QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-06 22:49:40 +00:00
Code Issues Projects Releases Wiki Activity

Fix some style issues identified during review

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2016-11-21 12:10:35 +00:00
parent c805f6189e
commit f5ca0b04bb
5 changed files with 44 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/s_server.c
View File

@ -451,16 +451,16 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg)
/* Structure passed to cert status callback */
typedef struct tlsextstatusctx_st {
int timeout;
/* File to load OCSP Response from (or NULL if no file) */
char *respin;
/* Default responder to use */
char *host, *path, *port;
int use_ssl;
int timeout;
int verbose;
} tlsextstatusctx;
static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, NULL, 0, -1, 0 };
static tlsextstatusctx tlscstatp = { -1 };
#ifndef OPENSSL_NO_OCSP
@ -553,7 +553,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
err:
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
done:
if (aia) {
if (aia != NULL) {
OPENSSL_free(host);
OPENSSL_free(path);
OPENSSL_free(port);
@ -589,7 +589,7 @@ static int cert_status_cb(SSL *s, void *arg)
}
resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
BIO_free(derbio);
if (!resp) {
if (resp == NULL) {
BIO_puts(bio_err, "cert_status: Error reading OCSP response\n");
goto err;
}

7
ssl/statem/statem_clnt.c
View File

@ -144,7 +144,8 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
st->hand_state = TLS_ST_CR_CERT_REQ;
return 1;
} else if (mt == SSL3_MT_CERTIFICATE) {
}
if (mt == SSL3_MT_CERTIFICATE) {
st->hand_state = TLS_ST_CR_CERT;
return 1;
}
@ -200,7 +201,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
* Note that after a ClientHello we don't know what version we are going
* to negotiate yet, so we don't take this branch until later
*/
if (s->method->version == TLS1_3_VERSION) {
if (SSL_IS_TLS13(s)) {
if (!ossl_statem_client13_read_transition(s, mt))
goto err;
return 1;
@ -414,7 +415,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
* version we are going to negotiate yet, so we don't take this branch until
* later
*/
if (s->method->version == TLS1_3_VERSION)
if (SSL_IS_TLS13(s))
return ossl_statem_client13_write_transition(s);
switch (st->hand_state) {

10
ssl/statem/statem_srvr.c
View File

@ -150,7 +150,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
{
OSSL_STATEM *st = &s->statem;
if (s->method->version == TLS1_3_VERSION) {
if (SSL_IS_TLS13(s)) {
if (!ossl_statem_server13_read_transition(s, mt))
goto err;
return 1;
@ -422,10 +422,8 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
return WRITE_TRAN_CONTINUE;
case TLS_ST_SW_CERT:
if (s->tlsext_status_expected)
st->hand_state = TLS_ST_SW_CERT_STATUS;
else
st->hand_state = TLS_ST_SW_FINISHED;
st->hand_state = s->tlsext_status_expected ? TLS_ST_SW_CERT_STATUS
: TLS_ST_SW_FINISHED;
return WRITE_TRAN_CONTINUE;
case TLS_ST_SW_CERT_STATUS:
@ -455,7 +453,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
* to negotiate yet, so we don't take this branch until later
*/
if (s->method->version == TLS1_3_VERSION)
if (SSL_IS_TLS13(s))
return ossl_statem_server13_write_transition(s);
switch (st->hand_state) {

2
ssl/t1_lib.c
View File

@ -943,7 +943,7 @@ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op)
static int tls_use_ticket(SSL *s)
{
if (s->options & SSL_OP_NO_TICKET || SSL_IS_TLS13(s))
if ((s->options & SSL_OP_NO_TICKET) || SSL_IS_TLS13(s))
return 0;
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
}

74
ssl/tls13_enc.c
View File

@ -17,16 +17,11 @@
/* Always filled with zeros */
static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
static const unsigned char keylabel[] = "key";
static const unsigned char ivlabel[] = "iv";
static const unsigned char finishedlabel[] = "finished";
/*
* Given a |secret|; a |label| of length |labellen|; and a |hash| of the
* handshake messages, derive a new secret |outlen| bytes long and store it in
* the location pointed to be |out|. The |hash| value may be NULL.
*
* Returns 1 on success 0 on failure.
* the location pointed to be |out|. The |hash| value may be NULL. Returns 1 on
* success 0 on failure.
*/
static int tls13_hkdf_expand(SSL *s, const unsigned char *secret,
const unsigned char *label, size_t labellen,
@ -82,9 +77,8 @@ static int tls13_hkdf_expand(SSL *s, const unsigned char *secret,
/*
* Given a input secret |insecret| and a |label| of length |labellen|, derive a
* new |secret|. This will be the length of the current hash output size and
* will be based on the current state of the handshake hashes.
*
* Returns 1 on success 0 on failure.
* will be based on the current state of the handshake hashes. Returns 1 on
* success 0 on failure.
*/
int tls13_derive_secret(SSL *s, const unsigned char *insecret,
const unsigned char *label, size_t labellen,
@ -104,25 +98,27 @@ int tls13_derive_secret(SSL *s, const unsigned char *insecret,
}
/*
* Given a |secret| generate a |key| of length |keylen| bytes.
*
* Returns 1 on success 0 on failure.
* Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on
* success 0 on failure.
*/
int tls13_derive_key(SSL *s, const unsigned char *secret, unsigned char *key,
size_t keylen)
{
static const unsigned char keylabel[] = "key";
return tls13_hkdf_expand(s, secret, keylabel, sizeof(keylabel) - 1, NULL,
key, keylen);
}
/*
* Given a |secret| generate an |iv| of length |ivlen| bytes.
*
* Returns 1 on success 0 on failure.
* Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on
* success 0 on failure.
*/
int tls13_derive_iv(SSL *s, const unsigned char *secret, unsigned char *iv,
size_t ivlen)
{
static const unsigned char ivlabel[] = "iv";
return tls13_hkdf_expand(s, secret, ivlabel, sizeof(ivlabel) - 1, NULL,
iv, ivlen);
}
@ -130,6 +126,8 @@ int tls13_derive_iv(SSL *s, const unsigned char *secret, unsigned char *iv,
static int tls13_derive_finishedkey(SSL *s, const unsigned char *secret,
unsigned char *fin, size_t finlen)
{
static const unsigned char finishedlabel[] = "finished";
return tls13_hkdf_expand(s, secret, finishedlabel,
sizeof(finishedlabel) - 1, NULL, fin, finlen);
}
@ -137,9 +135,7 @@ static int tls13_derive_finishedkey(SSL *s, const unsigned char *secret,
/*
* Given the previous secret |prevsecret| and a new input secret |insecret| of
* length |insecretlen|, generate a new secret and store it in the location
* pointed to by |outsecret|.
*
* Returns 1 on success 0 on failure.
* pointed to by |outsecret|. Returns 1 on success 0 on failure.
*/
static int tls13_generate_secret(SSL *s, const unsigned char *prevsecret,
const unsigned char *insecret,
@ -183,9 +179,7 @@ static int tls13_generate_secret(SSL *s, const unsigned char *prevsecret,
/*
* Given an input secret |insecret| of length |insecretlen| generate the early
* secret.
*
* Returns 1 on success 0 on failure.
* secret. Returns 1 on success 0 on failure.
*/
int tls13_generate_early_secret(SSL *s, const unsigned char *insecret,
size_t insecretlen)
@ -197,9 +191,7 @@ int tls13_generate_early_secret(SSL *s, const unsigned char *insecret,
/*
* Given an input secret |insecret| of length |insecretlen| generate the
* handshake secret. This requires the early secret to already have been
* generated.
*
* Returns 1 on success 0 on failure.
* generated. Returns 1 on success 0 on failure.
*/
int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
size_t insecretlen)
@ -210,9 +202,8 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
/*
* Given the handshake secret |prev| of length |prevlen| generate the master
* secret and store its length in |*secret_size|
*
* Returns 1 on success 0 on failure.
* secret and store its length in |*secret_size|. Returns 1 on success 0 on
* failure.
*/
int tls13_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *prev, size_t prevlen,
@ -223,9 +214,8 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out,
}
/*
* Generates the mac for the Finished message.
*
* Returns the length of the MAC or 0 on error.
* Generates the mac for the Finished message. Returns the length of the MAC or
* 0 on error.
*/
size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *out)
@ -262,9 +252,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
/*
* There isn't really a key block in TLSv1.3, but we still need this function
* for initialising the cipher and hash.
*
* Returns 1 on success or 0 on failure.
* for initialising the cipher and hash. Returns 1 on success or 0 on failure.
*/
int tls13_setup_key_block(SSL *s)
{
@ -285,17 +273,16 @@ int tls13_setup_key_block(SSL *s)
return 1;
}
const unsigned char client_handshake_traffic[] =
"client handshake traffic secret";
const unsigned char client_application_traffic[] =
"client application traffic secret";
const unsigned char server_handshake_traffic[] =
"server handshake traffic secret";
const unsigned char server_application_traffic[] =
"server application traffic secret";
int tls13_change_cipher_state(SSL *s, int which)
{
static const unsigned char client_handshake_traffic[] =
"client handshake traffic secret";
static const unsigned char client_application_traffic[] =
"client application traffic secret";
static const unsigned char server_handshake_traffic[] =
"server handshake traffic secret";
static const unsigned char server_application_traffic[] =
"server application traffic secret";
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char secret[EVP_MAX_MD_SIZE];
@ -396,6 +383,7 @@ int tls13_change_cipher_state(SSL *s, int which)
}
} else if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) {
int taglen;
if (s->s3->tmp.new_cipher->algorithm_enc
& (SSL_AES128CCM8 | SSL_AES256CCM8))
taglen = 8;