From e9add063b50e8a460d5636055156d2760c2fe29f Mon Sep 17 00:00:00 2001 From: Scott Deboy Date: Tue, 4 Feb 2014 13:08:43 -0800 Subject: [PATCH] Re-add alert variables removed during rebase Whitespace fixes --- apps/s_client.c | 40 +++++++-------- apps/s_server.c | 40 +++++++-------- ssl/s23_clnt.c | 5 +- ssl/s3_clnt.c | 53 ++++++++++--------- ssl/s3_lib.c | 12 ++--- ssl/s3_srvr.c | 29 ++++++----- ssl/ssl.h | 32 ++++++------ ssl/ssl_rsa.c | 90 ++++++++++++++++----------------- ssl/ssltest.c | 132 ++++++++++++++++++++++++------------------------ ssl/t1_lib.c | 62 +++++++++++------------ 10 files changed, 250 insertions(+), 245 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 95c62a7248..236dbd31fc 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -236,22 +236,22 @@ static int server_provided_client_authz = 0; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg); + const unsigned char **out, unsigned short *outlen, + int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); #endif #ifndef OPENSSL_NO_PSK @@ -2439,9 +2439,9 @@ static int ocsp_resp_cb(SSL *s, void *arg) } static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) server_provided_server_authz @@ -2455,8 +2455,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type, } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg) + const unsigned char **out, unsigned short *outlen, + int *al, void *arg) { if (c_auth) { @@ -2474,9 +2474,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, } static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { @@ -2487,8 +2487,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type, } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (c_auth && server_provided_client_authz && server_provided_server_authz) { diff --git a/apps/s_server.c b/apps/s_server.c index 29969200b6..47fa2f361e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -331,22 +331,22 @@ static int cert_chain = 0; #ifndef OPENSSL_NO_TLSEXT static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg); + const unsigned char **out, unsigned short *outlen, + int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; @@ -3585,9 +3585,9 @@ static void free_sessions(void) #ifndef OPENSSL_NO_TLSEXT static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) client_provided_server_authz @@ -3601,8 +3601,8 @@ static int authz_tlsext_cb(SSL *s, unsigned short ext_type, } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg) + const unsigned char **out, unsigned short *outlen, + int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { @@ -3621,9 +3621,9 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, } static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { @@ -3634,8 +3634,8 @@ static int suppdata_cb(SSL *s, unsigned short supp_data_type, } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 452a19c171..60a028430d 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -299,6 +299,7 @@ static int ssl23_client_hello(SSL *s) unsigned long l; int ssl2_compat; int version = 0, version_major, version_minor; + int al = 0; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; @@ -553,9 +554,9 @@ static int ssl23_client_hello(SSL *s) SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); return -1; } - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) { - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s,SSL3_AL_FATAL,al); SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index eccfcc3dca..0b9c84d3bf 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -689,6 +689,7 @@ int ssl3_client_hello(SSL *s) unsigned char *p,*d; int i; unsigned long l; + int al = 0; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; @@ -891,9 +892,9 @@ int ssl3_client_hello(SSL *s) SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); goto err; } - if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) { - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s,SSL3_AL_FATAL,al); SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); goto err; } @@ -3623,7 +3624,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) #ifndef OPENSSL_NO_TLSEXT int tls1_send_client_supplemental_data(SSL *s, int *skip) { - int al = 0; + int al = 0; if (s->ctx->cli_supp_data_records_count) { unsigned char *p = NULL; @@ -3643,20 +3644,20 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip) if (!record->fn2) continue; cb_retval = record->fn2(s, record->supp_data_type, - &out, &outlen, &al, - record->arg); + &out, &outlen, &al, + record->arg); if (cb_retval == -1) continue; /* skip this supp data entry */ if (cb_retval == 0) { SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - goto f_err; + goto f_err; } if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) { SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); return 0; - } + } /* if first entry, write handshake message type */ if (length == 0) { @@ -3668,11 +3669,11 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip) p = (unsigned char *)s->init_buf->data; *(p++) = SSL3_MT_SUPPLEMENTAL_DATA; /* update message length when all - * callbacks complete */ + * callbacks complete */ size_loc = p; /* skip over handshake length field (3 - * bytes) and supp_data length field - * (3 bytes) */ + * bytes) and supp_data length field + * (3 bytes) */ p += 3 + 3; length += 1 +3 +3; } @@ -3706,10 +3707,10 @@ int tls1_send_client_supplemental_data(SSL *s, int *skip) s->init_off = 0; return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return 0; -} + f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return 0; + } int tls1_get_server_supplemental_data(SSL *s) { @@ -3724,12 +3725,12 @@ int tls1_get_server_supplemental_data(SSL *s) int cb_retval = 0; n=s->method->ssl_get_message(s, - SSL3_ST_CR_SUPPLEMENTAL_DATA_A, - SSL3_ST_CR_SUPPLEMENTAL_DATA_B, - SSL3_MT_SUPPLEMENTAL_DATA, - /* use default limit */ - TLSEXT_MAXLEN_supplemental_data, - &ok); + SSL3_ST_CR_SUPPLEMENTAL_DATA_A, + SSL3_ST_CR_SUPPLEMENTAL_DATA_B, + SSL3_MT_SUPPLEMENTAL_DATA, + /* use default limit */ + TLSEXT_MAXLEN_supplemental_data, + &ok); if (!ok) return((int)n); @@ -3750,9 +3751,11 @@ int tls1_get_server_supplemental_data(SSL *s) /* if there is a callback for this supp data type, send it */ for (i=0; i < s->ctx->cli_supp_data_records_count; i++) { - if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1) + if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && + s->ctx->cli_supp_data_records[i].fn1) { - cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg); + cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p, + supp_data_entry_len, &al, s->ctx->cli_supp_data_records[i].arg); if (cb_retval == 0) { SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB); @@ -3763,8 +3766,8 @@ int tls1_get_server_supplemental_data(SSL *s) p += supp_data_entry_len; } return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return -1; + f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return -1; } #endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 31074f264a..d97082e241 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s) SSL_SRP_CTX_free(s); #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); + if (s->s3->serverinfo_client_tlsext_custom_types != NULL) + OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); #endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); @@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s) } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) + if (s->s3->serverinfo_client_tlsext_custom_types != NULL) { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; + OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); + s->s3->serverinfo_client_tlsext_custom_types = NULL; } - s->s3->serverinfo_client_tlsext_custom_types_count = 0; + s->s3->serverinfo_client_tlsext_custom_types_count = 0; #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 54266fb6da..1e2f251693 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1504,7 +1504,8 @@ int ssl3_send_server_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,sl,al; + int i,sl; + int al = 0; unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) @@ -1574,9 +1575,9 @@ int ssl3_send_server_hello(SSL *s) SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); return -1; } - if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) + if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, &al)) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); + ssl3_send_alert(s, SSL3_AL_FATAL, al); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); return -1; } @@ -3704,7 +3705,7 @@ int ssl3_get_next_proto(SSL *s) int tls1_send_server_supplemental_data(SSL *s, int *skip) { - int al = 0; + int al = 0; if (s->ctx->srv_supp_data_records_count) { unsigned char *p = NULL; @@ -3724,14 +3725,14 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip) if (!record->fn1) continue; cb_retval = record->fn1(s, record->supp_data_type, - &out, &outlen, &al, + &out, &outlen, &al, record->arg); if (cb_retval == -1) continue; /* skip this supp data entry */ if (cb_retval == 0) { SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - goto f_err; + goto f_err; } if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) { @@ -3794,8 +3795,8 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip) s->init_off = 0; return 1; f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return 0; + ssl3_send_alert(s,SSL3_AL_FATAL,al); + return 0; } int tls1_get_client_supplemental_data(SSL *s) @@ -3811,12 +3812,12 @@ int tls1_get_client_supplemental_data(SSL *s) size_t i = 0; n=s->method->ssl_get_message(s, - SSL3_ST_SR_SUPPLEMENTAL_DATA_A, - SSL3_ST_SR_SUPPLEMENTAL_DATA_B, - SSL3_MT_SUPPLEMENTAL_DATA, - /* use default limit */ - TLSEXT_MAXLEN_supplemental_data, - &ok); + SSL3_ST_SR_SUPPLEMENTAL_DATA_A, + SSL3_ST_SR_SUPPLEMENTAL_DATA_B, + SSL3_MT_SUPPLEMENTAL_DATA, + /* use default limit */ + TLSEXT_MAXLEN_supplemental_data, + &ok); if (!ok) return((int)n); diff --git a/ssl/ssl.h b/ssl/ssl.h index ede930e3d2..210a3895af 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -410,19 +410,19 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S */ typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + unsigned short *outlen, int *al, void *arg); typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef struct { unsigned short ext_type; @@ -460,20 +460,20 @@ typedef struct { * fatal TLS alert, if the callback returns zero. */ typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef struct { unsigned short supp_data_type; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 063eea5ecb..799210f5e2 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -844,71 +844,71 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, } static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { - size_t i = 0; + size_t i = 0; if (inlen != 0) { *al = SSL_AD_DECODE_ERROR; return 0; } - //if already in list, error out - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - s->s3->serverinfo_client_tlsext_custom_types_count++; - s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( - s->s3->serverinfo_client_tlsext_custom_types, - s->s3->serverinfo_client_tlsext_custom_types_count * 2); - if (s->s3->serverinfo_client_tlsext_custom_types == NULL) - { - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->s3->serverinfo_client_tlsext_custom_types[ - s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; + //if already in list, error out + for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) + { + if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + } + s->s3->serverinfo_client_tlsext_custom_types_count++; + s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( + s->s3->serverinfo_client_tlsext_custom_types, + s->s3->serverinfo_client_tlsext_custom_types_count * 2); + if (s->s3->serverinfo_client_tlsext_custom_types == NULL) + { + s->s3->serverinfo_client_tlsext_custom_types_count = 0; + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->s3->serverinfo_client_tlsext_custom_types[ + s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; return 1; } static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg) + const unsigned char **out, unsigned short *outlen, + int *al, void *arg) { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; - size_t i = 0; - unsigned int match = 0; - /* Did the client send a TLS extension for this type? */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - match = 1; - break; - } - } - if (!match) - { - //extension not sent by client...don't send extension - return -1; - } + size_t i = 0; + unsigned int match = 0; + /* Did the client send a TLS extension for this type? */ + for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) + { + if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) + { + match = 1; + break; + } + } + if (!match) + { + //extension not sent by client...don't send extension + return -1; + } /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, - &serverinfo_length)) != 0) + &serverinfo_length)) != 0) { /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, - ext_type, out, outlen); + ext_type, out, outlen); if (retval == 0) return 0; /* Error */ if (retval == -1) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index abdb1b893f..036e2c43b3 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -563,8 +563,8 @@ static int verify_serverinfo() */ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_0) custom_ext_error = 1; @@ -572,17 +572,17 @@ static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { custom_ext_error = 1; /* Shouldn't be called */ return 0; } static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -592,17 +592,17 @@ static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { custom_ext_error = 1; /* Shouldn't be called */ return 0; } static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -612,9 +612,9 @@ static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -624,8 +624,8 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -635,9 +635,9 @@ static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -650,9 +650,9 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, //custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { custom_ext_error = 1; return 0; /* Shouldn't be called */ @@ -660,16 +660,16 @@ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, //'generate' callbacks are always called, even if the 'receive' callback isn't called static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; /* Don't send an extension */ } static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -682,16 +682,16 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; /* Don't send an extension */ } static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -704,8 +704,8 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = NULL; *outlen = 0; @@ -713,9 +713,9 @@ static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -728,8 +728,8 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, } static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = (const unsigned char*)custom_ext_srv_string; *outlen = strlen(custom_ext_srv_string); @@ -737,8 +737,8 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, } static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = (const unsigned char*)supp_data_0_string; *outlen = strlen(supp_data_0_string); @@ -748,9 +748,9 @@ static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) suppdata_error = 1; @@ -764,34 +764,34 @@ static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; } static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; } static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; } static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) suppdata_error = 1; @@ -805,8 +805,8 @@ static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { *out = (const unsigned char*)supp_data_0_string; *outlen = strlen(supp_data_0_string); @@ -816,25 +816,25 @@ static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, } static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; } static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) + const unsigned char **out, + unsigned short *outlen, int *al, void *arg) { return -1; } static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { suppdata_error = 1; return 1; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 0354e70d89..8e2d6b1897 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1453,8 +1453,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha { int cb_retval = 0; cb_retval = record->fn1(s, record->ext_type, - &out, &outlen, al, - record->arg); + &out, &outlen, al, + record->arg); if (cb_retval == 0) return NULL; /* error */ if (cb_retval == -1) @@ -1513,8 +1513,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha { int extdatalen=0; unsigned char *ret = p; - size_t i; - custom_srv_ext_record *record; + size_t i; + custom_srv_ext_record *record; #ifndef OPENSSL_NO_NEXTPROTONEG int next_proto_neg_seen; #endif @@ -1698,29 +1698,29 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha } #endif - for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++) + for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++) { - record = &s->ctx->custom_srv_ext_records[i]; - const unsigned char *out = NULL; - unsigned short outlen = 0; - int cb_retval = 0; - - /* NULL callback or -1 omits extension */ - if (!record->fn2) - break; - cb_retval = record->fn2(s, record->ext_type, - &out, &outlen, al, - record->arg); - if (cb_retval == 0) - return NULL; /* error */ - if (cb_retval == -1) - break; /* skip this extension */ - if (limit < ret + 4 + outlen) - return NULL; - s2n(record->ext_type, ret); - s2n(outlen, ret); - memcpy(ret, out, outlen); - ret += outlen; + record = &s->ctx->custom_srv_ext_records[i]; + const unsigned char *out = NULL; + unsigned short outlen = 0; + int cb_retval = 0; + + /* NULL callback or -1 omits extension */ + if (!record->fn2) + break; + cb_retval = record->fn2(s, record->ext_type, + &out, &outlen, al, + record->arg); + if (cb_retval == 0) + return NULL; /* error */ + if (cb_retval == -1) + break; /* skip this extension */ + if (limit < ret + 4 + outlen) + return NULL; + s2n(record->ext_type, ret); + s2n(outlen, ret); + memcpy(ret, out, outlen); + ret += outlen; } #ifdef TLSEXT_TYPE_encrypt_then_mac if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) @@ -1935,12 +1935,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } /* Clear observed custom extensions */ - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) + s->s3->serverinfo_client_tlsext_custom_types_count = 0; + if (s->s3->serverinfo_client_tlsext_custom_types != NULL) { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } + OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); + s->s3->serverinfo_client_tlsext_custom_types = NULL; + } #ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | -- 2.40.0