generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

indent has problems with comments that are on the right hand side of a line.

Browse Source 
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Conflicts:
	crypto/ec/ec_lcl.h
	ssl/tls1.h

Conflicts:
	crypto/ec/ecp_nistp224.c
	crypto/evp/evp.h
	ssl/d1_both.c
	ssl/ssl.h
	ssl/ssl_lib.c

Conflicts:
	crypto/bio/bss_file.c
	crypto/ec/ec_lcl.h
	crypto/evp/evp.h
	crypto/store/str_mem.c
	crypto/whrlpool/wp_block.c
	crypto/x509/x509_vfy.h
	ssl/ssl.h
	ssl/ssl3.h
	ssl/ssltest.c
	ssl/t1_lib.c
	ssl/tls1.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell
2015-01-21 11:09:58 +00:00
parent 5ba9d5bb3b
commit c7c7a432df
30 changed files with 421 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/s_client.c
View File

@@ -1464,7 +1464,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
if (peer != NULL)
{
BIO_printf(bio,"Server certificate\n");
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
/* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio,peer);
X509_NAME_oneline(X509_get_subject_name(peer),
buf,sizeof buf);

7
crypto/asn1/a_utctm.c
View File

@@ -291,13 +291,16 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
}
#undef g2
return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
/*
* FIXME: mktime assumes the current timezone
* instead of UTC, and unless we rewrite OpenSSL
* in Lisp we cannot locally change the timezone
* without possibly interfering with other parts
* of the program. timegm, which uses UTC, is
* non-standard.
* Also time_t is inappropriate for general
* UTC times because it may a 32 bit type. */
* UTC times because it may a 32 bit type.
*/
return mktime(&tm)-offset*60;
}
#endif

7
crypto/bio/bss_log.c
View File

@@ -295,8 +295,11 @@ static void xsyslog(BIO *bp, int priority, const char *string)
case LOG_DEBUG:
evtype = EVENTLOG_INFORMATION_TYPE;
break;
default: /* Should never happen, but set it
as error anyway. */
default:
/*
* Should never happen, but set it
* as error anyway.
*/
evtype = EVENTLOG_ERROR_TYPE;
break;
}

16
crypto/bn/bn.h
View File

@@ -245,16 +245,22 @@ extern "C" {
#define BN_FLG_MALLOCED 0x01
#define BN_FLG_STATIC_DATA 0x02
#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing,
/*
* avoid leaking exponent information through timing,
* BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
* BN_div() will call BN_div_no_branch,
* BN_mod_inverse() will call BN_mod_inverse_no_branch.
*/
#define BN_FLG_CONSTTIME 0x04
#ifndef OPENSSL_NO_DEPRECATED
#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
/* avoid leaking exponent information through timings
* (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
#ifdef OPENSSL_NO_DEPRECATED
/* deprecated name for the flag */
#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
/*
* avoid leaking exponent information through timings
* (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime)
*/
#endif
#ifndef OPENSSL_NO_DEPRECATED

7
crypto/bn/bn_lib.c
View File

@@ -355,9 +355,12 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
case 3: A[2]=B[2];
case 2: A[1]=B[1];
case 1: A[0]=B[0];
case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
case 0:
/*
* workaround for ultrix cc: without 'case 0', the optimizer does
* the switch table by doing a=top&3; a--; goto jump_table[a];
* which fails for top== 0 */
* which fails for top== 0
*/
;
}
}

3
crypto/des/read_pwd.c
View File

@@ -75,7 +75,8 @@
#endif
#endif
/* #define SIGACTION */ /* Define this if you have sigaction() */
/* Define this if you have sigaction() */
/* #define SIGACTION */
#ifdef WIN16TTY
#undef OPENSSL_SYS_WIN16

5
crypto/dh/dh.h
View File

@@ -80,13 +80,16 @@
#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
/*
* new with 0.9.7h; the built-in DH
* implementation now uses constant time
* modular exponentiation for secret exponents
* by default. This flag causes the
* faster variable sliding window method to
* be used for all exponents.
*/
#define DH_FLAG_NO_EXP_CONSTTIME 0x02
#ifdef __cplusplus
extern "C" {

21
crypto/ec/ec_lcl.h
View File

@@ -200,19 +200,21 @@ struct ec_group_st {
/* The following members are handled by the method functions,
* even if they appear generic */
BIGNUM field; /* Field specification.
/* Field specification.
* For curves over GF(p), this is the modulus;
* for curves over GF(2^m), this is the
* irreducible polynomial defining the field.
*/
BIGNUM field;
unsigned int poly[5]; /* Field specification for curves over GF(2^m).
/* Field specification for curves over GF(2^m).
* The irreducible f(t) is then of the form:
* t^poly[0] + t^poly[1] + ... + t^poly[k]
* where m = poly[0] > poly[1] > ... > poly[k] = 0.
*/
unsigned int poly[5];
BIGNUM a, b; /* Curve coefficients.
/* Curve coefficients.
* (Here the assumption is that BIGNUMs can be used
* or abused for all kinds of fields, not just GF(p).)
* For characteristic > 3, the curve is defined
@@ -222,12 +224,17 @@ struct ec_group_st {
* an equation of the form
* y^2 + x*y = x^3 + a*x^2 + b.
*/
BIGNUM a, b;
int a_is_minus3; /* enable optimized point arithmetics for special case */
/* enable optimized point arithmetics for special case */
int a_is_minus3;
void *field_data1; /* method-specific (e.g., Montgomery structure) */
void *field_data2; /* method-specific */
int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */
/* method-specific (e.g., Montgomery structure) */
void *field_data1;
/* method-specific */
void *field_data2;
/* method-specific */
int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
} /* EC_GROUP */;
struct ec_key_st {

59
crypto/evp/evp.h
View File

@@ -260,10 +260,11 @@ typedef struct
void *key;
} EVP_MD_SVCTX;
#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
* block */
/* digest can only handle a single block */
#define EVP_MD_FLAG_ONESHOT 0x0001
#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
/* Note if suitable for use in FIPS mode */
#define EVP_MD_FLAG_FIPS 0x0400
#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */
@@ -333,19 +334,33 @@ struct evp_cipher_st
{
int nid;
int block_size;
int key_len; /* Default value for variable length ciphers */
/* Default value for variable length ciphers */
int key_len;
int iv_len;
unsigned long flags; /* Various flags */
/* Various flags */
unsigned long flags;
/* init key */
int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc); /* init key */
const unsigned char *iv, int enc);
/* encrypt/decrypt data */
int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
int ctx_size; /* how big ctx->cipher_data needs to be */
int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
void *app_data; /* Application data */
const unsigned char *in, unsigned int inl);
/* cleanup ctx */
int (*cleanup)(EVP_CIPHER_CTX *);
/* how big ctx->cipher_data needs to be */
int ctx_size;
/* Populate a ASN1_TYPE with parameters */
int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *);
/* Get parameters from a ASN1_TYPE */
int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *);
/* Miscellaneous operations */
int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
/* Application data */
void *app_data;
} /* EVP_CIPHER */;
/* Values for cipher flags */
@@ -420,14 +435,22 @@ struct evp_cipher_ctx_st
typedef struct evp_Encode_Ctx_st
{
int num; /* number saved in a partial encode/decode */
int length; /* The length is either the output line length
/* number saved in a partial encode/decode */
int num;
/* The length is either the output line length
* (in input bytes) or the shortest input line
* length that is ok. Once decoding begins,
* the length is adjusted up each time a longer
* line is decoded */
unsigned char enc_data[80]; /* data to encode */
int line_num; /* number read on current line */
* line is decoded
*/
int length;
/* data to encode */
unsigned char enc_data[80];
/* number read on current line */
int line_num;
int expect_nl;
} EVP_ENCODE_CTX;

3
crypto/rand/rand_win.c
View File

@@ -177,7 +177,8 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
#include <lmcons.h>
#include <lmstats.h>
#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE
#if 1
/* The NET API is Unicode only. It requires the use of the UNICODE
* macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was
* was added to the Platform SDK to allow the NET API to be used in
* non-Unicode applications provided that Unicode strings were still

20
crypto/rsa/rsa.h
View File

@@ -188,7 +188,9 @@ struct rsa_st
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
#endif
#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
/* exponent limit enforced for "large" modulus only */
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
#endif
#define RSA_3 0x3L
@@ -211,12 +213,15 @@ struct rsa_st
*/
#define RSA_FLAG_SIGN_VER 0x0040
#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
/*
* new with 0.9.6j and 0.9.7b; the built-in
* RSA implementation now uses blinding by
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA
#define RSA_FLAG_NO_BLINDING 0x0080
/*
* new with 0.9.8f; the built-in RSA
* implementation now uses constant time
* operations by default in private key operations,
* e.g., constant time modular exponentiation,
@@ -226,15 +231,18 @@ struct rsa_st
* operations and results in faster RSA
* private key operations.
*/
#ifndef OPENSSL_NO_DEPRECATED
#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
/* new with 0.9.7h; the built-in RSA
#define RSA_FLAG_NO_CONSTTIME 0x0100
#ifdef OPENSSL_USE_DEPRECATED
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
* implementation now uses constant time
* modular exponentiation for secret exponents
* by default. This flag causes the
* faster variable sliding window method to
* be used for all exponents.
*/
#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
#endif

3
crypto/rsa/rsa_eay.c
View File

@@ -283,11 +283,12 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
{
/* resort to rsa->mt_blinding instead */
*local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
/* instructs rsa_blinding_convert(), rsa_blinding_invert()
* that the BN_BLINDING is shared, meaning that accesses
* require locks, and that the blinding factor must be
* stored outside the BN_BLINDING
*/
*local = 0;
if (rsa->mt_blinding == NULL)
{

7
crypto/sha/sha.h
View File

@@ -158,9 +158,12 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
* being exactly 64-bit wide. See Implementation Notes in sha512.c
* for further details.
*/
#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
/*
* SHA-512 treats input data as a
* contiguous array of 64 bit
* wide big-endian values. */
* wide big-endian values.
*/
#define SHA512_CBLOCK (SHA_LBLOCK*8)
#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
#define SHA_LONG64 unsigned __int64
#define U64(C) C##UI64

3
crypto/stack/safestack.h
View File

@@ -80,7 +80,8 @@ STACK_OF(type) \
STACK stack; \
};
#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
/* nada (obsolete in new safestack approach)*/
#define IMPLEMENT_STACK_OF(type)
/* SKM_sk_... stack macros are internal to safestack.h:
* never use them directly, use sk_<type>_... instead */

35
crypto/store/str_mem.c
View File

@@ -85,21 +85,34 @@ struct mem_object_data_st
struct mem_data_st
{
STACK *data; /* A stack of mem_object_data_st,
sorted with STORE_ATTR_INFO_compare(). */
unsigned int compute_components : 1; /* Currently unused, but can
be used to add attributes
from parts of the data. */
/*
* A stack of mem_object_data_st,
* sorted with STORE_ATTR_INFO_compare().
*/
STACK *data;
/* Currently unused, but can
* be used to add attributes
* from parts of the data.
*/
unsigned int compute_components : 1;
};
struct mem_ctx_st
{
int type; /* The type we're searching for */
STACK *search_attributes; /* Sets of attributes to search for.
Each element is a STORE_ATTR_INFO. */
int search_index; /* which of the search attributes we found a match
for, -1 when we still haven't found any */
int index; /* -1 as long as we're searching for the first */
/* The type we're searching for */
int type;
/*
* Sets of attributes to search for.
* Each element is a STORE_ATTR_INFO.
*/
STACK *search_attributes;
/*
* which of the search attributes we found a match
* for, -1 when we still haven't found any
*/
int search_index;
/* -1 as long as we're searching for the first */
int index;
};
static int mem_init(STORE *s);

84
crypto/x509/x509_vfy.h
View File

@@ -190,14 +190,22 @@ struct x509_store_st
X509_VERIFY_PARAM *param;
/* Callbacks for various operations */
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
/* called to verify a certificate */
int (*verify)(X509_STORE_CTX *ctx);
/* error callback */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx);
/* get issuers cert from ctx */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
/* check issued */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
/* Check revocation status of chain */
int (*check_revocation)(X509_STORE_CTX *ctx);
/* retrieve CRL */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
/* Check CRL validity */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl);
/* Check certificate against CRL */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
int (*cleanup)(X509_STORE_CTX *ctx);
CRYPTO_EX_DATA ex_data;
@@ -226,42 +234,62 @@ struct x509_lookup_st
struct x509_store_ctx_st /* X509_STORE_CTX */
{
X509_STORE *ctx;
int current_method; /* used when looking up certs */
/* used when looking up certs */
int current_method;
/* The following are set by the caller */
X509 *cert; /* The cert to check */
STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */
/* The cert to check */
X509 *cert;
/* chain of X509s - untrusted - passed in */
STACK_OF(X509) *untrusted;
/* set of CRLs passed in */
STACK_OF(X509_CRL) *crls;
X509_VERIFY_PARAM *param;
void *other_ctx; /* Other info for use with get_issuer() */
/* Other info for use with get_issuer() */
void *other_ctx;
/* Callbacks for various operations */
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
/* called to verify a certificate */
int (*verify)(X509_STORE_CTX *ctx);
/* error callback */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx);
/* get issuers cert from ctx */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
/* check issued */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
/* Check revocation status of chain */
int (*check_revocation)(X509_STORE_CTX *ctx);
/* retrieve CRL */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
/* Check CRL validity */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl);
/* Check certificate against CRL */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
int (*check_policy)(X509_STORE_CTX *ctx);
int (*cleanup)(X509_STORE_CTX *ctx);
/* The following is built up */
int valid; /* if 0, rebuild chain */
int last_untrusted; /* index of last untrusted cert */
STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
X509_POLICY_TREE *tree; /* Valid policy tree */
/* if 0, rebuild chain */
int valid;
/* index of last untrusted cert */
int last_untrusted;
/* chain of X509s - built up and trusted */
STACK_OF(X509) *chain;
/* Valid policy tree */
X509_POLICY_TREE *tree;
int explicit_policy; /* Require explicit policy value */
/* Require explicit policy value */
int explicit_policy;
/* When something goes wrong, this is why */
int error_depth;
int error;
X509 *current_cert;
X509 *current_issuer; /* cert currently being tested as valid issuer */
X509_CRL *current_crl; /* current CRL */
/* cert currently being tested as valid issuer */
X509 *current_issuer;
/* current CRL */
X509_CRL *current_crl;
CRYPTO_EX_DATA ex_data;
} /* X509_STORE_CTX */;

4
crypto/x509/x509type.c
View File

@@ -112,8 +112,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
break;
}
if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
for, not bytes */
/* /8 because it's 1024 bits we look for, not bytes */
if (EVP_PKEY_size(pk) <= 1024/8)
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
return(ret);

4
demos/easy_tls/easy-tls.c
View File

@@ -708,7 +708,9 @@ tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
SSL_CTX_set_verify_depth(ret, a.verify_depth);
if (a.ca_file != NULL) {
r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */
/* does not report failure if file does not exist ... */
/* NULL argument means no CA-directory */
r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL);
if (!r) {
err_pref_1 = " while processing certificate file ";
err_pref_2 = a.ca_file;

7
ms/applink.c
View File

@@ -46,9 +46,12 @@ extern "C" {
__declspec(dllexport)
void **
#if defined(__BORLANDC__)
__stdcall /* __stdcall appears to be the only way to get the name
/*
* __stdcall appears to be the only way to get the name
* decoration right with Borland C. Otherwise it works
* purely incidentally, as we pass no parameters. */
* purely incidentally, as we pass no parameters.
*/
__stdcall
#else
__cdecl
#endif

10
ssl/d1_both.c
View File

@@ -436,10 +436,15 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
again:
i = dtls1_get_message_fragment(s, st1, stn, max, ok);
if ( i == DTLS1_HM_BAD_FRAGMENT ||
i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
i == DTLS1_HM_FRAGMENT_RETRY)
{
/* bad fragment received */
goto again;
}
else if ( i <= 0 && !*ok)
{
return i;
}
p = (unsigned char *)s->init_buf->data;
msg_len = msg_hdr->msg_len;
@@ -1121,7 +1126,8 @@ int dtls1_read_failed(SSL *s, int code)
return code;
}
if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */
/* done, no need to send a retransmit */
if ( ! SSL_in_init(s))
{
BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
return code;

4
ssl/d1_pkt.c
View File

@@ -289,8 +289,8 @@ dtls1_get_buffered_record(SSL *s)
(((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
nothing buffered */
/* if we're not (re)negotiating, nothing buffered */
if ( ! SSL_in_init(s))
return 0;

4
ssl/s23_srvr.c
View File

@@ -232,7 +232,8 @@ end:
int ssl23_get_client_hello(SSL *s)
{
char buf_space[11]; /* Request this many bytes in initial read.
/*-
* Request this many bytes in initial read.
* We can detect SSL 3.0/TLS 1.0 Client Hellos
* ('type == 3') correctly only when the following
* is in a single record, which is not guaranteed by
@@ -245,6 +246,7 @@ int ssl23_get_client_hello(SSL *s)
* 6-8 length > Client Hello message
* 9/10 client_version /
*/
char buf_space[11];
char *buf= &(buf_space[0]);
unsigned char *p,*d,*d_len,*dd;
unsigned int i;

3
ssl/s3_both.c
View File

@@ -214,11 +214,12 @@ int ssl3_get_finished(SSL *s, int a, int b)
* change cipher spec message and is in s->s3->tmp.peer_finish_md
*/
/* 64 argument should actually be 36+4 :-) */
n=s->method->ssl_get_message(s,
a,
b,
SSL3_MT_FINISHED,
64, /* should actually be 36+4 :-) */
64,
&ok);
if (!ok) return((int)n);

90
ssl/ssl.h
View File

@@ -773,7 +773,8 @@ struct ssl_ctx_st
int verify_mode;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
/* called 'verify_callback' in the SSL */
int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
@@ -885,22 +886,28 @@ struct ssl_st
* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
*/
int version;
int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
/* SSL_ST_CONNECT or SSL_ST_ACCEPT */
int type;
SSL_METHOD *method; /* SSLv3 */
/* SSLv3 */
SSL_METHOD *method;
/* There are 2 BIO's even though they are normally both the
* same. This is so data can be read and written to different
* handlers */
#ifndef OPENSSL_NO_BIO
BIO *rbio; /* used by SSL_read */
BIO *wbio; /* used by SSL_write */
BIO *bbio; /* used during session-id reuse to concatenate
* messages */
/* used by SSL_read */
BIO *rbio;
/* used by SSL_write */
BIO *wbio;
/* used during session-id reuse to concatenate messages */
BIO *bbio;
#else
char *rbio; /* used by SSL_read */
char *wbio; /* used by SSL_write */
/* used by SSL_read */
char *rbio;
/* used by SSL_write */
char *wbio;
char *bbio;
#endif
/* This holds a variable that indicates what we were doing
@@ -921,19 +928,26 @@ struct ssl_st
* test instead of an "init" member.
*/
int server; /* are we the server side? - mostly used by SSL_clear*/
/* are we the server side? - mostly used by SSL_clear*/
int server;
int new_session;/* 1 if we are to use a new session.
/*
* 1 if we are to use a new session.
* 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest)
* NB: For servers, the 'new' session may actually be a previously
* cached session or even the previous session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
int quiet_shutdown;/* don't send shutdown packets */
int shutdown; /* we have shut things down, 0x01 sent, 0x02
* for received */
int state; /* where we are */
int rstate; /* where we are when reading */
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
*/
int new_session;
/* don't send shutdown packets */
int quiet_shutdown;
/* we have shut things down, 0x01 sent, 0x02 for received */
int shutdown;
/* where we are */
int state;
/* where we are when reading */
int rstate;
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
@@ -1005,17 +1019,25 @@ struct ssl_st
GEN_SESSION_CB generate_session_id;
/* Used in SSL2 and SSL3 */
int verify_mode; /* 0 don't care about verify failure.
* 1 fail if verify fails */
int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
/*
* 0 don't care about verify failure.
* 1 fail if verify fails
*/
int verify_mode;
/* fail if callback returns 0 */
int (*verify_callback)(int ok,X509_STORE_CTX *ctx);
void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
/* optional informational callback */
void (*info_callback)(const SSL *ssl,int type,int val);
int error; /* error bytes to be written */
int error_code; /* actual code */
/* error bytes to be written */
int error;
/* actual code */
int error_code;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
/* Kerberos 5 context */
KSSL_CTX *kssl_ctx;
#endif /* OPENSSL_NO_KRB5 */
SSL_CTX *ctx;
@@ -1031,12 +1053,14 @@ struct ssl_st
STACK_OF(X509_NAME) *client_CA;
int references;
unsigned long options; /* protocol behaviour */
unsigned long mode; /* API behaviour */
/* protocol behaviour */
unsigned long options;
/* API behaviour */
unsigned long mode;
long max_cert_list;
int first_packet;
int client_version; /* what was passed, used for
* SSLv3/TLS rollback check */
/* what was passed, used for SSLv3/TLS rollback check */
int client_version;
#ifndef OPENSSL_NO_TLSEXT
/* TLS extension debug callback */
void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
@@ -1044,11 +1068,13 @@ struct ssl_st
void *arg);
void *tlsext_debug_arg;
char *tlsext_hostname;
int servername_done; /* no further mod of servername
0 : call the servername extension callback.
1 : prepare 2, allow last ack just after in server callback.
2 : don't call servername callback, no ack in server hello
/*-
* no further mod of servername
* 0 : call the servername extension callback.
* 1 : prepare 2, allow last ack just after in server callback.
* 2 : don't call servername callback, no ack in server hello
*/
int servername_done;
/* certificate status request info */
/* Status type or -1 if no status type */
int tlsext_status_type;

37
ssl/ssl3.h
View File

@@ -301,23 +301,34 @@ extern "C" {
typedef struct ssl3_record_st
{
/*r */ int type; /* type of record */
/*rw*/ unsigned int length; /* How many bytes available */
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */
/* type of record */
/*r */ int type;
/* How many bytes available */
/*rw*/ unsigned int length;
/* read/write offset into 'buf' */
/*r */ unsigned int off;
/* pointer to the record data */
/*rw*/ unsigned char *data;
/* where the decode bytes are */
/*rw*/ unsigned char *input;
/* only used with decompression - malloc()ed */
/*r */ unsigned char *comp;
/* epoch number, needed by DTLS1 */
/*r */ unsigned long epoch;
/* sequence number, needed by DTLS1 */
/*r */ PQ_64BIT seq_num;
} SSL3_RECORD;
typedef struct ssl3_buffer_st
{
unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
* see ssl3_setup_buffers() */
size_t len; /* buffer size */
int offset; /* where to 'copy from' */
int left; /* how many bytes left */
/* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
unsigned char *buf;
/* buffer size */
size_t len;
/* where to 'copy from' */
int offset;
/* how many bytes left */
int left;
} SSL3_BUFFER;
#define SSL3_CT_RSA_SIGN 1

13
ssl/ssl_lib.c
View File

@@ -172,10 +172,15 @@ int SSL_clear(SSL *s)
s->hit=0;
s->shutdown=0;
#if 0 /* Disabled since version 1.10 of this file (early return not
* needed because SSL_clear is not called when doing renegotiation) */
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
#if 0
/*
* Disabled since version 1.10 of this file (early return not
* needed because SSL_clear is not called when doing renegotiation)
*/
/*
* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-)
*/
if (s->new_session) return(1);
#else
if (s->new_session)

7
ssl/ssl_locl.h
View File

@@ -420,9 +420,12 @@ typedef struct cert_pkey_st
typedef struct cert_st
{
/* Current active set */
CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
/*
* ALWAYS points to an element of the pkeys array
* Probably it would make more sense to store
* an index, not a pointer. */
* an index, not a pointer.
*/
CERT_PKEY *key;
/* The following masks are for the key and auth
* algorithms that are supported by the certs below */

12
ssl/ssl_sess.c
View File

@@ -772,9 +772,11 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
if ((s->next == NULL) || (s->prev == NULL)) return;
if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
{ /* last element in list */
{
/* last element in list */
if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
{ /* only one element in list */
{
/* only one element in list */
ctx->session_cache_head=NULL;
ctx->session_cache_tail=NULL;
}
@@ -787,12 +789,14 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
else
{
if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
{ /* first element in list */
{
/* first element in list */
ctx->session_cache_head=s->next;
s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
}
else
{ /* middle of list */
{
/* middle of list */
s->next->prev=s->prev;
s->prev->next=s->next;
}

18
ssl/ssltest.c
View File

@@ -114,8 +114,8 @@
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
on Linux and GNU platforms. */
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
#define _BSD_SOURCE 1
#include <assert.h>
#include <errno.h>
@@ -128,8 +128,8 @@
#define USE_SOCKETS
#include "e_os.h"
#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
VMS (at least with DECompHP C). */
/* Or isascii won't be declared properly on VMS (at least with DECompHP C). */
#define _XOPEN_SOURCE 500
#include <ctype.h>
#include <openssl/bio.h>
@@ -154,11 +154,13 @@
#endif
#include <openssl/bn.h>
#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
on Compaq platforms (at least with DEC C).
Do not try to put it earlier, or IPv6 includes
get screwed...
/*
* Or gethostname won't be declared properly
* on Compaq platforms (at least with DEC C).
* Do not try to put it earlier, or IPv6 includes
* get screwed...
*/
#define _XOPEN_SOURCE_EXTENDED 1
#ifdef OPENSSL_SYS_WINDOWS
#include <winsock.h>