,13 +1515,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) alg_mac = cipher->algorithm_mac; alg_ssl = cipher->algorithm_ssl; - alg2=cipher->algorithm2; + alg2 = cipher->algorithm2; + + is_export = SSL_C_IS_EXPORT(cipher); + pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); + kl = SSL_C_EXPORT_KEYLENGTH(cipher); + exp_str = is_export?" export":""; - is_export=SSL_C_IS_EXPORT(cipher); - pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); - kl=SSL_C_EXPORT_KEYLENGTH(cipher); - exp_str=is_export?" export":""; - if (alg_ssl & SSL_SSLV2) ver="SSLv2"; else if (alg_ssl & SSL_SSLV3) @@ -1566,10 +1531,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) else ver="unknown"; - switch (alg_mkey) - { + switch (alg_mkey) { case SSL_kRSA: - kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; + kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; break; case SSL_kDHr: kx="DH/RSA"; @@ -1577,11 +1541,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kDHd: kx="DH/DSS"; break; - case SSL_kKRB5: + case SSL_kKRB5: kx="KRB5"; break; case SSL_kEDH: - kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; + kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; break; case SSL_kECDHr: kx="ECDH/RSA"; @@ -1600,10 +1564,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) break; default: kx="unknown"; - } + } - switch (alg_auth) - { + switch (alg_auth) { case SSL_aRSA: au="RSA"; break; @@ -1613,10 +1576,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aDH: au="DH"; break; - case SSL_aKRB5: + case SSL_aKRB5: au="KRB5"; break; - case SSL_aECDH: + case SSL_aECDH: au="ECDH"; break; case SSL_aNULL: @@ -1631,22 +1594,21 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) default: au="unknown"; break; - } + } - switch (alg_enc) - { + switch (alg_enc) { case SSL_DES: - enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; + enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; break; case SSL_3DES: enc="3DES(168)"; break; case SSL_RC4: - enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") - :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); + enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") + :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); break; case SSL_RC2: - enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; + enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; break; case SSL_IDEA: enc="IDEA(128)"; @@ -1678,10 +1640,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) default: enc="unknown"; break; - } + } - switch (alg_mac) - { + switch (alg_mac) { case SSL_MD5: mac="MD5"; break; @@ -1700,108 +1661,119 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) default: mac="unknown"; break; - } + } - if (buf == NULL) - { - len=128; - buf=OPENSSL_malloc(len); - if (buf == NULL) return("OPENSSL_malloc Error"); - } - else if (len < 128) - return("Buffer too small"); + if (buf == NULL) { + len = 128; + buf = OPENSSL_malloc(len); + if (buf == NULL) + return("OPENSSL_malloc Error"); + } else if (len < 128) + return("Buffer too small"); #ifdef KSSL_DEBUG - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); + BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); #else - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); + BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); #endif /* KSSL_DEBUG */ - return(buf); - } + return (buf); +} -char *SSL_CIPHER_get_version(const SSL_CIPHER *c) - { +char +*SSL_CIPHER_get_version(const SSL_CIPHER *c) +{ int i; - if (c == NULL) return("(NONE)"); - i=(int)(c->id>>24L); + if (c == NULL) + return("(NONE)"); + i = (int)(c->id >> 24L); if (i == 3) return("TLSv1/SSLv3"); else if (i == 2) return("SSLv2"); else return("unknown"); - } +} /* return the actual cipher being used */ -const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) - { +const char +*SSL_CIPHER_get_name(const SSL_CIPHER *c) +{ if (c != NULL) - return(c->name); + return (c->name); return("(NONE)"); - } +} /* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) - { - int ret=0; +int +SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) +{ + int ret = 0; - if (c != NULL) - { - if (alg_bits != NULL) *alg_bits = c->alg_bits; + if (c != NULL) { + if (alg_bits != NULL) + *alg_bits = c->alg_bits; ret = c->strength_bits; - } - return(ret); } + return (ret); +} -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) - { +unsigned long +SSL_CIPHER_get_id(const SSL_CIPHER *c) +{ return c->id; - } +} -SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) - { +SSL_COMP +*ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) +{ SSL_COMP *ctmp; - int i,nn; + int i, nn; - if ((n == 0) || (sk == NULL)) return(NULL); - nn=sk_SSL_COMP_num(sk); - for (i=0; i<nn; i++) - { - ctmp=sk_SSL_COMP_value(sk,i); + if ((n == 0) + || (sk == NULL)) return (NULL); + nn = sk_SSL_COMP_num(sk); + for (i = 0; i < nn; i++) { + ctmp = sk_SSL_COMP_value(sk, i); if (ctmp->id == n) - return(ctmp); - } - return(NULL); + return (ctmp); } + return (NULL); +} #ifdef OPENSSL_NO_COMP -void *SSL_COMP_get_compression_methods(void) - { +void +*SSL_COMP_get_compression_methods(void) +{ return NULL; - } -int SSL_COMP_add_compression_method(int id, void *cm) - { +} + +int +SSL_COMP_add_compression_method(int id, void *cm) +{ return 1; - } +} -const char *SSL_COMP_get_name(const void *comp) - { +const char +*SSL_COMP_get_name(const void *comp) +{ return NULL; - } +} #else -STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) - { +STACK_OF(SSL_COMP) +*SSL_COMP_get_compression_methods(void) +{ load_builtin_compressions(); - return(ssl_comp_methods); - } + return (ssl_comp_methods); +} -int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) - { +int +SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) +{ SSL_COMP *comp; - if (cm == NULL || cm->type == NID_undef) - return 1; + if (cm == NULL || cm->type == NID_undef) + return 1; /* According to draft-ietf-tls-compression-04.txt, the compression number ranges should be the following: @@ -1809,45 +1781,40 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 0 to 63: methods defined by the IETF 64 to 192: external party methods assigned by IANA 193 to 255: reserved for private use */ - if (id < 193 || id > 255) - { - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); + if (id < 193 || id > 255) { + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); return 0; - } + } MemCheck_off(); - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - comp->id=id; - comp->method=cm; + comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + comp->id = id; + comp->method = cm; load_builtin_compressions(); if (ssl_comp_methods - && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) - { + && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { OPENSSL_free(comp); MemCheck_on(); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); - return(1); - } - else if ((ssl_comp_methods == NULL) - || !sk_SSL_COMP_push(ssl_comp_methods,comp)) - { + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); + return (1); + } else if ((ssl_comp_methods == NULL) + || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { OPENSSL_free(comp); MemCheck_on(); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); - return(1); - } - else - { + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); + return (1); + } else { MemCheck_on(); - return(0); - } + return (0); } +} -const char *SSL_COMP_get_name(const COMP_METHOD *comp) - { +const char +*SSL_COMP_get_name(const COMP_METHOD *comp) +{ if (comp) return comp->name; return NULL; - } +} #endif diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c index 370fb57e3b8..67ba3c76991 100644 --- a/lib/libssl/ssl_err.c +++ b/lib/libssl/ssl_err.c @@ -68,543 +68,541 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) -static ERR_STRING_DATA SSL_str_functs[]= - { -{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, -{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, -{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, -{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, -{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, -{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, -{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, -{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, -{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, -{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, -{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, -{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, -{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, -{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, -{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, -{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, -{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, -{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, -{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, -{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, -{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, -{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, -{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, -{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, -{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, -{ERR_FUNC(SSL_F_READ_N), "READ_N"}, -{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, -{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, -{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, -{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, -{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, -{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, -{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, -{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, -{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, -{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, -{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, -{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, -{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, -{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, -{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, -{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, -{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, -{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, -{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, -{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, -{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, -{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, -{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, -{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, -{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, -{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, -{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, -{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, -{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, -{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, -{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, -{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, -{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, -{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, -{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, -{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, -{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, -{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, -{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, -{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, -{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, -{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, -{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, -{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, -{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, -{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, -{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, -{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, -{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, -{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, -{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, -{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, -{ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, -{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, -{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, -{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, -{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, -{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, -{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, -{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, -{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, -{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, -{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, -{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, -{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, -{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, -{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, -{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, -{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, -{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, -{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, -{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, -{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, -{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, -{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, -{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, -{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, -{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, -{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, -{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, -{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, -{ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, -{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, -{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, -{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, -{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, -{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, -{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, -{ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, -{ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, -{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, -{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, -{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, -{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, -{0,NULL} - }; +static ERR_STRING_DATA SSL_str_functs[]= { + {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, + {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, + {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, + {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, + {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, + {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, + {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, + {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, + {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, + {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, + {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, + {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, + {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, + {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, + {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, + {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, + {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, + {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, + {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, + {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, + {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, + {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, + {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, + {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, + {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, + {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, + {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, + {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, + {ERR_FUNC(SSL_F_READ_N), "READ_N"}, + {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, + {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, + {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, + {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, + {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, + {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, + {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, + {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, + {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, + {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, + {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, + {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, + {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, + {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, + {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, + {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, + {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, + {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, + {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, + {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, + {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, + {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, + {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, + {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, + {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, + {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, + {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, + {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, + {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, + {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, + {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, + {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, + {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, + {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, + {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, + {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, + {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, + {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, + {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, + {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, + {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, + {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, + {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, + {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, + {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, + {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, + {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, + {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, + {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, + {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, + {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, + {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, + {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, + {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, + {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, + {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, + {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, + {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, + {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, + {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, + {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, + {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, + {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, + {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, + {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, + {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, + {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, + {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, + {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, + {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, + {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, + {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, + {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, + {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, + {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, + {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, + {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, + {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, + {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, + {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, + {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, + {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, + {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, + {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, + {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, + {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, + {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, + {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, + {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, + {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, + {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, + {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, + {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, + {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, + {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, + {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, + {0, NULL} +}; -static ERR_STRING_DATA SSL_str_reasons[]= - { -{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, -{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, -{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, -{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, -{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, -{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, -{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, -{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, -{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, -{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, -{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, -{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, -{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, -{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, -{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, -{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, -{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, -{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, -{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, -{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, -{ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, -{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, -{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, -{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, -{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, -{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, -{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, -{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, -{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, -{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, -{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, -{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, -{ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"}, -{ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"}, -{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"}, -{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"}, -{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"}, -{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"}, -{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"}, -{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, -{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, -{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, -{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, -{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, -{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, -{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, -{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, -{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, -{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, -{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, -{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, -{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, -{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, -{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, -{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, -{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, -{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, -{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, -{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, -{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, -{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, -{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, -{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, -{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, -{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, -{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, -{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, -{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, -{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, -{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, -{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, -{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, -{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, -{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, -{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, -{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, -{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, -{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, -{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, -{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, -{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, -{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, -{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, -{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, -{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, -{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, -{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, -{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, -{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, -{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, -{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, -{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, -{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, -{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, -{ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, -{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, -{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, -{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, -{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, -{ERR_REASON(SSL_R_KRB5) ,"krb5"}, -{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, -{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, -{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, -{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, -{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, -{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, -{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, -{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, -{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, -{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, -{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, -{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, -{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, -{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, -{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, -{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, -{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, -{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, -{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, -{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, -{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, -{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, -{ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"}, -{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, -{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, -{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, -{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, -{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, -{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, -{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, -{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, -{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, -{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, -{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, -{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, -{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, -{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, -{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, -{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, -{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, -{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, -{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, -{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, -{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, -{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, -{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, -{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, -{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, -{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, -{ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"}, -{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, -{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, -{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, -{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, -{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, -{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, -{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, -{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, -{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, -{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, -{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, -{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, -{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, -{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, -{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, -{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, -{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, -{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, -{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, -{ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, -{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, -{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, -{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, -{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, -{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, -{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, -{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, -{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, -{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, -{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, -{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, -{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, -{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, -{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, -{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, -{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, -{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, -{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, -{ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, -{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"}, -{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, -{ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"}, -{ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"}, -{ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"}, -{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"}, -{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, -{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, -{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, -{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, -{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, -{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, -{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, -{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, -{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, -{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, -{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, -{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, -{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, -{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, -{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, -{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, -{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, -{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"}, -{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"}, -{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"}, -{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, -{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, -{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, -{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, -{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, -{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, -{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, -{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, -{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, -{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, -{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, -{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, -{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, -{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, -{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, -{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, -{ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"}, -{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, -{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, -{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, -{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, -{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, -{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, -{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, -{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, -{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, -{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, -{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, -{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, -{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, -{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, -{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, -{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, -{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, -{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, -{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, -{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"}, -{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, -{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, -{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, -{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, -{0,NULL} - }; +static ERR_STRING_DATA SSL_str_reasons[]= { + {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, + {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, + {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, + {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, + {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, + {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, + {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, + {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, + {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, + {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, + {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, + {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, + {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, + {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, + {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, + {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, + {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, + {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, + {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, + {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, + {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, + {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, + {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, + {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, + {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, + {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, + {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, + {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, + {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, + {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, + {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, + {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, + {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, + {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, + {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, + {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, + {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, + {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, + {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, + {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, + {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, + {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, + {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, + {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, + {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, + {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, + {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, + {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, + {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, + {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, + {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, + {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, + {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, + {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, + {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, + {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, + {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, + {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, + {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, + {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, + {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, + {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, + {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, + {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, + {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, + {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, + {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, + {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, + {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, + {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, + {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, + {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, + {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, + {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, + {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, + {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, + {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, + {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, + {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, + {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, + {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, + {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, + {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, + {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, + {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, + {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, + {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, + {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, + {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, + {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, + {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, + {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, + {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, + {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, + {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, + {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, + {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, + {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, + {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, + {ERR_REASON(SSL_R_KRB5) , "krb5"}, + {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, + {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, + {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, + {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, + {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, + {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, + {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, + {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, + {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, + {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, + {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, + {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, + {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, + {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, + {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, + {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, + {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, + {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, + {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, + {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, + {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, + {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, + {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, + {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, + {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, + {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, + {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, + {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, + {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, + {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, + {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, + {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, + {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, + {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, + {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, + {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, + {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, + {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, + {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, + {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, + {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, + {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, + {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, + {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, + {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, + {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, + {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, + {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, + {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, + {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, + {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, + {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, + {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, + {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, + {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, + {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, + {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, + {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"}, + {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, + {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, + {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, + {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, + {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, + {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, + {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, + {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, + {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, + {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, + {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, + {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, + {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, + {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, + {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, + {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, + {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, + {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, + {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, + {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, + {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, + {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, + {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, + {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, + {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, + {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, + {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, + {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, + {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, + {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, + {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, + {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, + {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, + {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, + {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, + {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, + {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, + {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, + {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, + {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, + {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, + {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, + {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, + {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, + {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, + {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, + {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, + {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, + {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, + {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, + {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, + {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, + {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, + {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, + {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, + {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, + {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, + {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, + {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, + {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbearts"}, + {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, + {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, + {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, + {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, + {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, + {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"}, + {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, + {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, + {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, + {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, + {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, + {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, + {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, + {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, + {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, + {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, + {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, + {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, + {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, + {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, + {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, + {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, + {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, + {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, + {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, + {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, + {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, + {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, + {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, + {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, + {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, + {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, + {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, + {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, + {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, + {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, + {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, + {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, + {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, + {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, + {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, + {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, + {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, + {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, + {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, + {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, + {0, NULL} +}; #endif -void ERR_load_SSL_strings(void) - { +void +ERR_load_SSL_strings(void) +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) - { - ERR_load_strings(0,SSL_str_functs); - ERR_load_strings(0,SSL_str_reasons); - } -#endif + if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { + ERR_load_strings(0, SSL_str_functs); + ERR_load_strings(0, SSL_str_reasons); } +#endif +} diff --git a/lib/libssl/ssl_err2.c b/lib/libssl/ssl_err2.c index ea95a5f983c..cd781d38aa4 100644 --- a/lib/libssl/ssl_err2.c +++ b/lib/libssl/ssl_err2.c @@ -60,11 +60,12 @@ #include <openssl/err.h> #include <openssl/ssl.h> -void SSL_load_error_strings(void) - { +void +SSL_load_error_strings(void) +{ #ifndef OPENSSL_NO_ERR ERR_load_crypto_strings(); ERR_load_SSL_strings(); #endif - } +} diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index d9a728493e2..98764b82aa1 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -160,11 +160,11 @@ #include <openssl/engine.h> #endif -const char *SSL_version_str=OPENSSL_VERSION_TEXT; +const char *SSL_version_str = OPENSSL_VERSION_TEXT; -SSL3_ENC_METHOD ssl3_undef_enc_method={ +SSL3_ENC_METHOD ssl3_undef_enc_method = { /* evil casts, but these functions are only called if there's a library bug */ - (int (*)(SSL *,int))ssl_undefined_function, + (int (*)(SSL *, int))ssl_undefined_function, (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, @@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ 0, /* server_finished_label_len */ (int (*)(int))ssl_undefined_function, (int (*)(SSL *, unsigned char *, size_t, const char *, - size_t, const unsigned char *, size_t, - int use_context)) ssl_undefined_function, - }; + size_t, const unsigned char *, size_t, + int use_context)) ssl_undefined_function, +}; -int SSL_clear(SSL *s) - { +int +SSL_clear(SSL *s) +{ - if (s->method == NULL) - { - SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); - return(0); - } + if (s->method == NULL) { + SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); + return (0); + } - if (ssl_clear_bad_session(s)) - { + if (ssl_clear_bad_session(s)) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - s->error=0; - s->hit=0; - s->shutdown=0; + s->error = 0; + s->hit = 0; + s->shutdown = 0; #if 0 /* Disabled since version 1.10 of this file (early return not * needed because SSL_clear is not called when doing renegotiation) */ /* This is set if we are doing dynamic renegotiation so keep * the old cipher. It is sort of a SSL_clear_lite :-) */ - if (s->renegotiate) return(1); -#else if (s->renegotiate) - { - SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); + return (1); +#else + if (s->renegotiate) { + SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); return 0; - } + } #endif - s->type=0; + s->type = 0; - s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); + s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); - s->version=s->method->version; - s->client_version=s->version; - s->rwstate=SSL_NOTHING; - s->rstate=SSL_ST_READ_HEADER; + s->version = s->method->version; + s->client_version = s->version; + s->rwstate = SSL_NOTHING; + s->rstate = SSL_ST_READ_HEADER; #if 0 - s->read_ahead=s->ctx->read_ahead; + s->read_ahead = s->ctx->read_ahead; #endif - if (s->init_buf != NULL) - { + if (s->init_buf != NULL) { BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - } + s->init_buf = NULL; + } ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - s->first_packet=0; + s->first_packet = 0; #if 1 /* Check to see if we were changed into a different method, if * so, revert back if we are not doing session-id reuse. */ - if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) - { + if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { s->method->ssl_free(s); - s->method=s->ctx->method; + s->method = s->ctx->method; if (!s->method->ssl_new(s)) - return(0); - } - else + return (0); + } else #endif - s->method->ssl_clear(s); - return(1); - } + s->method->ssl_clear(s); + return (1); +} /** Used to change an SSL_CTXs default SSL method type */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) - { +int +SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) +{ STACK_OF(SSL_CIPHER) *sk; - ctx->method=meth; + ctx->method = meth; - sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), - &(ctx->cipher_list_by_id), - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); - if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) - { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); - return(0); - } - return(1); + sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), + &(ctx->cipher_list_by_id), + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); + if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return (0); } + return (1); +} -SSL *SSL_new(SSL_CTX *ctx) - { +SSL +*SSL_new(SSL_CTX *ctx) +{ SSL *s; - if (ctx == NULL) - { - SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); - return(NULL); - } - if (ctx->method == NULL) - { - SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); - return(NULL); - } + if (ctx == NULL) { + SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); + return (NULL); + } + if (ctx->method == NULL) { + SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); + return (NULL); + } - s=(SSL *)OPENSSL_malloc(sizeof(SSL)); - if (s == NULL) goto err; - memset(s,0,sizeof(SSL)); + s = (SSL *)OPENSSL_malloc(sizeof(SSL)); + if (s == NULL) + goto err; + memset(s, 0, sizeof(SSL)); #ifndef OPENSSL_NO_KRB5 s->kssl_ctx = kssl_ctx_new(); #endif /* OPENSSL_NO_KRB5 */ - s->options=ctx->options; - s->mode=ctx->mode; - s->max_cert_list=ctx->max_cert_list; + s->options = ctx->options; + s->mode = ctx->mode; + s->max_cert_list = ctx->max_cert_list; - if (ctx->cert != NULL) - { + if (ctx->cert != NULL) { /* Earlier library versions used to copy the pointer to * the CERT, not its contents; only when setting new * parameters for the per-SSL copy, ssl_cert_new would be @@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx) s->cert = ssl_cert_dup(ctx->cert); if (s->cert == NULL) goto err; - } - else + } else s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ - s->read_ahead=ctx->read_ahead; - s->msg_callback=ctx->msg_callback; - s->msg_callback_arg=ctx->msg_callback_arg; - s->verify_mode=ctx->verify_mode; + s->read_ahead = ctx->read_ahead; + s->msg_callback = ctx->msg_callback; + s->msg_callback_arg = ctx->msg_callback_arg; + s->verify_mode = ctx->verify_mode; #if 0 - s->verify_depth=ctx->verify_depth; + s->verify_depth = ctx->verify_depth; #endif - s->sid_ctx_length=ctx->sid_ctx_length; + s->sid_ctx_length = ctx->sid_ctx_length; OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); - memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); - s->verify_callback=ctx->default_verify_callback; - s->generate_session_id=ctx->generate_session_id; + memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); + s->verify_callback = ctx->default_verify_callback; + s->generate_session_id = ctx->generate_session_id; s->param = X509_VERIFY_PARAM_new(); if (!s->param) @@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx) s->purpose = ctx->purpose; s->trust = ctx->trust; #endif - s->quiet_shutdown=ctx->quiet_shutdown; + s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - s->ctx=ctx; + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + s->ctx = ctx; #ifndef OPENSSL_NO_TLSEXT s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; @@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ocsp_exts = NULL; s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - s->initial_ctx=ctx; + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + s->initial_ctx = ctx; # ifndef OPENSSL_NO_NEXTPROTONEG s->next_proto_negotiated = NULL; # endif #endif - s->verify_result=X509_V_OK; + s->verify_result = X509_V_OK; - s->method=ctx->method; + s->method = ctx->method; if (!s->method->ssl_new(s)) goto err; - s->references=1; - s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; + s->references = 1; + s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; SSL_clear(s); CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); #ifndef OPENSSL_NO_PSK - s->psk_client_callback=ctx->psk_client_callback; - s->psk_server_callback=ctx->psk_server_callback; + s->psk_client_callback = ctx->psk_client_callback; + s->psk_server_callback = ctx->psk_server_callback; #endif - return(s); + return (s); err: - if (s != NULL) - { + if (s != NULL) { if (s->cert != NULL) ssl_cert_free(s->cert); if (s->ctx != NULL) SSL_CTX_free(s->ctx); /* decrement reference count */ OPENSSL_free(s); - } - SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); } + SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); +} -int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > sizeof ctx->sid_ctx) - { - SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; +int +SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) +{ + if (sid_ctx_len > sizeof ctx->sid_ctx) { + SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + return 0; } - ctx->sid_ctx_length=sid_ctx_len; - memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); + ctx->sid_ctx_length = sid_ctx_len; + memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); - return 1; - } + return 1; +} -int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) - { - SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); - return 0; +int +SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) +{ + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { + SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + return 0; } - ssl->sid_ctx_length=sid_ctx_len; - memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); + ssl->sid_ctx_length = sid_ctx_len; + memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); - return 1; - } + return 1; +} -int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) - { +int +SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) +{ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); ctx->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); return 1; - } +} -int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) - { +int +SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) +{ CRYPTO_w_lock(CRYPTO_LOCK_SSL); ssl->generate_session_id = cb; CRYPTO_w_unlock(CRYPTO_LOCK_SSL); return 1; - } +} -int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len) - { +int +SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, + unsigned int id_len) +{ /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how * we can "construct" a session to give us the desired check - ie. to * find if there's a session in the hash table that would conflict with @@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * use by this SSL. */ SSL_SESSION r, *p; - if(id_len > sizeof r.session_id) + if (id_len > sizeof r.session_id) return 0; r.ssl_version = ssl->version; @@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * callback is calling us to check the uniqueness of a shorter ID, it * must be compared as a padded-out ID because that is what it will be * converted to when the callback has finished choosing it. */ - if((r.ssl_version == SSL2_VERSION) && - (id_len < SSL2_SSL_SESSION_ID_LENGTH)) - { + if ((r.ssl_version == SSL2_VERSION) && + (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { memset(r.session_id + id_len, 0, - SSL2_SSL_SESSION_ID_LENGTH - id_len); + SSL2_SSL_SESSION_ID_LENGTH - id_len); r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } + } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); return (p != NULL); - } +} -int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) - { +int +SSL_CTX_set_purpose(SSL_CTX *s, int purpose) +{ return X509_VERIFY_PARAM_set_purpose(s->param, purpose); - } +} -int SSL_set_purpose(SSL *s, int purpose) - { +int +SSL_set_purpose(SSL *s, int purpose) +{ return X509_VERIFY_PARAM_set_purpose(s->param, purpose); - } +} -int SSL_CTX_set_trust(SSL_CTX *s, int trust) - { +int +SSL_CTX_set_trust(SSL_CTX *s, int trust) +{ return X509_VERIFY_PARAM_set_trust(s->param, trust); - } +} -int SSL_set_trust(SSL *s, int trust) - { +int +SSL_set_trust(SSL *s, int trust) +{ return X509_VERIFY_PARAM_set_trust(s->param, trust); - } +} -int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) - { +int +SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +{ return X509_VERIFY_PARAM_set1(ctx->param, vpm); - } +} -int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) - { +int +SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +{ return X509_VERIFY_PARAM_set1(ssl->param, vpm); - } +} -void SSL_free(SSL *s) - { +void +SSL_free(SSL *s) +{ int i; - if(s == NULL) - return; + if (s == NULL) + return; - i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); + i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); #ifdef REF_PRINT - REF_PRINT("SSL",s); + REF_PRINT("SSL", s); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "SSL_free, bad reference count\n"); abort(); /* ok */ - } + } #endif if (s->param) @@ -527,53 +529,58 @@ void SSL_free(SSL *s) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); - if (s->bbio != NULL) - { + if (s->bbio != NULL) { /* If the buffering BIO is in place, pop it off */ - if (s->bbio == s->wbio) - { - s->wbio=BIO_pop(s->wbio); - } - BIO_free(s->bbio); - s->bbio=NULL; + if (s->bbio == s->wbio) { + s->wbio = BIO_pop(s->wbio); } + BIO_free(s->bbio); + s->bbio = NULL; + } if (s->rbio != NULL) BIO_free_all(s->rbio); if ((s->wbio != NULL) && (s->wbio != s->rbio)) BIO_free_all(s->wbio); - if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); + if (s->init_buf != NULL) + BUF_MEM_free(s->init_buf); /* add extra stuff */ - if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); + if (s->cipher_list != NULL) + sk_SSL_CIPHER_free(s->cipher_list); + if (s->cipher_list_by_id != NULL) + sk_SSL_CIPHER_free(s->cipher_list_by_id); /* Make the next call work :-) */ - if (s->session != NULL) - { + if (s->session != NULL) { ssl_clear_bad_session(s); SSL_SESSION_free(s->session); - } + } ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - if (s->cert != NULL) ssl_cert_free(s->cert); + if (s->cert != NULL) + ssl_cert_free(s->cert); /* Free up if allocated */ #ifndef OPENSSL_NO_TLSEXT if (s->tlsext_hostname) OPENSSL_free(s->tlsext_hostname); - if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); + if (s->initial_ctx) + SSL_CTX_free(s->initial_ctx); #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); - if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); + if (s->tlsext_ecpointformatlist) + OPENSSL_free(s->tlsext_ecpointformatlist); + if (s->tlsext_ellipticcurvelist) + OPENSSL_free(s->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ - if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); + if (s->tlsext_opaque_prf_input) + OPENSSL_free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); + X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); if (s->tlsext_ocsp_resp) @@ -581,11 +588,13 @@ void SSL_free(SSL *s) #endif if (s->client_CA != NULL) - sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); + sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); - if (s->method != NULL) s->method->ssl_free(s); + if (s->method != NULL) + s->method->ssl_free(s); - if (s->ctx) SSL_CTX_free(s->ctx); + if (s->ctx) + SSL_CTX_free(s->ctx); #ifndef OPENSSL_NO_KRB5 if (s->kssl_ctx != NULL) @@ -598,223 +607,237 @@ void SSL_free(SSL *s) #endif #ifndef OPENSSL_NO_SRTP - if (s->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); + if (s->srtp_profiles) + sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif OPENSSL_free(s); - } +} -void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) - { +void +SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) +{ /* If the output buffering BIO is still in place, remove it */ - if (s->bbio != NULL) - { - if (s->wbio == s->bbio) - { - s->wbio=s->wbio->next_bio; - s->bbio->next_bio=NULL; - } + if (s->bbio != NULL) { + if (s->wbio == s->bbio) { + s->wbio = s->wbio->next_bio; + s->bbio->next_bio = NULL; } + } if ((s->rbio != NULL) && (s->rbio != rbio)) BIO_free_all(s->rbio); if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) BIO_free_all(s->wbio); - s->rbio=rbio; - s->wbio=wbio; - } + s->rbio = rbio; + s->wbio = wbio; +} -BIO *SSL_get_rbio(const SSL *s) - { return(s->rbio); } +BIO +*SSL_get_rbio(const SSL *s) + { return (s->rbio); +} -BIO *SSL_get_wbio(const SSL *s) - { return(s->wbio); } +BIO +*SSL_get_wbio(const SSL *s) + { return (s->wbio); +} -int SSL_get_fd(const SSL *s) - { - return(SSL_get_rfd(s)); - } +int +SSL_get_fd(const SSL *s) +{ + return (SSL_get_rfd(s)); +} -int SSL_get_rfd(const SSL *s) - { - int ret= -1; - BIO *b,*r; +int +SSL_get_rfd(const SSL *s) +{ + int ret = -1; + BIO *b, *r; - b=SSL_get_rbio(s); - r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); + b = SSL_get_rbio(s); + r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); if (r != NULL) - BIO_get_fd(r,&ret); - return(ret); - } + BIO_get_fd(r, &ret); + return (ret); +} -int SSL_get_wfd(const SSL *s) - { - int ret= -1; - BIO *b,*r; +int +SSL_get_wfd(const SSL *s) +{ + int ret = -1; + BIO *b, *r; - b=SSL_get_wbio(s); - r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); + b = SSL_get_wbio(s); + r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); if (r != NULL) - BIO_get_fd(r,&ret); - return(ret); - } + BIO_get_fd(r, &ret); + return (ret); +} #ifndef OPENSSL_NO_SOCK -int SSL_set_fd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; +int +SSL_set_fd(SSL *s, int fd) +{ + int ret = 0; + BIO *bio = NULL; - bio=BIO_new(BIO_s_socket()); + bio = BIO_new(BIO_s_socket()); - if (bio == NULL) - { - SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); + if (bio == NULL) { + SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); goto err; - } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,bio,bio); - ret=1; -err: - return(ret); } + BIO_set_fd(bio, fd, BIO_NOCLOSE); + SSL_set_bio(s, bio, bio); + ret = 1; +err: + return (ret); +} -int SSL_set_wfd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; +int +SSL_set_wfd(SSL *s, int fd) +{ + int ret = 0; + BIO *bio = NULL; if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->rbio,NULL) != fd)) - { - bio=BIO_new(BIO_s_socket()); + || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { + bio = BIO_new(BIO_s_socket()); if (bio == NULL) - { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,SSL_get_rbio(s),bio); + { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); + goto err; } - else - SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); - ret=1; + BIO_set_fd(bio, fd, BIO_NOCLOSE); + SSL_set_bio(s, SSL_get_rbio(s), bio); + } else + SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); + ret = 1; err: - return(ret); - } + return (ret); +} -int SSL_set_rfd(SSL *s,int fd) - { - int ret=0; - BIO *bio=NULL; +int +SSL_set_rfd(SSL *s, int fd) +{ + int ret = 0; + BIO *bio = NULL; if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) - || ((int)BIO_get_fd(s->wbio,NULL) != fd)) - { - bio=BIO_new(BIO_s_socket()); + || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { + bio = BIO_new(BIO_s_socket()); - if (bio == NULL) - { - SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); + if (bio == NULL) { + SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); goto err; - } - BIO_set_fd(bio,fd,BIO_NOCLOSE); - SSL_set_bio(s,bio,SSL_get_wbio(s)); } - else - SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); - ret=1; + BIO_set_fd(bio, fd, BIO_NOCLOSE); + SSL_set_bio(s, bio, SSL_get_wbio(s)); + } else + SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); + ret = 1; err: - return(ret); - } + return (ret); +} #endif /* return length of latest Finished message we sent, copy to 'buf' */ -size_t SSL_get_finished(const SSL *s, void *buf, size_t count) - { +size_t +SSL_get_finished(const SSL *s, void *buf, size_t count) +{ size_t ret = 0; - - if (s->s3 != NULL) - { + + if (s->s3 != NULL) { ret = s->s3->tmp.finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.finish_md, count); - } - return ret; } + return ret; +} /* return length of latest Finished message we expected, copy to 'buf' */ -size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) - { +size_t +SSL_get_peer_finished(const SSL *s, void *buf, size_t count) +{ size_t ret = 0; - - if (s->s3 != NULL) - { + + if (s->s3 != NULL) { ret = s->s3->tmp.peer_finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.peer_finish_md, count); - } - return ret; } + return ret; +} -int SSL_get_verify_mode(const SSL *s) - { - return(s->verify_mode); - } +int +SSL_get_verify_mode(const SSL *s) +{ + return (s->verify_mode); +} -int SSL_get_verify_depth(const SSL *s) - { +int +SSL_get_verify_depth(const SSL *s) +{ return X509_VERIFY_PARAM_get_depth(s->param); - } +} -int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) - { - return(s->verify_callback); - } +int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) +{ + return (s->verify_callback); +} -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) - { - return(ctx->verify_mode); - } +int +SSL_CTX_get_verify_mode(const SSL_CTX *ctx) +{ + return (ctx->verify_mode); +} -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) - { +int +SSL_CTX_get_verify_depth(const SSL_CTX *ctx) +{ return X509_VERIFY_PARAM_get_depth(ctx->param); - } +} -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) - { - return(ctx->default_verify_callback); - } +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) +{ + return (ctx->default_verify_callback); +} -void SSL_set_verify(SSL *s,int mode, - int (*callback)(int ok,X509_STORE_CTX *ctx)) - { - s->verify_mode=mode; +void +SSL_set_verify(SSL *s, int mode, + int (*callback)(int ok, X509_STORE_CTX *ctx)) +{ + s->verify_mode = mode; if (callback != NULL) - s->verify_callback=callback; - } + s->verify_callback = callback; +} -void SSL_set_verify_depth(SSL *s,int depth) - { +void +SSL_set_verify_depth(SSL *s, int depth) +{ X509_VERIFY_PARAM_set_depth(s->param, depth); - } +} -void SSL_set_read_ahead(SSL *s,int yes) - { - s->read_ahead=yes; - } +void +SSL_set_read_ahead(SSL *s, int yes) +{ + s->read_ahead = yes; +} -int SSL_get_read_ahead(const SSL *s) - { - return(s->read_ahead); - } +int +SSL_get_read_ahead(const SSL *s) +{ + return (s->read_ahead); +} -int SSL_pending(const SSL *s) - { +int +SSL_pending(const SSL *s) +{ /* SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), * and it is impossible to fix since SSL_pending cannot report @@ -822,264 +845,266 @@ int SSL_pending(const SSL *s) * (Note that SSL_pending() is often used as a boolean value, * so we'd better not return -1.) */ - return(s->method->ssl_pending(s)); - } + return (s->method->ssl_pending(s)); +} -X509 *SSL_get_peer_certificate(const SSL *s) - { +X509 +*SSL_get_peer_certificate(const SSL *s) +{ X509 *r; - + if ((s == NULL) || (s->session == NULL)) - r=NULL; + r = NULL; else - r=s->session->peer; + r = s->session->peer; - if (r == NULL) return(r); + if (r == NULL) + return (r); - CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); + CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); - return(r); - } + return (r); +} -STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) - { +STACK_OF(X509) +*SSL_get_peer_cert_chain(const SSL *s) +{ STACK_OF(X509) *r; - + if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) - r=NULL; + r = NULL; else - r=s->session->sess_cert->cert_chain; + r = s->session->sess_cert->cert_chain; /* If we are a client, cert_chain includes the peer's own - * certificate; if we are a server, it does not. */ - - return(r); - } + * certificate; +if we are a server, it does not. */ + + return (r); +} /* Now in theory, since the calling process own 't' it should be safe to * modify. We need to be able to read f without being hassled */ -void SSL_copy_session_id(SSL *t,const SSL *f) - { +void +SSL_copy_session_id(SSL *t, const SSL *f) +{ CERT *tmp; /* Do we need to to SSL locking? */ - SSL_set_session(t,SSL_get_session(f)); + SSL_set_session(t, SSL_get_session(f)); /* what if we are setup as SSLv2 but want to talk SSLv3 or * vice-versa */ - if (t->method != f->method) - { + if (t->method != f->method) { t->method->ssl_free(t); /* cleanup current */ t->method=f->method; /* change method */ t->method->ssl_new(t); /* setup new */ - } - - tmp=t->cert; - if (f->cert != NULL) - { - CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); - t->cert=f->cert; - } - else - t->cert=NULL; - if (tmp != NULL) ssl_cert_free(tmp); - SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); } + tmp = t->cert; + if (f->cert != NULL) { + CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); + t->cert = f->cert; + } else + t->cert = NULL; + if (tmp != NULL) + ssl_cert_free(tmp); + SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); +} + /* Fix this so it checks all the valid key/cert options */ -int SSL_CTX_check_private_key(const SSL_CTX *ctx) - { - if ( (ctx == NULL) || +int +SSL_CTX_check_private_key(const SSL_CTX *ctx) +{ + if ((ctx == NULL) || (ctx->cert == NULL) || - (ctx->cert->key->x509 == NULL)) - { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ctx->cert->key->privatekey == NULL) - { - SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return(0); - } - return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); + (ctx->cert->key->x509 == NULL)) { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + return (0); + } + if (ctx->cert->key->privatekey == NULL) { + SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + return (0); } + return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); +} /* Fix this function so that it takes an optional type parameter */ -int SSL_check_private_key(const SSL *ssl) - { - if (ssl == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (ssl->cert == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); +int +SSL_check_private_key(const SSL *ssl) +{ + if (ssl == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (ssl->cert == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); return 0; - } - if (ssl->cert->key->x509 == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); - return(0); - } - if (ssl->cert->key->privatekey == NULL) - { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return(0); - } - return(X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey)); } + if (ssl->cert->key->x509 == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); + return (0); + } + if (ssl->cert->key->privatekey == NULL) { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); + return (0); + } + return(X509_check_private_key(ssl->cert->key->x509, + ssl->cert->key->privatekey)); +} -int SSL_accept(SSL *s) - { +int +SSL_accept(SSL *s) +{ if (s->handshake_func == 0) /* Not properly initialized yet */ - SSL_set_accept_state(s); + SSL_set_accept_state(s); - return(s->method->ssl_accept(s)); - } + return (s->method->ssl_accept(s)); +} -int SSL_connect(SSL *s) - { +int +SSL_connect(SSL *s) +{ if (s->handshake_func == 0) /* Not properly initialized yet */ - SSL_set_connect_state(s); + SSL_set_connect_state(s); - return(s->method->ssl_connect(s)); - } + return (s->method->ssl_connect(s)); +} -long SSL_get_default_timeout(const SSL *s) - { - return(s->method->get_timeout()); - } +long +SSL_get_default_timeout(const SSL *s) +{ + return (s->method->get_timeout()); +} -int SSL_read(SSL *s,void *buf,int num) - { - if (s->handshake_func == 0) - { +int +SSL_read(SSL *s, void *buf, int num) +{ + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); return -1; - } + } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - return(0); - } - return(s->method->ssl_read(s,buf,num)); + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + s->rwstate = SSL_NOTHING; + return (0); } + return (s->method->ssl_read(s, buf, num)); +} -int SSL_peek(SSL *s,void *buf,int num) - { - if (s->handshake_func == 0) - { +int +SSL_peek(SSL *s, void *buf, int num) +{ + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); return -1; - } + } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - return(0); - } - return(s->method->ssl_peek(s,buf,num)); + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + return (0); } + return (s->method->ssl_peek(s, buf, num)); +} -int SSL_write(SSL *s,const void *buf,int num) - { - if (s->handshake_func == 0) - { +int +SSL_write(SSL *s, const void *buf, int num) +{ + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); return -1; - } + } - if (s->shutdown & SSL_SENT_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); - return(-1); - } - return(s->method->ssl_write(s,buf,num)); + if (s->shutdown & SSL_SENT_SHUTDOWN) { + s->rwstate = SSL_NOTHING; + SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); + return (-1); } + return (s->method->ssl_write(s, buf, num)); +} -int SSL_shutdown(SSL *s) - { +int +SSL_shutdown(SSL *s) +{ /* Note that this function behaves differently from what one might * expect. Return values are 0 for no success (yet), * 1 for success; but calling it once is usually not enough, * even if blocking I/O is used (see ssl3_shutdown). */ - if (s->handshake_func == 0) - { + if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); return -1; - } + } if ((s != NULL) && !SSL_in_init(s)) - return(s->method->ssl_shutdown(s)); + return (s->method->ssl_shutdown(s)); else - return(1); - } + return (1); +} -int SSL_renegotiate(SSL *s) - { +int +SSL_renegotiate(SSL *s) +{ if (s->renegotiate == 0) - s->renegotiate=1; + s->renegotiate = 1; - s->new_session=1; + s->new_session = 1; - return(s->method->ssl_renegotiate(s)); - } + return (s->method->ssl_renegotiate(s)); +} -int SSL_renegotiate_abbreviated(SSL *s) - { +int +SSL_renegotiate_abbreviated(SSL *s) +{ if (s->renegotiate == 0) - s->renegotiate=1; + s->renegotiate = 1; - s->new_session=0; + s->new_session = 0; - return(s->method->ssl_renegotiate(s)); - } + return (s->method->ssl_renegotiate(s)); +} -int SSL_renegotiate_pending(SSL *s) - { +int +SSL_renegotiate_pending(SSL *s) +{ /* becomes true when negotiation is requested; * false again once a handshake has finished */ return (s->renegotiate != 0); - } +} -long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) - { +long +SSL_ctrl(SSL *s, int cmd, long larg, void *parg) +{ long l; - switch (cmd) - { + switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return(s->read_ahead); + return (s->read_ahead); case SSL_CTRL_SET_READ_AHEAD: - l=s->read_ahead; - s->read_ahead=larg; - return(l); + l = s->read_ahead; + s->read_ahead = larg; + return (l); case SSL_CTRL_SET_MSG_CALLBACK_ARG: s->msg_callback_arg = parg; return 1; case SSL_CTRL_OPTIONS: - return(s->options|=larg); + return (s->options|=larg); case SSL_CTRL_CLEAR_OPTIONS: - return(s->options&=~larg); + return (s->options&=~larg); case SSL_CTRL_MODE: - return(s->mode|=larg); + return (s->mode|=larg); case SSL_CTRL_CLEAR_MODE: - return(s->mode &=~larg); + return (s->mode &=~larg); case SSL_CTRL_GET_MAX_CERT_LIST: - return(s->max_cert_list); + return (s->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: - l=s->max_cert_list; - s->max_cert_list=larg; - return(l); + l = s->max_cert_list; + s->max_cert_list = larg; + return (l); case SSL_CTRL_SET_MTU: #ifndef OPENSSL_NO_DTLS1 if (larg < (long)dtls1_min_mtu()) @@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) #endif if (SSL_version(s) == DTLS1_VERSION || - SSL_version(s) == DTLS1_BAD_VER) - { + SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; - } + } return 0; case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) @@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) return s->s3->send_connection_binding; else return 0; default: - return(s->method->ssl_ctrl(s,cmd,larg,parg)); - } + return (s->method->ssl_ctrl(s, cmd, larg, parg)); } +} -long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) - { - switch(cmd) - { +long +SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) +{ + switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; - + default: - return(s->method->ssl_callback_ctrl(s,cmd,fp)); - } + return (s->method->ssl_callback_ctrl(s, cmd, fp)); } +} -LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) - { +LHASH_OF(SSL_SESSION) +*SSL_CTX_sessions(SSL_CTX *ctx) +{ return ctx->sessions; - } +} -long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) - { +long +SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) +{ long l; - switch (cmd) - { + switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return(ctx->read_ahead); + return (ctx->read_ahead); case SSL_CTRL_SET_READ_AHEAD: - l=ctx->read_ahead; - ctx->read_ahead=larg; - return(l); - + l = ctx->read_ahead; + ctx->read_ahead = larg; + return (l); + case SSL_CTRL_SET_MSG_CALLBACK_ARG: ctx->msg_callback_arg = parg; return 1; case SSL_CTRL_GET_MAX_CERT_LIST: - return(ctx->max_cert_list); + return (ctx->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: - l=ctx->max_cert_list; - ctx->max_cert_list=larg; - return(l); + l = ctx->max_cert_list; + ctx->max_cert_list = larg; + return (l); case SSL_CTRL_SET_SESS_CACHE_SIZE: - l=ctx->session_cache_size; - ctx->session_cache_size=larg; - return(l); + l = ctx->session_cache_size; + ctx->session_cache_size = larg; + return (l); case SSL_CTRL_GET_SESS_CACHE_SIZE: - return(ctx->session_cache_size); + return (ctx->session_cache_size); case SSL_CTRL_SET_SESS_CACHE_MODE: - l=ctx->session_cache_mode; - ctx->session_cache_mode=larg; - return(l); + l = ctx->session_cache_mode; + ctx->session_cache_mode = larg; + return (l); case SSL_CTRL_GET_SESS_CACHE_MODE: - return(ctx->session_cache_mode); + return (ctx->session_cache_mode); case SSL_CTRL_SESS_NUMBER: - return(lh_SSL_SESSION_num_items(ctx->sessions)); + return (lh_SSL_SESSION_num_items(ctx->sessions)); case SSL_CTRL_SESS_CONNECT: - return(ctx->stats.sess_connect); + return (ctx->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: - return(ctx->stats.sess_connect_good); + return (ctx->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return(ctx->stats.sess_connect_renegotiate); + return (ctx->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: - return(ctx->stats.sess_accept); + return (ctx->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: - return(ctx->stats.sess_accept_good); + return (ctx->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return(ctx->stats.sess_accept_renegotiate); + return (ctx->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: - return(ctx->stats.sess_hit); + return (ctx->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: - return(ctx->stats.sess_cb_hit); + return (ctx->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: - return(ctx->stats.sess_miss); + return (ctx->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: - return(ctx->stats.sess_timeout); + return (ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: - return(ctx->stats.sess_cache_full); + return (ctx->stats.sess_cache_full); case SSL_CTRL_OPTIONS: - return(ctx->options|=larg); + return (ctx->options|=larg); case SSL_CTRL_CLEAR_OPTIONS: - return(ctx->options&=~larg); + return (ctx->options&=~larg); case SSL_CTRL_MODE: - return(ctx->mode|=larg); + return (ctx->mode|=larg); case SSL_CTRL_CLEAR_MODE: - return(ctx->mode&=~larg); + return (ctx->mode&=~larg); case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; ctx->max_send_fragment = larg; return 1; default: - return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); - } + return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); } +} -long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) - { - switch(cmd) - { +long +SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) +{ + switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; default: - return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); - } + return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); } +} -int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) - { +int +ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) +{ long l; - l=a->id-b->id; + l = a->id - b->id; if (l == 0L) - return(0); + return (0); else - return((l > 0)?1:-1); - } + return ((l > 0) ? 1:-1); +} -int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, - const SSL_CIPHER * const *bp) - { +int +ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp) +{ long l; - l=(*ap)->id-(*bp)->id; + l = (*ap)->id - (*bp)->id; if (l == 0L) - return(0); + return (0); else - return((l > 0)?1:-1); - } + return ((l > 0) ? 1:-1); +} /** return a STACK of the ciphers available for the SSL and in order of * preference */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) - { - if (s != NULL) - { - if (s->cipher_list != NULL) - { - return(s->cipher_list); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) - { - return(s->ctx->cipher_list); - } +STACK_OF(SSL_CIPHER) +*SSL_get_ciphers(const SSL *s) +{ + if (s != NULL) { + if (s->cipher_list != NULL) { + return (s->cipher_list); + } else if ((s->ctx != NULL) && + (s->ctx->cipher_list != NULL)) { + return (s->ctx->cipher_list); } - return(NULL); } + return (NULL); +} /** return a STACK of the ciphers available for the SSL and in order of * algorithm id */ -STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) - { - if (s != NULL) - { - if (s->cipher_list_by_id != NULL) - { - return(s->cipher_list_by_id); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) - { - return(s->ctx->cipher_list_by_id); - } +STACK_OF(SSL_CIPHER) +*ssl_get_ciphers_by_id(SSL *s) +{ + if (s != NULL) { + if (s->cipher_list_by_id != NULL) { + return (s->cipher_list_by_id); + } else if ((s->ctx != NULL) && + (s->ctx->cipher_list_by_id != NULL)) { + return (s->ctx->cipher_list_by_id); } - return(NULL); } + return (NULL); +} /** The old interface to get the same thing as SSL_get_ciphers() */ -const char *SSL_get_cipher_list(const SSL *s,int n) - { +const char +*SSL_get_cipher_list(const SSL *s, int n) +{ SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; - if (s == NULL) return(NULL); - sk=SSL_get_ciphers(s); + if (s == NULL) + return (NULL); + sk = SSL_get_ciphers(s); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) - return(NULL); - c=sk_SSL_CIPHER_value(sk,n); - if (c == NULL) return(NULL); - return(c->name); - } + return (NULL); + c = sk_SSL_CIPHER_value(sk, n); + if (c == NULL) + return (NULL); + return (c->name); +} /** specify the ciphers to be used by default by the SSL_CTX */ -int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) - { +int +SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) +{ STACK_OF(SSL_CIPHER) *sk; - - sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, - &ctx->cipher_list_by_id,str); + + sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, + &ctx->cipher_list_by_id, str); /* ssl_create_cipher_list may return an empty stack if it * was unable to find a cipher matching the given rule string * (for example if the rule string specifies a cipher which @@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) * updated. */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) - { + else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; - } - return 1; } + return 1; +} /** specify the ciphers to be used by the SSL */ -int SSL_set_cipher_list(SSL *s,const char *str) - { +int +SSL_set_cipher_list(SSL *s, const char *str) +{ STACK_OF(SSL_CIPHER) *sk; - - sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, - &s->cipher_list_by_id,str); + + sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, + &s->cipher_list_by_id, str); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) - { + else if (sk_SSL_CIPHER_num(sk) == 0) { SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; - } - return 1; } + return 1; +} /* works well for SSLv2, not so good for SSLv3 */ -char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) - { +char +*SSL_get_shared_ciphers(const SSL *s, char *buf, int len) +{ char *end; STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; @@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) - return(NULL); + return (NULL); - sk=s->session->ciphers; + sk = s->session->ciphers; buf[0] = '\0'; - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { - c=sk_SSL_CIPHER_value(sk,i); + for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + c = sk_SSL_CIPHER_value(sk, i); end = buf + curlen; if (strlcat(buf, c->name, len) >= len || - (curlen = strlcat(buf, ":", len)) >= len) - { + (curlen = strlcat(buf, ":", len)) >= len) { /* remove truncated cipher from list */ *end = '\0'; break; - } } + } /* remove trailing colon */ if ((end = strrchr(buf, ':')) != NULL) *end = '\0'; - return(buf); - } + return (buf); +} -int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, - int (*put_cb)(const SSL_CIPHER *, unsigned char *)) - { - int i,j=0; +int +ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, + int (*put_cb)(const SSL_CIPHER *, unsigned char *)) +{ + int i, j = 0; SSL_CIPHER *c; unsigned char *q; #ifndef OPENSSL_NO_KRB5 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); #endif /* OPENSSL_NO_KRB5 */ - if (sk == NULL) return(0); - q=p; + if (sk == NULL) + return (0); + q = p; - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { - c=sk_SSL_CIPHER_value(sk,i); + for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + c = sk_SSL_CIPHER_value(sk, i); /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && + if ((c->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_client_version(s) < TLS1_2_VERSION)) - continue; + continue; #ifndef OPENSSL_NO_KRB5 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && - nokrb5) - continue; + nokrb5) + continue; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && - s->psk_client_callback == NULL) - continue; + s->psk_client_callback == NULL) + continue; #endif /* OPENSSL_NO_PSK */ - j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); - p+=j; - } + j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); + p += j; + } /* If p == q, no ciphers and caller indicates an error. Otherwise * add SCSV if not renegotiating. */ - if (p != q && !s->renegotiate) - { - static SSL_CIPHER scsv = - { + if (p != q && !s->renegotiate) { + static SSL_CIPHER scsv = { 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); - p+=j; + }; + j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); + p += j; #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "SCSV sent by client\n"); #endif - } - - return(p-q); } -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, - STACK_OF(SSL_CIPHER) **skp) - { + return (p - q); +} + +STACK_OF(SSL_CIPHER) +*ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, +STACK_OF(SSL_CIPHER) **skp) +{ const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; - int i,n; + int i, n; if (s->s3) s->s3->send_connection_binding = 0; - n=ssl_put_cipher_by_char(s,NULL,NULL); - if ((num%n) != 0) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - return(NULL); - } + n = ssl_put_cipher_by_char(s, NULL, NULL); + if ((num % n) != 0) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + return (NULL); + } if ((skp == NULL) || (*skp == NULL)) sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else - { + else { sk= *skp; sk_SSL_CIPHER_zero(sk); - } + } - for (i=0; i<num; i+=n) - { + for (i = 0; i < num; i += n) { /* Check for SCSV */ if (s->s3 && (n != 3 || !p[0]) && - (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n-1] == (SSL3_CK_SCSV & 0xff))) - { + (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { /* SCSV fatal if renegotiating */ - if (s->renegotiate) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); + if (s->renegotiate) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + goto err; - } + } s->s3->send_connection_binding = 1; p += n; #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "SCSV received by server\n"); #endif continue; - } + } - c=ssl_get_cipher_by_char(s,p); - p+=n; - if (c != NULL) - { - if (!sk_SSL_CIPHER_push(sk,c)) - { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + c = ssl_get_cipher_by_char(s, p); + p += n; + if (c != NULL) { + if (!sk_SSL_CIPHER_push(sk, c)) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); goto err; - } } } + } if (skp != NULL) - *skp=sk; - return(sk); + *skp = sk; + return (sk); err: if ((skp == NULL) || (*skp == NULL)) sk_SSL_CIPHER_free(sk); - return(NULL); - } + return (NULL); +} #ifndef OPENSSL_NO_TLSEXT @@ -1493,22 +1510,24 @@ err: * So far, only host_name types are defined (RFC 3546). */ -const char *SSL_get_servername(const SSL *s, const int type) - { +const char +*SSL_get_servername(const SSL *s, const int type) +{ if (type != TLSEXT_NAMETYPE_host_name) return NULL; return s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : - s->tlsext_hostname; - } + s->session->tlsext_hostname : + s->tlsext_hostname; +} -int SSL_get_servername_type(const SSL *s) - { +int +SSL_get_servername_type(const SSL *s) +{ if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) return TLSEXT_NAMETYPE_host_name; return -1; - } +} # ifndef OPENSSL_NO_NEXTPROTONEG /* SSL_select_next_proto implements the standard protocol selection. It is @@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s) * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. */ -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) - { +int +SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) +{ unsigned int i, j; const unsigned char *result; int status = OPENSSL_NPN_UNSUPPORTED; /* For each protocol in server preference order, see if we support it. */ - for (i = 0; i < server_len; ) - { - for (j = 0; j < client_len; ) - { + for (i = 0; i < server_len; ) { + for (j = 0; j < client_len; ) { if (server[i] == client[j] && - memcmp(&server[i+1], &client[j+1], server[i]) == 0) - { + memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { /* We found a match */ result = &server[i]; status = OPENSSL_NPN_NEGOTIATED; goto found; - } + } j += client[j]; j++; - } + } i += server[i]; i++; - } + } /* There's no overlap between our protocols and the server's list. */ result = client; @@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi *out = (unsigned char *) result + 1; *outlen = result[0]; return status; - } +} /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's * requested protocol for this connection and returns 0. If the client didn't @@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi * from this function need not be a member of the list of supported protocols * provided by the callback. */ -void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) - { +void +SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) +{ *data = s->next_proto_negotiated; if (!*data) { *len = 0; @@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un * * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no * such extension will be included in the ServerHello. */ -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) - { +void +SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) +{ ctx->next_protos_advertised_cb = cb; ctx->next_protos_advertised_cb_arg = arg; - } +} /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a * client needs to select a protocol from the server's provided list. |out| @@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co * The client must select a protocol. It is fatal to the connection if this * callback returns a value other than SSL_TLSEXT_ERR_OK. */ -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) - { +void +SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) +{ ctx->next_proto_select_cb = cb; ctx->next_proto_select_cb_arg = arg; - } +} # endif #endif -int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, const unsigned char *p, size_t plen, - int use_context) - { +int +SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *p, size_t plen, +int use_context) +{ if (s->version < TLS1_VERSION) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, p, plen, - use_context); - } + llen, p, plen, + use_context); +} -static unsigned long ssl_session_hash(const SSL_SESSION *a) - { +static unsigned long +ssl_session_hash(const SSL_SESSION *a) +{ unsigned long l; - l=(unsigned long) - ((unsigned int) a->session_id[0] )| - ((unsigned int) a->session_id[1]<< 8L)| - ((unsigned long)a->session_id[2]<<16L)| - ((unsigned long)a->session_id[3]<<24L); - return(l); - } + l = (unsigned long) + ((unsigned int) a->session_id[0] )| + ((unsigned int) a->session_id[1]<< 8L)| + ((unsigned long)a->session_id[2]<<16L)| + ((unsigned long)a->session_id[3]<<24L); + return (l); +} /* NB: If this function (or indeed the hash function which uses a sort of * coarser function than this one) is changed, ensure * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being * able to construct an SSL_SESSION that will collide with any existing session * with a matching session ID. */ -static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) - { +static int +ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) +{ if (a->ssl_version != b->ssl_version) - return(1); + return (1); if (a->session_id_length != b->session_id_length) - return(1); - return(memcmp(a->session_id,b->session_id,a->session_id_length)); - } + return (1); + return (memcmp(a->session_id, b->session_id, a->session_id_length)); +} /* These wrapper functions should remain rather than redeclaring * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each * variable. The reason is that the functions aren't static, they're exposed via * ssl.h. */ -static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) -static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) +static +IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) +static +IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) - { - SSL_CTX *ret=NULL; +SSL_CTX +*SSL_CTX_new(const SSL_METHOD *meth) +{ + SSL_CTX *ret = NULL; - if (meth == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); - return(NULL); - } + if (meth == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); + return (NULL); + } #ifdef OPENSSL_FIPS - if (FIPS_mode() && (meth->version < TLS1_VERSION)) - { + if (FIPS_mode() && (meth->version < TLS1_VERSION)) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); return NULL; - } + } #endif - if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; - } - ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); + } + ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); if (ret == NULL) goto err; - memset(ret,0,sizeof(SSL_CTX)); + memset(ret, 0, sizeof(SSL_CTX)); - ret->method=meth; + ret->method = meth; - ret->cert_store=NULL; - ret->session_cache_mode=SSL_SESS_CACHE_SERVER; - ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; - ret->session_cache_head=NULL; - ret->session_cache_tail=NULL; + ret->cert_store = NULL; + ret->session_cache_mode = SSL_SESS_CACHE_SERVER; + ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; + ret->session_cache_head = NULL; + ret->session_cache_tail = NULL; /* We take the system default */ - ret->session_timeout=meth->get_timeout(); + ret->session_timeout = meth->get_timeout(); - ret->new_session_cb=0; - ret->remove_session_cb=0; - ret->get_session_cb=0; - ret->generate_session_id=0; + ret->new_session_cb = 0; + ret->remove_session_cb = 0; + ret->get_session_cb = 0; + ret->generate_session_id = 0; - memset((char *)&ret->stats,0,sizeof(ret->stats)); + memset((char *)&ret->stats, 0, sizeof(ret->stats)); - ret->references=1; - ret->quiet_shutdown=0; + ret->references = 1; + ret->quiet_shutdown = 0; /* ret->cipher=NULL;*/ /* ret->s2->challenge=NULL; ret->master_key=NULL; ret->key_arg=NULL; - ret->s2->conn_id=NULL; */ + ret->s2->conn_id=NULL; +*/ - ret->info_callback=NULL; + ret->info_callback = NULL; - ret->app_verify_callback=0; - ret->app_verify_arg=NULL; + ret->app_verify_callback = 0; + ret->app_verify_arg = NULL; - ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; - ret->read_ahead=0; - ret->msg_callback=0; - ret->msg_callback_arg=NULL; - ret->verify_mode=SSL_VERIFY_NONE; + ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; + ret->read_ahead = 0; + ret->msg_callback = 0; + ret->msg_callback_arg = NULL; + ret->verify_mode = SSL_VERIFY_NONE; #if 0 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ #endif - ret->sid_ctx_length=0; - ret->default_verify_callback=NULL; - if ((ret->cert=ssl_cert_new()) == NULL) + ret->sid_ctx_length = 0; + ret->default_verify_callback = NULL; + if ((ret->cert = ssl_cert_new()) == NULL) goto err; - ret->default_passwd_callback=0; - ret->default_passwd_callback_userdata=NULL; - ret->client_cert_cb=0; - ret->app_gen_cookie_cb=0; - ret->app_verify_cookie_cb=0; + ret->default_passwd_callback = 0; + ret->default_passwd_callback_userdata = NULL; + ret->client_cert_cb = 0; + ret->app_gen_cookie_cb = 0; + ret->app_verify_cookie_cb = 0; - ret->sessions=lh_SSL_SESSION_new(); - if (ret->sessions == NULL) goto err; - ret->cert_store=X509_STORE_new(); - if (ret->cert_store == NULL) goto err; + ret->sessions = lh_SSL_SESSION_new(); + if (ret->sessions == NULL) + goto err; + ret->cert_store = X509_STORE_new(); + if (ret->cert_store == NULL) + goto err; ssl_create_cipher_list(ret->method, - &ret->cipher_list,&ret->cipher_list_by_id, - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); + &ret->cipher_list, &ret->cipher_list_by_id, + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL - || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); + || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; - } + } ret->param = X509_VERIFY_PARAM_new(); if (!ret->param) goto err; - if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); + if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); goto err2; - } - if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); + } + if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; - } - if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); + } + if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); goto err2; - } + } - if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) + if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) goto err; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); - ret->extra_certs=NULL; + ret->extra_certs = NULL; /* No compression for DTLS */ if (meth->version != DTLS1_VERSION) - ret->comp_methods=SSL_COMP_get_compression_methods(); + ret->comp_methods = SSL_COMP_get_compression_methods(); ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; @@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) /* Setup RFC4507 ticket keys */ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) - ret->options |= SSL_OP_NO_TICKET; + || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + ret->options |= SSL_OP_NO_TICKET; ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; @@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) # endif #endif #ifndef OPENSSL_NO_PSK - ret->psk_identity_hint=NULL; - ret->psk_client_callback=NULL; - ret->psk_server_callback=NULL; + ret->psk_identity_hint = NULL; + ret->psk_client_callback = NULL; + ret->psk_server_callback = NULL; #endif #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_init(ret); @@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->rbuf_freelist->len = 0; ret->rbuf_freelist->head = NULL; ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) - { + if (!ret->wbuf_freelist) { OPENSSL_free(ret->rbuf_freelist); goto err; - } + } ret->wbuf_freelist->chunklen = 0; ret->wbuf_freelist->len = 0; ret->wbuf_freelist->head = NULL; @@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) #define eng_str(x) eng_strx(x) /* Use specific client engine automatically... ignore errors */ { - ENGINE *eng; - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - if (!eng) - { - ERR_clear_error(); - ENGINE_load_builtin_engines(); + ENGINE *eng; eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + if (!eng) { + ERR_clear_error(); + ENGINE_load_builtin_engines(); + eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); } - if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) - ERR_clear_error(); + if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) + ERR_clear_error(); } #endif #endif @@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - return(ret); + return (ret); err: - SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); err2: - if (ret != NULL) SSL_CTX_free(ret); - return(NULL); - } + if (ret != NULL) + SSL_CTX_free(ret); + return (NULL); +} #if 0 -static void SSL_COMP_free(SSL_COMP *comp) - { OPENSSL_free(comp); } +static void +SSL_COMP_free(SSL_COMP *comp) + { OPENSSL_free(comp); +} #endif #ifndef OPENSSL_NO_BUF_FREELISTS static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) - { +{ SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) - { + for (ent = list->head; ent; ent = next) { next = ent->next; OPENSSL_free(ent); - } - OPENSSL_free(list); } + OPENSSL_free(list); +} #endif -void SSL_CTX_free(SSL_CTX *a) - { +void +SSL_CTX_free(SSL_CTX *a) +{ int i; - if (a == NULL) return; + if (a == NULL) + return; - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); + i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); #ifdef REF_PRINT - REF_PRINT("SSL_CTX",a); + REF_PRINT("SSL_CTX", a); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_CTX_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "SSL_CTX_free, bad reference count\n"); abort(); /* ok */ - } + } #endif if (a->param) @@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a) * (See ticket [openssl.org #212].) */ if (a->sessions != NULL) - SSL_CTX_flush_sessions(a,0); + SSL_CTX_flush_sessions(a, 0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); @@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a) if (a->cert != NULL) ssl_cert_free(a->cert); if (a->client_CA != NULL) - sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); + sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); if (a->extra_certs != NULL) - sk_X509_pop_free(a->extra_certs,X509_free); + sk_X509_pop_free(a->extra_certs, X509_free); #if 0 /* This should never be done, since it removes a global database */ if (a->comp_methods != NULL) - sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); + sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); #else a->comp_methods = NULL; #endif #ifndef OPENSSL_NO_SRTP - if (a->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); + if (a->srtp_profiles) + sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); #endif #ifndef OPENSSL_NO_PSK @@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a) #endif OPENSSL_free(a); - } +} -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) - { - ctx->default_passwd_callback=cb; - } +void +SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) +{ + ctx->default_passwd_callback = cb; +} -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) - { - ctx->default_passwd_callback_userdata=u; - } +void +SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) +{ + ctx->default_passwd_callback_userdata = u; +} -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) - { - ctx->app_verify_callback=cb; - ctx->app_verify_arg=arg; - } +void +SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) +{ + ctx->app_verify_callback = cb; + ctx->app_verify_arg = arg; +} -void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) - { - ctx->verify_mode=mode; - ctx->default_verify_callback=cb; - } +void +SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) +{ + ctx->verify_mode = mode; + ctx->default_verify_callback = cb; +} -void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) - { +void +SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) +{ X509_VERIFY_PARAM_set_depth(ctx->param, depth); - } +} -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) - { +void +ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) +{ CERT_PKEY *cpk; - int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; - int rsa_enc_export,dh_rsa_export,dh_dsa_export; - int rsa_tmp_export,dh_tmp_export,kl; - unsigned long mask_k,mask_a,emask_k,emask_a; + int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; + int rsa_enc_export, dh_rsa_export, dh_dsa_export; + int rsa_tmp_export, dh_tmp_export, kl; + unsigned long mask_k, mask_a, emask_k, emask_a; int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; #ifndef OPENSSL_NO_ECDH int have_ecdh_tmp; @@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0, pk_nid = 0, md_nid = 0; - if (c == NULL) return; + if (c == NULL) + return; - kl=SSL_C_EXPORT_PKEYLENGTH(cipher); + kl = SSL_C_EXPORT_PKEYLENGTH(cipher); #ifndef OPENSSL_NO_RSA - rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); - rsa_tmp_export=(c->rsa_tmp_cb != NULL || - (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); + rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); + rsa_tmp_export = (c->rsa_tmp_cb != NULL || + (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); #else - rsa_tmp=rsa_tmp_export=0; + rsa_tmp = rsa_tmp_export = 0; #endif #ifndef OPENSSL_NO_DH - dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); - dh_tmp_export=(c->dh_tmp_cb != NULL || - (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); + dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); + dh_tmp_export = (c->dh_tmp_cb != NULL || + (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); #else - dh_tmp=dh_tmp_export=0; + dh_tmp = dh_tmp_export = 0; #endif #ifndef OPENSSL_NO_ECDH - have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); + have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); #endif - cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); - rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); - rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); - rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); - cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); - dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); - cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); - dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); - dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); + cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); + rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); + rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); + cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); + rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); + cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); + dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); + cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); + dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); + dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); + cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); /* FIX THIS EAY EAY EAY */ - dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); - dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); - cpk= &(c->pkeys[SSL_PKEY_ECC]); - have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); - mask_k=0; - mask_a=0; - emask_k=0; - emask_a=0; + dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); + dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); + cpk = &(c->pkeys[SSL_PKEY_ECC]); + have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); + mask_k = 0; + mask_a = 0; + emask_k = 0; + emask_a = 0; + - #ifdef CIPHER_DEBUG printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, - rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); + rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, + rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif - + cpk = &(c->pkeys[SSL_PKEY_GOST01]); if (cpk->x509 != NULL && cpk->privatekey !=NULL) { mask_k |= SSL_kGOST; @@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #if 0 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ - if ( (dh_tmp || dh_rsa || dh_dsa) && + if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign)) - mask_k|=SSL_kEDH; + mask_k|=SSL_kEDH; if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && (rsa_enc || rsa_sign || dsa_sign)) - emask_k|=SSL_kEDH; + emask_k|=SSL_kEDH; #endif if (dh_tmp_export) @@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (dh_tmp) mask_k|=SSL_kEDH; - if (dh_rsa) mask_k|=SSL_kDHr; - if (dh_rsa_export) emask_k|=SSL_kDHr; + if (dh_rsa) + mask_k|=SSL_kDHr; + if (dh_rsa_export) + emask_k|=SSL_kDHr; - if (dh_dsa) mask_k|=SSL_kDHd; - if (dh_dsa_export) emask_k|=SSL_kDHd; + if (dh_dsa) + mask_k|=SSL_kDHd; + if (dh_dsa_export) + emask_k|=SSL_kDHd; - if (rsa_enc || rsa_sign) - { + if (rsa_enc || rsa_sign) { mask_a|=SSL_aRSA; emask_a|=SSL_aRSA; - } + } - if (dsa_sign) - { + if (dsa_sign) { mask_a|=SSL_aDSS; emask_a|=SSL_aDSS; - } + } mask_a|=SSL_aNULL; emask_a|=SSL_aNULL; @@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) /* An ECC certificate may be usable for ECDH and/or * ECDSA cipher suites depending on the key usage extension. */ - if (have_ecc_cert) - { + if (have_ecc_cert) { /* This call populates extension flags (ex_flags) */ x = (c->pkeys[SSL_PKEY_ECC]).x509; X509_check_purpose(x, -1, 0); ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? - (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; + (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? - (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; + (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; ecc_pkey = X509_get_pubkey(x); ecc_pkey_size = (ecc_pkey != NULL) ? - EVP_PKEY_bits(ecc_pkey) : 0; + EVP_PKEY_bits(ecc_pkey) : 0; EVP_PKEY_free(ecc_pkey); - if ((x->sig_alg) && (x->sig_alg->algorithm)) - { + if ((x->sig_alg) && (x->sig_alg->algorithm)) { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); - } + } #ifndef OPENSSL_NO_ECDH - if (ecdh_ok) - { + if (ecdh_ok) { - if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) - { + if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { mask_k|=SSL_kECDHr; mask_a|=SSL_aECDH; - if (ecc_pkey_size <= 163) - { + if (ecc_pkey_size <= 163) { emask_k|=SSL_kECDHr; emask_a|=SSL_aECDH; - } } + } - if (pk_nid == NID_X9_62_id_ecPublicKey) - { + if (pk_nid == NID_X9_62_id_ecPublicKey) { mask_k|=SSL_kECDHe; mask_a|=SSL_aECDH; - if (ecc_pkey_size <= 163) - { + if (ecc_pkey_size <= 163) { emask_k|=SSL_kECDHe; emask_a|=SSL_aECDH; - } } } + } #endif #ifndef OPENSSL_NO_ECDSA - if (ecdsa_ok) - { + if (ecdsa_ok) { mask_a|=SSL_aECDSA; emask_a|=SSL_aECDSA; - } -#endif } +#endif + } #ifndef OPENSSL_NO_ECDH - if (have_ecdh_tmp) - { + if (have_ecdh_tmp) { mask_k|=SSL_kEECDH; emask_k|=SSL_kEECDH; - } + } #endif #ifndef OPENSSL_NO_PSK @@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) emask_a |= SSL_aPSK; #endif - c->mask_k=mask_k; - c->mask_a=mask_a; - c->export_mask_k=emask_k; - c->export_mask_a=emask_a; - c->valid=1; - } + c->mask_k = mask_k; + c->mask_a = mask_a; + c->export_mask_k = emask_k; + c->export_mask_a = emask_a; + c->valid = 1; +} /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ #define ku_reject(x, usage) \ @@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #ifndef OPENSSL_NO_EC -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) - { +int +ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) +{ unsigned long alg_k, alg_a; EVP_PKEY *pkey = NULL; int keysize = 0; @@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; - if (SSL_C_IS_EXPORT(cs)) - { + if (SSL_C_IS_EXPORT(cs)) { /* ECDH key length in export ciphers must be <= 163 bits */ pkey = X509_get_pubkey(x); - if (pkey == NULL) return 0; + if (pkey == NULL) + return 0; keysize = EVP_PKEY_bits(pkey); EVP_PKEY_free(pkey); - if (keysize > 163) return 0; - } + if (keysize > 163) + return 0; + } /* This call populates the ex_flags field correctly */ X509_check_purpose(x, -1, 0); - if ((x->sig_alg) && (x->sig_alg->algorithm)) - { + if ((x->sig_alg) && (x->sig_alg->algorithm)) { signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); - } - if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) - { + } + if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { /* key usage, if present, must allow key agreement */ - if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) - { + if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); return 0; - } - if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) - { + } + if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be ECDSA */ - if (pk_nid != NID_X9_62_id_ecPublicKey) - { + if (pk_nid != NID_X9_62_id_ecPublicKey) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); return 0; - } } - if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) - { + } + if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be RSA */ - if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) - { + if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); return 0; - } } } - if (alg_a & SSL_aECDSA) - { + } + if (alg_a & SSL_aECDSA) { /* key usage, if present, must allow signing */ - if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) - { + if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); return 0; - } } - - return 1; /* all checks are ok */ } + return 1; + /* all checks are ok */ +} + #endif /* THIS NEEDS CLEANING UP */ -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) - { - unsigned long alg_k,alg_a; +CERT_PKEY +*ssl_get_server_send_pkey(const SSL *s) +{ + unsigned long alg_k, alg_a; CERT *c; int i; - c=s->cert; + c = s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); - + alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if (alg_k & (SSL_kECDHr|SSL_kECDHe)) - { + if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { /* we don't need to look at SSL_kEECDH * since no certificate is needed for * anon ECDH and for authenticated @@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) * checks for SSL_kECDH before RSA * checks ensures the correct cert is chosen. */ - i=SSL_PKEY_ECC; - } - else if (alg_a & SSL_aECDSA) - { - i=SSL_PKEY_ECC; - } - else if (alg_k & SSL_kDHr) - i=SSL_PKEY_DH_RSA; + i = SSL_PKEY_ECC; + } else if (alg_a & SSL_aECDSA) { + i = SSL_PKEY_ECC; + } else if (alg_k & SSL_kDHr) + i = SSL_PKEY_DH_RSA; else if (alg_k & SSL_kDHd) - i=SSL_PKEY_DH_DSA; + i = SSL_PKEY_DH_DSA; else if (alg_a & SSL_aDSS) - i=SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) - { + i = SSL_PKEY_DSA_SIGN; + else if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) - i=SSL_PKEY_RSA_SIGN; + i = SSL_PKEY_RSA_SIGN; else - i=SSL_PKEY_RSA_ENC; - } - else if (alg_a & SSL_aKRB5) - { + i = SSL_PKEY_RSA_ENC; + } else if (alg_a & SSL_aKRB5) { /* VRS something else here? */ - return(NULL); - } - else if (alg_a & SSL_aGOST94) - i=SSL_PKEY_GOST94; + return (NULL); + } else if (alg_a & SSL_aGOST94) + i = SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) - i=SSL_PKEY_GOST01; + i = SSL_PKEY_GOST01; else /* if (alg_a & SSL_aNULL) */ - { - SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); - return(NULL); - } + { + SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); + return (NULL); + } return c->pkeys + i; - } +} -X509 *ssl_get_server_send_cert(const SSL *s) - { +X509 +*ssl_get_server_send_cert(const SSL *s) +{ CERT_PKEY *cpk; cpk = ssl_get_server_send_pkey(s); if (!cpk) return NULL; return cpk->x509; - } +} -EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) - { +EVP_PKEY +*ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) +{ unsigned long alg_a; CERT *c; int idx = -1; alg_a = cipher->algorithm_auth; - c=s->cert; + c = s->cert; if ((alg_a & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) - idx = SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) - { + idx = SSL_PKEY_DSA_SIGN; + else if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) idx = SSL_PKEY_RSA_SIGN; else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) idx = SSL_PKEY_RSA_ENC; - } - else if ((alg_a & SSL_aECDSA) && - (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) - idx = SSL_PKEY_ECC; - if (idx == -1) - { - SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); - return(NULL); - } + } else if ((alg_a & SSL_aECDSA) && + (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) + idx = SSL_PKEY_ECC; + if (idx == -1) { + SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); + return (NULL); + } if (pmd) *pmd = c->pkeys[idx].digest; return c->pkeys[idx].privatekey; - } +} -void ssl_update_cache(SSL *s,int mode) - { +void +ssl_update_cache(SSL *s, int mode) +{ int i; /* If the session_id_length is 0, we are not supposed to cache it, * and it would be rather hard to do anyway :-) */ - if (s->session->session_id_length == 0) return; + if (s->session->session_id_length == 0) + return; - i=s->session_ctx->session_cache_mode; + i = s->session_ctx->session_cache_mode; if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx,s->session)) - && (s->session_ctx->new_session_cb != NULL)) - { - CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); - if (!s->session_ctx->new_session_cb(s,s->session)) + || SSL_CTX_add_session(s->session_ctx, s->session)) + && (s->session_ctx->new_session_cb != NULL)) { + CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); + if (!s->session_ctx->new_session_cb(s, s->session)) SSL_SESSION_free(s->session); - } + } /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && - ((i & mode) == mode)) - { - if ( (((mode & SSL_SESS_CACHE_CLIENT) + ((i & mode) == mode)) { + if ((((mode & SSL_SESS_CACHE_CLIENT) ?s->session_ctx->stats.sess_connect_good - :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) - { + :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); - } } } +} -const SSL_METHOD *SSL_get_ssl_method(SSL *s) - { - return(s->method); - } +const SSL_METHOD +*SSL_get_ssl_method(SSL *s) +{ + return (s->method); +} -int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) - { - int conn= -1; - int ret=1; +int +SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) +{ + int conn = -1; + int ret = 1; - if (s->method != meth) - { + if (s->method != meth) { if (s->handshake_func != NULL) - conn=(s->handshake_func == s->method->ssl_connect); + conn = (s->handshake_func == s->method->ssl_connect); if (s->method->version == meth->version) - s->method=meth; - else - { + s->method = meth; + else { s->method->ssl_free(s); - s->method=meth; - ret=s->method->ssl_new(s); - } + s->method = meth; + ret = s->method->ssl_new(s); + } if (conn == 1) - s->handshake_func=meth->ssl_connect; + s->handshake_func = meth->ssl_connect; else if (conn == 0) - s->handshake_func=meth->ssl_accept; - } - return(ret); + s->handshake_func = meth->ssl_accept; } + return (ret); +} -int SSL_get_error(const SSL *s,int i) - { +int +SSL_get_error(const SSL *s, int i) +{ int reason; unsigned long l; BIO *bio; - if (i > 0) return(SSL_ERROR_NONE); + if (i > 0) + return (SSL_ERROR_NONE); /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake * etc, where we do encode the error */ - if ((l=ERR_peek_error()) != 0) - { + if ((l = ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) - return(SSL_ERROR_SYSCALL); + return (SSL_ERROR_SYSCALL); else - return(SSL_ERROR_SSL); - } + return (SSL_ERROR_SSL); + } - if ((i < 0) && SSL_want_read(s)) - { - bio=SSL_get_rbio(s); + if ((i < 0) && SSL_want_read(s)) { + bio = SSL_get_rbio(s); if (BIO_should_read(bio)) - return(SSL_ERROR_WANT_READ); + return (SSL_ERROR_WANT_READ); else if (BIO_should_write(bio)) /* This one doesn't make too much sense ... We never try * to write to the rbio, and an application program where @@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i) * SSL_want_write(s)) and rbio and wbio *are* the same, * this test works around that bug; so it might be safer * to keep it. */ - return(SSL_ERROR_WANT_WRITE); - else if (BIO_should_io_special(bio)) - { - reason=BIO_get_retry_reason(bio); + return (SSL_ERROR_WANT_WRITE); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) - return(SSL_ERROR_WANT_CONNECT); + return (SSL_ERROR_WANT_CONNECT); else if (reason == BIO_RR_ACCEPT) - return(SSL_ERROR_WANT_ACCEPT); + return (SSL_ERROR_WANT_ACCEPT); else return(SSL_ERROR_SYSCALL); /* unknown */ - } } + } - if ((i < 0) && SSL_want_write(s)) - { - bio=SSL_get_wbio(s); + if ((i < 0) && SSL_want_write(s)) { + bio = SSL_get_wbio(s); if (BIO_should_write(bio)) - return(SSL_ERROR_WANT_WRITE); + return (SSL_ERROR_WANT_WRITE); else if (BIO_should_read(bio)) /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ - return(SSL_ERROR_WANT_READ); - else if (BIO_should_io_special(bio)) - { - reason=BIO_get_retry_reason(bio); + return (SSL_ERROR_WANT_READ); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); if (reason == BIO_RR_CONNECT) - return(SSL_ERROR_WANT_CONNECT); + return (SSL_ERROR_WANT_CONNECT); else if (reason == BIO_RR_ACCEPT) - return(SSL_ERROR_WANT_ACCEPT); + return (SSL_ERROR_WANT_ACCEPT); else - return(SSL_ERROR_SYSCALL); - } - } - if ((i < 0) && SSL_want_x509_lookup(s)) - { - return(SSL_ERROR_WANT_X509_LOOKUP); + return (SSL_ERROR_SYSCALL); } + } + if ((i < 0) && SSL_want_x509_lookup(s)) { + return (SSL_ERROR_WANT_X509_LOOKUP); + } - if (i == 0) - { - if (s->version == SSL2_VERSION) - { + if (i == 0) { + if (s->version == SSL2_VERSION) { /* assume it is the socket being closed */ - return(SSL_ERROR_ZERO_RETURN); - } - else - { + return (SSL_ERROR_ZERO_RETURN); + } else { if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return(SSL_ERROR_ZERO_RETURN); - } + return (SSL_ERROR_ZERO_RETURN); } - return(SSL_ERROR_SYSCALL); } + return (SSL_ERROR_SYSCALL); +} -int SSL_do_handshake(SSL *s) - { - int ret=1; +int +SSL_do_handshake(SSL *s) +{ + int ret = 1; - if (s->handshake_func == NULL) - { - SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); - return(-1); - } + if (s->handshake_func == NULL) { + SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); + return (-1); + } s->method->ssl_renegotiate_check(s); - if (SSL_in_init(s) || SSL_in_before(s)) - { - ret=s->handshake_func(s); - } - return(ret); + if (SSL_in_init(s) || SSL_in_before(s)) { + ret = s->handshake_func(s); } + return (ret); +} /* For the next 2 functions, SSL_clear() sets shutdown and so * one of these calls will reset it */ -void SSL_set_accept_state(SSL *s) - { - s->server=1; - s->shutdown=0; - s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; - s->handshake_func=s->method->ssl_accept; +void +SSL_set_accept_state(SSL *s) +{ + s->server = 1; + s->shutdown = 0; + s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; + s->handshake_func = s->method->ssl_accept; /* clear the current cipher */ ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - } +} -void SSL_set_connect_state(SSL *s) - { - s->server=0; - s->shutdown=0; - s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; - s->handshake_func=s->method->ssl_connect; +void +SSL_set_connect_state(SSL *s) +{ + s->server = 0; + s->shutdown = 0; + s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; + s->handshake_func = s->method->ssl_connect; /* clear the current cipher */ ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - } +} -int ssl_undefined_function(SSL *s) - { - SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } +int +ssl_undefined_function(SSL *s) +{ + SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); +} -int ssl_undefined_void_function(void) - { - SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } +int +ssl_undefined_void_function(void) +{ + SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); +} -int ssl_undefined_const_function(const SSL *s) - { - SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } +int +ssl_undefined_const_function(const SSL *s) +{ + SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); +} -SSL_METHOD *ssl_bad_method(int ver) - { - SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(NULL); - } +SSL_METHOD +*ssl_bad_method(int ver) +{ + SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (NULL); +} -const char *SSL_get_version(const SSL *s) - { +const char +*SSL_get_version(const SSL *s) +{ if (s->version == TLS1_2_VERSION) return("TLSv1.2"); else if (s->version == TLS1_1_VERSION) @@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s) return("SSLv2"); else return("unknown"); - } +} -SSL *SSL_dup(SSL *s) - { +SSL +*SSL_dup(SSL *s) +{ STACK_OF(X509_NAME) *sk; X509_NAME *xn; SSL *ret; int i; - - if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) - return(NULL); + + if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) + return (NULL); ret->version = s->version; ret->type = s->type; ret->method = s->method; - if (s->session != NULL) - { + if (s->session != NULL) { /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ - SSL_copy_session_id(ret,s); - } - else - { + SSL_copy_session_id(ret, s); + } else { /* No session has been established yet, so we have to expect * that s->cert or ret->cert will be changed later -- * they should not both point to the same object, @@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s) ret->method = s->method; ret->method->ssl_new(ret); - if (s->cert != NULL) - { - if (ret->cert != NULL) - { + if (s->cert != NULL) { + if (ret->cert != NULL) { ssl_cert_free(ret->cert); - } + } ret->cert = ssl_cert_dup(s->cert); if (ret->cert == NULL) goto err; - } - - SSL_set_session_id_context(ret, - s->sid_ctx, s->sid_ctx_length); } - ret->options=s->options; - ret->mode=s->mode; - SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); - SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); + SSL_set_session_id_context(ret, + s->sid_ctx, s->sid_ctx_length); + } + + ret->options = s->options; + ret->mode = s->mode; + SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); + SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); ret->msg_callback = s->msg_callback; ret->msg_callback_arg = s->msg_callback_arg; - SSL_set_verify(ret,SSL_get_verify_mode(s), - SSL_get_verify_callback(s)); - SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); + SSL_set_verify(ret, SSL_get_verify_mode(s), + SSL_get_verify_callback(s)); + SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); ret->generate_session_id = s->generate_session_id; - SSL_set_info_callback(ret,SSL_get_info_callback(s)); - - ret->debug=s->debug; + SSL_set_info_callback(ret, SSL_get_info_callback(s)); + + ret->debug = s->debug; /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; /* setup rbio, and wbio */ - if (s->rbio != NULL) - { + if (s->rbio != NULL) { if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) goto err; - } - if (s->wbio != NULL) - { - if (s->wbio != s->rbio) - { + } + if (s->wbio != NULL) { + if (s->wbio != s->rbio) { if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) goto err; - } - else - ret->wbio=ret->rbio; - } + } else + ret->wbio = ret->rbio; + } ret->rwstate = s->rwstate; ret->in_handshake = s->in_handshake; ret->handshake_func = s->handshake_func; @@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s) ret->renegotiate = s->renegotiate; ret->new_session = s->new_session; ret->quiet_shutdown = s->quiet_shutdown; - ret->shutdown=s->shutdown; + ret->shutdown = s->shutdown; ret->state=s->state; /* SSL_dup does not really work at any state, though */ - ret->rstate=s->rstate; + ret->rstate = s->rstate; ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ - ret->hit=s->hit; + ret->hit = s->hit; X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ - if (s->cipher_list != NULL) - { - if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) + if (s->cipher_list != NULL) { + if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; - } + } if (s->cipher_list_by_id != NULL) - if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) + if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) - goto err; + goto err; /* Dup the client_CA list */ - if (s->client_CA != NULL) - { - if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; - ret->client_CA=sk; - for (i=0; i<sk_X509_NAME_num(sk); i++) - { - xn=sk_X509_NAME_value(sk,i); - if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) - { + if (s->client_CA != NULL) { + if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; + ret->client_CA = sk; + for (i = 0; i < sk_X509_NAME_num(sk); i++) { + xn = sk_X509_NAME_value(sk, i); + if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { X509_NAME_free(xn); goto err; - } } } + } - if (0) - { + if (0) { err: - if (ret != NULL) SSL_free(ret); - ret=NULL; - } - return(ret); + if (ret != NULL) + SSL_free(ret); + ret = NULL; } + return (ret); +} -void ssl_clear_cipher_ctx(SSL *s) - { - if (s->enc_read_ctx != NULL) - { +void +ssl_clear_cipher_ctx(SSL *s) +{ + if (s->enc_read_ctx != NULL) { EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); OPENSSL_free(s->enc_read_ctx); - s->enc_read_ctx=NULL; - } - if (s->enc_write_ctx != NULL) - { + s->enc_read_ctx = NULL; + } + if (s->enc_write_ctx != NULL) { EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); OPENSSL_free(s->enc_write_ctx); - s->enc_write_ctx=NULL; - } + s->enc_write_ctx = NULL; + } #ifndef OPENSSL_NO_COMP - if (s->expand != NULL) - { + if (s->expand != NULL) { COMP_CTX_free(s->expand); - s->expand=NULL; - } - if (s->compress != NULL) - { + s->expand = NULL; + } + if (s->compress != NULL) { COMP_CTX_free(s->compress); - s->compress=NULL; - } -#endif + s->compress = NULL; } +#endif +} /* Fix this function so that it takes an optional type parameter */ -X509 *SSL_get_certificate(const SSL *s) - { +X509 +*SSL_get_certificate(const SSL *s) +{ if (s->cert != NULL) - return(s->cert->key->x509); + return (s->cert->key->x509); else - return(NULL); - } + return (NULL); +} /* Fix this function so that it takes an optional type parameter */ -EVP_PKEY *SSL_get_privatekey(SSL *s) - { +EVP_PKEY +*SSL_get_privatekey(SSL *s) +{ if (s->cert != NULL) - return(s->cert->key->privatekey); + return (s->cert->key->privatekey); else - return(NULL); - } + return (NULL); +} -const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) - { +const SSL_CIPHER +*SSL_get_current_cipher(const SSL *s) +{ if ((s->session != NULL) && (s->session->cipher != NULL)) - return(s->session->cipher); - return(NULL); - } + return (s->session->cipher); + return (NULL); +} #ifdef OPENSSL_NO_COMP -const void *SSL_get_current_compression(SSL *s) - { +const void +*SSL_get_current_compression(SSL *s) +{ return NULL; - } -const void *SSL_get_current_expansion(SSL *s) - { +} + +const void +*SSL_get_current_expansion(SSL *s) +{ return NULL; - } +} #else -const COMP_METHOD *SSL_get_current_compression(SSL *s) - { +const COMP_METHOD +*SSL_get_current_compression(SSL *s) +{ if (s->compress != NULL) - return(s->compress->meth); - return(NULL); - } + return (s->compress->meth); + return (NULL); +} -const COMP_METHOD *SSL_get_current_expansion(SSL *s) - { +const COMP_METHOD +*SSL_get_current_expansion(SSL *s) +{ if (s->expand != NULL) - return(s->expand->meth); - return(NULL); - } + return (s->expand->meth); + return (NULL); +} #endif -int ssl_init_wbio_buffer(SSL *s,int push) - { +int +ssl_init_wbio_buffer(SSL *s, int push) +{ BIO *bbio; - if (s->bbio == NULL) - { - bbio=BIO_new(BIO_f_buffer()); - if (bbio == NULL) return(0); - s->bbio=bbio; - } - else - { - bbio=s->bbio; + if (s->bbio == NULL) { + bbio = BIO_new(BIO_f_buffer()); + if (bbio == NULL) + return (0); + s->bbio = bbio; + } else { + bbio = s->bbio; if (s->bbio == s->wbio) - s->wbio=BIO_pop(s->wbio); - } + s->wbio = BIO_pop(s->wbio); + } (void)BIO_reset(bbio); /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ - if (!BIO_set_read_buffer_size(bbio,1)) - { - SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); - return(0); - } - if (push) - { + if (!BIO_set_read_buffer_size(bbio, 1)) { + SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); + return (0); + } + if (push) { if (s->wbio != bbio) - s->wbio=BIO_push(bbio,s->wbio); - } - else - { + s->wbio = BIO_push(bbio, s->wbio); + } else { if (s->wbio == bbio) - s->wbio=BIO_pop(bbio); - } - return(1); + s->wbio = BIO_pop(bbio); } + return (1); +} -void ssl_free_wbio_buffer(SSL *s) - { - if (s->bbio == NULL) return; +void +ssl_free_wbio_buffer(SSL *s) +{ + if (s->bbio == NULL) + return; - if (s->bbio == s->wbio) - { + if (s->bbio == s->wbio) { /* remove buffering */ - s->wbio=BIO_pop(s->wbio); + s->wbio = BIO_pop(s->wbio); #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ assert(s->wbio != NULL); #endif } BIO_free(s->bbio); - s->bbio=NULL; - } - -void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) - { - ctx->quiet_shutdown=mode; - } + s->bbio = NULL; +} -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) - { - return(ctx->quiet_shutdown); - } +void +SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) +{ + ctx->quiet_shutdown = mode; +} -void SSL_set_quiet_shutdown(SSL *s,int mode) - { - s->quiet_shutdown=mode; - } +int +SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) +{ + return (ctx->quiet_shutdown); +} -int SSL_get_quiet_shutdown(const SSL *s) - { - return(s->quiet_shutdown); - } +void +SSL_set_quiet_shutdown(SSL *s, int mode) +{ + s->quiet_shutdown = mode; +} -void SSL_set_shutdown(SSL *s,int mode) - { - s->shutdown=mode; - } +int +SSL_get_quiet_shutdown(const SSL *s) +{ + return (s->quiet_shutdown); +} -int SSL_get_shutdown(const SSL *s) - { - return(s->shutdown); - } +void +SSL_set_shutdown(SSL *s, int mode) +{ + s->shutdown = mode; +} -int SSL_version(const SSL *s) - { - return(s->version); - } +int +SSL_get_shutdown(const SSL *s) +{ + return (s->shutdown); +} -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) - { - return(ssl->ctx); - } +int +SSL_version(const SSL *s) +{ + return (s->version); +} -SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) - { +SSL_CTX +*SSL_get_SSL_CTX(const SSL *ssl) +{ + return (ssl->ctx); +} + +SSL_CTX +*SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) +{ if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT @@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) if (ssl->cert != NULL) ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; - return(ssl->ctx); - } + return (ssl->ctx); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) - { - return(X509_STORE_set_default_paths(ctx->cert_store)); - } +int +SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) +{ + return (X509_STORE_set_default_paths(ctx->cert_store)); +} -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath) - { - return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); - } +int +SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath) +{ + return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); +} #endif -void SSL_set_info_callback(SSL *ssl, - void (*cb)(const SSL *ssl,int type,int val)) - { - ssl->info_callback=cb; - } +void +SSL_set_info_callback(SSL *ssl, + void (*cb)(const SSL *ssl, int type, int val)) +{ + ssl->info_callback = cb; +} /* One compiler (Diab DCC) doesn't like argument names in returned function pointer. */ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) - { +{ return ssl->info_callback; - } +} -int SSL_state(const SSL *ssl) - { - return(ssl->state); - } +int +SSL_state(const SSL *ssl) +{ + return (ssl->state); +} -void SSL_set_state(SSL *ssl, int state) - { +void +SSL_set_state(SSL *ssl, int state) +{ ssl->state = state; - } +} -void SSL_set_verify_result(SSL *ssl,long arg) - { - ssl->verify_result=arg; - } +void +SSL_set_verify_result(SSL *ssl, long arg) +{ + ssl->verify_result = arg; +} -long SSL_get_verify_result(const SSL *ssl) - { - return(ssl->verify_result); - } +long +SSL_get_verify_result(const SSL *ssl) +{ + return (ssl->verify_result); +} -int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) - { +int +SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int SSL_set_ex_data(SSL *s,int idx,void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } +int +SSL_set_ex_data(SSL *s, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); +} -void *SSL_get_ex_data(const SSL *s,int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } +void +*SSL_get_ex_data(const SSL *s, int idx) +{ + return (CRYPTO_get_ex_data(&s->ex_data, idx)); +} -int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) - { +int +SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } +int +SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); +} -void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } +void +*SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) +{ + return (CRYPTO_get_ex_data(&s->ex_data, idx)); +} -int ssl_ok(SSL *s) - { - return(1); - } +int +ssl_ok(SSL *s) +{ + return (1); +} -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) - { - return(ctx->cert_store); - } +X509_STORE +*SSL_CTX_get_cert_store(const SSL_CTX *ctx) +{ + return (ctx->cert_store); +} -void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) - { +void +SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) +{ if (ctx->cert_store != NULL) X509_STORE_free(ctx->cert_store); - ctx->cert_store=store; - } + ctx->cert_store = store; +} -int SSL_want(const SSL *s) - { - return(s->rwstate); - } +int +SSL_want(const SSL *s) +{ + return (s->rwstate); +} /*! * \brief Set the callback for generating temporary RSA keys. @@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s) */ #ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, - int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); - } - -void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, - int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); - } +void +SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, + int is_export, +int keylength)) +{ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); +} + +void +SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, + int is_export, +int keylength)) +{ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); +} #endif #ifdef DOXYGEN @@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback */ -RSA *cb(SSL *ssl,int is_export,int keylength) - {} +RSA +*cb(SSL *ssl, int is_export, int keylength) +{} #endif /*! @@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength) */ #ifndef OPENSSL_NO_DH -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); - } +void +SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); +} -void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); - } +void +SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); +} #endif #ifndef OPENSSL_NO_ECDH -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); - } +void +SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); +} -void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); - } +void +SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, + int keylength)) +{ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); +} #endif #ifndef OPENSSL_NO_PSK -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) - { - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) - { +int +SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) +{ + if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); return 0; - } + } if (ctx->psk_identity_hint != NULL) OPENSSL_free(ctx->psk_identity_hint); - if (identity_hint != NULL) - { + if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) return 0; - } - else + } else ctx->psk_identity_hint = NULL; return 1; - } +} -int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) - { +int +SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) +{ if (s == NULL) return 0; if (s->session == NULL) return 1; /* session not created yet, ignored */ - if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) - { + if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); return 0; - } + } if (s->session->psk_identity_hint != NULL) OPENSSL_free(s->session->psk_identity_hint); - if (identity_hint != NULL) - { + if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL) return 0; - } - else + } else s->session->psk_identity_hint = NULL; return 1; - } +} -const char *SSL_get_psk_identity_hint(const SSL *s) - { +const char +*SSL_get_psk_identity_hint(const SSL *s) +{ if (s == NULL || s->session == NULL) return NULL; - return(s->session->psk_identity_hint); - } + return (s->session->psk_identity_hint); +} -const char *SSL_get_psk_identity(const SSL *s) - { +const char +*SSL_get_psk_identity(const SSL *s) +{ if (s == NULL || s->session == NULL) return NULL; - return(s->session->psk_identity); - } + return (s->session->psk_identity); +} -void SSL_set_psk_client_callback(SSL *s, +void +SSL_set_psk_client_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)) - { +char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)) +{ s->psk_client_callback = cb; - } +} -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, +void +SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)) - { +char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)) +{ ctx->psk_client_callback = cb; - } +} -void SSL_set_psk_server_callback(SSL *s, +void +SSL_set_psk_server_callback(SSL *s, unsigned int (*cb)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)) - { +unsigned char *psk, unsigned int max_psk_len)) +{ s->psk_server_callback = cb; - } +} -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, +void +SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)) - { +unsigned char *psk, unsigned int max_psk_len)) +{ ctx->psk_server_callback = cb; - } +} #endif -void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) - { +void +SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +{ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); - } -void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) - { +} + +void +SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) +{ SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); - } +} /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer * vairable, freeing EVP_MD_CTX previously stored in that variable, if @@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con * Returns newly allocated ctx; */ -EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) +EVP_MD_CTX +*ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { ssl_clear_hash_ctx(hash); *hash = EVP_MD_CTX_create(); - if (md) EVP_DigestInit_ex(*hash,md,NULL); + if (md) + EVP_DigestInit_ex(*hash, md, NULL); return *hash; } -void ssl_clear_hash_ctx(EVP_MD_CTX **hash) + +void +ssl_clear_hash_ctx(EVP_MD_CTX **hash) { - if (*hash) EVP_MD_CTX_destroy(*hash); - *hash=NULL; + if (*hash) + EVP_MD_CTX_destroy(*hash); + *hash = NULL; } -void SSL_set_debug(SSL *s, int debug) - { +void +SSL_set_debug(SSL *s, int debug) +{ s->debug = debug; - } +} -int SSL_cache_hit(SSL *s) - { +int +SSL_cache_hit(SSL *s) +{ return s->hit; - } +} IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, - ssl_cipher_id); +ssl_cipher_id); diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index 60e7b66859d..078df55f06a 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -66,135 +66,126 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -int SSL_use_certificate(SSL *ssl, X509 *x) - { - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ssl->cert,x)); +int +SSL_use_certificate(SSL *ssl, X509 *x) +{ + if (x == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ssl->cert)) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); + return (0); } + return (ssl_set_cert(ssl->cert, x)); +} #ifndef OPENSSL_NO_STDIO -int SSL_use_certificate_file(SSL *ssl, const char *file, int type) - { +int +SSL_use_certificate_file(SSL *ssl, const char *file, int type) +{ int j; BIO *in; - int ret=0; - X509 *x=NULL; + int ret = 0; + X509 *x = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + x = d2i_X509_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } + } - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); + if (x == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); goto end; - } + } - ret=SSL_use_certificate(ssl,x); + ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } + if (x != NULL) + X509_free(x); + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) - { +int +SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) +{ X509 *x; int ret; - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); - return(0); - } + x = d2i_X509(NULL, &d,(long)len); + if (x == NULL) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_use_certificate(ssl,x); + ret = SSL_use_certificate(ssl, x); X509_free(x); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_RSA -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) - { +int +SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) +{ EVP_PKEY *pkey; int ret; - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); - return(0); - } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ssl->cert)) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); + } + if ((pkey = EVP_PKEY_new()) == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); + return (0); + } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); + EVP_PKEY_assign_RSA(pkey, rsa); - ret=ssl_set_pkey(ssl->cert,pkey); + ret = ssl_set_pkey(ssl->cert, pkey); EVP_PKEY_free(pkey); - return(ret); - } + return (ret); +} #endif -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) - { +static int +ssl_set_pkey(CERT *c, EVP_PKEY *pkey) +{ int i; - i=ssl_cert_type(NULL,pkey); - if (i < 0) - { - SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return(0); - } + i = ssl_cert_type(NULL, pkey); + if (i < 0) { + SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + return (0); + } - if (c->pkeys[i].x509 != NULL) - { + if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); - EVP_PKEY_copy_parameters(pktmp,pkey); + pktmp = X509_get_pubkey(c->pkeys[i].x509); + EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); @@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) * for smart cards. */ if ((pkey->type == EVP_PKEY_RSA) && (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) - ; +; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) - { + if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; return 0; - } } + } if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - c->pkeys[i].privatekey=pkey; - c->key= &(c->pkeys[i]); + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + c->pkeys[i].privatekey = pkey; + c->key = &(c->pkeys[i]); - c->valid=0; - return(1); - } + c->valid = 0; + return (1); +} #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_STDIO -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) - { - int j,ret=0; +int +SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) +{ + int j, ret = 0; BIO *in; - RSA *rsa=NULL; + RSA *rsa = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + rsa = PEM_read_bio_RSAPrivateKey(in, NULL, + ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); + } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); goto end; - } - ret=SSL_use_RSAPrivateKey(ssl,rsa); + } + ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) - { +int +SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) +{ int ret; const unsigned char *p; RSA *rsa; - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_use_RSAPrivateKey(ssl,rsa); + ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); - return(ret); - } + return (ret); +} #endif /* !OPENSSL_NO_RSA */ -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) - { +int +SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) +{ int ret; - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ssl->cert)) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - ret=ssl_set_pkey(ssl->cert,pkey); - return(ret); + if (pkey == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ssl->cert)) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); } + ret = ssl_set_pkey(ssl->cert, pkey); + return (ret); +} #ifndef OPENSSL_NO_STDIO -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) - { - int j,ret=0; +int +SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) +{ + int j, ret = 0; BIO *in; - EVP_PKEY *pkey=NULL; + EVP_PKEY *pkey = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { + } + if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + pkey = PEM_read_bio_PrivateKey(in, NULL, + ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); + } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + pkey = d2i_PrivateKey_bio(in, NULL); + } else { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); + } + if (pkey == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); goto end; - } - ret=SSL_use_PrivateKey(ssl,pkey); + } + ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) - { +int +SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) +{ int ret; const unsigned char *p; EVP_PKEY *pkey; - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_use_PrivateKey(ssl,pkey); + ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); - return(ret); + return (ret); +} + +int +SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) +{ + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return (0); } - -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) - { - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_cert(ctx->cert, x)); + if (!ssl_cert_inst(&ctx->cert)) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); + return (0); } + return (ssl_set_cert(ctx->cert, x)); +} -static int ssl_set_cert(CERT *c, X509 *x) - { +static int +ssl_set_cert(CERT *c, X509 *x) +{ EVP_PKEY *pkey; int i; - pkey=X509_get_pubkey(x); - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); - return(0); - } + pkey = X509_get_pubkey(x); + if (pkey == NULL) { + SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); + return (0); + } - i=ssl_cert_type(x,pkey); - if (i < 0) - { - SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + i = ssl_cert_type(x, pkey); + if (i < 0) { + SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); - return(0); - } + return (0); + } - if (c->pkeys[i].privatekey != NULL) - { - EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); + if (c->pkeys[i].privatekey != NULL) { + EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); #ifndef OPENSSL_NO_RSA @@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x) * for smart cards. */ if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & - RSA_METHOD_FLAG_NO_CHECK)) - ; + RSA_METHOD_FLAG_NO_CHECK)) +; else #endif /* OPENSSL_NO_RSA */ - if (!X509_check_private_key(x,c->pkeys[i].privatekey)) - { + if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* don't fail for a cert/key mismatch, just free * current private key (when switching to a different * cert & key, first this function should be used, * then ssl_set_pkey */ EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey=NULL; + c->pkeys[i].privatekey = NULL; /* clear error queue */ ERR_clear_error(); - } } + } EVP_PKEY_free(pkey); if (c->pkeys[i].x509 != NULL) X509_free(c->pkeys[i].x509); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - c->pkeys[i].x509=x; - c->key= &(c->pkeys[i]); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + c->pkeys[i].x509 = x; + c->key = &(c->pkeys[i]); - c->valid=0; - return(1); - } + c->valid = 0; + return (1); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) - { +int +SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) +{ int j; BIO *in; - int ret=0; - X509 *x=NULL; + int ret = 0; + X509 *x = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - x=d2i_X509_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + x = d2i_X509_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } + } - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); goto end; - } + } - ret=SSL_CTX_use_certificate(ctx,x); + ret = SSL_CTX_use_certificate(ctx, x); end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } + if (x != NULL) + X509_free(x); + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) - { +int +SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) +{ X509 *x; int ret; - x=d2i_X509(NULL,&d,(long)len); - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); - return(0); - } + x = d2i_X509(NULL, &d,(long)len); + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_CTX_use_certificate(ctx,x); + ret = SSL_CTX_use_certificate(ctx, x); X509_free(x); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_RSA -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) - { +int +SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) +{ int ret; EVP_PKEY *pkey; - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((pkey=EVP_PKEY_new()) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); - return(0); - } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (!ssl_cert_inst(&ctx->cert)) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); + } + if ((pkey = EVP_PKEY_new()) == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); + return (0); + } RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey,rsa); + EVP_PKEY_assign_RSA(pkey, rsa); - ret=ssl_set_pkey(ctx->cert, pkey); + ret = ssl_set_pkey(ctx->cert, pkey); EVP_PKEY_free(pkey); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int j,ret=0; +int +SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) +{ + int j, ret = 0; BIO *in; - RSA *rsa=NULL; + RSA *rsa = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_ASN1) - { - j=ERR_R_ASN1_LIB; - rsa=d2i_RSAPrivateKey_bio(in,NULL); - } - else if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + rsa = PEM_read_bio_RSAPrivateKey(in, NULL, + ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); + } else { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (rsa == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); + } + if (rsa == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); goto end; - } - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); + } + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) - { +int +SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) +{ int ret; const unsigned char *p; RSA *rsa; - p=d; - if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); - return(ret); - } + return (ret); +} #endif /* !OPENSSL_NO_RSA */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) - { - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if (!ssl_cert_inst(&ctx->cert)) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); - return(0); - } - return(ssl_set_pkey(ctx->cert,pkey)); +int +SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) +{ + if (pkey == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); + return (0); } + if (!ssl_cert_inst(&ctx->cert)) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); + return (0); + } + return (ssl_set_pkey(ctx->cert, pkey)); +} #ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) - { - int j,ret=0; +int +SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) +{ + int j, ret = 0; BIO *in; - EVP_PKEY *pkey=NULL; + EVP_PKEY *pkey = NULL; - in=BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); + in = BIO_new(BIO_s_file_internal()); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; - } - if (type == SSL_FILETYPE_PEM) - { - j=ERR_R_PEM_LIB; - pkey=PEM_read_bio_PrivateKey(in,NULL, - ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); - } - else if (type == SSL_FILETYPE_ASN1) - { + } + if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + pkey = PEM_read_bio_PrivateKey(in, NULL, + ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); + } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; - pkey = d2i_PrivateKey_bio(in,NULL); - } - else - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); + pkey = d2i_PrivateKey_bio(in, NULL); + } else { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; - } - if (pkey == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); + } + if (pkey == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); goto end; - } - ret=SSL_CTX_use_PrivateKey(ctx,pkey); + } + ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); end: - if (in != NULL) BIO_free(in); - return(ret); - } + if (in != NULL) + BIO_free(in); + return (ret); +} #endif -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, - long len) - { +int +SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, + long len) +{ int ret; const unsigned char *p; EVP_PKEY *pkey; - p=d; - if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); - return(0); - } + p = d; + if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); + return (0); + } - ret=SSL_CTX_use_PrivateKey(ctx,pkey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); - return(ret); - } + return (ret); +} #ifndef OPENSSL_NO_STDIO @@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, * possibly followed by a sequence of CA certificates that should be * sent to the peer in the Certificate message. */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) - { +int +SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +{ BIO *in; - int ret=0; - X509 *x=NULL; + int ret = 0; + X509 *x = NULL; ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ in = BIO_new(BIO_s_file_internal()); - if (in == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); + if (in == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); goto end; - } + } - if (BIO_read_filename(in,file) <= 0) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); + if (BIO_read_filename(in, file) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); goto end; - } + } - x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - if (x == NULL) - { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); + x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); + if (x == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; - } + } ret = SSL_CTX_use_certificate(ctx, x); if (ERR_peek_error() != 0) - ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ - if (ret) - { + ret = 0; + /* Key/certificate mismatch doesn't imply ret==0 ... */ + if (ret) { /* If we could set up our certificate, now proceed to * the CA certificates. */ X509 *ca; int r; unsigned long err; - - if (ctx->extra_certs != NULL) - { + + if (ctx->extra_certs != NULL) { sk_X509_pop_free(ctx->extra_certs, X509_free); ctx->extra_certs = NULL; - } + } while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) - { + ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata)) + != NULL) { r = SSL_CTX_add_extra_chain_cert(ctx, ca); - if (!r) - { + if (!r) { X509_free(ca); ret = 0; goto end; - } + } /* Note that we must not free r if it was successfully * added to the chain (while we must free the main * certificate, since its reference count is increased * by SSL_CTX_use_certificate). */ - } + } /* When the while loop ends, it's usually just EOF. */ err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) ERR_clear_error(); - else + else ret = 0; /* some real error */ - } + } end: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); - } + if (x != NULL) + X509_free(x); + if (in != NULL) + BIO_free(in); + return (ret); +} #endif diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index ad40fadd02c..b29115862b9 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -144,68 +144,74 @@ #include "ssl_locl.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); -static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); +static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); -SSL_SESSION *SSL_get_session(const SSL *ssl) +SSL_SESSION +*SSL_get_session(const SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ - { - return(ssl->session); - } +{ + return (ssl->session); +} -SSL_SESSION *SSL_get1_session(SSL *ssl) +SSL_SESSION +*SSL_get1_session(SSL *ssl) /* variant of SSL_get_session: caller really gets something */ - { +{ SSL_SESSION *sess; /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; - if(sess) + if (sess) sess->references++; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); - return(sess); - } + return (sess); +} -int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); - } +int +SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); +} -void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) - { - return(CRYPTO_get_ex_data(&s->ex_data,idx)); - } +void +*SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) +{ + return (CRYPTO_get_ex_data(&s->ex_data, idx)); +} -SSL_SESSION *SSL_SESSION_new(void) - { +SSL_SESSION +*SSL_SESSION_new(void) +{ SSL_SESSION *ss; - ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); - if (ss == NULL) - { - SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(ss,0,sizeof(SSL_SESSION)); + ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); + if (ss == NULL) { + SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); + return (0); + } + memset(ss, 0, sizeof(SSL_SESSION)); ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ - ss->references=1; + ss->references = 1; ss->timeout=60*5+4; /* 5 minute timeout by default */ - ss->time=(unsigned long)time(NULL); - ss->prev=NULL; - ss->next=NULL; - ss->compress_meth=0; + ss->time = (unsigned long)time(NULL); + ss->prev = NULL; + ss->next = NULL; + ss->compress_meth = 0; #ifndef OPENSSL_NO_TLSEXT - ss->tlsext_hostname = NULL; + ss->tlsext_hostname = NULL; + #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; ss->tlsext_ecpointformatlist = NULL; @@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void) #endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); #ifndef OPENSSL_NO_PSK - ss->psk_identity_hint=NULL; - ss->psk_identity=NULL; + ss->psk_identity_hint = NULL; + ss->psk_identity = NULL; #endif #ifndef OPENSSL_NO_SRP - ss->srp_username=NULL; + ss->srp_username = NULL; #endif - return(ss); - } + return (ss); +} -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if(len) +const unsigned char +*SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) +{ + if (len) *len = s->session_id_length; return s->session_id; - } +} -unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) - { +unsigned int +SSL_SESSION_get_compress_id(const SSL_SESSION *s) +{ return s->compress_meth; - } +} /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly @@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) * store that many sessions is perhaps a more interesting question ... */ #define MAX_SESS_ID_ATTEMPTS 10 -static int def_generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len) +static int +def_generate_session_id(const SSL *ssl, unsigned char *id, + unsigned int *id_len) { unsigned int retry = 0; do - if (RAND_pseudo_bytes(id, *id_len) <= 0) - return 0; - while(SSL_has_matching_session_id(ssl, id, *id_len) && - (++retry < MAX_SESS_ID_ATTEMPTS)); - if(retry < MAX_SESS_ID_ATTEMPTS) + if (RAND_pseudo_bytes(id, *id_len) <= 0) + return 0; + while (SSL_has_matching_session_id(ssl, id, *id_len) && + (++retry < MAX_SESS_ID_ATTEMPTS)); + if (retry < MAX_SESS_ID_ATTEMPTS) return 1; /* else - woops a session_id match */ /* XXX We should also check the external cache -- @@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, return 0; } -int ssl_get_new_session(SSL *s, int session) - { +int +ssl_get_new_session(SSL *s, int session) +{ /* This gets used by clients and servers. */ unsigned int tmp; - SSL_SESSION *ss=NULL; + SSL_SESSION *ss = NULL; GEN_SESSION_CB cb = def_generate_session_id; - if ((ss=SSL_SESSION_new()) == NULL) return(0); + if ((ss = SSL_SESSION_new()) == NULL) return (0); /* If the context has a default timeout, use it */ if (s->session_ctx->session_timeout == 0) - ss->timeout=SSL_get_default_timeout(s); + ss->timeout = SSL_get_default_timeout(s); else - ss->timeout=s->session_ctx->session_timeout; + ss->timeout = s->session_ctx->session_timeout; - if (s->session != NULL) - { + if (s->session != NULL) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - if (session) - { - if (s->version == SSL2_VERSION) - { - ss->ssl_version=SSL2_VERSION; - ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - } - else if (s->version == SSL3_VERSION) - { - ss->ssl_version=SSL3_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_VERSION) - { - ss->ssl_version=TLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_1_VERSION) - { - ss->ssl_version=TLS1_1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == TLS1_2_VERSION) - { - ss->ssl_version=TLS1_2_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_BAD_VER) - { - ss->ssl_version=DTLS1_BAD_VER; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else if (s->version == DTLS1_VERSION) - { - ss->ssl_version=DTLS1_VERSION; - ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; - } - else - { - SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); + if (session) { + if (s->version == SSL2_VERSION) { + ss->ssl_version = SSL2_VERSION; + ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; + } else if (s->version == SSL3_VERSION) { + ss->ssl_version = SSL3_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_VERSION) { + ss->ssl_version = TLS1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_1_VERSION) { + ss->ssl_version = TLS1_1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_2_VERSION) { + ss->ssl_version = TLS1_2_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_BAD_VER) { + ss->ssl_version = DTLS1_BAD_VER; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_VERSION) { + ss->ssl_version = DTLS1_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else { + SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); SSL_SESSION_free(ss); - return(0); - } + return (0); + } #ifndef OPENSSL_NO_TLSEXT /* If RFC4507 ticket use empty session ID */ - if (s->tlsext_ticket_expected) - { + if (s->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; - } + } #endif /* Choose which callback will set the session ID */ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - if(s->generate_session_id) + if (s->generate_session_id) cb = s->generate_session_id; - else if(s->session_ctx->generate_session_id) + else if (s->session_ctx->generate_session_id) cb = s->session_ctx->generate_session_id; CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); /* Choose a session ID */ tmp = ss->session_id_length; - if(!cb(s, ss->session_id, &tmp)) - { + if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); SSL_SESSION_free(ss); - return(0); - } + return (0); + } /* Don't allow the callback to set the session length to zero. * nor set it higher than it was. */ - if(!tmp || (tmp > ss->session_id_length)) - { + if (!tmp || (tmp > ss->session_id_length)) { /* The callback set an illegal length */ SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); + SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); SSL_SESSION_free(ss); - return(0); - } + return (0); + } /* If the session length was shrunk and we're SSLv2, pad it */ - if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) + if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); else ss->session_id_length = tmp; /* Finally, check for a conflict */ - if(SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) - { + if (SSL_has_matching_session_id(s, ss->session_id, + ss->session_id_length)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CONFLICT); + SSL_R_SSL_SESSION_ID_CONFLICT); SSL_SESSION_free(ss); - return(0); - } + return (0); + } #ifndef OPENSSL_NO_TLSEXT sess_id_done: if (s->tlsext_hostname) { @@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session) SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; - } } + } #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - { - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); - if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) - { + if (s->tlsext_ecpointformatlist) { + if (ss->tlsext_ecpointformatlist != NULL) + OPENSSL_free(ss->tlsext_ecpointformatlist); + if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); return 0; - } + } ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); - } - if (s->tlsext_ellipticcurvelist) - { - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); - if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) - { + } + if (s->tlsext_ellipticcurvelist) { + if (ss->tlsext_ellipticcurvelist != NULL) + OPENSSL_free(ss->tlsext_ellipticcurvelist); + if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); return 0; - } + } ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); - } + } #endif #endif - } - else - { - ss->session_id_length=0; - } + } else { + ss->session_id_length = 0; + } - if (s->sid_ctx_length > sizeof ss->sid_ctx) - { + if (s->sid_ctx_length > sizeof ss->sid_ctx) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; - } - memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); - ss->sid_ctx_length=s->sid_ctx_length; - s->session=ss; - ss->ssl_version=s->version; + } + memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); + ss->sid_ctx_length = s->sid_ctx_length; + s->session = ss; + ss->ssl_version = s->version; ss->verify_result = X509_V_OK; - return(1); - } + return (1); +} /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this * connection. It is only called by servers. @@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session) * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ -int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, - const unsigned char *limit) - { +int +ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, + const unsigned char *limit) +{ /* This is used only by servers. */ - SSL_SESSION *ret=NULL; + SSL_SESSION *ret = NULL; int fatal = 0; int try_session_cache = 1; #ifndef OPENSSL_NO_TLSEXT @@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, #ifndef OPENSSL_NO_TLSEXT r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ - switch (r) - { + switch (r) { case -1: /* Error during processing */ fatal = 1; goto err; @@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, break; default: abort(); - } + } #endif if (try_session_cache && - ret == NULL && - !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) - { + ret == NULL && + !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; - data.ssl_version=s->version; - data.session_id_length=len; + data.ssl_version = s->version; + data.session_id_length = len; if (len == 0) return 0; - memcpy(data.session_id,session_id,len); + memcpy(data.session_id, session_id, len); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); - if (ret != NULL) - { + ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); + if (ret != NULL) { /* don't allow other threads to steal it: */ - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - } + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); + } CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); if (ret == NULL) s->session_ctx->stats.sess_miss++; - } + } if (try_session_cache && - ret == NULL && - s->session_ctx->get_session_cb != NULL) - { - int copy=1; - - if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) - { + ret == NULL && + s->session_ctx->get_session_cb != NULL) { + int copy = 1; + + if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { s->session_ctx->stats.sess_cb_hit++; /* Increment reference count now if the session callback @@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, * it must handle the reference count itself [i.e. copy == 0], * or things won't be thread-safe). */ if (copy) - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); /* Add the externally cached session to the internal * cache as well if and only if we are supposed to. */ - if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) /* The following should not return 1, otherwise, * things are very strange */ - SSL_CTX_add_session(s->session_ctx,ret); - } + SSL_CTX_add_session(s->session_ctx, ret); } + } if (ret == NULL) goto err; @@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length - || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) - { + || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't * want to use it in this context. */ goto err; /* treat like cache miss */ - } - - if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) - { + } + + if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { /* We can't be sure if this session is being used out of * context, which is especially important for SSL_VERIFY_PEER. * The application should have used SSL[_CTX]_set_session_id_context. @@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, * applications to effectively disable the session cache by * accident without anyone noticing). */ - - SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + + SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; - } + } - if (ret->cipher == NULL) - { - unsigned char buf[5],*p; + if (ret->cipher == NULL) { + unsigned char buf[5], *p; unsigned long l; - p=buf; - l=ret->cipher_id; - l2n(l,p); - if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) - ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); - else - ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); + p = buf; + l = ret->cipher_id; + l2n(l, p); + if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) + ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); + else + ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); if (ret->cipher == NULL) goto err; - } + } if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ - { + { s->session_ctx->stats.sess_timeout++; - if (try_session_cache) - { + if (try_session_cache) { /* session was from the cache, so remove it */ - SSL_CTX_remove_session(s->session_ctx,ret); - } - goto err; + SSL_CTX_remove_session(s->session_ctx, ret); } + goto err; + } s->session_ctx->stats.sess_hit++; if (s->session != NULL) SSL_SESSION_free(s->session); - s->session=ret; + s->session = ret; s->verify_result = s->session->verify_result; return 1; - err: - if (ret != NULL) - { + err: + if (ret != NULL) { SSL_SESSION_free(ret); #ifndef OPENSSL_NO_TLSEXT - if (!try_session_cache) - { + if (!try_session_cache) { /* The session was from a ticket, so we should * issue a ticket for the new session */ s->tlsext_ticket_expected = 1; - } -#endif } +#endif + } if (fatal) return -1; else return 0; - } +} -int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) - { - int ret=0; +int +SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) +{ + int ret = 0; SSL_SESSION *s; /* add just 1 reference count for the SSL_CTX's session cache * even though it has two ways of access: each session is in a * doubly linked list and an lhash */ - CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); /* if session c is in already in cache, we take back the increment later */ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - s=lh_SSL_SESSION_insert(ctx->sessions,c); - + s = lh_SSL_SESSION_insert(ctx->sessions, c); + /* s != NULL iff we already had a session with the given PID. * In this case, s == c should hold (then we did not really modify * ctx->sessions), or we're in trouble. */ - if (s != NULL && s != c) - { + if (s != NULL && s != c) { /* We *are* in trouble ... */ - SSL_SESSION_list_remove(ctx,s); + SSL_SESSION_list_remove(ctx, s); SSL_SESSION_free(s); /* ... so pretend the other session did not exist in cache * (we cannot handle two SSL_SESSION structures with identical @@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) * two threads concurrently obtain the same session from an external * cache) */ s = NULL; - } + } - /* Put at the head of the queue unless it is already in the cache */ + /* Put at the head of the queue unless it is already in the cache */ if (s == NULL) - SSL_SESSION_list_add(ctx,c); + SSL_SESSION_list_add(ctx, c); - if (s != NULL) - { + if (s != NULL) { /* existing cache entry -- decrement previously incremented reference * count because it already takes into account the cache */ SSL_SESSION_free(s); /* s == c */ - ret=0; - } - else - { + ret = 0; + } else { /* new cache entry -- remove old ones if cache has become too large */ - - ret=1; - if (SSL_CTX_sess_get_cache_size(ctx) > 0) - { + ret = 1; + + if (SSL_CTX_sess_get_cache_size(ctx) > 0) { while (SSL_CTX_sess_number(ctx) > - SSL_CTX_sess_get_cache_size(ctx)) - { + SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) - break; + break; else ctx->stats.sess_cache_full++; - } } } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - return(ret); } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + return (ret); +} -int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) +int +SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) { return remove_session_lock(ctx, c, 1); } -static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) - { +static int +remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) +{ SSL_SESSION *r; - int ret=0; - - if ((c != NULL) && (c->session_id_length != 0)) - { - if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) - { - ret=1; - r=lh_SSL_SESSION_delete(ctx->sessions,c); - SSL_SESSION_list_remove(ctx,c); - } + int ret = 0; + + if ((c != NULL) && (c->session_id_length != 0)) { + if (lck) + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { + ret = 1; + r = lh_SSL_SESSION_delete(ctx->sessions, c); + SSL_SESSION_list_remove(ctx, c); + } - if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + if (lck) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (ret) - { - r->not_resumable=1; + if (ret) { + r->not_resumable = 1; if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx,r); + ctx->remove_session_cb(ctx, r); SSL_SESSION_free(r); - } } - else - ret=0; - return(ret); - } + } else + ret = 0; + return (ret); +} -void SSL_SESSION_free(SSL_SESSION *ss) - { +void +SSL_SESSION_free(SSL_SESSION *ss) +{ int i; - if(ss == NULL) - return; + if (ss == NULL) + return; - i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); + i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); #ifdef REF_PRINT - REF_PRINT("SSL_SESSION",ss); + REF_PRINT("SSL_SESSION", ss); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); + if (i < 0) { + fprintf(stderr, "SSL_SESSION_free, bad reference count\n"); abort(); /* ok */ - } + } #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); - OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); - if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) X509_free(ss->peer); - if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); + OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); + OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); + OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); + if (ss->sess_cert != NULL) + ssl_sess_cert_free(ss->sess_cert); + if (ss->peer != NULL) + X509_free(ss->peer); + if (ss->ciphers != NULL) + sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT - if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); - if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); + if (ss->tlsext_hostname != NULL) + OPENSSL_free(ss->tlsext_hostname); + if (ss->tlsext_tick != NULL) + OPENSSL_free(ss->tlsext_tick); #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; - if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); + if (ss->tlsext_ecpointformatlist != NULL) + OPENSSL_free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; - if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); + if (ss->tlsext_ellipticcurvelist != NULL) + OPENSSL_free(ss->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ #endif #ifndef OPENSSL_NO_PSK @@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss->srp_username != NULL) OPENSSL_free(ss->srp_username); #endif - OPENSSL_cleanse(ss,sizeof(*ss)); + OPENSSL_cleanse(ss, sizeof(*ss)); OPENSSL_free(ss); - } +} -int SSL_set_session(SSL *s, SSL_SESSION *session) - { - int ret=0; +int +SSL_set_session(SSL *s, SSL_SESSION *session) +{ + int ret = 0; const SSL_METHOD *meth; - if (session != NULL) - { - meth=s->ctx->method->get_ssl_method(session->ssl_version); + if (session != NULL) { + meth = s->ctx->method->get_ssl_method(session->ssl_version); if (meth == NULL) - meth=s->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - { - SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return(0); - } + meth = s->method->get_ssl_method(session->ssl_version); + if (meth == NULL) { + SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); + return (0); + } - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } + if (meth != s->method) { + if (!SSL_set_ssl_method(s, meth)) + return (0); + } #ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx && !s->kssl_ctx->client_princ && - session->krb5_client_princ_len > 0) - { - s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); - memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, - session->krb5_client_princ_len); - s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; - } + if (s->kssl_ctx && !s->kssl_ctx->client_princ && + session->krb5_client_princ_len > 0) { + s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); + memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, + session->krb5_client_princ_len); + s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; + } #endif /* OPENSSL_NO_KRB5 */ /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ - CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); + CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); if (s->session != NULL) SSL_SESSION_free(s->session); - s->session=session; + s->session = session; s->verify_result = s->session->verify_result; /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ - ret=1; - } - else - { - if (s->session != NULL) - { + ret = 1; + } else { + if (s->session != NULL) { SSL_SESSION_free(s->session); - s->session=NULL; - } + s->session = NULL; + } - meth=s->ctx->method; - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } - ret=1; + meth = s->ctx->method; + if (meth != s->method) { + if (!SSL_set_ssl_method(s, meth)) + return (0); } - return(ret); + ret = 1; } + return (ret); +} -long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->timeout=t; - return(1); - } +long +SSL_SESSION_set_timeout(SSL_SESSION *s, long t) +{ + if (s == NULL) + return (0); + s->timeout = t; + return (1); +} -long SSL_SESSION_get_timeout(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->timeout); - } +long +SSL_SESSION_get_timeout(const SSL_SESSION *s) +{ + if (s == NULL) + return (0); + return (s->timeout); +} -long SSL_SESSION_get_time(const SSL_SESSION *s) - { - if (s == NULL) return(0); - return(s->time); - } +long +SSL_SESSION_get_time(const SSL_SESSION *s) +{ + if (s == NULL) + return (0); + return (s->time); +} -long SSL_SESSION_set_time(SSL_SESSION *s, long t) - { - if (s == NULL) return(0); - s->time=t; - return(t); - } +long +SSL_SESSION_set_time(SSL_SESSION *s, long t) +{ + if (s == NULL) + return (0); + s->time = t; + return (t); +} -X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) - { +X509 +*SSL_SESSION_get0_peer(SSL_SESSION *s) +{ return s->peer; - } +} -int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, - unsigned int sid_ctx_len) - { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) - { - SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); +int +SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) +{ + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { + SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; - } - s->sid_ctx_length=sid_ctx_len; - memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); + } + s->sid_ctx_length = sid_ctx_len; + memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); return 1; - } +} -long SSL_CTX_set_timeout(SSL_CTX *s, long t) - { +long +SSL_CTX_set_timeout(SSL_CTX *s, long t) +{ long l; - if (s == NULL) return(0); - l=s->session_timeout; - s->session_timeout=t; - return(l); - } + if (s == NULL) + return (0); + l = s->session_timeout; + s->session_timeout = t; + return (l); +} -long SSL_CTX_get_timeout(const SSL_CTX *s) - { - if (s == NULL) return(0); - return(s->session_timeout); - } +long +SSL_CTX_get_timeout(const SSL_CTX *s) +{ + if (s == NULL) + return (0); + return (s->session_timeout); +} #ifndef OPENSSL_NO_TLSEXT -int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) - { - if (s == NULL) return(0); +int +SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) +{ + if (s == NULL) + return (0); s->tls_session_secret_cb = tls_session_secret_cb; s->tls_session_secret_cb_arg = arg; - return(1); - } + return (1); +} -int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg) - { - if (s == NULL) return(0); +int +SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, + void *arg) +{ + if (s == NULL) + return (0); s->tls_session_ticket_ext_cb = cb; s->tls_session_ticket_ext_cb_arg = arg; - return(1); - } + return (1); +} -int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) - { - if (s->version >= TLS1_VERSION) - { - if (s->tlsext_session_ticket) - { +int +SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) +{ + if (s->version >= TLS1_VERSION) { + if (s->tlsext_session_ticket) { OPENSSL_free(s->tlsext_session_ticket); s->tlsext_session_ticket = NULL; - } + } s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (!s->tlsext_session_ticket) - { + if (!s->tlsext_session_ticket) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); return 0; - } + } - if (ext_data) - { + if (ext_data) { s->tlsext_session_ticket->length = ext_len; s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); - } - else - { + } else { s->tlsext_session_ticket->length = 0; s->tlsext_session_ticket->data = NULL; - } + } return 1; - } + } return 0; - } +} #endif /* OPENSSL_NO_TLSEXT */ -typedef struct timeout_param_st - { +typedef struct timeout_param_st { SSL_CTX *ctx; long time; LHASH_OF(SSL_SESSION) *cache; - } TIMEOUT_PARAM; +} TIMEOUT_PARAM; -static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) - { +static void +timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) +{ if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ - { + { /* The reason we don't call SSL_CTX_remove_session() is to * save on locking overhead */ - (void)lh_SSL_SESSION_delete(p->cache,s); - SSL_SESSION_list_remove(p->ctx,s); - s->not_resumable=1; + (void)lh_SSL_SESSION_delete(p->cache, s); + SSL_SESSION_list_remove(p->ctx, s); + s->not_resumable = 1; if (p->ctx->remove_session_cb != NULL) - p->ctx->remove_session_cb(p->ctx,s); + p->ctx->remove_session_cb(p->ctx, s); SSL_SESSION_free(s); - } } +} -static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) +static +IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) -void SSL_CTX_flush_sessions(SSL_CTX *s, long t) - { +void +SSL_CTX_flush_sessions(SSL_CTX *s, long t) +{ unsigned long i; TIMEOUT_PARAM tp; - tp.ctx=s; - tp.cache=s->sessions; - if (tp.cache == NULL) return; - tp.time=t; + tp.ctx = s; + tp.cache = s->sessions; + if (tp.cache == NULL) + return; + tp.time = t; CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; + i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; + CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), - TIMEOUT_PARAM, &tp); - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; + TIMEOUT_PARAM, &tp); + CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - } +} -int ssl_clear_bad_session(SSL *s) - { - if ( (s->session != NULL) && +int +ssl_clear_bad_session(SSL *s) +{ + if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) - { - SSL_CTX_remove_session(s->ctx,s->session); - return(1); - } - else - return(0); - } + !(SSL_in_init(s) || SSL_in_before(s))) { + SSL_CTX_remove_session(s->ctx, s->session); + return (1); + } else + return (0); +} /* locked by SSL_CTX in the calling function */ -static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) - { - if ((s->next == NULL) || (s->prev == NULL)) return; +static void +SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) +{ + if ((s->next == NULL) + || (s->prev == NULL)) return; if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) - { /* last element in list */ + { /* last element in list */ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* only one element in list */ - ctx->session_cache_head=NULL; - ctx->session_cache_tail=NULL; - } - else - { - ctx->session_cache_tail=s->prev; - s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } + { /* only one element in list */ + ctx->session_cache_head = NULL; + ctx->session_cache_tail = NULL; + } else { + ctx->session_cache_tail = s->prev; + s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); } - else - { + } else { if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* first element in list */ - ctx->session_cache_head=s->next; - s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); - } - else - { /* middle of list */ - s->next->prev=s->prev; - s->prev->next=s->next; - } + { /* first element in list */ + ctx->session_cache_head = s->next; + s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); + } else + { /* middle of list */ + s->next->prev = s->prev; + s->prev->next = s->next; } - s->prev=s->next=NULL; } + s->prev = s->next = NULL; +} -static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) - { +static void +SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) +{ if ((s->next != NULL) && (s->prev != NULL)) - SSL_SESSION_list_remove(ctx,s); - - if (ctx->session_cache_head == NULL) - { - ctx->session_cache_head=s; - ctx->session_cache_tail=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - s->next=(SSL_SESSION *)&(ctx->session_cache_tail); - } - else - { - s->next=ctx->session_cache_head; - s->next->prev=s; - s->prev=(SSL_SESSION *)&(ctx->session_cache_head); - ctx->session_cache_head=s; - } + SSL_SESSION_list_remove(ctx, s); + + if (ctx->session_cache_head == NULL) { + ctx->session_cache_head = s; + ctx->session_cache_tail = s; + s->prev = (SSL_SESSION *)&(ctx->session_cache_head); + s->next = (SSL_SESSION *)&(ctx->session_cache_tail); + } else { + s->next = ctx->session_cache_head; + s->next->prev = s; + s->prev = (SSL_SESSION *)&(ctx->session_cache_head); + ctx->session_cache_head = s; } +} -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) - { - ctx->new_session_cb=cb; - } +void +SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { + ctx->new_session_cb = cb; +} int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) - { +{ return ctx->new_session_cb; - } +} -void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) - { - ctx->remove_session_cb=cb; - } +void +SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) +{ + ctx->remove_session_cb = cb; +} -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) - { +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) +{ return ctx->remove_session_cb; - } +} -void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*cb)(struct ssl_st *ssl, - unsigned char *data,int len,int *copy)) - { - ctx->get_session_cb=cb; - } +void +SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*cb)(struct ssl_st *ssl, +unsigned char *data, int len, int *copy)) +{ + ctx->get_session_cb = cb; +} SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, - unsigned char *data,int len,int *copy) - { + unsigned char *data, int len, int *copy) +{ return ctx->get_session_cb; - } +} -void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb)(const SSL *ssl,int type,int val)) - { - ctx->info_callback=cb; - } +void +SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb)(const SSL *ssl, int type, int val)) +{ + ctx->info_callback = cb; +} -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) - { +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) +{ return ctx->info_callback; - } +} -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) - { - ctx->client_cert_cb=cb; - } +void +SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) +{ + ctx->client_cert_cb = cb; +} int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) - { +{ return ctx->client_cert_cb; - } +} #ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) - { - if (!ENGINE_init(e)) - { +int +SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) +{ + if (!ENGINE_init(e)) { SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); return 0; - } - if(!ENGINE_get_ssl_client_cert_function(e)) - { + } + if (!ENGINE_get_ssl_client_cert_function(e)) { SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); ENGINE_finish(e); return 0; - } + } ctx->client_cert_engine = e; return 1; - } +} #endif -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) - { - ctx->app_gen_cookie_cb=cb; - } +void +SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) +{ + ctx->app_gen_cookie_cb = cb; +} -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) - { - ctx->app_verify_cookie_cb=cb; - } +void +SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) +{ + ctx->app_verify_cookie_cb = cb; +} IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) diff --git a/lib/libssl/ssl_stat.c b/lib/libssl/ssl_stat.c index 144b81e55fe..3d9371cdd7a 100644 --- a/lib/libssl/ssl_stat.c +++ b/lib/libssl/ssl_stat.c @@ -85,311 +85,533 @@ #include <stdio.h> #include "ssl_locl.h" -const char *SSL_state_string_long(const SSL *s) - { +const char +*SSL_state_string_long(const SSL *s) +{ const char *str; - switch (s->state) - { -case SSL_ST_BEFORE: str="before SSL initialization"; break; -case SSL_ST_ACCEPT: str="before accept initialization"; break; -case SSL_ST_CONNECT: str="before connect initialization"; break; -case SSL_ST_OK: str="SSL negotiation finished successfully"; break; -case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; -case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; -case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; -case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; -case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; + switch (s->state) { + case SSL_ST_BEFORE: + str="before SSL initialization"; break; + case SSL_ST_ACCEPT: + str="before accept initialization"; break; + case SSL_ST_CONNECT: + str="before connect initialization"; break; + case SSL_ST_OK: + str="SSL negotiation finished successfully"; break; + case SSL_ST_RENEGOTIATE: + str="SSL renegotiate ciphers"; break; + case SSL_ST_BEFORE|SSL_ST_CONNECT: + str="before/connect initialization"; break; + case SSL_ST_OK|SSL_ST_CONNECT: + str="ok/connect SSL initialization"; break; + case SSL_ST_BEFORE|SSL_ST_ACCEPT: + str="before/accept initialization"; break; + case SSL_ST_OK|SSL_ST_ACCEPT: + str="ok/accept SSL initialization"; break; #ifndef OPENSSL_NO_SSL2 -case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; -case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; -case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; -case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; -case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; -case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; -case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; -case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; -case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; -case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; -case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; -case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; -case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; -case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; -case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; -case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; -case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; -case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; -case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; -case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; -case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; -case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; + case SSL2_ST_CLIENT_START_ENCRYPTION: + str="SSLv2 client start encryption"; break; + case SSL2_ST_SERVER_START_ENCRYPTION: + str="SSLv2 server start encryption"; break; + case SSL2_ST_SEND_CLIENT_HELLO_A: + str="SSLv2 write client hello A"; break; + case SSL2_ST_SEND_CLIENT_HELLO_B: + str="SSLv2 write client hello B"; break; + case SSL2_ST_GET_SERVER_HELLO_A: + str="SSLv2 read server hello A"; break; + case SSL2_ST_GET_SERVER_HELLO_B: + str="SSLv2 read server hello B"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: + str="SSLv2 write client master key A"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: + str="SSLv2 write client master key B"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_A: + str="SSLv2 write client finished A"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_B: + str="SSLv2 write client finished B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: + str="SSLv2 write client certificate A"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: + str="SSLv2 write client certificate B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: + str="SSLv2 write client certificate C"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: + str="SSLv2 write client certificate D"; break; + case SSL2_ST_GET_SERVER_VERIFY_A: + str="SSLv2 read server verify A"; break; + case SSL2_ST_GET_SERVER_VERIFY_B: + str="SSLv2 read server verify B"; break; + case SSL2_ST_GET_SERVER_FINISHED_A: + str="SSLv2 read server finished A"; break; + case SSL2_ST_GET_SERVER_FINISHED_B: + str="SSLv2 read server finished B"; break; + case SSL2_ST_GET_CLIENT_HELLO_A: + str="SSLv2 read client hello A"; break; + case SSL2_ST_GET_CLIENT_HELLO_B: + str="SSLv2 read client hello B"; break; + case SSL2_ST_GET_CLIENT_HELLO_C: + str="SSLv2 read client hello C"; break; + case SSL2_ST_SEND_SERVER_HELLO_A: + str="SSLv2 write server hello A"; break; + case SSL2_ST_SEND_SERVER_HELLO_B: + str="SSLv2 write server hello B"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_A: + str="SSLv2 read client master key A"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_B: + str="SSLv2 read client master key B"; break; + case SSL2_ST_SEND_SERVER_VERIFY_A: + str="SSLv2 write server verify A"; break; + case SSL2_ST_SEND_SERVER_VERIFY_B: + str="SSLv2 write server verify B"; break; + case SSL2_ST_SEND_SERVER_VERIFY_C: + str="SSLv2 write server verify C"; break; + case SSL2_ST_GET_CLIENT_FINISHED_A: + str="SSLv2 read client finished A"; break; + case SSL2_ST_GET_CLIENT_FINISHED_B: + str="SSLv2 read client finished B"; break; + case SSL2_ST_SEND_SERVER_FINISHED_A: + str="SSLv2 write server finished A"; break; + case SSL2_ST_SEND_SERVER_FINISHED_B: + str="SSLv2 write server finished B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: + str="SSLv2 write request certificate A"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: + str="SSLv2 write request certificate B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: + str="SSLv2 write request certificate C"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: + str="SSLv2 write request certificate D"; break; + case SSL2_ST_X509_GET_SERVER_CERTIFICATE: + str="SSLv2 X509 read server certificate"; break; + case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: + str="SSLv2 X509 read client certificate"; break; #endif #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ -case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; -case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; -case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; -case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; -case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; -case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; -case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; -case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; -case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; -case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; -case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; -case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; -case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; -case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; -case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; -case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; -case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; -case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; -case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; -case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; -case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; -case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; + case SSL3_ST_CW_CLNT_HELLO_A: + str="SSLv3 write client hello A"; break; + case SSL3_ST_CW_CLNT_HELLO_B: + str="SSLv3 write client hello B"; break; + case SSL3_ST_CR_SRVR_HELLO_A: + str="SSLv3 read server hello A"; break; + case SSL3_ST_CR_SRVR_HELLO_B: + str="SSLv3 read server hello B"; break; + case SSL3_ST_CR_CERT_A: + str="SSLv3 read server certificate A"; break; + case SSL3_ST_CR_CERT_B: + str="SSLv3 read server certificate B"; break; + case SSL3_ST_CR_KEY_EXCH_A: + str="SSLv3 read server key exchange A"; break; + case SSL3_ST_CR_KEY_EXCH_B: + str="SSLv3 read server key exchange B"; break; + case SSL3_ST_CR_CERT_REQ_A: + str="SSLv3 read server certificate request A"; break; + case SSL3_ST_CR_CERT_REQ_B: + str="SSLv3 read server certificate request B"; break; + case SSL3_ST_CR_SESSION_TICKET_A: + str="SSLv3 read server session ticket A";break; + case SSL3_ST_CR_SESSION_TICKET_B: + str="SSLv3 read server session ticket B";break; + case SSL3_ST_CR_SRVR_DONE_A: + str="SSLv3 read server done A"; break; + case SSL3_ST_CR_SRVR_DONE_B: + str="SSLv3 read server done B"; break; + case SSL3_ST_CW_CERT_A: + str="SSLv3 write client certificate A"; break; + case SSL3_ST_CW_CERT_B: + str="SSLv3 write client certificate B"; break; + case SSL3_ST_CW_CERT_C: + str="SSLv3 write client certificate C"; break; + case SSL3_ST_CW_CERT_D: + str="SSLv3 write client certificate D"; break; + case SSL3_ST_CW_KEY_EXCH_A: + str="SSLv3 write client key exchange A"; break; + case SSL3_ST_CW_KEY_EXCH_B: + str="SSLv3 write client key exchange B"; break; + case SSL3_ST_CW_CERT_VRFY_A: + str="SSLv3 write certificate verify A"; break; + case SSL3_ST_CW_CERT_VRFY_B: + str="SSLv3 write certificate verify B"; break; -case SSL3_ST_CW_CHANGE_A: -case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; -case SSL3_ST_CW_CHANGE_B: -case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; -case SSL3_ST_CW_FINISHED_A: -case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; -case SSL3_ST_CW_FINISHED_B: -case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; -case SSL3_ST_CR_CHANGE_A: -case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; -case SSL3_ST_CR_CHANGE_B: -case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; -case SSL3_ST_CR_FINISHED_A: -case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; -case SSL3_ST_CR_FINISHED_B: -case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; + case SSL3_ST_CW_CHANGE_A: + case SSL3_ST_SW_CHANGE_A: + str="SSLv3 write change cipher spec A"; break; + case SSL3_ST_CW_CHANGE_B: + case SSL3_ST_SW_CHANGE_B: + str="SSLv3 write change cipher spec B"; break; + case SSL3_ST_CW_FINISHED_A: + case SSL3_ST_SW_FINISHED_A: + str="SSLv3 write finished A"; break; + case SSL3_ST_CW_FINISHED_B: + case SSL3_ST_SW_FINISHED_B: + str="SSLv3 write finished B"; break; + case SSL3_ST_CR_CHANGE_A: + case SSL3_ST_SR_CHANGE_A: + str="SSLv3 read change cipher spec A"; break; + case SSL3_ST_CR_CHANGE_B: + case SSL3_ST_SR_CHANGE_B: + str="SSLv3 read change cipher spec B"; break; + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_SR_FINISHED_A: + str="SSLv3 read finished A"; break; + case SSL3_ST_CR_FINISHED_B: + case SSL3_ST_SR_FINISHED_B: + str="SSLv3 read finished B"; break; -case SSL3_ST_CW_FLUSH: -case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; + case SSL3_ST_CW_FLUSH: + case SSL3_ST_SW_FLUSH: + str="SSLv3 flush data"; break; -case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; -case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; -case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; -case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; -case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; -case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; -case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; -case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; -case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; -case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; -case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; -case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; -case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; -case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; -case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; -case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; -case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; -case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; -case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; -case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; -case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; -case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; -case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; -case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; + case SSL3_ST_SR_CLNT_HELLO_A: + str="SSLv3 read client hello A"; break; + case SSL3_ST_SR_CLNT_HELLO_B: + str="SSLv3 read client hello B"; break; + case SSL3_ST_SR_CLNT_HELLO_C: + str="SSLv3 read client hello C"; break; + case SSL3_ST_SW_HELLO_REQ_A: + str="SSLv3 write hello request A"; break; + case SSL3_ST_SW_HELLO_REQ_B: + str="SSLv3 write hello request B"; break; + case SSL3_ST_SW_HELLO_REQ_C: + str="SSLv3 write hello request C"; break; + case SSL3_ST_SW_SRVR_HELLO_A: + str="SSLv3 write server hello A"; break; + case SSL3_ST_SW_SRVR_HELLO_B: + str="SSLv3 write server hello B"; break; + case SSL3_ST_SW_CERT_A: + str="SSLv3 write certificate A"; break; + case SSL3_ST_SW_CERT_B: + str="SSLv3 write certificate B"; break; + case SSL3_ST_SW_KEY_EXCH_A: + str="SSLv3 write key exchange A"; break; + case SSL3_ST_SW_KEY_EXCH_B: + str="SSLv3 write key exchange B"; break; + case SSL3_ST_SW_CERT_REQ_A: + str="SSLv3 write certificate request A"; break; + case SSL3_ST_SW_CERT_REQ_B: + str="SSLv3 write certificate request B"; break; + case SSL3_ST_SW_SESSION_TICKET_A: + str="SSLv3 write session ticket A"; break; + case SSL3_ST_SW_SESSION_TICKET_B: + str="SSLv3 write session ticket B"; break; + case SSL3_ST_SW_SRVR_DONE_A: + str="SSLv3 write server done A"; break; + case SSL3_ST_SW_SRVR_DONE_B: + str="SSLv3 write server done B"; break; + case SSL3_ST_SR_CERT_A: + str="SSLv3 read client certificate A"; break; + case SSL3_ST_SR_CERT_B: + str="SSLv3 read client certificate B"; break; + case SSL3_ST_SR_KEY_EXCH_A: + str="SSLv3 read client key exchange A"; break; + case SSL3_ST_SR_KEY_EXCH_B: + str="SSLv3 read client key exchange B"; break; + case SSL3_ST_SR_CERT_VRFY_A: + str="SSLv3 read certificate verify A"; break; + case SSL3_ST_SR_CERT_VRFY_B: + str="SSLv3 read certificate verify B"; break; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ -case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; -case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; -case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; -case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; + case SSL23_ST_CW_CLNT_HELLO_A: + str="SSLv2/v3 write client hello A"; break; + case SSL23_ST_CW_CLNT_HELLO_B: + str="SSLv2/v3 write client hello B"; break; + case SSL23_ST_CR_SRVR_HELLO_A: + str="SSLv2/v3 read server hello A"; break; + case SSL23_ST_CR_SRVR_HELLO_B: + str="SSLv2/v3 read server hello B"; break; /* server */ -case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; -case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; + case SSL23_ST_SR_CLNT_HELLO_A: + str="SSLv2/v3 read client hello A"; break; + case SSL23_ST_SR_CLNT_HELLO_B: + str="SSLv2/v3 read client hello B"; break; #endif /* DTLS */ -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: + str="DTLS1 read hello verify request A"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: + str="DTLS1 read hello verify request B"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: + str="DTLS1 write hello verify request A"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: + str="DTLS1 write hello verify request B"; break; -default: str="unknown state"; break; - } - return(str); + default: + str="unknown state"; break; } + return (str); +} -const char *SSL_rstate_string_long(const SSL *s) - { +const char +*SSL_rstate_string_long(const SSL *s) +{ const char *str; - switch (s->rstate) - { - case SSL_ST_READ_HEADER: str="read header"; break; - case SSL_ST_READ_BODY: str="read body"; break; - case SSL_ST_READ_DONE: str="read done"; break; - default: str="unknown"; break; - } - return(str); + switch (s->rstate) { + case SSL_ST_READ_HEADER: + str="read header"; break; + case SSL_ST_READ_BODY: + str="read body"; break; + case SSL_ST_READ_DONE: + str="read done"; break; + default: + str="unknown"; break; } + return (str); +} -const char *SSL_state_string(const SSL *s) - { +const char +*SSL_state_string(const SSL *s) +{ const char *str; - switch (s->state) - { -case SSL_ST_BEFORE: str="PINIT "; break; -case SSL_ST_ACCEPT: str="AINIT "; break; -case SSL_ST_CONNECT: str="CINIT "; break; -case SSL_ST_OK: str="SSLOK "; break; + switch (s->state) { + case SSL_ST_BEFORE: + str="PINIT "; break; + case SSL_ST_ACCEPT: + str="AINIT "; break; + case SSL_ST_CONNECT: + str="CINIT "; break; + case SSL_ST_OK: + str="SSLOK "; break; #ifndef OPENSSL_NO_SSL2 -case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; -case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; -case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; -case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; -case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; -case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; -case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; -case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; -case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; -case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; -case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; -case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; -case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; -case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; -case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; -case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; -case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; -case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; -case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; -case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; -case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; -case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; -case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; -case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; -case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; -case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; -case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; -case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; -case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; + case SSL2_ST_CLIENT_START_ENCRYPTION: + str="2CSENC"; break; + case SSL2_ST_SERVER_START_ENCRYPTION: + str="2SSENC"; break; + case SSL2_ST_SEND_CLIENT_HELLO_A: + str="2SCH_A"; break; + case SSL2_ST_SEND_CLIENT_HELLO_B: + str="2SCH_B"; break; + case SSL2_ST_GET_SERVER_HELLO_A: + str="2GSH_A"; break; + case SSL2_ST_GET_SERVER_HELLO_B: + str="2GSH_B"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: + str="2SCMKA"; break; + case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: + str="2SCMKB"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_A: + str="2SCF_A"; break; + case SSL2_ST_SEND_CLIENT_FINISHED_B: + str="2SCF_B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: + str="2SCC_A"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: + str="2SCC_B"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: + str="2SCC_C"; break; + case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: + str="2SCC_D"; break; + case SSL2_ST_GET_SERVER_VERIFY_A: + str="2GSV_A"; break; + case SSL2_ST_GET_SERVER_VERIFY_B: + str="2GSV_B"; break; + case SSL2_ST_GET_SERVER_FINISHED_A: + str="2GSF_A"; break; + case SSL2_ST_GET_SERVER_FINISHED_B: + str="2GSF_B"; break; + case SSL2_ST_GET_CLIENT_HELLO_A: + str="2GCH_A"; break; + case SSL2_ST_GET_CLIENT_HELLO_B: + str="2GCH_B"; break; + case SSL2_ST_GET_CLIENT_HELLO_C: + str="2GCH_C"; break; + case SSL2_ST_SEND_SERVER_HELLO_A: + str="2SSH_A"; break; + case SSL2_ST_SEND_SERVER_HELLO_B: + str="2SSH_B"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_A: + str="2GCMKA"; break; + case SSL2_ST_GET_CLIENT_MASTER_KEY_B: + str="2GCMKA"; break; + case SSL2_ST_SEND_SERVER_VERIFY_A: + str="2SSV_A"; break; + case SSL2_ST_SEND_SERVER_VERIFY_B: + str="2SSV_B"; break; + case SSL2_ST_SEND_SERVER_VERIFY_C: + str="2SSV_C"; break; + case SSL2_ST_GET_CLIENT_FINISHED_A: + str="2GCF_A"; break; + case SSL2_ST_GET_CLIENT_FINISHED_B: + str="2GCF_B"; break; + case SSL2_ST_SEND_SERVER_FINISHED_A: + str="2SSF_A"; break; + case SSL2_ST_SEND_SERVER_FINISHED_B: + str="2SSF_B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: + str="2SRC_A"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: + str="2SRC_B"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: + str="2SRC_C"; break; + case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: + str="2SRC_D"; break; + case SSL2_ST_X509_GET_SERVER_CERTIFICATE: + str="2X9GSC"; break; + case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: + str="2X9GCC"; break; #endif #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ -case SSL3_ST_SW_FLUSH: -case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; -case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; -case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; -case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; -case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; -case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; -case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; -case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; -case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; -case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; -case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; -case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; -case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; -case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; -case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; -case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; -case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; -case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; -case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; -case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; -case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; + case SSL3_ST_SW_FLUSH: + case SSL3_ST_CW_FLUSH: + str="3FLUSH"; break; + case SSL3_ST_CW_CLNT_HELLO_A: + str="3WCH_A"; break; + case SSL3_ST_CW_CLNT_HELLO_B: + str="3WCH_B"; break; + case SSL3_ST_CR_SRVR_HELLO_A: + str="3RSH_A"; break; + case SSL3_ST_CR_SRVR_HELLO_B: + str="3RSH_B"; break; + case SSL3_ST_CR_CERT_A: + str="3RSC_A"; break; + case SSL3_ST_CR_CERT_B: + str="3RSC_B"; break; + case SSL3_ST_CR_KEY_EXCH_A: + str="3RSKEA"; break; + case SSL3_ST_CR_KEY_EXCH_B: + str="3RSKEB"; break; + case SSL3_ST_CR_CERT_REQ_A: + str="3RCR_A"; break; + case SSL3_ST_CR_CERT_REQ_B: + str="3RCR_B"; break; + case SSL3_ST_CR_SRVR_DONE_A: + str="3RSD_A"; break; + case SSL3_ST_CR_SRVR_DONE_B: + str="3RSD_B"; break; + case SSL3_ST_CW_CERT_A: + str="3WCC_A"; break; + case SSL3_ST_CW_CERT_B: + str="3WCC_B"; break; + case SSL3_ST_CW_CERT_C: + str="3WCC_C"; break; + case SSL3_ST_CW_CERT_D: + str="3WCC_D"; break; + case SSL3_ST_CW_KEY_EXCH_A: + str="3WCKEA"; break; + case SSL3_ST_CW_KEY_EXCH_B: + str="3WCKEB"; break; + case SSL3_ST_CW_CERT_VRFY_A: + str="3WCV_A"; break; + case SSL3_ST_CW_CERT_VRFY_B: + str="3WCV_B"; break; -case SSL3_ST_SW_CHANGE_A: -case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; -case SSL3_ST_SW_CHANGE_B: -case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; -case SSL3_ST_SW_FINISHED_A: -case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; -case SSL3_ST_SW_FINISHED_B: -case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; -case SSL3_ST_SR_CHANGE_A: -case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; -case SSL3_ST_SR_CHANGE_B: -case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; -case SSL3_ST_SR_FINISHED_A: -case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; -case SSL3_ST_SR_FINISHED_B: -case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; + case SSL3_ST_SW_CHANGE_A: + case SSL3_ST_CW_CHANGE_A: + str="3WCCSA"; break; + case SSL3_ST_SW_CHANGE_B: + case SSL3_ST_CW_CHANGE_B: + str="3WCCSB"; break; + case SSL3_ST_SW_FINISHED_A: + case SSL3_ST_CW_FINISHED_A: + str="3WFINA"; break; + case SSL3_ST_SW_FINISHED_B: + case SSL3_ST_CW_FINISHED_B: + str="3WFINB"; break; + case SSL3_ST_SR_CHANGE_A: + case SSL3_ST_CR_CHANGE_A: + str="3RCCSA"; break; + case SSL3_ST_SR_CHANGE_B: + case SSL3_ST_CR_CHANGE_B: + str="3RCCSB"; break; + case SSL3_ST_SR_FINISHED_A: + case SSL3_ST_CR_FINISHED_A: + str="3RFINA"; break; + case SSL3_ST_SR_FINISHED_B: + case SSL3_ST_CR_FINISHED_B: + str="3RFINB"; break; -case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; -case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; -case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; -case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; -case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; -case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; -case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; -case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; -case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; -case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; -case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; -case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; -case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; -case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; -case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; -case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; -case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; -case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; -case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; -case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; -case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; -case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; + case SSL3_ST_SW_HELLO_REQ_A: + str="3WHR_A"; break; + case SSL3_ST_SW_HELLO_REQ_B: + str="3WHR_B"; break; + case SSL3_ST_SW_HELLO_REQ_C: + str="3WHR_C"; break; + case SSL3_ST_SR_CLNT_HELLO_A: + str="3RCH_A"; break; + case SSL3_ST_SR_CLNT_HELLO_B: + str="3RCH_B"; break; + case SSL3_ST_SR_CLNT_HELLO_C: + str="3RCH_C"; break; + case SSL3_ST_SW_SRVR_HELLO_A: + str="3WSH_A"; break; + case SSL3_ST_SW_SRVR_HELLO_B: + str="3WSH_B"; break; + case SSL3_ST_SW_CERT_A: + str="3WSC_A"; break; + case SSL3_ST_SW_CERT_B: + str="3WSC_B"; break; + case SSL3_ST_SW_KEY_EXCH_A: + str="3WSKEA"; break; + case SSL3_ST_SW_KEY_EXCH_B: + str="3WSKEB"; break; + case SSL3_ST_SW_CERT_REQ_A: + str="3WCR_A"; break; + case SSL3_ST_SW_CERT_REQ_B: + str="3WCR_B"; break; + case SSL3_ST_SW_SRVR_DONE_A: + str="3WSD_A"; break; + case SSL3_ST_SW_SRVR_DONE_B: + str="3WSD_B"; break; + case SSL3_ST_SR_CERT_A: + str="3RCC_A"; break; + case SSL3_ST_SR_CERT_B: + str="3RCC_B"; break; + case SSL3_ST_SR_KEY_EXCH_A: + str="3RCKEA"; break; + case SSL3_ST_SR_KEY_EXCH_B: + str="3RCKEB"; break; + case SSL3_ST_SR_CERT_VRFY_A: + str="3RCV_A"; break; + case SSL3_ST_SR_CERT_VRFY_B: + str="3RCV_B"; break; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ -case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; -case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; -case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; -case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; + case SSL23_ST_CW_CLNT_HELLO_A: + str="23WCHA"; break; + case SSL23_ST_CW_CLNT_HELLO_B: + str="23WCHB"; break; + case SSL23_ST_CR_SRVR_HELLO_A: + str="23RSHA"; break; + case SSL23_ST_CR_SRVR_HELLO_B: + str="23RSHA"; break; /* server */ -case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; -case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; + case SSL23_ST_SR_CLNT_HELLO_A: + str="23RCHA"; break; + case SSL23_ST_SR_CLNT_HELLO_B: + str="23RCHB"; break; #endif /* DTLS */ -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; -case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; -case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: + str="DRCHVA"; break; + case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: + str="DRCHVB"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: + str="DWCHVA"; break; + case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: + str="DWCHVB"; break; -default: str="UNKWN "; break; - } - return(str); + default: + str="UNKWN "; break; } + return (str); +} -const char *SSL_alert_type_string_long(int value) - { +const char +*SSL_alert_type_string_long(int value) +{ value>>=8; if (value == SSL3_AL_WARNING) return("warning"); @@ -397,10 +619,11 @@ const char *SSL_alert_type_string_long(int value) return("fatal"); else return("unknown"); - } +} -const char *SSL_alert_type_string(int value) - { +const char +*SSL_alert_type_string(int value) +{ value>>=8; if (value == SSL3_AL_WARNING) return("W"); @@ -408,55 +631,86 @@ const char *SSL_alert_type_string(int value) return("F"); else return("U"); - } +} -const char *SSL_alert_desc_string(int value) - { +const char +*SSL_alert_desc_string(int value) +{ const char *str; - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; - case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; - case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; - case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; - case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; - case SSL3_AD_NO_CERTIFICATE: str="NC"; break; - case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; - case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; - case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; - case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; - case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; - case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; - case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; - case TLS1_AD_UNKNOWN_CA: str="CA"; break; - case TLS1_AD_ACCESS_DENIED: str="AD"; break; - case TLS1_AD_DECODE_ERROR: str="DE"; break; - case TLS1_AD_DECRYPT_ERROR: str="CY"; break; - case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; - case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; - case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; - case TLS1_AD_INTERNAL_ERROR: str="IE"; break; - case TLS1_AD_USER_CANCELLED: str="US"; break; - case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; - case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; - case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; - default: str="UK"; break; - } - return(str); + switch (value & 0xff) { + case SSL3_AD_CLOSE_NOTIFY: + str="CN"; break; + case SSL3_AD_UNEXPECTED_MESSAGE: + str="UM"; break; + case SSL3_AD_BAD_RECORD_MAC: + str="BM"; break; + case SSL3_AD_DECOMPRESSION_FAILURE: + str="DF"; break; + case SSL3_AD_HANDSHAKE_FAILURE: + str="HF"; break; + case SSL3_AD_NO_CERTIFICATE: + str="NC"; break; + case SSL3_AD_BAD_CERTIFICATE: + str="BC"; break; + case SSL3_AD_UNSUPPORTED_CERTIFICATE: + str="UC"; break; + case SSL3_AD_CERTIFICATE_REVOKED: + str="CR"; break; + case SSL3_AD_CERTIFICATE_EXPIRED: + str="CE"; break; + case SSL3_AD_CERTIFICATE_UNKNOWN: + str="CU"; break; + case SSL3_AD_ILLEGAL_PARAMETER: + str="IP"; break; + case TLS1_AD_DECRYPTION_FAILED: + str="DC"; break; + case TLS1_AD_RECORD_OVERFLOW: + str="RO"; break; + case TLS1_AD_UNKNOWN_CA: + str="CA"; break; + case TLS1_AD_ACCESS_DENIED: + str="AD"; break; + case TLS1_AD_DECODE_ERROR: + str="DE"; break; + case TLS1_AD_DECRYPT_ERROR: + str="CY"; break; + case TLS1_AD_EXPORT_RESTRICTION: + str="ER"; break; + case TLS1_AD_PROTOCOL_VERSION: + str="PV"; break; + case TLS1_AD_INSUFFICIENT_SECURITY: + str="IS"; break; + case TLS1_AD_INTERNAL_ERROR: + str="IE"; break; + case TLS1_AD_USER_CANCELLED: + str="US"; break; + case TLS1_AD_NO_RENEGOTIATION: + str="NR"; break; + case TLS1_AD_UNSUPPORTED_EXTENSION: + str="UE"; break; + case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + str="CO"; break; + case TLS1_AD_UNRECOGNIZED_NAME: + str="UN"; break; + case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + str="BR"; break; + case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + str="BH"; break; + case TLS1_AD_UNKNOWN_PSK_IDENTITY: + str="UP"; break; + default: + str="UK"; break; } + return (str); +} -const char *SSL_alert_desc_string_long(int value) - { +const char +*SSL_alert_desc_string_long(int value) +{ const char *str; - switch (value & 0xff) - { + switch (value & 0xff) { case SSL3_AD_CLOSE_NOTIFY: str="close notify"; break; @@ -547,21 +801,26 @@ const char *SSL_alert_desc_string_long(int value) case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="unknown PSK identity"; break; - default: str="unknown"; break; - } - return(str); + default: + str="unknown"; break; } + return (str); +} -const char *SSL_rstate_string(const SSL *s) - { +const char +*SSL_rstate_string(const SSL *s) +{ const char *str; - switch (s->rstate) - { - case SSL_ST_READ_HEADER:str="RH"; break; - case SSL_ST_READ_BODY: str="RB"; break; - case SSL_ST_READ_DONE: str="RD"; break; - default: str="unknown"; break; - } - return(str); + switch (s->rstate) { + case SSL_ST_READ_HEADER: + str="RH"; break; + case SSL_ST_READ_BODY: + str="RB"; break; + case SSL_ST_READ_DONE: + str="RD"; break; + default: + str="unknown"; break; } + return (str); +} diff --git a/lib/libssl/ssl_txt.c b/lib/libssl/ssl_txt.c index 6479d52c0cc..5186e396ecd 100644 --- a/lib/libssl/ssl_txt.c +++ b/lib/libssl/ssl_txt.c @@ -87,30 +87,33 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) - { +int +SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) +{ BIO *b; int ret; - if ((b=BIO_new(BIO_s_file_internal())) == NULL) - { - SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=SSL_SESSION_print(b,x); - BIO_free(b); - return(ret); + if ((b = BIO_new(BIO_s_file_internal())) == NULL) { + SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); + return (0); } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = SSL_SESSION_print(b, x); + BIO_free(b); + return (ret); +} #endif -int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) - { +int +SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) +{ unsigned int i; const char *s; - if (x == NULL) goto err; - if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; + if (x == NULL) + goto err; + if (BIO_puts(bp, "SSL-Session:\n") + <= 0) goto err; if (x->ssl_version == SSL2_VERSION) s="SSLv2"; else if (x->ssl_version == SSL3_VERSION) @@ -127,122 +130,122 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) s="DTLSv1-bad"; else s="unknown"; - if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; + if (BIO_printf(bp, " Protocol : %s\n", s) + <= 0) goto err; - if (x->cipher == NULL) - { - if (((x->cipher_id) & 0xff000000) == 0x02000000) - { - if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) + if (x->cipher == NULL) { + if (((x->cipher_id) & 0xff000000) == 0x02000000) { + if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) goto err; - } - else - { - if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) + } else { + if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) goto err; - } } - else - { - if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) + } else { + if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) goto err; - } - if (BIO_puts(bp," Session-ID: ") <= 0) goto err; - for (i=0; i<x->session_id_length; i++) - { - if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; - for (i=0; i<x->sid_ctx_length; i++) - { - if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) + } + if (BIO_puts(bp, " Session-ID: ") + <= 0) goto err; + for (i = 0; i < x->session_id_length; i++) { + if (BIO_printf(bp, "%02X", x->session_id[i]) + <= 0) goto err; + } + if (BIO_puts(bp, "\n Session-ID-ctx: ") + <= 0) goto err; + for (i = 0; i < x->sid_ctx_length; i++) { + if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; - for (i=0; i<(unsigned int)x->master_key_length; i++) - { - if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; - } - if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; - if (x->key_arg_length == 0) - { - if (BIO_puts(bp,"None") <= 0) goto err; - } - else - for (i=0; i<x->key_arg_length; i++) - { - if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; - } + } + if (BIO_puts(bp, "\n Master-Key: ") + <= 0) goto err; + for (i = 0; i < (unsigned int)x->master_key_length; i++) { + if (BIO_printf(bp, "%02X", x->master_key[i]) + <= 0) goto err; + } + if (BIO_puts(bp, "\n Key-Arg : ") + <= 0) goto err; + if (x->key_arg_length == 0) { + if (BIO_puts(bp, "None") + <= 0) goto err; + } else + for (i = 0; i < x->key_arg_length; i++) { + if (BIO_printf(bp, "%02X", x->key_arg[i]) + <= 0) goto err; + } #ifndef OPENSSL_NO_KRB5 - if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; - if (x->krb5_client_princ_len == 0) - { - if (BIO_puts(bp,"None") <= 0) goto err; - } - else - for (i=0; i<x->krb5_client_princ_len; i++) - { - if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; - } + if (BIO_puts(bp, "\n Krb5 Principal: ") + <= 0) goto err; + if (x->krb5_client_princ_len == 0) { + if (BIO_puts(bp, "None") + <= 0) goto err; + } else + for (i = 0; i < x->krb5_client_princ_len; i++) { + if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) + <= 0) goto err; + } #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK - if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; - if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; + if (BIO_puts(bp, "\n PSK identity: ") + <= 0) goto err; + if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") + <= 0) goto err; + if (BIO_puts(bp, "\n PSK identity hint: ") + <= 0) goto err; + if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") + <= 0) goto err; #endif #ifndef OPENSSL_NO_SRP - if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err; - if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; + if (BIO_puts(bp, "\n SRP username: ") + <= 0) goto err; + if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") + <= 0) goto err; #endif #ifndef OPENSSL_NO_TLSEXT - if (x->tlsext_tick_lifetime_hint) - { + if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", - x->tlsext_tick_lifetime_hint) <=0) - goto err; - } - if (x->tlsext_tick) - { - if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; + x->tlsext_tick_lifetime_hint) <=0) + goto err; + } + if (x->tlsext_tick) { + if (BIO_puts(bp, "\n TLS session ticket:\n") + <= 0) goto err; if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) goto err; - } + } #endif #ifndef OPENSSL_NO_COMP - if (x->compress_meth != 0) - { + if (x->compress_meth != 0) { SSL_COMP *comp = NULL; - ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); - if (comp == NULL) - { - if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; + ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp); + if (comp == NULL) { + if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) + <= 0) goto err; + } else { + if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0) goto err; } - else - { - if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; - } - } + } #endif - if (x->time != 0L) - { - if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; - } - if (x->timeout != 0L) - { - if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; + if (x->time != 0L) { + if (BIO_printf(bp, "\n Start Time: %ld", x->time) + <= 0) goto err; + } + if (x->timeout != 0L) { + if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; } - if (BIO_puts(bp,"\n") <= 0) goto err; + if (BIO_puts(bp, "\n") + <= 0) goto err; - if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; + if (BIO_puts(bp, " Verify return code: ") + <= 0) goto err; if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; - - return(1); + + return (1); err: - return(0); - } + return (0); +} |